Пример #1
0
def test_missing_ocsp_extension():
    """edellroot.badssl.com is missing the OCSP extensions"""

    func_name: str = "extract_ocsp_url"

    host = "edellroot.badssl.com"
    port = 443
    cert_chain = get_certificate_chain(host, port)
    error = f"{func_name}: Certificate Authority Information Access (AIA) Extension Missing. Possible MITM Proxy."

    with pytest.raises(Exception) as excinfo:
        extract_ocsp_url(cert_chain)

    assert str(excinfo.value) == error
Пример #2
0
def test_extract_ocsp_url_success():
    """test a successful extract_ocsp_url function invocation"""

    host = "github.com"
    port = 443
    cert_chain = get_certificate_chain(host, port)
    ocsp_url = extract_ocsp_url(cert_chain)

    assert ocsp_url == "http://ocsp.digicert.com"
Пример #3
0
def test_extract_ocsp_result_success():
    """test an unsuccessful extract_ocsp_result function invocation"""

    cert_chain = get_certificate_chain("github.com", 443)
    ocsp_url = extract_ocsp_url(cert_chain)
    ocsp_request = build_ocsp_request(cert_chain)
    ocsp_response = get_ocsp_response(ocsp_url, ocsp_request)

    ocsp_result = extract_ocsp_result(ocsp_response)

    assert ocsp_result == "OCSP Status: GOOD"
Пример #4
0
def test_get_ocsp_response_success():
    """test an successful get_ocsp_response function invocation"""

    cert_chain = get_certificate_chain("github.com", 443)
    ocsp_url = extract_ocsp_url(cert_chain)
    ocsp_request = build_ocsp_request(cert_chain)

    ocsp_response = get_ocsp_response(ocsp_url, ocsp_request)

    for header in ocsp_response.headers:
        if "application/ocsp-response" in ocsp_response.headers[header]:
            # There may be a better way to do this, but this proves we got a response
            # from the OCSP server
            assert True