def test_revoked_cert_should_return_False_from_validate(self):
revoked_crl_filename = os.path.join(self.tempdir, "revoked.crl")
tls.create_ca(self.ca_name)
tls.create_csr(
ca_name=self.ca_name,
CN="testing.bad.localhost",
)
tls.create_ca_signed_cert(
ca_name=self.ca_name,
CN="testing.bad.localhost",
)
tls.create_empty_crl(
ca_name=self.ca_name,
crl_file=revoked_crl_filename,
)
tls.revoke_cert(
ca_name=self.ca_name,
CN="testing.bad.localhost",
crl_file=revoked_crl_filename,
)
self.assertFalse(
tls.validate(
cert=os.path.join(
self.tempdir,
self.ca_name,
"certs",
"testing.bad.localhost.crt",
),
ca_name=self.ca_name,
crl_file=revoked_crl_filename,
)["valid"])
def test_validating_revoked_cert_with_no_crl_file_should_return_False(
self):
revoked_crl_filename = None
tls.create_ca(self.ca_name)
tls.create_csr(
ca_name=self.ca_name,
CN='testing.bad.localhost',
)
tls.create_ca_signed_cert(
ca_name=self.ca_name,
CN='testing.bad.localhost',
)
tls.create_empty_crl(
ca_name=self.ca_name,
crl_file=revoked_crl_filename,
)
tls.revoke_cert(
ca_name=self.ca_name,
CN='testing.bad.localhost',
crl_file=revoked_crl_filename,
)
self.assertFalse(
tls.validate(
cert=os.path.join(
self.tempdir,
self.ca_name,
'certs',
'testing.bad.localhost.crt',
),
ca_name=self.ca_name,
crl_file=revoked_crl_filename,
)['valid'])