def test_invalid_signature(self):
resp = OCSPResponse(resp_sig_sha1)
cert = X509()
cert.parseBinary(cert_sig_sha1)
old_sig = resp.signature
resp.signature = bytearray([0])
self.assertNotEqual(resp.signature, old_sig)
with self.assertRaises(ValueError) as ctx:
resp.verify_signature(cert.publicKey)
self.assertTrue("Signature could not be verified for sha1" in str(ctx.exception))
def test_invalid_signature(self):
resp = OCSPResponse(resp_sig_sha1)
cert = X509()
cert.parseBinary(cert_sig_sha1)
old_sig = resp.signature
resp.signature = bytearray([0])
self.assertNotEqual(resp.signature, old_sig)
with self.assertRaises(ValueError) as ctx:
resp.verify_signature(cert.publicKey)
self.assertTrue(
"Signature could not be verified for sha1" in str(ctx.exception))
def test_signature(self):
resp = OCSPResponse(resp_OK)
self.assertEqual(
bytearray([
0, 155, 245, 236, 104, 50, 168, 180, 30, 1, 17, 165, 12, 249,
208, 100, 5, 234, 227, 182, 10, 206, 201, 197, 230, 163, 119,
85, 210, 121, 249, 216, 250, 85, 86, 102, 230, 229, 82, 179,
208, 77, 208, 104, 228, 254, 85, 140, 184, 5, 246, 184, 24,
204, 143, 30, 179, 188, 240, 20, 184, 79, 119, 50, 230, 162,
207, 18, 167, 147, 163, 12, 61, 51, 228, 208, 234, 161, 26,
146, 25, 12, 68, 43, 179, 144, 227, 192, 113, 240, 74, 15, 181,
87, 207, 7, 140, 43, 242, 209, 219, 38, 218, 48, 104, 182, 12,
228, 155, 117, 53, 249, 178, 179, 214, 173, 212, 127, 174, 171,
227, 92, 172, 219, 236, 251, 129, 208, 16, 198, 71, 80, 201,
60, 242, 79, 48, 31, 119, 15, 125, 212, 2, 96, 149, 100, 221,
246, 145, 157, 12, 132, 144, 0, 17, 95, 86, 45, 171, 98, 198,
18, 218, 10, 247, 137, 201, 78, 92, 51, 250, 72, 73, 14, 216,
178, 190, 14, 223, 114, 80, 91, 126, 227, 59, 44, 133, 93, 150,
40, 15, 4, 95, 55, 243, 140, 178, 237, 111, 45, 137, 244, 104,
195, 243, 110, 48, 59, 248, 6, 0, 199, 32, 14, 136, 228, 243,
210, 51, 144, 153, 140, 105, 185, 186, 190, 138, 137, 175, 203,
42, 251, 188, 105, 188, 63, 223, 88, 127, 185, 246, 71, 221,
35, 100, 229, 116, 97, 237, 208, 212, 126, 199, 12, 217, 196,
167
]), resp.signature)
def test_resp_id(self):
resp = OCSPResponse(resp_OK)
self.assertEqual(
bytearray([
4, 20, 156, 77, 0, 153, 0, 14, 139, 176, 1, 129, 117, 161, 186,
240, 208, 37, 215, 160, 28, 71
]), resp.resp_id)
def test_verify_cert_match_sha512(self):
resp = OCSPResponse(resps_sha512)
self.assertGreater(len(resp.responses), 0)
for singleResp in resp.responses:
verified = singleResp.verify_cert_match(self.server_cert,
self.issuer_cert)
self.assertTrue(verified)
def test___init__(self):
resp = OCSPResponse(resp_OK)
singleRespList = resp.responses
singleRespCnt = len(singleRespList)
for i in range(singleRespCnt):
singleResp = resp.responses[i]
self.assertEqual(bytearray(), singleResp.cert_status)
def test_nonextupdate(self):
resp = OCSPResponse(resp_nonext)
singleRespList = resp.responses
singleRespCnt = len(singleRespList)
for i in range(singleRespCnt):
singleResp = resp.responses[i]
self.assertEqual(bytearray(), singleResp.cert_status)
self.assertEqual(None, singleResp.next_update)
def test_certs(self):
resp = OCSPResponse(resp_OK)
self.assertGreater(len(resp.certs), 0)
cert = resp.certs[0] # checking only first certificate
self.assertIsInstance(cert, bytearray)
x509 = X509()
x509.parseBinary(cert)
self.assertIsInstance(x509, X509)
def test_verify_cert_match_incorrect_server_cert(self):
resp = OCSPResponse(resps)
self.assertGreater(len(resp.responses), 0)
# redefine server cert object
self.server_cert.parseBinary(other_server_cert)
for singleResp in resp.responses:
with self.assertRaises(ValueError) as ctx:
verified = singleResp.verify_cert_match(
self.server_cert, self.issuer_cert)
self.assertEqual("Could not verify certificate serial number",
str(ctx.exception))
def test_verify_signature_sha256(self):
resp = OCSPResponse(resp_sig_sha256)
cert = X509()
cert.parseBinary(cert_sig_sha256)
self.assertTrue(resp.verify_signature(cert.publicKey))
def test_produced_at(self):
resp = OCSPResponse(resp_OK)
self.assertEqual(bytearray(b"20171113135112Z"), resp.produced_at)
def test_certs(self):
resp = OCSPResponse(resp_OK)
self.assertGreater(len(resp.certs), 0)
cert = resp.certs[0] # checking only first certificate
self.assertIsInstance(cert, X509)
def test_type_id_pkix_ocsp_basic(self):
resp = OCSPResponse(resp_OK)
self.assertEqual(bytearray([43, 6, 1, 5, 5, 7, 48, 1, 1]),
resp.resp_type)
def test_unauthorized(self):
resp = OCSPResponse(resp_unauthorized)
self.assertEqual(OCSPRespStatus.unauthorized, resp.resp_status)
def test_sigrequired(self):
resp = OCSPResponse(resp_sigreq)
self.assertEqual(OCSPRespStatus.sigRequired, resp.resp_status)
def test_trylater(self):
resp = OCSPResponse(resp_trylater)
self.assertEqual(OCSPRespStatus.tryLater, resp.resp_status)
def test_internalerror(self):
resp = OCSPResponse(resp_internal)
self.assertEqual(OCSPRespStatus.internalError, resp.resp_status)
def test_malformedrequest(self):
resp = OCSPResponse(resp_malformed)
self.assertEqual(OCSPRespStatus.malformedRequest, resp.resp_status)
def test___init__(self):
resp = OCSPResponse(resp_OK)
self.assertEqual(OCSPRespStatus.successful, resp.resp_status)
def test_certs_signature(self):
resp = OCSPResponse(resp_OK)
self.assertGreater(len(resp.certs), 0)
cert = resp.certs[0] # checking only first certificate
self.assertIsInstance(cert, X509)
self.assertTrue(resp.verify_signature(resp.certs[0].publicKey))
def test_single_responses(self):
resp = OCSPResponse(resp_OK)
self.assertGreater(len(resp.responses), 0)
for singleResp in resp.responses:
self.assertEqual(bytearray(), singleResp.cert_status)
def test_nonextupdate(self):
resp = OCSPResponse(resp_nonext)
self.assertGreater(len(resp.responses), 0)
for singleResp in resp.responses:
self.assertEqual(bytearray(), singleResp.cert_status)
self.assertEqual(None, singleResp.next_update)
def test_signature_alg(self):
resp = OCSPResponse(resp_OK)
self.assertEqual(bytearray([42, 134, 72, 134, 247, 13, 1, 1, 11]),
resp.signature_alg)
def test_certs_signature(self):
resp = OCSPResponse(resp_OK)
self.assertGreater(len(resp.certs), 0)
cert = resp.certs[0] # checking only first certificate
self.assertIsInstance(cert, X509)
self.assertTrue(resp.verify_signature(resp.certs[0].publicKey))
def test_verify_signature_sha256(self):
resp = OCSPResponse(resp_sig_sha256)
cert = X509()
cert.parseBinary(cert_sig_sha256)
self.assertTrue(resp.verify_signature(cert.publicKey))
