def test_invalid_signature(self): resp = OCSPResponse(resp_sig_sha1) cert = X509() cert.parseBinary(cert_sig_sha1) old_sig = resp.signature resp.signature = bytearray([0]) self.assertNotEqual(resp.signature, old_sig) with self.assertRaises(ValueError) as ctx: resp.verify_signature(cert.publicKey) self.assertTrue("Signature could not be verified for sha1" in str(ctx.exception))
def test_invalid_signature(self): resp = OCSPResponse(resp_sig_sha1) cert = X509() cert.parseBinary(cert_sig_sha1) old_sig = resp.signature resp.signature = bytearray([0]) self.assertNotEqual(resp.signature, old_sig) with self.assertRaises(ValueError) as ctx: resp.verify_signature(cert.publicKey) self.assertTrue( "Signature could not be verified for sha1" in str(ctx.exception))
def test_signature(self): resp = OCSPResponse(resp_OK) self.assertEqual( bytearray([ 0, 155, 245, 236, 104, 50, 168, 180, 30, 1, 17, 165, 12, 249, 208, 100, 5, 234, 227, 182, 10, 206, 201, 197, 230, 163, 119, 85, 210, 121, 249, 216, 250, 85, 86, 102, 230, 229, 82, 179, 208, 77, 208, 104, 228, 254, 85, 140, 184, 5, 246, 184, 24, 204, 143, 30, 179, 188, 240, 20, 184, 79, 119, 50, 230, 162, 207, 18, 167, 147, 163, 12, 61, 51, 228, 208, 234, 161, 26, 146, 25, 12, 68, 43, 179, 144, 227, 192, 113, 240, 74, 15, 181, 87, 207, 7, 140, 43, 242, 209, 219, 38, 218, 48, 104, 182, 12, 228, 155, 117, 53, 249, 178, 179, 214, 173, 212, 127, 174, 171, 227, 92, 172, 219, 236, 251, 129, 208, 16, 198, 71, 80, 201, 60, 242, 79, 48, 31, 119, 15, 125, 212, 2, 96, 149, 100, 221, 246, 145, 157, 12, 132, 144, 0, 17, 95, 86, 45, 171, 98, 198, 18, 218, 10, 247, 137, 201, 78, 92, 51, 250, 72, 73, 14, 216, 178, 190, 14, 223, 114, 80, 91, 126, 227, 59, 44, 133, 93, 150, 40, 15, 4, 95, 55, 243, 140, 178, 237, 111, 45, 137, 244, 104, 195, 243, 110, 48, 59, 248, 6, 0, 199, 32, 14, 136, 228, 243, 210, 51, 144, 153, 140, 105, 185, 186, 190, 138, 137, 175, 203, 42, 251, 188, 105, 188, 63, 223, 88, 127, 185, 246, 71, 221, 35, 100, 229, 116, 97, 237, 208, 212, 126, 199, 12, 217, 196, 167 ]), resp.signature)
def test_resp_id(self): resp = OCSPResponse(resp_OK) self.assertEqual( bytearray([ 4, 20, 156, 77, 0, 153, 0, 14, 139, 176, 1, 129, 117, 161, 186, 240, 208, 37, 215, 160, 28, 71 ]), resp.resp_id)
def test_verify_cert_match_sha512(self): resp = OCSPResponse(resps_sha512) self.assertGreater(len(resp.responses), 0) for singleResp in resp.responses: verified = singleResp.verify_cert_match(self.server_cert, self.issuer_cert) self.assertTrue(verified)
def test___init__(self): resp = OCSPResponse(resp_OK) singleRespList = resp.responses singleRespCnt = len(singleRespList) for i in range(singleRespCnt): singleResp = resp.responses[i] self.assertEqual(bytearray(), singleResp.cert_status)
def test_nonextupdate(self): resp = OCSPResponse(resp_nonext) singleRespList = resp.responses singleRespCnt = len(singleRespList) for i in range(singleRespCnt): singleResp = resp.responses[i] self.assertEqual(bytearray(), singleResp.cert_status) self.assertEqual(None, singleResp.next_update)
def test_certs(self): resp = OCSPResponse(resp_OK) self.assertGreater(len(resp.certs), 0) cert = resp.certs[0] # checking only first certificate self.assertIsInstance(cert, bytearray) x509 = X509() x509.parseBinary(cert) self.assertIsInstance(x509, X509)
def test_verify_cert_match_incorrect_server_cert(self): resp = OCSPResponse(resps) self.assertGreater(len(resp.responses), 0) # redefine server cert object self.server_cert.parseBinary(other_server_cert) for singleResp in resp.responses: with self.assertRaises(ValueError) as ctx: verified = singleResp.verify_cert_match( self.server_cert, self.issuer_cert) self.assertEqual("Could not verify certificate serial number", str(ctx.exception))
def test_verify_signature_sha256(self): resp = OCSPResponse(resp_sig_sha256) cert = X509() cert.parseBinary(cert_sig_sha256) self.assertTrue(resp.verify_signature(cert.publicKey))
def test_produced_at(self): resp = OCSPResponse(resp_OK) self.assertEqual(bytearray(b"20171113135112Z"), resp.produced_at)
def test_certs(self): resp = OCSPResponse(resp_OK) self.assertGreater(len(resp.certs), 0) cert = resp.certs[0] # checking only first certificate self.assertIsInstance(cert, X509)
def test_type_id_pkix_ocsp_basic(self): resp = OCSPResponse(resp_OK) self.assertEqual(bytearray([43, 6, 1, 5, 5, 7, 48, 1, 1]), resp.resp_type)
def test_unauthorized(self): resp = OCSPResponse(resp_unauthorized) self.assertEqual(OCSPRespStatus.unauthorized, resp.resp_status)
def test_sigrequired(self): resp = OCSPResponse(resp_sigreq) self.assertEqual(OCSPRespStatus.sigRequired, resp.resp_status)
def test_trylater(self): resp = OCSPResponse(resp_trylater) self.assertEqual(OCSPRespStatus.tryLater, resp.resp_status)
def test_internalerror(self): resp = OCSPResponse(resp_internal) self.assertEqual(OCSPRespStatus.internalError, resp.resp_status)
def test_malformedrequest(self): resp = OCSPResponse(resp_malformed) self.assertEqual(OCSPRespStatus.malformedRequest, resp.resp_status)
def test___init__(self): resp = OCSPResponse(resp_OK) self.assertEqual(OCSPRespStatus.successful, resp.resp_status)
def test_certs_signature(self): resp = OCSPResponse(resp_OK) self.assertGreater(len(resp.certs), 0) cert = resp.certs[0] # checking only first certificate self.assertIsInstance(cert, X509) self.assertTrue(resp.verify_signature(resp.certs[0].publicKey))
def test_single_responses(self): resp = OCSPResponse(resp_OK) self.assertGreater(len(resp.responses), 0) for singleResp in resp.responses: self.assertEqual(bytearray(), singleResp.cert_status)
def test_nonextupdate(self): resp = OCSPResponse(resp_nonext) self.assertGreater(len(resp.responses), 0) for singleResp in resp.responses: self.assertEqual(bytearray(), singleResp.cert_status) self.assertEqual(None, singleResp.next_update)
def test_signature_alg(self): resp = OCSPResponse(resp_OK) self.assertEqual(bytearray([42, 134, 72, 134, 247, 13, 1, 1, 11]), resp.signature_alg)