diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2019-01-10 15:37:03 -0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2019-01-10 18:37:03 -0500 |
| commit | 60f264b0f293bfded7a0b4395715669d355a6185 (patch) | |
| tree | a8fdf4f17f20115063e557eebf36b0f9dd1b7a63 /tests/x509 | |
| parent | 90a557764542f2d939a8b0a61c74b299870fca6c (diff) | |
| download | cryptography-60f264b0f293bfded7a0b4395715669d355a6185.tar.gz cryptography-60f264b0f293bfded7a0b4395715669d355a6185.tar.bz2 cryptography-60f264b0f293bfded7a0b4395715669d355a6185.zip | |
add signature_hash_algorithm to OCSPResponse (#4681)
* add signature_hash_algorithm to OCSPResponse
* fix pointless asserts
Diffstat (limited to 'tests/x509')
| -rw-r--r-- | tests/x509/test_ocsp.py | 50 |
1 files changed, 32 insertions, 18 deletions
diff --git a/tests/x509/test_ocsp.py b/tests/x509/test_ocsp.py index fad48dab..3abaff50 100644 --- a/tests/x509/test_ocsp.py +++ b/tests/x509/test_ocsp.py @@ -583,6 +583,7 @@ class TestOCSPResponse(object): assert resp.response_status == ocsp.OCSPResponseStatus.SUCCESSFUL assert (resp.signature_algorithm_oid == x509.SignatureAlgorithmOID.RSA_WITH_SHA256) + assert isinstance(resp.signature_hash_algorithm, hashes.SHA256) assert resp.signature == base64.b64decode( b"I9KUlyLV/2LbNCVu1BQphxdNlU/jBzXsPYVscPjW5E93pCrSO84GkIWoOJtqsnt" b"78DLcQPnF3W24NXGzSGKlSWfXIsyoXCxnBm0mIbD5ZMnKyXEnqSR33Z9He/A+ML" @@ -602,7 +603,7 @@ class TestOCSPResponse(object): resp.signature, resp.tbs_response_bytes, PKCS1v15(), - hashes.SHA256() + resp.signature_hash_algorithm ) assert resp.certificates == [] assert resp.responder_key_hash is None @@ -630,39 +631,41 @@ class TestOCSPResponse(object): ) assert resp.response_status == ocsp.OCSPResponseStatus.UNAUTHORIZED with pytest.raises(ValueError): - assert resp.signature_algorithm_oid + resp.signature_algorithm_oid with pytest.raises(ValueError): - assert resp.signature + resp.signature_hash_algorithm with pytest.raises(ValueError): - assert resp.tbs_response_bytes + resp.signature with pytest.raises(ValueError): - assert resp.certificates + resp.tbs_response_bytes with pytest.raises(ValueError): - assert resp.responder_key_hash + resp.certificates with pytest.raises(ValueError): - assert resp.responder_name + resp.responder_key_hash with pytest.raises(ValueError): - assert resp.produced_at + resp.responder_name with pytest.raises(ValueError): - assert resp.certificate_status + resp.produced_at with pytest.raises(ValueError): - assert resp.revocation_time + resp.certificate_status with pytest.raises(ValueError): - assert resp.revocation_reason + resp.revocation_time with pytest.raises(ValueError): - assert resp.this_update + resp.revocation_reason with pytest.raises(ValueError): - assert resp.next_update + resp.this_update with pytest.raises(ValueError): - assert resp.issuer_key_hash + resp.next_update with pytest.raises(ValueError): - assert resp.issuer_name_hash + resp.issuer_key_hash with pytest.raises(ValueError): - assert resp.hash_algorithm + resp.issuer_name_hash with pytest.raises(ValueError): - assert resp.serial_number + resp.hash_algorithm with pytest.raises(ValueError): - assert resp.extensions + resp.serial_number + with pytest.raises(ValueError): + resp.extensions def test_load_revoked(self): resp = _load_data( @@ -684,6 +687,17 @@ class TestOCSPResponse(object): assert isinstance(resp.certificates[0], x509.Certificate) assert resp.certificate_status == ocsp.OCSPCertStatus.UNKNOWN + def test_load_invalid_signature_oid(self): + resp = _load_data( + os.path.join("x509", "ocsp", "resp-invalid-signature-oid.der"), + ocsp.load_der_ocsp_response, + ) + assert resp.signature_algorithm_oid == x509.ObjectIdentifier( + "1.2.840.113549.1.1.2" + ) + with pytest.raises(UnsupportedAlgorithm): + resp.signature_hash_algorithm + def test_load_responder_key_hash(self): resp = _load_data( os.path.join("x509", "ocsp", "resp-responder-key-hash.der"), |