From 0f629bbdbb7ff595bffe43209490cc2647763fd3 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 31 Aug 2018 10:47:56 -0400 Subject: refactor ocsp request parsing and generation to support only one cert (#4439) * refactor ocsp request parsing and generation to support only one cert * small doc change * notimplementederror --- tests/x509/test_ocsp.py | 94 +++++++++++++------------------------------------ 1 file changed, 25 insertions(+), 69 deletions(-) (limited to 'tests/x509/test_ocsp.py') diff --git a/tests/x509/test_ocsp.py b/tests/x509/test_ocsp.py index 709ef6f4..3e6ac9cd 100644 --- a/tests/x509/test_ocsp.py +++ b/tests/x509/test_ocsp.py @@ -46,64 +46,26 @@ class TestOCSPRequest(object): with pytest.raises(ValueError): ocsp.load_der_ocsp_request(b"invalid") - def test_load_request_one_item(self): + def test_load_request(self): req = _load_data( os.path.join("x509", "ocsp", "req-sha1.der"), ocsp.load_der_ocsp_request, ) - assert len(req) == 1 - assert req[0].issuer_name_hash == (b"8\xcaF\x8c\x07D\x8d\xf4\x81\x96" - b"\xc7mmLpQ\x9e`\xa7\xbd") - assert req[0].issuer_key_hash == (b"yu\xbb\x84:\xcb,\xdez\t\xbe1" - b"\x1bC\xbc\x1c*MSX") - assert isinstance(req[0].hash_algorithm, hashes.SHA1) - assert req[0].serial_number == int( + assert req.issuer_name_hash == (b"8\xcaF\x8c\x07D\x8d\xf4\x81\x96" + b"\xc7mmLpQ\x9e`\xa7\xbd") + assert req.issuer_key_hash == (b"yu\xbb\x84:\xcb,\xdez\t\xbe1" + b"\x1bC\xbc\x1c*MSX") + assert isinstance(req.hash_algorithm, hashes.SHA1) + assert req.serial_number == int( "98D9E5C0B4C373552DF77C5D0F1EB5128E4945F9", 16 ) - def test_load_request_multiple_items(self): - req = _load_data( - os.path.join("x509", "ocsp", "req-multi-sha1.der"), - ocsp.load_der_ocsp_request, - ) - assert len(req) == 2 - assert req[0].issuer_name_hash == (b"8\xcaF\x8c\x07D\x8d\xf4\x81\x96" - b"\xc7mmLpQ\x9e`\xa7\xbd") - assert req[0].issuer_key_hash == (b"yu\xbb\x84:\xcb,\xdez\t\xbe1" - b"\x1bC\xbc\x1c*MSX") - assert isinstance(req[0].hash_algorithm, hashes.SHA1) - assert req[0].serial_number == int( - "98D9E5C0B4C373552DF77C5D0F1EB5128E4945F9", 16 - ) - assert req[1].issuer_name_hash == (b"8\xcaF\x8c\x07D\x8d\xf4\x81\x96" - b"\xc7mmLpQ\x9e`\xa7\xbd") - assert req[1].issuer_key_hash == (b"yu\xbb\x84:\xcb,\xdez\t\xbe1" - b"\x1bC\xbc\x1c*MSX") - assert isinstance(req[1].hash_algorithm, hashes.SHA1) - assert req[1].serial_number == int( - "98D9E5C0B4C373552DF77C5D0F1EB5128E4945F0", 16 - ) - - def test_iter(self): - req = _load_data( - os.path.join("x509", "ocsp", "req-multi-sha1.der"), - ocsp.load_der_ocsp_request, - ) - for request in req: - assert isinstance(request, ocsp.Request) - - def test_indexing_ocsp_request(self): - req = _load_data( - os.path.join("x509", "ocsp", "req-multi-sha1.der"), - ocsp.load_der_ocsp_request, - ) - assert req[1].serial_number == req[-1].serial_number - assert len(req[0:2]) == 2 - assert req[1:2][0].serial_number == int( - "98D9E5C0B4C373552DF77C5D0F1EB5128E4945F0", 16 - ) - with pytest.raises(IndexError): - req[10] + def test_load_request_two_requests(self): + with pytest.raises(NotImplementedError): + _load_data( + os.path.join("x509", "ocsp", "req-multi-sha1.der"), + ocsp.load_der_ocsp_request, + ) def test_invalid_hash_algorithm(self): req = _load_data( @@ -111,7 +73,7 @@ class TestOCSPRequest(object): ocsp.load_der_ocsp_request, ) with pytest.raises(UnsupportedAlgorithm): - req[0].hash_algorithm + req.hash_algorithm def test_serialize_request(self): req_bytes = load_vectors_from_file( @@ -134,6 +96,13 @@ class TestOCSPRequest(object): class TestOCSPRequestBuilder(object): + def test_add_two_certs(self): + cert, issuer = _cert_and_issuer() + builder = ocsp.OCSPRequestBuilder() + builder = builder.add_certificate(cert, issuer, hashes.SHA1()) + with pytest.raises(ValueError): + builder.add_certificate(cert, issuer, hashes.SHA1()) + def test_create_ocsp_request_no_req(self): builder = ocsp.OCSPRequestBuilder() with pytest.raises(ValueError): @@ -143,37 +112,24 @@ class TestOCSPRequestBuilder(object): cert, issuer = _cert_and_issuer() builder = ocsp.OCSPRequestBuilder() with pytest.raises(ValueError): - builder.add_request(cert, issuer, hashes.MD5()) + builder.add_certificate(cert, issuer, hashes.MD5()) def test_create_ocsp_request_invalid_cert(self): cert, issuer = _cert_and_issuer() builder = ocsp.OCSPRequestBuilder() with pytest.raises(TypeError): - builder.add_request(b"notacert", issuer, hashes.SHA1()) + builder.add_certificate(b"notacert", issuer, hashes.SHA1()) with pytest.raises(TypeError): - builder.add_request(cert, b"notacert", hashes.SHA1()) + builder.add_certificate(cert, b"notacert", hashes.SHA1()) def test_create_ocsp_request(self): cert, issuer = _cert_and_issuer() builder = ocsp.OCSPRequestBuilder() - builder = builder.add_request(cert, issuer, hashes.SHA1()) + builder = builder.add_certificate(cert, issuer, hashes.SHA1()) req = builder.build() serialized = req.public_bytes(serialization.Encoding.DER) assert serialized == base64.b64decode( b"MEMwQTA/MD0wOzAJBgUrDgMCGgUABBRAC0Z68eay0wmDug1gfn5ZN0gkxAQUw5zz" b"/NNGCDS7zkZ/oHxb8+IIy1kCAj8g" ) - - def test_create_ocsp_request_two_reqs(self): - builder = ocsp.OCSPRequestBuilder() - cert, issuer = _cert_and_issuer() - builder = builder.add_request(cert, issuer, hashes.SHA1()) - builder = builder.add_request(cert, issuer, hashes.SHA1()) - req = builder.build() - serialized = req.public_bytes(serialization.Encoding.DER) - assert serialized == base64.b64decode( - b"MIGDMIGAMH4wPTA7MAkGBSsOAwIaBQAEFEALRnrx5rLTCYO6DWB+flk3SCTEBBTD" - b"nPP800YINLvORn+gfFvz4gjLWQICPyAwPTA7MAkGBSsOAwIaBQAEFEALRnrx5rLT" - b"CYO6DWB+flk3SCTEBBTDnPP800YINLvORn+gfFvz4gjLWQICPyA=" - ) -- cgit v1.2.3