From b8db66811158ea2222c866173dd6c772f93c74f1 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 7 Oct 2018 03:44:30 +0800
Subject: add OCSP basic response extension parsing (#4479)

* add OCSP basic response extension parsing

Just nonce for now. This does not support SINGLERESP extension parsing.

* also raises on extensions for non-successful

* empty commit
---
 tests/x509/test_ocsp.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'tests/x509/test_ocsp.py')

diff --git a/tests/x509/test_ocsp.py b/tests/x509/test_ocsp.py
index aeaa6e6c..0d98ac29 100644
--- a/tests/x509/test_ocsp.py
+++ b/tests/x509/test_ocsp.py
@@ -207,6 +207,7 @@ class TestOCSPResponse(object):
         )
         assert isinstance(resp.hash_algorithm, hashes.SHA1)
         assert resp.serial_number == 271024907440004808294641238224534273948400
+        assert len(resp.extensions) == 0
 
     def test_load_unauthorized(self):
         resp = _load_data(
@@ -246,6 +247,8 @@ class TestOCSPResponse(object):
             assert resp.hash_algorithm
         with pytest.raises(ValueError):
             assert resp.serial_number
+        with pytest.raises(ValueError):
+            assert resp.extensions
 
     def test_load_revoked(self):
         resp = _load_data(
@@ -283,3 +286,15 @@ class TestOCSPResponse(object):
             ocsp.load_der_ocsp_response,
         )
         assert resp.revocation_reason is x509.ReasonFlags.superseded
+
+    def test_response_extensions(self):
+        resp = _load_data(
+            os.path.join("x509", "ocsp", "resp-revoked-reason.der"),
+            ocsp.load_der_ocsp_response,
+        )
+        assert len(resp.extensions) == 1
+        ext = resp.extensions[0]
+        assert ext.critical is False
+        assert ext.value == x509.OCSPNonce(
+            b'\x04\x105\x957\x9fa\x03\x83\x87\x89rW\x8f\xae\x99\xf7"'
+        )
-- 
cgit v1.2.3