(self, backend)
| 1667 | builder.sign(private_key, hashes.SHA256()) |
| 1668 | |
| 1669 | def test_sign_ed25519(self, backend): |
| 1670 | builder = ocsp.OCSPResponseBuilder() |
| 1671 | cert, issuer = _cert_and_issuer() |
| 1672 | private_key = ed25519.Ed25519PrivateKey.generate() |
| 1673 | root_cert, _ = _generate_root(private_key, None) |
| 1674 | current_time = ( |
| 1675 | datetime.datetime.now(datetime.timezone.utc) |
| 1676 | .replace(tzinfo=None) |
| 1677 | .replace(microsecond=0) |
| 1678 | ) |
| 1679 | this_update = current_time - datetime.timedelta(days=1) |
| 1680 | next_update = this_update + datetime.timedelta(days=7) |
| 1681 | revoked_date = this_update - datetime.timedelta(days=300) |
| 1682 | builder = builder.responder_id( |
| 1683 | ocsp.OCSPResponderEncoding.NAME, root_cert |
| 1684 | ).add_response( |
| 1685 | cert, |
| 1686 | issuer, |
| 1687 | hashes.SHA1(), |
| 1688 | ocsp.OCSPCertStatus.REVOKED, |
| 1689 | this_update, |
| 1690 | next_update, |
| 1691 | revoked_date, |
| 1692 | x509.ReasonFlags.key_compromise, |
| 1693 | ) |
| 1694 | resp = builder.sign(private_key, None) |
| 1695 | assert resp.certificate_status == ocsp.OCSPCertStatus.REVOKED |
| 1696 | assert resp.revocation_reason is x509.ReasonFlags.key_compromise |
| 1697 | _check_ocsp_response_times( |
| 1698 | resp, |
| 1699 | this_update=this_update, |
| 1700 | next_update=next_update, |
| 1701 | revocation_time=revoked_date, |
| 1702 | ) |
| 1703 | assert resp.signature_hash_algorithm is None |
| 1704 | assert ( |
| 1705 | resp.signature_algorithm_oid == x509.SignatureAlgorithmOID.ED25519 |
| 1706 | ) |
| 1707 | private_key.public_key().verify( |
| 1708 | resp.signature, resp.tbs_response_bytes |
| 1709 | ) |
| 1710 | |
| 1711 | @pytest.mark.supported( |
| 1712 | only_if=lambda backend: backend.ed448_supported(), |
nothing calls this directly
no test coverage detected