(self, backend)
| 1713 | skip_message="Requires OpenSSL with Ed448 support / OCSP", |
| 1714 | ) |
| 1715 | def test_sign_ed448(self, backend): |
| 1716 | builder = ocsp.OCSPResponseBuilder() |
| 1717 | cert, issuer = _cert_and_issuer() |
| 1718 | private_key = ed448.Ed448PrivateKey.generate() |
| 1719 | root_cert, _ = _generate_root(private_key, None) |
| 1720 | current_time = ( |
| 1721 | datetime.datetime.now(datetime.timezone.utc) |
| 1722 | .replace(tzinfo=None) |
| 1723 | .replace(microsecond=0) |
| 1724 | ) |
| 1725 | this_update = current_time - datetime.timedelta(days=1) |
| 1726 | next_update = this_update + datetime.timedelta(days=7) |
| 1727 | revoked_date = this_update - datetime.timedelta(days=300) |
| 1728 | builder = builder.responder_id( |
| 1729 | ocsp.OCSPResponderEncoding.NAME, root_cert |
| 1730 | ).add_response( |
| 1731 | cert, |
| 1732 | issuer, |
| 1733 | hashes.SHA1(), |
| 1734 | ocsp.OCSPCertStatus.REVOKED, |
| 1735 | this_update, |
| 1736 | next_update, |
| 1737 | revoked_date, |
| 1738 | x509.ReasonFlags.key_compromise, |
| 1739 | ) |
| 1740 | resp = builder.sign(private_key, None) |
| 1741 | assert resp.certificate_status == ocsp.OCSPCertStatus.REVOKED |
| 1742 | assert resp.revocation_reason is x509.ReasonFlags.key_compromise |
| 1743 | _check_ocsp_response_times( |
| 1744 | resp, |
| 1745 | this_update=this_update, |
| 1746 | next_update=next_update, |
| 1747 | revocation_time=revoked_date, |
| 1748 | ) |
| 1749 | assert resp.signature_hash_algorithm is None |
| 1750 | assert resp.signature_algorithm_oid == x509.SignatureAlgorithmOID.ED448 |
| 1751 | private_key.public_key().verify( |
| 1752 | resp.signature, resp.tbs_response_bytes |
| 1753 | ) |
nothing calls this directly
no test coverage detected