(self)
| 628 | builder.sign(private_key, "notahash") # type: ignore[arg-type] |
| 629 | |
| 630 | def test_sign_good_cert(self): |
| 631 | builder = ocsp.OCSPResponseBuilder() |
| 632 | cert, issuer = _cert_and_issuer() |
| 633 | root_cert, private_key = _generate_root() |
| 634 | current_time = ( |
| 635 | datetime.datetime.now(datetime.timezone.utc) |
| 636 | .replace(tzinfo=None) |
| 637 | .replace(microsecond=0) |
| 638 | ) |
| 639 | this_update = current_time - datetime.timedelta(days=1) |
| 640 | next_update = this_update + datetime.timedelta(days=7) |
| 641 | builder = builder.responder_id( |
| 642 | ocsp.OCSPResponderEncoding.NAME, root_cert |
| 643 | ).add_response( |
| 644 | cert, |
| 645 | issuer, |
| 646 | hashes.SHA1(), |
| 647 | ocsp.OCSPCertStatus.GOOD, |
| 648 | this_update, |
| 649 | next_update, |
| 650 | None, |
| 651 | None, |
| 652 | ) |
| 653 | resp = builder.sign(private_key, hashes.SHA256()) |
| 654 | assert resp.responder_name == root_cert.subject |
| 655 | assert resp.responder_key_hash is None |
| 656 | with pytest.warns(utils.DeprecatedIn43): |
| 657 | assert (current_time - resp.produced_at).total_seconds() < 10 |
| 658 | assert ( |
| 659 | current_time.replace(tzinfo=datetime.timezone.utc) |
| 660 | - resp.produced_at_utc |
| 661 | ).total_seconds() < 10 |
| 662 | assert ( |
| 663 | resp.signature_algorithm_oid |
| 664 | == x509.SignatureAlgorithmOID.ECDSA_WITH_SHA256 |
| 665 | ) |
| 666 | assert resp.certificate_status == ocsp.OCSPCertStatus.GOOD |
| 667 | assert resp.revocation_reason is None |
| 668 | |
| 669 | _check_ocsp_response_times( |
| 670 | resp, |
| 671 | this_update=this_update, |
| 672 | next_update=next_update, |
| 673 | revocation_time=None, |
| 674 | ) |
| 675 | |
| 676 | private_key.public_key().verify( |
| 677 | resp.signature, resp.tbs_response_bytes, ec.ECDSA(hashes.SHA256()) |
| 678 | ) |
| 679 | |
| 680 | def test_sign_revoked_cert(self): |
| 681 | builder = ocsp.OCSPResponseBuilder() |
nothing calls this directly
no test coverage detected