MCPcopy
hub / github.com/pyca/cryptography / test_sign_good_cert

Method test_sign_good_cert

tests/x509/test_ocsp.py:630–678  ·  view source on GitHub ↗
(self)

Source from the content-addressed store, hash-verified

628 builder.sign(private_key, "notahash") # type: ignore[arg-type]
629
630 def test_sign_good_cert(self):
631 builder = ocsp.OCSPResponseBuilder()
632 cert, issuer = _cert_and_issuer()
633 root_cert, private_key = _generate_root()
634 current_time = (
635 datetime.datetime.now(datetime.timezone.utc)
636 .replace(tzinfo=None)
637 .replace(microsecond=0)
638 )
639 this_update = current_time - datetime.timedelta(days=1)
640 next_update = this_update + datetime.timedelta(days=7)
641 builder = builder.responder_id(
642 ocsp.OCSPResponderEncoding.NAME, root_cert
643 ).add_response(
644 cert,
645 issuer,
646 hashes.SHA1(),
647 ocsp.OCSPCertStatus.GOOD,
648 this_update,
649 next_update,
650 None,
651 None,
652 )
653 resp = builder.sign(private_key, hashes.SHA256())
654 assert resp.responder_name == root_cert.subject
655 assert resp.responder_key_hash is None
656 with pytest.warns(utils.DeprecatedIn43):
657 assert (current_time - resp.produced_at).total_seconds() < 10
658 assert (
659 current_time.replace(tzinfo=datetime.timezone.utc)
660 - resp.produced_at_utc
661 ).total_seconds() < 10
662 assert (
663 resp.signature_algorithm_oid
664 == x509.SignatureAlgorithmOID.ECDSA_WITH_SHA256
665 )
666 assert resp.certificate_status == ocsp.OCSPCertStatus.GOOD
667 assert resp.revocation_reason is None
668
669 _check_ocsp_response_times(
670 resp,
671 this_update=this_update,
672 next_update=next_update,
673 revocation_time=None,
674 )
675
676 private_key.public_key().verify(
677 resp.signature, resp.tbs_response_bytes, ec.ECDSA(hashes.SHA256())
678 )
679
680 def test_sign_revoked_cert(self):
681 builder = ocsp.OCSPResponseBuilder()

Callers

nothing calls this directly

Calls 8

responder_idMethod · 0.95
signMethod · 0.95
_cert_and_issuerFunction · 0.85
_generate_rootFunction · 0.85
add_responseMethod · 0.80
verifyMethod · 0.45
public_keyMethod · 0.45

Tested by

no test coverage detected