(self)
| 678 | ) |
| 679 | |
| 680 | def test_sign_revoked_cert(self): |
| 681 | builder = ocsp.OCSPResponseBuilder() |
| 682 | cert, issuer = _cert_and_issuer() |
| 683 | root_cert, private_key = _generate_root() |
| 684 | current_time = ( |
| 685 | datetime.datetime.now(datetime.timezone.utc) |
| 686 | .replace(tzinfo=None) |
| 687 | .replace(microsecond=0) |
| 688 | ) |
| 689 | this_update = current_time - datetime.timedelta(days=1) |
| 690 | next_update = this_update + datetime.timedelta(days=7) |
| 691 | revoked_date = this_update - datetime.timedelta(days=300) |
| 692 | builder = builder.responder_id( |
| 693 | ocsp.OCSPResponderEncoding.NAME, root_cert |
| 694 | ).add_response( |
| 695 | cert, |
| 696 | issuer, |
| 697 | hashes.SHA1(), |
| 698 | ocsp.OCSPCertStatus.REVOKED, |
| 699 | this_update, |
| 700 | next_update, |
| 701 | revoked_date, |
| 702 | None, |
| 703 | ) |
| 704 | resp = builder.sign(private_key, hashes.SHA256()) |
| 705 | assert resp.certificate_status == ocsp.OCSPCertStatus.REVOKED |
| 706 | assert resp.revocation_reason is None |
| 707 | _check_ocsp_response_times( |
| 708 | resp, |
| 709 | this_update=this_update, |
| 710 | next_update=next_update, |
| 711 | revocation_time=revoked_date, |
| 712 | ) |
| 713 | private_key.public_key().verify( |
| 714 | resp.signature, resp.tbs_response_bytes, ec.ECDSA(hashes.SHA256()) |
| 715 | ) |
| 716 | |
| 717 | def test_sign_unknown_cert(self): |
| 718 | builder = ocsp.OCSPResponseBuilder() |
nothing calls this directly
no test coverage detected