(self)
| 912 | builder.sign(diff_key, hashes.SHA256()) |
| 913 | |
| 914 | def test_sign_with_extension(self): |
| 915 | builder = ocsp.OCSPResponseBuilder() |
| 916 | cert, issuer = _cert_and_issuer() |
| 917 | root_cert, private_key = _generate_root() |
| 918 | current_time = ( |
| 919 | datetime.datetime.now(datetime.timezone.utc) |
| 920 | .replace(tzinfo=None) |
| 921 | .replace(microsecond=0) |
| 922 | ) |
| 923 | this_update = current_time - datetime.timedelta(days=1) |
| 924 | next_update = this_update + datetime.timedelta(days=7) |
| 925 | builder = ( |
| 926 | builder.responder_id(ocsp.OCSPResponderEncoding.HASH, root_cert) |
| 927 | .add_response( |
| 928 | cert, |
| 929 | issuer, |
| 930 | hashes.SHA1(), |
| 931 | ocsp.OCSPCertStatus.GOOD, |
| 932 | this_update, |
| 933 | next_update, |
| 934 | None, |
| 935 | None, |
| 936 | ) |
| 937 | .add_extension(x509.OCSPNonce(b"012345"), False) |
| 938 | ) |
| 939 | resp = builder.sign(private_key, hashes.SHA256()) |
| 940 | assert len(resp.extensions) == 1 |
| 941 | assert resp.extensions[0].value == x509.OCSPNonce(b"012345") |
| 942 | assert resp.extensions[0].critical is False |
| 943 | private_key.public_key().verify( |
| 944 | resp.signature, resp.tbs_response_bytes, ec.ECDSA(hashes.SHA256()) |
| 945 | ) |
| 946 | |
| 947 | @pytest.mark.parametrize( |
| 948 | ("status", "der"), |
nothing calls this directly
no test coverage detected