refactor ocsp request parsing and generation to support only one cert (#4439)
* refactor ocsp request parsing and generation to support only one cert
* small doc change
* notimplementederror
diff --git a/tests/x509/test_ocsp.py b/tests/x509/test_ocsp.py
index 709ef6f..3e6ac9c 100644
--- a/tests/x509/test_ocsp.py
+++ b/tests/x509/test_ocsp.py
@@ -46,64 +46,26 @@
with pytest.raises(ValueError):
ocsp.load_der_ocsp_request(b"invalid")
- def test_load_request_one_item(self):
+ def test_load_request(self):
req = _load_data(
os.path.join("x509", "ocsp", "req-sha1.der"),
ocsp.load_der_ocsp_request,
)
- assert len(req) == 1
- assert req[0].issuer_name_hash == (b"8\xcaF\x8c\x07D\x8d\xf4\x81\x96"
- b"\xc7mmLpQ\x9e`\xa7\xbd")
- assert req[0].issuer_key_hash == (b"yu\xbb\x84:\xcb,\xdez\t\xbe1"
- b"\x1bC\xbc\x1c*MSX")
- assert isinstance(req[0].hash_algorithm, hashes.SHA1)
- assert req[0].serial_number == int(
+ assert req.issuer_name_hash == (b"8\xcaF\x8c\x07D\x8d\xf4\x81\x96"
+ b"\xc7mmLpQ\x9e`\xa7\xbd")
+ assert req.issuer_key_hash == (b"yu\xbb\x84:\xcb,\xdez\t\xbe1"
+ b"\x1bC\xbc\x1c*MSX")
+ assert isinstance(req.hash_algorithm, hashes.SHA1)
+ assert req.serial_number == int(
"98D9E5C0B4C373552DF77C5D0F1EB5128E4945F9", 16
)
- def test_load_request_multiple_items(self):
- req = _load_data(
- os.path.join("x509", "ocsp", "req-multi-sha1.der"),
- ocsp.load_der_ocsp_request,
- )
- assert len(req) == 2
- assert req[0].issuer_name_hash == (b"8\xcaF\x8c\x07D\x8d\xf4\x81\x96"
- b"\xc7mmLpQ\x9e`\xa7\xbd")
- assert req[0].issuer_key_hash == (b"yu\xbb\x84:\xcb,\xdez\t\xbe1"
- b"\x1bC\xbc\x1c*MSX")
- assert isinstance(req[0].hash_algorithm, hashes.SHA1)
- assert req[0].serial_number == int(
- "98D9E5C0B4C373552DF77C5D0F1EB5128E4945F9", 16
- )
- assert req[1].issuer_name_hash == (b"8\xcaF\x8c\x07D\x8d\xf4\x81\x96"
- b"\xc7mmLpQ\x9e`\xa7\xbd")
- assert req[1].issuer_key_hash == (b"yu\xbb\x84:\xcb,\xdez\t\xbe1"
- b"\x1bC\xbc\x1c*MSX")
- assert isinstance(req[1].hash_algorithm, hashes.SHA1)
- assert req[1].serial_number == int(
- "98D9E5C0B4C373552DF77C5D0F1EB5128E4945F0", 16
- )
-
- def test_iter(self):
- req = _load_data(
- os.path.join("x509", "ocsp", "req-multi-sha1.der"),
- ocsp.load_der_ocsp_request,
- )
- for request in req:
- assert isinstance(request, ocsp.Request)
-
- def test_indexing_ocsp_request(self):
- req = _load_data(
- os.path.join("x509", "ocsp", "req-multi-sha1.der"),
- ocsp.load_der_ocsp_request,
- )
- assert req[1].serial_number == req[-1].serial_number
- assert len(req[0:2]) == 2
- assert req[1:2][0].serial_number == int(
- "98D9E5C0B4C373552DF77C5D0F1EB5128E4945F0", 16
- )
- with pytest.raises(IndexError):
- req[10]
+ def test_load_request_two_requests(self):
+ with pytest.raises(NotImplementedError):
+ _load_data(
+ os.path.join("x509", "ocsp", "req-multi-sha1.der"),
+ ocsp.load_der_ocsp_request,
+ )
def test_invalid_hash_algorithm(self):
req = _load_data(
@@ -111,7 +73,7 @@
ocsp.load_der_ocsp_request,
)
with pytest.raises(UnsupportedAlgorithm):
- req[0].hash_algorithm
+ req.hash_algorithm
def test_serialize_request(self):
req_bytes = load_vectors_from_file(
@@ -134,6 +96,13 @@
class TestOCSPRequestBuilder(object):
+ def test_add_two_certs(self):
+ cert, issuer = _cert_and_issuer()
+ builder = ocsp.OCSPRequestBuilder()
+ builder = builder.add_certificate(cert, issuer, hashes.SHA1())
+ with pytest.raises(ValueError):
+ builder.add_certificate(cert, issuer, hashes.SHA1())
+
def test_create_ocsp_request_no_req(self):
builder = ocsp.OCSPRequestBuilder()
with pytest.raises(ValueError):
@@ -143,37 +112,24 @@
cert, issuer = _cert_and_issuer()
builder = ocsp.OCSPRequestBuilder()
with pytest.raises(ValueError):
- builder.add_request(cert, issuer, hashes.MD5())
+ builder.add_certificate(cert, issuer, hashes.MD5())
def test_create_ocsp_request_invalid_cert(self):
cert, issuer = _cert_and_issuer()
builder = ocsp.OCSPRequestBuilder()
with pytest.raises(TypeError):
- builder.add_request(b"notacert", issuer, hashes.SHA1())
+ builder.add_certificate(b"notacert", issuer, hashes.SHA1())
with pytest.raises(TypeError):
- builder.add_request(cert, b"notacert", hashes.SHA1())
+ builder.add_certificate(cert, b"notacert", hashes.SHA1())
def test_create_ocsp_request(self):
cert, issuer = _cert_and_issuer()
builder = ocsp.OCSPRequestBuilder()
- builder = builder.add_request(cert, issuer, hashes.SHA1())
+ builder = builder.add_certificate(cert, issuer, hashes.SHA1())
req = builder.build()
serialized = req.public_bytes(serialization.Encoding.DER)
assert serialized == base64.b64decode(
b"MEMwQTA/MD0wOzAJBgUrDgMCGgUABBRAC0Z68eay0wmDug1gfn5ZN0gkxAQUw5zz"
b"/NNGCDS7zkZ/oHxb8+IIy1kCAj8g"
)
-
- def test_create_ocsp_request_two_reqs(self):
- builder = ocsp.OCSPRequestBuilder()
- cert, issuer = _cert_and_issuer()
- builder = builder.add_request(cert, issuer, hashes.SHA1())
- builder = builder.add_request(cert, issuer, hashes.SHA1())
- req = builder.build()
- serialized = req.public_bytes(serialization.Encoding.DER)
- assert serialized == base64.b64decode(
- b"MIGDMIGAMH4wPTA7MAkGBSsOAwIaBQAEFEALRnrx5rLTCYO6DWB+flk3SCTEBBTD"
- b"nPP800YINLvORn+gfFvz4gjLWQICPyAwPTA7MAkGBSsOAwIaBQAEFEALRnrx5rLT"
- b"CYO6DWB+flk3SCTEBBTDnPP800YINLvORn+gfFvz4gjLWQICPyA="
- )