From 09403100de2f6f1cdd0d484dcb8e620f1c335c8f Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 9 Sep 2018 21:57:21 -0500
Subject: OCSP request extension parsing (#4464)

* add OCSP request parsing support with OCSPNonce

* add docs

* reprs man

* make extensions a cached property
---
 tests/x509/test_ocsp.py     | 13 +++++++++++++
 tests/x509/test_x509_ext.py | 31 +++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+)

(limited to 'tests/x509')

diff --git a/tests/x509/test_ocsp.py b/tests/x509/test_ocsp.py
index 3e6ac9cd..a646f4b7 100644
--- a/tests/x509/test_ocsp.py
+++ b/tests/x509/test_ocsp.py
@@ -59,6 +59,19 @@ class TestOCSPRequest(object):
         assert req.serial_number == int(
             "98D9E5C0B4C373552DF77C5D0F1EB5128E4945F9", 16
         )
+        assert len(req.extensions) == 0
+
+    def test_load_request_with_extensions(self):
+        req = _load_data(
+            os.path.join("x509", "ocsp", "req-ext-nonce.der"),
+            ocsp.load_der_ocsp_request,
+        )
+        assert len(req.extensions) == 1
+        ext = req.extensions[0]
+        assert ext.critical is False
+        assert ext.value == x509.OCSPNonce(
+            b"\x04\x10{\x80Z\x1d7&\xb8\xb8OH\xd2\xf8\xbf\xd7-\xfd"
+        )
 
     def test_load_request_two_requests(self):
         with pytest.raises(NotImplementedError):
diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py
index 7e0ae220..7a43c851 100644
--- a/tests/x509/test_x509_ext.py
+++ b/tests/x509/test_x509_ext.py
@@ -4547,3 +4547,34 @@ class TestInvalidExtension(object):
         )
         with pytest.raises(ValueError):
             cert.extensions
+
+
+class TestOCSPNonce(object):
+    def test_non_bytes(self):
+        with pytest.raises(TypeError):
+            x509.OCSPNonce(38)
+
+    def test_eq(self):
+        nonce1 = x509.OCSPNonce(b"0" * 5)
+        nonce2 = x509.OCSPNonce(b"0" * 5)
+        assert nonce1 == nonce2
+
+    def test_ne(self):
+        nonce1 = x509.OCSPNonce(b"0" * 5)
+        nonce2 = x509.OCSPNonce(b"0" * 6)
+        assert nonce1 != nonce2
+        assert nonce1 != object()
+
+    def test_repr(self):
+        nonce1 = x509.OCSPNonce(b"nonce")
+        if not six.PY2:
+            assert repr(nonce1) == "<OCSPNonce(nonce=b'nonce')>"
+        else:
+            assert repr(nonce1) == "<OCSPNonce(nonce='nonce')>"
+
+    def test_hash(self):
+        nonce1 = x509.OCSPNonce(b"0" * 5)
+        nonce2 = x509.OCSPNonce(b"0" * 5)
+        nonce3 = x509.OCSPNonce(b"1" * 5)
+        assert hash(nonce1) == hash(nonce2)
+        assert hash(nonce1) != hash(nonce3)
-- 
cgit v1.2.3