pki.tests.test_idevid_verifier

Tests for the IDevID verifier.

Functions

get_mock_truststore(certificates)

Get a mock truststore for testing.

test_tls_client_cert_verification()

Tests the TLS client certificate verification with the direct Issuing CA in the Truststore.

test_tls_client_cert_verification_self_signed()

Tests the TLS client certificate verification with a self-signed client certificate.

test_tls_client_cert_verification_not_in_truststore()

Tests the TLS client certificate verification fails if no matching certificate in the Truststore.

test_tls_client_cert_verification_chain(...)

Tests the TLS client certificate verification with an intermediate CA.

test_tls_client_cert_chain_too_long()

Tests the TLS client certificate verification fails with a too long chain.

test_tls_client_cert_idevid_in_truststore()

Tests that verification works with just the IDevID directly in the Truststore (not the CA).

test_tls_client_cert_idevid_expired()

Tests that verification fails if the IDevID certificate is expired.

test_tls_client_cert_ca_expired()

Tests that verification fails if the CA certificate is expired.

test_tls_client_cert_attributes()

Tests that verification fails if the client cert has no subject serial number.

Module Contents

pki.tests.test_idevid_verifier.get_mock_truststore(certificates)[source]

Get a mock truststore for testing.

Parameters:

certificates (list[cryptography.x509.Certificate])

Return type:

unittest.mock.MagicMock

pki.tests.test_idevid_verifier.test_tls_client_cert_verification()[source]

Tests the TLS client certificate verification with the direct Issuing CA in the Truststore.

Return type:

None

pki.tests.test_idevid_verifier.test_tls_client_cert_verification_self_signed()[source]

Tests the TLS client certificate verification with a self-signed client certificate.

Return type:

None

pki.tests.test_idevid_verifier.test_tls_client_cert_verification_not_in_truststore()[source]

Tests the TLS client certificate verification fails if no matching certificate in the Truststore.

Return type:

None

pki.tests.test_idevid_verifier.test_tls_client_cert_verification_chain(client_includes_root_ca)[source]

Tests the TLS client certificate verification with an intermediate CA.

Parameters:

client_includes_root_ca (bool)

Return type:

None

pki.tests.test_idevid_verifier.test_tls_client_cert_chain_too_long()[source]

Tests the TLS client certificate verification fails with a too long chain.

Return type:

None

pki.tests.test_idevid_verifier.test_tls_client_cert_idevid_in_truststore()[source]

Tests that verification works with just the IDevID directly in the Truststore (not the CA).

Return type:

None

pki.tests.test_idevid_verifier.test_tls_client_cert_idevid_expired()[source]

Tests that verification fails if the IDevID certificate is expired.

Return type:

None

pki.tests.test_idevid_verifier.test_tls_client_cert_ca_expired()[source]

Tests that verification fails if the CA certificate is expired.

Return type:

None

pki.tests.test_idevid_verifier.test_tls_client_cert_attributes()[source]

Tests that verification fails if the client cert has no subject serial number.

Return type:

None