added test to verify ca-chain

2025-03-21 11:21:05 +01:00 · 2025-03-21 11:21:05 +01:00 · 8da5731bc5
commit 8da5731bc5
parent 757d99031c
1 changed files with 7 additions and 0 deletions
--- a/src/test/test.py
+++ b/src/test/test.py
@ -123,8 +123,11 @@ def test_official_cert():
    """

    nv_response_certificate_configuration = NV_CONFIG_TOKEN_RESPONSE.get('certificateConfiguration')
+    nv_response_ca_cert = nv_response_certificate_configuration.get('caChain')[0].encode('utf-8')
    nv_response_public_cert = nv_response_certificate_configuration.get('publicCert').encode('utf-8')
    nv_response_public_key = nv_response_certificate_configuration.get('publicKey')
+
+    nv_response_parsed_ca_cert = x509.load_pem_x509_certificate(nv_response_ca_cert)
    nv_response_parsed_cert = x509.load_pem_x509_certificate(nv_response_public_cert)

    nv_response_parsed_cert_exp = nv_response_parsed_cert.public_key().public_numbers().e
@ -137,6 +140,10 @@ def test_official_cert():
    assert nv_response_parsed_cert.issuer.rfc4514_string() == nv_issuer
    assert nv_response_parsed_cert.subject.rfc4514_string() == nv_subject

+    nv_ca_ski = nv_response_parsed_ca_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value
+    nv_cert_aki = nv_response_parsed_cert.extensions.get_extension_for_class(x509.AuthorityKeyIdentifier).value
+    assert nv_ca_ski.key_identifier == nv_cert_aki.key_identifier
+

 def test_official_config_token_response():
    """