[ 0s] Using BUILD_ROOT=/var/tmp/build-root.11b//.mount [ 0s] Using BUILD_ARCH=x86_64:i686:i586:i486:i386 [ 0s] Doing kvm build in /var/tmp/build-root.11b//img [ 0s] [ 0s] [ 0s] buildhostb started "build python-pyhanko-certvalidator.spec" at Tue Nov 12 11:15:29 UTC 2024. [ 0s] [ 0s] [ 0s] processing recipe /space/osc/openSUSE:Factory/python-pyhanko-certvalidator/home:bmwiedemann:branches:devel:languages:python/python-pyhanko-certvalidator/python-pyhanko-certvalidator.spec ... [ 0s] running changelog2spec --target rpm --file /space/osc/openSUSE:Factory/python-pyhanko-certvalidator/home:bmwiedemann:branches:devel:languages:python/python-pyhanko-certvalidator/python-pyhanko-certvalidator.spec [ 0s] init_buildsystem --configdir /usr/lib/build/configs --cachedir /var/cache/build --prepare --define %source_date_epoch_from_changelog 1 --define %_buildhost reproducible --define %clamp_mtime_to_source_date_epoch 1 --define %use_source_date_epoch_as_buildtime 1 --clean --rpmlist /tmp/rpmlist.hs0y94fq /space/osc/openSUSE:Factory/python-pyhanko-certvalidator/home:bmwiedemann:branches:devel:languages:python/python-pyhanko-certvalidator/python-pyhanko-certvalidator.spec ... [ 0s] cycle: rpm-config-SUSE -> rpm [ 0s] breaking dependency rpm-config-SUSE -> rpm [ 1s] [1/33] preinstalling compat-usrmerge-tools... [ 1s] [2/33] preinstalling system-user-root... [ 1s] [3/33] preinstalling terminfo-base... [ 1s] [4/33] preinstalling filesystem... [ 1s] [5/33] preinstalling glibc... [ 1s] [6/33] preinstalling fillup... [ 1s] [7/33] preinstalling libacl1... [ 1s] [8/33] preinstalling libattr1... [ 1s] [9/33] preinstalling libbz2-1... [ 1s] [10/33] preinstalling libcap2... [ 1s] [11/33] preinstalling libgcc_s1... [ 1s] [12/33] preinstalling libgmp10... [ 1s] [13/33] preinstalling libgpg-error0... [ 1s] [14/33] preinstalling libjitterentropy3... [ 1s] [15/33] preinstalling liblua5_4-5... [ 1s] [16/33] preinstalling liblzma5... [ 1s] [17/33] preinstalling libpcre2-8-0... [ 1s] [18/33] preinstalling libpopt0... [ 1s] [19/33] preinstalling libz1... [ 1s] [20/33] preinstalling libzstd1... [ 1s] [21/33] preinstalling libselinux1... [ 1s] [22/33] preinstalling libstdc++6... [ 1s] [23/33] preinstalling libelf1... [ 1s] [24/33] preinstalling libgcrypt20... [ 1s] [25/33] preinstalling libncurses6... [ 1s] [26/33] preinstalling libdw1... [ 1s] [27/33] preinstalling libreadline8... [ 1s] [28/33] preinstalling bash... [ 1s] [29/33] preinstalling bash-sh... [ 1s] [30/33] preinstalling strace... [ 1s] [31/33] preinstalling coreutils... [ 1s] [32/33] preinstalling rpm-config-SUSE... [ 1s] [33/33] preinstalling rpm... [ 2s] [ 2s] [1/17] preinstalling grep... [ 2s] [2/17] preinstalling kernel-obs-build... [ 2s] [3/17] preinstalling libaudit1... [ 2s] [4/17] preinstalling libcap-ng0... [ 2s] [5/17] preinstalling libcrypt1... [ 2s] [6/17] preinstalling libeconf0... [ 2s] [7/17] preinstalling libsmartcols1... [ 2s] [8/17] preinstalling libuuid1... [ 2s] [9/17] preinstalling permctl... [ 2s] [10/17] preinstalling libblkid1... [ 2s] [11/17] preinstalling perl-base... [ 2s] [12/17] preinstalling permissions-config... [ 2s] [13/17] preinstalling libmount1... [ 2s] [14/17] preinstalling libfdisk1... [ 2s] [15/17] preinstalling permissions... [ 2s] [16/17] preinstalling pam... [ 2s] [17/17] preinstalling util-linux... [ 2s] copying packages... [ 2s] reordering...cycle: binutils -> libctf0 [ 2s] breaking dependency libctf0 -> binutils [ 2s] cycle: python310-base -> libpython3_10-1_0 [ 2s] breaking dependency python310-base -> libpython3_10-1_0 [ 2s] cycle: python311-base -> libpython3_11-1_0 [ 2s] breaking dependency python311-base -> libpython3_11-1_0 [ 2s] cycle: python312-base -> libpython3_12-1_0 [ 2s] breaking dependency python312-base -> libpython3_12-1_0 [ 2s] cycle: rpm-config-SUSE -> rpm [ 2s] breaking dependency rpm-config-SUSE -> rpm [ 2s] done [ 3s] cp: -r not specified; omitting directory '/space/osc/openSUSE:Factory/python-pyhanko-certvalidator/home:bmwiedemann:branches:devel:languages:python/python-pyhanko-certvalidator/RPMS' [ 3s] cp: -r not specified; omitting directory '/space/osc/openSUSE:Factory/python-pyhanko-certvalidator/home:bmwiedemann:branches:devel:languages:python/python-pyhanko-certvalidator/RPMS.2017' [ 3s] Detected virtio-serial support [ 3s] QEMU 7.1.0 detected: Skipping iothreads because of bsc#1204082 [ 3s] Creating ext4 filesystem on /var/tmp/build-root.11b//img [ 3s] tune2fs 1.46.4 (18-Aug-2021) [ 3s] Setting maximal mount count to -1 [ 3s] booting kvm... [ 3s] Using virtio-serial support [ 3s] /usr/bin/qemu-kvm -nodefaults -no-reboot -nographic -vga none -cpu host -M pc,accel=kvm,usb=off,dump-guest-core=off,vmport=off -sandbox on -bios /usr/share/qemu/qboot.rom -object rng-random,filename=/dev/random,id=rng0 -device virtio-rng-pci,rng=rng0 -runas qemu -net none -rtc base=2040-12-15T00:32:05 -cpu qemu64,l3-cache=on -kernel /var/tmp/build-root.11b//.mount/boot/kernel -initrd /var/tmp/build-root.11b//.mount/boot/initrd -append root=/dev/disk/by-id/virtio-0 rootfstype=ext4 rootflags=noatime elevator=noop nmi_watchdog=0 rw ia32_emulation=1 oops=panic panic=1 quiet console=hvc0 init=/.build/build -m 81920 -drive file=/var/tmp/build-root.11b//img,format=raw,if=none,id=disk,cache=unsafe,aio=io_uring -device virtio-blk-pci,drive=disk,serial=0 -drive file=/var/tmp/build-root.11b//swap,format=raw,if=none,id=swap,cache=unsafe,aio=io_uring -device virtio-blk-pci,drive=swap,serial=1 -device virtio-serial,max_ports=2 -device virtconsole,chardev=virtiocon0 -chardev stdio,id=virtiocon0 -chardev socket,id=monitor,server=on,wait=off,path=/var/tmp/build-root.11b//img.qemu/monitor -mon chardev=monitor,mode=readline -smp 1 [ 4s] [!p]104[?7h[ 1.032127][ T1] systemd[1]: Failed to start Virtual Console Setup. [ 4s] [FAILED] Failed to start Virtual Console Setup. [ 6s] [FAILED] Failed to start Virtual Console Setup. [ 6s] 2nd stage started in virtual machine [ 6s] machine type: x86_64 [ 6s] Linux version: 6.11.6-2-default #1 SMP PREEMPT_DYNAMIC Mon Nov 4 08:15:48 UTC 2024 (8545f24) [ 6s] Time: Sat Dec 15 00:32:07 UTC 2040 [ 6s] Increasing log level from now on... [ 6s] [ 2.826789][ T524] sysrq: Changing Loglevel [ 6s] [ 2.826833][ T524] sysrq: Loglevel set to 4 [ 6s] Enable sysrq operations [ 6s] Setting up swapspace version 1, size = 1024 MiB (1073737728 bytes) [ 6s] no label, UUID=8796aff5-c819-4f25-8225-5b1f5c539606 [ 6s] swapon: /dev/vdb: found signature [pagesize=4096, signature=swap] [ 6s] swapon: /dev/vdb: pagesize=4096, swapsize=1073741824, devsize=1073741824 [ 6s] swapon /dev/vdb [ 6s] WARNING: udev not running, creating extra device nodes [ 6s] logging output to //.build.log... [ 6s] processing recipe //.build-srcdir/python-pyhanko-certvalidator.spec ... [ 6s] init_buildsystem --configdir /.build/configs --cachedir /var/cache/build --define %source_date_epoch_from_changelog 1 --define %_buildhost reproducible --define %clamp_mtime_to_source_date_epoch 1 --define %use_source_date_epoch_as_buildtime 1 //.build-srcdir/python-pyhanko-certvalidator.spec ... [ 6s] initializing rpm db... [ 6s] querying package ids... [ 7s] [1/268] cumulate compat-usrmerge-tools-84.87-5.20 [ 7s] [2/268] cumulate crypto-policies-20230920.570ea89-3.2 [ 7s] [3/268] cumulate file-magic-5.45-4.1 [ 7s] [4/268] cumulate kernel-obs-build-6.11.6-2.1 [ 7s] [5/268] cumulate libssh-config-0.10.6-2.1 [ 7s] [6/268] cumulate pkgconf-m4-2.2.0-1.1 [ 7s] [7/268] cumulate python-rpm-macros-20240618.c146b29-1.1 [ 7s] [8/268] cumulate system-user-root-20190513-2.16 [ 7s] [9/268] cumulate terminfo-base-6.5.20241102-48.1 [ 7s] [10/268] cumulate vim-data-common-9.1.0836-1.1 [ 7s] [11/268] cumulate filesystem-84.87-16.1 [ 7s] [12/268] cumulate glibc-2.40-2.1 [ 7s] [13/268] cumulate diffutils-3.10-1.7 [ 7s] [14/268] cumulate envsubst-mini-0.22.5-7.1 [ 7s] [15/268] cumulate fillup-1.42-281.1 [ 7s] [16/268] cumulate glibc-gconv-modules-extra-2.40-2.1 [ 7s] [17/268] cumulate glibc-locale-base-2.40-2.1 [ 7s] [18/268] cumulate libacl1-2.3.2-2.1 [ 7s] [19/268] cumulate libalternatives1-1.2+30.a5431e9-1.5 [ 7s] [20/268] cumulate libatomic1-14.2.1+git10750-1.1 [ 7s] [21/268] cumulate libattr1-2.5.2-1.2 [ 7s] [22/268] cumulate libaudit1-4.0-3.1 [ 7s] [23/268] cumulate libbrotlicommon1-1.1.0-1.3 [ 7s] [24/268] cumulate libbz2-1-1.0.8-5.10 [ 7s] [25/268] cumulate libcap-ng0-0.8.5-1.1 [ 7s] [26/268] cumulate libcap2-2.70-1.1 [ 7s] [27/268] cumulate libcom_err2-1.47.0-4.3 [ 7s] [28/268] cumulate libcrypt1-4.4.36-1.6 [ 7s] [29/268] cumulate libeconf0-0.7.4-2.1 [ 7s] [30/268] cumulate libexpat1-2.6.4-1.1 [ 7s] [31/268] cumulate libffi8-3.4.6-1.1 [ 7s] [32/268] cumulate libgcc_s1-14.2.1+git10750-1.1 [ 7s] [33/268] cumulate libgdbm6-1.24-1.1 [ 7s] [34/268] cumulate libgmp10-6.3.0-3.2 [ 7s] [35/268] cumulate libgomp1-14.2.1+git10750-1.1 [ 7s] [36/268] cumulate libgpg-error0-1.50-1.1 [ 7s] [37/268] cumulate libitm1-14.2.1+git10750-1.1 [ 7s] [38/268] cumulate libjitterentropy3-3.4.1-4.2 [ 7s] [39/268] cumulate liblua5_4-5-5.4.7-3.1 [ 7s] [40/268] cumulate liblzma5-5.6.3-1.1 [ 7s] [41/268] cumulate libmpdec3-2.5.1-2.19 [ 7s] [42/268] cumulate libnghttp2-14-1.62.1-1.1 [ 7s] [43/268] cumulate libpcre2-8-0-10.44-1.1 [ 7s] [44/268] cumulate libpkgconf5-2.2.0-1.1 [ 7s] [45/268] cumulate libpopt0-1.19-1.8 [ 7s] [46/268] cumulate libsasl2-3-2.1.28-9.1 [ 7s] [47/268] cumulate libseccomp2-2.5.5-1.3 [ 7s] [48/268] cumulate libsmartcols1-2.40.2-1.1 [ 7s] [49/268] cumulate libsqlite3-0-3.46.1-1.1 [ 7s] [50/268] cumulate libtasn1-6-4.19.0-1.7 [ 7s] [51/268] cumulate libunistring5-1.3-1.1 [ 7s] [52/268] cumulate libuuid1-2.40.2-1.1 [ 7s] [53/268] cumulate libverto1-0.3.2-3.3 [ 7s] [54/268] cumulate libz1-1.3.1-1.1 [ 7s] [55/268] cumulate libzstd1-1.5.6-1.2 [ 7s] [56/268] cumulate patch-2.7.6-8.1 [ 7s] [57/268] cumulate update-alternatives-1.22.11-1.1 [ 7s] [58/268] cumulate xxd-9.1.0836-1.1 [ 7s] [59/268] cumulate alts-1.2+30.a5431e9-1.5 [ 7s] [60/268] cumulate libblkid1-2.40.2-1.1 [ 7s] [61/268] cumulate libbrotlidec1-1.1.0-1.3 [ 7s] [62/268] cumulate libctf-nobfd0-2.43-2.1 [ 7s] [63/268] cumulate libgdbm_compat4-1.24-1.1 [ 7s] [64/268] cumulate libglib-2_0-0-2.82.2-1.1 [ 7s] [65/268] cumulate libidn2-0-2.3.7-1.2 [ 7s] [66/268] cumulate libisl23-0.26-1.7 [ 7s] [67/268] cumulate libmpfr6-4.2.1-1.4 [ 7s] [68/268] cumulate libp11-kit0-0.25.5-1.1 [ 7s] [69/268] cumulate libselinux1-3.7-3.1 [ 7s] [70/268] cumulate libstdc++6-14.2.1+git10750-1.1 [ 7s] [71/268] cumulate perl-base-5.40.0-2.1 [ 7s] [72/268] cumulate pkgconf-2.2.0-1.1 [ 7s] [73/268] cumulate libelf1-0.191-2.1 [ 7s] [74/268] cumulate libgcrypt20-1.11.0-1.1 [ 7s] [75/268] cumulate libopenssl3-3.2.3-1.1 [ 7s] [76/268] cumulate permctl-1699_20240522-1.2 [ 7s] [77/268] cumulate libmagic1-5.45-4.1 [ 7s] [78/268] cumulate build-mkbaselibs-20240913-1.2 [ 7s] [79/268] cumulate rpm-build-perl-4.19.1.1-696.11 [ 7s] [80/268] cumulate dwz-0.15-3.3 [ 7s] [81/268] cumulate findutils-4.10.0-1.1 [ 7s] [82/268] cumulate libgmodule-2_0-0-2.82.2-1.1 [ 7s] [83/268] cumulate fdupes-2.3.1-1.1 [ 7s] [84/268] cumulate file-5.45-4.1 [ 7s] [85/268] cumulate libasan8-14.2.1+git10750-1.1 [ 7s] [86/268] cumulate libdb-4_8-4.8.30-45.1 [ 7s] [87/268] cumulate libfdisk1-2.40.2-1.1 [ 7s] [88/268] cumulate libhwasan0-14.2.1+git10750-1.1 [ 7s] [89/268] cumulate libldap2-2.6.8-2.1 [ 7s] [90/268] cumulate liblsan0-14.2.1+git10750-1.1 [ 7s] [91/268] cumulate libmount1-2.40.2-1.1 [ 7s] [92/268] cumulate libmpc3-1.3.1-1.8 [ 7s] [93/268] cumulate libpsl5-0.21.5-1.2 [ 7s] [94/268] cumulate libsource-highlight4-3.1.9-5.12 [ 7s] [95/268] cumulate libtsan2-14.2.1+git10750-1.1 [ 7s] [96/268] cumulate libubsan1-14.2.1+git10750-1.1 [ 7s] [97/268] cumulate p11-kit-0.25.5-1.1 [ 7s] [98/268] cumulate p11-kit-tools-0.25.5-1.1 [ 7s] [99/268] cumulate sed-4.9-2.6 [ 7s] [100/268] cumulate tar-1.35-3.1 [ 7s] [101/268] cumulate libncurses6-6.5.20241102-48.1 [ 7s] [102/268] cumulate libdw1-0.191-2.1 [ 7s] [103/268] cumulate libreadline8-8.2.13-2.1 [ 7s] [104/268] cumulate ncurses-utils-6.5.20241102-48.1 [ 7s] [105/268] cumulate libasm1-0.191-2.1 [ 7s] [106/268] cumulate babeltrace-1.5.8-3.10 [ 7s] [107/268] cumulate cpp14-14.2.1+git10750-1.1 [ 7s] [108/268] cumulate perl-5.40.0-2.1 [ 7s] [109/268] cumulate brp-check-suse-84.87+git20230324.8680ce4-1.5 [ 7s] [110/268] cumulate bash-5.2.37-14.2 [ 7s] [111/268] cumulate bash-sh-5.2.37-14.2 [ 7s] [112/268] cumulate cpio-2.15-3.1 [ 7s] [113/268] cumulate cpp-14-2.1 [ 7s] [114/268] cumulate gzip-1.13-3.1 [ 7s] [115/268] cumulate make-4.4.1-3.1 [ 7s] [116/268] cumulate which-2.21-5.14 [ 7s] [117/268] cumulate bzip2-1.0.8-5.10 [ 7s] [118/268] cumulate grep-3.11-3.1 [ 7s] [119/268] cumulate pkgconf-pkg-config-2.2.0-1.1 [ 7s] [120/268] cumulate xz-5.6.3-1.1 [ 7s] [121/268] cumulate gettext-runtime-mini-0.22.5-7.1 [ 7s] [122/268] cumulate less-661-2.1 [ 7s] [123/268] cumulate strace-6.11-1.1 [ 7s] [124/268] cumulate gawk-5.3.1-1.1 [ 7s] [125/268] cumulate lua54-5.4.7-3.1 [ 7s] [126/268] cumulate coreutils-9.5-4.1 [ 7s] [127/268] cumulate elfutils-0.191-2.1 [ 7s] [128/268] cumulate vim-9.1.0836-1.1 [ 7s] [129/268] cumulate compat-usrmerge-build-84.87-5.20 [ 7s] [130/268] cumulate systemd-rpm-macros-24-1.6 [ 7s] [131/268] cumulate libxcrypt-devel-4.4.36-1.6 [ 7s] [132/268] cumulate linux-glibc-devel-6.11-1.1 [ 7s] [133/268] cumulate ca-certificates-2+git20240805.fd24d50-1.1 [ 7s] [134/268] cumulate permissions-config-1699_20240522-1.2 [ 7s] [135/268] cumulate polkit-default-privs-1550+20241105.bedeeca-1.1 [ 7s] [136/268] cumulate gettext-tools-mini-0.22.5-7.1 [ 7s] [137/268] cumulate krb5-mini-1.21.3-1.2 [ 7s] [138/268] cumulate aaa_base-84.87+git20240906.742565b-1.1 [ 7s] [139/268] cumulate aaa_base-malloccheck-84.87+git20240906.742565b-1.1 [ 7s] [140/268] cumulate ca-certificates-mozilla-2.68-2.1 [ 7s] [141/268] cumulate permissions-1699_20240522-1.2 [ 7s] [142/268] cumulate glibc-devel-2.40-2.1 [ 7s] [143/268] cumulate libssh4-0.10.6-2.1 [ 7s] [144/268] cumulate rpmlint-mini-2.6.1+git20241024.1f09e50-15.254 [ 7s] [145/268] cumulate pam-1.7.0-1.1 [ 7s] [146/268] cumulate post-build-checks-84.87+git20240327.7996a0f-1.1 [ 7s] [147/268] cumulate libcurl4-8.11.0-1.1 [ 7s] [148/268] cumulate libdebuginfod1-0.191-2.1 [ 7s] [149/268] cumulate util-linux-2.40.2-1.1 [ 7s] [150/268] cumulate libctf0-2.43-2.1 [ 7s] [151/268] cumulate rpm-config-SUSE-20240214-2.1 [ 7s] [152/268] cumulate python310-base-3.10.15-4.1 [ 7s] [153/268] cumulate python311-base-3.11.10-3.1 [ 7s] [154/268] cumulate python312-base-3.12.7-2.1 [ 7s] [155/268] cumulate python310-aiohappyeyeballs-2.4.3-1.1 [ 7s] [156/268] cumulate python310-asn1crypto-1.5.1-5.2 [ 7s] [157/268] cumulate python310-async_timeout-4.0.3-1.5 [ 7s] [158/268] cumulate python310-attrs-24.2.0-1.1 [ 7s] [159/268] cumulate python310-exceptiongroup-1.2.2-1.1 [ 7s] [160/268] cumulate python310-idna-3.10-1.1 [ 7s] [161/268] cumulate python310-iniconfig-2.0.0-4.5 [ 7s] [162/268] cumulate python310-packaging-24.1-1.1 [ 7s] [163/268] cumulate python310-pluggy-1.5.0-1.1 [ 7s] [164/268] cumulate python310-pycparser-2.22-1.1 [ 7s] [165/268] cumulate python310-tomli-2.0.2-1.1 [ 7s] [166/268] cumulate python310-typing_extensions-4.12.2-1.1 [ 7s] [167/268] cumulate python310-uritools-4.0.3-1.1 [ 7s] [168/268] cumulate python311-aiohappyeyeballs-2.4.3-1.1 [ 7s] [169/268] cumulate python311-asn1crypto-1.5.1-5.2 [ 7s] [170/268] cumulate python311-attrs-24.2.0-1.1 [ 7s] [171/268] cumulate python311-idna-3.10-1.1 [ 7s] [172/268] cumulate python311-iniconfig-2.0.0-4.5 [ 7s] [173/268] cumulate python311-packaging-24.1-1.1 [ 7s] [174/268] cumulate python311-pluggy-1.5.0-1.1 [ 7s] [175/268] cumulate python311-pycparser-2.22-1.1 [ 7s] [176/268] cumulate python311-typing_extensions-4.12.2-1.1 [ 7s] [177/268] cumulate python311-uritools-4.0.3-1.1 [ 7s] [178/268] cumulate python312-aiohappyeyeballs-2.4.3-1.1 [ 7s] [179/268] cumulate python312-asn1crypto-1.5.1-5.2 [ 7s] [180/268] cumulate python312-attrs-24.2.0-1.1 [ 7s] [181/268] cumulate python312-idna-3.10-1.1 [ 7s] [182/268] cumulate python312-iniconfig-2.0.0-4.5 [ 7s] [183/268] cumulate python312-packaging-24.1-1.1 [ 7s] [184/268] cumulate python312-pluggy-1.5.0-1.1 [ 7s] [185/268] cumulate python312-pycparser-2.22-1.1 [ 7s] [186/268] cumulate python312-typing_extensions-4.12.2-1.1 [ 7s] [187/268] cumulate python312-uritools-4.0.3-1.1 [ 7s] [188/268] cumulate libpython3_10-1_0-3.10.15-4.1 [ 7s] [189/268] cumulate libpython3_11-1_0-3.11.10-3.1 [ 7s] [190/268] cumulate libpython3_12-1_0-3.12.7-2.1 [ 7s] [191/268] cumulate python310-frozenlist-1.5.0-1.1 [ 7s] [192/268] cumulate python310-propcache-0.2.0-2.1 [ 7s] [193/268] cumulate python310-setuptools-72.1.0-2.1 [ 7s] [194/268] cumulate python310-six-1.16.0-4.5 [ 7s] [195/268] cumulate python310-urllib3-2.2.3-1.1 [ 7s] [196/268] cumulate python311-frozenlist-1.5.0-1.1 [ 7s] [197/268] cumulate python311-propcache-0.2.0-2.1 [ 7s] [198/268] cumulate python311-setuptools-72.1.0-2.1 [ 7s] [199/268] cumulate python311-six-1.16.0-4.5 [ 7s] [200/268] cumulate python311-urllib3-2.2.3-1.1 [ 7s] [201/268] cumulate python312-frozenlist-1.5.0-1.1 [ 7s] [202/268] cumulate python312-propcache-0.2.0-2.1 [ 7s] [203/268] cumulate python312-setuptools-72.1.0-2.1 [ 7s] [204/268] cumulate python312-six-1.16.0-4.5 [ 7s] [205/268] cumulate python312-urllib3-2.2.3-1.1 [ 7s] [206/268] cumulate python310-bcrypt-4.2.0-1.1 [ 7s] [207/268] cumulate python310-certifi-2024.8.30-2.1 [ 7s] [208/268] cumulate python310-charset-normalizer-3.4.0-2.1 [ 7s] [209/268] cumulate python310-wheel-0.44.0-1.1 [ 7s] [210/268] cumulate python311-bcrypt-4.2.0-1.1 [ 7s] [211/268] cumulate python311-certifi-2024.8.30-2.1 [ 7s] [212/268] cumulate python311-charset-normalizer-3.4.0-2.1 [ 7s] [213/268] cumulate python311-wheel-0.44.0-1.1 [ 7s] [214/268] cumulate python312-bcrypt-4.2.0-1.1 [ 7s] [215/268] cumulate python312-certifi-2024.8.30-2.1 [ 7s] [216/268] cumulate python312-charset-normalizer-3.4.0-2.1 [ 7s] [217/268] cumulate python312-wheel-0.44.0-1.1 [ 7s] [218/268] cumulate python310-3.10.15-4.1 [ 7s] [219/268] cumulate python311-3.11.10-3.1 [ 7s] [220/268] cumulate python312-3.12.7-2.1 [ 7s] [221/268] cumulate python310-pip-24.3.1-1.1 [ 7s] [222/268] cumulate python311-pip-24.3.1-1.1 [ 7s] [223/268] cumulate python312-pip-24.3.1-1.1 [ 7s] [224/268] cumulate binutils-2.43-2.1 [ 7s] [225/268] cumulate rpm-4.19.1.1-696.11 [ 7s] [226/268] cumulate python310-aiosignal-1.3.1-1.5 [ 7s] [227/268] cumulate python310-oscrypto-1.3.0-3.1 [ 7s] [228/268] cumulate python310-python-dateutil-2.9.0.post0-1.2 [ 7s] [229/268] cumulate python311-aiosignal-1.3.1-1.5 [ 7s] [230/268] cumulate python311-oscrypto-1.3.0-3.1 [ 7s] [231/268] cumulate python311-python-dateutil-2.9.0.post0-1.2 [ 7s] [232/268] cumulate python312-aiosignal-1.3.1-1.5 [ 7s] [233/268] cumulate python312-oscrypto-1.3.0-3.1 [ 7s] [234/268] cumulate python312-python-dateutil-2.9.0.post0-1.2 [ 7s] [235/268] cumulate python310-multidict-6.1.0-1.1 [ 7s] [236/268] cumulate python311-multidict-6.1.0-1.1 [ 7s] [237/268] cumulate python312-multidict-6.1.0-1.1 [ 7s] [238/268] cumulate python310-cffi-1.17.1-1.1 [ 7s] [239/268] cumulate python311-cffi-1.17.1-1.1 [ 7s] [240/268] cumulate python312-cffi-1.17.1-1.1 [ 7s] [241/268] cumulate python-rpm-packaging-20210526+a18ca48-1.11 [ 7s] [242/268] cumulate python310-requests-2.32.3-4.1 [ 7s] [243/268] cumulate python311-requests-2.32.3-4.1 [ 7s] [244/268] cumulate python312-requests-2.32.3-4.1 [ 7s] [245/268] cumulate python311-pytest-8.3.3-1.1 [ 7s] [246/268] cumulate python312-pytest-8.3.3-1.1 [ 7s] [247/268] cumulate build-compare-20240801T083050.024a3a7-1.2 [ 7s] [248/268] cumulate librpmbuild10-4.19.1.1-696.11 [ 7s] [249/268] cumulate python310-pytest-8.3.3-1.1 [ 7s] [250/268] cumulate debugedit-5.0-5.10 [ 7s] [251/268] cumulate gdb-14.2-2.1 [ 7s] [252/268] cumulate gcc14-14.2.1+git10750-1.1 [ 7s] [253/268] cumulate gcc14-PIE-14.2.1+git10750-1.1 [ 7s] [254/268] cumulate gcc-14-2.1 [ 7s] [255/268] cumulate python310-freezegun-1.5.1-2.1 [ 7s] [256/268] cumulate python311-freezegun-1.5.1-2.1 [ 7s] [257/268] cumulate python312-freezegun-1.5.1-2.1 [ 7s] [258/268] cumulate python310-yarl-1.14.0-1.1 [ 7s] [259/268] cumulate python311-yarl-1.14.0-1.1 [ 7s] [260/268] cumulate python312-yarl-1.14.0-1.1 [ 7s] [261/268] cumulate python310-aiohttp-3.10.10-1.1 [ 7s] [262/268] cumulate python311-aiohttp-3.10.10-1.1 [ 7s] [263/268] cumulate python312-aiohttp-3.10.10-1.1 [ 7s] [264/268] cumulate python310-cryptography-43.0.3-3.1 [ 7s] [265/268] cumulate python311-cryptography-43.0.3-3.1 [ 7s] [266/268] cumulate python312-cryptography-43.0.3-3.1 [ 7s] [267/268] cumulate gcc-PIE-14-2.1 [ 7s] [268/268] cumulate rpm-build-4.19.1.1-696.11 [ 7s] now installing cumulated packages [ 7s] Preparing... ######################################## [ 7s] Updating / installing... [ 7s] system-user-root-20190513-2.16 ######################################## [ 7s] crypto-policies-20230920.570ea89-3.2 ######################################## [ 7s] vim-data-common-9.1.0836-1.1 ######################################## [ 7s] python-rpm-macros-20240618.c146b29-1.1######################################## [ 7s] pkgconf-m4-2.2.0-1.1 ######################################## [ 7s] libssh-config-0.10.6-2.1 ######################################## [ 7s] file-magic-5.45-4.1 ######################################## [ 7s] compat-usrmerge-tools-84.87-5.20 ######################################## [ 7s] filesystem-84.87-16.1 ######################################## [ 7s] glibc-2.40-2.1 ######################################## [ 7s] glibc-gconv-modules-extra-2.40-2.1 ######################################## [ 7s] libgcc_s1-14.2.1+git10750-1.1 ######################################## [ 7s] libz1-1.3.1-1.1 ######################################## [ 7s] libstdc++6-14.2.1+git10750-1.1 ######################################## [ 7s] libzstd1-1.5.6-1.2 ######################################## [ 7s] libelf1-0.191-2.1 ######################################## [ 7s] libbz2-1-1.0.8-5.10 ######################################## [ 7s] libcrypt1-4.4.36-1.6 ######################################## [ 7s] libgmp10-6.3.0-3.2 ######################################## [ 7s] liblzma5-5.6.3-1.1 ######################################## [ 7s] update-alternatives-1.22.11-1.1 ######################################## [ 7s] terminfo-base-6.5.20241102-48.1 ######################################## [ 7s] libncurses6-6.5.20241102-48.1 ######################################## [ 7s] ncurses-utils-6.5.20241102-48.1 ######################################## [ 7s] libreadline8-8.2.13-2.1 ######################################## [ 7s] bash-5.2.37-14.2 ######################################## [ 7s] bash-sh-5.2.37-14.2 ######################################## [ 7s] libffi8-3.4.6-1.1 ######################################## [ 7s] libdw1-0.191-2.1 ######################################## [ 7s] perl-base-5.40.0-2.1 ######################################## [ 7s] libacl1-2.3.2-2.1 ######################################## [ 7s] libuuid1-2.40.2-1.1 ######################################## [ 7s] xz-5.6.3-1.1 ######################################## [ 7s] libmpfr6-4.2.1-1.4 ######################################## [ 7s] fillup-1.42-281.1 ######################################## [ 7s] gawk-5.3.1-1.1 ######################################## [ 7s] libcap2-2.70-1.1 ######################################## [ 7s] libexpat1-2.6.4-1.1 ######################################## [ 7s] libpopt0-1.19-1.8 ######################################## [ 7s] cpio-2.15-3.1 ######################################## [ 7s] libeconf0-0.7.4-2.1 ######################################## [ 7s] libblkid1-2.40.2-1.1 ######################################## [ 7s] libgomp1-14.2.1+git10750-1.1 ######################################## [ 7s] liblua5_4-5-5.4.7-3.1 ######################################## [ 7s] libmpdec3-2.5.1-2.19 ######################################## [ 7s] libpcre2-8-0-10.44-1.1 ######################################## [ 7s] libselinux1-3.7-3.1 ######################################## [ 7s] sed-4.9-2.6 ######################################## [ 7s] grep-3.11-3.1 ######################################## [ 7s] findutils-4.10.0-1.1 ######################################## [ 7s] libsqlite3-0-3.46.1-1.1 ######################################## [ 7s] libglib-2_0-0-2.82.2-1.1 ######################################## [ 7s] permctl-1699_20240522-1.2 ######################################## [ 7s] libmpc3-1.3.1-1.8 ######################################## [ 7s] libp11-kit0-0.25.5-1.1 ######################################## [ 7s] which-2.21-5.14 ######################################## [ 7s] libmagic1-5.45-4.1 ######################################## [ 7s] libisl23-0.26-1.7 ######################################## [ 8s] cpp14-14.2.1+git10750-1.1 ######################################## [ 8s] dwz-0.15-3.3 ######################################## [ 8s] diffutils-3.10-1.7 ######################################## [ 8s] libaudit1-4.0-3.1 ######################################## [ 8s] libgdbm6-1.24-1.1 ######################################## [ 8s] libjitterentropy3-3.4.1-4.2 ######################################## [ 8s] libtasn1-6-4.19.0-1.7 ######################################## [ 8s] libunistring5-1.3-1.1 ######################################## [ 8s] libidn2-0-2.3.7-1.2 ######################################## [ 8s] libpsl5-0.21.5-1.2 ######################################## [ 8s] p11-kit-0.25.5-1.1 ######################################## [ 8s] p11-kit-tools-0.25.5-1.1 ######################################## [ 8s] libgdbm_compat4-1.24-1.1 ######################################## [ 8s] cpp-14-2.1 ######################################## [ 8s] libgmodule-2_0-0-2.82.2-1.1 ######################################## [ 8s] babeltrace-1.5.8-3.10 ######################################## [ 8s] libmount1-2.40.2-1.1 ######################################## [ 8s] tar-1.35-3.1 ######################################## [ 8s] lua54-5.4.7-3.1 ######################################## [ 8s] update-alternatives: using /usr/bin/lua5.4 to provide /usr/bin/lua (lua) in auto mode [ 8s] libfdisk1-2.40.2-1.1 ######################################## [ 8s] rpm-build-perl-4.19.1.1-696.11 ######################################## [ 8s] libasm1-0.191-2.1 ######################################## [ 8s] elfutils-0.191-2.1 ######################################## [ 8s] gzip-1.13-3.1 ######################################## [ 8s] make-4.4.1-3.1 ######################################## [ 8s] bzip2-1.0.8-5.10 ######################################## [ 8s] libasan8-14.2.1+git10750-1.1 ######################################## [ 8s] libdb-4_8-4.8.30-45.1 ######################################## [ 8s] perl-5.40.0-2.1 ######################################## [ 8s] libhwasan0-14.2.1+git10750-1.1 ######################################## [ 8s] liblsan0-14.2.1+git10750-1.1 ######################################## [ 8s] libsource-highlight4-3.1.9-5.12 ######################################## [ 8s] libtsan2-14.2.1+git10750-1.1 ######################################## [ 8s] libubsan1-14.2.1+git10750-1.1 ######################################## [ 8s] libctf-nobfd0-2.43-2.1 ######################################## [ 8s] envsubst-mini-0.22.5-7.1 ######################################## [ 8s] gettext-runtime-mini-0.22.5-7.1 ######################################## [ 8s] gettext-tools-mini-0.22.5-7.1 ######################################## [ 9s] glibc-locale-base-2.40-2.1 ######################################## [ 9s] libalternatives1-1.2+30.a5431e9-1.5 ######################################## [ 9s] alts-1.2+30.a5431e9-1.5 ######################################## [ 9s] libatomic1-14.2.1+git10750-1.1 ######################################## [ 9s] libattr1-2.5.2-1.2 ######################################## [ 9s] coreutils-9.5-4.1 ######################################## [ 9s] ca-certificates-2+git20240805.fd24d50-######################################## [ 9s] ca-certificates-mozilla-2.68-2.1 ######################################## [ 9s] libopenssl3-3.2.3-1.1 ######################################## [ 9s] libpython3_10-1_0-3.10.15-4.1 ######################################## [ 9s] python310-pip-24.3.1-1.1 ######################################## [ 9s] python310-base-3.10.15-4.1 ######################################## [ 9s] python310-3.10.15-4.1 ######################################## [ 9s] libpython3_11-1_0-3.11.10-3.1 ######################################## [ 9s] python311-pip-24.3.1-1.1 ######################################## [ 10s] python311-base-3.11.10-3.1 ######################################## [ 10s] python311-3.11.10-3.1 ######################################## [ 10s] libpython3_12-1_0-3.12.7-2.1 ######################################## [ 10s] python312-pip-24.3.1-1.1 ######################################## [ 10s] python312-base-3.12.7-2.1 ######################################## [ 10s] python312-3.12.7-2.1 ######################################## [ 10s] libctf0-2.43-2.1 ######################################## [ 11s] binutils-2.43-2.1 ######################################## [ 11s] update-alternatives: using /usr/bin/ld.bfd to provide /usr/bin/ld (ld) in auto mode [ 11s] python312-attrs-24.2.0-1.1 ######################################## [ 11s] python312-idna-3.10-1.1 ######################################## [ 11s] python312-frozenlist-1.5.0-1.1 ######################################## [ 11s] python312-charset-normalizer-3.4.0-2.1######################################## [ 11s] python311-attrs-24.2.0-1.1 ######################################## [ 11s] python311-idna-3.10-1.1 ######################################## [ 11s] python311-packaging-24.1-1.1 ######################################## [ 11s] python311-frozenlist-1.5.0-1.1 ######################################## [ 11s] python311-charset-normalizer-3.4.0-2.1######################################## [ 11s] python310-attrs-24.2.0-1.1 ######################################## [ 11s] python310-idna-3.10-1.1 ######################################## [ 11s] python310-frozenlist-1.5.0-1.1 ######################################## [ 11s] python310-charset-normalizer-3.4.0-2.1######################################## [ 11s] aaa_base-84.87+git20240906.742565b-1.1######################################## [ 11s] Updating /etc/sysconfig/language ... [ 11s] Updating /etc/sysconfig/proxy ... [ 11s] aaa_base-malloccheck-84.87+git20240906######################################## [ 11s] python310-aiosignal-1.3.1-1.5 ######################################## [ 11s] python311-aiosignal-1.3.1-1.5 ######################################## [ 11s] python-rpm-packaging-20210526+a18ca48-######################################## [ 11s] python312-aiosignal-1.3.1-1.5 ######################################## [ 11s] python312-aiohappyeyeballs-2.4.3-1.1 ######################################## [ 11s] python312-asn1crypto-1.5.1-5.2 ######################################## [ 11s] python312-iniconfig-2.0.0-4.5 ######################################## [ 11s] python312-packaging-24.1-1.1 ######################################## [ 11s] python312-pluggy-1.5.0-1.1 ######################################## [ 11s] python312-pycparser-2.22-1.1 ######################################## [ 11s] python312-cffi-1.17.1-1.1 ######################################## [ 11s] python312-typing_extensions-4.12.2-1.1######################################## [ 11s] python312-multidict-6.1.0-1.1 ######################################## [ 11s] python312-propcache-0.2.0-2.1 ######################################## [ 11s] python312-yarl-1.14.0-1.1 ######################################## [ 11s] python312-setuptools-72.1.0-2.1 ######################################## [ 11s] python312-six-1.16.0-4.5 ######################################## [ 11s] python312-python-dateutil-2.9.0.post0-######################################## [ 11s] python312-urllib3-2.2.3-1.1 ######################################## [ 11s] python312-bcrypt-4.2.0-1.1 ######################################## [ 11s] python312-cryptography-43.0.3-3.1 ######################################## [ 11s] python312-certifi-2024.8.30-2.1 ######################################## [ 11s] python311-aiohappyeyeballs-2.4.3-1.1 ######################################## [ 11s] python311-asn1crypto-1.5.1-5.2 ######################################## [ 11s] python311-iniconfig-2.0.0-4.5 ######################################## [ 11s] python311-pluggy-1.5.0-1.1 ######################################## [ 11s] python311-pycparser-2.22-1.1 ######################################## [ 11s] python311-cffi-1.17.1-1.1 ######################################## [ 11s] python311-typing_extensions-4.12.2-1.1######################################## [ 11s] python311-multidict-6.1.0-1.1 ######################################## [ 11s] python311-propcache-0.2.0-2.1 ######################################## [ 11s] python311-yarl-1.14.0-1.1 ######################################## [ 12s] python311-setuptools-72.1.0-2.1 ######################################## [ 12s] python311-six-1.16.0-4.5 ######################################## [ 12s] python311-python-dateutil-2.9.0.post0-######################################## [ 12s] python311-urllib3-2.2.3-1.1 ######################################## [ 12s] python311-bcrypt-4.2.0-1.1 ######################################## [ 12s] python311-cryptography-43.0.3-3.1 ######################################## [ 12s] python311-certifi-2024.8.30-2.1 ######################################## [ 12s] python310-aiohappyeyeballs-2.4.3-1.1 ######################################## [ 12s] python310-asn1crypto-1.5.1-5.2 ######################################## [ 12s] python310-async_timeout-4.0.3-1.5 ######################################## [ 12s] python310-exceptiongroup-1.2.2-1.1 ######################################## [ 12s] python310-iniconfig-2.0.0-4.5 ######################################## [ 12s] python310-packaging-24.1-1.1 ######################################## [ 12s] python310-pluggy-1.5.0-1.1 ######################################## [ 12s] python310-pycparser-2.22-1.1 ######################################## [ 12s] python310-cffi-1.17.1-1.1 ######################################## [ 12s] python310-tomli-2.0.2-1.1 ######################################## [ 12s] python310-typing_extensions-4.12.2-1.1######################################## [ 12s] python310-multidict-6.1.0-1.1 ######################################## [ 12s] python310-propcache-0.2.0-2.1 ######################################## [ 12s] python310-yarl-1.14.0-1.1 ######################################## [ 12s] python310-setuptools-72.1.0-2.1 ######################################## [ 12s] python310-six-1.16.0-4.5 ######################################## [ 12s] python310-python-dateutil-2.9.0.post0-######################################## [ 12s] python310-urllib3-2.2.3-1.1 ######################################## [ 12s] python310-bcrypt-4.2.0-1.1 ######################################## [ 12s] python310-cryptography-43.0.3-3.1 ######################################## [ 12s] python310-certifi-2024.8.30-2.1 ######################################## [ 12s] systemd-rpm-macros-24-1.6 ######################################## [ 12s] linux-glibc-devel-6.11-1.1 ######################################## [ 12s] permissions-config-1699_20240522-1.2 ######################################## [ 12s] Updating /etc/sysconfig/security ... [ 12s] Checking permissions and ownerships - using the permissions files [ 12s] /usr/share/permissions/permissions [ 12s] /usr/share/permissions/permissions.easy [ 12s] /etc/permissions.local [ 12s] /usr/sbin/unix2_chkpwd: setting to root:shadow 4755 (wrong owner/group root:root) [ 12s] /usr/sbin/unix_chkpwd: setting to root:shadow 4755 (wrong owner/group root:root) [ 12s] permissions-1699_20240522-1.2 ######################################## [ 12s] pam-1.7.0-1.1 ######################################## [ 12s] polkit-default-privs-1550+20241105.bed######################################## [ 12s] Updating /etc/sysconfig/security ... [ 12s] can't open /etc/polkit-1/rules.d/90-default-privs.rules.new: No such file or directory [ 12s] warning: %post(polkit-default-privs-1550+20241105.bedeeca-1.1.noarch) scriptlet failed, exit status 2 [ 12s] libbrotlicommon1-1.1.0-1.3 ######################################## [ 12s] libbrotlidec1-1.1.0-1.3 ######################################## [ 12s] libcap-ng0-0.8.5-1.1 ######################################## [ 12s] libcom_err2-1.47.0-4.3 ######################################## [ 12s] libgpg-error0-1.50-1.1 ######################################## [ 12s] libgcrypt20-1.11.0-1.1 ######################################## [ 12s] rpm-config-SUSE-20240214-2.1 ######################################## [ 12s] rpm-4.19.1.1-696.11 ######################################## [ 12s] Updating /etc/sysconfig/services ... [ 12s] librpmbuild10-4.19.1.1-696.11 ######################################## [ 12s] libitm1-14.2.1+git10750-1.1 ######################################## [ 12s] libnghttp2-14-1.62.1-1.1 ######################################## [ 12s] libpkgconf5-2.2.0-1.1 ######################################## [ 12s] pkgconf-2.2.0-1.1 ######################################## [ 12s] pkgconf-pkg-config-2.2.0-1.1 ######################################## [ 12s] libxcrypt-devel-4.4.36-1.6 ######################################## [ 12s] glibc-devel-2.40-2.1 ######################################## [ 13s] gcc14-14.2.1+git10750-1.1 ######################################## [ 13s] gcc14-PIE-14.2.1+git10750-1.1 ######################################## [ 13s] gcc-14-2.1 ######################################## [ 13s] libsasl2-3-2.1.28-9.1 ######################################## [ 13s] libldap2-2.6.8-2.1 ######################################## [ 13s] libseccomp2-2.5.5-1.3 ######################################## [ 13s] file-5.45-4.1 ######################################## [ 13s] libsmartcols1-2.40.2-1.1 ######################################## [ 13s] util-linux-2.40.2-1.1 ######################################## [ 13s] libverto1-0.3.2-3.3 ######################################## [ 13s] krb5-mini-1.21.3-1.2 ######################################## [ 13s] Updating /etc/sysconfig/kadmind ... [ 13s] Updating /etc/sysconfig/krb5kdc ... [ 13s] libssh4-0.10.6-2.1 ######################################## [ 13s] libcurl4-8.11.0-1.1 ######################################## [ 13s] libdebuginfod1-0.191-2.1 ######################################## [ 13s] gdb-14.2-2.1 ######################################## [ 13s] debugedit-5.0-5.10 ######################################## [ 13s] patch-2.7.6-8.1 ######################################## [ 13s] xxd-9.1.0836-1.1 ######################################## [ 13s] vim-9.1.0836-1.1 ######################################## [ 13s] rpm-build-4.19.1.1-696.11 ######################################## [ 13s] less-661-2.1 ######################################## [ 13s] build-compare-20240801T083050.024a3a7-######################################## [ 13s] gcc-PIE-14-2.1 ######################################## [ 14s] rpmlint-mini-2.6.1+git20241024.1f09e50######################################## [ 14s] post-build-checks-84.87+git20240327.79######################################## [ 14s] python310-requests-2.32.3-4.1 ######################################## [ 14s] python310-freezegun-1.5.1-2.1 ######################################## [ 14s] python310-pytest-8.3.3-1.1 ######################################## [ 14s] python310-aiohttp-3.10.10-1.1 ######################################## [ 14s] python310-oscrypto-1.3.0-3.1 ######################################## [ 14s] python311-requests-2.32.3-4.1 ######################################## [ 14s] python311-freezegun-1.5.1-2.1 ######################################## [ 14s] python311-pytest-8.3.3-1.1 ######################################## [ 14s] python311-aiohttp-3.10.10-1.1 ######################################## [ 14s] python311-oscrypto-1.3.0-3.1 ######################################## [ 14s] python312-requests-2.32.3-4.1 ######################################## [ 14s] python312-freezegun-1.5.1-2.1 ######################################## [ 14s] python312-pytest-8.3.3-1.1 ######################################## [ 14s] python312-aiohttp-3.10.10-1.1 ######################################## [ 14s] python312-oscrypto-1.3.0-3.1 ######################################## [ 14s] python312-uritools-4.0.3-1.1 ######################################## [ 14s] python312-wheel-0.44.0-1.1 ######################################## [ 14s] python311-uritools-4.0.3-1.1 ######################################## [ 14s] python311-wheel-0.44.0-1.1 ######################################## [ 14s] python310-uritools-4.0.3-1.1 ######################################## [ 14s] python310-wheel-0.44.0-1.1 ######################################## [ 14s] brp-check-suse-84.87+git20230324.8680c######################################## [ 14s] compat-usrmerge-build-84.87-5.20 ######################################## [ 14s] strace-6.11-1.1 ######################################## [ 14s] build-mkbaselibs-20240913-1.2 ######################################## [ 14s] fdupes-2.3.1-1.1 ######################################## [ 14s] kernel-obs-build-6.11.6-2.1 ######################################## [ 15s] now finalizing build dir... [ 15s] ... running 01-add_abuild_user_to_trusted_group [ 15s] ... running 02-set_timezone_to_utc [ 15s] ... running 03-set-permissions-secure [ 15s] ... running 11-hack_uname_version_to_kernel_version [ 15s] setting SOURCE_DATE_EPOCH_MTIME to 1731410026 [ 15s] ----------------------------------------------------------------- [ 15s] I have the following modifications for python-pyhanko-certvalidator.spec: [ 15s] 21c21 [ 15s] < Release: 0 [ 15s] --- [ 15s] > Release: 1.1 [ 16s] ----------------------------------------------------------------- [ 16s] ----- building python-pyhanko-certvalidator.spec (user abuild) [ 16s] ----------------------------------------------------------------- [ 16s] ----------------------------------------------------------------- [ 16s] setting SOURCE_DATE_EPOCH_MTIME to 1731410026 [ 16s] + exec rpmbuild --define '%source_date_epoch_from_changelog 1' --define '%_buildhost reproducible' --define '%clamp_mtime_to_source_date_epoch 1' --define '%use_source_date_epoch_as_buildtime 1' -ba --define '_srcdefattr (-,root,root)' --noclean --nosignature --undefine _enable_debug_packages /home/abuild/rpmbuild/SOURCES/python-pyhanko-certvalidator.spec [ 17s] using SOURCE_DATE_EPOCH with value 1731410025 as build time [ 17s] Executing(%prep): /usr/bin/bash -e /var/tmp/rpm-tmp.Um07Zo [ 17s] + umask 022 [ 17s] + cd /home/abuild/rpmbuild/BUILD [ 17s] + cd /home/abuild/rpmbuild/BUILD [ 17s] + rm -rf certvalidator-0.26.4 [ 17s] + /usr/lib/rpm/rpmuncompress -x /home/abuild/rpmbuild/SOURCES/pyhanko-certvalidator-0.26.4.tar.gz [ 17s] + STATUS=0 [ 17s] + '[' 0 -ne 0 ']' [ 17s] + cd certvalidator-0.26.4 [ 17s] + rm -rf /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4-SPECPARTS [ 17s] + /usr/bin/mkdir -p /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4-SPECPARTS [ 17s] + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . [ 17s] + RPM_EC=0 [ 17s] ++ jobs -p [ 17s] + exit 0 [ 17s] Executing(%build): /usr/bin/bash -e /var/tmp/rpm-tmp.sS40t2 [ 17s] + umask 022 [ 17s] + cd /home/abuild/rpmbuild/BUILD [ 17s] + /usr/bin/rm -rf /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64 [ 17s] ++ dirname /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64 [ 17s] + /usr/bin/mkdir -p /home/abuild/rpmbuild/BUILDROOT [ 17s] + /usr/bin/mkdir /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64 [ 17s] + cd certvalidator-0.26.4 [ 17s] ++ '[' -f _current_flavor ']' [ 17s] ++ true [ 17s] + last_flavor= [ 17s] + '[' -z '' ']' [ 17s] + last_flavor=tmp [ 17s] + '[' tmp '!=' python310 ']' [ 17s] + '[' -d build ']' [ 17s] + '[' -d _build.python310 ']' [ 17s] + echo python310 [ 17s] + python_flavor=python310 [ 17s] + myargs= [ 17s] + '[' -f './dist/*-none-any.whl' ']' [ 17s] + /usr/bin/python3.10 -mpip wheel --verbose --progress-bar off --disable-pip-version-check --use-pep517 --no-build-isolation --no-deps --wheel-dir ./build . [ 17s] Processing /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4 [ 17s] Preparing metadata (pyproject.toml): started [ 17s] Running command Preparing metadata (pyproject.toml) [ 17s] running dist_info [ 17s] creating /tmp/pip-modern-metadata-tf74869w/pyhanko_certvalidator.egg-info [ 17s] writing /tmp/pip-modern-metadata-tf74869w/pyhanko_certvalidator.egg-info/PKG-INFO [ 17s] writing dependency_links to /tmp/pip-modern-metadata-tf74869w/pyhanko_certvalidator.egg-info/dependency_links.txt [ 17s] writing requirements to /tmp/pip-modern-metadata-tf74869w/pyhanko_certvalidator.egg-info/requires.txt [ 17s] writing top-level names to /tmp/pip-modern-metadata-tf74869w/pyhanko_certvalidator.egg-info/top_level.txt [ 17s] writing manifest file '/tmp/pip-modern-metadata-tf74869w/pyhanko_certvalidator.egg-info/SOURCES.txt' [ 17s] reading manifest file '/tmp/pip-modern-metadata-tf74869w/pyhanko_certvalidator.egg-info/SOURCES.txt' [ 17s] adding license file 'LICENSE' [ 17s] writing manifest file '/tmp/pip-modern-metadata-tf74869w/pyhanko_certvalidator.egg-info/SOURCES.txt' [ 17s] creating '/tmp/pip-modern-metadata-tf74869w/pyhanko_certvalidator-0.26.4.dist-info' [ 17s] Preparing metadata (pyproject.toml): finished with status 'done' [ 17s] Building wheels for collected packages: pyhanko-certvalidator [ 17s] Building wheel for pyhanko-certvalidator (pyproject.toml): started [ 17s] Running command Building wheel for pyhanko-certvalidator (pyproject.toml) [ 18s] running bdist_wheel [ 18s] running build [ 18s] running build_py [ 18s] creating build/lib [ 18s] creating build/lib/pyhanko_certvalidator [ 18s] copying pyhanko_certvalidator/__init__.py -> build/lib/pyhanko_certvalidator [ 18s] copying pyhanko_certvalidator/_asyncio_compat.py -> build/lib/pyhanko_certvalidator [ 18s] copying pyhanko_certvalidator/_state.py -> build/lib/pyhanko_certvalidator [ 18s] copying pyhanko_certvalidator/_types.py -> build/lib/pyhanko_certvalidator [ 18s] copying pyhanko_certvalidator/asn1_types.py -> build/lib/pyhanko_certvalidator [ 18s] copying pyhanko_certvalidator/authority.py -> build/lib/pyhanko_certvalidator [ 18s] copying pyhanko_certvalidator/context.py -> build/lib/pyhanko_certvalidator [ 18s] copying pyhanko_certvalidator/errors.py -> build/lib/pyhanko_certvalidator [ 18s] copying pyhanko_certvalidator/name_trees.py -> build/lib/pyhanko_certvalidator [ 18s] copying pyhanko_certvalidator/path.py -> build/lib/pyhanko_certvalidator [ 18s] copying pyhanko_certvalidator/policy_decl.py -> build/lib/pyhanko_certvalidator [ 18s] copying pyhanko_certvalidator/policy_tree.py -> build/lib/pyhanko_certvalidator [ 18s] copying pyhanko_certvalidator/registry.py -> build/lib/pyhanko_certvalidator [ 18s] copying pyhanko_certvalidator/util.py -> build/lib/pyhanko_certvalidator [ 18s] copying pyhanko_certvalidator/validate.py -> build/lib/pyhanko_certvalidator [ 18s] copying pyhanko_certvalidator/version.py -> build/lib/pyhanko_certvalidator [ 18s] creating build/lib/pyhanko_certvalidator/fetchers [ 18s] copying pyhanko_certvalidator/fetchers/__init__.py -> build/lib/pyhanko_certvalidator/fetchers [ 18s] copying pyhanko_certvalidator/fetchers/api.py -> build/lib/pyhanko_certvalidator/fetchers [ 18s] copying pyhanko_certvalidator/fetchers/common_utils.py -> build/lib/pyhanko_certvalidator/fetchers [ 18s] creating build/lib/pyhanko_certvalidator/ltv [ 18s] copying pyhanko_certvalidator/ltv/__init__.py -> build/lib/pyhanko_certvalidator/ltv [ 18s] copying pyhanko_certvalidator/ltv/ades_past.py -> build/lib/pyhanko_certvalidator/ltv [ 18s] copying pyhanko_certvalidator/ltv/errors.py -> build/lib/pyhanko_certvalidator/ltv [ 18s] copying pyhanko_certvalidator/ltv/poe.py -> build/lib/pyhanko_certvalidator/ltv [ 18s] copying pyhanko_certvalidator/ltv/time_slide.py -> build/lib/pyhanko_certvalidator/ltv [ 18s] copying pyhanko_certvalidator/ltv/types.py -> build/lib/pyhanko_certvalidator/ltv [ 18s] creating build/lib/pyhanko_certvalidator/revinfo [ 18s] copying pyhanko_certvalidator/revinfo/__init__.py -> build/lib/pyhanko_certvalidator/revinfo [ 18s] copying pyhanko_certvalidator/revinfo/_err_gather.py -> build/lib/pyhanko_certvalidator/revinfo [ 18s] copying pyhanko_certvalidator/revinfo/archival.py -> build/lib/pyhanko_certvalidator/revinfo [ 18s] copying pyhanko_certvalidator/revinfo/constants.py -> build/lib/pyhanko_certvalidator/revinfo [ 18s] copying pyhanko_certvalidator/revinfo/manager.py -> build/lib/pyhanko_certvalidator/revinfo [ 18s] copying pyhanko_certvalidator/revinfo/validate_crl.py -> build/lib/pyhanko_certvalidator/revinfo [ 18s] copying pyhanko_certvalidator/revinfo/validate_ocsp.py -> build/lib/pyhanko_certvalidator/revinfo [ 18s] creating build/lib/pyhanko_certvalidator/fetchers/aiohttp_fetchers [ 18s] copying pyhanko_certvalidator/fetchers/aiohttp_fetchers/__init__.py -> build/lib/pyhanko_certvalidator/fetchers/aiohttp_fetchers [ 18s] copying pyhanko_certvalidator/fetchers/aiohttp_fetchers/cert_fetch_client.py -> build/lib/pyhanko_certvalidator/fetchers/aiohttp_fetchers [ 18s] copying pyhanko_certvalidator/fetchers/aiohttp_fetchers/crl_client.py -> build/lib/pyhanko_certvalidator/fetchers/aiohttp_fetchers [ 18s] copying pyhanko_certvalidator/fetchers/aiohttp_fetchers/ocsp_client.py -> build/lib/pyhanko_certvalidator/fetchers/aiohttp_fetchers [ 18s] copying pyhanko_certvalidator/fetchers/aiohttp_fetchers/util.py -> build/lib/pyhanko_certvalidator/fetchers/aiohttp_fetchers [ 18s] creating build/lib/pyhanko_certvalidator/fetchers/requests_fetchers [ 18s] copying pyhanko_certvalidator/fetchers/requests_fetchers/__init__.py -> build/lib/pyhanko_certvalidator/fetchers/requests_fetchers [ 18s] copying pyhanko_certvalidator/fetchers/requests_fetchers/cert_fetch_client.py -> build/lib/pyhanko_certvalidator/fetchers/requests_fetchers [ 18s] copying pyhanko_certvalidator/fetchers/requests_fetchers/crl_client.py -> build/lib/pyhanko_certvalidator/fetchers/requests_fetchers [ 18s] copying pyhanko_certvalidator/fetchers/requests_fetchers/ocsp_client.py -> build/lib/pyhanko_certvalidator/fetchers/requests_fetchers [ 18s] copying pyhanko_certvalidator/fetchers/requests_fetchers/util.py -> build/lib/pyhanko_certvalidator/fetchers/requests_fetchers [ 18s] copying pyhanko_certvalidator/py.typed -> build/lib/pyhanko_certvalidator [ 18s] installing to build/bdist.linux-x86_64/wheel [ 18s] running install [ 18s] running install_lib [ 18s] creating build/bdist.linux-x86_64 [ 18s] creating build/bdist.linux-x86_64/wheel [ 18s] creating build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] copying build/lib/pyhanko_certvalidator/__init__.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] copying build/lib/pyhanko_certvalidator/_asyncio_compat.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] copying build/lib/pyhanko_certvalidator/_state.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] copying build/lib/pyhanko_certvalidator/_types.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] copying build/lib/pyhanko_certvalidator/asn1_types.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] copying build/lib/pyhanko_certvalidator/authority.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] copying build/lib/pyhanko_certvalidator/context.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] copying build/lib/pyhanko_certvalidator/errors.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] copying build/lib/pyhanko_certvalidator/name_trees.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] copying build/lib/pyhanko_certvalidator/path.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] copying build/lib/pyhanko_certvalidator/policy_decl.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] copying build/lib/pyhanko_certvalidator/policy_tree.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] copying build/lib/pyhanko_certvalidator/registry.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] copying build/lib/pyhanko_certvalidator/util.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] copying build/lib/pyhanko_certvalidator/validate.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] copying build/lib/pyhanko_certvalidator/version.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] creating build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/fetchers [ 18s] copying build/lib/pyhanko_certvalidator/fetchers/__init__.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/fetchers [ 18s] copying build/lib/pyhanko_certvalidator/fetchers/api.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/fetchers [ 18s] copying build/lib/pyhanko_certvalidator/fetchers/common_utils.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/fetchers [ 18s] creating build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/fetchers/aiohttp_fetchers [ 18s] copying build/lib/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__init__.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/fetchers/aiohttp_fetchers [ 18s] copying build/lib/pyhanko_certvalidator/fetchers/aiohttp_fetchers/cert_fetch_client.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/fetchers/aiohttp_fetchers [ 18s] copying build/lib/pyhanko_certvalidator/fetchers/aiohttp_fetchers/crl_client.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/fetchers/aiohttp_fetchers [ 18s] copying build/lib/pyhanko_certvalidator/fetchers/aiohttp_fetchers/ocsp_client.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/fetchers/aiohttp_fetchers [ 18s] copying build/lib/pyhanko_certvalidator/fetchers/aiohttp_fetchers/util.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/fetchers/aiohttp_fetchers [ 18s] creating build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/fetchers/requests_fetchers [ 18s] copying build/lib/pyhanko_certvalidator/fetchers/requests_fetchers/__init__.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/fetchers/requests_fetchers [ 18s] copying build/lib/pyhanko_certvalidator/fetchers/requests_fetchers/cert_fetch_client.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/fetchers/requests_fetchers [ 18s] copying build/lib/pyhanko_certvalidator/fetchers/requests_fetchers/crl_client.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/fetchers/requests_fetchers [ 18s] copying build/lib/pyhanko_certvalidator/fetchers/requests_fetchers/ocsp_client.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/fetchers/requests_fetchers [ 18s] copying build/lib/pyhanko_certvalidator/fetchers/requests_fetchers/util.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/fetchers/requests_fetchers [ 18s] creating build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/ltv [ 18s] copying build/lib/pyhanko_certvalidator/ltv/__init__.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/ltv [ 18s] copying build/lib/pyhanko_certvalidator/ltv/ades_past.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/ltv [ 18s] copying build/lib/pyhanko_certvalidator/ltv/errors.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/ltv [ 18s] copying build/lib/pyhanko_certvalidator/ltv/poe.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/ltv [ 18s] copying build/lib/pyhanko_certvalidator/ltv/time_slide.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/ltv [ 18s] copying build/lib/pyhanko_certvalidator/ltv/types.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/ltv [ 18s] creating build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/revinfo [ 18s] copying build/lib/pyhanko_certvalidator/revinfo/__init__.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/revinfo [ 18s] copying build/lib/pyhanko_certvalidator/revinfo/_err_gather.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/revinfo [ 18s] copying build/lib/pyhanko_certvalidator/revinfo/archival.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/revinfo [ 18s] copying build/lib/pyhanko_certvalidator/revinfo/constants.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/revinfo [ 18s] copying build/lib/pyhanko_certvalidator/revinfo/manager.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/revinfo [ 18s] copying build/lib/pyhanko_certvalidator/revinfo/validate_crl.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/revinfo [ 18s] copying build/lib/pyhanko_certvalidator/revinfo/validate_ocsp.py -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator/revinfo [ 18s] copying build/lib/pyhanko_certvalidator/py.typed -> build/bdist.linux-x86_64/wheel/pyhanko_certvalidator [ 18s] running install_egg_info [ 18s] running egg_info [ 18s] creating pyhanko_certvalidator.egg-info [ 18s] writing pyhanko_certvalidator.egg-info/PKG-INFO [ 18s] writing dependency_links to pyhanko_certvalidator.egg-info/dependency_links.txt [ 18s] writing requirements to pyhanko_certvalidator.egg-info/requires.txt [ 18s] writing top-level names to pyhanko_certvalidator.egg-info/top_level.txt [ 18s] writing manifest file 'pyhanko_certvalidator.egg-info/SOURCES.txt' [ 18s] reading manifest file 'pyhanko_certvalidator.egg-info/SOURCES.txt' [ 18s] adding license file 'LICENSE' [ 18s] writing manifest file 'pyhanko_certvalidator.egg-info/SOURCES.txt' [ 18s] Copying pyhanko_certvalidator.egg-info to build/bdist.linux-x86_64/wheel/pyhanko_certvalidator-0.26.4-py3.10.egg-info [ 18s] running install_scripts [ 18s] creating build/bdist.linux-x86_64/wheel/pyhanko_certvalidator-0.26.4.dist-info/WHEEL [ 18s] creating '/tmp/pip-wheel-1jo89gkk/.tmp-r22hin2t/pyhanko_certvalidator-0.26.4-py3-none-any.whl' and adding 'build/bdist.linux-x86_64/wheel' to it [ 18s] adding 'pyhanko_certvalidator/__init__.py' [ 18s] adding 'pyhanko_certvalidator/_asyncio_compat.py' [ 18s] adding 'pyhanko_certvalidator/_state.py' [ 18s] adding 'pyhanko_certvalidator/_types.py' [ 18s] adding 'pyhanko_certvalidator/asn1_types.py' [ 18s] adding 'pyhanko_certvalidator/authority.py' [ 18s] adding 'pyhanko_certvalidator/context.py' [ 18s] adding 'pyhanko_certvalidator/errors.py' [ 18s] adding 'pyhanko_certvalidator/name_trees.py' [ 18s] adding 'pyhanko_certvalidator/path.py' [ 18s] adding 'pyhanko_certvalidator/policy_decl.py' [ 18s] adding 'pyhanko_certvalidator/policy_tree.py' [ 18s] adding 'pyhanko_certvalidator/py.typed' [ 18s] adding 'pyhanko_certvalidator/registry.py' [ 18s] adding 'pyhanko_certvalidator/util.py' [ 18s] adding 'pyhanko_certvalidator/validate.py' [ 18s] adding 'pyhanko_certvalidator/version.py' [ 18s] adding 'pyhanko_certvalidator/fetchers/__init__.py' [ 18s] adding 'pyhanko_certvalidator/fetchers/api.py' [ 18s] adding 'pyhanko_certvalidator/fetchers/common_utils.py' [ 18s] adding 'pyhanko_certvalidator/fetchers/aiohttp_fetchers/__init__.py' [ 18s] adding 'pyhanko_certvalidator/fetchers/aiohttp_fetchers/cert_fetch_client.py' [ 18s] adding 'pyhanko_certvalidator/fetchers/aiohttp_fetchers/crl_client.py' [ 18s] adding 'pyhanko_certvalidator/fetchers/aiohttp_fetchers/ocsp_client.py' [ 18s] adding 'pyhanko_certvalidator/fetchers/aiohttp_fetchers/util.py' [ 18s] adding 'pyhanko_certvalidator/fetchers/requests_fetchers/__init__.py' [ 18s] adding 'pyhanko_certvalidator/fetchers/requests_fetchers/cert_fetch_client.py' [ 18s] adding 'pyhanko_certvalidator/fetchers/requests_fetchers/crl_client.py' [ 18s] adding 'pyhanko_certvalidator/fetchers/requests_fetchers/ocsp_client.py' [ 18s] adding 'pyhanko_certvalidator/fetchers/requests_fetchers/util.py' [ 18s] adding 'pyhanko_certvalidator/ltv/__init__.py' [ 18s] adding 'pyhanko_certvalidator/ltv/ades_past.py' [ 18s] adding 'pyhanko_certvalidator/ltv/errors.py' [ 18s] adding 'pyhanko_certvalidator/ltv/poe.py' [ 18s] adding 'pyhanko_certvalidator/ltv/time_slide.py' [ 18s] adding 'pyhanko_certvalidator/ltv/types.py' [ 18s] adding 'pyhanko_certvalidator/revinfo/__init__.py' [ 18s] adding 'pyhanko_certvalidator/revinfo/_err_gather.py' [ 18s] adding 'pyhanko_certvalidator/revinfo/archival.py' [ 18s] adding 'pyhanko_certvalidator/revinfo/constants.py' [ 18s] adding 'pyhanko_certvalidator/revinfo/manager.py' [ 18s] adding 'pyhanko_certvalidator/revinfo/validate_crl.py' [ 18s] adding 'pyhanko_certvalidator/revinfo/validate_ocsp.py' [ 18s] adding 'pyhanko_certvalidator-0.26.4.dist-info/LICENSE' [ 18s] adding 'pyhanko_certvalidator-0.26.4.dist-info/METADATA' [ 18s] adding 'pyhanko_certvalidator-0.26.4.dist-info/WHEEL' [ 18s] adding 'pyhanko_certvalidator-0.26.4.dist-info/top_level.txt' [ 18s] adding 'pyhanko_certvalidator-0.26.4.dist-info/RECORD' [ 18s] removing build/bdist.linux-x86_64/wheel [ 18s] Building wheel for pyhanko-certvalidator (pyproject.toml): finished with status 'done' [ 18s] Created wheel for pyhanko-certvalidator: filename=pyhanko_certvalidator-0.26.4-py3-none-any.whl size=109377 sha256=14e9a764f0acc7d61ec57dccb6e0059c8a1724120d4e7ed2c3363156619596a5 [ 18s] Stored in directory: /home/abuild/.cache/pip/wheels/c8/7e/a5/6bb54b2191dddaaa83c40d2ab4adddc61929c24aa8f7ae89b0 [ 18s] Successfully built pyhanko-certvalidator [ 18s] + '[' -f ./build/pyhanko_certvalidator-0.26.4-py3-none-any.whl ']' [ 18s] + mkdir -p ./dist [ 18s] + cp ./build/pyhanko_certvalidator-0.26.4-py3-none-any.whl ./dist/ [ 18s] ++ '[' -f _current_flavor ']' [ 18s] ++ cat _current_flavor [ 18s] + last_flavor=python310 [ 18s] + '[' -z python310 ']' [ 18s] + '[' python310 '!=' python312 ']' [ 18s] + '[' -d build ']' [ 18s] + mv build _build.python310 [ 18s] + '[' -d _build.python312 ']' [ 18s] + echo python312 [ 18s] + python_flavor=python312 [ 18s] + myargs= [ 18s] + '[' -f ./dist/pyhanko_certvalidator-0.26.4-py3-none-any.whl ']' [ 18s] + echo 'Already found a compatible wheel in ./dist' [ 18s] Already found a compatible wheel in ./dist [ 18s] + mkdir -p ./build [ 18s] + cp ./dist/pyhanko_certvalidator-0.26.4-py3-none-any.whl ./build/ [ 18s] ++ '[' -f _current_flavor ']' [ 18s] ++ cat _current_flavor [ 18s] + last_flavor=python312 [ 18s] + '[' -z python312 ']' [ 18s] + '[' python312 '!=' python311 ']' [ 18s] + '[' -d build ']' [ 18s] + mv build _build.python312 [ 18s] + '[' -d _build.python311 ']' [ 18s] + echo python311 [ 18s] + python_flavor=python311 [ 18s] + myargs= [ 18s] + '[' -f ./dist/pyhanko_certvalidator-0.26.4-py3-none-any.whl ']' [ 18s] + echo 'Already found a compatible wheel in ./dist' [ 18s] Already found a compatible wheel in ./dist [ 18s] + mkdir -p ./build [ 18s] + cp ./dist/pyhanko_certvalidator-0.26.4-py3-none-any.whl ./build/ [ 18s] + RPM_EC=0 [ 18s] ++ jobs -p [ 18s] + exit 0 [ 18s] Executing(%install): /usr/bin/bash -e /var/tmp/rpm-tmp.EnbWWX [ 18s] + umask 022 [ 18s] + cd /home/abuild/rpmbuild/BUILD [ 18s] + /usr/bin/rm -rf /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64 [ 18s] + /usr/bin/mkdir -p /home/abuild/rpmbuild/BUILDROOT [ 18s] + /usr/bin/mkdir /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64 [ 18s] + cd certvalidator-0.26.4 [ 18s] ++ '[' -f _current_flavor ']' [ 18s] ++ cat _current_flavor [ 18s] + last_flavor=python311 [ 18s] + '[' -z python311 ']' [ 18s] + '[' python311 '!=' python310 ']' [ 18s] + '[' -d build ']' [ 18s] + mv build _build.python311 [ 18s] + '[' -d _build.python310 ']' [ 18s] + mv _build.python310 build [ 18s] + echo python310 [ 18s] + python_flavor=python310 [ 18s] + myargs= [ 18s] + havereq=0 [ 18s] + '[' -n '' ']' [ 18s] + '[' 0 -eq 0 ']' [ 18s] + ls ./build/pyhanko_certvalidator-0.26.4-py3-none-any.whl [ 18s] ./build/pyhanko_certvalidator-0.26.4-py3-none-any.whl [ 18s] + for w in ./build/*.whl [ 18s] ++ sed -E 's/([^-]+)-([^-]+)-.+\.whl/\1==\2/' [ 18s] +++ basename ./build/pyhanko_certvalidator-0.26.4-py3-none-any.whl [ 18s] ++ echo pyhanko_certvalidator-0.26.4-py3-none-any.whl [ 18s] + myargs=' pyhanko_certvalidator==0.26.4' [ 18s] + /usr/bin/python3.10 -mpip install --verbose --progress-bar off --disable-pip-version-check --root /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64 --no-compile --ignore-installed --no-deps --no-index --find-links ./build pyhanko_certvalidator==0.26.4 [ 18s] Using pip 24.3.1 from /usr/lib/python3.10/site-packages/pip (python 3.10) [ 18s] Looking in links: ./build [ 18s] Processing ./build/pyhanko_certvalidator-0.26.4-py3-none-any.whl [ 18s] Installing collected packages: pyhanko_certvalidator [ 18s] Successfully installed pyhanko_certvalidator-0.26.4 [ 18s] + for d in /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib64/python3.10/site-packages [ 18s] + '[' -d /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages ']' [ 18s] + find /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages -iname '*.pyc' -delete [ 18s] + find /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages -iname '*.py' -print0 [ 18s] + xargs -0 /usr/bin/python3.10 -c ' [ 18s] import sys, py_compile [ 18s] for f in sys.argv[1:]: [ 18s] fp=f[len("/home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64"):] [ 18s] print("Generating cached byte-code for " + str(fp)) [ 18s] if sys.version[0] == "2": [ 18s] py_compile.compile(f, dfile=fp) [ 18s] else: [ 18s] for o in [0, 1]: [ 18s] py_compile.compile(f, dfile=fp, optimize=o) [ 18s] ' [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/__init__.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/_asyncio_compat.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/_state.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/_types.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/asn1_types.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/authority.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/context.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/errors.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/name_trees.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/path.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/policy_decl.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/policy_tree.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/registry.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/util.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/validate.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/version.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/__init__.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/api.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/common_utils.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__init__.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/cert_fetch_client.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/crl_client.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/ocsp_client.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/util.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__init__.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/cert_fetch_client.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/crl_client.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/ocsp_client.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/util.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/ltv/__init__.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/ltv/ades_past.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/ltv/errors.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/ltv/poe.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/ltv/time_slide.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/ltv/types.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/__init__.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/_err_gather.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/archival.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/constants.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/manager.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/validate_crl.py [ 18s] Generating cached byte-code for /usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/validate_ocsp.py [ 18s] + for d in /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib64/python3.10/site-packages [ 18s] + '[' -d /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib64/python3.10/site-packages ']' [ 18s] + myargs='/home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/bin/* /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/sbin/*' [ 18s] + for f in ${myargs} [ 18s] + '[' -f '/home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/bin/*' ']' [ 18s] + for f in ${myargs} [ 18s] + '[' -f '/home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/sbin/*' ']' [ 18s] ++ '[' -f _current_flavor ']' [ 18s] ++ cat _current_flavor [ 18s] + last_flavor=python310 [ 18s] + '[' -z python310 ']' [ 18s] + '[' python310 '!=' python312 ']' [ 18s] + '[' -d build ']' [ 18s] + mv build _build.python310 [ 18s] + '[' -d _build.python312 ']' [ 18s] + mv _build.python312 build [ 18s] + echo python312 [ 18s] + python_flavor=python312 [ 18s] + myargs= [ 18s] + havereq=0 [ 18s] + '[' -n '' ']' [ 18s] + '[' 0 -eq 0 ']' [ 18s] + ls ./build/pyhanko_certvalidator-0.26.4-py3-none-any.whl [ 18s] ./build/pyhanko_certvalidator-0.26.4-py3-none-any.whl [ 18s] + for w in ./build/*.whl [ 18s] ++ sed -E 's/([^-]+)-([^-]+)-.+\.whl/\1==\2/' [ 18s] +++ basename ./build/pyhanko_certvalidator-0.26.4-py3-none-any.whl [ 18s] ++ echo pyhanko_certvalidator-0.26.4-py3-none-any.whl [ 18s] + myargs=' pyhanko_certvalidator==0.26.4' [ 18s] + /usr/bin/python3.12 -mpip install --verbose --progress-bar off --disable-pip-version-check --root /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64 --no-compile --ignore-installed --no-deps --no-index --find-links ./build pyhanko_certvalidator==0.26.4 [ 19s] Using pip 24.3.1 from /usr/lib/python3.12/site-packages/pip (python 3.12) [ 19s] Looking in links: ./build [ 19s] Processing ./build/pyhanko_certvalidator-0.26.4-py3-none-any.whl [ 19s] Installing collected packages: pyhanko_certvalidator [ 19s] Successfully installed pyhanko_certvalidator-0.26.4 [ 19s] + for d in /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib64/python3.12/site-packages [ 19s] + '[' -d /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages ']' [ 19s] + find /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages -iname '*.pyc' -delete [ 19s] + find /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages -iname '*.py' -print0 [ 19s] + xargs -0 /usr/bin/python3.12 -c ' [ 19s] import sys, py_compile [ 19s] for f in sys.argv[1:]: [ 19s] fp=f[len("/home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64"):] [ 19s] print("Generating cached byte-code for " + str(fp)) [ 19s] if sys.version[0] == "2": [ 19s] py_compile.compile(f, dfile=fp) [ 19s] else: [ 19s] for o in [0, 1]: [ 19s] py_compile.compile(f, dfile=fp, optimize=o) [ 19s] ' [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/__init__.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/_asyncio_compat.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/_state.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/_types.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/asn1_types.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/authority.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/context.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/errors.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/name_trees.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/path.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/policy_decl.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/policy_tree.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/registry.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/util.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/validate.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/version.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/__init__.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/api.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/common_utils.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__init__.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/cert_fetch_client.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/crl_client.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/ocsp_client.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/util.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__init__.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/cert_fetch_client.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/crl_client.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/ocsp_client.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/util.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/__init__.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/ades_past.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/errors.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/poe.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/time_slide.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/types.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/__init__.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/_err_gather.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/archival.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/constants.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/manager.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/validate_crl.py [ 19s] Generating cached byte-code for /usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/validate_ocsp.py [ 19s] + for d in /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib64/python3.12/site-packages [ 19s] + '[' -d /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib64/python3.12/site-packages ']' [ 19s] + myargs='/home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/bin/* /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/sbin/*' [ 19s] + for f in ${myargs} [ 19s] + '[' -f '/home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/bin/*' ']' [ 19s] + for f in ${myargs} [ 19s] + '[' -f '/home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/sbin/*' ']' [ 19s] ++ '[' -f _current_flavor ']' [ 19s] ++ cat _current_flavor [ 19s] + last_flavor=python312 [ 19s] + '[' -z python312 ']' [ 19s] + '[' python312 '!=' python311 ']' [ 19s] + '[' -d build ']' [ 19s] + mv build _build.python312 [ 19s] + '[' -d _build.python311 ']' [ 19s] + mv _build.python311 build [ 19s] + echo python311 [ 19s] + python_flavor=python311 [ 19s] + myargs= [ 19s] + havereq=0 [ 19s] + '[' -n '' ']' [ 19s] + '[' 0 -eq 0 ']' [ 19s] + ls ./build/pyhanko_certvalidator-0.26.4-py3-none-any.whl [ 19s] ./build/pyhanko_certvalidator-0.26.4-py3-none-any.whl [ 19s] + for w in ./build/*.whl [ 19s] ++ sed -E 's/([^-]+)-([^-]+)-.+\.whl/\1==\2/' [ 19s] +++ basename ./build/pyhanko_certvalidator-0.26.4-py3-none-any.whl [ 19s] ++ echo pyhanko_certvalidator-0.26.4-py3-none-any.whl [ 19s] + myargs=' pyhanko_certvalidator==0.26.4' [ 19s] + /usr/bin/python3.11 -mpip install --verbose --progress-bar off --disable-pip-version-check --root /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64 --no-compile --ignore-installed --no-deps --no-index --find-links ./build pyhanko_certvalidator==0.26.4 [ 19s] Using pip 24.3.1 from /usr/lib/python3.11/site-packages/pip (python 3.11) [ 19s] Looking in links: ./build [ 19s] Processing ./build/pyhanko_certvalidator-0.26.4-py3-none-any.whl [ 19s] Installing collected packages: pyhanko_certvalidator [ 19s] Successfully installed pyhanko_certvalidator-0.26.4 [ 19s] + for d in /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib64/python3.11/site-packages [ 19s] + '[' -d /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages ']' [ 19s] + find /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages -iname '*.pyc' -delete [ 19s] + find /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages -iname '*.py' -print0 [ 19s] + xargs -0 /usr/bin/python3.11 -c ' [ 19s] import sys, py_compile [ 19s] for f in sys.argv[1:]: [ 19s] fp=f[len("/home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64"):] [ 19s] print("Generating cached byte-code for " + str(fp)) [ 19s] if sys.version[0] == "2": [ 19s] py_compile.compile(f, dfile=fp) [ 19s] else: [ 19s] for o in [0, 1]: [ 19s] py_compile.compile(f, dfile=fp, optimize=o) [ 19s] ' [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/__init__.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/_asyncio_compat.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/_state.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/_types.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/asn1_types.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/authority.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/context.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/errors.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/name_trees.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/path.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/policy_decl.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/policy_tree.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/registry.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/util.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/validate.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/version.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/__init__.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/api.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/common_utils.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__init__.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/cert_fetch_client.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/crl_client.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/ocsp_client.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/util.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__init__.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/cert_fetch_client.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/crl_client.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/ocsp_client.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/util.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/ltv/__init__.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/ltv/ades_past.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/ltv/errors.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/ltv/poe.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/ltv/time_slide.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/ltv/types.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/__init__.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/_err_gather.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/archival.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/constants.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/manager.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/validate_crl.py [ 19s] Generating cached byte-code for /usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/validate_ocsp.py [ 19s] + for d in /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib64/python3.11/site-packages [ 19s] + '[' -d /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib64/python3.11/site-packages ']' [ 19s] + myargs='/home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/bin/* /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/sbin/*' [ 19s] + for f in ${myargs} [ 19s] + '[' -f '/home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/bin/*' ']' [ 19s] + for f in ${myargs} [ 19s] + '[' -f '/home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/sbin/*' ']' [ 19s] ++ '[' -f _current_flavor ']' [ 19s] ++ cat _current_flavor [ 19s] + last_flavor=python311 [ 19s] + '[' -z python311 ']' [ 19s] + '[' python311 '!=' python310 ']' [ 19s] + '[' -d build ']' [ 19s] + mv build _build.python311 [ 19s] + '[' -d _build.python310 ']' [ 19s] + mv _build.python310 build [ 19s] + echo python310 [ 19s] + python_flavor=python310 [ 19s] + /usr/lib/rpm/fdupes_wrapper /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/version.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/version.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/policy_decl.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/policy_decl.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/path.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/path.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/context.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/context.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/authority.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/authority.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/asn1_types.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/asn1_types.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/_types.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/_types.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/_asyncio_compat.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/_asyncio_compat.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/__init__.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/__pycache__/__init__.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/__pycache__/validate_crl.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/__pycache__/validate_crl.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/__pycache__/manager.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/__pycache__/manager.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/__pycache__/constants.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/__pycache__/constants.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/__pycache__/archival.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/__pycache__/archival.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/__pycache__/_err_gather.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/__pycache__/_err_gather.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/__pycache__/__init__.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/__pycache__/__init__.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/ltv/__pycache__/types.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/ltv/__pycache__/types.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/ltv/__pycache__/poe.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/ltv/__pycache__/poe.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/ltv/__pycache__/errors.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/ltv/__pycache__/errors.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/ltv/__pycache__/ades_past.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/ltv/__pycache__/ades_past.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/ltv/__pycache__/__init__.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/ltv/__pycache__/__init__.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/__pycache__/common_utils.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/__pycache__/common_utils.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/__pycache__/api.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/__pycache__/api.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/__pycache__/__init__.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/__pycache__/__init__.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/util.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/util.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/ocsp_client.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/ocsp_client.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/crl_client.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/crl_client.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/cert_fetch_client.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/cert_fetch_client.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/__init__.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/__init__.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/util.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/util.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/ocsp_client.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/ocsp_client.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/crl_client.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/crl_client.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/cert_fetch_client.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/cert_fetch_client.cpython-310.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/__init__.cpython-310.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/__init__.cpython-310.pyc [ 19s] ++ '[' -f _current_flavor ']' [ 19s] ++ cat _current_flavor [ 19s] + last_flavor=python310 [ 19s] + '[' -z python310 ']' [ 19s] + '[' python310 '!=' python312 ']' [ 19s] + '[' -d build ']' [ 19s] + mv build _build.python310 [ 19s] + '[' -d _build.python312 ']' [ 19s] + mv _build.python312 build [ 19s] + echo python312 [ 19s] + python_flavor=python312 [ 19s] + /usr/lib/rpm/fdupes_wrapper /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/version.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/version.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/policy_decl.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/policy_decl.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/path.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/path.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/context.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/context.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/authority.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/authority.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/asn1_types.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/asn1_types.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/_types.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/_types.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/_asyncio_compat.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/_asyncio_compat.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/__init__.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/__pycache__/__init__.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/__pycache__/validate_crl.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/__pycache__/validate_crl.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/__pycache__/manager.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/__pycache__/manager.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/__pycache__/constants.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/__pycache__/constants.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/__pycache__/archival.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/__pycache__/archival.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/__pycache__/_err_gather.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/__pycache__/_err_gather.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/__pycache__/__init__.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/__pycache__/__init__.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/__pycache__/types.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/__pycache__/types.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/__pycache__/poe.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/__pycache__/poe.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/__pycache__/errors.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/__pycache__/errors.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/__pycache__/ades_past.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/__pycache__/ades_past.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/__pycache__/__init__.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/__pycache__/__init__.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/__pycache__/common_utils.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/__pycache__/common_utils.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/__pycache__/api.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/__pycache__/api.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/__pycache__/__init__.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/__pycache__/__init__.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/util.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/util.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/ocsp_client.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/ocsp_client.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/crl_client.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/crl_client.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/cert_fetch_client.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/cert_fetch_client.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/__init__.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/__init__.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/util.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/util.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/ocsp_client.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/ocsp_client.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/crl_client.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/crl_client.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/cert_fetch_client.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/cert_fetch_client.cpython-312.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/__init__.cpython-312.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/__init__.cpython-312.pyc [ 19s] ++ '[' -f _current_flavor ']' [ 19s] ++ cat _current_flavor [ 19s] + last_flavor=python312 [ 19s] + '[' -z python312 ']' [ 19s] + '[' python312 '!=' python311 ']' [ 19s] + '[' -d build ']' [ 19s] + mv build _build.python312 [ 19s] + '[' -d _build.python311 ']' [ 19s] + mv _build.python311 build [ 19s] + echo python311 [ 19s] + python_flavor=python311 [ 19s] + /usr/lib/rpm/fdupes_wrapper /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/version.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/version.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/policy_decl.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/policy_decl.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/path.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/path.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/context.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/context.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/authority.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/authority.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/asn1_types.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/asn1_types.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/_types.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/_types.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/_asyncio_compat.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/_asyncio_compat.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/__init__.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/__pycache__/__init__.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/__pycache__/validate_crl.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/__pycache__/validate_crl.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/__pycache__/manager.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/__pycache__/manager.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/__pycache__/constants.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/__pycache__/constants.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/__pycache__/archival.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/__pycache__/archival.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/__pycache__/_err_gather.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/__pycache__/_err_gather.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/__pycache__/__init__.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/__pycache__/__init__.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/ltv/__pycache__/types.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/ltv/__pycache__/types.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/ltv/__pycache__/poe.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/ltv/__pycache__/poe.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/ltv/__pycache__/errors.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/ltv/__pycache__/errors.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/ltv/__pycache__/ades_past.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/ltv/__pycache__/ades_past.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/ltv/__pycache__/__init__.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/ltv/__pycache__/__init__.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/__pycache__/common_utils.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/__pycache__/common_utils.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/__pycache__/api.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/__pycache__/api.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/__pycache__/__init__.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/__pycache__/__init__.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/util.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/util.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/ocsp_client.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/ocsp_client.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/crl_client.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/crl_client.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/cert_fetch_client.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/cert_fetch_client.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/__init__.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/requests_fetchers/__pycache__/__init__.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/util.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/util.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/ocsp_client.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/ocsp_client.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/crl_client.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/crl_client.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/cert_fetch_client.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/cert_fetch_client.cpython-311.pyc [ 19s] Linking /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/__init__.cpython-311.opt-1.pyc -> /home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.11/site-packages/pyhanko_certvalidator/fetchers/aiohttp_fetchers/__pycache__/__init__.cpython-311.pyc [ 19s] + /usr/lib/rpm/brp-compress [ 19s] + /usr/lib/rpm/brp-suse [ 19s] calling /usr/lib/rpm/brp-suse.d/brp-05-permissions [ 19s] calling /usr/lib/rpm/brp-suse.d/brp-15-strip-debug [ 19s] calling /usr/lib/rpm/brp-suse.d/brp-25-symlink [ 19s] calling /usr/lib/rpm/brp-suse.d/brp-50-generate-fips-hmac [ 19s] calling /usr/lib/rpm/brp-suse.d/brp-75-ar [ 19s] Executing(%check): /usr/bin/bash -e /var/tmp/rpm-tmp.kEFxg2 [ 19s] + umask 022 [ 19s] + cd /home/abuild/rpmbuild/BUILD [ 19s] + cd certvalidator-0.26.4 [ 19s] + set +x [ 19s] Using libalternatives variant 310 for pip in XDG_CONFIG_HOME during Python 3.10 expansions. [ 19s] Using libalternatives variant 310 for pip3 in XDG_CONFIG_HOME during Python 3.10 expansions. [ 19s] Using libalternatives variant 310 for py.test in XDG_CONFIG_HOME during Python 3.10 expansions. [ 19s] Using libalternatives variant 310 for pytest in XDG_CONFIG_HOME during Python 3.10 expansions. [ 19s] Using libalternatives variant 310 for wheel in XDG_CONFIG_HOME during Python 3.10 expansions. [ 19s] Using alternative normalizer-3.10 for normalizer in ./build/flavorbin during Python 3.10 expansions. [ 19s] Using libalternatives variant 312 for pip in XDG_CONFIG_HOME during Python 3.12 expansions. [ 19s] Using libalternatives variant 312 for pip3 in XDG_CONFIG_HOME during Python 3.12 expansions. [ 19s] Using libalternatives variant 312 for py.test in XDG_CONFIG_HOME during Python 3.12 expansions. [ 19s] Using libalternatives variant 312 for pytest in XDG_CONFIG_HOME during Python 3.12 expansions. [ 19s] Using libalternatives variant 312 for wheel in XDG_CONFIG_HOME during Python 3.12 expansions. [ 19s] Using alternative normalizer-3.12 for normalizer in ./build/flavorbin during Python 3.12 expansions. [ 19s] Using alternative normalizer-3.11 for normalizer in ./build/flavorbin during Python 3.11 expansions. [ 19s] + export PATH=/home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/build/flavorbin:/usr/local/bin:/usr/bin:/bin [ 19s] + PATH=/home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/build/flavorbin:/usr/local/bin:/usr/bin:/bin [ 19s] ++ '[' -f _current_flavor ']' [ 19s] ++ cat _current_flavor [ 19s] + last_flavor=python311 [ 19s] + '[' -z python311 ']' [ 19s] + '[' python311 '!=' python310 ']' [ 19s] + '[' -d build ']' [ 19s] + mv build _build.python311 [ 19s] + '[' -d _build.python310 ']' [ 19s] + mv _build.python310 build [ 19s] + echo python310 [ 19s] + python_flavor=python310 [ 19s] + PYTHONPATH=/home/abuild/rpmbuild/BUILDROOT/python-pyhanko-certvalidator-0.26.4-1.1.x86_64/usr/lib/python3.10/site-packages [ 19s] + PYTHONDONTWRITEBYTECODE=1 [ 19s] + pytest-3.10 --ignore=_build.python310 --ignore=_build.python312 --ignore=_build.python311 -v [ 20s] ============================= test session starts ============================== [ 20s] platform linux -- Python 3.10.15, pytest-8.3.3, pluggy-1.5.0 -- /usr/bin/python3.10 [ 20s] cachedir: .pytest_cache [ 20s] rootdir: /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4 [ 20s] configfile: pyproject.toml [ 20s] testpaths: tests [ 20s] collecting ... collected 356 items [ 20s] [ 20s] tests/test_ac_validate.py::test_basic_ac_validation_aacontrols_norev SKIPPED [ 0%] [ 20s] tests/test_ac_validate.py::test_basic_ac_validation_bad_signature SKIPPED [ 0%] [ 20s] tests/test_ac_validate.py::test_ac_validation_expired SKIPPED (async...) [ 0%] [ 20s] tests/test_ac_validate.py::test_basic_ac_validation_sig_algo_mismatch SKIPPED [ 1%] [ 20s] tests/test_ac_validate.py::test_basic_ac_validation_bad_aa_controls SKIPPED [ 1%] [ 20s] tests/test_ac_validate.py::test_basic_ac_validation_aa_controls_path_too_long SKIPPED [ 1%] [ 20s] tests/test_ac_validate.py::test_basic_ac_validation_no_targeting SKIPPED [ 1%] [ 20s] tests/test_ac_validate.py::test_basic_ac_validation_bad_targeting_name SKIPPED [ 2%] [ 20s] tests/test_ac_validate.py::test_basic_ac_validation_bad_targeting_group SKIPPED [ 2%] [ 20s] tests/test_ac_validate.py::test_basic_ac_validation_good_targeting_name SKIPPED [ 2%] [ 20s] tests/test_ac_validate.py::test_basic_ac_validation_good_targeting_group SKIPPED [ 3%] [ 20s] tests/test_ac_validate.py::test_match_holder_ac SKIPPED (async def f...) [ 3%] [ 20s] tests/test_ac_validate.py::test_match_holder_ac_mismatch SKIPPED (as...) [ 3%] [ 20s] tests/test_ac_validate.py::test_ac_revoked SKIPPED (async def functi...) [ 3%] [ 20s] tests/test_ac_validate.py::test_ac_unrevoked SKIPPED (async def func...) [ 4%] [ 20s] tests/test_ac_validate.py::test_ac_revoked_full_path_validation SKIPPED [ 4%] [ 20s] tests/test_ac_validate.py::test_ac_unrevoked_full_path_validation SKIPPED [ 4%] [ 20s] tests/test_ades_time_slide.py::test_time_slide_not_revoked SKIPPED (...) [ 5%] [ 20s] tests/test_ades_time_slide.py::test_time_slide_revocation_ocsp SKIPPED [ 5%] [ 20s] tests/test_ades_time_slide.py::test_time_slide_revocation_crl SKIPPED [ 5%] [ 20s] tests/test_ades_time_slide.py::test_time_slide_revoked_intermediate SKIPPED [ 5%] [ 20s] tests/test_ades_time_slide.py::test_time_slide_revoked_intermediate_enforce_cert_poe SKIPPED [ 6%] [ 20s] tests/test_ades_time_slide.py::test_time_slide_revoked_intermediate_enforce_revinfo_poe SKIPPED [ 6%] [ 20s] tests/test_ades_time_slide.py::test_point_in_time_validation_not_revoked SKIPPED [ 6%] [ 20s] tests/test_ades_time_slide.py::test_point_in_time_validation_revoked_intermediate SKIPPED [ 7%] [ 20s] tests/test_ades_time_slide.py::test_point_in_time_validation_revinfo_insufficient_poe SKIPPED [ 7%] [ 20s] tests/test_ades_time_slide.py::test_poe_manager_read_cert PASSED [ 7%] [ 20s] tests/test_ades_time_slide.py::test_poe_manager_cert_by_digest PASSED [ 7%] [ 20s] tests/test_ades_time_slide.py::test_poe_manager_read_bytes PASSED [ 8%] [ 20s] tests/test_ades_time_slide.py::test_poe_manager_read_bytes_by_digest PASSED [ 8%] [ 20s] tests/test_certificate_validator.py::test_basic_certificate_validator_tls SKIPPED [ 8%] [ 20s] tests/test_certificate_validator.py::test_basic_certificate_validator_tls_expired SKIPPED [ 8%] [ 20s] tests/test_certificate_validator.py::test_basic_certificate_validator_tls_invalid_hostname SKIPPED [ 9%] [ 20s] tests/test_certificate_validator.py::test_basic_certificate_validator_tls_invalid_key_usage SKIPPED [ 9%] [ 20s] tests/test_certificate_validator.py::test_basic_certificate_validator_tls_whitelist SKIPPED [ 9%] [ 20s] tests/test_certificate_validator.py::test_certvalidator_with_params SKIPPED [ 10%] [ 20s] tests/test_certificate_validator.py::test_self_signed_with_policy SKIPPED [ 10%] [ 20s] tests/test_common_utils.py::test_unpack_cert_content_pkcs7_with_binary_octet_stream_alias PASSED [ 10%] [ 20s] tests/test_freshness.py::test_cooldown_period_ok SKIPPED (async def ...) [ 10%] [ 20s] tests/test_freshness.py::test_cooldown_period_too_early SKIPPED (asy...) [ 11%] [ 20s] tests/test_freshness.py::test_use_delta_ok SKIPPED (async def functi...) [ 11%] [ 20s] tests/test_freshness.py::test_use_delta_stale SKIPPED (async def fun...) [ 11%] [ 20s] tests/test_freshness.py::test_use_most_recent SKIPPED (async def fun...) [ 12%] [ 20s] tests/test_freshness.py::test_discard_post_validation_time SKIPPED (...) [ 12%] [ 20s] tests/test_policy_proc.py::test_extract_policy PASSED [ 12%] [ 20s] tests/test_policy_proc.py::test_extract_permitted_subtrees PASSED [ 12%] [ 20s] tests/test_policy_proc.py::test_validate_with_derived SKIPPED (async...) [ 13%] [ 20s] tests/test_policy_proc.py::test_validate_with_merged_permitted_subtrees SKIPPED [ 13%] [ 20s] tests/test_policy_proc.py::test_validate_with_merged_excluded_subtrees SKIPPED [ 13%] [ 20s] tests/test_policy_proc.py::test_validate_with_certless_root SKIPPED [ 14%] [ 20s] tests/test_policy_proc.py::test_validate_with_certless_root_failure SKIPPED [ 14%] [ 20s] tests/test_policy_proc.py::test_validate_empty_path_certless_root SKIPPED [ 14%] [ 20s] tests/test_registry.py::test_build_paths_custom_ca_certs PASSED [ 14%] [ 20s] tests/test_validate.py::test_revocation_mode_soft PASSED [ 15%] [ 20s] tests/test_validate.py::test_revocation_mode_soft_fail PASSED [ 15%] [ 20s] tests/test_validate.py::test_revocation_mode_hard SKIPPED (annoying ...) [ 15%] [ 20s] tests/test_validate.py::test_revocation_mode_hard_async SKIPPED (ann...) [ 16%] [ 20s] tests/test_validate.py::test_revocation_mode_hard_aiohttp_autofetch SKIPPED [ 16%] [ 20s] tests/test_validate.py::test_revocation_mode_hard_requests_autofetch SKIPPED [ 16%] [ 20s] tests/test_validate.py::test_rsassa_pss PASSED [ 16%] [ 20s] tests/test_validate.py::test_rsassa_pss_exclusive PASSED [ 17%] [ 20s] tests/test_validate.py::test_ed25519 PASSED [ 17%] [ 20s] tests/test_validate.py::test_ed448 PASSED [ 17%] [ 20s] tests/test_validate.py::test_assert_no_revinfo_needed_by_fiat PASSED [ 17%] [ 20s] tests/test_validate.py::test_multitasking_ocsp PASSED [ 18%] [ 20s] tests/test_validate.py::test_openssl_ocsp[direct_with_intermediate_success] PASSED [ 18%] [ 20s] tests/test_validate.py::test_openssl_ocsp[direct_success] PASSED [ 18%] [ 20s] tests/test_validate.py::test_openssl_ocsp[delegated_with_intermediate_success] PASSED [ 19%] [ 20s] tests/test_validate.py::test_openssl_ocsp[delegated_success] PASSED [ 19%] [ 20s] tests/test_validate.py::test_openssl_ocsp[direct_with_intermediate_invalid_response_signature_ee] PASSED [ 19%] [ 20s] tests/test_validate.py::test_openssl_ocsp[direct_with_intermediate_invalid_response_signature_intermediate] PASSED [ 19%] [ 20s] tests/test_validate.py::test_openssl_ocsp[direct_invalid_response_signature] PASSED [ 20%] [ 20s] tests/test_validate.py::test_openssl_ocsp[delegated_with_intermediate_invalid_response_signature] PASSED [ 20%] [ 20s] tests/test_validate.py::test_openssl_ocsp[delegated_invalid_response_signature] PASSED [ 20%] [ 20s] tests/test_validate.py::test_openssl_ocsp[direct_with_intermediate_invalid_wrong_responder_id_ee] PASSED [ 21%] [ 20s] tests/test_validate.py::test_openssl_ocsp[direct_with_intermediate_invalid_wrong_responder_id_intermediate] PASSED [ 21%] [ 20s] tests/test_validate.py::test_openssl_ocsp[direct_invalid_wrong_responder_id] PASSED [ 21%] [ 20s] tests/test_validate.py::test_openssl_ocsp[delegated_with_intermediate_invalid_wrong_responder_id] PASSED [ 21%] [ 20s] tests/test_validate.py::test_openssl_ocsp[delegated_invalid_wrong_responder_id] PASSED [ 22%] [ 20s] tests/test_validate.py::test_openssl_ocsp[direct_with_intermediate_invalid_wrong_issuer_name_hash_ee] PASSED [ 22%] [ 20s] tests/test_validate.py::test_openssl_ocsp[direct_with_intermediate_invalid_wrong_issuer_name_hash_intermediate] PASSED [ 22%] [ 20s] tests/test_validate.py::test_openssl_ocsp[direct_invalid_wrong_issuer_name_hash] PASSED [ 23%] [ 20s] tests/test_validate.py::test_openssl_ocsp[delegated_with_intermediate_invalid_wrong_issuer_name_hash] PASSED [ 23%] [ 20s] tests/test_validate.py::test_openssl_ocsp[delegated_invalid_wrong_issuer_name_hash] PASSED [ 23%] [ 20s] tests/test_validate.py::test_openssl_ocsp[direct_with_intermediate_invalid_wrong_issuer_key_hash_ee] PASSED [ 23%] [ 21s] tests/test_validate.py::test_openssl_ocsp[direct_with_intermediate_invalid_wrong_issuer_key_hash_intermediate] PASSED [ 24%] [ 21s] tests/test_validate.py::test_openssl_ocsp[direct_invalid_wrong_issuer_key_hash] PASSED [ 24%] [ 21s] tests/test_validate.py::test_openssl_ocsp[delegated_with_intermediate_invalid_wrong_issuer_key_hash] PASSED [ 24%] [ 21s] tests/test_validate.py::test_openssl_ocsp[delegated_invalid_wrong_issuer_key_hash] PASSED [ 25%] [ 21s] tests/test_validate.py::test_openssl_ocsp[delegated_with_intermediate_invalid_wrong_key_in_signing_cert] PASSED [ 25%] [ 21s] tests/test_validate.py::test_openssl_ocsp[delegated_invalid_wrong_key_in_signing_cert] PASSED [ 25%] [ 21s] tests/test_validate.py::test_openssl_ocsp[delegated_with_intermediate_invalid_signature_on_signing_cert] PASSED [ 25%] [ 21s] tests/test_validate.py::test_openssl_ocsp[delegated_invalid_signature_on_signing_cert] PASSED [ 26%] [ 21s] tests/test_validate.py::test_openssl_ocsp[direct_stale_otherwise_ok] PASSED [ 26%] [ 21s] tests/test_validate.py::test_nist_pkits[40101 (valid_signatures_test1)] FAILED [ 26%] [ 21s] tests/test_validate.py::test_nist_pkits[40102 (invalid_ca_signature_test2)] PASSED [ 26%] [ 21s] tests/test_validate.py::test_nist_pkits[40103 (invalid_ee_signature_test3)] FAILED [ 27%] [ 21s] tests/test_validate.py::test_nist_pkits[40104 (valid_dsa_signatures_test4)] FAILED [ 27%] [ 21s] tests/test_validate.py::test_nist_pkits[40105 (valid_dsa_parameter_inheritance_test5)] FAILED [ 27%] [ 21s] tests/test_validate.py::test_nist_pkits[40106 (invalid_dsa_signature_test6)] FAILED [ 28%] [ 21s] tests/test_validate.py::test_nist_pkits[40201 (invalid_ca_notbefore_date_test1)] PASSED [ 28%] [ 21s] tests/test_validate.py::test_nist_pkits[40202 (invalid_ee_notbefore_date_test2)] FAILED [ 28%] [ 21s] tests/test_validate.py::test_nist_pkits[40203 (valid_pre2000_utc_notbefore_date_test3)] FAILED [ 28%] [ 21s] tests/test_validate.py::test_nist_pkits[40204 (valid_generalizedtime_notbefore_date_test4)] FAILED [ 29%] [ 21s] tests/test_validate.py::test_nist_pkits[40205 (invalid_ca_notafter_date_test5)] PASSED [ 29%] [ 21s] tests/test_validate.py::test_nist_pkits[40206 (invalid_ee_notafter_date_test6)] FAILED [ 29%] [ 22s] tests/test_validate.py::test_nist_pkits[40207 (invalid_pre2000_utc_ee_notafter_date_test7)] FAILED [ 30%] [ 22s] tests/test_validate.py::test_nist_pkits[40208 (valid_generalizedtime_notbefore_date_test8)] FAILED [ 30%] [ 22s] tests/test_validate.py::test_nist_pkits[40301 (invalid_name_chaining_ee_test1)] FAILED [ 30%] [ 22s] tests/test_validate.py::test_nist_pkits[40302 (invalid_name_chaining_order_test2)] FAILED [ 30%] [ 22s] tests/test_validate.py::test_nist_pkits[40303 (valid_name_chaining_whitespace_test3)] FAILED [ 31%] [ 22s] tests/test_validate.py::test_nist_pkits[40304 (valid_name_chaining_whitespace_test4)] FAILED [ 31%] [ 22s] tests/test_validate.py::test_nist_pkits[40305 (valid_name_chaining_capitalization_test5)] FAILED [ 31%] [ 22s] tests/test_validate.py::test_nist_pkits[40306 (valid_name_chaining_uids_test6)] FAILED [ 32%] [ 22s] tests/test_validate.py::test_nist_pkits[40307 (valid_rfc3280_mandatory_attribute_types_test7)] FAILED [ 32%] [ 22s] tests/test_validate.py::test_nist_pkits[40308 (valid_rfc3280_optional_attribute_types_test8)] FAILED [ 32%] [ 22s] tests/test_validate.py::test_nist_pkits[40309 (valid_utf8string_encoded_names_test9)] FAILED [ 32%] [ 23s] tests/test_validate.py::test_nist_pkits[40310 (valid_rollover_from_printablestring_to_utf8string_test10)] FAILED [ 33%] [ 23s] tests/test_validate.py::test_nist_pkits[40311 (valid_utf8string_case_insensitive_match_test11)] FAILED [ 33%] [ 23s] tests/test_validate.py::test_nist_pkits[40401 (missing_crl_test1)] FAILED [ 33%] [ 23s] tests/test_validate.py::test_nist_pkits[40402 (invalid_revoked_ca_test2)] FAILED [ 33%] [ 23s] tests/test_validate.py::test_nist_pkits[40403 (invalid_revoked_ee_test3)] FAILED [ 34%] [ 23s] tests/test_validate.py::test_nist_pkits[40404 (invalid_bad_crl_signature_test4)] FAILED [ 34%] [ 23s] tests/test_validate.py::test_nist_pkits[40405 (invalid_bad_crl_issuer_name_test5)] FAILED [ 34%] [ 23s] tests/test_validate.py::test_nist_pkits[40406 (invalid_wrong_crl_test6)] FAILED [ 35%] [ 23s] tests/test_validate.py::test_nist_pkits[40407 (valid_two_crls_test7)] FAILED [ 35%] [ 23s] tests/test_validate.py::test_nist_pkits[40408 (invalid_unknown_crl_entry_extension_test8)] FAILED [ 35%] [ 23s] tests/test_validate.py::test_nist_pkits[40409 (invalid_unknown_crl_extension_test9)] FAILED [ 35%] [ 24s] tests/test_validate.py::test_nist_pkits[40410 (invalid_unknown_crl_extension_test10)] FAILED [ 36%] [ 24s] tests/test_validate.py::test_nist_pkits[40411 (invalid_old_crl_nextupdate_test11)] FAILED [ 36%] [ 24s] tests/test_validate.py::test_nist_pkits[40412 (invalid_pre2000_crl_nextupdate_test12)] FAILED [ 36%] [ 24s] tests/test_validate.py::test_nist_pkits[40413 (valid_generalizedtime_crl_nextupdate_test13)] FAILED [ 37%] [ 24s] tests/test_validate.py::test_nist_pkits[40414 (valid_negative_serial_number_test14)] FAILED [ 37%] [ 24s] tests/test_validate.py::test_nist_pkits[40415 (invalid_negative_serial_number_test15)] FAILED [ 37%] [ 24s] tests/test_validate.py::test_nist_pkits[40416 (valid_long_serial_number_test16)] FAILED [ 37%] [ 24s] tests/test_validate.py::test_nist_pkits[40417 (valid_long_serial_number_test17)] FAILED [ 38%] [ 24s] tests/test_validate.py::test_nist_pkits[40418 (invalid_long_serial_number_test18)] FAILED [ 38%] [ 24s] tests/test_validate.py::test_nist_pkits[40419 (valid_separate_certificate_and_crl_keys_test19)] FAILED [ 38%] [ 24s] tests/test_validate.py::test_nist_pkits[40420 (invalid_separate_certificate_and_crl_keys_test20)] FAILED [ 39%] [ 25s] tests/test_validate.py::test_nist_pkits[40421 (invalid_separate_certificate_and_crl_keys_test21)] FAILED [ 39%] [ 25s] tests/test_validate.py::test_nist_pkits[40501 (valid_basic_self_issued_old_with_new_test1)] FAILED [ 39%] [ 25s] tests/test_validate.py::test_nist_pkits[40502 (invalid_basic_self_issued_old_with_new_test2)] FAILED [ 39%] [ 25s] tests/test_validate.py::test_nist_pkits[40503 (valid_basic_self_issued_new_with_old_test3)] FAILED [ 40%] [ 25s] tests/test_validate.py::test_nist_pkits[40504 (valid_basic_self_issued_new_with_old_test4)] FAILED [ 40%] [ 25s] tests/test_validate.py::test_nist_pkits[40505 (invalid_basic_self_issued_new_with_old_test5)] FAILED [ 40%] [ 25s] tests/test_validate.py::test_nist_pkits[40506 (valid_basic_self_issued_crl_signing_key_test6)] FAILED [ 41%] [ 25s] tests/test_validate.py::test_nist_pkits[40507 (invalid_basic_self_issued_crl_signing_key_test7)] FAILED [ 41%] [ 25s] tests/test_validate.py::test_nist_pkits[40508 (invalid_basic_self_issued_crl_signing_key_test8)] FAILED [ 41%] [ 25s] tests/test_validate.py::test_nist_pkits[40601 (invalid_missing_basicconstraints_test1)] FAILED [ 41%] [ 26s] tests/test_validate.py::test_nist_pkits[40602 (invalid_ca_false_test2)] FAILED [ 42%] [ 26s] tests/test_validate.py::test_nist_pkits[40603 (invalid_ca_false_test3)] FAILED [ 42%] [ 26s] tests/test_validate.py::test_nist_pkits[40604 (valid_basicconstraints_not_critical_test4)] FAILED [ 42%] [ 26s] tests/test_validate.py::test_nist_pkits[40605 (invalid_pathlenconstraint_test5)] FAILED [ 42%] [ 26s] tests/test_validate.py::test_nist_pkits[40606 (invalid_pathlenconstraint_test6)] FAILED [ 43%] [ 26s] tests/test_validate.py::test_nist_pkits[40607 (valid_pathlenconstraint_test7)] FAILED [ 43%] [ 26s] tests/test_validate.py::test_nist_pkits[40608 (valid_pathlenconstraint_test8)] FAILED [ 43%] [ 26s] tests/test_validate.py::test_nist_pkits[40609 (invalid_pathlenconstraint_test9)] FAILED [ 44%] [ 26s] tests/test_validate.py::test_nist_pkits[40610 (invalid_pathlenconstraint_test10)] FAILED [ 44%] [ 26s] tests/test_validate.py::test_nist_pkits[40611 (invalid_pathlenconstraint_test11)] FAILED [ 44%] [ 26s] tests/test_validate.py::test_nist_pkits[40612 (invalid_pathlenconstraint_test12)] FAILED [ 44%] [ 27s] tests/test_validate.py::test_nist_pkits[40613 (valid_pathlenconstraint_test13)] FAILED [ 45%] [ 27s] tests/test_validate.py::test_nist_pkits[40614 (valid_pathlenconstraint_test14)] FAILED [ 45%] [ 27s] tests/test_validate.py::test_nist_pkits[40615 (valid_self_issued_pathlenconstraint_test15)] FAILED [ 45%] [ 27s] tests/test_validate.py::test_nist_pkits[40616 (invalid_self_issued_pathlenconstraint_test16)] FAILED [ 46%] [ 27s] tests/test_validate.py::test_nist_pkits[40617 (valid_self_issued_pathlenconstraint_test17)] FAILED [ 46%] [ 27s] tests/test_validate.py::test_nist_pkits[40701 (invalid_keyusage_critical_keycertsign_false_test1)] FAILED [ 46%] [ 27s] tests/test_validate.py::test_nist_pkits[40702 (invalid_keyusage_not_critical_keycertsign_false_test2)] FAILED [ 46%] [ 27s] tests/test_validate.py::test_nist_pkits[40703 (valid_keyusage_not_critical_test3)] FAILED [ 47%] [ 27s] tests/test_validate.py::test_nist_pkits[40704 (invalid_keyusage_critical_crlsign_false_test4)] FAILED [ 47%] [ 27s] tests/test_validate.py::test_nist_pkits[40705 (invalid_keyusage_not_critical_crlsign_false_test5)] FAILED [ 47%] [ 28s] tests/test_validate.py::test_nist_pkits[40801 (all_certs_same_policy_test1_norestr)] FAILED [ 48%] [ 28s] tests/test_validate.py::test_nist_pkits[40801 (all_certs_same_policy_test1_explicit_policy)] FAILED [ 48%] [ 28s] tests/test_validate.py::test_nist_pkits[40801 (all_certs_same_policy_test1_with_constraints1)] FAILED [ 48%] [ 28s] tests/test_validate.py::test_nist_pkits[40801 (all_certs_same_policy_test1_with_constraint_mismatch)] FAILED [ 48%] [ 28s] tests/test_validate.py::test_nist_pkits[40801 (all_certs_same_policy_test1_with_constraint_mismatch_ignored)] FAILED [ 49%] [ 28s] tests/test_validate.py::test_nist_pkits[40801 (all_certs_same_policy_test1_with_constraints2)] FAILED [ 49%] [ 28s] tests/test_validate.py::test_nist_pkits[40802 (all_certificates_no_policies_test2)] FAILED [ 49%] [ 28s] tests/test_validate.py::test_nist_pkits[40802 (all_certificates_no_policies_test2_force_explicit)] FAILED [ 50%] [ 28s] tests/test_validate.py::test_nist_pkits[40803 (different_policies_test3)] FAILED [ 50%] [ 28s] tests/test_validate.py::test_nist_pkits[40803 (different_policies_test3_force_explicit)] FAILED [ 50%] [ 29s] tests/test_validate.py::test_nist_pkits[40803 (different_policies_test3_force_explicit_with_user_set)] FAILED [ 50%] [ 29s] tests/test_validate.py::test_nist_pkits[40804 (different_policies_test4)] FAILED [ 51%] [ 29s] tests/test_validate.py::test_nist_pkits[40805 (different_policies_test5)] FAILED [ 51%] [ 29s] tests/test_validate.py::test_nist_pkits[40806 (overlapping_policies_test6)] FAILED [ 51%] [ 29s] tests/test_validate.py::test_nist_pkits[40806 (overlapping_policies_test6_with_testpol1)] FAILED [ 51%] [ 29s] tests/test_validate.py::test_nist_pkits[40806 (overlapping_policies_test6_with_testpol2)] FAILED [ 52%] [ 29s] tests/test_validate.py::test_nist_pkits[40806 (overlapping_policies_test6_with_testpol2_explicit)] FAILED [ 52%] [ 29s] tests/test_validate.py::test_nist_pkits[40807 (different_policies_test7)] FAILED [ 52%] [ 29s] tests/test_validate.py::test_nist_pkits[40808 (different_policies_test8)] FAILED [ 53%] [ 29s] tests/test_validate.py::test_nist_pkits[40809 (different_policies_test9)] FAILED [ 53%] [ 30s] tests/test_validate.py::test_nist_pkits[40810 (all_certificates_same_policies_test10)] FAILED [ 53%] [ 30s] tests/test_validate.py::test_nist_pkits[40810 (all_certificates_same_policies_test10_with_testpol1)] FAILED [ 53%] [ 30s] tests/test_validate.py::test_nist_pkits[40810 (all_certificates_same_policies_test10_with_testpol2)] FAILED [ 54%] [ 30s] tests/test_validate.py::test_nist_pkits[40811 (all_certificates_any_policy_test11)] FAILED [ 54%] [ 30s] tests/test_validate.py::test_nist_pkits[40811 (all_certificates_any_policy_test11_constrained)] FAILED [ 54%] [ 30s] tests/test_validate.py::test_nist_pkits[40812 (different_policies_test12)] FAILED [ 55%] [ 30s] tests/test_validate.py::test_nist_pkits[40813 (all_certificates_same_policies_test13)] FAILED [ 55%] [ 30s] tests/test_validate.py::test_nist_pkits[40813 (all_certificates_same_policies_test13_with_testpol1)] FAILED [ 55%] [ 30s] tests/test_validate.py::test_nist_pkits[40813 (all_certificates_same_policies_test13_with_testpol2)] FAILED [ 55%] [ 30s] tests/test_validate.py::test_nist_pkits[40813 (all_certificates_same_policies_test13_with_testpol3)] FAILED [ 56%] [ 31s] tests/test_validate.py::test_nist_pkits[40813 (all_certificates_same_policies_test13_with_testpol1_2)] FAILED [ 56%] [ 31s] tests/test_validate.py::test_nist_pkits[40814 (any_policy_test14)] FAILED [ 56%] [ 31s] tests/test_validate.py::test_nist_pkits[40814 (any_policy_test14_with_testpol1)] FAILED [ 57%] [ 31s] tests/test_validate.py::test_nist_pkits[40814 (any_policy_test14_with_testpol1_2)] FAILED [ 57%] [ 31s] tests/test_validate.py::test_nist_pkits[40814 (any_policy_test14_with_testpol2)] FAILED [ 57%] [ 31s] tests/test_validate.py::test_nist_pkits[40901 (valid_require_explicit_policy_test1)] FAILED [ 57%] [ 31s] tests/test_validate.py::test_nist_pkits[40902 (valid_require_explicit_policy_test2)] FAILED [ 58%] [ 31s] tests/test_validate.py::test_nist_pkits[40903 (invalid_require_explicit_policy_test3)] FAILED [ 58%] [ 31s] tests/test_validate.py::test_nist_pkits[40904 (valid_require_explicit_policy_test4)] FAILED [ 58%] [ 31s] tests/test_validate.py::test_nist_pkits[40905 (invalid_require_explicit_policy_test5)] FAILED [ 58%] [ 32s] tests/test_validate.py::test_nist_pkits[40906 (valid_self_issued_require_explicit_policy_test6)] FAILED [ 59%] [ 32s] tests/test_validate.py::test_nist_pkits[40907 (invalid_self_issued_require_explicit_policy_test7)] FAILED [ 59%] [ 32s] tests/test_validate.py::test_nist_pkits[40908 (invalid_self_issued_require_explicit_policy_test8)] FAILED [ 59%] [ 32s] tests/test_validate.py::test_nist_pkits[41001 (valid_policy_mapping_test2_with_testpol1)] FAILED [ 60%] [ 32s] tests/test_validate.py::test_nist_pkits[41001 (valid_policy_mapping_test2_with_testpol2)] FAILED [ 60%] [ 32s] tests/test_validate.py::test_nist_pkits[41001 (valid_policy_mapping_test2_inhibit_mapping)] FAILED [ 60%] [ 32s] tests/test_validate.py::test_nist_pkits[41001 (valid_policy_mapping_test2_inhibit_mapping_testpol1)] FAILED [ 60%] [ 32s] tests/test_validate.py::test_nist_pkits[41002 (invalid_policy_mapping_test2)] FAILED [ 61%] [ 32s] tests/test_validate.py::test_nist_pkits[41002 (invalid_policy_mapping_test2_inhibit_mapping)] FAILED [ 61%] [ 33s] tests/test_validate.py::test_nist_pkits[41003 (valid_policy_mapping_test3_with_testpol1)] FAILED [ 61%] [ 33s] tests/test_validate.py::test_nist_pkits[41003 (valid_policy_mapping_test3_with_testpol2)] FAILED [ 62%] [ 33s] tests/test_validate.py::test_nist_pkits[41004 (invalid_policy_mapping_test4)] FAILED [ 62%] [ 33s] tests/test_validate.py::test_nist_pkits[41005 (valid_policy_mapping_test5_with_testpol1)] FAILED [ 62%] [ 33s] tests/test_validate.py::test_nist_pkits[41005 (valid_policy_mapping_test5_with_testpol6)] FAILED [ 62%] [ 33s] tests/test_validate.py::test_nist_pkits[41006 (valid_policy_mapping_test6_with_testpol1)] FAILED [ 63%] [ 33s] tests/test_validate.py::test_nist_pkits[41006 (valid_policy_mapping_test6_with_testpol6)] FAILED [ 63%] [ 33s] tests/test_validate.py::test_nist_pkits[41007 (invalid_mapping_from_any_policy_test7)] FAILED [ 63%] [ 33s] tests/test_validate.py::test_nist_pkits[41008 (invalid_mapping_to_any_policy_test8)] FAILED [ 64%] [ 33s] tests/test_validate.py::test_nist_pkits[41009 (valid_policy_mapping_test9)] FAILED [ 64%] [ 34s] tests/test_validate.py::test_nist_pkits[41010 (invalid_policy_mapping_test10)] FAILED [ 64%] [ 34s] tests/test_validate.py::test_nist_pkits[41011 (valid_policy_mapping_test11)] FAILED [ 64%] [ 34s] tests/test_validate.py::test_nist_pkits[41013 (valid_policy_mapping_test13)] FAILED [ 65%] [ 34s] tests/test_validate.py::test_nist_pkits[41014 (valid_policy_mapping_test14)] FAILED [ 65%] [ 34s] tests/test_validate.py::test_nist_pkits[41101 (invalid_inhibit_policy_mapping_test1)] FAILED [ 65%] [ 34s] tests/test_validate.py::test_nist_pkits[41102 (valid_inhibit_policy_mapping_test2)] FAILED [ 66%] [ 34s] tests/test_validate.py::test_nist_pkits[41103 (invalid_inhibit_policy_mapping_test3)] FAILED [ 66%] [ 34s] tests/test_validate.py::test_nist_pkits[41104 (valid_inhibit_policy_mapping_test4)] FAILED [ 66%] [ 34s] tests/test_validate.py::test_nist_pkits[41105 (invalid_inhibit_policy_mapping_test5)] FAILED [ 66%] [ 34s] tests/test_validate.py::test_nist_pkits[41106 (invalid_inhibit_policy_mapping_test6)] FAILED [ 67%] [ 35s] tests/test_validate.py::test_nist_pkits[41107 (valid_self_issued_inhibit_policy_mapping_test7)] FAILED [ 67%] [ 35s] tests/test_validate.py::test_nist_pkits[41108 (invalid_self_issued_inhibit_policy_mapping_test8)] FAILED [ 67%] [ 35s] tests/test_validate.py::test_nist_pkits[41109 (invalid_self_issued_inhibit_policy_mapping_test9)] FAILED [ 67%] [ 35s] tests/test_validate.py::test_nist_pkits[41110 (invalid_self_issued_inhibit_policy_mapping_test10)] FAILED [ 68%] [ 35s] tests/test_validate.py::test_nist_pkits[41111 (invalid_self_issued_inhibit_policy_mapping_test11)] FAILED [ 68%] [ 35s] tests/test_validate.py::test_nist_pkits[41201 (invalid_inhibit_any_policy_test1)] FAILED [ 68%] [ 35s] tests/test_validate.py::test_nist_pkits[41202 (valid_inhibit_any_policy_test2)] FAILED [ 69%] [ 35s] tests/test_validate.py::test_nist_pkits[41203 (inhibit_any_policy_test3)] FAILED [ 69%] [ 35s] tests/test_validate.py::test_nist_pkits[41203 (inhibit_any_policy_test3_initial_inhibit)] FAILED [ 69%] [ 36s] tests/test_validate.py::test_nist_pkits[41204 (invalid_inhibit_any_policy_test4)] FAILED [ 69%] [ 36s] tests/test_validate.py::test_nist_pkits[41205 (invalid_inhibit_any_policy_test5)] FAILED [ 70%] [ 36s] tests/test_validate.py::test_nist_pkits[41206 (invalid_inhibit_any_policy_test6)] FAILED [ 70%] [ 36s] tests/test_validate.py::test_nist_pkits[41207 (valid_self_issued_inhibit_any_policy_test7)] FAILED [ 70%] [ 36s] tests/test_validate.py::test_nist_pkits[41208 (invalid_self_issued_inhibit_any_policy_test8)] FAILED [ 71%] [ 36s] tests/test_validate.py::test_nist_pkits[41209 (valid_self_issued_inhibit_any_policy_test9)] FAILED [ 71%] [ 36s] tests/test_validate.py::test_nist_pkits[41210 (invalid_self_issued_inhibit_any_policy_test10)] FAILED [ 71%] [ 36s] tests/test_validate.py::test_nist_pkits[41301 (valid_dn_nameconstraints_test1)] FAILED [ 71%] [ 36s] tests/test_validate.py::test_nist_pkits[41302 (invalid_dn_nameconstraints_test2)] FAILED [ 72%] [ 37s] tests/test_validate.py::test_nist_pkits[41303 (invalid_dn_nameconstraints_test3)0] FAILED [ 72%] [ 37s] tests/test_validate.py::test_nist_pkits[41303 (invalid_dn_nameconstraints_test3)1] FAILED [ 72%] [ 37s] tests/test_validate.py::test_nist_pkits[41304 (valid_dn_nameconstraints_test4)] FAILED [ 73%] [ 37s] tests/test_validate.py::test_nist_pkits[41305 (valid_dn_nameconstraints_test5)] FAILED [ 73%] [ 37s] tests/test_validate.py::test_nist_pkits[41306 (valid_dn_nameconstraints_test6)] FAILED [ 73%] [ 37s] tests/test_validate.py::test_nist_pkits[41307 (invalid_dn_nameconstraints_test7)] FAILED [ 73%] [ 37s] tests/test_validate.py::test_nist_pkits[41308 (invalid_dn_nameconstraints_test8)] FAILED [ 74%] [ 37s] tests/test_validate.py::test_nist_pkits[41309 (invalid_dn_nameconstraints_test9)] FAILED [ 74%] [ 37s] tests/test_validate.py::test_nist_pkits[41310 (invalid_dn_nameconstraints_test10)] FAILED [ 74%] [ 37s] tests/test_validate.py::test_nist_pkits[41311 (valid_dn_nameconstraints_test11)] FAILED [ 75%] [ 38s] tests/test_validate.py::test_nist_pkits[41312 (invalid_dn_nameconstraints_test12)] FAILED [ 75%] [ 38s] tests/test_validate.py::test_nist_pkits[41313 (invalid_dn_nameconstraints_test13)] FAILED [ 75%] [ 38s] tests/test_validate.py::test_nist_pkits[41314 (valid_dn_nameconstraints_test14)] FAILED [ 75%] [ 38s] tests/test_validate.py::test_nist_pkits[41315 (invalid_dn_nameconstraints_test15)] FAILED [ 76%] [ 38s] tests/test_validate.py::test_nist_pkits[41316 (invalid_dn_nameconstraints_test16)] FAILED [ 76%] [ 38s] tests/test_validate.py::test_nist_pkits[41317 (invalid_dn_nameconstraints_test17)] FAILED [ 76%] [ 38s] tests/test_validate.py::test_nist_pkits[41318 (valid_dn_nameconstraints_test18)] FAILED [ 76%] [ 38s] tests/test_validate.py::test_nist_pkits[41319 (valid_self_issued_dn_nameconstraints_test19)] FAILED [ 77%] [ 38s] tests/test_validate.py::test_nist_pkits[41320 (invalid_self_issued_dn_nameconstraints_test20)] FAILED [ 77%] [ 39s] tests/test_validate.py::test_nist_pkits[41321 (valid_rfc822_nameconstraints_test21)] FAILED [ 77%] [ 39s] tests/test_validate.py::test_nist_pkits[41322 (invalid_rfc822_nameconstraints_test22)] FAILED [ 78%] [ 39s] tests/test_validate.py::test_nist_pkits[41323 (valid_rfc822_nameconstraints_test23)] FAILED [ 78%] [ 39s] tests/test_validate.py::test_nist_pkits[41324 (invalid_rfc822_nameconstraints_test24)] FAILED [ 78%] [ 39s] tests/test_validate.py::test_nist_pkits[41325 (valid_rfc822_nameconstraints_test25)] FAILED [ 78%] [ 39s] tests/test_validate.py::test_nist_pkits[41326 (invalid_rfc822_nameconstraints_test26)] FAILED [ 79%] [ 39s] tests/test_validate.py::test_nist_pkits[41327 (valid_dn_and_rfc822_nameconstraints_test27)] FAILED [ 79%] [ 39s] tests/test_validate.py::test_nist_pkits[41328 (invalid_dn_and_rfc822_nameconstraints_test28)] FAILED [ 79%] [ 39s] tests/test_validate.py::test_nist_pkits[41329 (invalid_dn_and_rfc822_nameconstraints_test29)] FAILED [ 80%] [ 40s] tests/test_validate.py::test_nist_pkits[41330 (valid_dns_nameconstraints_test30)] FAILED [ 80%] [ 40s] tests/test_validate.py::test_nist_pkits[41331 (invalid_dns_nameconstraints_test31)] FAILED [ 80%] [ 40s] tests/test_validate.py::test_nist_pkits[41332 (valid_dns_nameconstraints_test32)] FAILED [ 80%] [ 40s] tests/test_validate.py::test_nist_pkits[41333 (invalid_dns_nameconstraints_test33)] FAILED [ 81%] [ 40s] tests/test_validate.py::test_nist_pkits[41334 (valid_uri_nameconstraints_test34)] FAILED [ 81%] [ 40s] tests/test_validate.py::test_nist_pkits[41335 (invalid_uri_nameconstraints_test35)] FAILED [ 81%] [ 40s] tests/test_validate.py::test_nist_pkits[41336 (valid_uri_nameconstraints_test36)] FAILED [ 82%] [ 40s] tests/test_validate.py::test_nist_pkits[41337 (invalid_uri_nameconstraints_test37)] FAILED [ 82%] [ 40s] tests/test_validate.py::test_nist_pkits[41338 (invalid_dns_nameconstraints_test38)] FAILED [ 82%] [ 41s] tests/test_validate.py::test_nist_pkits[41401 (valid_distributionpoint_test1)] FAILED [ 82%] [ 41s] tests/test_validate.py::test_nist_pkits[41402 (invalid_distributionpoint_test2)] FAILED [ 83%] [ 41s] tests/test_validate.py::test_nist_pkits[41403 (invalid_distributionpoint_test3)] FAILED [ 83%] [ 41s] tests/test_validate.py::test_nist_pkits[41404 (valid_distributionpoint_test4)] FAILED [ 83%] [ 41s] tests/test_validate.py::test_nist_pkits[41405 (valid_distributionpoint_test5)] FAILED [ 83%] [ 41s] tests/test_validate.py::test_nist_pkits[41406 (invalid_distributionpoint_test6)] FAILED [ 84%] [ 41s] tests/test_validate.py::test_nist_pkits[41407 (valid_distributionpoint_test7)] FAILED [ 84%] [ 41s] tests/test_validate.py::test_nist_pkits[41408 (invalid_distributionpoint_test8)] FAILED [ 84%] [ 41s] tests/test_validate.py::test_nist_pkits[41409 (invalid_distributionpoint_test9)] FAILED [ 85%] [ 41s] tests/test_validate.py::test_nist_pkits[41410 (valid_no_issuingdistributionpoint_test10)] FAILED [ 85%] [ 42s] tests/test_validate.py::test_nist_pkits[41411 (invalid_onlycontainsusercerts_crl_test11)] FAILED [ 85%] [ 42s] tests/test_validate.py::test_nist_pkits[41412 (invalid_onlycontainscacerts_crl_test12)] FAILED [ 85%] [ 42s] tests/test_validate.py::test_nist_pkits[41413 (valid_onlycontainscacerts_crl_test13)] FAILED [ 86%] [ 42s] tests/test_validate.py::test_nist_pkits[41414 (invalid_onlycontainsattributecerts_crl_test14)] FAILED [ 86%] [ 42s] tests/test_validate.py::test_nist_pkits[41415 (invalid_onlysomereasons_test15)] FAILED [ 86%] [ 42s] tests/test_validate.py::test_nist_pkits[41416 (invalid_onlysomereasons_test16)] FAILED [ 87%] [ 42s] tests/test_validate.py::test_nist_pkits[41417 (invalid_onlysomereasons_test17)] FAILED [ 87%] [ 42s] tests/test_validate.py::test_nist_pkits[41418 (valid_onlysomereasons_test18)] FAILED [ 87%] [ 42s] tests/test_validate.py::test_nist_pkits[41419 (valid_onlysomereasons_test19)] FAILED [ 87%] [ 43s] tests/test_validate.py::test_nist_pkits[41420 (invalid_onlysomereasons_test20)] FAILED [ 88%] [ 43s] tests/test_validate.py::test_nist_pkits[41421 (invalid_onlysomereasons_test21)] FAILED [ 88%] [ 43s] tests/test_validate.py::test_nist_pkits[41422 (valid_idp_with_indirectcrl_test22)] FAILED [ 88%] [ 43s] tests/test_validate.py::test_nist_pkits[41423 (invalid_idp_with_indirectcrl_test23)] FAILED [ 89%] [ 43s] tests/test_validate.py::test_nist_pkits[41424 (valid_idp_with_indirectcrl_test24)] FAILED [ 89%] [ 43s] tests/test_validate.py::test_nist_pkits[41425 (valid_idp_with_indirectcrl_test25)] FAILED [ 89%] [ 43s] tests/test_validate.py::test_nist_pkits[41426 (invalid_idp_with_indirectcrl_test26)] FAILED [ 89%] [ 43s] tests/test_validate.py::test_nist_pkits[41427 (invalid_crlissuer_test27)] FAILED [ 90%] [ 43s] tests/test_validate.py::test_nist_pkits[41428 (valid_crlissuer_test28)] FAILED [ 90%] [ 44s] tests/test_validate.py::test_nist_pkits[41429 (valid_crlissuer_test29)] FAILED [ 90%] [ 44s] tests/test_validate.py::test_nist_pkits[41430 (valid_crlissuer_test30)] FAILED [ 91%] [ 44s] tests/test_validate.py::test_nist_pkits[41431 (invalid_crlissuer_test31)] FAILED [ 91%] [ 44s] tests/test_validate.py::test_nist_pkits[41432 (invalid_crlissuer_test32)] FAILED [ 91%] [ 44s] tests/test_validate.py::test_nist_pkits[41433 (valid_crlissuer_test33)] FAILED [ 91%] [ 44s] tests/test_validate.py::test_nist_pkits[41434 (invalid_crlissuer_test34)] FAILED [ 92%] [ 44s] tests/test_validate.py::test_nist_pkits[41435 (invalid_crlissuer_test35)] FAILED [ 92%] [ 44s] tests/test_validate.py::test_nist_pkits[41501 (invalid_deltacrlindicator_no_base_set_test1)] FAILED [ 92%] [ 44s] tests/test_validate.py::test_nist_pkits[41502 (valid_deltacrl_test2)] FAILED [ 92%] [ 44s] tests/test_validate.py::test_nist_pkits[41503 (invalid_deltacrl_test3)] FAILED [ 93%] [ 45s] tests/test_validate.py::test_nist_pkits[41504 (invalid_deltacrl_test4)] FAILED [ 93%] [ 45s] tests/test_validate.py::test_nist_pkits[41505 (valid_deltacrl_test5)] FAILED [ 93%] [ 45s] tests/test_validate.py::test_nist_pkits[41506 (invalid_deltacrl_test6)] FAILED [ 94%] [ 45s] tests/test_validate.py::test_nist_pkits[41507 (valid_deltacrl_test7)] FAILED [ 94%] [ 45s] tests/test_validate.py::test_nist_pkits[41508 (valid_deltacrl_test8)] FAILED [ 94%] [ 45s] tests/test_validate.py::test_nist_pkits[41509 (invalid_deltacrl_test9)] FAILED [ 94%] [ 45s] tests/test_validate.py::test_nist_pkits[41510 (invalid_deltacrl_test10)] FAILED [ 95%] [ 45s] tests/test_validate.py::test_nist_pkits[41601 (valid_unknown_not_critical_certificate_extension_test1)] FAILED [ 95%] [ 45s] tests/test_validate.py::test_nist_pkits[41602 (invalid_unknown_critical_certificate_extension_test2)] FAILED [ 95%] [ 46s] tests/test_validate.py::test_nist_pkits_user_notice[40815 (user_notice_qualifier_test15)] FAILED [ 96%] [ 46s] tests/test_validate.py::test_nist_pkits_user_notice[40816 (user_notice_qualifier_test16)] FAILED [ 96%] [ 46s] tests/test_validate.py::test_nist_pkits_user_notice[40817 (user_notice_qualifier_test17)] FAILED [ 96%] [ 46s] tests/test_validate.py::test_nist_pkits_user_notice[40818 (user_notice_qualifier_test18_q4)] FAILED [ 96%] [ 46s] tests/test_validate.py::test_nist_pkits_user_notice[40818 (user_notice_qualifier_test18_q5)] FAILED [ 97%] [ 46s] tests/test_validate.py::test_nist_pkits_user_notice[40818 (user_notice_qualifier_test19)] FAILED [ 97%] [ 46s] tests/test_validate.py::test_nist_pkits_user_notice[41012 (valid_policy_mapping_test12_with_testpol1)] FAILED [ 97%] [ 46s] tests/test_validate.py::test_nist_pkits_user_notice[41012 (valid_policy_mapping_test12_with_testpol2)] FAILED [ 98%] [ 46s] tests/test_validate.py::test_408020_cps_pointer_qualifier_test20 FAILED [ 98%] [ 46s] tests/test_validate.py::test_building_trust_path_with_pkcs7_in_different_orders[cert_order0] SKIPPED [ 98%] [ 46s] tests/test_validate.py::test_building_trust_path_with_pkcs7_in_different_orders[cert_order1] SKIPPED [ 98%] [ 46s] tests/test_validate.py::test_building_trust_path_with_pkcs7_in_different_orders[cert_order2] SKIPPED [ 99%] [ 46s] tests/test_validate.py::test_building_trust_path_with_pkcs7_in_different_orders[cert_order3] SKIPPED [ 99%] [ 46s] tests/test_validate.py::test_building_trust_path_with_pkcs7_in_different_orders[cert_order4] SKIPPED [ 99%] [ 46s] tests/test_validate.py::test_building_trust_path_with_pkcs7_in_different_orders[cert_order5] SKIPPED [100%] [ 46s] [ 46s] =================================== FAILURES =================================== [ 46s] _______________ test_nist_pkits[40101 (valid_signatures_test1)] ________________ [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40101, test_name='valid_signatures_test1'), cert=], expected_error=None, pkix_params=None) [ 46s] [ 46s] @pytest.mark.parametrize( [ 46s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 46s] ) [ 46s] def test_nist_pkits(test_case: PKITSTestCase): [ 46s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 46s] [ 46s] context = ValidationContext( [ 46s] trust_roots=test_case.roots, [ 46s] other_certs=test_case.other_certs, [ 46s] crls=test_case.crls, [ 46s] revocation_mode=revocation_mode, [ 46s] # adjust default algo policy to pass NIST tests [ 46s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 46s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 46s] ), [ 46s] ) [ 46s] [ 46s] if test_case.path is None: [ 46s] paths = context.path_builder.build_paths(test_case.cert) [ 46s] assert 1 == len(paths) [ 46s] path: ValidationPath = paths[0] [ 46s] else: [ 46s] path = test_case.path [ 46s] [ 46s] assert test_case.path_len == len(path) [ 46s] [ 46s] err = test_case.expected_error [ 46s] params = test_case.pkix_params [ 46s] if err is not None: [ 46s] with pytest.raises(err.err_class, match=err.msg_regex): [ 46s] validate_path(context, path, parameters=params) [ 46s] else: [ 46s] > validate_path(context, path, parameters=params) [ 46s] [ 46s] tests/test_validate.py:652: [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] pyhanko_certvalidator/validate.py:108: in validate_path [ 46s] result = asyncio.run( [ 46s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 46s] return loop.run_until_complete(main) [ 46s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 46s] return future.result() [ 46s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 46s] return await intl_validate_path( [ 46s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 46s] _check_validity( [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] [ 46s] validity = [ 46s] moment = datetime.datetime(2040, 12, 15, 0, 32, 21, 927533, tzinfo=datetime.timezone.utc) [ 46s] tolerance = datetime.timedelta(seconds=1) [ 46s] proc_state = [ 46s] [ 46s] def _check_validity( [ 46s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 46s] ): [ 46s] if moment < validity['not_before'].native - tolerance: [ 46s] raise NotYetValidError.format( [ 46s] valid_from=validity['not_before'].native, proc_state=proc_state [ 46s] ) [ 46s] if moment > validity['not_after'].native + tolerance: [ 46s] > raise ExpiredError.format( [ 46s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 46s] ) [ 46s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 46s] [ 46s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 46s] _____________ test_nist_pkits[40103 (invalid_ee_signature_test3)] ______________ [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40103, test_name='invalid_ee_signature_test3'), cert= validate_path(context, path, parameters=params) [ 46s] [ 46s] tests/test_validate.py:650: [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] pyhanko_certvalidator/validate.py:108: in validate_path [ 46s] result = asyncio.run( [ 46s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 46s] return loop.run_until_complete(main) [ 46s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 46s] return future.result() [ 46s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 46s] return await intl_validate_path( [ 46s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 46s] _check_validity( [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] [ 46s] validity = [ 46s] moment = datetime.datetime(2040, 12, 15, 0, 32, 22, 42725, tzinfo=datetime.timezone.utc) [ 46s] tolerance = datetime.timedelta(seconds=1) [ 46s] proc_state = [ 46s] [ 46s] def _check_validity( [ 46s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 46s] ): [ 46s] if moment < validity['not_before'].native - tolerance: [ 46s] raise NotYetValidError.format( [ 46s] valid_from=validity['not_before'].native, proc_state=proc_state [ 46s] ) [ 46s] if moment > validity['not_after'].native + tolerance: [ 46s] > raise ExpiredError.format( [ 46s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 46s] ) [ 46s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 46s] [ 46s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 46s] [ 46s] During handling of the above exception, another exception occurred: [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40103, test_name='invalid_ee_signature_test3'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 46s] E AssertionError: Regex pattern did not match. [ 46s] E Regex: 'The path could not be validated because the signature of the end-entity certificate could not be verified' [ 46s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 46s] [ 46s] tests/test_validate.py:649: AssertionError [ 46s] _____________ test_nist_pkits[40104 (valid_dsa_signatures_test4)] ______________ [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40104, test_name='valid_dsa_signatures_test4'), cert=], expected_error=None, pkix_params=None) [ 46s] [ 46s] @pytest.mark.parametrize( [ 46s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 46s] ) [ 46s] def test_nist_pkits(test_case: PKITSTestCase): [ 46s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 46s] [ 46s] context = ValidationContext( [ 46s] trust_roots=test_case.roots, [ 46s] other_certs=test_case.other_certs, [ 46s] crls=test_case.crls, [ 46s] revocation_mode=revocation_mode, [ 46s] # adjust default algo policy to pass NIST tests [ 46s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 46s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 46s] ), [ 46s] ) [ 46s] [ 46s] if test_case.path is None: [ 46s] paths = context.path_builder.build_paths(test_case.cert) [ 46s] assert 1 == len(paths) [ 46s] path: ValidationPath = paths[0] [ 46s] else: [ 46s] path = test_case.path [ 46s] [ 46s] assert test_case.path_len == len(path) [ 46s] [ 46s] err = test_case.expected_error [ 46s] params = test_case.pkix_params [ 46s] if err is not None: [ 46s] with pytest.raises(err.err_class, match=err.msg_regex): [ 46s] validate_path(context, path, parameters=params) [ 46s] else: [ 46s] > validate_path(context, path, parameters=params) [ 46s] [ 46s] tests/test_validate.py:652: [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] pyhanko_certvalidator/validate.py:108: in validate_path [ 46s] result = asyncio.run( [ 46s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 46s] return loop.run_until_complete(main) [ 46s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 46s] return future.result() [ 46s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 46s] return await intl_validate_path( [ 46s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 46s] _check_validity( [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] [ 46s] validity = [ 46s] moment = datetime.datetime(2040, 12, 15, 0, 32, 22, 129436, tzinfo=datetime.timezone.utc) [ 46s] tolerance = datetime.timedelta(seconds=1) [ 46s] proc_state = [ 46s] [ 46s] def _check_validity( [ 46s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 46s] ): [ 46s] if moment < validity['not_before'].native - tolerance: [ 46s] raise NotYetValidError.format( [ 46s] valid_from=validity['not_before'].native, proc_state=proc_state [ 46s] ) [ 46s] if moment > validity['not_after'].native + tolerance: [ 46s] > raise ExpiredError.format( [ 46s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 46s] ) [ 46s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 46s] [ 46s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 46s] ________ test_nist_pkits[40105 (valid_dsa_parameter_inheritance_test5)] ________ [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40105, test_name='valid_dsa_parameter_inheritance_test5'), cert=], expected_error=None, pkix_params=None) [ 46s] [ 46s] @pytest.mark.parametrize( [ 46s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 46s] ) [ 46s] def test_nist_pkits(test_case: PKITSTestCase): [ 46s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 46s] [ 46s] context = ValidationContext( [ 46s] trust_roots=test_case.roots, [ 46s] other_certs=test_case.other_certs, [ 46s] crls=test_case.crls, [ 46s] revocation_mode=revocation_mode, [ 46s] # adjust default algo policy to pass NIST tests [ 46s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 46s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 46s] ), [ 46s] ) [ 46s] [ 46s] if test_case.path is None: [ 46s] paths = context.path_builder.build_paths(test_case.cert) [ 46s] assert 1 == len(paths) [ 46s] path: ValidationPath = paths[0] [ 46s] else: [ 46s] path = test_case.path [ 46s] [ 46s] assert test_case.path_len == len(path) [ 46s] [ 46s] err = test_case.expected_error [ 46s] params = test_case.pkix_params [ 46s] if err is not None: [ 46s] with pytest.raises(err.err_class, match=err.msg_regex): [ 46s] validate_path(context, path, parameters=params) [ 46s] else: [ 46s] > validate_path(context, path, parameters=params) [ 46s] [ 46s] tests/test_validate.py:652: [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] pyhanko_certvalidator/validate.py:108: in validate_path [ 46s] result = asyncio.run( [ 46s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 46s] return loop.run_until_complete(main) [ 46s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 46s] return future.result() [ 46s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 46s] return await intl_validate_path( [ 46s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 46s] _check_validity( [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] [ 46s] validity = [ 46s] moment = datetime.datetime(2040, 12, 15, 0, 32, 22, 236964, tzinfo=datetime.timezone.utc) [ 46s] tolerance = datetime.timedelta(seconds=1) [ 46s] proc_state = [ 46s] [ 46s] def _check_validity( [ 46s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 46s] ): [ 46s] if moment < validity['not_before'].native - tolerance: [ 46s] raise NotYetValidError.format( [ 46s] valid_from=validity['not_before'].native, proc_state=proc_state [ 46s] ) [ 46s] if moment > validity['not_after'].native + tolerance: [ 46s] > raise ExpiredError.format( [ 46s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 46s] ) [ 46s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 46s] [ 46s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 46s] _____________ test_nist_pkits[40106 (invalid_dsa_signature_test6)] _____________ [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40106, test_name='invalid_dsa_signature_test6'), cert= validate_path(context, path, parameters=params) [ 46s] [ 46s] tests/test_validate.py:650: [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] pyhanko_certvalidator/validate.py:108: in validate_path [ 46s] result = asyncio.run( [ 46s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 46s] return loop.run_until_complete(main) [ 46s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 46s] return future.result() [ 46s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 46s] return await intl_validate_path( [ 46s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 46s] _check_validity( [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] [ 46s] validity = [ 46s] moment = datetime.datetime(2040, 12, 15, 0, 32, 22, 317368, tzinfo=datetime.timezone.utc) [ 46s] tolerance = datetime.timedelta(seconds=1) [ 46s] proc_state = [ 46s] [ 46s] def _check_validity( [ 46s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 46s] ): [ 46s] if moment < validity['not_before'].native - tolerance: [ 46s] raise NotYetValidError.format( [ 46s] valid_from=validity['not_before'].native, proc_state=proc_state [ 46s] ) [ 46s] if moment > validity['not_after'].native + tolerance: [ 46s] > raise ExpiredError.format( [ 46s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 46s] ) [ 46s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 46s] [ 46s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 46s] [ 46s] During handling of the above exception, another exception occurred: [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40106, test_name='invalid_dsa_signature_test6'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 46s] E AssertionError: Regex pattern did not match. [ 46s] E Regex: 'The path could not be validated because the signature of the end-entity certificate could not be verified' [ 46s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 46s] [ 46s] tests/test_validate.py:649: AssertionError [ 46s] ___________ test_nist_pkits[40202 (invalid_ee_notbefore_date_test2)] ___________ [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40202, test_name='invalid_ee_notbefore_date_test2'), cert= validate_path(context, path, parameters=params) [ 46s] [ 46s] tests/test_validate.py:650: [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] pyhanko_certvalidator/validate.py:108: in validate_path [ 46s] result = asyncio.run( [ 46s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 46s] return loop.run_until_complete(main) [ 46s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 46s] return future.result() [ 46s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 46s] return await intl_validate_path( [ 46s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 46s] _check_validity( [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] [ 46s] validity = [ 46s] moment = datetime.datetime(2040, 12, 15, 0, 32, 22, 409484, tzinfo=datetime.timezone.utc) [ 46s] tolerance = datetime.timedelta(seconds=1) [ 46s] proc_state = [ 46s] [ 46s] def _check_validity( [ 46s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 46s] ): [ 46s] if moment < validity['not_before'].native - tolerance: [ 46s] raise NotYetValidError.format( [ 46s] valid_from=validity['not_before'].native, proc_state=proc_state [ 46s] ) [ 46s] if moment > validity['not_after'].native + tolerance: [ 46s] > raise ExpiredError.format( [ 46s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 46s] ) [ 46s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 46s] [ 46s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 46s] [ 46s] During handling of the above exception, another exception occurred: [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40202, test_name='invalid_ee_notbefore_date_test2'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 46s] E AssertionError: Regex pattern did not match. [ 46s] E Regex: 'The path could not be validated because the end-entity certificate is not valid until 2047-01-01 12:01:00Z' [ 46s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 46s] [ 46s] tests/test_validate.py:649: AssertionError [ 46s] _______ test_nist_pkits[40203 (valid_pre2000_utc_notbefore_date_test3)] ________ [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40203, test_name='valid_pre2000_utc_notbefore_date_test3'), cert=], expected_error=None, pkix_params=None) [ 46s] [ 46s] @pytest.mark.parametrize( [ 46s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 46s] ) [ 46s] def test_nist_pkits(test_case: PKITSTestCase): [ 46s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 46s] [ 46s] context = ValidationContext( [ 46s] trust_roots=test_case.roots, [ 46s] other_certs=test_case.other_certs, [ 46s] crls=test_case.crls, [ 46s] revocation_mode=revocation_mode, [ 46s] # adjust default algo policy to pass NIST tests [ 46s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 46s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 46s] ), [ 46s] ) [ 46s] [ 46s] if test_case.path is None: [ 46s] paths = context.path_builder.build_paths(test_case.cert) [ 46s] assert 1 == len(paths) [ 46s] path: ValidationPath = paths[0] [ 46s] else: [ 46s] path = test_case.path [ 46s] [ 46s] assert test_case.path_len == len(path) [ 46s] [ 46s] err = test_case.expected_error [ 46s] params = test_case.pkix_params [ 46s] if err is not None: [ 46s] with pytest.raises(err.err_class, match=err.msg_regex): [ 46s] validate_path(context, path, parameters=params) [ 46s] else: [ 46s] > validate_path(context, path, parameters=params) [ 46s] [ 46s] tests/test_validate.py:652: [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] pyhanko_certvalidator/validate.py:108: in validate_path [ 46s] result = asyncio.run( [ 46s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 46s] return loop.run_until_complete(main) [ 46s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 46s] return future.result() [ 46s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 46s] return await intl_validate_path( [ 46s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 46s] _check_validity( [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] [ 46s] validity = [ 46s] moment = datetime.datetime(2040, 12, 15, 0, 32, 22, 525853, tzinfo=datetime.timezone.utc) [ 46s] tolerance = datetime.timedelta(seconds=1) [ 46s] proc_state = [ 46s] [ 46s] def _check_validity( [ 46s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 46s] ): [ 46s] if moment < validity['not_before'].native - tolerance: [ 46s] raise NotYetValidError.format( [ 46s] valid_from=validity['not_before'].native, proc_state=proc_state [ 46s] ) [ 46s] if moment > validity['not_after'].native + tolerance: [ 46s] > raise ExpiredError.format( [ 46s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 46s] ) [ 46s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 46s] [ 46s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 46s] _____ test_nist_pkits[40204 (valid_generalizedtime_notbefore_date_test4)] ______ [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40204, test_name='valid_generalizedtime_notbefore_date_test4'), cert=], expected_error=None, pkix_params=None) [ 46s] [ 46s] @pytest.mark.parametrize( [ 46s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 46s] ) [ 46s] def test_nist_pkits(test_case: PKITSTestCase): [ 46s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 46s] [ 46s] context = ValidationContext( [ 46s] trust_roots=test_case.roots, [ 46s] other_certs=test_case.other_certs, [ 46s] crls=test_case.crls, [ 46s] revocation_mode=revocation_mode, [ 46s] # adjust default algo policy to pass NIST tests [ 46s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 46s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 46s] ), [ 46s] ) [ 46s] [ 46s] if test_case.path is None: [ 46s] paths = context.path_builder.build_paths(test_case.cert) [ 46s] assert 1 == len(paths) [ 46s] path: ValidationPath = paths[0] [ 46s] else: [ 46s] path = test_case.path [ 46s] [ 46s] assert test_case.path_len == len(path) [ 46s] [ 46s] err = test_case.expected_error [ 46s] params = test_case.pkix_params [ 46s] if err is not None: [ 46s] with pytest.raises(err.err_class, match=err.msg_regex): [ 46s] validate_path(context, path, parameters=params) [ 46s] else: [ 46s] > validate_path(context, path, parameters=params) [ 46s] [ 46s] tests/test_validate.py:652: [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] pyhanko_certvalidator/validate.py:108: in validate_path [ 46s] result = asyncio.run( [ 46s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 46s] return loop.run_until_complete(main) [ 46s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 46s] return future.result() [ 46s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 46s] return await intl_validate_path( [ 46s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 46s] _check_validity( [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] [ 46s] validity = [ 46s] moment = datetime.datetime(2040, 12, 15, 0, 32, 22, 604998, tzinfo=datetime.timezone.utc) [ 46s] tolerance = datetime.timedelta(seconds=1) [ 46s] proc_state = [ 46s] [ 46s] def _check_validity( [ 46s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 46s] ): [ 46s] if moment < validity['not_before'].native - tolerance: [ 46s] raise NotYetValidError.format( [ 46s] valid_from=validity['not_before'].native, proc_state=proc_state [ 46s] ) [ 46s] if moment > validity['not_after'].native + tolerance: [ 46s] > raise ExpiredError.format( [ 46s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 46s] ) [ 46s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 46s] [ 46s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 46s] ___________ test_nist_pkits[40206 (invalid_ee_notafter_date_test6)] ____________ [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40206, test_name='invalid_ee_notafter_date_test6'), cert= validate_path(context, path, parameters=params) [ 46s] [ 46s] tests/test_validate.py:650: [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] pyhanko_certvalidator/validate.py:108: in validate_path [ 46s] result = asyncio.run( [ 46s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 46s] return loop.run_until_complete(main) [ 46s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 46s] return future.result() [ 46s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 46s] return await intl_validate_path( [ 46s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 46s] _check_validity( [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] [ 46s] validity = [ 46s] moment = datetime.datetime(2040, 12, 15, 0, 32, 22, 696192, tzinfo=datetime.timezone.utc) [ 46s] tolerance = datetime.timedelta(seconds=1) [ 46s] proc_state = [ 46s] [ 46s] def _check_validity( [ 46s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 46s] ): [ 46s] if moment < validity['not_before'].native - tolerance: [ 46s] raise NotYetValidError.format( [ 46s] valid_from=validity['not_before'].native, proc_state=proc_state [ 46s] ) [ 46s] if moment > validity['not_after'].native + tolerance: [ 46s] > raise ExpiredError.format( [ 46s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 46s] ) [ 46s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 46s] [ 46s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 46s] [ 46s] During handling of the above exception, another exception occurred: [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40206, test_name='invalid_ee_notafter_date_test6'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 46s] E AssertionError: Regex pattern did not match. [ 46s] E Regex: 'The path could not be validated because the end-entity certificate expired 2011-01-01 08:30:00Z' [ 46s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 46s] [ 46s] tests/test_validate.py:649: AssertionError [ 46s] _____ test_nist_pkits[40207 (invalid_pre2000_utc_ee_notafter_date_test7)] ______ [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40207, test_name='invalid_pre2000_utc_ee_notafter_date_test7'), cert= validate_path(context, path, parameters=params) [ 46s] [ 46s] tests/test_validate.py:650: [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] pyhanko_certvalidator/validate.py:108: in validate_path [ 46s] result = asyncio.run( [ 46s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 46s] return loop.run_until_complete(main) [ 46s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 46s] return future.result() [ 46s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 46s] return await intl_validate_path( [ 46s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 46s] _check_validity( [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] [ 46s] validity = [ 46s] moment = datetime.datetime(2040, 12, 15, 0, 32, 22, 813235, tzinfo=datetime.timezone.utc) [ 46s] tolerance = datetime.timedelta(seconds=1) [ 46s] proc_state = [ 46s] [ 46s] def _check_validity( [ 46s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 46s] ): [ 46s] if moment < validity['not_before'].native - tolerance: [ 46s] raise NotYetValidError.format( [ 46s] valid_from=validity['not_before'].native, proc_state=proc_state [ 46s] ) [ 46s] if moment > validity['not_after'].native + tolerance: [ 46s] > raise ExpiredError.format( [ 46s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 46s] ) [ 46s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 46s] [ 46s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 46s] [ 46s] During handling of the above exception, another exception occurred: [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40207, test_name='invalid_pre2000_utc_ee_notafter_date_test7'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 46s] E AssertionError: Regex pattern did not match. [ 46s] E Regex: 'The path could not be validated because the end-entity certificate expired 1999-01-01 12:01:00Z' [ 46s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 46s] [ 46s] tests/test_validate.py:649: AssertionError [ 46s] _____ test_nist_pkits[40208 (valid_generalizedtime_notbefore_date_test8)] ______ [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40208, test_name='valid_generalizedtime_notbefore_date_test8'), cert=], expected_error=None, pkix_params=None) [ 46s] [ 46s] @pytest.mark.parametrize( [ 46s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 46s] ) [ 46s] def test_nist_pkits(test_case: PKITSTestCase): [ 46s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 46s] [ 46s] context = ValidationContext( [ 46s] trust_roots=test_case.roots, [ 46s] other_certs=test_case.other_certs, [ 46s] crls=test_case.crls, [ 46s] revocation_mode=revocation_mode, [ 46s] # adjust default algo policy to pass NIST tests [ 46s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 46s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 46s] ), [ 46s] ) [ 46s] [ 46s] if test_case.path is None: [ 46s] paths = context.path_builder.build_paths(test_case.cert) [ 46s] assert 1 == len(paths) [ 46s] path: ValidationPath = paths[0] [ 46s] else: [ 46s] path = test_case.path [ 46s] [ 46s] assert test_case.path_len == len(path) [ 46s] [ 46s] err = test_case.expected_error [ 46s] params = test_case.pkix_params [ 46s] if err is not None: [ 46s] with pytest.raises(err.err_class, match=err.msg_regex): [ 46s] validate_path(context, path, parameters=params) [ 46s] else: [ 46s] > validate_path(context, path, parameters=params) [ 46s] [ 46s] tests/test_validate.py:652: [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] pyhanko_certvalidator/validate.py:108: in validate_path [ 46s] result = asyncio.run( [ 46s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 46s] return loop.run_until_complete(main) [ 46s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 46s] return future.result() [ 46s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 46s] return await intl_validate_path( [ 46s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 46s] _check_validity( [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] [ 46s] validity = [ 46s] moment = datetime.datetime(2040, 12, 15, 0, 32, 22, 900190, tzinfo=datetime.timezone.utc) [ 46s] tolerance = datetime.timedelta(seconds=1) [ 46s] proc_state = [ 46s] [ 46s] def _check_validity( [ 46s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 46s] ): [ 46s] if moment < validity['not_before'].native - tolerance: [ 46s] raise NotYetValidError.format( [ 46s] valid_from=validity['not_before'].native, proc_state=proc_state [ 46s] ) [ 46s] if moment > validity['not_after'].native + tolerance: [ 46s] > raise ExpiredError.format( [ 46s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 46s] ) [ 46s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 46s] [ 46s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 46s] ___________ test_nist_pkits[40301 (invalid_name_chaining_ee_test1)] ____________ [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40301, test_name='invalid_name_chaining_ee_test1'), cert= validate_path(context, path, parameters=params) [ 46s] [ 46s] tests/test_validate.py:650: [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] pyhanko_certvalidator/validate.py:108: in validate_path [ 46s] result = asyncio.run( [ 46s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 46s] return loop.run_until_complete(main) [ 46s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 46s] return future.result() [ 46s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 46s] return await intl_validate_path( [ 46s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 46s] _check_validity( [ 46s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 46s] [ 46s] validity = [ 46s] moment = datetime.datetime(2040, 12, 15, 0, 32, 22, 979501, tzinfo=datetime.timezone.utc) [ 46s] tolerance = datetime.timedelta(seconds=1) [ 46s] proc_state = [ 46s] [ 46s] def _check_validity( [ 46s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 46s] ): [ 46s] if moment < validity['not_before'].native - tolerance: [ 46s] raise NotYetValidError.format( [ 46s] valid_from=validity['not_before'].native, proc_state=proc_state [ 46s] ) [ 46s] if moment > validity['not_after'].native + tolerance: [ 46s] > raise ExpiredError.format( [ 46s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 46s] ) [ 46s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 46s] [ 46s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 46s] [ 46s] During handling of the above exception, another exception occurred: [ 46s] [ 46s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40301, test_name='invalid_name_chaining_ee_test1'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 46s] E AssertionError: Regex pattern did not match. [ 46s] E Regex: 'The path could not be validated because the end-entity certificate issuer name could not be matched' [ 46s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 46s] [ 46s] tests/test_validate.py:649: AssertionError [ 46s] __________ test_nist_pkits[40302 (invalid_name_chaining_order_test2)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40302, test_name='invalid_name_chaining_order_test2'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 23, 95563, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40302, test_name='invalid_name_chaining_order_test2'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because the end-entity certificate issuer name could not be matched' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ________ test_nist_pkits[40303 (valid_name_chaining_whitespace_test3)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40303, test_name='valid_name_chaining_whitespace_test3'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 23, 179644, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________ test_nist_pkits[40304 (valid_name_chaining_whitespace_test4)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40304, test_name='valid_name_chaining_whitespace_test4'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 23, 258890, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______ test_nist_pkits[40305 (valid_name_chaining_capitalization_test5)] _______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40305, test_name='valid_name_chaining_capitalization_test5'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 23, 371139, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[40306 (valid_name_chaining_uids_test6)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40306, test_name='valid_name_chaining_uids_test6'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 23, 450531, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____ test_nist_pkits[40307 (valid_rfc3280_mandatory_attribute_types_test7)] ____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40307, test_name='valid_rfc3280_mandatory_attribute_types_test7'), cert...8\xca\x12\xd7\x1cy\x8bu\xe6W\xf1K\xf7\x01#2o\xf2\xa2\xd2W\x0b\x1d\xd7~\x96kx'>], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 23, 531364, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____ test_nist_pkits[40308 (valid_rfc3280_optional_attribute_types_test8)] _____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40308, test_name='valid_rfc3280_optional_attribute_types_test8'), cert=...xf7\xd2\xb4PZ\xe6\xe5<\xbbm\xf8K\x822\xa8h\x18\x85*8\x8bP2\xf3\x1aA\xdaW\xa3'>], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 23, 656178, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________ test_nist_pkits[40309 (valid_utf8string_encoded_names_test9)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40309, test_name='valid_utf8string_encoded_names_test9'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 23, 736762, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _ test_nist_pkits[40310 (valid_rollover_from_printablestring_to_utf8string_test10)] _ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40310, test_name='valid_rollover_from_printablestring_to_utf8string_tes...}B\xe1F\x98\x1e\xe5>\xa9\xfcf\xc14\xf5\xb0\x88\x80\x06Y\xa4\xcd5\x9a9l9\xaac'>], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 23, 815803, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___ test_nist_pkits[40311 (valid_utf8string_case_insensitive_match_test11)] ____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40311, test_name='valid_utf8string_case_insensitive_match_test11'), cer...\x100v\x03c\x88\x04\xaf\x95\xfc\xa9\x11<\xf3\xf3Mmn5\xcfr\\5\x1b\xcd\xac\xa5'>], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 23, 895381, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __________________ test_nist_pkits[40401 (missing_crl_test1)] __________________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40401, test_name='missing_crl_test1'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 24, 4993, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______________ test_nist_pkits[40402 (invalid_revoked_ca_test2)] _______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40402, test_name='invalid_revoked_ca_test2'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 24, 97380, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______________ test_nist_pkits[40403 (invalid_revoked_ee_test3)] _______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40403, test_name='invalid_revoked_ee_test3'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 24, 178292, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[40404 (invalid_bad_crl_signature_test4)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40404, test_name='invalid_bad_crl_signature_test4'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 24, 287740, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __________ test_nist_pkits[40405 (invalid_bad_crl_issuer_name_test5)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40405, test_name='invalid_bad_crl_issuer_name_test5'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 24, 367710, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _______________ test_nist_pkits[40406 (invalid_wrong_crl_test6)] _______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40406, test_name='invalid_wrong_crl_test6'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 24, 447096, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________________ test_nist_pkits[40407 (valid_two_crls_test7)] _________________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40407, test_name='valid_two_crls_test7'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 24, 556941, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______ test_nist_pkits[40408 (invalid_unknown_crl_entry_extension_test8)] ______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40408, test_name='invalid_unknown_crl_entry_extension_test8'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 24, 638320, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _________ test_nist_pkits[40409 (invalid_unknown_crl_extension_test9)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40409, test_name='invalid_unknown_crl_extension_test9'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 24, 718208, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________ test_nist_pkits[40410 (invalid_unknown_crl_extension_test10)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40410, test_name='invalid_unknown_crl_extension_test10'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 24, 830556, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __________ test_nist_pkits[40411 (invalid_old_crl_nextupdate_test11)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40411, test_name='invalid_old_crl_nextupdate_test11'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 24, 910405, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________ test_nist_pkits[40412 (invalid_pre2000_crl_nextupdate_test12)] ________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40412, test_name='invalid_pre2000_crl_nextupdate_test12'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 24, 990108, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _____ test_nist_pkits[40413 (valid_generalizedtime_crl_nextupdate_test13)] _____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40413, test_name='valid_generalizedtime_crl_nextupdate_test13'), cert=<...\x94\xbd\x83\xf6%\xd2\xdb\xad\xc3\xb1-\x8d0\xe6Q\x10\x9aN\x9c\xaa\xce(ll\x14'>], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 25, 103912, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _________ test_nist_pkits[40414 (valid_negative_serial_number_test14)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40414, test_name='valid_negative_serial_number_test14'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 25, 183797, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________ test_nist_pkits[40415 (invalid_negative_serial_number_test15)] ________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40415, test_name='invalid_negative_serial_number_test15'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 25, 263318, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[40416 (valid_long_serial_number_test16)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40416, test_name='valid_long_serial_number_test16'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 25, 378189, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[40417 (valid_long_serial_number_test17)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40417, test_name='valid_long_serial_number_test17'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 25, 458140, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __________ test_nist_pkits[40418 (invalid_long_serial_number_test18)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40418, test_name='invalid_long_serial_number_test18'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 25, 537873, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___ test_nist_pkits[40419 (valid_separate_certificate_and_crl_keys_test19)] ____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40419, test_name='valid_separate_certificate_and_crl_keys_test19'), cer...9\xb2\xa9Z\xdb\xe1zA\x9b\x85\xac^h\n\xd4\xa9E\xc9\x11|\xb3\xebrjY\xff>\xe37l'>], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 25, 654497, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __ test_nist_pkits[40420 (invalid_separate_certificate_and_crl_keys_test20)] ___ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40420, test_name='invalid_separate_certificate_and_crl_keys_test20'), c...dicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 25, 735207, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __ test_nist_pkits[40421 (invalid_separate_certificate_and_crl_keys_test21)] ___ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40421, test_name='invalid_separate_certificate_and_crl_keys_test21'), c... end-entity certificate CRL issuer was revoked at 08:30:00 on 2010-01-01, due to a compromised key'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 25, 815297, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _____ test_nist_pkits[40501 (valid_basic_self_issued_old_with_new_test1)] ______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40501, test_name='valid_basic_self_issued_old_with_new_test1'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 25, 934586, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____ test_nist_pkits[40502 (invalid_basic_self_issued_old_with_new_test2)] _____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40502, test_name='invalid_basic_self_issued_old_with_new_test2'), cert=...dicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 26, 15722, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _____ test_nist_pkits[40503 (valid_basic_self_issued_new_with_old_test3)] ______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40503, test_name='valid_basic_self_issued_new_with_old_test3'), cert=dY\x99\x83WT\x8c\xed\x8d\xe0%`P\xbf\x845'>], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 26, 96635, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _____ test_nist_pkits[40504 (valid_basic_self_issued_new_with_old_test4)] ______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40504, test_name='valid_basic_self_issued_new_with_old_test4'), cert=dY\x99\x83WT\x8c\xed\x8d\xe0%`P\xbf\x845'>], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 26, 220936, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____ test_nist_pkits[40505 (invalid_basic_self_issued_new_with_old_test5)] _____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40505, test_name='invalid_basic_self_issued_new_with_old_test5'), cert=...dicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 26, 301075, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____ test_nist_pkits[40506 (valid_basic_self_issued_crl_signing_key_test6)] ____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40506, test_name='valid_basic_self_issued_crl_signing_key_test6'), cert...f?D\xce\xfe\x94;V\xd1\x82\x8b\xcaVL\x9cdvZ\xb1\x06\x19\x7f\xbb#\x86b\x8aEJ<6'>], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 26, 381266, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___ test_nist_pkits[40507 (invalid_basic_self_issued_crl_signing_key_test7)] ___ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40507, test_name='invalid_basic_self_issued_crl_signing_key_test7'), ce...dicates the end-entity certificate was revoked at 08:30:00 on 2010-01-01, due to a compromised key'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 26, 501923, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___ test_nist_pkits[40508 (invalid_basic_self_issued_crl_signing_key_test8)] ___ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40508, test_name='invalid_basic_self_issued_crl_signing_key_test8'), ce...Error'>, msg_regex='The path could not be validated because intermediate certificate 2 is not a CA'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 26, 582472, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40508, test_name='invalid_basic_self_issued_crl_signing_key_test8'), ce...Error'>, msg_regex='The path could not be validated because intermediate certificate 2 is not a CA'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because intermediate certificate 2 is not a CA' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _______ test_nist_pkits[40601 (invalid_missing_basicconstraints_test1)] ________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40601, test_name='invalid_missing_basicconstraints_test1'), cert=, msg_regex='The path could not be validated because intermediate certificate 1 is not a CA'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 26, 669654, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40601, test_name='invalid_missing_basicconstraints_test1'), cert=, msg_regex='The path could not be validated because intermediate certificate 1 is not a CA'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because intermediate certificate 1 is not a CA' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _______________ test_nist_pkits[40602 (invalid_ca_false_test2)] ________________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40602, test_name='invalid_ca_false_test2'), cert=, msg_regex='The path could not be validated because intermediate certificate 1 is not a CA'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 26, 797759, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40602, test_name='invalid_ca_false_test2'), cert=, msg_regex='The path could not be validated because intermediate certificate 1 is not a CA'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because intermediate certificate 1 is not a CA' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _______________ test_nist_pkits[40603 (invalid_ca_false_test3)] ________________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40603, test_name='invalid_ca_false_test3'), cert=, msg_regex='The path could not be validated because intermediate certificate 1 is not a CA'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 26, 882968, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40603, test_name='invalid_ca_false_test3'), cert=, msg_regex='The path could not be validated because intermediate certificate 1 is not a CA'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because intermediate certificate 1 is not a CA' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ______ test_nist_pkits[40604 (valid_basicconstraints_not_critical_test4)] ______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40604, test_name='valid_basicconstraints_not_critical_test4'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 26, 969220, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[40605 (invalid_pathlenconstraint_test5)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40605, test_name='invalid_pathlenconstraint_test5'), cert=, msg_regex='The path could not be validated because it exceeds the maximum path length'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 27, 47539, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40605, test_name='invalid_pathlenconstraint_test5'), cert=, msg_regex='The path could not be validated because it exceeds the maximum path length'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because it exceeds the maximum path length' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ___________ test_nist_pkits[40606 (invalid_pathlenconstraint_test6)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40606, test_name='invalid_pathlenconstraint_test6'), cert=, msg_regex='The path could not be validated because it exceeds the maximum path length'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 27, 170299, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40606, test_name='invalid_pathlenconstraint_test6'), cert=, msg_regex='The path could not be validated because it exceeds the maximum path length'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because it exceeds the maximum path length' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ____________ test_nist_pkits[40607 (valid_pathlenconstraint_test7)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40607, test_name='valid_pathlenconstraint_test7'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 27, 263043, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____________ test_nist_pkits[40608 (valid_pathlenconstraint_test8)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40608, test_name='valid_pathlenconstraint_test8'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 27, 341703, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[40609 (invalid_pathlenconstraint_test9)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40609, test_name='invalid_pathlenconstraint_test9'), cert=, msg_regex='The path could not be validated because it exceeds the maximum path length'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 27, 458405, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40609, test_name='invalid_pathlenconstraint_test9'), cert=, msg_regex='The path could not be validated because it exceeds the maximum path length'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because it exceeds the maximum path length' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[40610 (invalid_pathlenconstraint_test10)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40610, test_name='invalid_pathlenconstraint_test10'), cert=, msg_regex='The path could not be validated because it exceeds the maximum path length'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 27, 547130, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40610, test_name='invalid_pathlenconstraint_test10'), cert=, msg_regex='The path could not be validated because it exceeds the maximum path length'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because it exceeds the maximum path length' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[40611 (invalid_pathlenconstraint_test11)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40611, test_name='invalid_pathlenconstraint_test11'), cert=, msg_regex='The path could not be validated because it exceeds the maximum path length'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 27, 636938, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40611, test_name='invalid_pathlenconstraint_test11'), cert=, msg_regex='The path could not be validated because it exceeds the maximum path length'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because it exceeds the maximum path length' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[40612 (invalid_pathlenconstraint_test12)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40612, test_name='invalid_pathlenconstraint_test12'), cert=, msg_regex='The path could not be validated because it exceeds the maximum path length'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 27, 768541, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40612, test_name='invalid_pathlenconstraint_test12'), cert=, msg_regex='The path could not be validated because it exceeds the maximum path length'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because it exceeds the maximum path length' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ___________ test_nist_pkits[40613 (valid_pathlenconstraint_test13)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40613, test_name='valid_pathlenconstraint_test13'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 27, 857969, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[40614 (valid_pathlenconstraint_test14)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40614, test_name='valid_pathlenconstraint_test14'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 27, 941088, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _____ test_nist_pkits[40615 (valid_self_issued_pathlenconstraint_test15)] ______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40615, test_name='valid_self_issued_pathlenconstraint_test15'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 28, 64620, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____ test_nist_pkits[40616 (invalid_self_issued_pathlenconstraint_test16)] _____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40616, test_name='invalid_self_issued_pathlenconstraint_test16'), cert=...tionError'>, msg_regex='The path could not be validated because it exceeds the maximum path length'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 28, 145238, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40616, test_name='invalid_self_issued_pathlenconstraint_test16'), cert=...tionError'>, msg_regex='The path could not be validated because it exceeds the maximum path length'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because it exceeds the maximum path length' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _____ test_nist_pkits[40617 (valid_self_issued_pathlenconstraint_test17)] ______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40617, test_name='valid_self_issued_pathlenconstraint_test17'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 28, 235129, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __ test_nist_pkits[40701 (invalid_keyusage_critical_keycertsign_false_test1)] __ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40701, test_name='invalid_keyusage_critical_keycertsign_false_test1'), ...path could not be validated because intermediate certificate 1 is not allowed to sign certificates'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 28, 362995, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40701, test_name='invalid_keyusage_critical_keycertsign_false_test1'), ...path could not be validated because intermediate certificate 1 is not allowed to sign certificates'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because intermediate certificate 1 is not allowed to sign certificates' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _ test_nist_pkits[40702 (invalid_keyusage_not_critical_keycertsign_false_test2)] _ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40702, test_name='invalid_keyusage_not_critical_keycertsign_false_test2...path could not be validated because intermediate certificate 1 is not allowed to sign certificates'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 28, 449608, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40702, test_name='invalid_keyusage_not_critical_keycertsign_false_test2...path could not be validated because intermediate certificate 1 is not allowed to sign certificates'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because intermediate certificate 1 is not allowed to sign certificates' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[40703 (valid_keyusage_not_critical_test3)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40703, test_name='valid_keyusage_not_critical_test3'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 28, 535277, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____ test_nist_pkits[40704 (invalid_keyusage_critical_crlsign_false_test4)] ____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40704, test_name='invalid_keyusage_critical_crlsign_false_test4'), cert...ficate revocation checks failed: The CRL issuer that was identified is not authorized to sign CRLs'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 28, 658714, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __ test_nist_pkits[40705 (invalid_keyusage_not_critical_crlsign_false_test5)] __ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40705, test_name='invalid_keyusage_not_critical_crlsign_false_test5'), ...ficate revocation checks failed: The CRL issuer that was identified is not authorized to sign CRLs'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 28, 738639, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _________ test_nist_pkits[40801 (all_certs_same_policy_test1_norestr)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40801, test_name='all_certs_same_policy_test1_norestr'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 28, 819199, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _____ test_nist_pkits[40801 (all_certs_same_policy_test1_explicit_policy)] _____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40801, test_name='all_certs_same_policy_test1_explicit_policy'), cert=<...plicit_policy=True, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 28, 944033, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____ test_nist_pkits[40801 (all_certs_same_policy_test1_with_constraints1)] ____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40801, test_name='all_certs_same_policy_test1_with_constraints1'), cert...plicit_policy=True, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 29, 23038, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _ test_nist_pkits[40801 (all_certs_same_policy_test1_with_constraint_mismatch)] _ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40801, test_name='all_certs_same_policy_test1_with_constraint_mismatch'...plicit_policy=True, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 29, 103274, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40801, test_name='all_certs_same_policy_test1_with_constraint_mismatch'...plicit_policy=True, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _ test_nist_pkits[40801 (all_certs_same_policy_test1_with_constraint_mismatch_ignored)] _ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40801, test_name='all_certs_same_policy_test1_with_constraint_mismatch_...licit_policy=False, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 29, 236153, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____ test_nist_pkits[40801 (all_certs_same_policy_test1_with_constraints2)] ____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40801, test_name='all_certs_same_policy_test1_with_constraints2'), cert...licit_policy=False, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 29, 316343, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _________ test_nist_pkits[40802 (all_certificates_no_policies_test2)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40802, test_name='all_certificates_no_policies_test2'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 29, 395590, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __ test_nist_pkits[40802 (all_certificates_no_policies_test2_force_explicit)] __ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40802, test_name='all_certificates_no_policies_test2_force_explicit'), ...plicit_policy=True, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 29, 524246, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40802, test_name='all_certificates_no_policies_test2_force_explicit'), ...plicit_policy=True, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for intermediate certificate \\d' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ______________ test_nist_pkits[40803 (different_policies_test3)] _______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40803, test_name='different_policies_test3'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 29, 611494, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _______ test_nist_pkits[40803 (different_policies_test3_force_explicit)] _______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40803, test_name='different_policies_test3_force_explicit'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 29, 691744, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40803, test_name='different_policies_test3_force_explicit'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for intermediate certificate \\d' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _ test_nist_pkits[40803 (different_policies_test3_force_explicit_with_user_set)] _ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40803, test_name='different_policies_test3_force_explicit_with_user_set...plicit_policy=True, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 29, 829616, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40803, test_name='different_policies_test3_force_explicit_with_user_set...plicit_policy=True, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for intermediate certificate \\d' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ______________ test_nist_pkits[40804 (different_policies_test4)] _______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40804, test_name='different_policies_test4'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 29, 916804, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40804, test_name='different_policies_test4'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ______________ test_nist_pkits[40805 (different_policies_test5)] _______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40805, test_name='different_policies_test5'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 30, 4401, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40805, test_name='different_policies_test5'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _____________ test_nist_pkits[40806 (overlapping_policies_test6)] ______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40806, test_name='overlapping_policies_test6'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 30, 142524, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______ test_nist_pkits[40806 (overlapping_policies_test6_with_testpol1)] _______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40806, test_name='overlapping_policies_test6_with_testpol1'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 30, 224517, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______ test_nist_pkits[40806 (overlapping_policies_test6_with_testpol2)] _______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40806, test_name='overlapping_policies_test6_with_testpol2'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 30, 306420, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40806, test_name='overlapping_policies_test6_with_testpol2'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __ test_nist_pkits[40806 (overlapping_policies_test6_with_testpol2_explicit)] __ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40806, test_name='overlapping_policies_test6_with_testpol2_explicit'), ...plicit_policy=True, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 30, 447290, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40806, test_name='overlapping_policies_test6_with_testpol2_explicit'), ...plicit_policy=True, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ______________ test_nist_pkits[40807 (different_policies_test7)] _______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40807, test_name='different_policies_test7'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 30, 536521, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40807, test_name='different_policies_test7'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ______________ test_nist_pkits[40808 (different_policies_test8)] _______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40808, test_name='different_policies_test8'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 30, 625290, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40808, test_name='different_policies_test8'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for intermediate certificate 3' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ______________ test_nist_pkits[40809 (different_policies_test9)] _______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40809, test_name='different_policies_test9'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 30, 767539, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40809, test_name='different_policies_test9'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for intermediate certificate 4' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ________ test_nist_pkits[40810 (all_certificates_same_policies_test10)] ________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40810, test_name='all_certificates_same_policies_test10'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 30, 857622, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _ test_nist_pkits[40810 (all_certificates_same_policies_test10_with_testpol1)] _ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40810, test_name='all_certificates_same_policies_test10_with_testpol1')...licit_policy=False, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 30, 936747, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _ test_nist_pkits[40810 (all_certificates_same_policies_test10_with_testpol2)] _ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40810, test_name='all_certificates_same_policies_test10_with_testpol2')...licit_policy=False, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 31, 71370, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _________ test_nist_pkits[40811 (all_certificates_any_policy_test11)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40811, test_name='all_certificates_any_policy_test11'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 31, 150282, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___ test_nist_pkits[40811 (all_certificates_any_policy_test11_constrained)] ____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40811, test_name='all_certificates_any_policy_test11_constrained'), cer...licit_policy=False, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 31, 229325, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______________ test_nist_pkits[40812 (different_policies_test12)] ______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40812, test_name='different_policies_test12'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 31, 308190, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40812, test_name='different_policies_test12'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ________ test_nist_pkits[40813 (all_certificates_same_policies_test13)] ________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40813, test_name='all_certificates_same_policies_test13'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 31, 442549, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _ test_nist_pkits[40813 (all_certificates_same_policies_test13_with_testpol1)] _ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40813, test_name='all_certificates_same_policies_test13_with_testpol1')...licit_policy=False, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 31, 521409, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _ test_nist_pkits[40813 (all_certificates_same_policies_test13_with_testpol2)] _ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40813, test_name='all_certificates_same_policies_test13_with_testpol2')...licit_policy=False, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 31, 600515, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _ test_nist_pkits[40813 (all_certificates_same_policies_test13_with_testpol3)] _ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40813, test_name='all_certificates_same_policies_test13_with_testpol3')...licit_policy=False, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 31, 730027, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _ test_nist_pkits[40813 (all_certificates_same_policies_test13_with_testpol1_2)] _ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40813, test_name='all_certificates_same_policies_test13_with_testpol1_2...licit_policy=False, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 31, 809673, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __________________ test_nist_pkits[40814 (any_policy_test14)] __________________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40814, test_name='any_policy_test14'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 31, 889186, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[40814 (any_policy_test14_with_testpol1)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40814, test_name='any_policy_test14_with_testpol1'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 32, 19731, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __________ test_nist_pkits[40814 (any_policy_test14_with_testpol1_2)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40814, test_name='any_policy_test14_with_testpol1_2'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 32, 99281, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[40814 (any_policy_test14_with_testpol2)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40814, test_name='any_policy_test14_with_testpol2'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 32, 178404, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40814, test_name='any_policy_test14_with_testpol2'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _________ test_nist_pkits[40901 (valid_require_explicit_policy_test1)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40901, test_name='valid_require_explicit_policy_test1'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 32, 317281, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _________ test_nist_pkits[40902 (valid_require_explicit_policy_test2)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40902, test_name='valid_require_explicit_policy_test2'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 32, 400546, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________ test_nist_pkits[40903 (invalid_require_explicit_policy_test3)] ________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40903, test_name='invalid_require_explicit_policy_test3'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 32, 483497, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40903, test_name='invalid_require_explicit_policy_test3'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _________ test_nist_pkits[40904 (valid_require_explicit_policy_test4)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40904, test_name='valid_require_explicit_policy_test4'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 32, 628084, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________ test_nist_pkits[40905 (invalid_require_explicit_policy_test5)] ________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40905, test_name='invalid_require_explicit_policy_test5'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 32, 714521, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40905, test_name='invalid_require_explicit_policy_test5'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ___ test_nist_pkits[40906 (valid_self_issued_require_explicit_policy_test6)] ___ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40906, test_name='valid_self_issued_require_explicit_policy_test6'), ce...\xb3\xf1\xdd\xf8l\xa0h\xca\x1fQ\xc4\xf7P\x1eA\xec\xddr\xf2u\xacE\x0b\xc9\x1f'>], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 32, 804537, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __ test_nist_pkits[40907 (invalid_self_issued_require_explicit_policy_test7)] __ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40907, test_name='invalid_self_issued_require_explicit_policy_test7'), ...th could not be validated because there is no valid set of policies for the end-entity certificate'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 32, 940517, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40907, test_name='invalid_self_issued_require_explicit_policy_test7'), ...th could not be validated because there is no valid set of policies for the end-entity certificate'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __ test_nist_pkits[40908 (invalid_self_issued_require_explicit_policy_test8)] __ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40908, test_name='invalid_self_issued_require_explicit_policy_test8'), ...th could not be validated because there is no valid set of policies for the end-entity certificate'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 33, 29855, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=40908, test_name='invalid_self_issued_require_explicit_policy_test8'), ...th could not be validated because there is no valid set of policies for the end-entity certificate'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ______ test_nist_pkits[41001 (valid_policy_mapping_test2_with_testpol1)] _______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41001, test_name='valid_policy_mapping_test2_with_testpol1'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 33, 119642, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______ test_nist_pkits[41001 (valid_policy_mapping_test2_with_testpol2)] _______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41001, test_name='valid_policy_mapping_test2_with_testpol2'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 33, 255730, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41001, test_name='valid_policy_mapping_test2_with_testpol2'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _____ test_nist_pkits[41001 (valid_policy_mapping_test2_inhibit_mapping)] ______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41001, test_name='valid_policy_mapping_test2_inhibit_mapping'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 33, 342246, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41001, test_name='valid_policy_mapping_test2_inhibit_mapping'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _ test_nist_pkits[41001 (valid_policy_mapping_test2_inhibit_mapping_testpol1)] _ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41001, test_name='valid_policy_mapping_test2_inhibit_mapping_testpol1')...licit_policy=False, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 33, 428156, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41001, test_name='valid_policy_mapping_test2_inhibit_mapping_testpol1')...licit_policy=False, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ____________ test_nist_pkits[41002 (invalid_policy_mapping_test2)] _____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41002, test_name='invalid_policy_mapping_test2'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 33, 572959, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41002, test_name='invalid_policy_mapping_test2'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ____ test_nist_pkits[41002 (invalid_policy_mapping_test2_inhibit_mapping)] _____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41002, test_name='invalid_policy_mapping_test2_inhibit_mapping'), cert=...licit_policy=False, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 33, 659425, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41002, test_name='invalid_policy_mapping_test2_inhibit_mapping'), cert=...licit_policy=False, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ______ test_nist_pkits[41003 (valid_policy_mapping_test3_with_testpol1)] _______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41003, test_name='valid_policy_mapping_test3_with_testpol1'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 33, 745235, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41003, test_name='valid_policy_mapping_test3_with_testpol1'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ______ test_nist_pkits[41003 (valid_policy_mapping_test3_with_testpol2)] _______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41003, test_name='valid_policy_mapping_test3_with_testpol2'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 33, 894316, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____________ test_nist_pkits[41004 (invalid_policy_mapping_test4)] _____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41004, test_name='invalid_policy_mapping_test4'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 33, 975912, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41004, test_name='invalid_policy_mapping_test4'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ______ test_nist_pkits[41005 (valid_policy_mapping_test5_with_testpol1)] _______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41005, test_name='valid_policy_mapping_test5_with_testpol1'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 34, 64114, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______ test_nist_pkits[41005 (valid_policy_mapping_test5_with_testpol6)] _______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41005, test_name='valid_policy_mapping_test5_with_testpol6'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 34, 206389, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41005, test_name='valid_policy_mapping_test5_with_testpol6'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ______ test_nist_pkits[41006 (valid_policy_mapping_test6_with_testpol1)] _______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41006, test_name='valid_policy_mapping_test6_with_testpol1'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 34, 293483, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______ test_nist_pkits[41006 (valid_policy_mapping_test6_with_testpol6)] _______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41006, test_name='valid_policy_mapping_test6_with_testpol6'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 34, 373734, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41006, test_name='valid_policy_mapping_test6_with_testpol6'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ________ test_nist_pkits[41007 (invalid_mapping_from_any_policy_test7)] ________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41007, test_name='invalid_mapping_from_any_policy_test7'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 34, 523680, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41007, test_name='invalid_mapping_from_any_policy_test7'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because intermediate certificate 1 contains a policy mapping for the "any policy"' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _________ test_nist_pkits[41008 (invalid_mapping_to_any_policy_test8)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41008, test_name='invalid_mapping_to_any_policy_test8'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 34, 610026, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41008, test_name='invalid_mapping_to_any_policy_test8'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because intermediate certificate 1 contains a policy mapping for the "any policy"' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _____________ test_nist_pkits[41009 (valid_policy_mapping_test9)] ______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41009, test_name='valid_policy_mapping_test9'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 34, 695572, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____________ test_nist_pkits[41010 (invalid_policy_mapping_test10)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41010, test_name='invalid_policy_mapping_test10'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 34, 839050, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41010, test_name='invalid_policy_mapping_test10'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _____________ test_nist_pkits[41011 (valid_policy_mapping_test11)] _____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41011, test_name='valid_policy_mapping_test11'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 34, 926344, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _____________ test_nist_pkits[41013 (valid_policy_mapping_test13)] _____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41013, test_name='valid_policy_mapping_test13'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 35, 6051, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _____________ test_nist_pkits[41014 (valid_policy_mapping_test14)] _____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41014, test_name='valid_policy_mapping_test14'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 35, 150616, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________ test_nist_pkits[41101 (invalid_inhibit_policy_mapping_test1)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41101, test_name='invalid_inhibit_policy_mapping_test1'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 35, 229516, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41101, test_name='invalid_inhibit_policy_mapping_test1'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _________ test_nist_pkits[41102 (valid_inhibit_policy_mapping_test2)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41102, test_name='valid_inhibit_policy_mapping_test2'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 35, 316323, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________ test_nist_pkits[41103 (invalid_inhibit_policy_mapping_test3)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41103, test_name='invalid_inhibit_policy_mapping_test3'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 35, 396382, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41103, test_name='invalid_inhibit_policy_mapping_test3'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _________ test_nist_pkits[41104 (valid_inhibit_policy_mapping_test4)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41104, test_name='valid_inhibit_policy_mapping_test4'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 35, 544458, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________ test_nist_pkits[41105 (invalid_inhibit_policy_mapping_test5)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41105, test_name='invalid_inhibit_policy_mapping_test5'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 35, 626306, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41105, test_name='invalid_inhibit_policy_mapping_test5'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ________ test_nist_pkits[41106 (invalid_inhibit_policy_mapping_test6)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41106, test_name='invalid_inhibit_policy_mapping_test6'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 35, 715429, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41106, test_name='invalid_inhibit_policy_mapping_test6'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ___ test_nist_pkits[41107 (valid_self_issued_inhibit_policy_mapping_test7)] ____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41107, test_name='valid_self_issued_inhibit_policy_mapping_test7'), cer...\x88(\x89\xb1\xcc\x8b \x1d\xa5e*]\x8axU\xfaDE\x9a\'t\xaf\xf9N\xca\'W\x9a\xab'>], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 35, 864680, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __ test_nist_pkits[41108 (invalid_self_issued_inhibit_policy_mapping_test8)] ___ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41108, test_name='invalid_self_issued_inhibit_policy_mapping_test8'), c...th could not be validated because there is no valid set of policies for the end-entity certificate'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 35, 945924, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41108, test_name='invalid_self_issued_inhibit_policy_mapping_test8'), c...th could not be validated because there is no valid set of policies for the end-entity certificate'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __ test_nist_pkits[41109 (invalid_self_issued_inhibit_policy_mapping_test9)] ___ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41109, test_name='invalid_self_issued_inhibit_policy_mapping_test9'), c...th could not be validated because there is no valid set of policies for the end-entity certificate'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 36, 34999, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41109, test_name='invalid_self_issued_inhibit_policy_mapping_test9'), c...th could not be validated because there is no valid set of policies for the end-entity certificate'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __ test_nist_pkits[41110 (invalid_self_issued_inhibit_policy_mapping_test10)] __ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41110, test_name='invalid_self_issued_inhibit_policy_mapping_test10'), ...th could not be validated because there is no valid set of policies for the end-entity certificate'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 36, 186767, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41110, test_name='invalid_self_issued_inhibit_policy_mapping_test10'), ...th could not be validated because there is no valid set of policies for the end-entity certificate'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __ test_nist_pkits[41111 (invalid_self_issued_inhibit_policy_mapping_test11)] __ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41111, test_name='invalid_self_issued_inhibit_policy_mapping_test11'), ...th could not be validated because there is no valid set of policies for the end-entity certificate'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 36, 276137, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41111, test_name='invalid_self_issued_inhibit_policy_mapping_test11'), ...th could not be validated because there is no valid set of policies for the end-entity certificate'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[41201 (invalid_inhibit_any_policy_test1)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41201, test_name='invalid_inhibit_any_policy_test1'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 36, 365462, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41201, test_name='invalid_inhibit_any_policy_test1'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ___________ test_nist_pkits[41202 (valid_inhibit_any_policy_test2)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41202, test_name='valid_inhibit_any_policy_test2'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 36, 515020, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______________ test_nist_pkits[41203 (inhibit_any_policy_test3)] _______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41203, test_name='inhibit_any_policy_test3'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 36, 598658, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______ test_nist_pkits[41203 (inhibit_any_policy_test3_initial_inhibit)] _______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41203, test_name='inhibit_any_policy_test3_initial_inhibit'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 36, 679928, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41203, test_name='inhibit_any_policy_test3_initial_inhibit'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for intermediate certificate \\d' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[41204 (invalid_inhibit_any_policy_test4)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41204, test_name='invalid_inhibit_any_policy_test4'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 36, 832664, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41204, test_name='invalid_inhibit_any_policy_test4'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[41205 (invalid_inhibit_any_policy_test5)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41205, test_name='invalid_inhibit_any_policy_test5'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 36, 920217, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41205, test_name='invalid_inhibit_any_policy_test5'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[41206 (invalid_inhibit_any_policy_test6)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41206, test_name='invalid_inhibit_any_policy_test6'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 37, 7635, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41206, test_name='invalid_inhibit_any_policy_test6'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _____ test_nist_pkits[41207 (valid_self_issued_inhibit_any_policy_test7)] ______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41207, test_name='valid_self_issued_inhibit_any_policy_test7'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 37, 162300, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____ test_nist_pkits[41208 (invalid_self_issued_inhibit_any_policy_test8)] _____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41208, test_name='invalid_self_issued_inhibit_any_policy_test8'), cert=...th could not be validated because there is no valid set of policies for intermediate certificate 4'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 37, 243491, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41208, test_name='invalid_self_issued_inhibit_any_policy_test8'), cert=...th could not be validated because there is no valid set of policies for intermediate certificate 4'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for intermediate certificate 4' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _____ test_nist_pkits[41209 (valid_self_issued_inhibit_any_policy_test9)] ______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41209, test_name='valid_self_issued_inhibit_any_policy_test9'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 37, 332990, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____ test_nist_pkits[41210 (invalid_self_issued_inhibit_any_policy_test10)] ____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41210, test_name='invalid_self_issued_inhibit_any_policy_test10'), cert...th could not be validated because there is no valid set of policies for the end-entity certificate'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 37, 483492, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41210, test_name='invalid_self_issued_inhibit_any_policy_test10'), cert...th could not be validated because there is no valid set of policies for the end-entity certificate'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because there is no valid set of policies for the end-entity certificate' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ___________ test_nist_pkits[41301 (valid_dn_nameconstraints_test1)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41301, test_name='valid_dn_nameconstraints_test1'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 37, 571724, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __________ test_nist_pkits[41302 (invalid_dn_nameconstraints_test2)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41302, test_name='invalid_dn_nameconstraints_test2'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 37, 654584, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41302, test_name='invalid_dn_nameconstraints_test2'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[41303 (invalid_dn_nameconstraints_test3)0] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41303, test_name='invalid_dn_nameconstraints_test3'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 37, 810366, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41303, test_name='invalid_dn_nameconstraints_test3'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[41303 (invalid_dn_nameconstraints_test3)1] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41303, test_name='invalid_dn_nameconstraints_test3'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 37, 896502, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41303, test_name='invalid_dn_nameconstraints_test3'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ___________ test_nist_pkits[41304 (valid_dn_nameconstraints_test4)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41304, test_name='valid_dn_nameconstraints_test4'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 37, 983013, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[41305 (valid_dn_nameconstraints_test5)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41305, test_name='valid_dn_nameconstraints_test5'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 38, 132711, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[41306 (valid_dn_nameconstraints_test6)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41306, test_name='valid_dn_nameconstraints_test6'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 38, 213197, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __________ test_nist_pkits[41307 (invalid_dn_nameconstraints_test7)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41307, test_name='invalid_dn_nameconstraints_test7'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 38, 292298, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41307, test_name='invalid_dn_nameconstraints_test7'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[41308 (invalid_dn_nameconstraints_test8)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41308, test_name='invalid_dn_nameconstraints_test8'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 38, 451271, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41308, test_name='invalid_dn_nameconstraints_test8'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[41309 (invalid_dn_nameconstraints_test9)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41309, test_name='invalid_dn_nameconstraints_test9'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 38, 536744, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41309, test_name='invalid_dn_nameconstraints_test9'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[41310 (invalid_dn_nameconstraints_test10)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41310, test_name='invalid_dn_nameconstraints_test10'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 38, 621923, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41310, test_name='invalid_dn_nameconstraints_test10'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ___________ test_nist_pkits[41311 (valid_dn_nameconstraints_test11)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41311, test_name='valid_dn_nameconstraints_test11'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 38, 781639, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __________ test_nist_pkits[41312 (invalid_dn_nameconstraints_test12)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41312, test_name='invalid_dn_nameconstraints_test12'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 38, 860758, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41312, test_name='invalid_dn_nameconstraints_test12'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[41313 (invalid_dn_nameconstraints_test13)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41313, test_name='invalid_dn_nameconstraints_test13'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 38, 948403, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41313, test_name='invalid_dn_nameconstraints_test13'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ___________ test_nist_pkits[41314 (valid_dn_nameconstraints_test14)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41314, test_name='valid_dn_nameconstraints_test14'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 39, 109485, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __________ test_nist_pkits[41315 (invalid_dn_nameconstraints_test15)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41315, test_name='invalid_dn_nameconstraints_test15'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 39, 189535, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41315, test_name='invalid_dn_nameconstraints_test15'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[41316 (invalid_dn_nameconstraints_test16)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41316, test_name='invalid_dn_nameconstraints_test16'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 39, 276429, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41316, test_name='invalid_dn_nameconstraints_test16'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[41317 (invalid_dn_nameconstraints_test17)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41317, test_name='invalid_dn_nameconstraints_test17'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 39, 438592, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41317, test_name='invalid_dn_nameconstraints_test17'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ___________ test_nist_pkits[41318 (valid_dn_nameconstraints_test18)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41318, test_name='valid_dn_nameconstraints_test18'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 39, 525234, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _____ test_nist_pkits[41319 (valid_self_issued_dn_nameconstraints_test19)] _____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41319, test_name='valid_self_issued_dn_nameconstraints_test19'), cert=<...xa3\xa0\xaa\\]P\xca\x93@U\xe0\xd8`\'\x06\xca\xc3\x0c\xaa\x05\xec\x8f\xb5\xd0'>], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 39, 604725, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____ test_nist_pkits[41320 (invalid_self_issued_dn_nameconstraints_test20)] ____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41320, test_name='invalid_self_issued_dn_nameconstraints_test20'), cert...t all names of the end-entity certificate are in the permitted namespace of the issuing authority.'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 39, 761377, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41320, test_name='invalid_self_issued_dn_nameconstraints_test20'), cert...t all names of the end-entity certificate are in the permitted namespace of the issuing authority.'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _________ test_nist_pkits[41321 (valid_rfc822_nameconstraints_test21)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41321, test_name='valid_rfc822_nameconstraints_test21'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 39, 847112, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________ test_nist_pkits[41322 (invalid_rfc822_nameconstraints_test22)] ________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41322, test_name='invalid_rfc822_nameconstraints_test22'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 39, 925311, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41322, test_name='invalid_rfc822_nameconstraints_test22'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _________ test_nist_pkits[41323 (valid_rfc822_nameconstraints_test23)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41323, test_name='valid_rfc822_nameconstraints_test23'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 40, 10267, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________ test_nist_pkits[41324 (invalid_rfc822_nameconstraints_test24)] ________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41324, test_name='invalid_rfc822_nameconstraints_test24'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 40, 160637, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41324, test_name='invalid_rfc822_nameconstraints_test24'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _________ test_nist_pkits[41325 (valid_rfc822_nameconstraints_test25)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41325, test_name='valid_rfc822_nameconstraints_test25'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 40, 245784, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________ test_nist_pkits[41326 (invalid_rfc822_nameconstraints_test26)] ________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41326, test_name='invalid_rfc822_nameconstraints_test26'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 40, 324324, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41326, test_name='invalid_rfc822_nameconstraints_test26'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _____ test_nist_pkits[41327 (valid_dn_and_rfc822_nameconstraints_test27)] ______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41327, test_name='valid_dn_and_rfc822_nameconstraints_test27'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 40, 482480, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____ test_nist_pkits[41328 (invalid_dn_and_rfc822_nameconstraints_test28)] _____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41328, test_name='invalid_dn_and_rfc822_nameconstraints_test28'), cert=...t all names of the end-entity certificate are in the permitted namespace of the issuing authority.'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 40, 562835, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41328, test_name='invalid_dn_and_rfc822_nameconstraints_test28'), cert=...t all names of the end-entity certificate are in the permitted namespace of the issuing authority.'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ____ test_nist_pkits[41329 (invalid_dn_and_rfc822_nameconstraints_test29)] _____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41329, test_name='invalid_dn_and_rfc822_nameconstraints_test29'), cert=...t all names of the end-entity certificate are in the permitted namespace of the issuing authority.'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 40, 649886, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41329, test_name='invalid_dn_and_rfc822_nameconstraints_test29'), cert=...t all names of the end-entity certificate are in the permitted namespace of the issuing authority.'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[41330 (valid_dns_nameconstraints_test30)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41330, test_name='valid_dns_nameconstraints_test30'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 40, 812573, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _________ test_nist_pkits[41331 (invalid_dns_nameconstraints_test31)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41331, test_name='invalid_dns_nameconstraints_test31'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 40, 906425, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41331, test_name='invalid_dns_nameconstraints_test31'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[41332 (valid_dns_nameconstraints_test32)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41332, test_name='valid_dns_nameconstraints_test32'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 40, 994332, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _________ test_nist_pkits[41333 (invalid_dns_nameconstraints_test33)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41333, test_name='invalid_dns_nameconstraints_test33'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 41, 153309, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41333, test_name='invalid_dns_nameconstraints_test33'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[41334 (valid_uri_nameconstraints_test34)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41334, test_name='valid_uri_nameconstraints_test34'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 41, 238911, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _________ test_nist_pkits[41335 (invalid_uri_nameconstraints_test35)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41335, test_name='invalid_uri_nameconstraints_test35'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 41, 318470, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41335, test_name='invalid_uri_nameconstraints_test35'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] __________ test_nist_pkits[41336 (valid_uri_nameconstraints_test36)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41336, test_name='valid_uri_nameconstraints_test36'), cert=\xd1\x85"\xf0.\x8f'>], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 41, 482828, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _________ test_nist_pkits[41337 (invalid_uri_nameconstraints_test37)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41337, test_name='invalid_uri_nameconstraints_test37'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 41, 562267, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41337, test_name='invalid_uri_nameconstraints_test37'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because some names of the end-entity certificate are excluded from the namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] _________ test_nist_pkits[41338 (invalid_dns_nameconstraints_test38)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41338, test_name='invalid_dns_nameconstraints_test38'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 41, 648155, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41338, test_name='invalid_dns_nameconstraints_test38'), cert= with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because not all names of the end-entity certificate are in the permitted namespace of the issuing authority.' [ 47s] E Input: 'The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ____________ test_nist_pkits[41401 (valid_distributionpoint_test1)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41401, test_name='valid_distributionpoint_test1'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 41, 816029, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[41402 (invalid_distributionpoint_test2)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41402, test_name='invalid_distributionpoint_test2'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 41, 895520, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[41403 (invalid_distributionpoint_test3)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41403, test_name='invalid_distributionpoint_test3'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 41, 974761, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____________ test_nist_pkits[41404 (valid_distributionpoint_test4)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41404, test_name='valid_distributionpoint_test4'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 42, 135888, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____________ test_nist_pkits[41405 (valid_distributionpoint_test5)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41405, test_name='valid_distributionpoint_test5'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 42, 214578, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[41406 (invalid_distributionpoint_test6)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41406, test_name='invalid_distributionpoint_test6'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 42, 293204, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____________ test_nist_pkits[41407 (valid_distributionpoint_test7)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41407, test_name='valid_distributionpoint_test7'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 42, 454834, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[41408 (invalid_distributionpoint_test8)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41408, test_name='invalid_distributionpoint_test8'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 42, 533576, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[41409 (invalid_distributionpoint_test9)] ___________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41409, test_name='invalid_distributionpoint_test9'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 42, 612395, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______ test_nist_pkits[41410 (valid_no_issuingdistributionpoint_test10)] _______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41410, test_name='valid_no_issuingdistributionpoint_test10'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 42, 778576, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______ test_nist_pkits[41411 (invalid_onlycontainsusercerts_crl_test11)] _______ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41411, test_name='invalid_onlycontainsusercerts_crl_test11'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 42, 858163, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _______ test_nist_pkits[41412 (invalid_onlycontainscacerts_crl_test12)] ________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41412, test_name='invalid_onlycontainscacerts_crl_test12'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 42, 937588, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________ test_nist_pkits[41413 (valid_onlycontainscacerts_crl_test13)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41413, test_name='valid_onlycontainscacerts_crl_test13'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 43, 102699, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____ test_nist_pkits[41414 (invalid_onlycontainsattributecerts_crl_test14)] ____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41414, test_name='invalid_onlycontainsattributecerts_crl_test14'), cert...ause the end-entity certificate revocation checks failed: CRL only contains attribute certificates'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 43, 182062, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[41415 (invalid_onlysomereasons_test15)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41415, test_name='invalid_onlysomereasons_test15'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 43, 261580, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[41416 (invalid_onlysomereasons_test16)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41416, test_name='invalid_onlysomereasons_test16'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 43, 340981, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[41417 (invalid_onlysomereasons_test17)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41417, test_name='invalid_onlysomereasons_test17'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 43, 499603, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____________ test_nist_pkits[41418 (valid_onlysomereasons_test18)] _____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41418, test_name='valid_onlysomereasons_test18'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 43, 579110, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ____________ test_nist_pkits[41419 (valid_onlysomereasons_test19)] _____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41419, test_name='valid_onlysomereasons_test19'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 43, 658107, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[41420 (invalid_onlysomereasons_test20)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41420, test_name='invalid_onlysomereasons_test20'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 43, 817827, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________ test_nist_pkits[41421 (invalid_onlysomereasons_test21)] ____________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41421, test_name='invalid_onlysomereasons_test21'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 43, 897032, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __________ test_nist_pkits[41422 (valid_idp_with_indirectcrl_test22)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41422, test_name='valid_idp_with_indirectcrl_test22'), cert=\xd6\x1f\x9e2\x1eO\x0c\xaaPn\x1cI8\xbfE\xee\x8c\xd0r'>], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 43, 976359, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _________ test_nist_pkits[41423 (invalid_idp_with_indirectcrl_test23)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41423, test_name='invalid_idp_with_indirectcrl_test23'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 44, 136663, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __________ test_nist_pkits[41424 (valid_idp_with_indirectcrl_test24)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41424, test_name='valid_idp_with_indirectcrl_test24'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 44, 215567, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] __________ test_nist_pkits[41425 (valid_idp_with_indirectcrl_test25)] __________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41425, test_name='valid_idp_with_indirectcrl_test25'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 44, 295850, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _________ test_nist_pkits[41426 (invalid_idp_with_indirectcrl_test26)] _________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41426, test_name='invalid_idp_with_indirectcrl_test26'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 44, 459443, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______________ test_nist_pkits[41427 (invalid_crlissuer_test27)] _______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41427, test_name='invalid_crlissuer_test27'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 44, 539653, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _______________ test_nist_pkits[41428 (valid_crlissuer_test28)] ________________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41428, test_name='valid_crlissuer_test28'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 44, 619279, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _______________ test_nist_pkits[41429 (valid_crlissuer_test29)] ________________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41429, test_name='valid_crlissuer_test29'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 44, 787619, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _______________ test_nist_pkits[41430 (valid_crlissuer_test30)] ________________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41430, test_name='valid_crlissuer_test30'), cert=\x9f\th\xd1\xf6\xe2\x94\x13\x9a)\x1a\x8e_|'>], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 44, 867727, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______________ test_nist_pkits[41431 (invalid_crlissuer_test31)] _______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41431, test_name='invalid_crlissuer_test31'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 44, 950860, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______________ test_nist_pkits[41432 (invalid_crlissuer_test32)] _______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41432, test_name='invalid_crlissuer_test32'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 45, 116580, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _______________ test_nist_pkits[41433 (valid_crlissuer_test33)] ________________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41433, test_name='valid_crlissuer_test33'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 45, 196789, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______________ test_nist_pkits[41434 (invalid_crlissuer_test34)] _______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41434, test_name='invalid_crlissuer_test34'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 45, 277171, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______________ test_nist_pkits[41435 (invalid_crlissuer_test35)] _______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41435, test_name='invalid_crlissuer_test35'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 45, 444268, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _____ test_nist_pkits[41501 (invalid_deltacrlindicator_no_base_set_test1)] _____ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41501, test_name='invalid_deltacrlindicator_no_base_set_test1'), cert=<...d not be validated because no revocation information could be found for the end-entity certificate'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 45, 523524, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________________ test_nist_pkits[41502 (valid_deltacrl_test2)] _________________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41502, test_name='valid_deltacrl_test2'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 45, 602967, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _______________ test_nist_pkits[41503 (invalid_deltacrl_test3)] ________________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41503, test_name='invalid_deltacrl_test3'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 45, 771342, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _______________ test_nist_pkits[41504 (invalid_deltacrl_test4)] ________________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41504, test_name='invalid_deltacrl_test4'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 45, 850503, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________________ test_nist_pkits[41505 (valid_deltacrl_test5)] _________________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41505, test_name='valid_deltacrl_test5'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 45, 930169, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _______________ test_nist_pkits[41506 (invalid_deltacrl_test6)] ________________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41506, test_name='invalid_deltacrl_test6'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 46, 99425, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________________ test_nist_pkits[41507 (valid_deltacrl_test7)] _________________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41507, test_name='valid_deltacrl_test7'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 46, 179282, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ________________ test_nist_pkits[41508 (valid_deltacrl_test8)] _________________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41508, test_name='valid_deltacrl_test8'), cert=], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 46, 258729, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _______________ test_nist_pkits[41509 (invalid_deltacrl_test9)] ________________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41509, test_name='invalid_deltacrl_test9'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 46, 429001, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _______________ test_nist_pkits[41510 (invalid_deltacrl_test10)] _______________ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41510, test_name='invalid_deltacrl_test10'), cert= validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 46, 508582, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _ test_nist_pkits[41601 (valid_unknown_not_critical_certificate_extension_test1)] _ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41601, test_name='valid_unknown_not_critical_certificate_extension_test...\x8bJ\xf7w\xe6'>], path_len=2, path=None, check_revocation=True, other_certs=[], expected_error=None, pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] validate_path(context, path, parameters=params) [ 47s] else: [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:652: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 46, 587726, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because the end-entity certificate expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _ test_nist_pkits[41602 (invalid_unknown_critical_certificate_extension_test2)] _ [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41602, test_name='invalid_unknown_critical_certificate_extension_test2'...-entity certificate contains the following unsupported critical extension: 2.16.840.1.101.2.1.12.2'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] > validate_path(context, path, parameters=params) [ 47s] [ 47s] tests/test_validate.py:650: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 46, 758134, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because the end-entity certificate expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] [ 47s] During handling of the above exception, another exception occurred: [ 47s] [ 47s] test_case = PKITSTestCase(test_info=CannedTestInfo(test_id=41602, test_name='invalid_unknown_critical_certificate_extension_test2'...-entity certificate contains the following unsupported critical extension: 2.16.840.1.101.2.1.12.2'), pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', read_pkits_test_params(), ids=lambda case: str(case.test_info) [ 47s] ) [ 47s] def test_nist_pkits(test_case: PKITSTestCase): [ 47s] revocation_mode = "require" if test_case.check_revocation else "hard-fail" [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode=revocation_mode, [ 47s] # adjust default algo policy to pass NIST tests [ 47s] algorithm_usage_policy=DisallowWeakAlgorithmsPolicy( [ 47s] weak_hash_algos={'md2', 'md5'}, dsa_key_size_threshold=1024 [ 47s] ), [ 47s] ) [ 47s] [ 47s] if test_case.path is None: [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] else: [ 47s] path = test_case.path [ 47s] [ 47s] assert test_case.path_len == len(path) [ 47s] [ 47s] err = test_case.expected_error [ 47s] params = test_case.pkix_params [ 47s] if err is not None: [ 47s] > with pytest.raises(err.err_class, match=err.msg_regex): [ 47s] E AssertionError: Regex pattern did not match. [ 47s] E Regex: 'The path could not be validated because the end-entity certificate contains the following unsupported critical extension: 2.16.840.1.101.2.1.12.2' [ 47s] E Input: 'The path could not be validated because the end-entity certificate expired 2030-12-31 08:30:00Z' [ 47s] [ 47s] tests/test_validate.py:649: AssertionError [ 47s] ______ test_nist_pkits_user_notice[40815 (user_notice_qualifier_test15)] _______ [ 47s] [ 47s] test_case = PKITSUserNoticeTestCase(test_info=CannedTestInfo(test_id=40815, test_name='user_notice_qualifier_test15'), cert= validate_path(context, path, parameters=test_case.pkix_params) [ 47s] [ 47s] tests/test_validate.py:731: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 46, 843922, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because the end-entity certificate expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______ test_nist_pkits_user_notice[40816 (user_notice_qualifier_test16)] _______ [ 47s] [ 47s] test_case = PKITSUserNoticeTestCase(test_info=CannedTestInfo(test_id=40816, test_name='user_notice_qualifier_test16'), cert=], pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', [ 47s] read_pkits_user_notice_test_params(), [ 47s] ids=lambda case: str(case.test_info), [ 47s] ) [ 47s] def test_nist_pkits_user_notice(test_case: PKITSUserNoticeTestCase): [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode="require", [ 47s] weak_hash_algos={'md2', 'md5'}, [ 47s] ) [ 47s] [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] > validate_path(context, path, parameters=test_case.pkix_params) [ 47s] [ 47s] tests/test_validate.py:731: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 46, 921755, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______ test_nist_pkits_user_notice[40817 (user_notice_qualifier_test17)] _______ [ 47s] [ 47s] test_case = PKITSUserNoticeTestCase(test_info=CannedTestInfo(test_id=40817, test_name='user_notice_qualifier_test17'), cert=], pkix_params=None) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', [ 47s] read_pkits_user_notice_test_params(), [ 47s] ids=lambda case: str(case.test_info), [ 47s] ) [ 47s] def test_nist_pkits_user_notice(test_case: PKITSUserNoticeTestCase): [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode="require", [ 47s] weak_hash_algos={'md2', 'md5'}, [ 47s] ) [ 47s] [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] > validate_path(context, path, parameters=test_case.pkix_params) [ 47s] [ 47s] tests/test_validate.py:731: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 47, 185, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _____ test_nist_pkits_user_notice[40818 (user_notice_qualifier_test18_q4)] _____ [ 47s] [ 47s] test_case = PKITSUserNoticeTestCase(test_info=CannedTestInfo(test_id=40818, test_name='user_notice_qualifier_test18_q4'), cert= validate_path(context, path, parameters=test_case.pkix_params) [ 47s] [ 47s] tests/test_validate.py:731: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 47, 166577, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _____ test_nist_pkits_user_notice[40818 (user_notice_qualifier_test18_q5)] _____ [ 47s] [ 47s] test_case = PKITSUserNoticeTestCase(test_info=CannedTestInfo(test_id=40818, test_name='user_notice_qualifier_test18_q5'), cert= validate_path(context, path, parameters=test_case.pkix_params) [ 47s] [ 47s] tests/test_validate.py:731: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 47, 245280, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ______ test_nist_pkits_user_notice[40818 (user_notice_qualifier_test19)] _______ [ 47s] [ 47s] test_case = PKITSUserNoticeTestCase(test_info=CannedTestInfo(test_id=40818, test_name='user_notice_qualifier_test19'), cert= validate_path(context, path, parameters=test_case.pkix_params) [ 47s] [ 47s] tests/test_validate.py:731: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 47, 323597, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because the end-entity certificate expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _ test_nist_pkits_user_notice[41012 (valid_policy_mapping_test12_with_testpol1)] _ [ 47s] [ 47s] test_case = PKITSUserNoticeTestCase(test_info=CannedTestInfo(test_id=41012, test_name='valid_policy_mapping_test12_with_testpol1')...licit_policy=False, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', [ 47s] read_pkits_user_notice_test_params(), [ 47s] ids=lambda case: str(case.test_info), [ 47s] ) [ 47s] def test_nist_pkits_user_notice(test_case: PKITSUserNoticeTestCase): [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode="require", [ 47s] weak_hash_algos={'md2', 'md5'}, [ 47s] ) [ 47s] [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] > validate_path(context, path, parameters=test_case.pkix_params) [ 47s] [ 47s] tests/test_validate.py:731: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 47, 487904, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] _ test_nist_pkits_user_notice[41012 (valid_policy_mapping_test12_with_testpol2)] _ [ 47s] [ 47s] test_case = PKITSUserNoticeTestCase(test_info=CannedTestInfo(test_id=41012, test_name='valid_policy_mapping_test12_with_testpol2')...licit_policy=False, initial_any_policy_inhibit=False, initial_permitted_subtrees=None, initial_excluded_subtrees=None)) [ 47s] [ 47s] @pytest.mark.parametrize( [ 47s] 'test_case', [ 47s] read_pkits_user_notice_test_params(), [ 47s] ids=lambda case: str(case.test_info), [ 47s] ) [ 47s] def test_nist_pkits_user_notice(test_case: PKITSUserNoticeTestCase): [ 47s] context = ValidationContext( [ 47s] trust_roots=test_case.roots, [ 47s] other_certs=test_case.other_certs, [ 47s] crls=test_case.crls, [ 47s] revocation_mode="require", [ 47s] weak_hash_algos={'md2', 'md5'}, [ 47s] ) [ 47s] [ 47s] paths = context.path_builder.build_paths(test_case.cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] > validate_path(context, path, parameters=test_case.pkix_params) [ 47s] [ 47s] tests/test_validate.py:731: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 47, 567238, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] ___________________ test_408020_cps_pointer_qualifier_test20 ___________________ [ 47s] [ 47s] def test_408020_cps_pointer_qualifier_test20(): [ 47s] cert = load_nist_cert('CPSPointerQualifierTest20EE.crt') [ 47s] ca_certs = [load_nist_cert('TrustAnchorRootCertificate.crt')] [ 47s] other_certs = [load_nist_cert('GoodCACert.crt')] [ 47s] crls = [ [ 47s] load_nist_crl('GoodCACRL.crl'), [ 47s] load_nist_crl('TrustAnchorRootCRL.crl'), [ 47s] ] [ 47s] [ 47s] context = ValidationContext( [ 47s] trust_roots=ca_certs, [ 47s] other_certs=other_certs, [ 47s] crls=crls, [ 47s] revocation_mode="require", [ 47s] weak_hash_algos={'md2', 'md5'}, [ 47s] ) [ 47s] [ 47s] paths = context.path_builder.build_paths(cert) [ 47s] assert 1 == len(paths) [ 47s] path: ValidationPath = paths[0] [ 47s] > validate_path(context, path) [ 47s] [ 47s] tests/test_validate.py:764: [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] pyhanko_certvalidator/validate.py:108: in validate_path [ 47s] result = asyncio.run( [ 47s] /usr/lib64/python3.10/asyncio/runners.py:44: in run [ 47s] return loop.run_until_complete(main) [ 47s] /usr/lib64/python3.10/asyncio/base_events.py:649: in run_until_complete [ 47s] return future.result() [ 47s] pyhanko_certvalidator/validate.py:147: in async_validate_path [ 47s] return await intl_validate_path( [ 47s] pyhanko_certvalidator/validate.py:1113: in intl_validate_path [ 47s] _check_validity( [ 47s] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [ 47s] [ 47s] validity = [ 47s] moment = datetime.datetime(2040, 12, 15, 0, 32, 47, 645702, tzinfo=datetime.timezone.utc) [ 47s] tolerance = datetime.timedelta(seconds=1) [ 47s] proc_state = [ 47s] [ 47s] def _check_validity( [ 47s] validity: Validity, moment, tolerance, proc_state: ValProcState [ 47s] ): [ 47s] if moment < validity['not_before'].native - tolerance: [ 47s] raise NotYetValidError.format( [ 47s] valid_from=validity['not_before'].native, proc_state=proc_state [ 47s] ) [ 47s] if moment > validity['not_after'].native + tolerance: [ 47s] > raise ExpiredError.format( [ 47s] expired_dt=validity['not_after'].native, proc_state=proc_state [ 47s] ) [ 47s] E pyhanko_certvalidator.errors.ExpiredError: The path could not be validated because intermediate certificate 1 expired 2030-12-31 08:30:00Z [ 47s] [ 47s] pyhanko_certvalidator/validate.py:1215: ExpiredError [ 47s] =============================== warnings summary =============================== [ 47s] ../../../../../usr/lib/python3.10/site-packages/_pytest/config/__init__.py:1441 [ 47s] /usr/lib/python3.10/site-packages/_pytest/config/__init__.py:1441: PytestConfigWarning: Unknown config option: asyncio_mode [ 47s] [ 47s] self._warn_or_fail_if_strict(f"Unknown config option: {key}\n") [ 47s] [ 47s] tests/test_validate.py:223 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_validate.py:223: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_validate.py:259 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_validate.py:259: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_validate.py:292 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_validate.py:292: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_validate.py:814 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_validate.py:814: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:47 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:47: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:69 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:69: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:87 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:87: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:108 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:108: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:135 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:135: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:159 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:159: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:199 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:199: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:214 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:214: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:244 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:244: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:273 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:273: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:304 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:304: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:334 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:334: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:355 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:355: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:378 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:378: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:407 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:407: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:433 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:433: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:461 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:461: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:485 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:485: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:514 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:514: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:541 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:541: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py:569 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ac_validate.py:569: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ades_time_slide.py:75 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ades_time_slide.py:75: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ades_time_slide.py:99 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ades_time_slide.py:99: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ades_time_slide.py:125 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ades_time_slide.py:125: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ades_time_slide.py:158 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ades_time_slide.py:158: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ades_time_slide.py:196 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ades_time_slide.py:196: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ades_time_slide.py:228 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ades_time_slide.py:228: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ades_time_slide.py:267 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ades_time_slide.py:267: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ades_time_slide.py:296 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ades_time_slide.py:296: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ades_time_slide.py:340 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_ades_time_slide.py:340: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_certificate_validator.py:20 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_certificate_validator.py:20: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_certificate_validator.py:33 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_certificate_validator.py:33: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_certificate_validator.py:47 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_certificate_validator.py:47: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_certificate_validator.py:61 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_certificate_validator.py:61: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_certificate_validator.py:75 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_certificate_validator.py:75: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_certificate_validator.py:97 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_certificate_validator.py:97: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_certificate_validator.py:134 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_certificate_validator.py:134: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_freshness.py:21 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_freshness.py:21: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_freshness.py:49 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_freshness.py:49: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_freshness.py:78 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_freshness.py:78: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_freshness.py:105 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_freshness.py:105: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_freshness.py:133 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_freshness.py:133: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_freshness.py:177 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_freshness.py:177: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_policy_proc.py:52 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_policy_proc.py:52: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_policy_proc.py:67 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_policy_proc.py:67: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_policy_proc.py:96 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_policy_proc.py:96: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_policy_proc.py:125 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_policy_proc.py:125: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_policy_proc.py:157 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_policy_proc.py:157: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_policy_proc.py:189 [ 47s] /home/abuild/rpmbuild/BUILD/certvalidator-0.26.4/tests/test_policy_proc.py:189: PytestUnknownMarkWarning: Unknown pytest.mark.asyncio - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html [ 47s] @pytest.mark.asyncio [ 47s] [ 47s] tests/test_ac_validate.py: 17 warnings [ 47s] tests/test_ades_time_slide.py: 9 warnings [ 47s] tests/test_certificate_validator.py: 7 warnings [ 47s] tests/test_freshness.py: 6 warnings [ 47s] tests/test_policy_proc.py: 6 warnings [ 47s] tests/test_validate.py: 6 warnings [ 47s] /usr/lib/python3.10/site-packages/_pytest/python.py:148: PytestUnhandledCoroutineWarning: async def functions are not natively supported and have been skipped. [ 47s] You need to install a suitable plugin for your async framework, for example: [ 47s] - anyio [ 47s] - pytest-asyncio [ 47s] - pytest-tornasync [ 47s] - pytest-trio [ 47s] - pytest-twisted [ 47s] warnings.warn(PytestUnhandledCoroutineWarning(msg.format(nodeid))) [ 47s] [ 47s] -- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html [ 47s] =========================== short test summary info ============================ [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40101 (valid_signatures_test1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40103 (invalid_ee_signature_test3)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40104 (valid_dsa_signatures_test4)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40105 (valid_dsa_parameter_inheritance_test5)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40106 (invalid_dsa_signature_test6)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40202 (invalid_ee_notbefore_date_test2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40203 (valid_pre2000_utc_notbefore_date_test3)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40204 (valid_generalizedtime_notbefore_date_test4)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40206 (invalid_ee_notafter_date_test6)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40207 (invalid_pre2000_utc_ee_notafter_date_test7)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40208 (valid_generalizedtime_notbefore_date_test8)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40301 (invalid_name_chaining_ee_test1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40302 (invalid_name_chaining_order_test2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40303 (valid_name_chaining_whitespace_test3)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40304 (valid_name_chaining_whitespace_test4)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40305 (valid_name_chaining_capitalization_test5)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40306 (valid_name_chaining_uids_test6)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40307 (valid_rfc3280_mandatory_attribute_types_test7)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40308 (valid_rfc3280_optional_attribute_types_test8)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40309 (valid_utf8string_encoded_names_test9)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40310 (valid_rollover_from_printablestring_to_utf8string_test10)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40311 (valid_utf8string_case_insensitive_match_test11)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40401 (missing_crl_test1)] - p... [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40402 (invalid_revoked_ca_test2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40403 (invalid_revoked_ee_test3)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40404 (invalid_bad_crl_signature_test4)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40405 (invalid_bad_crl_issuer_name_test5)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40406 (invalid_wrong_crl_test6)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40407 (valid_two_crls_test7)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40408 (invalid_unknown_crl_entry_extension_test8)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40409 (invalid_unknown_crl_extension_test9)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40410 (invalid_unknown_crl_extension_test10)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40411 (invalid_old_crl_nextupdate_test11)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40412 (invalid_pre2000_crl_nextupdate_test12)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40413 (valid_generalizedtime_crl_nextupdate_test13)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40414 (valid_negative_serial_number_test14)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40415 (invalid_negative_serial_number_test15)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40416 (valid_long_serial_number_test16)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40417 (valid_long_serial_number_test17)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40418 (invalid_long_serial_number_test18)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40419 (valid_separate_certificate_and_crl_keys_test19)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40420 (invalid_separate_certificate_and_crl_keys_test20)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40421 (invalid_separate_certificate_and_crl_keys_test21)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40501 (valid_basic_self_issued_old_with_new_test1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40502 (invalid_basic_self_issued_old_with_new_test2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40503 (valid_basic_self_issued_new_with_old_test3)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40504 (valid_basic_self_issued_new_with_old_test4)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40505 (invalid_basic_self_issued_new_with_old_test5)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40506 (valid_basic_self_issued_crl_signing_key_test6)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40507 (invalid_basic_self_issued_crl_signing_key_test7)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40508 (invalid_basic_self_issued_crl_signing_key_test8)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40601 (invalid_missing_basicconstraints_test1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40602 (invalid_ca_false_test2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40603 (invalid_ca_false_test3)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40604 (valid_basicconstraints_not_critical_test4)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40605 (invalid_pathlenconstraint_test5)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40606 (invalid_pathlenconstraint_test6)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40607 (valid_pathlenconstraint_test7)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40608 (valid_pathlenconstraint_test8)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40609 (invalid_pathlenconstraint_test9)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40610 (invalid_pathlenconstraint_test10)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40611 (invalid_pathlenconstraint_test11)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40612 (invalid_pathlenconstraint_test12)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40613 (valid_pathlenconstraint_test13)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40614 (valid_pathlenconstraint_test14)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40615 (valid_self_issued_pathlenconstraint_test15)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40616 (invalid_self_issued_pathlenconstraint_test16)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40617 (valid_self_issued_pathlenconstraint_test17)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40701 (invalid_keyusage_critical_keycertsign_false_test1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40702 (invalid_keyusage_not_critical_keycertsign_false_test2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40703 (valid_keyusage_not_critical_test3)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40704 (invalid_keyusage_critical_crlsign_false_test4)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40705 (invalid_keyusage_not_critical_crlsign_false_test5)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40801 (all_certs_same_policy_test1_norestr)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40801 (all_certs_same_policy_test1_explicit_policy)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40801 (all_certs_same_policy_test1_with_constraints1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40801 (all_certs_same_policy_test1_with_constraint_mismatch)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40801 (all_certs_same_policy_test1_with_constraint_mismatch_ignored)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40801 (all_certs_same_policy_test1_with_constraints2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40802 (all_certificates_no_policies_test2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40802 (all_certificates_no_policies_test2_force_explicit)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40803 (different_policies_test3)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40803 (different_policies_test3_force_explicit)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40803 (different_policies_test3_force_explicit_with_user_set)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40804 (different_policies_test4)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40805 (different_policies_test5)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40806 (overlapping_policies_test6)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40806 (overlapping_policies_test6_with_testpol1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40806 (overlapping_policies_test6_with_testpol2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40806 (overlapping_policies_test6_with_testpol2_explicit)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40807 (different_policies_test7)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40808 (different_policies_test8)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40809 (different_policies_test9)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40810 (all_certificates_same_policies_test10)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40810 (all_certificates_same_policies_test10_with_testpol1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40810 (all_certificates_same_policies_test10_with_testpol2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40811 (all_certificates_any_policy_test11)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40811 (all_certificates_any_policy_test11_constrained)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40812 (different_policies_test12)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40813 (all_certificates_same_policies_test13)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40813 (all_certificates_same_policies_test13_with_testpol1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40813 (all_certificates_same_policies_test13_with_testpol2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40813 (all_certificates_same_policies_test13_with_testpol3)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40813 (all_certificates_same_policies_test13_with_testpol1_2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40814 (any_policy_test14)] - p... [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40814 (any_policy_test14_with_testpol1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40814 (any_policy_test14_with_testpol1_2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40814 (any_policy_test14_with_testpol2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40901 (valid_require_explicit_policy_test1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40902 (valid_require_explicit_policy_test2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40903 (invalid_require_explicit_policy_test3)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40904 (valid_require_explicit_policy_test4)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40905 (invalid_require_explicit_policy_test5)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40906 (valid_self_issued_require_explicit_policy_test6)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40907 (invalid_self_issued_require_explicit_policy_test7)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[40908 (invalid_self_issued_require_explicit_policy_test8)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41001 (valid_policy_mapping_test2_with_testpol1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41001 (valid_policy_mapping_test2_with_testpol2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41001 (valid_policy_mapping_test2_inhibit_mapping)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41001 (valid_policy_mapping_test2_inhibit_mapping_testpol1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41002 (invalid_policy_mapping_test2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41002 (invalid_policy_mapping_test2_inhibit_mapping)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41003 (valid_policy_mapping_test3_with_testpol1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41003 (valid_policy_mapping_test3_with_testpol2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41004 (invalid_policy_mapping_test4)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41005 (valid_policy_mapping_test5_with_testpol1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41005 (valid_policy_mapping_test5_with_testpol6)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41006 (valid_policy_mapping_test6_with_testpol1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41006 (valid_policy_mapping_test6_with_testpol6)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41007 (invalid_mapping_from_any_policy_test7)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41008 (invalid_mapping_to_any_policy_test8)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41009 (valid_policy_mapping_test9)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41010 (invalid_policy_mapping_test10)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41011 (valid_policy_mapping_test11)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41013 (valid_policy_mapping_test13)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41014 (valid_policy_mapping_test14)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41101 (invalid_inhibit_policy_mapping_test1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41102 (valid_inhibit_policy_mapping_test2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41103 (invalid_inhibit_policy_mapping_test3)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41104 (valid_inhibit_policy_mapping_test4)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41105 (invalid_inhibit_policy_mapping_test5)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41106 (invalid_inhibit_policy_mapping_test6)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41107 (valid_self_issued_inhibit_policy_mapping_test7)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41108 (invalid_self_issued_inhibit_policy_mapping_test8)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41109 (invalid_self_issued_inhibit_policy_mapping_test9)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41110 (invalid_self_issued_inhibit_policy_mapping_test10)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41111 (invalid_self_issued_inhibit_policy_mapping_test11)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41201 (invalid_inhibit_any_policy_test1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41202 (valid_inhibit_any_policy_test2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41203 (inhibit_any_policy_test3)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41203 (inhibit_any_policy_test3_initial_inhibit)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41204 (invalid_inhibit_any_policy_test4)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41205 (invalid_inhibit_any_policy_test5)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41206 (invalid_inhibit_any_policy_test6)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41207 (valid_self_issued_inhibit_any_policy_test7)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41208 (invalid_self_issued_inhibit_any_policy_test8)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41209 (valid_self_issued_inhibit_any_policy_test9)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41210 (invalid_self_issued_inhibit_any_policy_test10)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41301 (valid_dn_nameconstraints_test1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41302 (invalid_dn_nameconstraints_test2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41303 (invalid_dn_nameconstraints_test3)0] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41303 (invalid_dn_nameconstraints_test3)1] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41304 (valid_dn_nameconstraints_test4)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41305 (valid_dn_nameconstraints_test5)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41306 (valid_dn_nameconstraints_test6)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41307 (invalid_dn_nameconstraints_test7)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41308 (invalid_dn_nameconstraints_test8)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41309 (invalid_dn_nameconstraints_test9)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41310 (invalid_dn_nameconstraints_test10)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41311 (valid_dn_nameconstraints_test11)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41312 (invalid_dn_nameconstraints_test12)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41313 (invalid_dn_nameconstraints_test13)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41314 (valid_dn_nameconstraints_test14)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41315 (invalid_dn_nameconstraints_test15)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41316 (invalid_dn_nameconstraints_test16)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41317 (invalid_dn_nameconstraints_test17)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41318 (valid_dn_nameconstraints_test18)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41319 (valid_self_issued_dn_nameconstraints_test19)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41320 (invalid_self_issued_dn_nameconstraints_test20)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41321 (valid_rfc822_nameconstraints_test21)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41322 (invalid_rfc822_nameconstraints_test22)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41323 (valid_rfc822_nameconstraints_test23)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41324 (invalid_rfc822_nameconstraints_test24)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41325 (valid_rfc822_nameconstraints_test25)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41326 (invalid_rfc822_nameconstraints_test26)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41327 (valid_dn_and_rfc822_nameconstraints_test27)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41328 (invalid_dn_and_rfc822_nameconstraints_test28)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41329 (invalid_dn_and_rfc822_nameconstraints_test29)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41330 (valid_dns_nameconstraints_test30)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41331 (invalid_dns_nameconstraints_test31)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41332 (valid_dns_nameconstraints_test32)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41333 (invalid_dns_nameconstraints_test33)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41334 (valid_uri_nameconstraints_test34)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41335 (invalid_uri_nameconstraints_test35)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41336 (valid_uri_nameconstraints_test36)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41337 (invalid_uri_nameconstraints_test37)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41338 (invalid_dns_nameconstraints_test38)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41401 (valid_distributionpoint_test1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41402 (invalid_distributionpoint_test2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41403 (invalid_distributionpoint_test3)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41404 (valid_distributionpoint_test4)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41405 (valid_distributionpoint_test5)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41406 (invalid_distributionpoint_test6)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41407 (valid_distributionpoint_test7)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41408 (invalid_distributionpoint_test8)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41409 (invalid_distributionpoint_test9)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41410 (valid_no_issuingdistributionpoint_test10)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41411 (invalid_onlycontainsusercerts_crl_test11)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41412 (invalid_onlycontainscacerts_crl_test12)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41413 (valid_onlycontainscacerts_crl_test13)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41414 (invalid_onlycontainsattributecerts_crl_test14)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41415 (invalid_onlysomereasons_test15)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41416 (invalid_onlysomereasons_test16)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41417 (invalid_onlysomereasons_test17)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41418 (valid_onlysomereasons_test18)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41419 (valid_onlysomereasons_test19)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41420 (invalid_onlysomereasons_test20)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41421 (invalid_onlysomereasons_test21)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41422 (valid_idp_with_indirectcrl_test22)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41423 (invalid_idp_with_indirectcrl_test23)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41424 (valid_idp_with_indirectcrl_test24)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41425 (valid_idp_with_indirectcrl_test25)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41426 (invalid_idp_with_indirectcrl_test26)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41427 (invalid_crlissuer_test27)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41428 (valid_crlissuer_test28)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41429 (valid_crlissuer_test29)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41430 (valid_crlissuer_test30)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41431 (invalid_crlissuer_test31)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41432 (invalid_crlissuer_test32)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41433 (valid_crlissuer_test33)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41434 (invalid_crlissuer_test34)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41435 (invalid_crlissuer_test35)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41501 (invalid_deltacrlindicator_no_base_set_test1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41502 (valid_deltacrl_test2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41503 (invalid_deltacrl_test3)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41504 (invalid_deltacrl_test4)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41505 (valid_deltacrl_test5)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41506 (invalid_deltacrl_test6)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41507 (valid_deltacrl_test7)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41508 (valid_deltacrl_test8)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41509 (invalid_deltacrl_test9)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41510 (invalid_deltacrl_test10)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41601 (valid_unknown_not_critical_certificate_extension_test1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits[41602 (invalid_unknown_critical_certificate_extension_test2)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits_user_notice[40815 (user_notice_qualifier_test15)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits_user_notice[40816 (user_notice_qualifier_test16)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits_user_notice[40817 (user_notice_qualifier_test17)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits_user_notice[40818 (user_notice_qualifier_test18_q4)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits_user_notice[40818 (user_notice_qualifier_test18_q5)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits_user_notice[40818 (user_notice_qualifier_test19)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits_user_notice[41012 (valid_policy_mapping_test12_with_testpol1)] [ 47s] FAILED tests/test_validate.py::test_nist_pkits_user_notice[41012 (valid_policy_mapping_test12_with_testpol2)] [ 47s] FAILED tests/test_validate.py::test_408020_cps_pointer_qualifier_test20 - pyh... [ 47s] ========== 253 failed, 48 passed, 55 skipped, 105 warnings in 27.47s =========== [ 48s] error: Bad exit status from /var/tmp/rpm-tmp.kEFxg2 (%check) [ 48s] [ 48s] RPM build errors: [ 48s] Bad exit status from /var/tmp/rpm-tmp.kEFxg2 (%check) [ 48s] [ 44.232237][ T1] sysrq: Power Off [ 48s] [ 44.232714][ T56] reboot: Power down [ 48s] [ 48s] buildhostb failed "build python-pyhanko-certvalidator.spec" at Tue Nov 12 11:16:17 UTC 2024. [ 48s]