PYTHON-5775 Coverage increase for `ocsp_support.py` by aclark4life · Pull Request #2763 · mongodb/mongo-python-driver

aclark4life · 2026-04-17T01:38:16Z

Changes in this PR

Adds test/test_ocsp_support.py with 58 unit tests for pymongo/ocsp_support.py:

_get_issuer_cert() (4) — issuer found in chain, in trusted CAs, not found returns None, no candidates.
_verify_signature() (7) — RSA / ECDSA / DSA / X25519 / X448 (skip-verify path), invalid-signature returns 0, fallback key path.
_get_extension() (2) — extension present returns the value, missing extension returns None via ExtensionNotFound.
_public_key_hash() (3) — RSA / EC / fallback key serialization paths.
_get_certs_by_key_hash() / _get_certs_by_name() (4) — match, no-match, and responder-name filtering.
_verify_response_signature() (8) — direct-issuer signing (by name and by key hash), delegated responder cert lookup (by key hash and by name), missing OCSP-signing EKU, signature verification failures.
_verify_response() (6) — successful, unauthorized / try-later / malformed-request response statuses, GOOD / REVOKED / UNKNOWN cert statuses.
_get_ocsp_response() (7) — request build, HTTP POST, RequestException handling, non-200 status, OCSP response parse, cache write on success.
_ocsp_callback() (17) — must-staple enforcement, AIA-URL absent / present, cached responses, response-validation outcomes, end-to-end accept / reject paths.

External dependencies (cryptography x509/OCSP types, requests.post) are mocked via unittest.mock so no network or real certificates are required.

The module is gated with pytestmark = pytest.mark.ocsp and pytest.importorskip("cryptography") so it is excluded from the default suite and skipped when the ocsp extra is not installed.

Test Plan

uv run --extra ocsp --extra test python -m pytest test/test_ocsp_support.py -v -m ocsp

Checklist

Checklist for Author

Did you update the changelog (if necessary)?
Is there test coverage?
Is any followup work tracked in a JIRA ticket? If so, add link(s).

Checklist for Reviewer

Does the title of the PR reference a JIRA Ticket?
Do you fully understand the implementation? (Would you be comfortable explaining how this code works to someone else?)
Is all relevant documentation (README or docstring) updated?

codecov-commenter · 2026-04-17T01:48:10Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.32%. Comparing base (f4219bd) to head (87bc26d).

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2763      +/-   ##
==========================================
+ Coverage   82.68%   88.32%   +5.64%     
==========================================
  Files         141      141              
  Lines       24406    24406              
  Branches     4176     4176              
==========================================
+ Hits        20179    21556    +1377     
+ Misses       3328     1985    -1343     
+ Partials      899      865      -34

Flag	Coverage Δ
auth-aws-rhel8-test-auth-aws-rapid-web-identity-python3.14-cov	`35.01% <ø> (ø)`
auth-aws-win64-test-auth-aws-rapid-web-identity-python3.14-cov	`35.01% <ø> (-0.03%)`	⬇️
auth-enterprise-macos-test-standard-auth-latest-python3.11-auth-ssl-sharded-cluster-cov	`43.76% <ø> (+<0.01%)`	⬆️
auth-enterprise-rhel8-test-standard-auth-latest-python3.11-auth-ssl-sharded-cluster-cov	`43.75% <ø> (ø)`
auth-enterprise-win64-test-standard-auth-latest-python3.11-auth-ssl-sharded-cluster-cov	`43.78% <ø> (ø)`
auth-oidc-local-ubuntu-22-test-auth-oidc-default	`48.60% <ø> (?)`
compression-snappy-rhel8-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov	`59.34% <ø> (-0.01%)`	⬇️
compression-snappy-rhel8-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov	`61.49% <ø> (+0.01%)`	⬆️
compression-snappy-rhel8-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov	`61.09% <ø> (ø)`
compression-snappy-rhel8-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov	`59.02% <ø> (+0.01%)`	⬆️
compression-zlib-rhel8-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov	`59.36% <ø> (+0.01%)`	⬆️
compression-zlib-rhel8-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov	`61.47% <ø> (-0.04%)`	⬇️
compression-zlib-rhel8-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov	`61.09% <ø> (-0.01%)`	⬇️
compression-zlib-rhel8-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov	`58.98% <ø> (-0.04%)`	⬇️
compression-zstd-rhel8-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov	`59.36% <ø> (+<0.01%)`	⬆️
compression-zstd-rhel8-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov	`61.51% <ø> (+0.03%)`	⬆️
compression-zstd-rhel8-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov	`61.10% <ø> (+<0.01%)`	⬆️
compression-zstd-rhel8-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov	`59.00% <ø> (-0.02%)`	⬇️
compression-zstd-ubuntu-22-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov	`58.98% <ø> (ø)`
coverage-report-coverage-report	`88.28% <ø> (+5.87%)`	⬆️
disable-test-commands-rhel8-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov	`59.34% <ø> (-0.01%)`	⬇️
disable-test-commands-rhel8-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov	`61.51% <ø> (+<0.01%)`	⬆️
disable-test-commands-rhel8-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov	`61.10% <ø> (+<0.01%)`	⬆️
disable-test-commands-rhel8-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov	`59.02% <ø> (+0.01%)`	⬆️
encryption-crypt_shared-macos-test-non-standard-latest-python3.13-noauth-nossl-standalone-cov	`52.72% <ø> (?)`
encryption-crypt_shared-macos-test-non-standard-latest-python3.14-auth-ssl-sharded-cluster-cov	`54.52% <ø> (?)`
encryption-crypt_shared-macos-test-non-standard-latest-python3.14t-noauth-ssl-replica-set-cov	`54.32% <ø> (?)`
encryption-crypt_shared-rhel8-test-non-standard-latest-python3.13-noauth-nossl-standalone-cov	`52.73% <ø> (?)`
encryption-crypt_shared-rhel8-test-non-standard-latest-python3.14-auth-ssl-sharded-cluster-cov	`54.41% <ø> (?)`
encryption-crypt_shared-rhel8-test-non-standard-latest-python3.14t-noauth-ssl-replica-set-cov	`54.37% <ø> (?)`
encryption-crypt_shared-win64-test-non-standard-latest-python3.13-noauth-nossl-standalone-cov	`52.60% <ø> (?)`
encryption-crypt_shared-win64-test-non-standard-latest-python3.14-auth-ssl-sharded-cluster-cov	`54.45% <ø> (?)`
encryption-crypt_shared-win64-test-non-standard-latest-python3.14t-noauth-ssl-replica-set-cov	`54.43% <ø> (?)`
encryption-macos-test-non-standard-latest-python3.13-noauth-nossl-standalone-cov	`52.72% <ø> (?)`
encryption-macos-test-non-standard-latest-python3.14-auth-ssl-sharded-cluster-cov	`54.52% <ø> (?)`
encryption-macos-test-non-standard-latest-python3.14t-noauth-ssl-replica-set-cov	`54.32% <ø> (?)`
encryption-pyopenssl-rhel8-test-non-standard-latest-python3.13-noauth-nossl-standalone-cov	`53.40% <ø> (?)`
encryption-pyopenssl-rhel8-test-non-standard-latest-python3.14-auth-ssl-sharded-cluster-cov	`55.10% <ø> (?)`
encryption-pyopenssl-rhel8-test-non-standard-latest-python3.14t-noauth-ssl-replica-set-cov	`55.03% <ø> (?)`
encryption-rhel8-test-non-standard-latest-python3.13-noauth-nossl-standalone-cov	`52.72% <ø> (?)`
encryption-rhel8-test-non-standard-latest-python3.14-auth-ssl-sharded-cluster-cov	`54.42% <ø> (?)`
encryption-rhel8-test-non-standard-latest-python3.14t-noauth-ssl-replica-set-cov	`54.37% <ø> (?)`
encryption-win64-test-non-standard-latest-python3.13-noauth-nossl-standalone-cov	`52.60% <ø> (?)`
encryption-win64-test-non-standard-latest-python3.14-auth-ssl-sharded-cluster-cov	`54.45% <ø> (?)`
encryption-win64-test-non-standard-latest-python3.14t-noauth-ssl-replica-set-cov	`54.37% <ø> (?)`
load-balancer-test-non-standard-latest-python3.14-auth-ssl-sharded-cluster-cov	`48.40% <ø> (?)`
mongodb-latest-test-server-version-python3.10-async-auth-ssl-sharded-cluster-min-deps-cov	`61.48% <ø> (+<0.01%)`	⬆️
mongodb-latest-test-server-version-python3.10-async-noauth-nossl-standalone-min-deps-cov	`59.34% <ø> (-0.02%)`	⬇️
mongodb-latest-test-server-version-python3.10-sync-auth-ssl-sharded-cluster-min-deps-cov	`59.51% <ø> (ø)`
mongodb-latest-test-server-version-python3.10-sync-noauth-nossl-replica-set-min-deps-cov	`59.60% <ø> (ø)`
mongodb-latest-test-server-version-python3.11-async-noauth-nossl-replica-set-cov	`61.43% <ø> (+0.01%)`	⬆️
mongodb-rapid-test-server-version-python3.10-async-auth-ssl-sharded-cluster-min-deps-cov	`61.48% <ø> (ø)`
mongodb-rapid-test-server-version-python3.10-async-noauth-nossl-standalone-min-deps-cov	`59.34% <ø> (-0.02%)`	⬇️
mongodb-rapid-test-server-version-python3.10-sync-auth-ssl-sharded-cluster-min-deps-cov	`59.50% <ø> (ø)`
mongodb-rapid-test-server-version-python3.10-sync-noauth-nossl-replica-set-min-deps-cov	`59.59% <ø> (ø)`
mongodb-rapid-test-server-version-python3.11-async-noauth-nossl-replica-set-cov	`61.42% <ø> (-0.01%)`	⬇️
mongodb-v4.2-test-server-version-python3.10-async-auth-ssl-sharded-cluster-min-deps-cov	`57.17% <ø> (ø)`
mongodb-v4.2-test-server-version-python3.10-async-noauth-nossl-standalone-min-deps-cov	`55.63% <ø> (+0.02%)`	⬆️
mongodb-v4.2-test-server-version-python3.10-sync-auth-ssl-sharded-cluster-min-deps-cov	`57.06% <ø> (ø)`
mongodb-v4.2-test-server-version-python3.10-sync-noauth-nossl-replica-set-min-deps-cov	`57.17% <ø> (ø)`
mongodb-v4.2-test-server-version-python3.11-async-noauth-nossl-replica-set-cov	`57.36% <ø> (+<0.01%)`	⬆️
mongodb-v4.4-test-server-version-python3.10-async-auth-ssl-sharded-cluster-min-deps-cov	`59.57% <ø> (ø)`
mongodb-v4.4-test-server-version-python3.10-async-noauth-nossl-standalone-min-deps-cov	`57.57% <ø> (-0.02%)`	⬇️
mongodb-v4.4-test-server-version-python3.10-sync-auth-ssl-sharded-cluster-min-deps-cov	`57.57% <ø> (ø)`
mongodb-v4.4-test-server-version-python3.10-sync-noauth-nossl-replica-set-min-deps-cov	`57.65% <ø> (ø)`
mongodb-v4.4-test-server-version-python3.11-async-noauth-nossl-replica-set-cov	`59.34% <ø> (+<0.01%)`	⬆️
mongodb-v5.0-test-server-version-python3.10-async-auth-ssl-sharded-cluster-min-deps-cov	`59.77% <ø> (+<0.01%)`	⬆️
mongodb-v5.0-test-server-version-python3.10-async-noauth-nossl-standalone-min-deps-cov	`57.75% <ø> (+<0.01%)`	⬆️
mongodb-v5.0-test-server-version-python3.10-sync-auth-ssl-sharded-cluster-min-deps-cov	`57.77% <ø> (ø)`
mongodb-v5.0-test-server-version-python3.10-sync-noauth-nossl-replica-set-min-deps-cov	`57.88% <ø> (ø)`
mongodb-v5.0-test-server-version-python3.11-async-noauth-nossl-replica-set-cov	`59.59% <ø> (+<0.01%)`	⬆️
mongodb-v6.0-test-server-version-python3.10-async-auth-ssl-sharded-cluster-min-deps-cov	`59.78% <ø> (+<0.01%)`	⬆️
mongodb-v6.0-test-server-version-python3.10-async-noauth-nossl-standalone-min-deps-cov	`57.74% <ø> (ø)`
mongodb-v6.0-test-server-version-python3.10-sync-auth-ssl-sharded-cluster-min-deps-cov	`57.79% <ø> (ø)`
mongodb-v6.0-test-server-version-python3.10-sync-noauth-nossl-replica-set-min-deps-cov	`57.93% <ø> (ø)`
mongodb-v6.0-test-server-version-python3.11-async-noauth-nossl-replica-set-cov	`59.73% <ø> (-0.02%)`	⬇️
mongodb-v7.0-test-server-version-python3.10-async-auth-ssl-sharded-cluster-min-deps-cov	`59.80% <ø> (+<0.01%)`	⬆️
mongodb-v7.0-test-server-version-python3.10-async-noauth-nossl-standalone-min-deps-cov	`57.72% <ø> (-0.01%)`	⬇️
mongodb-v7.0-test-server-version-python3.10-sync-auth-ssl-sharded-cluster-min-deps-cov	`57.84% <ø> (ø)`
mongodb-v7.0-test-server-version-python3.10-sync-noauth-nossl-replica-set-min-deps-cov	`57.93% <ø> (ø)`
mongodb-v7.0-test-server-version-python3.11-async-noauth-nossl-replica-set-cov	`59.72% <ø> (-0.02%)`	⬇️
mongodb-v8.0-test-server-version-python3.10-async-auth-ssl-sharded-cluster-min-deps-cov	`61.47% <ø> (-0.01%)`	⬇️
mongodb-v8.0-test-server-version-python3.10-async-noauth-nossl-standalone-min-deps-cov	`59.34% <ø> (+<0.01%)`	⬆️
mongodb-v8.0-test-server-version-python3.10-sync-auth-ssl-sharded-cluster-min-deps-cov	`59.50% <ø> (ø)`
mongodb-v8.0-test-server-version-python3.10-sync-noauth-nossl-replica-set-min-deps-cov	`59.59% <ø> (ø)`
mongodb-v8.0-test-server-version-python3.11-async-noauth-nossl-replica-set-cov	`61.41% <ø> (ø)`
no-c-ext-rhel8-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov	`60.55% <ø> (+<0.01%)`	⬆️
no-c-ext-rhel8-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov	`62.72% <ø> (+0.03%)`	⬆️
no-c-ext-rhel8-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov	`62.30% <ø> (ø)`
no-c-ext-rhel8-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov	`60.20% <ø> (-0.02%)`	⬇️
ocsp-rhel8-test-ocsp-ecdsa-valid-cert-server-staples-latest-python3.14-cov	`34.78% <ø> (+0.57%)`	⬆️
ocsp-rhel8-test-ocsp-rsa-valid-cert-server-staples-latest-python3.14-cov	`34.76% <ø> (+0.55%)`	⬆️
pyopenssl-macos-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov	`61.73% <ø> (?)`
pyopenssl-rhel8-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov	`61.75% <ø> (?)`
pyopenssl-win64-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov	`61.67% <ø> (?)`
stable-api-accept-v2-rhel8-auth-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov	`59.35% <ø> (+<0.01%)`	⬆️
stable-api-accept-v2-rhel8-auth-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov	`59.02% <ø> (+<0.01%)`	⬆️
stable-api-require-v1-rhel8-auth-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov	`59.31% <ø> (-0.01%)`	⬇️
stable-api-require-v1-rhel8-auth-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov	`60.95% <ø> (+<0.01%)`	⬆️
stable-api-require-v1-rhel8-auth-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov	`58.96% <ø> (ø)`
storage-inmemory-rhel8-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov	`59.37% <ø> (+0.03%)`	⬆️
storage-inmemory-rhel8-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov	`59.02% <ø> (ø)`
test-macos-arm64-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov	`59.33% <ø> (+<0.01%)`	⬆️
test-macos-arm64-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov	`61.47% <ø> (-0.05%)`	⬇️
test-macos-arm64-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov	`61.09% <ø> (+<0.01%)`	⬆️
test-macos-arm64-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov	`58.98% <ø> (+0.01%)`	⬆️
test-macos-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov	`59.33% <ø> (+0.02%)`	⬆️
test-macos-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov	`61.48% <ø> (ø)`
test-macos-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov	`61.09% <ø> (+<0.01%)`	⬆️
test-macos-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov	`58.99% <ø> (+<0.01%)`	⬆️
test-numpy-macos-arm64-test-numpy-python3.14-python3.14-cov	`32.62% <ø> (ø)`
test-numpy-macos-test-numpy-python3.14-python3.14-cov	`32.62% <ø> (+0.01%)`	⬆️
test-numpy-rhel8-test-numpy-python3.14-python3.14-cov	`32.61% <ø> (ø)`
test-numpy-win32-test-numpy-python3.14-python3.14-cov	`32.59% <ø> (ø)`
test-numpy-win64-test-numpy-python3.14-python3.14-cov	`32.58% <ø> (-0.01%)`	⬇️
test-win32-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov	`59.21% <ø> (+<0.01%)`	⬆️
test-win32-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov	`61.43% <ø> (-0.01%)`	⬇️
test-win32-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov	`61.07% <ø> (ø)`
test-win32-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov	`58.86% <ø> (-0.01%)`	⬇️
test-win64-test-standard-latest-python3.11-async-noauth-nossl-standalone-cov	`59.21% <ø> (+0.01%)`	⬆️
test-win64-test-standard-latest-python3.12-async-noauth-ssl-replica-set-cov	`61.44% <ø> (-0.01%)`	⬇️
test-win64-test-standard-latest-python3.13-async-auth-ssl-sharded-cluster-cov	`61.07% <ø> (ø)`
test-win64-test-standard-latest-python3.14-async-noauth-nossl-standalone-cov	`58.87% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copilot

Pull request overview

Adds a new unit test module to substantially increase coverage of pymongo.ocsp_support, exercising OCSP request/response building and verification logic as well as the OCSP callback behavior.

Changes:

Introduces test/test_ocsp_support.py with extensive unit tests for pymongo.ocsp_support helper functions and callback flows.
Adds coverage for multiple success/failure branches (signature verification, EKU handling, timestamp validation, cache behavior, and stapled vs non-stapled OCSP).

Copilot

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

Copilot

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

sleepyStick

I think these test failures are related to the changes you've made? Can you look into it?
ex:

[2026/04/20 17:26:06.299] ERROR: collection failure ()
[2026/04/20 17:26:06.299] ImportError while importing test module '/data/mci/eab0c9621d344811fb525a305df0a895/src/test/test_ocsp_[support.py](http://support.py/)'.
[2026/04/20 17:26:06.299] Hint: make sure your test modules/packages have valid Python names.
[2026/04/20 17:26:06.299] Traceback:
[2026/04/20 17:26:06.299] /opt/python/pypy3.11/lib/pypy3.11/importlib/__init__.py:126: in import_module
[2026/04/20 17:26:06.299]     return _bootstrap._gcd_import(name[level:], package, level)
[2026/04/20 17:26:06.299]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[2026/04/20 17:26:06.299] test/test_ocsp_[support.py:30](http://support.py:30/): in <module>
[2026/04/20 17:26:06.299]     from cryptography.exceptions import InvalidSignature
[2026/04/20 17:26:06.299] E   ModuleNotFoundError: No module named 'cryptography'

Ensures tests only run when OCSP dependencies (cryptography, requests) are installed, preventing failures in environments with only pymongo[test].

Copilot

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

Copilot

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

+    def test_rsa_valid(self):
+        key = MagicMock(spec=RSAPublicKey)
+        self.assertEqual(_verify_signature(key, b"sig", Mock(), b"data"), 1)
+        key.verify.assert_called_once()
+
+    def test_rsa_invalid(self):
+        key = MagicMock(spec=RSAPublicKey)
+        key.verify.side_effect = InvalidSignature()
+        self.assertEqual(_verify_signature(key, b"sig", Mock(), b"data"), 0)
+
+    def test_dsa_valid(self):
+        key = MagicMock(spec=DSAPublicKey)
+        self.assertEqual(_verify_signature(key, b"sig", Mock(), b"data"), 1)
+        key.verify.assert_called_once()
+
+    def test_ec_valid(self):
+        key = MagicMock(spec=EllipticCurvePublicKey)
+        self.assertEqual(_verify_signature(key, b"sig", Mock(), b"data"), 1)
+        key.verify.assert_called_once()
+
+    def test_x25519_skips_verify(self):
+        key = MagicMock(spec=X25519PublicKey)
+        self.assertEqual(_verify_signature(key, b"sig", Mock(), b"data"), 1)
+
+    def test_x448_skips_verify(self):
+        key = MagicMock(spec=X448PublicKey)
+        self.assertEqual(_verify_signature(key, b"sig", Mock(), b"data"), 1)
+
+    def test_other_key_valid(self):
+        key = Mock()
+        self.assertEqual(_verify_signature(key, b"sig", Mock(), b"data"), 1)


+    def test_rsa(self):
+        key = MagicMock(spec=RSAPublicKey)
+        key.public_bytes.return_value = b"rsa_key_bytes"
+        cert = Mock()
+        cert.public_key.return_value = key
+        result = _public_key_hash(cert)
+        self.assertEqual(len(result), 20)  # SHA-1 digest
+
+    def test_ec(self):
+        key = MagicMock(spec=EllipticCurvePublicKey)
+        key.public_bytes.return_value = b"ec_key_bytes"
+        cert = Mock()
+        cert.public_key.return_value = key
+        result = _public_key_hash(cert)
+        self.assertEqual(len(result), 20)
+
+    def test_other_key_type(self):
+        key = Mock()
+        key.public_bytes.return_value = b"other_key_bytes"
+        cert = Mock()
+        cert.public_key.return_value = key
+        result = _public_key_hash(cert)
+        self.assertEqual(len(result), 20)
+


Copilot

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

aclark4life changed the title ~~PYTHON-5778 Add unit tests for ocsp_support.py to increase coverage~~ PYTHON-5778 Increase code coverage for ocsp_support.py Apr 20, 2026

aclark4life changed the title ~~PYTHON-5778 Increase code coverage for ocsp_support.py~~ PYTHON-5778 Increase ocsp_support.py coverage from 57.64% to ~99% Apr 20, 2026

aclark4life changed the title ~~PYTHON-5778 Increase ocsp_support.py coverage from 57.64% to ~99%~~ PYTHON-5778 Increase ocsp_support.py coverage from 57.64% to >=80% Apr 20, 2026

aclark4life changed the title ~~PYTHON-5778 Increase ocsp_support.py coverage from 57.64% to >=80%~~ PYTHON-5775 Increase ocsp_support.py coverage from 57.64% to >=80% Apr 20, 2026

aclark4life force-pushed the PYTHON-5775 branch 2 times, most recently from c24daf7 to 8ead683 Compare April 20, 2026 22:28

aclark4life marked this pull request as ready for review April 20, 2026 22:29

aclark4life requested a review from a team as a code owner April 20, 2026 22:29

aclark4life requested review from Copilot and sleepyStick April 20, 2026 22:29

Copilot started reviewing on behalf of aclark4life April 20, 2026 22:30 View session

Copilot AI reviewed Apr 20, 2026

View reviewed changes

Comment thread test/test_ocsp_support.py

Comment thread test/test_ocsp_support.py

aclark4life requested a review from Copilot April 21, 2026 00:21

Copilot started reviewing on behalf of aclark4life April 21, 2026 00:22 View session

Copilot AI reviewed Apr 21, 2026

View reviewed changes

Comment thread test/test_ocsp_support.py

aclark4life requested a review from Copilot April 21, 2026 21:26

Copilot started reviewing on behalf of aclark4life April 21, 2026 21:26 View session

Copilot AI reviewed Apr 21, 2026

View reviewed changes

Comment thread test/test_ocsp_support.py

aclark4life changed the title ~~PYTHON-5775 Increase ocsp_support.py coverage from 57.64% to >=80%~~ PYTHON-5775 Increase coverage for ocsp_support.py Apr 24, 2026

aclark4life changed the title ~~PYTHON-5775 Increase coverage for ocsp_support.py~~ PYTHON-5775 Increase code coverage for ocsp_support.py Apr 24, 2026

sleepyStick requested changes Apr 27, 2026

View reviewed changes

aclark4life force-pushed the PYTHON-5775 branch 2 times, most recently from 7a0d508 to 258977e Compare May 6, 2026 02:05

aclark4life requested a review from sleepyStick May 6, 2026 02:08

sleepyStick previously approved these changes May 6, 2026

View reviewed changes

aclark4life added 2 commits May 6, 2026 14:24

PYTHON-5778 Add unit tests for ocsp_support.py to increase coverage

5f745f8

PYTHON-5775 Add pytest.mark.ocsp marker to test_ocsp_support.py

b483a48

Ensures tests only run when OCSP dependencies (cryptography, requests) are installed, preventing failures in environments with only pymongo[test].

aclark4life force-pushed the PYTHON-5775 branch from 258977e to 1207062 Compare May 6, 2026 18:24

aclark4life marked this pull request as draft May 6, 2026 18:25

aclark4life dismissed sleepyStick’s stale review via 5b49e64 May 7, 2026 00:45

aclark4life force-pushed the PYTHON-5775 branch 3 times, most recently from 5e75992 to a299e0c Compare May 7, 2026 01:42

aclark4life requested a review from Copilot May 7, 2026 02:02

aclark4life changed the title ~~PYTHON-5775 Increase code coverage for ocsp_support.py~~ PYTHON-5775 Improve code coverage for ocsp_support.py May 7, 2026

aclark4life changed the title ~~PYTHON-5775 Improve code coverage for ocsp_support.py~~ PYTHON-5775 Improve coverage for ocsp_support.py May 7, 2026

aclark4life changed the title ~~PYTHON-5775 Improve coverage for ocsp_support.py~~ PYTHON-5775 Improve coverage for ocsp_support.py May 7, 2026

aclark4life changed the title ~~PYTHON-5775 Improve coverage for ocsp_support.py~~ PYTHON-5775 Coverage improvements for ocsp_support.py May 7, 2026

Copilot AI reviewed May 7, 2026

View reviewed changes

Comment thread test/test_ocsp_support.py

aclark4life changed the title ~~PYTHON-5775 Coverage improvements for ocsp_support.py~~ PYTHON-5775 Coverage improvement for ocsp_support.py May 7, 2026

aclark4life requested a review from Copilot May 7, 2026 02:29

Copilot started reviewing on behalf of aclark4life May 7, 2026 02:30 View session

aclark4life changed the title ~~PYTHON-5775 Coverage improvement for ocsp_support.py~~ PYTHON-5775 Coverage increase for ocsp_support.py May 7, 2026

Copilot AI reviewed May 7, 2026

View reviewed changes

Noah + Copilot feedback

87bc26d

aclark4life force-pushed the PYTHON-5775 branch from c706080 to 87bc26d Compare May 7, 2026 03:01

aclark4life requested a review from Copilot May 7, 2026 03:02

Copilot started reviewing on behalf of aclark4life May 7, 2026 03:03 View session

Copilot AI reviewed May 7, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PYTHON-5775 Coverage increase for `ocsp_support.py`#2763

PYTHON-5775 Coverage increase for `ocsp_support.py`#2763
aclark4life wants to merge 3 commits intomongodb:masterfrom
aclark4life:PYTHON-5775

aclark4life commented Apr 17, 2026 •

edited

Loading

Uh oh!

codecov-commenter commented Apr 17, 2026 •

edited

Loading

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

sleepyStick left a comment

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Copilot AI left a comment

Uh oh!

Copilot AI left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

aclark4life commented Apr 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Changes in this PR

Test Plan

Checklist

Checklist for Author

Checklist for Reviewer

Uh oh!

codecov-commenter commented Apr 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

sleepyStick left a comment

Choose a reason for hiding this comment

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

aclark4life commented Apr 17, 2026 •

edited

Loading

codecov-commenter commented Apr 17, 2026 •

edited

Loading