From 2ffe124d952dfdf37cfd92c70c1e76293f83e162 Mon Sep 17 00:00:00 2001
From: Patrick Robertson <robertson.patrick@gmail.com>
Date: Tue, 11 Mar 2025 11:13:36 +0000
Subject: [PATCH] Add unit test for invalid digicert tsrs

---
 tests/enrichers/test_timestamping_enricher.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/tests/enrichers/test_timestamping_enricher.py b/tests/enrichers/test_timestamping_enricher.py
index b5c6b77..1db503c 100644
--- a/tests/enrichers/test_timestamping_enricher.py
+++ b/tests/enrichers/test_timestamping_enricher.py
@@ -17,6 +17,21 @@ def wrong_order_timestamp_response() -> TimeStampResponse:
     with open("tests/data/timestamping/rfc3161-client-issue-104.tsr", "rb") as f:
         return decode_timestamp_response(f.read())
 
+
+@pytest.mark.download
+def test_fails_for_digicert(setup_module):
+    """
+    Digicert TSRs are not compliant with RFC 3161.
+    See https://github.com/trailofbits/rfc3161-client/issues/104#issuecomment-2621960840
+    """
+    tsa_url = "http://timestamp.digicert.com"
+    tsp: TimestampingEnricher = setup_module("timestamping_enricher")
+
+    data = b"4b7b4e39f12b8c725e6e603e6d4422500316df94211070682ef10260ff5759ef"
+    with pytest.raises(ValueError) as e:
+        tsp.sign_data(tsa_url, data)
+    assert "ASN.1 parse error: ParseError" in str(e.value)
+
 @pytest.mark.download
 def test_download_tsr(setup_module):
     tsa_url = "http://timestamp.identrust.com"