def test_uri(self): """ Returns the correct URIPattern from a certificate. """ rv = extract_ids(CERT_OTHER_NAME) assert [URIPattern(b"http://example.com/") ] == [id for id in rv if isinstance(id, URIPattern)]
def test_uri(self): """ Returns the correct URIPattern from a certificate. """ rv = extract_ids(CERT_OTHER_NAME) assert [ URIPattern(b"http://example.com/") ] == [id for id in rv if isinstance(id, URIPattern)]
def test_cn_ids_are_used_as_fallback(self): """ CNs are returned as DNSPattern if no other IDs are present. """ rv = extract_ids(CERT_CN_ONLY) self.assertEqual( [DNSPattern(b'www.microsoft.com')], rv )
def test_cn_ids_are_used_as_fallback(self): """ CNs are returned as DNSPattern if no other IDs are present and a warning is raised. """ with pytest.warns(SubjectAltNameWarning): rv = extract_ids(CERT_CN_ONLY) assert [DNSPattern(b"www.microsoft.com")] == rv
def test_dns(self): """ Returns the correct DNSPattern from a certificate. """ rv = extract_ids(CERT_DNS_ONLY) assert [ DNSPattern(b"www.twistedmatrix.com"), DNSPattern(b"twistedmatrix.com"), ] == rv
def test_dns(self): """ Returns the correct DNSPattern from a certificate. """ rv = extract_ids(CERT_DNS_ONLY) assert [ DNSPattern(b"www.twistedmatrix.com"), DNSPattern(b"twistedmatrix.com") ] == rv
def test_uri(self): """ Returns the correct URIPattern from a certificate. """ rv = extract_ids(CERT_OTHER_NAME) self.assertEqual( [URIPattern(b'http://example.com/')], [id for id in rv if isinstance(id, URIPattern)] )
def test_dns(self): """ Returns the correct DNSPattern from a certificate. """ rv = extract_ids(CERT_DNS_ONLY) self.assertEqual( [DNSPattern(b'www.twistedmatrix.com'), DNSPattern(b'twistedmatrix.com')], rv )
def test_vsi_integration_dns_id_fail(self): """ Raise VerificationError if no certificate id matches the supplied service ids. """ self.assertRaises( VerificationError, verify_service_identity, extract_ids(CERT_DNS_ONLY), [DNS_ID(u("wrong.host"))], )
def test_cn_ids_are_used_as_fallback(self): """ CNs are returned as DNSPattern if no other IDs are present and a warning is raised. """ with pytest.warns(SubjectAltNameWarning): rv = extract_ids(CERT_CN_ONLY) assert [ DNSPattern(b"www.microsoft.com") ] == rv
def test_dns_id_success(self): """ Return pairs of certificate ids and service ids on matches. """ rv = verify_service_identity(extract_ids(CERT_DNS_ONLY), [DNS_ID(u"twistedmatrix.com")], []) assert [ ServiceMatch(cert_pattern=DNSPattern(b"twistedmatrix.com"), service_id=DNS_ID(u"twistedmatrix.com"),), ] == rv
def _verify_hostname(certificate, hostname): """ Verify whether *certificate* has a valid certificate chain for *hostname*. """ # Using private APIs here because service_identity doesn't *quite* have the # right public API. verify_service_identity( cert_patterns=extract_ids(certificate), obligatory_ids=[DNS_ID(hostname)], optional_ids=[], )
def test_vsi_dns_id_success(self): """ Return pairs of certificate ids and service ids on matches. """ rv = verify_service_identity(extract_ids(CERT_DNS_ONLY), [DNS_ID(u("twistedmatrix.com"))]) self.assertEqual( [ (DNSPattern(b"twistedmatrix.com"), DNS_ID(u("twistedmatrix.com")),), ], rv )
def test_integration_dns_id_fail(self): """ Raise VerificationError if no certificate id matches the supplied service ids. """ i = DNS_ID(u"wrong.host") with pytest.raises(VerificationError) as e: verify_service_identity( extract_ids(CERT_DNS_ONLY), obligatory_ids=[i], optional_ids=[], ) assert [DNSMismatch(mismatched_id=i)] == e.value.errors
def test_cn_ids_are_used_as_fallback(self): """ CNs are returned as DNSPattern if no other IDs are present and a warning is raised. """ with pytest.warns(SubjectAltNameWarning) as ws: rv = extract_ids(CERT_CN_ONLY) msg = ws[0].message.args[0] assert [DNSPattern(b"www.microsoft.com")] == rv assert msg.startswith( "Certificate with CN 'www.microsoft.com' has no `subjectAltName`") assert msg.endswith( "service-identity will remove the support for it in mid-2018.")
def test_ip(self): """ Returns IP patterns. """ rv = extract_ids(CERT_EVERYTHING) assert [ DNSPattern(pattern=b"service.identity.invalid"), DNSPattern(pattern=b"*.wildcard.service.identity.invalid"), DNSPattern(pattern=b"service.identity.invalid"), DNSPattern(pattern=b"single.service.identity.invalid"), IPAddressPattern(pattern=ipaddress.IPv4Address(u"1.1.1.1")), IPAddressPattern(pattern=ipaddress.IPv6Address(u"::1")), IPAddressPattern(pattern=ipaddress.IPv4Address(u"2.2.2.2")), IPAddressPattern(pattern=ipaddress.IPv6Address(u"2a00:1c38::53")), ] == rv
def test_ip(self): """ Returns IP patterns. """ rv = extract_ids(CERT_EVERYTHING) assert [ DNSPattern(pattern=b"service.identity.invalid"), DNSPattern(pattern=b"*.wildcard.service.identity.invalid"), DNSPattern(pattern=b"service.identity.invalid"), DNSPattern(pattern=b"single.service.identity.invalid"), IPAddressPattern(pattern=ipaddress.IPv4Address(u"1.1.1.1")), IPAddressPattern(pattern=ipaddress.IPv6Address(u"::1")), IPAddressPattern(pattern=ipaddress.IPv4Address(u"2.2.2.2")), IPAddressPattern(pattern=ipaddress.IPv6Address(u"2a00:1c38::53")), ] == rv
def test_cn_ids_are_used_as_fallback(self): """ CNs are returned as DNSPattern if no other IDs are present and a warning is raised. """ with pytest.warns(SubjectAltNameWarning) as ws: rv = extract_ids(CERT_CN_ONLY) msg = ws[0].message.args[0] assert [DNSPattern(b"www.microsoft.com")] == rv assert msg.startswith( "Certificate with CN 'www.microsoft.com' has no `subjectAltName`" ) assert msg.endswith( "service_identity will remove the support for it in mid-2018." )