def test_dnsnames_email(self):
certificate = cert_with_urls(EMAIL_ADDRESS)
check = dnsnames.CheckValidityOfDnsnames()
result = check.check(certificate)
self.assertEqual(len(result), 1)
self.assertIsNotNone(result[0].reason)
self.assertIn('@', ''.join(result[0].details))
def test_dnsnames_multiple_names(self):
certificate = cert_with_urls(EXAMPLE, EXAMPLE_WILDCARD, UTF8_URL,
NON_UTF8_URL, URL_INVALID_CHARACTERS_5)
check = dnsnames.CheckValidityOfDnsnames()
result = check.check(certificate)
# 1 from NON_UTF8, 5 from INVALID_CHARACTERS_5
self.assertEqual(len(result), 6)
def test_dnsnames_invalid_chars(self):
certificate = cert_with_urls(URL_INVALID_CHARACTERS_5)
check = dnsnames.CheckValidityOfDnsnames()
result = check.check(certificate)
self.assertEqual(len(result), 5)
for res in result:
self.assertIsNotNone(res.details)
def test_dnsnames_non_utf8(self):
certificate = cert_with_urls(NON_UTF8_URL)
check = dnsnames.CheckValidityOfDnsnames()
result = check.check(certificate)
self.assertEqual(len(result), 1)
self.assertIsNotNone(result[0].reason)
def test_dnsnames_utf8(self):
certificate = cert_with_urls(UTF8_URL)
check = dnsnames.CheckValidityOfDnsnames()
result = check.check(certificate)
self.assertEqual(len(result), 0)
def test_dnsnames_wildcard(self):
certificate = cert_with_urls(EXAMPLE_WILDCARD)
check = dnsnames.CheckValidityOfDnsnames()
result = check.check(certificate)
self.assertEqual(len(result), 0)
from ct.cert_analysis import algorithm
from ct.cert_analysis import ca_field
from ct.cert_analysis import common_name
from ct.cert_analysis import crl_pointers
from ct.cert_analysis import dnsnames
from ct.cert_analysis import extensions
from ct.cert_analysis import ip_addresses
from ct.cert_analysis import ocsp_pointers
from ct.cert_analysis import serial_number
from ct.cert_analysis import validity
ALL_CHECKS = [serial_number.CheckNegativeSerialNumber(),
validity.CheckValidityNotBeforeFuture(),
validity.CheckValidityCorrupt(),
validity.CheckIsExpirationDateWellDefined(),
dnsnames.CheckValidityOfDnsnames(),
dnsnames.CheckCorruptSANExtension(),
dnsnames.CheckTldMatches(),
common_name.CheckSCNTldMatches(),
common_name.CheckLackOfSubjectCommonName(),
common_name.CheckCorruptSubjectCommonName(),
extensions.CheckCorrectExtensions(),
ip_addresses.CheckPrivateIpAddresses(),
ip_addresses.CheckCorruptIpAddresses(),
algorithm.CheckSignatureAlgorithmsMismatch(),
algorithm.CheckCertificateAlgorithmSHA1After2017(),
algorithm.CheckTbsCertificateAlgorithmSHA1Ater2017(),
ca_field.CheckCATrue(),
ocsp_pointers.CheckOcspExistence(),
ocsp_pointers.CheckCorruptOrMultipleAiaExtension(),
crl_pointers.CheckCrlExistence(),
