def test_uri(self):
"""
Returns the correct URIPattern from a certificate.
"""
rv = extract_ids(X509_OTHER_NAME)
assert [URIPattern(b"http://example.com/")
] == [id for id in rv if isinstance(id, URIPattern)]
def test_uri(self):
"""
Returns the correct URIPattern from a certificate.
"""
rv = extract_ids(X509_OTHER_NAME)
assert [
URIPattern(b"http://example.com/")
] == [id for id in rv if isinstance(id, URIPattern)]
def test_cn_ids_are_used_as_fallback(self):
"""
CNs are returned as DNSPattern if no other IDs are present
and a warning is raised.
"""
with pytest.warns(SubjectAltNameWarning):
rv = extract_ids(X509_CN_ONLY)
assert [DNSPattern(b"www.microsoft.com")] == rv
def test_cn_ids_are_used_as_fallback(self):
"""
CNs are returned as DNSPattern if no other IDs are present
and a warning is raised.
"""
with pytest.warns(SubjectAltNameWarning):
rv = extract_ids(X509_CN_ONLY)
assert [DNSPattern(b"www.microsoft.com")] == rv
def test_dns(self):
"""
Returns the correct DNSPattern from a certificate.
"""
rv = extract_ids(X509_DNS_ONLY)
assert [
DNSPattern(b"www.twistedmatrix.com"),
DNSPattern(b"twistedmatrix.com")
] == rv
def test_dns(self):
"""
Returns the correct DNSPattern from a certificate.
"""
rv = extract_ids(X509_DNS_ONLY)
assert [
DNSPattern(b"www.twistedmatrix.com"),
DNSPattern(b"twistedmatrix.com")
] == rv
def test_ip_address_success(self):
"""
IP addresses patterns are matched against IP address IDs.
"""
ip4 = ipaddress.ip_address(u"2.2.2.2")
ip6 = ipaddress.ip_address(u"2a00:1c38::53")
id4 = IPAddress_ID(six.text_type(ip4))
id6 = IPAddress_ID(six.text_type(ip6))
rv = verify_service_identity(extract_ids(CERT_EVERYTHING), [id4, id6],
[])
assert [
ServiceMatch(id4, IPAddressPattern(ip4)),
ServiceMatch(id6, IPAddressPattern(ip6)),
] == rv
def test_ip_address_success(self):
"""
IP addresses patterns are matched against IP address IDs.
"""
ip4 = ipaddress.ip_address(u"2.2.2.2")
ip6 = ipaddress.ip_address(u"2a00:1c38::53")
id4 = IPAddress_ID(six.text_type(ip4))
id6 = IPAddress_ID(six.text_type(ip6))
rv = verify_service_identity(
extract_ids(CERT_EVERYTHING), [id4, id6], []
)
assert [
ServiceMatch(id4, IPAddressPattern(ip4)),
ServiceMatch(id6, IPAddressPattern(ip6)),
] == rv
def test_ip(self):
"""
Returns IP patterns.
"""
rv = extract_ids(CERT_EVERYTHING)
assert [
DNSPattern(pattern=b"service.identity.invalid"),
DNSPattern(pattern=b"*.wildcard.service.identity.invalid"),
DNSPattern(pattern=b"service.identity.invalid"),
DNSPattern(pattern=b"single.service.identity.invalid"),
IPAddressPattern(pattern=ipaddress.IPv4Address(u"1.1.1.1")),
IPAddressPattern(pattern=ipaddress.IPv6Address(u"::1")),
IPAddressPattern(pattern=ipaddress.IPv4Address(u"2.2.2.2")),
IPAddressPattern(pattern=ipaddress.IPv6Address(u"2a00:1c38::53")),
] == rv
def test_ip(self):
"""
Returns IP patterns.
"""
rv = extract_ids(CERT_EVERYTHING)
assert [
DNSPattern(pattern=b"service.identity.invalid"),
DNSPattern(pattern=b"*.wildcard.service.identity.invalid"),
DNSPattern(pattern=b"service.identity.invalid"),
DNSPattern(pattern=b"single.service.identity.invalid"),
IPAddressPattern(pattern=ipaddress.IPv4Address(u"1.1.1.1")),
IPAddressPattern(pattern=ipaddress.IPv6Address(u"::1")),
IPAddressPattern(pattern=ipaddress.IPv4Address(u"2.2.2.2")),
IPAddressPattern(pattern=ipaddress.IPv6Address(u"2a00:1c38::53")),
] == rv
b2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMDUGA1UdHwQuMCwwKqAo
oCaGJGh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydDEtY3JsLmNybDCBjgYIKwYB
BQUHAQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29t
L3N1Yi9jbGFzczEvc2VydmVyL2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0
YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MxLnNlcnZlci5jYS5jcnQwIwYDVR0S
BBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20vMA0GCSqGSIb3DQEBBQUAA4IB
AQCN85dUStYjHmWdXthpAqJcS3KD2JP6N9egOz7FTcToXLW8Kl5a2SUVaJv8Fzs+
wtbPJQSm0LyGtfdrR6iKFPf28Vm/VkYXPiOV08GD9B7yl1SjktXOsGMPlOHU8YQZ
DEsHOrRvaZBSA1VtBQjYnoO0pDVu9QwDLAPLFvFice2PN803HuMFIwcuQSIrh4nq
PqwitBZ6nPPHz7aSiAut/+txK3EZll0d+hl0H3Phd+ICeITYhNkLe90k7l1IFpET
fJiBDvG/iDAJISgkrR1heuX/e+yWfx7RvqGlMLIE35d+0MhWy92Jzejbl8fJdr4C
Kulh/pV07MWAUZxscUPtWmPo
-----END CERTIFICATE-----"""
DNS_IDS = extract_ids(
load_pem_x509_certificate(PEM_DNS_ONLY, default_backend())
)
PEM_CN_ONLY = b"""\
-----BEGIN CERTIFICATE-----
MIIGdDCCBVygAwIBAgIKGOC4tAABAAAx0TANBgkqhkiG9w0BAQUFADCBgDETMBEG
CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG
CgmSJomT8ixkARkWBGNvcnAxFzAVBgoJkiaJk/IsZAEZFgdyZWRtb25kMR8wHQYD
VQQDExZNU0lUIE1hY2hpbmUgQXV0aCBDQSAyMB4XDTEzMDExMjAwMDc0MVoXDTE1
MDExMjAwMDc0MVoweDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQH
EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xDjAMBgNV
BAsTBU1TQ09NMRowGAYDVQQDExF3d3cubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAJ+h4bQ7OlcO0M9UvM0Y2LISEzGkTDc9CT7v
c91kI2GOlR/kbI1AUmJu3g6Cv0wqz4b9QT6BdXSE+WAxUM/yk4mf1HhkJtbSwucb
AQAtgq0iC1u6mDDXH2sl/NUB4VKSGryIYYdRVHduZlFkAHmxwcmxyQt6BQykXl7G
NkftiJZtVci/ZRPaBrFnkZjZCbJH+capx0v9hmBTLPVAGyIF5TwF1aldXT367S76
bmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ug
b2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMDUGA1UdHwQuMCwwKqAo
oCaGJGh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydDEtY3JsLmNybDCBjgYIKwYB
BQUHAQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29t
L3N1Yi9jbGFzczEvc2VydmVyL2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0
YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MxLnNlcnZlci5jYS5jcnQwIwYDVR0S
BBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20vMA0GCSqGSIb3DQEBBQUAA4IB
AQCN85dUStYjHmWdXthpAqJcS3KD2JP6N9egOz7FTcToXLW8Kl5a2SUVaJv8Fzs+
wtbPJQSm0LyGtfdrR6iKFPf28Vm/VkYXPiOV08GD9B7yl1SjktXOsGMPlOHU8YQZ
DEsHOrRvaZBSA1VtBQjYnoO0pDVu9QwDLAPLFvFice2PN803HuMFIwcuQSIrh4nq
PqwitBZ6nPPHz7aSiAut/+txK3EZll0d+hl0H3Phd+ICeITYhNkLe90k7l1IFpET
fJiBDvG/iDAJISgkrR1heuX/e+yWfx7RvqGlMLIE35d+0MhWy92Jzejbl8fJdr4C
Kulh/pV07MWAUZxscUPtWmPo
-----END CERTIFICATE-----"""
DNS_IDS = extract_ids(
load_pem_x509_certificate(PEM_DNS_ONLY, default_backend()))
PEM_CN_ONLY = b"""\
-----BEGIN CERTIFICATE-----
MIIGdDCCBVygAwIBAgIKGOC4tAABAAAx0TANBgkqhkiG9w0BAQUFADCBgDETMBEG
CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG
CgmSJomT8ixkARkWBGNvcnAxFzAVBgoJkiaJk/IsZAEZFgdyZWRtb25kMR8wHQYD
VQQDExZNU0lUIE1hY2hpbmUgQXV0aCBDQSAyMB4XDTEzMDExMjAwMDc0MVoXDTE1
MDExMjAwMDc0MVoweDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQH
EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xDjAMBgNV
BAsTBU1TQ09NMRowGAYDVQQDExF3d3cubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAJ+h4bQ7OlcO0M9UvM0Y2LISEzGkTDc9CT7v
c91kI2GOlR/kbI1AUmJu3g6Cv0wqz4b9QT6BdXSE+WAxUM/yk4mf1HhkJtbSwucb
AQAtgq0iC1u6mDDXH2sl/NUB4VKSGryIYYdRVHduZlFkAHmxwcmxyQt6BQykXl7G
NkftiJZtVci/ZRPaBrFnkZjZCbJH+capx0v9hmBTLPVAGyIF5TwF1aldXT367S76
QGGn6UnI0O5Cua7GU1JDVmbPus0kgRTazvyW4g17jGFtNJTy43UqlX7TZ8B76OZC
