def test_uri(self):
"""
Returns the correct URIPattern from a certificate.
"""
rv = extract_ids(CERT_OTHER_NAME)
assert [URIPattern(b"http://example.com/")
] == [id for id in rv if isinstance(id, URIPattern)]
def test_uri(self):
"""
Returns the correct URIPattern from a certificate.
"""
rv = extract_ids(CERT_OTHER_NAME)
assert [
URIPattern(b"http://example.com/")
] == [id for id in rv if isinstance(id, URIPattern)]
def test_cn_ids_are_used_as_fallback(self):
"""
CNs are returned as DNSPattern if no other IDs are present.
"""
rv = extract_ids(CERT_CN_ONLY)
self.assertEqual(
[DNSPattern(b'www.microsoft.com')], rv
)
def test_cn_ids_are_used_as_fallback(self):
"""
CNs are returned as DNSPattern if no other IDs are present
and a warning is raised.
"""
with pytest.warns(SubjectAltNameWarning):
rv = extract_ids(CERT_CN_ONLY)
assert [DNSPattern(b"www.microsoft.com")] == rv
def test_dns(self):
"""
Returns the correct DNSPattern from a certificate.
"""
rv = extract_ids(CERT_DNS_ONLY)
assert [
DNSPattern(b"www.twistedmatrix.com"),
DNSPattern(b"twistedmatrix.com"),
] == rv
def test_dns(self):
"""
Returns the correct DNSPattern from a certificate.
"""
rv = extract_ids(CERT_DNS_ONLY)
assert [
DNSPattern(b"www.twistedmatrix.com"),
DNSPattern(b"twistedmatrix.com")
] == rv
def test_uri(self):
"""
Returns the correct URIPattern from a certificate.
"""
rv = extract_ids(CERT_OTHER_NAME)
self.assertEqual(
[URIPattern(b'http://example.com/')],
[id for id in rv if isinstance(id, URIPattern)]
)
def test_dns(self):
"""
Returns the correct DNSPattern from a certificate.
"""
rv = extract_ids(CERT_DNS_ONLY)
self.assertEqual(
[DNSPattern(b'www.twistedmatrix.com'),
DNSPattern(b'twistedmatrix.com')],
rv
)
def test_vsi_integration_dns_id_fail(self):
"""
Raise VerificationError if no certificate id matches the supplied
service ids.
"""
self.assertRaises(
VerificationError,
verify_service_identity,
extract_ids(CERT_DNS_ONLY), [DNS_ID(u("wrong.host"))],
)
def test_cn_ids_are_used_as_fallback(self):
"""
CNs are returned as DNSPattern if no other IDs are present
and a warning is raised.
"""
with pytest.warns(SubjectAltNameWarning):
rv = extract_ids(CERT_CN_ONLY)
assert [
DNSPattern(b"www.microsoft.com")
] == rv
def test_dns_id_success(self):
"""
Return pairs of certificate ids and service ids on matches.
"""
rv = verify_service_identity(extract_ids(CERT_DNS_ONLY),
[DNS_ID(u"twistedmatrix.com")],
[])
assert [
ServiceMatch(cert_pattern=DNSPattern(b"twistedmatrix.com"),
service_id=DNS_ID(u"twistedmatrix.com"),),
] == rv
def _verify_hostname(certificate, hostname):
"""
Verify whether *certificate* has a valid certificate chain for *hostname*.
"""
# Using private APIs here because service_identity doesn't *quite* have the
# right public API.
verify_service_identity(
cert_patterns=extract_ids(certificate),
obligatory_ids=[DNS_ID(hostname)],
optional_ids=[],
)
def test_vsi_dns_id_success(self):
"""
Return pairs of certificate ids and service ids on matches.
"""
rv = verify_service_identity(extract_ids(CERT_DNS_ONLY),
[DNS_ID(u("twistedmatrix.com"))])
self.assertEqual(
[
(DNSPattern(b"twistedmatrix.com"),
DNS_ID(u("twistedmatrix.com")),),
], rv
)
def test_integration_dns_id_fail(self):
"""
Raise VerificationError if no certificate id matches the supplied
service ids.
"""
i = DNS_ID(u"wrong.host")
with pytest.raises(VerificationError) as e:
verify_service_identity(
extract_ids(CERT_DNS_ONLY),
obligatory_ids=[i],
optional_ids=[],
)
assert [DNSMismatch(mismatched_id=i)] == e.value.errors
def test_cn_ids_are_used_as_fallback(self):
"""
CNs are returned as DNSPattern if no other IDs are present
and a warning is raised.
"""
with pytest.warns(SubjectAltNameWarning) as ws:
rv = extract_ids(CERT_CN_ONLY)
msg = ws[0].message.args[0]
assert [DNSPattern(b"www.microsoft.com")] == rv
assert msg.startswith(
"Certificate with CN 'www.microsoft.com' has no `subjectAltName`")
assert msg.endswith(
"service-identity will remove the support for it in mid-2018.")
def test_ip(self):
"""
Returns IP patterns.
"""
rv = extract_ids(CERT_EVERYTHING)
assert [
DNSPattern(pattern=b"service.identity.invalid"),
DNSPattern(pattern=b"*.wildcard.service.identity.invalid"),
DNSPattern(pattern=b"service.identity.invalid"),
DNSPattern(pattern=b"single.service.identity.invalid"),
IPAddressPattern(pattern=ipaddress.IPv4Address(u"1.1.1.1")),
IPAddressPattern(pattern=ipaddress.IPv6Address(u"::1")),
IPAddressPattern(pattern=ipaddress.IPv4Address(u"2.2.2.2")),
IPAddressPattern(pattern=ipaddress.IPv6Address(u"2a00:1c38::53")),
] == rv
def test_ip(self):
"""
Returns IP patterns.
"""
rv = extract_ids(CERT_EVERYTHING)
assert [
DNSPattern(pattern=b"service.identity.invalid"),
DNSPattern(pattern=b"*.wildcard.service.identity.invalid"),
DNSPattern(pattern=b"service.identity.invalid"),
DNSPattern(pattern=b"single.service.identity.invalid"),
IPAddressPattern(pattern=ipaddress.IPv4Address(u"1.1.1.1")),
IPAddressPattern(pattern=ipaddress.IPv6Address(u"::1")),
IPAddressPattern(pattern=ipaddress.IPv4Address(u"2.2.2.2")),
IPAddressPattern(pattern=ipaddress.IPv6Address(u"2a00:1c38::53")),
] == rv
def test_cn_ids_are_used_as_fallback(self):
"""
CNs are returned as DNSPattern if no other IDs are present
and a warning is raised.
"""
with pytest.warns(SubjectAltNameWarning) as ws:
rv = extract_ids(CERT_CN_ONLY)
msg = ws[0].message.args[0]
assert [DNSPattern(b"www.microsoft.com")] == rv
assert msg.startswith(
"Certificate with CN 'www.microsoft.com' has no `subjectAltName`"
)
assert msg.endswith(
"service_identity will remove the support for it in mid-2018."
)