def test_multiple_matches(self):
"""
Return all matches.
"""
valid_cert_id_1 = FakeCertID()
valid_cert_id_2 = FakeCertID()
valid_cert_id_3 = FakeCertID()
valid_id_1 = Fake_ID(valid_cert_id_1)
valid_id_2 = Fake_ID(valid_cert_id_2)
valid_id_3 = Fake_ID(valid_cert_id_3)
rv = _find_matches(
[
FakeCertID(),
valid_cert_id_1,
FakeCertID(),
valid_cert_id_3,
FakeCertID(),
valid_cert_id_2,
],
[valid_id_1, valid_id_2, valid_id_3],
)
assert [
ServiceMatch(cert_pattern=valid_cert_id_1, service_id=valid_id_1),
ServiceMatch(cert_pattern=valid_cert_id_2, service_id=valid_id_2),
ServiceMatch(cert_pattern=valid_cert_id_3, service_id=valid_id_3),
] == rv
def test_ip_address_success(self):
"""
IP addresses patterns are matched against IP address IDs.
"""
ip4 = ipaddress.ip_address(u"2.2.2.2")
ip6 = ipaddress.ip_address(u"2a00:1c38::53")
id4 = IPAddress_ID(six.text_type(ip4))
id6 = IPAddress_ID(six.text_type(ip6))
rv = verify_service_identity(extract_ids(CERT_EVERYTHING), [id4, id6],
[])
assert [
ServiceMatch(id4, IPAddressPattern(ip4)),
ServiceMatch(id6, IPAddressPattern(ip6)),
] == rv
def test_dns_id_success(self):
"""
Return pairs of certificate ids and service ids on matches.
"""
rv = verify_service_identity(DNS_IDS,
[DNS_ID(u"twistedmatrix.com")],
[])
assert [
ServiceMatch(cert_pattern=DNSPattern(b"twistedmatrix.com"),
service_id=DNS_ID(u"twistedmatrix.com"),),
] == rv
def test_optional_missing(self):
"""
Optional IDs may miss as long as they don't conflict with an existing
pattern.
"""
p = DNSPattern(b"mail.foo.com")
i = DNS_ID(u"mail.foo.com")
rv = verify_service_identity([p],
obligatory_ids=[i],
optional_ids=[SRV_ID(u"_mail.foo.com")])
assert [ServiceMatch(cert_pattern=p, service_id=i)] == rv
def test_one_match(self):
"""
If there's a match, return a tuple of the certificate id and the
service id.
"""
valid_cert_id = FakeCertID()
valid_id = Fake_ID(valid_cert_id)
rv = _find_matches([FakeCertID(), valid_cert_id,
FakeCertID()], [valid_id])
assert [ServiceMatch(cert_pattern=valid_cert_id,
service_id=valid_id)] == rv
def test_contains_optional_and_matches(self):
"""
If an optional ID is found, return the match within the returned
list and don't raise an error.
"""
p = SRVPattern(b"_mail.example.net")
i = SRV_ID(u"_mail.example.net")
rv = verify_service_identity(
[DNSPattern(b"example.net"), p],
obligatory_ids=[DNS_ID(u"example.net")],
optional_ids=[i],
)
assert ServiceMatch(cert_pattern=p, service_id=i) == rv[1]