def test_match_hostname_ip_address_ipv6_brackets(self) -> None: cert: "_TYPE_PEER_CERT_RET_DICT" = { "subjectAltName": (("IP Address", "1:2::2:1"), ) } asserted_hostname = "[1:2::2:1]" # Assert no error is raised _match_hostname(cert, asserted_hostname)
def test_match_hostname_more_than_one_dnsname_error(self) -> None: cert: "_TYPE_PEER_CERT_RET_DICT" = { "subjectAltName": (("DNS", "foo*"), ("DNS", "fo*")) } asserted_hostname = "bar" with pytest.raises(CertificateError, match="doesn't match either of"): _match_hostname(cert, asserted_hostname)
def test_match_hostname_mismatch(self): cert = {'subjectAltName': [('DNS', 'foo')]} asserted_hostname = 'bar' try: with mock.patch('urllib3.connection.log.error') as mock_log: _match_hostname(cert, asserted_hostname) except CertificateError as e: self.assertEqual(str(e), "hostname 'bar' doesn't match 'foo'") mock_log.assert_called_once_with( 'Certificate did not match expected hostname: %s. ' 'Certificate: %s', 'bar', {'subjectAltName': [('DNS', 'foo')]}) self.assertEqual(e._peer_cert, cert)
def test_match_hostname_dns_with_brackets_doesnt_match(self) -> None: cert: "_TYPE_PEER_CERT_RET_DICT" = { "subjectAltName": ( ("DNS", "localhost"), ("IP Address", "localhost"), ) } asserted_hostname = "[localhost]" with pytest.raises(CertificateError) as e: _match_hostname(cert, asserted_hostname) assert ( "hostname '[localhost]' doesn't match either of 'localhost', 'localhost'" in str(e.value))
def test_match_hostname_ip_address_ipv6(self) -> None: cert = {"subjectAltName": (("IP Address", "1:2::2:1"), )} asserted_hostname = "1:2::2:2" try: with mock.patch("urllib3.connection.log.warning") as mock_log: _match_hostname(cert, asserted_hostname) except CertificateError as e: assert "hostname '1:2::2:2' doesn't match '1:2::2:1'" in str(e) mock_log.assert_called_once_with( "Certificate did not match expected hostname: %s. Certificate: %s", "1:2::2:2", {"subjectAltName": (("IP Address", "1:2::2:1"), )}, ) assert e._peer_cert == cert
def test_match_hostname_mismatch(self): cert = {'subjectAltName': [('DNS', 'foo')]} asserted_hostname = 'bar' try: with mock.patch('urllib3.connection.log.error') as mock_log: _match_hostname(cert, asserted_hostname) except CertificateError as e: self.assertEqual(str(e), "hostname 'bar' doesn't match 'foo'") mock_log.assert_called_once_with( 'Certificate did not match expected hostname: %s. ' 'Certificate: %s', 'bar', {'subjectAltName': [('DNS', 'foo')]} ) self.assertEqual(e._peer_cert, cert)
def test_match_hostname_no_dns(self) -> None: cert: "_TYPE_PEER_CERT_RET_DICT" = {"subjectAltName": (("DNS", ""), )} asserted_hostname = "bar" try: with mock.patch("urllib3.connection.log.warning") as mock_log: _match_hostname(cert, asserted_hostname) except CertificateError as e: assert "hostname 'bar' doesn't match ''" in str(e) mock_log.assert_called_once_with( "Certificate did not match expected hostname: %s. Certificate: %s", "bar", {"subjectAltName": (("DNS", ""), )}, ) assert e._peer_cert == cert
def test_match_hostname_mismatch(self): cert = {"subjectAltName": [("DNS", "foo")]} asserted_hostname = "bar" try: with mock.patch("urllib3.connection.log.warning") as mock_log: _match_hostname(cert, asserted_hostname) except CertificateError as e: assert "hostname 'bar' doesn't match 'foo'" in str(e) mock_log.assert_called_once_with( "Certificate did not match expected hostname: %s. " "Certificate: %s", "bar", {"subjectAltName": [("DNS", "foo")]}, ) assert e._peer_cert == cert
def test_match_hostname_startwith_wildcard(self) -> None: cert: "_TYPE_PEER_CERT_RET_DICT" = {"subjectAltName": (("DNS", "*"), )} asserted_hostname = "foo" _match_hostname(cert, asserted_hostname)
def test_match_hostname_match(self): cert = {'subjectAltName': [('DNS', 'foo')]} asserted_hostname = 'foo' _match_hostname(cert, asserted_hostname)
def test_match_hostname_empty_cert(self): cert = {} asserted_hostname = 'foo' with pytest.raises(ValueError): _match_hostname(cert, asserted_hostname)
def test_match_hostname_match(self): cert = {"subjectAltName": [("DNS", "foo")]} asserted_hostname = "foo" _match_hostname(cert, asserted_hostname)
def test_match_hostname_no_cert(self): cert = None asserted_hostname = "foo" with pytest.raises(ValueError): _match_hostname(cert, asserted_hostname)
def test_match_hostname_dnsname(self): cert = {"subjectAltName": [("DNS", "xn--p1b6ci4b4b3a*.xn--11b5bs8d")]} asserted_hostname = "xn--p1b6ci4b4b3a*.xn--11b5bs8d" _match_hostname(cert, asserted_hostname)
def test_match_hostname_include_wildcard(self) -> None: cert: "_TYPE_PEER_CERT_RET_DICT" = { "subjectAltName": (("DNS", "foo*"), ) } asserted_hostname = "foobar" _match_hostname(cert, asserted_hostname)
def test_match_hostname_dnsname(self) -> None: cert: "_TYPE_PEER_CERT_RET_DICT" = { "subjectAltName": (("DNS", "xn--p1b6ci4b4b3a*.xn--11b5bs8d"), ) } asserted_hostname = "xn--p1b6ci4b4b3a*.xn--11b5bs8d" _match_hostname(cert, asserted_hostname)
def test_match_hostname_startwith_wildcard(self): cert = {"subjectAltName": [("DNS", "*")]} asserted_hostname = "foo" _match_hostname(cert, asserted_hostname)
def test_match_hostname_empty_cert(self) -> None: cert: "_TYPE_PEER_CERT_RET_DICT" = {} asserted_hostname = "foo" with pytest.raises(ValueError): _match_hostname(cert, asserted_hostname)
def test_match_hostname_include_wildcard(self): cert = {"subjectAltName": [("DNS", "foo*")]} asserted_hostname = "foobar" _match_hostname(cert, asserted_hostname)
def test_match_hostname_match(self) -> None: cert: _TYPE_PEER_CERT_RET = {"subjectAltName": (("DNS", "foo"), )} asserted_hostname = "foo" _match_hostname(cert, asserted_hostname)