diff options
Diffstat (limited to 'test/test_certutils.py')
| -rw-r--r-- | test/test_certutils.py | 92 |
1 files changed, 53 insertions, 39 deletions
diff --git a/test/test_certutils.py b/test/test_certutils.py index 176575ea..59c9dcd5 100644 --- a/test/test_certutils.py +++ b/test/test_certutils.py @@ -3,34 +3,34 @@ from netlib import certutils, certffi import OpenSSL import tutils -class TestDNTree: - def test_simple(self): - d = certutils.DNTree() - d.add("foo.com", "foo") - d.add("bar.com", "bar") - assert d.get("foo.com") == "foo" - assert d.get("bar.com") == "bar" - assert not d.get("oink.com") - assert not d.get("oink") - assert not d.get("") - assert not d.get("oink.oink") - - d.add("*.match.org", "match") - assert not d.get("match.org") - assert d.get("foo.match.org") == "match" - assert d.get("foo.foo.match.org") == "match" - - def test_wildcard(self): - d = certutils.DNTree() - d.add("foo.com", "foo") - assert not d.get("*.foo.com") - d.add("*.foo.com", "wild") - - d = certutils.DNTree() - d.add("*", "foo") - assert d.get("foo.com") == "foo" - assert d.get("*.foo.com") == "foo" - assert d.get("com") == "foo" +# class TestDNTree: +# def test_simple(self): +# d = certutils.DNTree() +# d.add("foo.com", "foo") +# d.add("bar.com", "bar") +# assert d.get("foo.com") == "foo" +# assert d.get("bar.com") == "bar" +# assert not d.get("oink.com") +# assert not d.get("oink") +# assert not d.get("") +# assert not d.get("oink.oink") +# +# d.add("*.match.org", "match") +# assert not d.get("match.org") +# assert d.get("foo.match.org") == "match" +# assert d.get("foo.foo.match.org") == "match" +# +# def test_wildcard(self): +# d = certutils.DNTree() +# d.add("foo.com", "foo") +# assert not d.get("*.foo.com") +# d.add("*.foo.com", "wild") +# +# d = certutils.DNTree() +# d.add("*", "foo") +# assert d.get("foo.com") == "foo" +# assert d.get("*.foo.com") == "foo" +# assert d.get("com") == "foo" class TestCertStore: @@ -42,7 +42,7 @@ class TestCertStore: ca2 = certutils.CertStore.from_store(d, "test") assert ca2.get_cert("foo", []) - assert ca.cacert.get_serial_number() == ca2.cacert.get_serial_number() + assert ca.default_ca.get_serial_number() == ca2.default_ca.get_serial_number() def test_create_tmp(self): with tutils.tmpdir() as d: @@ -52,7 +52,7 @@ class TestCertStore: assert ca.get_cert("*.foo.com", []) r = ca.get_cert("*.foo.com", []) - assert r[1] == ca.privkey + assert r[1] == ca.default_privatekey def test_add_cert(self): with tutils.tmpdir() as d: @@ -63,15 +63,22 @@ class TestCertStore: ca = certutils.CertStore.from_store(d, "test") c1 = ca.get_cert("foo.com", ["*.bar.com"]) c2 = ca.get_cert("foo.bar.com", []) - assert c1 == c2 + # assert c1 == c2 c3 = ca.get_cert("bar.com", []) assert not c1 == c3 + def test_sans_change(self): + with tutils.tmpdir() as d: + ca = certutils.CertStore.from_store(d, "test") + _ = ca.get_cert("foo.com", ["*.bar.com"]) + cert, key, chain_file = ca.get_cert("foo.bar.com", ["*.baz.com"]) + assert "*.baz.com" in cert.altnames + def test_overrides(self): with tutils.tmpdir() as d: ca1 = certutils.CertStore.from_store(os.path.join(d, "ca1"), "test") ca2 = certutils.CertStore.from_store(os.path.join(d, "ca2"), "test") - assert not ca1.cacert.get_serial_number() == ca2.cacert.get_serial_number() + assert not ca1.default_ca.get_serial_number() == ca2.default_ca.get_serial_number() dc = ca2.get_cert("foo.com", []) dcp = os.path.join(d, "dc") @@ -91,7 +98,7 @@ class TestCertStore: cert = ca1.get_cert("foo.com", []) assert certffi.get_flags(ca2.gen_pkey(cert[0])) == 1 finally: - certffi.set_flags(ca2.privkey, 0) + certffi.set_flags(ca2.default_privatekey, 0) class TestDummyCert: @@ -99,8 +106,8 @@ class TestDummyCert: with tutils.tmpdir() as d: ca = certutils.CertStore.from_store(d, "test") r = certutils.dummy_cert( - ca.privkey, - ca.cacert, + ca.default_privatekey, + ca.default_ca, "foo.com", ["one.com", "two.com", "*.three.com"] ) @@ -109,11 +116,15 @@ class TestDummyCert: class TestSSLCert: def test_simple(self): - c = certutils.SSLCert.from_pem(file(tutils.test_data.path("data/text_cert"), "rb").read()) + with open(tutils.test_data.path("data/text_cert"), "rb") as f: + d = f.read() + c = certutils.SSLCert.from_pem(d) assert c.cn == "google.com" assert len(c.altnames) == 436 - c = certutils.SSLCert.from_pem(file(tutils.test_data.path("data/text_cert_2"), "rb").read()) + with open(tutils.test_data.path("data/text_cert_2"), "rb") as f: + d = f.read() + c = certutils.SSLCert.from_pem(d) assert c.cn == "www.inode.co.nz" assert len(c.altnames) == 2 assert c.digest("sha1") @@ -127,12 +138,15 @@ class TestSSLCert: c.has_expired def test_err_broken_sans(self): - c = certutils.SSLCert.from_pem(file(tutils.test_data.path("data/text_cert_weird1"), "rb").read()) + with open(tutils.test_data.path("data/text_cert_weird1"), "rb") as f: + d = f.read() + c = certutils.SSLCert.from_pem(d) # This breaks unless we ignore a decoding error. c.altnames def test_der(self): - d = file(tutils.test_data.path("data/dercert"),"rb").read() + with open(tutils.test_data.path("data/dercert"), "rb") as f: + d = f.read() s = certutils.SSLCert.from_der(d) assert s.cn |