/
test_pyopenssl.py
89 lines (71 loc) · 2.7 KB
/
test_pyopenssl.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# -*- coding: utf-8 -*-
import os
import unittest
import mock
import pytest
try:
from urllib3.contrib.pyopenssl import (
_dnsname_to_stdlib, get_subj_alt_name
)
from cryptography import x509
from OpenSSL.crypto import FILETYPE_PEM, load_certificate
except ImportError:
pass
def setup_module():
try:
from urllib3.contrib.pyopenssl import inject_into_urllib3
inject_into_urllib3()
except ImportError as e:
pytest.skip('Could not import PyOpenSSL: %r' % e)
def teardown_module():
try:
from urllib3.contrib.securetransport import extract_from_urllib3
extract_from_urllib3()
except ImportError:
pass
from ..with_dummyserver.test_https import ( # noqa: F401
TestHTTPS, TestHTTPS_TLSv1, TestHTTPS_IPv6Addr,
TestHTTPS_IPSAN, TestHTTPS_NoSAN, TestHTTPS_IPV6SAN
)
from ..with_dummyserver.test_socketlevel import ( # noqa: F401
TestSNI, TestSocketClosing, TestClientCerts
)
class TestPyOpenSSLHelpers(unittest.TestCase):
"""
Tests for PyOpenSSL helper functions.
"""
def test_dnsname_to_stdlib_simple(self):
"""
We can convert a dnsname to a native string when the domain is simple.
"""
name = u"उदाहरण.परीक"
expected_result = 'xn--p1b6ci4b4b3a.xn--11b5bs8d'
self.assertEqual(_dnsname_to_stdlib(name), expected_result)
def test_dnsname_to_stdlib_leading_period(self):
"""
If there is a . in front of the domain name we correctly encode it.
"""
name = u".उदाहरण.परीक"
expected_result = '.xn--p1b6ci4b4b3a.xn--11b5bs8d'
self.assertEqual(_dnsname_to_stdlib(name), expected_result)
def test_dnsname_to_stdlib_leading_splat(self):
"""
If there's a wildcard character in the front of the string we handle it
appropriately.
"""
name = u"*.उदाहरण.परीक"
expected_result = '*.xn--p1b6ci4b4b3a.xn--11b5bs8d'
self.assertEqual(_dnsname_to_stdlib(name), expected_result)
@mock.patch('urllib3.contrib.pyopenssl.log.warning')
def test_get_subj_alt_name(self, mock_warning):
"""
If a certificate has two subject alternative names, cryptography raises
an x509.DuplicateExtension exception.
"""
path = os.path.join(os.path.dirname(__file__), 'duplicate_san.pem')
with open(path, 'r') as fp:
cert = load_certificate(FILETYPE_PEM, fp.read())
self.assertEqual(get_subj_alt_name(cert), [])
self.assertEqual(mock_warning.call_count, 1)
self.assertIsInstance(mock_warning.call_args[0][1],
x509.DuplicateExtension)