a }|g ,@sfdZddlZddlZddlZddlZddlZddlZddlZddlm Z ddl Z ddl Z ddl Z ddlZddlmZddlmZddlmZmZddlmZddlmZGd d d e jZGd d d e jZGd dde jZGddde jZGddde jZGddde jZ Gddde jZ!Gddde jZ"e#dkrbe$e%ej&dde'gdS)zTests for acme.crypto_util.N)List)x509) serialization)rsax25519)errors) test_utilc@seZdZddZdS) FormatTestcCs<ddlm}|jtjjks"J|jtjjks8JdS)Nr)Format)acme.crypto_utilr ZDERZto_cryptography_encodingrEncodingPEM)selfr rI/usr/lib/python3.9/site-packages/acme/_internal/tests/crypto_util_test.pytest_to_cryptography_encodings z(FormatTest.test_to_cryptography_encodingN)__name__ __module__ __qualname__rrrrrr sr c@sHeZdZdZddZddZddZdd Zd d Zd d Z ddZ dS)SSLSocketAndProbeSNITestz/Tests for acme.crypto_util.SSLSocket/probe_sni.cstd|_td}d||jjfiddlmGfdddtj}|dtj |_ |j j d |_ tj|j jd |_dS) Nzrsa2048_cert.pemzrsa2048_key.pemfoor SSLSocketcs eZdZfddZZS)z3SSLSocketAndProbeSNITest.setUp.._TestServercs$tj|i||j|_dSN)super__init__socket)rargskwargs)r __class__certsrrr*sz._TestServer.__init__)rrrr __classcell__rrr )rr _TestServer)sr#)r)target)rZload_comparable_certcertZload_pyopenssl_private_keywrappedr r socketserverZ TCPServerZBaseRequestHandlerserverrZ getsocknameport threadingThreadZhandle_request server_thread)rkeyr#rr"rsetUp!s   zSSLSocketAndProbeSNITest.setUpcCs"|jr|j|jdSr)r.is_alivejoinr* server_closerrrrtearDown3s  z!SSLSocketAndProbeSNITest.tearDowncCs"ddlm}t||d|jdS)Nr) probe_sni 127.0.0.1)hostr+)r r6joseComparableX509r+)rnamer6rrr_probe9s zSSLSocketAndProbeSNITest._probecCs|jtddS)Nr%)r.starttimesleepr4rrr _start_server>s z&SSLSocketAndProbeSNITest._start_servercCs ||j|dksJdS)Nr)r@r'r<r4rrr test_probe_okBsz&SSLSocketAndProbeSNITest.test_probe_okcCsB|ttj|dWdn1s40YdS)Nbar)r@pytestraisesrErrorr<r4rrrtest_probe_not_recognized_nameFsz7SSLSocketAndProbeSNITest.test_probe_not_recognized_namec Csr|jt}zNtdttj| dWdn1sJ0YWt|n t|0dS)Nr%rB) r*r3rZgetdefaulttimeoutZsetdefaulttimeoutrCrDrrEr<)rZoriginal_timeoutrrrtest_probe_connection_errorKs  *z4SSLSocketAndProbeSNITest.test_probe_connection_errorN) rrr__doc__r0r5r<r@rArFrGrrrrrsrc@seZdZdZddZdS) SSLSocketTestz%Tests for acme.crypto_util.SSLSocket.cCsddlm}tt&|dddiddd}Wdn1sB0Ytt|d}Wdn1st0YdS)NrrZsni)r/r'cSsdSrr)_rrr]zASSLSocketTest.test_ssl_socket_invalid_arguments..)Zcert_selection)r rrCrD ValueError)rrrJrrr!test_ssl_socket_invalid_argumentsYs   $ z/SSLSocketTest.test_ssl_socket_invalid_argumentsN)rrrrHrNrrrrrIVsrIc@s<eZdZdZeddZddZddZdd Zd d Z d S) PyOpenSSLCertOrReqAllNamesTestz;Test for acme.crypto_util._pyopenssl_cert_or_req_all_names.cCsddlm}|||S)Nr) _pyopenssl_cert_or_req_all_names)r rP)clsloaderr;rPrrr_calles z$PyOpenSSLCertOrReqAllNamesTest._callcCs|tj|SrrSr load_certrr;rrr _call_certksz)PyOpenSSLCertOrReqAllNamesTest._call_certcCs|ddgksJdS)Nz cert-nocn.derzno-common-name.badssl.comrWr4rrrtest_cert_one_san_no_commonnsz:PyOpenSSLCertOrReqAllNamesTest.test_cert_one_san_no_commoncCs|ddgksJdS)Ncert.pem example.comrXr4rrrtest_cert_no_sans_yes_commonrsz;PyOpenSSLCertOrReqAllNamesTest.test_cert_no_sans_yes_commoncCs|dddgksJdSN cert-san.pemr[www.example.comrXr4rrrtest_cert_two_sans_yes_commonuszrLz.iiiAii iwcs&g|]}d||ddqS)r$-z.invalid)r2recharsrrrhsrri) itertoolschainrangelen)rQrrjr_get_idn_namess z(PyOpenSSLCertOrReqSANTest._get_idn_namescCs|tj|SrrTrVrrrrWsz$PyOpenSSLCertOrReqSANTest._call_certcCs|tj|Sr)rSrZload_csrrVrrr _call_csrsz#PyOpenSSLCertOrReqSANTest._call_csrcCs|dgksJdS)NrZrXr4rrrtest_cert_no_sanssz+PyOpenSSLCertOrReqSANTest.test_cert_no_sanscCs|dddgksJdSr]rXr4rrrtest_cert_two_sanssz,PyOpenSSLCertOrReqSANTest.test_cert_two_sanscCs&|dddtddDks"JdS)Nzcert-100sans.pemcSsg|]}d|qSzexample{0}.comformatrerrrrhrLzDPyOpenSSLCertOrReqSANTest.test_cert_hundred_sans..r%e)rWrnr4rrrtest_cert_hundred_sanssz0PyOpenSSLCertOrReqSANTest.test_cert_hundred_sanscCs|d|ksJdS)Ncert-idnsans.pem)rWrpr4rrrtest_cert_idn_sanssz,PyOpenSSLCertOrReqSANTest.test_cert_idn_sanscCs|dgksJdS)Nzcsr-nosans.pemrqr4rrrtest_csr_no_sanssz*PyOpenSSLCertOrReqSANTest.test_csr_no_sanscCs|ddgksJdS)Nzcsr.pemr[r{r4rrrtest_csr_one_sansz*PyOpenSSLCertOrReqSANTest.test_csr_one_sancCs|dddgksJdS)Nz csr-san.pemr[r_r{r4rrrtest_csr_two_sanssz+PyOpenSSLCertOrReqSANTest.test_csr_two_sanscCs|dgdksJdS)Nz csr-6sans.pem)r[z example.orgz example.netz example.infozsubdomain.example.comzother.subdomain.example.comr{r4rrrtest_csr_six_sanssz+PyOpenSSLCertOrReqSANTest.test_csr_six_sanscCs&|dddtddDks"JdS)Nzcsr-100sans.pemcSsg|]}d|qSrtrurerrrrhrLzCPyOpenSSLCertOrReqSANTest.test_csr_hundred_sans..r%rw)rqrnr4rrrtest_csr_hundred_sanssz/PyOpenSSLCertOrReqSANTest.test_csr_hundred_sanscCs|d|ksJdS)Nzcsr-idnsans.pem)rqrpr4rrrtest_csr_idn_sanssz+PyOpenSSLCertOrReqSANTest.test_csr_idn_sanscCs|dddgksJdS)Nzcritical-san.pemzchicago-cubs.venafi.examplezcubs.venafi.examplerXr4rrrtest_critical_sansz+PyOpenSSLCertOrReqSANTest.test_critical_sanN)rrrrHrarSrprWrqrrrsrxrzr|r}r~rrrrrrrrrbzs$  rbc@s(eZdZdZddZddZddZdS) GenSsCertTestz6Test for gen_ss_cert (generation of self-signed cert).cCs.d|_g|_tj|_|jtjjddS)N) cert_count serial_numOpenSSLcryptoZPKeyr/Z generate_keyZTYPE_RSAr4rrrr0s zGenSsCertTest.setUpcCsdddlm}t|jD]0}||jdgdtdgd}|j| qt t |j|jks`JdS)Nr gen_ss_certZdummyTz 10.10.10.10)Z force_sanips) r rrnrr/ ipaddress ip_addressrappendZget_serial_numberroset)rrrJr'rrrtest_sn_collisionss   z GenSsCertTest.test_sn_collisionscCsZddlm}tt0||jtdgd||jWdn1sL0YdS)Nrrz1.1.1.1)r)r rrCrDAssertionErrorr/rr)rrrrr test_no_names  zGenSsCertTest.test_no_nameN)rrrrHr0rrrrrrrs rc@sDeZdZdZeddZddZddZdd Zd d Z d d Z dS) MakeCSRTestzTest for standalone functions.cOsJtjddd}|tjjtjjt}ddl m }||g|Ri|S)Nir)Zpublic_exponentZkey_sizermake_csr) rZgenerate_private_key private_bytesrr r PrivateFormatPKCS8 NoEncryptionr r)rQrrprivkey privkey_pemrrrr_call_with_keys zMakeCSRTest._call_with_keycCsr|ddg}d|vsJd|vs&Jt|}t|jdksBJt|jtjjt dt dgksnJdS)N a.examplez b.example--BEGIN CERTIFICATE REQUEST----END CERTIFICATE REQUEST--r%) rrload_pem_x509_csrro extensionslistget_extension_for_classSubjectAlternativeNamevalueDNSNamerZcsr_pemZcsrrrr test_make_csrs   zMakeCSRTest.test_make_csrcCs|dgdtdtdg}d|vs,Jd|vs8Jt|}t|jdksTJt|jtj j t dt tdt tdgksJdS)NrFr7z::1rrr%) rrrrrrorrrrrrZ IPAddressrrrrtest_make_csr_ips"   zMakeCSRTest.test_make_csr_ipcCsR|jdgdd}t|}t|jdks,Jt|jtjjtj j gksNJdS)NrT)Z must_staple) rrrrorrrZ TLSFeaturerZTLSFeatureTypeZstatus_requestrrrrtest_make_csr_must_staple s  z%MakeCSRTest.test_make_csr_must_staplecCs6tt|Wdn1s(0YdSr)rCrDrMrr4rrrtest_make_csr_without_hostnames z*MakeCSRTest.test_make_csr_without_hostnamecCsjtj}|tjjtjjt }ddl m }t t||dgWdn1s\0YdS)Nrrr)rZX25519PrivateKeyZgeneraterrr r rrrr rrCrDrM)rrrrrrrtest_make_csr_invalid_key_types   z*MakeCSRTest.test_make_csr_invalid_key_typeN) rrrrHrarrrrrrrrrrrs  rc@s,eZdZdZeddZddZddZdS) DumpPyopensslChainTestzTest for dump_pyopenssl_chain.cCsddlm}||S)Nr)dump_pyopenssl_chain)r r)rQloadedrrrrrS&s zDumpPyopensslChainTest._callcCsBgd}dd|D}tdd|D}t|||ks>JdS)NrZr^rycSsg|]}t|qSrrrUrfr;rrrrh.rLzDDumpPyopensslChainTest.test_dump_pyopenssl_chain..css$|]}ttjtjj|VqdSr)rorrdump_certificate FILETYPE_PEMrfr'rrr /szCDumpPyopensslChainTest.test_dump_pyopenssl_chain..)sumrorS)rnamesrlengthrrrtest_dump_pyopenssl_chain,s z0DumpPyopensslChainTest.test_dump_pyopenssl_chaincsfgd}dd|D}tjfdd|D}tjjtfdd|D}t|||ksbJdS)NrcSsg|]}t|qSrrrrrrrh6rLzLDumpPyopensslChainTest.test_dump_pyopenssl_chain_wrapped..csg|] }|qSrrr) wrap_funcrrrh8rLc3s |]}ttjj|VqdSr)rorrrr) dump_funcrrr:rLzKDumpPyopensslChainTest.test_dump_pyopenssl_chain_wrapped..)r9r:rrrrrorS)rrrr(rr)rrr!test_dump_pyopenssl_chain_wrapped4sz8DumpPyopensslChainTest.test_dump_pyopenssl_chain_wrappedN)rrrrHrarSrrrrrrr#s  r__main__r%)(rHrrlrr)sysr,r>typingrZunittestZjosepyr9rrCZ cryptographyrZcryptography.hazmat.primitivesrZ)cryptography.hazmat.primitives.asymmetricrrZacmerZacme._internal.testsrZTestCaser rrIrOrbrrrrexitmainargv__file__rrrrs6     8 DK