diff options
author | Andrej Shadura <andrew.shadura@collabora.co.uk> | 2019-06-21 08:25:22 -0500 |
---|---|---|
committer | Andrej Shadura <andrew.shadura@collabora.co.uk> | 2019-06-21 08:25:22 -0500 |
commit | f836f2af1d9ec6af5188950bfb5624fa04888586 (patch) | |
tree | acf370edefab66dd0a2bf6dd45aa180c37948fcd /tests | |
parent | cc7e801a5bfb7e276585349cc878259d4cb71c56 (diff) |
New upstream version 18.1.0
Diffstat (limited to 'tests')
-rw-r--r-- | tests/__init__.py | 0 | ||||
-rw-r--r-- | tests/test_common.py | 627 | ||||
-rw-r--r-- | tests/test_pyopenssl.py | 54 | ||||
-rw-r--r-- | tests/util.py | 116 |
4 files changed, 0 insertions, 797 deletions
diff --git a/tests/__init__.py b/tests/__init__.py deleted file mode 100644 index e69de29..0000000 --- a/tests/__init__.py +++ /dev/null diff --git a/tests/test_common.py b/tests/test_common.py deleted file mode 100644 index 466a682..0000000 --- a/tests/test_common.py +++ /dev/null @@ -1,627 +0,0 @@ -from __future__ import absolute_import, division, print_function - -import pytest - -import service_identity._common - -from service_identity._common import ( - DNSPattern, - DNS_ID, - ServiceMatch, - SRVPattern, - SRV_ID, - URIPattern, - URI_ID, - _contains_instance_of, - _find_matches, - _hostname_matches, - _is_ip_address, - _validate_pattern, - verify_service_identity, -) -from service_identity.exceptions import ( - CertificateError, - DNSMismatch, - SRVMismatch, - VerificationError, -) -from service_identity.pyopenssl import extract_ids -from .util import CERT_DNS_ONLY - -try: - import idna -except ImportError: - idna = None - - -class TestVerifyServiceIdentity(object): - """ - Simple integration tests for verify_service_identity. - """ - def test_dns_id_success(self): - """ - Return pairs of certificate ids and service ids on matches. - """ - rv = verify_service_identity(extract_ids(CERT_DNS_ONLY), - [DNS_ID(u"twistedmatrix.com")], - []) - assert [ - ServiceMatch(cert_pattern=DNSPattern(b"twistedmatrix.com"), - service_id=DNS_ID(u"twistedmatrix.com"),), - ] == rv - - def test_integration_dns_id_fail(self): - """ - Raise VerificationError if no certificate id matches the supplied - service ids. - """ - i = DNS_ID(u"wrong.host") - with pytest.raises(VerificationError) as e: - verify_service_identity( - extract_ids(CERT_DNS_ONLY), - obligatory_ids=[i], - optional_ids=[], - ) - assert [DNSMismatch(mismatched_id=i)] == e.value.errors - - def test_obligatory_missing(self): - """ - Raise if everything matches but one of the obligatory IDs is missing. - """ - i = DNS_ID(u"example.net") - with pytest.raises(VerificationError) as e: - verify_service_identity( - [SRVPattern(b"_mail.example.net")], - obligatory_ids=[SRV_ID(u"_mail.example.net"), i], - optional_ids=[], - ) - assert [DNSMismatch(mismatched_id=i)] == e.value.errors - - def test_obligatory_mismatch(self): - """ - Raise if one of the obligatory IDs doesn't match. - """ - i = DNS_ID(u"example.net") - with pytest.raises(VerificationError) as e: - verify_service_identity( - [SRVPattern(b"_mail.example.net"), DNSPattern(b"example.com")], - obligatory_ids=[SRV_ID(u"_mail.example.net"), i], - optional_ids=[], - ) - assert [DNSMismatch(mismatched_id=i)] == e.value.errors - - def test_optional_missing(self): - """ - Optional IDs may miss as long as they don't conflict with an existing - pattern. - """ - p = DNSPattern(b"mail.foo.com") - i = DNS_ID(u"mail.foo.com") - rv = verify_service_identity( - [p], - obligatory_ids=[i], - optional_ids=[SRV_ID(u"_mail.foo.com")], - ) - assert [ServiceMatch(cert_pattern=p, service_id=i)] == rv - - def test_optional_mismatch(self): - """ - Raise VerificationError if an ID from optional_ids does not match - a pattern of respective type even if obligatory IDs match. - """ - i = SRV_ID(u"_xmpp.example.com") - with pytest.raises(VerificationError) as e: - verify_service_identity( - [DNSPattern(b"example.net"), SRVPattern(b"_mail.example.com")], - obligatory_ids=[DNS_ID(u"example.net")], - optional_ids=[i], - ) - assert [SRVMismatch(mismatched_id=i)] == e.value.errors - - def test_contains_optional_and_matches(self): - """ - If an optional ID is found, return the match within the returned - list and don't raise an error. - """ - p = SRVPattern(b"_mail.example.net") - i = SRV_ID(u"_mail.example.net") - rv = verify_service_identity( - [DNSPattern(b"example.net"), p], - obligatory_ids=[DNS_ID(u"example.net")], - optional_ids=[i], - ) - assert ServiceMatch(cert_pattern=p, service_id=i) == rv[1] - - -class TestContainsInstance(object): - def test_positive(self): - """ - If the list contains an object of the type, return True. - """ - assert _contains_instance_of([object(), tuple(), object()], tuple) - - def test_negative(self): - """ - If the list does not contain an object of the type, return False. - """ - assert not _contains_instance_of([object(), list(), {}], tuple) - - -class TestDNS_ID(object): - def test_enforces_unicode(self): - """ - Raise TypeError if pass DNS-ID is not unicode. - """ - with pytest.raises(TypeError): - DNS_ID(b"foo.com") - - def test_handles_missing_idna(self, monkeypatch): - """ - Raise ImportError if idna is missing and a non-ASCII DNS-ID is passed. - """ - monkeypatch.setattr(service_identity._common, "idna", None) - with pytest.raises(ImportError): - DNS_ID(u"f\xf8\xf8.com") - - def test_ascii_works_without_idna(self, monkeypatch): - """ - 7bit-ASCII DNS-IDs work no matter whether idna is present or not. - """ - monkeypatch.setattr(service_identity._common, "idna", None) - dns = DNS_ID(u"foo.com") - assert b"foo.com" == dns.hostname - - @pytest.mark.skipif(idna is None, reason="idna not installed") - def test_idna_used_if_available_on_non_ascii(self): - """ - If idna is installed and a non-ASCII DNS-ID is passed, encode it to - ASCII. - """ - dns = DNS_ID(u"f\xf8\xf8.com") - assert b'xn--f-5gaa.com' == dns.hostname - - def test_catches_invalid_dns_ids(self): - """ - Raise ValueError on invalid DNS-IDs. - """ - for invalid_id in [ - u" ", u"", # empty strings - u"host,name", # invalid chars - u"192.168.0.0", u"::1", u"1234" # IP addresses - ]: - with pytest.raises(ValueError): - DNS_ID(invalid_id) - - def test_lowercases(self): - """ - The hostname is lowercased so it can be compared case-insensitively. - """ - dns_id = DNS_ID(u"hOsTnAmE") - assert b"hostname" == dns_id.hostname - - def test_verifies_only_dns(self): - """ - If anything else than DNSPattern is passed to verify, return False. - """ - assert not DNS_ID(u"foo.com").verify(object()) - - def test_simple_match(self): - """ - Simple integration test with _hostname_matches with a match. - """ - assert DNS_ID(u"foo.com").verify(DNSPattern(b"foo.com")) - - def test_simple_mismatch(self): - """ - Simple integration test with _hostname_matches with a mismatch. - """ - assert not DNS_ID(u"foo.com").verify(DNSPattern(b"bar.com")) - - def test_matches(self): - """ - Valid matches return `True`. - """ - for cert, actual in [ - (b"www.example.com", b"www.example.com"), - (b"*.example.com", b"www.example.com"), - (b"xxx*.example.com", b"xxxwww.example.com"), - (b"f*.example.com", b"foo.example.com"), - (b"*oo.bar.com", b"foo.bar.com"), - (b"fo*oo.bar.com", b"fooooo.bar.com"), - ]: - assert _hostname_matches(cert, actual) - - def test_mismatches(self): - """ - Invalid matches return `False`. - """ - for cert, actual in [ - (b"xxx.example.com", b"www.example.com"), - (b"*.example.com", b"baa.foo.example.com"), - (b"f*.example.com", b"baa.example.com"), - (b"*.bar.com", b"foo.baz.com"), - (b"*.bar.com", b"bar.com"), - (b"x*.example.com", b"xn--gtter-jua.example.com"), - ]: - assert not _hostname_matches(cert, actual) - - -class TestURI_ID(object): - def test_enforces_unicode(self): - """ - Raise TypeError if pass URI-ID is not unicode. - """ - with pytest.raises(TypeError): - URI_ID(b"sip:foo.com") - - def test_create_DNS_ID(self): - """ - The hostname is converted into a DNS_ID object. - """ - uri_id = URI_ID(u"sip:foo.com") - assert DNS_ID(u"foo.com") == uri_id.dns_id - assert b"sip" == uri_id.protocol - - def test_lowercases(self): - """ - The protocol is lowercased so it can be compared case-insensitively. - """ - uri_id = URI_ID(u"sIp:foo.com") - assert b"sip" == uri_id.protocol - - def test_catches_missing_colon(self): - """ - Raise ValueError if there's no colon within a URI-ID. - """ - with pytest.raises(ValueError): - URI_ID(u"sip;foo.com") - - def test_is_only_valid_for_uri(self): - """ - If anything else than an URIPattern is passed to verify, return - False. - """ - assert not URI_ID(u"sip:foo.com").verify(object()) - - def test_protocol_mismatch(self): - """ - If protocol doesn't match, verify returns False. - """ - assert not URI_ID(u"sip:foo.com").verify(URIPattern(b"xmpp:foo.com")) - - def test_dns_mismatch(self): - """ - If the hostname doesn't match, verify returns False. - """ - assert not URI_ID(u"sip:bar.com").verify(URIPattern(b"sip:foo.com")) - - def test_match(self): - """ - Accept legal matches. - """ - assert URI_ID(u"sip:foo.com").verify(URIPattern(b"sip:foo.com")) - - -class TestSRV_ID(object): - def test_enforces_unicode(self): - """ - Raise TypeError if pass srv-ID is not unicode. - """ - with pytest.raises(TypeError): - SRV_ID(b"_mail.example.com") - - def test_create_DNS_ID(self): - """ - The hostname is converted into a DNS_ID object. - """ - srv_id = SRV_ID(u"_mail.example.com") - assert DNS_ID(u"example.com") == srv_id.dns_id - - def test_lowercases(self): - """ - The service name is lowercased so it can be compared - case-insensitively. - """ - srv_id = SRV_ID(u"_MaIl.foo.com") - assert b"mail" == srv_id.name - - def test_catches_missing_dot(self): - """ - Raise ValueError if there's no dot within a SRV-ID. - """ - with pytest.raises(ValueError): - SRV_ID(u"_imapsfoocom") - - def test_catches_missing_underscore(self): - """ - Raise ValueError if the service is doesn't start with an underscore. - """ - with pytest.raises(ValueError): - SRV_ID(u"imaps.foo.com") - - def test_is_only_valid_for_SRV(self): - """ - If anything else than an SRVPattern is passed to verify, return False. - """ - assert not SRV_ID(u"_mail.foo.com").verify(object()) - - def test_match(self): - """ - Accept legal matches. - """ - assert SRV_ID(u"_mail.foo.com").verify(SRVPattern(b"_mail.foo.com")) - - @pytest.mark.skipif(idna is None, reason="idna not installed") - def test_match_idna(self): - """ - IDNAs are handled properly. - """ - assert SRV_ID(u"_mail.f\xf8\xf8.com").verify( - SRVPattern(b'_mail.xn--f-5gaa.com') - ) - - def test_mismatch_service_name(self): - """ - If the service name doesn't match, verify returns False. - """ - assert not ( - SRV_ID(u"_mail.foo.com").verify(SRVPattern(b"_xmpp.foo.com")) - ) - - def test_mismatch_dns(self): - """ - If the dns_id doesn't match, verify returns False. - """ - assert not ( - SRV_ID(u"_mail.foo.com").verify(SRVPattern(b"_mail.bar.com")) - ) - - -class TestDNSPattern(object): - def test_enforces_bytes(self): - """ - Raise TypeError if unicode is passed. - """ - with pytest.raises(TypeError): - DNSPattern(u"foo.com") - - def test_catches_empty(self): - """ - Empty DNS-IDs raise a :class:`CertificateError`. - """ - with pytest.raises(CertificateError): - DNSPattern(b" ") - - def test_catches_NULL_bytes(self): - """ - Raise :class:`CertificateError` if a NULL byte is in the hostname. - """ - with pytest.raises(CertificateError): - DNSPattern(b"www.google.com\0nasty.h4x0r.com") - - def test_catches_ip_address(self): - """ - IP addresses are invalid and raise a :class:`CertificateError`. - """ - with pytest.raises(CertificateError): - DNSPattern(b"192.168.0.0") - - def test_invalid_wildcard(self): - """ - Integration test with _validate_pattern: catches double wildcards thus - is used if an wildward is present. - """ - with pytest.raises(CertificateError): - DNSPattern(b"*.foo.*") - - -class TestURIPattern(object): - def test_enforces_bytes(self): - """ - Raise TypeError if unicode is passed. - """ - with pytest.raises(TypeError): - URIPattern(u"sip:foo.com") - - def test_catches_missing_colon(self): - """ - Raise CertificateError if URI doesn't contain a `:`. - """ - with pytest.raises(CertificateError): - URIPattern(b"sip;foo.com") - - def test_catches_wildcards(self): - """ - Raise CertificateError if URI contains a *. - """ - with pytest.raises(CertificateError): - URIPattern(b"sip:*.foo.com") - - -class TestSRVPattern(object): - def test_enforces_bytes(self): - """ - Raise TypeError if unicode is passed. - """ - with pytest.raises(TypeError): - SRVPattern(u"_mail.example.com") - - def test_catches_missing_underscore(self): - """ - Raise CertificateError if SRV doesn't start with a `_`. - """ - with pytest.raises(CertificateError): - SRVPattern(b"foo.com") - - def test_catches_wildcards(self): - """ - Raise CertificateError if SRV contains a *. - """ - with pytest.raises(CertificateError): - SRVPattern(b"sip:*.foo.com") - - -class TestValidateDNSWildcardPattern(object): - def test_allows_only_one_wildcard(self): - """ - Raise CertificateError on multiple wildcards. - """ - with pytest.raises(CertificateError): - _validate_pattern(b"*.*.com") - - def test_wildcard_must_be_left_most(self): - """ - Raise CertificateError if wildcard is not in the left-most part. - """ - for hn in [ - b"foo.b*r.com", - b"foo.bar.c*m", - b"foo.*", - b"foo.*.com", - ]: - with pytest.raises(CertificateError): - _validate_pattern(hn) - - def test_must_have_at_least_three_parts(self): - """ - Raise CertificateError if host consists of less than three parts. - """ - for hn in [ - b"*", - b"*.com", - b"*fail.com", - b"*foo", - b"foo*", - b"f*o", - b"*.example.", - ]: - with pytest.raises(CertificateError): - _validate_pattern(hn) - - def test_valid_patterns(self): - """ - Does not throw CertificateError on valid patterns. - """ - for pattern in [ - b"*.bar.com", - b"*oo.bar.com", - b"f*.bar.com", - b"f*o.bar.com" - ]: - _validate_pattern(pattern) - - -class FakeCertID(object): - pass - - -class Fake_ID(object): - """ - An ID that accepts exactly on object as pattern. - """ - def __init__(self, pattern): - self._pattern = pattern - - def verify(self, other): - """ - True iff other is the same object as pattern. - """ - return other is self._pattern - - -class TestFindMatches(object): - def test_one_match(self): - """ - If there's a match, return a tuple of the certificate id and the - service id. - """ - valid_cert_id = FakeCertID() - valid_id = Fake_ID(valid_cert_id) - rv = _find_matches([ - FakeCertID(), - valid_cert_id, - FakeCertID(), - ], [valid_id]) - - assert [ - ServiceMatch(cert_pattern=valid_cert_id, service_id=valid_id) - ] == rv - - def test_no_match(self): - """ - If no valid certificate ids are found, return an empty list. - """ - rv = _find_matches([ - FakeCertID(), - FakeCertID(), - FakeCertID(), - ], [Fake_ID(object())]) - - assert [] == rv - - def test_multiple_matches(self): - """ - Return all matches. - """ - valid_cert_id_1 = FakeCertID() - valid_cert_id_2 = FakeCertID() - valid_cert_id_3 = FakeCertID() - valid_id_1 = Fake_ID(valid_cert_id_1) - valid_id_2 = Fake_ID(valid_cert_id_2) - valid_id_3 = Fake_ID(valid_cert_id_3) - rv = _find_matches([ - FakeCertID(), - valid_cert_id_1, - FakeCertID(), - valid_cert_id_3, - FakeCertID(), - valid_cert_id_2, - ], [valid_id_1, valid_id_2, valid_id_3]) - - assert [ - ServiceMatch(cert_pattern=valid_cert_id_1, service_id=valid_id_1), - ServiceMatch(cert_pattern=valid_cert_id_2, service_id=valid_id_2), - ServiceMatch(cert_pattern=valid_cert_id_3, service_id=valid_id_3), - ] == rv - - -class TestIsIPAddress(object): - def test_ips(self): - """ - Returns True for patterns and hosts that could match IP addresses. - """ - for s in [ - b"127.0.0.1", - u"127.0.0.1", - b"172.16.254.12", - b"*.0.0.1", - b"::1", - b"*::1", - b"2001:0db8:0000:0000:0000:ff00:0042:8329", - b"2001:0db8::ff00:0042:8329", - ]: - assert _is_ip_address(s), "Not detected {0!r}".format(s) - - def test_no_ips(self): - """ - Return False for patterns and hosts that aren't IP addresses. - """ - for s in [ - b"*.twistedmatrix.com", - b"twistedmatrix.com", - b"mail.google.com", - b"omega7.de", - b"omega7", - ]: - assert not _is_ip_address(s), "False positive {0!r}".format(s) - - -class TestVerificationError(object): - """ - The __str__ returns something sane. - """ - try: - raise VerificationError(errors=["foo"]) - except VerificationError as e: - assert repr(e) == str(e) - assert str(e) != "" diff --git a/tests/test_pyopenssl.py b/tests/test_pyopenssl.py deleted file mode 100644 index 61d480a..0000000 --- a/tests/test_pyopenssl.py +++ /dev/null @@ -1,54 +0,0 @@ -from __future__ import absolute_import, division, print_function - -import pytest - -from service_identity._common import DNSPattern, URIPattern -from service_identity import SubjectAltNameWarning -from service_identity.pyopenssl import extract_ids, verify_hostname - -from .util import CERT_CN_ONLY, CERT_DNS_ONLY, CERT_OTHER_NAME - - -class TestVerifyHostname(object): - def test_verify_hostname(self): - """ - It's just a convenience one-liner. Let's check it doesn't explode b/c - of some typo. - """ - class FakeConnection(object): - def get_peer_certificate(self): - return CERT_DNS_ONLY - - verify_hostname(FakeConnection(), u"twistedmatrix.com") - - -class TestExtractIDs(object): - def test_dns(self): - """ - Returns the correct DNSPattern from a certificate. - """ - rv = extract_ids(CERT_DNS_ONLY) - assert [ - DNSPattern(b"www.twistedmatrix.com"), - DNSPattern(b"twistedmatrix.com") - ] == rv - - def test_cn_ids_are_used_as_fallback(self): - """ - CNs are returned as DNSPattern if no other IDs are present - and a warning is raised. - """ - with pytest.warns(SubjectAltNameWarning): - rv = extract_ids(CERT_CN_ONLY) - assert [ - DNSPattern(b"www.microsoft.com") - ] == rv - - def test_uri(self): - """ - Returns the correct URIPattern from a certificate. - """ - rv = extract_ids(CERT_OTHER_NAME) - assert [ - URIPattern(b"http://example.com/") - ] == [id for id in rv if isinstance(id, URIPattern)] diff --git a/tests/util.py b/tests/util.py deleted file mode 100644 index 0a911c3..0000000 --- a/tests/util.py +++ /dev/null @@ -1,116 +0,0 @@ -from __future__ import absolute_import, division, print_function - -from OpenSSL.crypto import load_certificate, FILETYPE_PEM - - -# Test certificates - -PEM_DNS_ONLY = """\ ------BEGIN CERTIFICATE----- -MIIGbjCCBVagAwIBAgIDCesrMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ -TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0 -YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg -MSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTMwNDEwMTk1ODA5 -WhcNMTQwNDExMTkyODAwWjB1MRkwFwYDVQQNExBTN2xiQ3Q3TjJSNHQ5bzhKMQsw -CQYDVQQGEwJVUzEeMBwGA1UEAxMVd3d3LnR3aXN0ZWRtYXRyaXguY29tMSswKQYJ -KoZIhvcNAQkBFhxwb3N0bWFzdGVyQHR3aXN0ZWRtYXRyaXguY29tMIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUH8iDxIEiDcMQb8kr/JTYXDGuE8ISQA -uw/gBqpvHIvCgPBkZpvjQLA23rnUZm1S3VG5MIq6gZVdtl9LFIfokMPGgY9EZng8 -BaI+6Y36cMtubnzW53OZb7yLQQyg+rjuwjvJOY33ZulEthxhdB3km1Leb67iE9v7 -dpyKeJ/8m2IWD37HCtXIEnp9ZqWOZkAPzlzDt6oNxj0s/l3z23+XqZdr+kmlh9U+ -VWBTPppO4AJNwSqbBd0PgIozbYsp6urxSr40YQkIYFOOZQNs7HETJE71Ia7DQcUD -kUF1jZSYZnhVQwGPisqQLGodt9q9p2BhpSf0cUm02uKKzYi5A2h7UQIDAQABo4IC -7TCCAukwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUH -AwEwHQYDVR0OBBYEFGeuUvDrFHkl7Krl/+rlv1FsnsU6MB8GA1UdIwQYMBaAFOtC -NNCYsKuf9BtrCPfMZC7vDixFMDMGA1UdEQQsMCqCFXd3dy50d2lzdGVkbWF0cml4 -LmNvbYIRdHdpc3RlZG1hdHJpeC5jb20wggFWBgNVHSAEggFNMIIBSTAIBgZngQwB -AgEwggE7BgsrBgEEAYG1NwECAzCCASowLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cu -c3RhcnRzc2wuY29tL3BvbGljeS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0 -Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmlj -YXRlIHdhcyBpc3N1ZWQgYWNjb3JkaW5nIHRvIHRoZSBDbGFzcyAxIFZhbGlkYXRp -b24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlh -bmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ug -b2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMDUGA1UdHwQuMCwwKqAo -oCaGJGh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydDEtY3JsLmNybDCBjgYIKwYB -BQUHAQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29t -L3N1Yi9jbGFzczEvc2VydmVyL2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0 -YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MxLnNlcnZlci5jYS5jcnQwIwYDVR0S -BBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20vMA0GCSqGSIb3DQEBBQUAA4IB -AQCN85dUStYjHmWdXthpAqJcS3KD2JP6N9egOz7FTcToXLW8Kl5a2SUVaJv8Fzs+ -wtbPJQSm0LyGtfdrR6iKFPf28Vm/VkYXPiOV08GD9B7yl1SjktXOsGMPlOHU8YQZ -DEsHOrRvaZBSA1VtBQjYnoO0pDVu9QwDLAPLFvFice2PN803HuMFIwcuQSIrh4nq -PqwitBZ6nPPHz7aSiAut/+txK3EZll0d+hl0H3Phd+ICeITYhNkLe90k7l1IFpET -fJiBDvG/iDAJISgkrR1heuX/e+yWfx7RvqGlMLIE35d+0MhWy92Jzejbl8fJdr4C -Kulh/pV07MWAUZxscUPtWmPo ------END CERTIFICATE-----""" - -PEM_CN_ONLY = """\ ------BEGIN CERTIFICATE----- -MIIGdDCCBVygAwIBAgIKGOC4tAABAAAx0TANBgkqhkiG9w0BAQUFADCBgDETMBEG -CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG -CgmSJomT8ixkARkWBGNvcnAxFzAVBgoJkiaJk/IsZAEZFgdyZWRtb25kMR8wHQYD -VQQDExZNU0lUIE1hY2hpbmUgQXV0aCBDQSAyMB4XDTEzMDExMjAwMDc0MVoXDTE1 -MDExMjAwMDc0MVoweDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQH -EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xDjAMBgNV -BAsTBU1TQ09NMRowGAYDVQQDExF3d3cubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAJ+h4bQ7OlcO0M9UvM0Y2LISEzGkTDc9CT7v -c91kI2GOlR/kbI1AUmJu3g6Cv0wqz4b9QT6BdXSE+WAxUM/yk4mf1HhkJtbSwucb -AQAtgq0iC1u6mDDXH2sl/NUB4VKSGryIYYdRVHduZlFkAHmxwcmxyQt6BQykXl7G -NkftiJZtVci/ZRPaBrFnkZjZCbJH+capx0v9hmBTLPVAGyIF5TwF1aldXT367S76 -QGGn6UnI0O5Cua7GU1JDVmbPus0kgRTazvyW4g17jGFtNJTy43UqlX7TZ8B76OZC -sqoVxJblVh7I0WDcDFwIrSWiUEFc9i05g1g49xK8Y7tph8tbwv8CAwEAAaOCAvUw -ggLxMAsGA1UdDwQEAwIEsDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEw -eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA -MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl -AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUK9tKP5ACSJ4PiSHi -60pzHuAPhWswHwYDVR0jBBgwFoAU69sRXvgJntjWYpz9Yp3jhEoo4Scwge4GA1Ud -HwSB5jCB4zCB4KCB3aCB2oZPaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtp -L21zY29ycC9jcmwvTVNJVCUyME1hY2hpbmUlMjBBdXRoJTIwQ0ElMjAyKDEpLmNy -bIZNaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01TSVQl -MjBNYWNoaW5lJTIwQXV0aCUyMENBJTIwMigxKS5jcmyGOGh0dHA6Ly9jb3JwcGtp -L2NybC9NU0lUJTIwTWFjaGluZSUyMEF1dGglMjBDQSUyMDIoMSkuY3JsMIGtBggr -BgEFBQcBAQSBoDCBnTBVBggrBgEFBQcwAoZJaHR0cDovL3d3dy5taWNyb3NvZnQu -Y29tL3BraS9tc2NvcnAvTVNJVCUyME1hY2hpbmUlMjBBdXRoJTIwQ0ElMjAyKDEp -LmNydDBEBggrBgEFBQcwAoY4aHR0cDovL2NvcnBwa2kvYWlhL01TSVQlMjBNYWNo -aW5lJTIwQXV0aCUyMENBJTIwMigxKS5jcnQwPwYJKwYBBAGCNxUHBDIwMAYoKwYB -BAGCNxUIg8+JTa3yAoWhnwyC+sp9geH7dIFPg8LthQiOqdKFYwIBZAIBCjAnBgkr -BgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEB -BQUAA4IBAQBgwMY9qix/FoBY3QBHTNFVf+d6siaBWoQjwBXDQlPXLmowbt97j62Z -N6OogRP2V+ivnBcybucJTJE6zTxrGZ7hNeC9T3v34Q1OMezWiZf+jktNZvqiXctm -Dh774lt5S9X2C+k1e9K8YrnNb8PNeKkX/vVX9MZzn2aQqU34dOg6vVnrq0pBrq/Y -TJcPG4yq3kFR3ONTZb5JgE8EV1G43vW/LNQbEbQUgVtiKRapEs7rSSws6Jj47MUc -on6HgPTtfuJGMNWFTiw7nZTM8mLXsXBMePSgq8PkKPmPkB3KET/OitmePmhk4l+S -eMkNCM6YlrLcDF4fCLSjWYhoktmSJZnW ------END CERTIFICATE----- -""" - - -PEM_OTHER_NAME = """\ ------BEGIN CERTIFICATE----- -MIID/DCCAuSgAwIBAgIJAIS0TSddIw6cMA0GCSqGSIb3DQEBBQUAMGwxFDASBgNV -BAMTC2V4YW1wbGUuY29tMSAwHgYJKoZIhvcNAQkBFhFib2d1c0BleGFtcGxlLmNv -bTEUMBIGA1UEChMLRXhhbXBsZSBJbmMxDzANBgNVBAcTBkJlcmxpbjELMAkGA1UE -BhMCREUwHhcNMTQwMzA2MTYyNTA5WhcNMTUwMzA2MTYyNTA5WjBsMRQwEgYDVQQD -EwtleGFtcGxlLmNvbTEgMB4GCSqGSIb3DQEJARYRYm9ndXNAZXhhbXBsZS5jb20x -FDASBgNVBAoTC0V4YW1wbGUgSW5jMQ8wDQYDVQQHEwZCZXJsaW4xCzAJBgNVBAYT -AkRFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGQUcOc8cAdzSJbk -0eCHA1qBY2XwRG8YQzihgQS8Ey+3j69Xf0mtWOlL6v23v8J1ilA7ERs87Y4nbV/9 -GJVhC/jTMZmrC6ogwtVIl1wL8sTiHaQZ/4pbpx57YW3qCdefLQrZqAMUgAe20z0G -YVU97u5EGXHYahG4TnB3xN6Qd3BGKP7K69Lb7ZOES2Esq533AZxZShseYR4JNYAc -2anag2/DpHw6k8ZaxtWHR4SmxlkCoW5IPK0YypeUY91PFY+dxJQEewtisfALKltE -SYnOTWkc0K9YuLuYVogx0K285wX4/Yha2wyo6KSAm0txJayOhcrEP2/34aWCl62m -xOtPbQIDAQABo4GgMIGdMIGaBgNVHREEgZIwgY+CDSouZXhhbXBsZS5uZXSCC2V4 -YW1wbGUuY29thwTAqAABhxAAEwAAAAAAAAAAAAAAAAAXhhNodHRwOi8vZXhhbXBs -ZS5jb20voCYGCCsGAQUFBwgHoBoWGF94bXBwLWNsaWVudC5leGFtcGxlLm5ldKAc -BggrBgEFBQcIBaAQDA5pbS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEA -ACVQcgEKzXEw0M9mmVFFXL2SyDk/4oaDFZbnNfyUp+H7bnxdVBG2M3DzQQLw5yH5 -k4GNPvHOKshBbaFcZWiG1sdrfQJy/UjIWnaC5410npfBv7kJWafKKxZzMq3gp4rd -jPO2LxuWcYVOnUtA3CBe12tRV7ynGU8KmKOsU9bOWhUKo8DJ4a6XHB+YwXeOTPyU -mG7XBpQebT01I3OijFJ+apKR2ubjwZE8l1+BAlTzHyUmmcTTWTQk8FTFcP3nZuIr -VyudDBMASs4yVGHzQxmMalYYzd7ZDzM1NrgfG1KyKWqZEA0MzUxiYdUbZN79xL52 -EyKUOXPHw78G6zsVmAE1Aw== ------END CERTIFICATE-----""" - -CERT_DNS_ONLY = load_certificate(FILETYPE_PEM, PEM_DNS_ONLY) -CERT_CN_ONLY = load_certificate(FILETYPE_PEM, PEM_CN_ONLY) -CERT_OTHER_NAME = load_certificate(FILETYPE_PEM, PEM_OTHER_NAME) |