diff options
Diffstat (limited to 'tests/test_pyopenssl.py')
-rw-r--r-- | tests/test_pyopenssl.py | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/tests/test_pyopenssl.py b/tests/test_pyopenssl.py new file mode 100644 index 0000000..61d480a --- /dev/null +++ b/tests/test_pyopenssl.py @@ -0,0 +1,54 @@ +from __future__ import absolute_import, division, print_function + +import pytest + +from service_identity._common import DNSPattern, URIPattern +from service_identity import SubjectAltNameWarning +from service_identity.pyopenssl import extract_ids, verify_hostname + +from .util import CERT_CN_ONLY, CERT_DNS_ONLY, CERT_OTHER_NAME + + +class TestVerifyHostname(object): + def test_verify_hostname(self): + """ + It's just a convenience one-liner. Let's check it doesn't explode b/c + of some typo. + """ + class FakeConnection(object): + def get_peer_certificate(self): + return CERT_DNS_ONLY + + verify_hostname(FakeConnection(), u"twistedmatrix.com") + + +class TestExtractIDs(object): + def test_dns(self): + """ + Returns the correct DNSPattern from a certificate. + """ + rv = extract_ids(CERT_DNS_ONLY) + assert [ + DNSPattern(b"www.twistedmatrix.com"), + DNSPattern(b"twistedmatrix.com") + ] == rv + + def test_cn_ids_are_used_as_fallback(self): + """ + CNs are returned as DNSPattern if no other IDs are present + and a warning is raised. + """ + with pytest.warns(SubjectAltNameWarning): + rv = extract_ids(CERT_CN_ONLY) + assert [ + DNSPattern(b"www.microsoft.com") + ] == rv + + def test_uri(self): + """ + Returns the correct URIPattern from a certificate. + """ + rv = extract_ids(CERT_OTHER_NAME) + assert [ + URIPattern(b"http://example.com/") + ] == [id for id in rv if isinstance(id, URIPattern)] |