Mercurial > public > mercurial-scm > hg-stable
comparison tests/test-url.py @ 53031:e705fec4a03f stable
branching: merging with 7.0 changes
Since 6.9.3 was made after 7.0rc0 we need to deal with more branching than
usual.
| author | Pierre-Yves David <pierre-yves.david@octobus.net> |
|---|---|
| date | Wed, 05 Mar 2025 23:02:19 +0100 |
| parents | f19a3f1437f3 |
| children |
comparison
equal
deleted
inserted
replaced
| 53030:74439d1cbeba | 53031:e705fec4a03f |
|---|---|
| 1 # coding=utf-8 | |
| 2 | |
| 3 import doctest | 1 import doctest |
| 4 import os | 2 import os |
| 5 | 3 |
| 6 | 4 |
| 7 def check(a, b): | 5 def check(a, b): |
| 67 ) | 65 ) |
| 68 check(_verifycert(None, 'example.com'), b'no certificate received') | 66 check(_verifycert(None, 'example.com'), b'no certificate received') |
| 69 | 67 |
| 70 # Unicode (IDN) certname isn't supported | 68 # Unicode (IDN) certname isn't supported |
| 71 check( | 69 check( |
| 72 _verifycert(cert(u'\u4f8b.jp'), 'example.jp'), | 70 _verifycert(cert('\u4f8b.jp'), 'example.jp'), |
| 73 b'IDN in certificate not supported', | 71 b'IDN in certificate not supported', |
| 74 ) | 72 ) |
| 75 | 73 |
| 76 # The following tests are from CPython's test_ssl.py. | 74 # The following tests are from CPython's test_ssl.py. |
| 77 check(_verifycert(cert('example.com'), 'example.com'), None) | 75 check(_verifycert(cert('example.com'), 'example.com'), None) |
| 135 check(_verifycert(cert('a.*.com'), 'a.foo.com'), b'certificate is for a.*.com') | 133 check(_verifycert(cert('a.*.com'), 'a.foo.com'), b'certificate is for a.*.com') |
| 136 check(_verifycert(cert('a.*.com'), 'a..com'), b'certificate is for a.*.com') | 134 check(_verifycert(cert('a.*.com'), 'a..com'), b'certificate is for a.*.com') |
| 137 check(_verifycert(cert('a.*.com'), 'a.com'), b'certificate is for a.*.com') | 135 check(_verifycert(cert('a.*.com'), 'a.com'), b'certificate is for a.*.com') |
| 138 | 136 |
| 139 # wildcard doesn't match IDNA prefix 'xn--' | 137 # wildcard doesn't match IDNA prefix 'xn--' |
| 140 idna = u'püthon.python.org'.encode('idna').decode('ascii') | 138 idna = 'püthon.python.org'.encode('idna').decode('ascii') |
| 141 check(_verifycert(cert(idna), idna), None) | 139 check(_verifycert(cert(idna), idna), None) |
| 142 check( | 140 check( |
| 143 _verifycert(cert('x*.python.org'), idna), | 141 _verifycert(cert('x*.python.org'), idna), |
| 144 b'certificate is for x*.python.org', | 142 b'certificate is for x*.python.org', |
| 145 ) | 143 ) |
| 148 b'certificate is for xn--p*.python.org', | 146 b'certificate is for xn--p*.python.org', |
| 149 ) | 147 ) |
| 150 | 148 |
| 151 # wildcard in first fragment and IDNA A-labels in sequent fragments | 149 # wildcard in first fragment and IDNA A-labels in sequent fragments |
| 152 # are supported. | 150 # are supported. |
| 153 idna = u'www*.pythön.org'.encode('idna').decode('ascii') | 151 idna = 'www*.pythön.org'.encode('idna').decode('ascii') |
| 154 check( | 152 check( |
| 155 _verifycert(cert(idna), u'www.pythön.org'.encode('idna').decode('ascii')), | 153 _verifycert(cert(idna), 'www.pythön.org'.encode('idna').decode('ascii')), |
| 156 None, | 154 None, |
| 157 ) | 155 ) |
| 158 check( | 156 check( |
| 159 _verifycert(cert(idna), u'www1.pythön.org'.encode('idna').decode('ascii')), | 157 _verifycert(cert(idna), 'www1.pythön.org'.encode('idna').decode('ascii')), |
| 160 None, | 158 None, |
| 161 ) | 159 ) |
| 162 check( | 160 check( |
| 163 _verifycert(cert(idna), u'ftp.pythön.org'.encode('idna').decode('ascii')), | 161 _verifycert(cert(idna), 'ftp.pythön.org'.encode('idna').decode('ascii')), |
| 164 b'certificate is for www*.xn--pythn-mua.org', | 162 b'certificate is for www*.xn--pythn-mua.org', |
| 165 ) | 163 ) |
| 166 check( | 164 check( |
| 167 _verifycert(cert(idna), u'pythön.org'.encode('idna').decode('ascii')), | 165 _verifycert(cert(idna), 'pythön.org'.encode('idna').decode('ascii')), |
| 168 b'certificate is for www*.xn--pythn-mua.org', | 166 b'certificate is for www*.xn--pythn-mua.org', |
| 169 ) | 167 ) |
| 170 | 168 |
| 171 c = { | 169 c = { |
| 172 'notAfter': 'Jun 26 21:41:46 2011 GMT', | 170 'notAfter': 'Jun 26 21:41:46 2011 GMT', |
| 173 'subject': (((u'commonName', u'linuxfrz.org'),),), | 171 'subject': ((('commonName', 'linuxfrz.org'),),), |
| 174 'subjectAltName': ( | 172 'subjectAltName': ( |
| 175 ('DNS', 'linuxfr.org'), | 173 ('DNS', 'linuxfr.org'), |
| 176 ('DNS', 'linuxfr.com'), | 174 ('DNS', 'linuxfr.com'), |
| 177 ('othername', '<unsupported>'), | 175 ('othername', '<unsupported>'), |
| 178 ), | 176 ), |
| 192 | 190 |
| 193 # A pristine real-world example | 191 # A pristine real-world example |
| 194 c = { | 192 c = { |
| 195 'notAfter': 'Dec 18 23:59:59 2011 GMT', | 193 'notAfter': 'Dec 18 23:59:59 2011 GMT', |
| 196 'subject': ( | 194 'subject': ( |
| 197 ((u'countryName', u'US'),), | 195 (('countryName', 'US'),), |
| 198 ((u'stateOrProvinceName', u'California'),), | 196 (('stateOrProvinceName', 'California'),), |
| 199 ((u'localityName', u'Mountain View'),), | 197 (('localityName', 'Mountain View'),), |
| 200 ((u'organizationName', u'Google Inc'),), | 198 (('organizationName', 'Google Inc'),), |
| 201 ((u'commonName', u'mail.google.com'),), | 199 (('commonName', 'mail.google.com'),), |
| 202 ), | 200 ), |
| 203 } | 201 } |
| 204 check(_verifycert(c, 'mail.google.com'), None) | 202 check(_verifycert(c, 'mail.google.com'), None) |
| 205 check(_verifycert(c, 'gmail.com'), b'certificate is for mail.google.com') | 203 check(_verifycert(c, 'gmail.com'), b'certificate is for mail.google.com') |
| 206 | 204 |
| 209 | 207 |
| 210 # Neither commonName nor subjectAltName | 208 # Neither commonName nor subjectAltName |
| 211 c = { | 209 c = { |
| 212 'notAfter': 'Dec 18 23:59:59 2011 GMT', | 210 'notAfter': 'Dec 18 23:59:59 2011 GMT', |
| 213 'subject': ( | 211 'subject': ( |
| 214 ((u'countryName', u'US'),), | 212 (('countryName', 'US'),), |
| 215 ((u'stateOrProvinceName', u'California'),), | 213 (('stateOrProvinceName', 'California'),), |
| 216 ((u'localityName', u'Mountain View'),), | 214 (('localityName', 'Mountain View'),), |
| 217 ((u'organizationName', u'Google Inc'),), | 215 (('organizationName', 'Google Inc'),), |
| 218 ), | 216 ), |
| 219 } | 217 } |
| 220 check( | 218 check( |
| 221 _verifycert(c, 'mail.google.com'), | 219 _verifycert(c, 'mail.google.com'), |
| 222 b'no commonName or subjectAltName found in certificate', | 220 b'no commonName or subjectAltName found in certificate', |
| 224 | 222 |
| 225 # No DNS entry in subjectAltName but a commonName | 223 # No DNS entry in subjectAltName but a commonName |
| 226 c = { | 224 c = { |
| 227 'notAfter': 'Dec 18 23:59:59 2099 GMT', | 225 'notAfter': 'Dec 18 23:59:59 2099 GMT', |
| 228 'subject': ( | 226 'subject': ( |
| 229 ((u'countryName', u'US'),), | 227 (('countryName', 'US'),), |
| 230 ((u'stateOrProvinceName', u'California'),), | 228 (('stateOrProvinceName', 'California'),), |
| 231 ((u'localityName', u'Mountain View'),), | 229 (('localityName', 'Mountain View'),), |
| 232 ((u'commonName', u'mail.google.com'),), | 230 (('commonName', 'mail.google.com'),), |
| 233 ), | 231 ), |
| 234 'subjectAltName': (('othername', 'blabla'),), | 232 'subjectAltName': (('othername', 'blabla'),), |
| 235 } | 233 } |
| 236 check(_verifycert(c, 'mail.google.com'), None) | 234 check(_verifycert(c, 'mail.google.com'), None) |
| 237 | 235 |
| 238 # No DNS entry subjectAltName and no commonName | 236 # No DNS entry subjectAltName and no commonName |
| 239 c = { | 237 c = { |
| 240 'notAfter': 'Dec 18 23:59:59 2099 GMT', | 238 'notAfter': 'Dec 18 23:59:59 2099 GMT', |
| 241 'subject': ( | 239 'subject': ( |
| 242 ((u'countryName', u'US'),), | 240 (('countryName', 'US'),), |
| 243 ((u'stateOrProvinceName', u'California'),), | 241 (('stateOrProvinceName', 'California'),), |
| 244 ((u'localityName', u'Mountain View'),), | 242 (('localityName', 'Mountain View'),), |
| 245 ((u'organizationName', u'Google Inc'),), | 243 (('organizationName', 'Google Inc'),), |
| 246 ), | 244 ), |
| 247 'subjectAltName': (('othername', 'blabla'),), | 245 'subjectAltName': (('othername', 'blabla'),), |
| 248 } | 246 } |
| 249 check( | 247 check( |
| 250 _verifycert(c, 'google.com'), | 248 _verifycert(c, 'google.com'), |
| 256 check(_verifycert({}, 'example.com'), b'no certificate received') | 254 check(_verifycert({}, 'example.com'), b'no certificate received') |
| 257 | 255 |
| 258 # avoid denials of service by refusing more than one | 256 # avoid denials of service by refusing more than one |
| 259 # wildcard per fragment. | 257 # wildcard per fragment. |
| 260 check( | 258 check( |
| 261 _verifycert({'subject': (((u'commonName', u'a*b.com'),),)}, 'axxb.com'), | 259 _verifycert({'subject': ((('commonName', 'a*b.com'),),)}, 'axxb.com'), |
| 262 None, | 260 None, |
| 263 ) | 261 ) |
| 264 check( | 262 check( |
| 265 _verifycert({'subject': (((u'commonName', u'a*b.co*'),),)}, 'axxb.com'), | 263 _verifycert({'subject': ((('commonName', 'a*b.co*'),),)}, 'axxb.com'), |
| 266 b'certificate is for a*b.co*', | 264 b'certificate is for a*b.co*', |
| 267 ) | 265 ) |
| 268 check( | 266 check( |
| 269 _verifycert({'subject': (((u'commonName', u'a*b*.com'),),)}, 'axxbxxc.com'), | 267 _verifycert({'subject': ((('commonName', 'a*b*.com'),),)}, 'axxbxxc.com'), |
| 270 b'too many wildcards in certificate DNS name: a*b*.com', | 268 b'too many wildcards in certificate DNS name: a*b*.com', |
| 271 ) | 269 ) |
| 272 | 270 |
| 273 | 271 |
| 274 def test_url(): | 272 def test_url(): |