Your IP : 216.73.216.52

Current Path : /snap/certbot/current/lib64/python3.12/site-packages/certbot/_internal/tests/
Upload File :
Current File : //snap/certbot/current/lib64/python3.12/site-packages/certbot/_internal/tests/san_test.py

"""Tests for the san module"""
import ipaddress
from datetime import datetime

import pytest
import unittest

from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec

from certbot._internal import san

class SanTest(unittest.TestCase):
    def test_str(self) -> None:
        assert str(san.DNSName("example.com")) == "example.com"
        assert str(san.IPAddress("192.168.1.1")) == "192.168.1.1"

    def test_hash(self) -> None:
        assert hash(san.DNSName("example.com")) == hash(san.DNSName("example.com"))
        assert hash(san.DNSName("EXAMPLE.COM.")) == hash(san.DNSName("example.com"))
        assert hash(san.IPAddress("192.168.1.1")) == hash(san.IPAddress("192.168.1.1"))

    def test_repr(self) -> None:
        assert repr(san.DNSName("example.com")) == "DNS(example.com)"
        assert repr(san.IPAddress("192.168.1.1")) == "IP(192.168.1.1)"

    def test_eq(self) -> None:
        with pytest.raises(TypeError):
            san.DNSName("example.com") == "example.com" # pylint: disable=expression-not-assigned
        with pytest.raises(TypeError):
            "example.com" == san.DNSName("example.com") # pylint: disable=expression-not-assigned
        with pytest.raises(TypeError):
            san.IPAddress("192.168.1.1") == "192.168.1.1" # pylint: disable=expression-not-assigned
        with pytest.raises(TypeError):
            "192.168.1.1" == san.IPAddress("192.168.1.1") # pylint: disable=expression-not-assigned
        assert san.DNSName("example.com") == san.DNSName("example.com")
        assert san.DNSName("Example.com") == san.DNSName("example.com")
        assert san.DNSName("example.com") == san.DNSName("Example.com")
        assert san.DNSName("EXAMPLE.COM") == san.DNSName("Example.com")
        assert san.DNSName("EXAMPLE.COM.") == san.DNSName("example.com")

    def test_is_wildcard(self) -> None:
        assert not san.DNSName("example.com").is_wildcard()
        assert not san.DNSName("example.*.com").is_wildcard()
        assert san.DNSName("*.example.com").is_wildcard()
        assert not san.IPAddress("192.168.1.1").is_wildcard()

    def test_split(self) -> None:
        assert san.split([]) == ([], [])
        assert san.split([san.IPAddress("192.168.1.1")]) == ([], [san.IPAddress("192.168.1.1")])
        assert san.split([san.DNSName("example.com")]) == ([san.DNSName("example.com")], [])
        assert san.split([san.DNSName("example.com"), san.IPAddress("192.168.1.1"),
                          san.DNSName("example.org"), san.IPAddress("192.168.1.2")]) == (
                          [san.DNSName("example.com"), san.DNSName("example.org")],
                          [san.IPAddress("192.168.1.1"), san.IPAddress("192.168.1.2")])

    def test_display(self) -> None:
        assert san.display([san.DNSName("example.com")]) == "example.com"
        assert san.display([san.DNSName("example.com"), san.IPAddress("192.168.1.1")]) \
            == "example.com, 192.168.1.1"

    def test_ip_address(self) -> None:
        with pytest.raises(ValueError):
            san.IPAddress("example.com")

class FromX509Test(unittest.TestCase):
    def test_csr(self) -> None:
        key = ec.generate_private_key(ec.SECP256R1())
        csr = (
            x509.CertificateSigningRequestBuilder()
            .subject_name(x509.Name([]))
            .add_extension(
                x509.SubjectAlternativeName(
                    [x509.DNSName("example.com"),
                     x509.IPAddress(ipaddress.ip_address("192.168.1.1"))]
                ),
                critical=False,
            )
        ).sign(key, hashes.SHA256())
        result = san.from_x509(csr.subject, csr.extensions)
        assert result == (
            [san.DNSName("example.com")],
            [san.IPAddress("192.168.1.1")],
        )

    def test_cert(self) -> None:
        key = ec.generate_private_key(ec.SECP256R1())
        cert = (
            x509.CertificateBuilder()
            .serial_number(x509.random_serial_number())
            .not_valid_before(datetime.now())
            .not_valid_after(datetime.now())
            .subject_name(x509.Name([]))
            .issuer_name(x509.Name([]))
            .public_key(key.public_key())
            .add_extension(
                x509.SubjectAlternativeName(
                    [x509.DNSName("example.com"),
                     x509.IPAddress(ipaddress.ip_address("192.168.1.1"))]
                ),
                critical=False,
            )
        ).sign(key, hashes.SHA256())
        result = san.from_x509(cert.subject, cert.extensions)
        assert result == (
            [san.DNSName("example.com")],
            [san.IPAddress("192.168.1.1")],
        )

    def test_cn(self) -> None:
        key = ec.generate_private_key(ec.SECP256R1())
        csr = (
            x509.CertificateSigningRequestBuilder()
            .subject_name(x509.Name([
                x509.NameAttribute(NameOID.COMMON_NAME, "common.example"),
            ]))
            .add_extension(
                x509.SubjectAlternativeName(
                    [x509.DNSName("example.com"),
                     x509.IPAddress(ipaddress.ip_address("192.168.1.1"))]
                ),
                critical=False,
            )
        ).sign(key, hashes.SHA256())
        result = san.from_x509(csr.subject, csr.extensions)
        assert result == (
            [san.DNSName("common.example"), san.DNSName("example.com")],
            [san.IPAddress("192.168.1.1")],
        )

    def test_cn_duplicate(self) -> None:
        key = ec.generate_private_key(ec.SECP256R1())
        csr = (
            x509.CertificateSigningRequestBuilder()
            .subject_name(x509.Name([
                x509.NameAttribute(NameOID.COMMON_NAME, "example.com"),
            ]))
            .add_extension(
                x509.SubjectAlternativeName(
                    [x509.DNSName("example.com"),
                     x509.IPAddress(ipaddress.ip_address("192.168.1.1"))]
                ),
                critical=False,
            )
        ).sign(key, hashes.SHA256())
        result = san.from_x509(csr.subject, csr.extensions)
        assert result == (
            [san.DNSName("example.com")],
            [san.IPAddress("192.168.1.1")],
        )