hg-stable: comparison tests/test-url.py

equal deleted inserted replaced

-:57875cf423c9
+:2372284d9457
 # coding=utf-8
 from __future__ import absolute_import, print_function
 import doctest
 import os
 def check(a, b):
 if a != b:
 print((a, b))
 def cert(cn):
 return {'subject': ((('commonName', cn),),)}
-from mercurial import (
-sslutil,
+from mercurial import sslutil
-)
 _verifycert = sslutil._verifycert
 # Test non-wildcard certificates
-check(_verifycert(cert('example.com'), 'example.com'),
+check(_verifycert(cert('example.com'), 'example.com'), None)
-None)
+check(
-check(_verifycert(cert('example.com'), 'www.example.com'),
+_verifycert(cert('example.com'), 'www.example.com'),
-b'certificate is for example.com')
+b'certificate is for example.com',
-check(_verifycert(cert('www.example.com'), 'example.com'),
+)
-b'certificate is for www.example.com')
+check(
+_verifycert(cert('www.example.com'), 'example.com'),
+b'certificate is for www.example.com',
+)
 # Test wildcard certificates
-check(_verifycert(cert('*.example.com'), 'www.example.com'),
+check(_verifycert(cert('*.example.com'), 'www.example.com'), None)
-None)
+check(
-check(_verifycert(cert('*.example.com'), 'example.com'),
+_verifycert(cert('*.example.com'), 'example.com'),
-b'certificate is for *.example.com')
+b'certificate is for *.example.com',
-check(_verifycert(cert('*.example.com'), 'w.w.example.com'),
+)
-b'certificate is for *.example.com')
+check(
+_verifycert(cert('*.example.com'), 'w.w.example.com'),
+b'certificate is for *.example.com',
+)
 # Test subjectAltName
-san_cert = {'subject': ((('commonName', 'example.com'),),),
+san_cert = {
-'subjectAltName': (('DNS', '*.example.net'),
+'subject': ((('commonName', 'example.com'),),),
-('DNS', 'example.net'))}
+'subjectAltName': (('DNS', '*.example.net'), ('DNS', 'example.net')),
-check(_verifycert(san_cert, 'example.net'),
+}
-None)
+check(_verifycert(san_cert, 'example.net'), None)
-check(_verifycert(san_cert, 'foo.example.net'),
+check(_verifycert(san_cert, 'foo.example.net'), None)
-None)
 # no fallback to subject commonName when subjectAltName has DNS
-check(_verifycert(san_cert, 'example.com'),
+check(
-b'certificate is for *.example.net, example.net')
+_verifycert(san_cert, 'example.com'),
+b'certificate is for *.example.net, example.net',
+)
 # fallback to subject commonName when no DNS in subjectAltName
-san_cert = {'subject': ((('commonName', 'example.com'),),),
+san_cert = {
-'subjectAltName': (('IP Address', '8.8.8.8'),)}
+'subject': ((('commonName', 'example.com'),),),
+'subjectAltName': (('IP Address', '8.8.8.8'),),
+}
 check(_verifycert(san_cert, 'example.com'), None)
 # Avoid some pitfalls
-check(_verifycert(cert('*.foo'), 'foo'),
+check(_verifycert(cert('*.foo'), 'foo'), b'certificate is for *.foo')
-b'certificate is for *.foo')
 check(_verifycert(cert('*o'), 'foo'), None)
-check(_verifycert({'subject': ()},
+check(
-'example.com'),
+_verifycert({'subject': ()}, 'example.com'),
-b'no commonName or subjectAltName found in certificate')
+b'no commonName or subjectAltName found in certificate',
-check(_verifycert(None, 'example.com'),
+)
-b'no certificate received')
+check(_verifycert(None, 'example.com'), b'no certificate received')
 # Unicode (IDN) certname isn't supported
-check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'),
+check(
-b'IDN in certificate not supported')
+_verifycert(cert(u'\u4f8b.jp'), 'example.jp'),
+b'IDN in certificate not supported',
+)
 # The following tests are from CPython's test_ssl.py.
 check(_verifycert(cert('example.com'), 'example.com'), None)
 check(_verifycert(cert('example.com'), 'ExAmple.cOm'), None)
-check(_verifycert(cert('example.com'), 'www.example.com'),
+check(
-b'certificate is for example.com')
+_verifycert(cert('example.com'), 'www.example.com'),
-check(_verifycert(cert('example.com'), '.example.com'),
+b'certificate is for example.com',
-b'certificate is for example.com')
+)
-check(_verifycert(cert('example.com'), 'example.org'),
+check(
-b'certificate is for example.com')
+_verifycert(cert('example.com'), '.example.com'),
-check(_verifycert(cert('example.com'), 'exampleXcom'),
+b'certificate is for example.com',
-b'certificate is for example.com')
+)
+check(
+_verifycert(cert('example.com'), 'example.org'),
+b'certificate is for example.com',
+)
+check(
+_verifycert(cert('example.com'), 'exampleXcom'),
+b'certificate is for example.com',
+)
 check(_verifycert(cert('*.a.com'), 'foo.a.com'), None)
-check(_verifycert(cert('*.a.com'), 'bar.foo.a.com'),
+check(
-b'certificate is for *.a.com')
+_verifycert(cert('*.a.com'), 'bar.foo.a.com'), b'certificate is for *.a.com'
-check(_verifycert(cert('*.a.com'), 'a.com'),
+)
-b'certificate is for *.a.com')
+check(_verifycert(cert('*.a.com'), 'a.com'), b'certificate is for *.a.com')
-check(_verifycert(cert('*.a.com'), 'Xa.com'),
+check(_verifycert(cert('*.a.com'), 'Xa.com'), b'certificate is for *.a.com')
-b'certificate is for *.a.com')
+check(_verifycert(cert('*.a.com'), '.a.com'), b'certificate is for *.a.com')
-check(_verifycert(cert('*.a.com'), '.a.com'),
-b'certificate is for *.a.com')
 # only match one left-most wildcard
 check(_verifycert(cert('f*.com'), 'foo.com'), None)
 check(_verifycert(cert('f*.com'), 'f.com'), None)
-check(_verifycert(cert('f*.com'), 'bar.com'),
+check(_verifycert(cert('f*.com'), 'bar.com'), b'certificate is for f*.com')
-b'certificate is for f*.com')
+check(_verifycert(cert('f*.com'), 'foo.a.com'), b'certificate is for f*.com')
-check(_verifycert(cert('f*.com'), 'foo.a.com'),
+check(_verifycert(cert('f*.com'), 'bar.foo.com'), b'certificate is for f*.com')
-b'certificate is for f*.com')
-check(_verifycert(cert('f*.com'), 'bar.foo.com'),
-b'certificate is for f*.com')
 # NULL bytes are bad, CVE-2013-4073
-check(_verifycert(cert('null.python.org\x00example.org'),
+check(
-'null.python.org\x00example.org'), None)
+_verifycert(
-check(_verifycert(cert('null.python.org\x00example.org'),
+cert('null.python.org\x00example.org'), 'null.python.org\x00example.org'
-'example.org'),
+),
-b'certificate is for null.python.org\x00example.org')
+None,
-check(_verifycert(cert('null.python.org\x00example.org'),
+)
-'null.python.org'),
+check(
-b'certificate is for null.python.org\x00example.org')
+_verifycert(cert('null.python.org\x00example.org'), 'example.org'),
+b'certificate is for null.python.org\x00example.org',
+)
+check(
+_verifycert(cert('null.python.org\x00example.org'), 'null.python.org'),
+b'certificate is for null.python.org\x00example.org',
+)
 # error cases with wildcards
-check(_verifycert(cert('*.*.a.com'), 'bar.foo.a.com'),
+check(
-b'certificate is for *.*.a.com')
+_verifycert(cert('*.*.a.com'), 'bar.foo.a.com'),
-check(_verifycert(cert('*.*.a.com'), 'a.com'),
+b'certificate is for *.*.a.com',
-b'certificate is for *.*.a.com')
+)
-check(_verifycert(cert('*.*.a.com'), 'Xa.com'),
+check(_verifycert(cert('*.*.a.com'), 'a.com'), b'certificate is for *.*.a.com')
-b'certificate is for *.*.a.com')
+check(_verifycert(cert('*.*.a.com'), 'Xa.com'), b'certificate is for *.*.a.com')
-check(_verifycert(cert('*.*.a.com'), '.a.com'),
+check(_verifycert(cert('*.*.a.com'), '.a.com'), b'certificate is for *.*.a.com')
-b'certificate is for *.*.a.com')
+check(_verifycert(cert('a.*.com'), 'a.foo.com'), b'certificate is for a.*.com')
-check(_verifycert(cert('a.*.com'), 'a.foo.com'),
+check(_verifycert(cert('a.*.com'), 'a..com'), b'certificate is for a.*.com')
-b'certificate is for a.*.com')
+check(_verifycert(cert('a.*.com'), 'a.com'), b'certificate is for a.*.com')
-check(_verifycert(cert('a.*.com'), 'a..com'),
-b'certificate is for a.*.com')
-check(_verifycert(cert('a.*.com'), 'a.com'),
-b'certificate is for a.*.com')
 # wildcard doesn't match IDNA prefix 'xn--'
 idna = u'püthon.python.org'.encode('idna').decode('ascii')
 check(_verifycert(cert(idna), idna), None)
-check(_verifycert(cert('x*.python.org'), idna),
+check(
-b'certificate is for x*.python.org')
+_verifycert(cert('x*.python.org'), idna),
-check(_verifycert(cert('xn--p*.python.org'), idna),
+b'certificate is for x*.python.org',
-b'certificate is for xn--p*.python.org')
+)
+check(
+_verifycert(cert('xn--p*.python.org'), idna),
+b'certificate is for xn--p*.python.org',
+)
 # wildcard in first fragment and  IDNA A-labels in sequent fragments
 # are supported.
 idna = u'www*.pythön.org'.encode('idna').decode('ascii')
-check(_verifycert(cert(idna),
+check(
-u'www.pythön.org'.encode('idna').decode('ascii')),
+_verifycert(cert(idna), u'www.pythön.org'.encode('idna').decode('ascii')),
-None)
+None,
-check(_verifycert(cert(idna),
+)
-u'www1.pythön.org'.encode('idna').decode('ascii')),
+check(
-None)
+_verifycert(cert(idna), u'www1.pythön.org'.encode('idna').decode('ascii')),
-check(_verifycert(cert(idna),
+None,
-u'ftp.pythön.org'.encode('idna').decode('ascii')),
+)
-b'certificate is for www*.xn--pythn-mua.org')
+check(
-check(_verifycert(cert(idna),
+_verifycert(cert(idna), u'ftp.pythön.org'.encode('idna').decode('ascii')),
-u'pythön.org'.encode('idna').decode('ascii')),
+b'certificate is for www*.xn--pythn-mua.org',
-b'certificate is for www*.xn--pythn-mua.org')
+)
+check(
+_verifycert(cert(idna), u'pythön.org'.encode('idna').decode('ascii')),
+b'certificate is for www*.xn--pythn-mua.org',
+)
 c = {
 'notAfter': 'Jun 26 21:41:46 2011 GMT',
 'subject': (((u'commonName', u'linuxfrz.org'),),),
 'subjectAltName': (
 ('DNS', 'linuxfr.org'),
 ('DNS', 'linuxfr.com'),
 ('othername', '<unsupported>'),
-)
+),
 }
 check(_verifycert(c, 'linuxfr.org'), None)
 check(_verifycert(c, 'linuxfr.com'), None)
 # Not a "DNS" entry
-check(_verifycert(c, '<unsupported>'),
+check(
-b'certificate is for linuxfr.org, linuxfr.com')
+_verifycert(c, '<unsupported>'),
+b'certificate is for linuxfr.org, linuxfr.com',
+)
 # When there is a subjectAltName, commonName isn't used
-check(_verifycert(c, 'linuxfrz.org'),
+check(
-b'certificate is for linuxfr.org, linuxfr.com')
+_verifycert(c, 'linuxfrz.org'),
+b'certificate is for linuxfr.org, linuxfr.com',
+)
 # A pristine real-world example
 c = {
 'notAfter': 'Dec 18 23:59:59 2011 GMT',
 'subject': (
 ((u'stateOrProvinceName', u'California'),),
 ((u'localityName', u'Mountain View'),),
 ((u'organizationName', u'Google Inc'),),
 ),
 }
-check(_verifycert(c, 'mail.google.com'),
+check(
-b'no commonName or subjectAltName found in certificate')
+_verifycert(c, 'mail.google.com'),
+b'no commonName or subjectAltName found in certificate',
+)
 # No DNS entry in subjectAltName but a commonName
 c = {
 'notAfter': 'Dec 18 23:59:59 2099 GMT',
 'subject': (
 ((u'localityName', u'Mountain View'),),
 ((u'organizationName', u'Google Inc'),),
 ),
 'subjectAltName': (('othername', 'blabla'),),
 }
-check(_verifycert(c, 'google.com'),
+check(
-b'no commonName or subjectAltName found in certificate')
+_verifycert(c, 'google.com'),
+b'no commonName or subjectAltName found in certificate',
+)
 # Empty cert / no cert
 check(_verifycert(None, 'example.com'), b'no certificate received')
 check(_verifycert({}, 'example.com'), b'no certificate received')
 # avoid denials of service by refusing more than one
 # wildcard per fragment.
-check(_verifycert({'subject': (((u'commonName', u'a*b.com'),),)},
+check(
-'axxb.com'), None)
+_verifycert({'subject': (((u'commonName', u'a*b.com'),),)}, 'axxb.com'),
-check(_verifycert({'subject': (((u'commonName', u'a*b.co*'),),)},
+None,
-'axxb.com'), b'certificate is for a*b.co*')
+)
-check(_verifycert({'subject': (((u'commonName', u'a*b*.com'),),)},
+check(
-'axxbxxc.com'),
+_verifycert({'subject': (((u'commonName', u'a*b.co*'),),)}, 'axxb.com'),
-b'too many wildcards in certificate DNS name: a*b*.com')
+b'certificate is for a*b.co*',
+)
+check(
+_verifycert({'subject': (((u'commonName', u'a*b*.com'),),)}, 'axxbxxc.com'),
+b'too many wildcards in certificate DNS name: a*b*.com',
+)
 def test_url():
 """
 >>> from mercurial import error, pycompat
 >>> from mercurial.util import url
 'file:foo/bar/baz'
 >>> pycompat.bytestr(u.localpath())
 'foo/bar/baz'
 """
 if 'TERM' in os.environ:
 del os.environ['TERM']
 doctest.testmod(optionflags=doctest.NORMALIZE_WHITESPACE)

changeset 43076	2372284d9457
parent 37999	d088810c496e
child 45682	d2e1dcd4490d