2 |
2 |
3 def check(a, b): |
3 def check(a, b): |
4 if a != b: |
4 if a != b: |
5 print (a, b) |
5 print (a, b) |
6 |
6 |
|
7 def cert(cn): |
|
8 return dict(subject=((('commonName', cn),),)) |
|
9 |
7 from mercurial.url import _verifycert |
10 from mercurial.url import _verifycert |
8 |
11 |
9 # Test non-wildcard certificates |
12 # Test non-wildcard certificates |
10 check(_verifycert({'subject': ((('commonName', 'example.com'),),)}, 'example.com'), |
13 check(_verifycert(cert('example.com'), 'example.com'), |
11 None) |
14 None) |
12 check(_verifycert({'subject': ((('commonName', 'example.com'),),)}, 'www.example.com'), |
15 check(_verifycert(cert('example.com'), 'www.example.com'), |
13 'certificate is for example.com') |
16 'certificate is for example.com') |
14 check(_verifycert({'subject': ((('commonName', 'www.example.com'),),)}, 'example.com'), |
17 check(_verifycert(cert('www.example.com'), 'example.com'), |
15 'certificate is for www.example.com') |
18 'certificate is for www.example.com') |
16 |
19 |
17 # Test wildcard certificates |
20 # Test wildcard certificates |
18 check(_verifycert({'subject': ((('commonName', '*.example.com'),),)}, 'www.example.com'), |
21 check(_verifycert(cert('*.example.com'), 'www.example.com'), |
19 None) |
22 None) |
20 check(_verifycert({'subject': ((('commonName', '*.example.com'),),)}, 'example.com'), |
23 check(_verifycert(cert('*.example.com'), 'example.com'), |
21 'certificate is for *.example.com') |
24 'certificate is for *.example.com') |
22 check(_verifycert({'subject': ((('commonName', '*.example.com'),),)}, 'w.w.example.com'), |
25 check(_verifycert(cert('*.example.com'), 'w.w.example.com'), |
23 'certificate is for *.example.com') |
26 'certificate is for *.example.com') |
24 |
27 |
25 # Avoid some pitfalls |
28 # Avoid some pitfalls |
26 check(_verifycert({'subject': ((('commonName', '*.foo'),),)}, 'foo'), |
29 check(_verifycert(cert('*.foo'), 'foo'), |
27 'certificate is for *.foo') |
30 'certificate is for *.foo') |
28 check(_verifycert({'subject': ((('commonName', '*o'),),)}, 'foo'), |
31 check(_verifycert(cert('*o'), 'foo'), |
29 'certificate is for *o') |
32 'certificate is for *o') |
30 |
33 |
31 import time |
34 import time |
32 lastyear = time.gmtime().tm_year - 1 |
35 lastyear = time.gmtime().tm_year - 1 |
33 nextyear = time.gmtime().tm_year + 1 |
36 nextyear = time.gmtime().tm_year + 1 |
34 check(_verifycert({'notAfter': 'May 9 00:00:00 %s GMT' % lastyear}, 'example.com'), |
37 check(_verifycert({'notAfter': 'May 9 00:00:00 %s GMT' % lastyear}, |
35 'certificate expired May 9 00:00:00 %s GMT' % lastyear) |
38 'example.com'), |
36 check(_verifycert({'notBefore': 'May 9 00:00:00 %s GMT' % nextyear}, 'example.com'), |
39 'certificate expired May 9 00:00:00 %s GMT' % lastyear) |
37 'certificate not valid before May 9 00:00:00 %s GMT' % nextyear) |
40 check(_verifycert({'notBefore': 'May 9 00:00:00 %s GMT' % nextyear}, |
38 check(_verifycert({'notAfter': 'Sep 29 15:29:48 %s GMT' % nextyear, 'subject': ()}, 'example.com'), |
41 'example.com'), |
39 'no commonName found in certificate') |
42 'certificate not valid before May 9 00:00:00 %s GMT' % nextyear) |
|
43 check(_verifycert({'notAfter': 'Sep 29 15:29:48 %s GMT' % nextyear, |
|
44 'subject': ()}, |
|
45 'example.com'), |
|
46 'no commonName found in certificate') |
40 check(_verifycert(None, 'example.com'), |
47 check(_verifycert(None, 'example.com'), |
41 'no certificate received') |
48 'no certificate received') |