U ÝÁ]µ5ã@sLdZddlZddlZddlZddlZddlZddlmm Z ddl m Z ddl m Z ddl m Z ddlmZddlmZe  d¡Ze  d¡Ze  d ¡Ze  d ¡Ze  d ¡Ze  d ¡Ze  d ¡Ze  d ¡Ze  d ¡Ze  d¡Ze  d¡ZGdd„de jƒZGdd„de jƒZ Gdd„dej!ƒZ"Gdd„dej!ƒZ#Gdd„dej!ƒZ$Gdd„dej!ƒZ%Gdd„dej!ƒZ&Gdd„de&ƒZ'Gdd „d e&ƒZ(Gd!d"„d"e&ƒZ)Gd#d$„d$e&ƒZ*Gd%d&„d&ej!ƒZ+Gd'd(„d(ej!ƒZ,Gd)d*„d*ej!ƒZ-Gd+d,„d,ej!ƒZ.Gd-d.„d.ej!ƒZ/Gd/d0„d0ej!ƒZ0Gd1d2„d2ej!ƒZ1Gd3d4„d4ej!ƒZ2e3d5krHe 4¡dS)6zTests for certbot.crypto_util.éN)Úerrors)Ú interfaces)Úutil)Úos)Ú filesystemzrsa256_key.pemzrsa512_key.pemzrsa2048_key.pemú cert_512.pemz cert_2048.pemznistp256_key.pemzcert-nosans_nistp256.pemcs\eZdZdZ‡fdd„Z‡fdd„Zedd„ƒZe  d¡d d „ƒZ e  d¡d d „ƒZ ‡Z S) ÚInitSaveKeyTestz,Tests for certbot.crypto_util.init_save_key.csXtt|ƒ ¡tj |jd¡|_tj |jddt   t j ¡t j tjddtj¡dS)NÚworkdiriÀ)ÚmodeT©Zstrict_permissions)ÚsuperrÚsetUprÚpathÚjoinÚtempdirr rÚmkdirÚloggingÚdisableZCRITICALÚzopeÚ componentÚprovideUtilityÚmockÚMockrÚIConfig©Úself©Ú __class__©ú@/usr/lib/python3/dist-packages/certbot/tests/crypto_util_test.pyr s  ÿzInitSaveKeyTest.setUpcstt|ƒ ¡t tj¡dS©N)r rÚtearDownrrZNOTSETrrrrr!(szInitSaveKeyTest.tearDowncCsddlm}|||dƒS)Nr)Ú init_save_keyúkey-certbot.pem)Úcertbot.crypto_utilr")ÚclsZkey_sizeZkey_dirr"rrrÚ_call-s zInitSaveKeyTest._callzcertbot.crypto_util.make_keycCsVd|_| d|j¡}| |jd¡| d|jk¡| tj  tj  |j|j¡¡¡dS)Nskey_pemér#) Ú return_valuer&r Ú assertEqualÚpemÚ assertTrueÚfilerrÚexistsr)rÚ mock_makeÚkeyrrrÚ test_success2s zInitSaveKeyTest.test_successcCst|_| t|jd|j¡dS)Ni¯)Ú ValueErrorÚ side_effectÚ assertRaisesr&r )rr.rrrÚtest_key_failure:sz InitSaveKeyTest.test_key_failure) Ú__name__Ú __module__Ú __qualname__Ú__doc__r r!Ú classmethodr&rÚpatchr0r4Ú __classcell__rrrrrs   rcs<eZdZdZ‡fdd„Ze d¡e d¡dd„ƒƒZ‡ZS)ÚInitSaveCSRTestz,Tests for certbot.crypto_util.init_save_csr.cs*tt|ƒ ¡tj tjddtj ¡dS)NTr ) r r<r rrrrrrrrrrrr Cs  ÿzInitSaveCSRTest.setUpzacme.crypto_util.make_csrz+certbot.crypto_util.util.make_or_verify_dircCsJddlm}d|_|tjddd|jƒ}| |jd¡| d|j k¡dS)Nr)Ú init_save_csrscsr_pemZ dummy_key)r*ú example.comzcsr-certbot.pem) r$r=r(rrrr)Údatar+r,)rZunused_mock_verifyZmock_csrr=ÚcsrrrrÚtest_itIs  ÿzInitSaveCSRTest.test_it) r5r6r7r8r rr:rAr;rrrrr<@s  r<c@sDeZdZdZedd„ƒZdd„Zdd„Zdd „Zd d „Z d d „Z dS)Ú ValidCSRTestz(Tests for certbot.crypto_util.valid_csr.cCsddlm}||ƒS)Nr)Ú valid_csr)r$rC)r%r@rCrrrr&Zs zValidCSRTest._callcCs| | t d¡¡¡dS©Nú csr_512.pem©r+r&Ú test_utilÚ load_vectorrrrrÚtest_valid_pem_true_sz ValidCSRTest.test_valid_pem_truecCs| | t d¡¡¡dS)Nzcsr-san_512.pemrFrrrrÚtest_valid_pem_san_truebsz$ValidCSRTest.test_valid_pem_san_truecCs| | t d¡¡¡dS)Nú csr_512.der)Ú assertFalser&rGrHrrrrÚtest_valid_der_falseesz!ValidCSRTest.test_valid_der_falsecCs| | d¡¡dS©NÚ©rLr&rrrrÚtest_empty_falsehszValidCSRTest.test_empty_falsecCs| | d¡¡dS©Nzfoo barrPrrrrÚtest_random_falsekszValidCSRTest.test_random_falseN) r5r6r7r8r9r&rIrJrMrQrSrrrrrBWs rBc@s,eZdZdZedd„ƒZdd„Zdd„ZdS) ÚCSRMatchesPubkeyTestz1Tests for certbot.crypto_util.csr_matches_pubkey.cOsddlm}|||ŽS)Nr)Úcsr_matches_pubkey)r$rU)r%ÚargsÚkwargsrUrrrr&rs zCSRMatchesPubkeyTest._callcCs| | t d¡t¡¡dSrD)r+r&rGrHÚ RSA512_KEYrrrrÚtest_valid_truewsÿz$CSRMatchesPubkeyTest.test_valid_truecCs| | t d¡t¡¡dSrD)rLr&rGrHÚ RSA256_KEYrrrrÚtest_invalid_false{sÿz'CSRMatchesPubkeyTest.test_invalid_falseN)r5r6r7r8r9r&rYr[rrrrrTos  rTc@s4eZdZdZedd„ƒZdd„Zdd„Zdd „Zd S) ÚImportCSRFileTestz/Tests for certbot.certbot_util.import_csr_file.cOsddlm}|||ŽS)Nr)Úimport_csr_file)r$r])r%rVrWr]rrrr&ƒs zImportCSRFileTest._callcCsNt d¡}t d¡}t d¡}| tjjtj||dddgf|  ||¡¡dS)NrKrEr*©r,r?Zformú Example.com© rGÚ vector_pathrHr)ÚOpenSSLÚcryptoÚ FILETYPE_PEMrZCSRr&)rÚcsrfiler?Zdata_pemrrrÚ test_der_csrˆs   þü úzImportCSRFileTest.test_der_csrcCsDt d¡}t d¡}| tjjtj||dddgf|  ||¡¡dS)NrEr*r^r_r`)rrer?rrrÚ test_pem_csr•s  þü úzImportCSRFileTest.test_pem_csrcCs$| tj|jt d¡t d¡¡dS©Nr)r3rÚErrorr&rGrarHrrrrÚ test_bad_csr¡s þzImportCSRFileTest.test_bad_csrN) r5r6r7r8r9r&rfrgrjrrrrr\€s    r\c@seZdZdZdd„ZdS)Ú MakeKeyTestz'Tests for certbot.crypto_util.make_key.cCs&ddlm}tj tjj|dƒ¡dS)Nr)Úmake_keyr')r$rlrbrcZload_privatekeyrd)rrlrrrrAªs  ÿzMakeKeyTest.test_itN)r5r6r7r8rArrrrrk§srkcs eZdZdZ‡fdd„Z‡ZS)ÚVerifyCertSetupz#Refactoring for verification tests.csdtt|ƒ ¡t ¡|_t|j_t|j_t |j_ t   d¡|j_ t ¡|_t|j_t|j_t|j_ dS)Nzcert_fullchain_2048.pem)r rmr rÚ MagicMockÚrenewable_certÚ SS_CERT_PATHÚcertÚchainÚRSA2048_KEY_PATHÚprivkeyrGraÚ fullchainÚbad_renewable_certrrrrr ´s  zVerifyCertSetup.setUp)r5r6r7r8r r;rrrrrm±srmc@s<eZdZdZdd„Zdd„Zejde  d¡dd d „ƒZ d S) ÚVerifyRenewableCertTestú4Tests for certbot.crypto_util.verify_renewable_cert.cCsddlm}||ƒS)Nr)Úverify_renewable_cert)r$ry)rroryrrrr&Æs zVerifyRenewableCertTest._callcCs| d| |j¡¡dSr ©r)r&rorrrrÚtest_verify_renewable_certÊsz2VerifyRenewableCertTest.test_verify_renewable_certz-certbot.crypto_util.verify_renewable_cert_sigrO)r2cCs| tj|j|j¡dSr ©r3rrir&rv)rZ!unused_verify_renewable_cert_signrrrÚ"test_verify_renewable_cert_failureÍsz:VerifyRenewableCertTest.test_verify_renewable_cert_failureN) r5r6r7r8r&r{rr:rrir}rrrrrwÃs rwc@s0eZdZdZdd„Zdd„Zdd„Zdd „Zd S) ÚVerifyRenewableCertSigTestrxcCsddlm}||ƒS)Nr)Úverify_renewable_cert_sig)r$r)rrorrrrr&Õs z VerifyRenewableCertSigTest._callcCs| d| |j¡¡dSr rzrrrrÚtest_cert_sig_matchÙsz.VerifyRenewableCertSigTest.test_cert_sig_matchcCs0t ¡}t|_t|_t|_| d| |¡¡dSr ) rrnÚP256_CERT_PATHrqrrÚP256_KEYrtr)r&)rrorrrÚtest_cert_sig_match_ecÜs z1VerifyRenewableCertSigTest.test_cert_sig_match_eccCs&t d¡|j_| tj|j|j¡dS)Nzcert_512_bad.pem)rGrarvrqr3rrir&rrrrÚtest_cert_sig_mismatchãsz1VerifyRenewableCertSigTest.test_cert_sig_mismatchN)r5r6r7r8r&r€rƒr„rrrrr~Òs r~c@s0eZdZdZdd„Zdd„Zdd„Zdd „Zd S) ÚVerifyFullchainTestz/Tests for certbot.crypto_util.verify_fullchain.cCsddlm}||ƒS)Nr)Úverify_fullchain)r$r†)rror†rrrr&ës zVerifyFullchainTest._callcCs| d| |j¡¡dSr rzrrrrÚtest_fullchain_matchesïsz*VerifyFullchainTest.test_fullchain_matchescCs| tj|j|j¡dSr r|rrrrÚtest_fullchain_mismatchòsz+VerifyFullchainTest.test_fullchain_mismatchcCs d|j_| tj|j|j¡dS)NZdog)rvrrr3rrir&rrrrÚtest_fullchain_ioerrorõsz*VerifyFullchainTest.test_fullchain_ioerrorN)r5r6r7r8r&r‡rˆr‰rrrrr…ès r…c@s(eZdZdZdd„Zdd„Zdd„ZdS) ÚVerifyCertMatchesPrivKeyTestz;Tests for certbot.crypto_util.verify_cert_matches_priv_key.cCsddlm}||j|jƒS)Nr)Úverify_cert_matches_priv_key)r$r‹rqrt)rror‹rrrr&ýs z"VerifyCertMatchesPrivKeyTest._callcCs(t|j_t|j_| d| |j¡¡dSr )rprorqrsrtr)r&rrrrÚtest_cert_priv_key_matchsz5VerifyCertMatchesPrivKeyTest.test_cert_priv_key_matchcCs(t|j_t|j_| tj|j|j¡dSr ) ÚRSA256_KEY_PATHrvrtrprqr3rrir&rrrrÚtest_cert_priv_key_mismatchsz8VerifyCertMatchesPrivKeyTest.test_cert_priv_key_mismatchN)r5r6r7r8r&rŒrŽrrrrrŠúsrŠc@s4eZdZdZedd„ƒZdd„Zdd„Zdd „Zd S) ÚValidPrivkeyTestz,Tests for certbot.crypto_util.valid_privkey.cCsddlm}||ƒS)Nr)Ú valid_privkey)r$r)r%rtrrrrr&s zValidPrivkeyTest._callcCs| | t¡¡dSr )r+r&rXrrrrrYsz ValidPrivkeyTest.test_valid_truecCs| | d¡¡dSrNrPrrrrrQsz!ValidPrivkeyTest.test_empty_falsecCs| | d¡¡dSrRrPrrrrrSsz"ValidPrivkeyTest.test_random_falseN) r5r6r7r8r9r&rYrQrSrrrrr s  rc@s,eZdZdZedd„ƒZdd„Zdd„ZdS) ÚGetSANsFromCertTestz1Tests for certbot.crypto_util.get_sans_from_cert.cOsddlm}|||ŽS)Nr)Úget_sans_from_cert)r$r’)r%rVrWr’rrrr&"s zGetSANsFromCertTest._callcCs| g| t d¡¡¡dSrh©r)r&rGrHrrrrÚ test_single'szGetSANsFromCertTest.test_singlecCs | ddg| t d¡¡¡dS©Nr>zwww.example.comzcert-san_512.pemr“rrrrÚtest_san*sþzGetSANsFromCertTest.test_sanN)r5r6r7r8r9r&r”r–rrrrr‘s  r‘c@s<eZdZdZedd„ƒZdd„Zdd„Zdd „Zd d „Z d S) ÚGetNamesFromCertTestz2Tests for certbot.crypto_util.get_names_from_cert.cOsddlm}|||ŽS)Nr)Úget_names_from_cert)r$r˜)r%rVrWr˜rrrr&3s zGetNamesFromCertTest._callcCs| dg| t d¡¡¡dS)Nr>rr“rrrrr”8sþz GetNamesFromCertTest.test_singlecCs | ddg| t d¡¡¡dSr•r“rrrrr–=sþzGetNamesFromCertTest.test_sancCs,| dgdd„dDƒ| t d¡¡¡dS)Nr>cSsg|]}d |¡‘qS)z{0}.example.com)Úformat)Ú.0ÚcrrrÚ FszDGetNamesFromCertTest.test_common_name_sans_order..Zabcdzcert-5sans_512.pemr“rrrrÚtest_common_name_sans_orderBsþz0GetNamesFromCertTest.test_common_name_sans_ordercCs| tjj|jd¡dS)Nz hello there)r3rbrcrir&rrrrÚtest_parse_non_certIsz(GetNamesFromCertTest.test_parse_non_certN) r5r6r7r8r9r&r”r–rržrrrrr—0s r—c@s eZdZdZdd„Zdd„ZdS)ÚCertLoaderTestz8Tests for certbot.crypto_util.pyopenssl_load_certificatecCs>ddlm}|tƒ\}}| | d¡tj |t¡ d¡¡dS)Nr©Úpyopenssl_load_certificateZsha256)r$r¡ÚCERTr)ZdigestrbrcZload_certificate)rr¡rqZ file_typerrrÚtest_load_valid_certPs    ÿz#CertLoaderTest.test_load_valid_certcCs,ddlm}t dd¡}| tj||¡dS)Nrr sBEGIN CERTIFICATEsASDFASDFASDF!!!)r$r¡r¢Úreplacer3rri)rr¡Z bad_cert_datarrrÚtest_load_invalid_certWs  ÿz%CertLoaderTest.test_load_invalid_certN)r5r6r7r8r£r¥rrrrrŸMsrŸc@seZdZdZdd„ZdS)Ú NotBeforeTestz'Tests for certbot.crypto_util.notBeforecCs$ddlm}| |tƒ ¡d¡dS)Nr)Ú notBeforez2014-12-11T22:34:45+00:00)r$r§r)Ú CERT_PATHÚ isoformat)rr§rrrÚtest_notBeforeas ÿzNotBeforeTest.test_notBeforeN)r5r6r7r8rªrrrrr¦^sr¦c@seZdZdZdd„ZdS)Ú NotAfterTestú&Tests for certbot.crypto_util.notAftercCs$ddlm}| |tƒ ¡d¡dS)Nr)ÚnotAfterz2014-12-18T22:34:45+00:00)r$r­r)r¨r©)rr­rrrÚ test_notAfterjs ÿzNotAfterTest.test_notAfterN)r5r6r7r8r®rrrrr«gsr«c@seZdZdZdd„ZdS)Ú Sha256sumTestr¬cCs ddlm}| |tƒd¡dS)Nr)Ú sha256sumZ@914ffed8daf9e2c99d90ac95c77d54f32cbd556672facac380f0c063498df84e)r$r°r)r¨)rr°rrrÚtest_sha256sumrs  ÿzSha256sumTest.test_sha256sumN)r5r6r7r8r±rrrrr¯psr¯c@seZdZdZdd„ZdS)ÚCertAndChainFromFullchainTestz;Tests for certbot.crypto_util.cert_and_chain_from_fullchainc Csjt ¡}|t ¡}||}|d|}ddlm}||fD](}||ƒ\}}| ||¡| ||¡qsV                $'