M/eIdZddlZddlZddlZddlZddlmZddlZddlZddlm Z ddlm Z ddl m Z ddl m Z ddlmcm Zej"dZej&dZej"d Zej&d Zej&d Zej"d Zej&d Zej"d Zej"d Zej&dZej"dZej"dZej"dZej"dZ GddejBZ"GddejBZ#GddejHZ%GddejHZ&GddejHZ'GddejHZ(GddejHZ)Gd d!e)Z*Gd"d#e)Z+Gd$d%e)Z,Gd&d'e)Z-Gd(d)ejHZ.Gd*d+ejHZ/Gd,d-ejHZ0Gd.d/ejHZ1Gd0d1ejHZ2Gd2d3ejHZ3Gd4d5ejHZ4Gd6d7ejHZ5Gd8d9ejHZ6Gd:d;ejHZ7e8dzTests for certbot.crypto_util.N)mock)errors)util) filesystem)oszrsa256_key.pemzrsa512_key.pemzrsa2048_key.pem cert_512.pemz cert_2048.pemznistp256_key.pemzcert-nosans_nistp256.pemz cert_leaf.pemzcert_intermediate_1.pemzcert_intermediate_2.pemceZdZdZfdZfdZedZejddZ ejddZ xZ S)GenerateKeyTestz+Tests for certbot.crypto_util.generate_key.ct|tjj |j d|_tj|j dtjtjy)Nworkdiri)mode) supersetUprpathjointempdirr rmkdirloggingdisableCRITICALself __class__s J/usr/lib/python3/dist-packages/certbot/_internal/tests/crypto_util_test.pyrzGenerateKeyTest.setUp$sL  ww||DLL)< E2(()cht|tjtjyN)rtearDownrrNOTSETrs rrzGenerateKeyTest.tearDown,s 'rc&ddlm}|||ddS)Nr) generate_keykey-certbot.pemTstrict_permissions)certbot.crypto_utilr!)clskey_sizekey_dirr!s r_callzGenerateKeyTest._call1s4Hg/@UYZZrzcertbot.crypto_util.make_keyc2d|_|jd|j}|jdk(sJd|jvsJt j jt j j|j|jsJy)Nskey_pemr") return_valuer)r pemfilerrexistsr)r mock_makekeys r test_successzGenerateKeyTest.test_success6so!+ jjt||,ww*$$$ CHH,,,ww~~bggll4<<BCCCrct|_tjt5|j d|j dddy#1swYyxYw)Ni) ValueError side_effectpytestraisesr)r )rr0s rtest_key_failurez GenerateKeyTest.test_key_failure>s= *  ]]: & * JJsDLL ) * * *s A  A) __name__ __module__ __qualname____doc__rr classmethodr)rpatchr2r8 __classcell__)rs@rr r "sh5*( [[TZZ./D0DTZZ./*0*rr cjeZdZdZej dej ddZy)GenerateCSRTestz+Tests for certbot.crypto_util.generate_csr.zacme.crypto_util.make_csrz+certbot.crypto_util.util.make_or_verify_dircddlm}d|_|tjdd|j d}|j dk(sJd |jvsJy) Nr) generate_csrscsr_pem dummy_key)r- example.comTr#zcsr-certbot.pem)r%rCr,rMockrdatar.)runused_mock_verifymock_csrrCcsrs rtest_itzGenerateCSRTest.test_itGsW 5 * II+ & t||X\^xx:%%% CHH,,,rN)r9r:r;r<rr>rKrrrArAEs75TZZ+,TZZ=> -?- -rrAc>eZdZdZedZdZdZdZdZ dZ y) ValidCSRTestz(Tests for certbot.crypto_util.valid_csr.cddlm}||S)Nr) valid_csr)r%rP)r&rJrPs rr)zValidCSRTest._callXs1~rcP|jtjdsJyN csr_512.pemr) test_util load_vectorrs rtest_valid_pem_truez ValidCSRTest.test_valid_pem_true]szz)// >???rcP|jtjdsJy)Nzcsr-san_512.pemrTrWs rtest_valid_pem_san_truez$ValidCSRTest.test_valid_pem_san_true`s zz)//0ABCCCrcP|jtjdrJy)N csr_512.derrTrWs rtest_valid_der_falsez!ValidCSRTest.test_valid_der_falsecs"::i33MBCCCCrc*|jdrJyNr)rWs rtest_empty_falsezValidCSRTest.test_empty_falsef::b>!!>rc*|jdrJyNzfoo barrarWs rtest_random_falsezValidCSRTest.test_random_falsei::i((((rN) r9r:r;r<r=r)rXrZr]rbrfrLrrrNrNUs32@DD")rrNc,eZdZdZedZdZdZy)CSRMatchesPubkeyTestz1Tests for certbot.crypto_util.csr_matches_pubkey.cddlm}||i|S)Nr)csr_matches_pubkey)r%rk)r&argskwargsrks rr)zCSRMatchesPubkeyTest._callp:!42622rcZ|jtjdtsJyrR)r)rUrV RSA512_KEYrWs rtest_valid_truez$CSRMatchesPubkeyTest.test_valid_trueus(zz  ! !- 0*> >>rcZ|jtjdtrJyrR)r)rUrV RSA256_KEYrWs rtest_invalid_falsez'CSRMatchesPubkeyTest.test_invalid_falseys-::  ! !- 0*> >>>rN)r9r:r;r<r=r)rqrtrLrrririms!;33>>rric2eZdZdZedZdZdZdZy)ImportCSRFileTestz/Tests for certbot.certbot_util.import_csr_file.cddlm}||i|S)Nr)import_csr_file)r%rx)r&rlrmrxs rr)zImportCSRFileTest._calls7///rctjd}tjd}tjd}tjj t j||ddgf|j||k(sJy)Nr\rSr-r.rGform Example.com rU vector_pathrVOpenSSLcrypto FILETYPE_PEMrCSRr))rcsrfilerGdata_pems r test_der_csrzImportCSRFileTest.test_der_csrs~'' 6$$]3((7++ XX7# "_  JJw % & &&rctjd}tjd}tjj t j||ddgf|j||k(sJy)NrSr-rzr|r})rrrGs r test_pem_csrzImportCSRFileTest.test_pem_csrsn'' 6$$]3++ XX7 "_  JJw % & &&rctjtj5|j t j dt jddddy#1swYyxYwNr)r6r7rErrorr)rUr~rVrWs r test_bad_csrzImportCSRFileTest.test_bad_csrsS ]]6<< ( A JJy,,^<#//? A A A As 9A&&A/N) r9r:r;r<r=r)rrrrLrrrvrv~s'900 & &Arrvc.eZdZdZdZdZdZdZdZy) MakeKeyTestz'Tests for certbot.crypto_util.make_key.cddlm}tjj tjj |dy)Nrmake_key)r%rrrload_privatekeyrrrs rtest_rsazMakeKeyTest.test_rsas)0 &&w~~'B'BHTNSrcddlm}dD]Z\}}tjj tjj ||d}|j |k(rZJy)Nrr)) secp256r1) secp384r1i) secp521r1i ecdsaelliptic_curvekey_type)r%rrrrrbits)rrnamerpkeys rtest_eczMakeKeyTest.test_ecsY0X 'LT4>>11++w?D99;$& &&  'rcddlm}tjtj d5|dddddy#1swYyxYw)Nrrz Unsupported RSA key length: 1024matchr+rsa)rrr%rr6r7rrrs rtest_bad_key_sizeszMakeKeyTest.test_bad_key_sizess90]]6<rrcpeZdZdZdZdZejdejddZ y) VerifyRenewableCertTest4Tests for certbot.crypto_util.verify_renewable_cert.cddlm}||S)Nr)verify_renewable_cert)r%r)rrrs rr)zVerifyRenewableCertTest._calls=$^44rc>|j|jJyrr)rrWs rtest_verify_renewable_certz2VerifyRenewableCertTest.test_verify_renewable_certzz$--.666rz-certbot.crypto_util.verify_renewable_cert_sigr`)r5ctjtj5|j |j dddy#1swYyxYwrr6r7rrr)r)r!unused_verify_renewable_cert_signs r"test_verify_renewable_cert_failurez:VerifyRenewableCertTest.test_verify_renewable_cert_failures9 ]]6<< ( 0 JJt.. / 0 0 0 A  AN) r9r:r;r<r)rrr>rrrrLrrrrs>>57TZZ?\V\\Z\M]^0_0rrc(eZdZdZdZdZdZdZy)VerifyRenewableCertSigTestrcddlm}||S)Nr)verify_renewable_cert_sig)r%r)rrrs rr)z VerifyRenewableCertSigTest._callsA(88rc>|j|jJyrrrWs rtest_cert_sig_matchz.VerifyRenewableCertSigTest.test_cert_sig_matchrrctj}t|_t|_t |_|j|Jyr)rrP256_CERT_PATHrrP256_KEYrr))rrs rtest_cert_sig_match_ecz1VerifyRenewableCertSigTest.test_cert_sig_match_ecs;)#1 $2!"*zz.)111rctjd|j_t j t j5|j|jdddy#1swYyxYw)Nzcert_512_bad.pem) rUr~rrr6r7rrr)rWs rtest_cert_sig_mismatchz1VerifyRenewableCertSigTest.test_cert_sig_mismatchsS,5,A,ABT,U) ]]6<< ( 0 JJt.. / 0 0 0s A--A6N)r9r:r;r<r)rrrrLrrrrs>9720rrc(eZdZdZdZdZdZdZy)VerifyFullchainTestz/Tests for certbot.crypto_util.verify_fullchain.cddlm}||S)Nr)verify_fullchain)r%r)rrrs rr)zVerifyFullchainTest._calls8//rc>|j|jJyrrrWs rtest_fullchain_matchesz*VerifyFullchainTest.test_fullchain_matches rrctjtj5|j |j dddy#1swYyxYwrrrWs rtest_fullchain_mismatchz+VerifyFullchainTest.test_fullchain_mismatchs9 ]]6<< ( 0 JJt.. / 0 0 0rcd|j_tjtj 5|j |jdddy#1swYyxYw)Ndog)rchainr6r7rrr)rWs rtest_fullchain_ioerrorz*VerifyFullchainTest.test_fullchain_ioerrorsG(-% ]]6<< ( 0 JJt.. / 0 0 0s AA#N)r9r:r;r<r)rrrrLrrrrs90700rrc"eZdZdZdZdZdZy)VerifyCertMatchesPrivKeyTestz;Tests for certbot.crypto_util.verify_cert_matches_priv_key.cHddlm}||j|jS)Nr)verify_cert_matches_priv_key)r%rcertprivkey)rrrs rr)z"VerifyCertMatchesPrivKeyTest._callsD+N,?,?AWAWXXrct|j_t|j_|j |jJyr)rrrrrr)rWs rtest_cert_priv_key_matchz5VerifyCertMatchesPrivKeyTest.test_cert_priv_key_match s9#/ &6#zz$--.666rct|j_t|j_t j tj5|j|jdddy#1swYyxYwr) RSA256_KEY_PATHrrrrr6r7rrr)rWs rtest_cert_priv_key_mismatchz8VerifyCertMatchesPrivKeyTest.test_cert_priv_key_mismatch%sU*9''3$ ]]6<< ( 0 JJt.. / 0 0 0s A33A<N)r9r:r;r<r)rrrLrrrrsEY7 0rrc2eZdZdZedZdZdZdZy)ValidPrivkeyTestz,Tests for certbot.crypto_util.valid_privkey.cddlm}||S)Nr) valid_privkey)r%r)r&rrs rr)zValidPrivkeyTest._call0s5W%%rc2|jtsJyr)r)rprWs rrqz ValidPrivkeyTest.test_valid_true5szz*%%%rc*|jdrJyr_rarWs rrbz!ValidPrivkeyTest.test_empty_false8rcrc*|jdrJyrerarWs rrfz"ValidPrivkeyTest.test_random_false;rgrN) r9r:r;r<r=r)rqrbrfrLrrrr-s&6&&&")rrc,eZdZdZedZdZdZy)GetSANsFromCertTestz1Tests for certbot.crypto_util.get_sans_from_cert.cddlm}||i|S)Nr)get_sans_from_cert)r%r)r&rlrmrs rr)zGetSANsFromCertTest._callBrnrcVg|jtjdk(sJyrrTrWs r test_singlezGetSANsFromCertTest.test_singleGs$TZZ 5 5n EFFFFrcZddg|jtjdk(sJyNrEzwww.example.comzcert-san_512.pemrTrWs rtest_sanzGetSANsFromCertTest.test_sanJ501 JJy,,-?@ AB BBrN)r9r:r;r<r=r)rrrLrrrr?s#;33GBrrc8eZdZdZedZdZdZdZdZ y)GetNamesFromCertTestz2Tests for certbot.crypto_util.get_names_from_cert.cddlm}||i|S)Nr)get_names_from_cert)r%r)r&rlrmrs rr)zGetNamesFromCertTest._callRs;"D3F33rcXdg|jtjdk(sJy)NrErrTrWs rrz GetNamesFromCertTest.test_singleWs- JJy,,^< => >>rcZddg|jtjdk(sJyrrTrWs rrzGetNamesFromCertTest.test_san[rrcdgdDcgc]}dj|c}z|jtjdk(sJycc}w)NrEabcdz{0}.example.comzcert-5sans_512.pem)formatr)rUrV)rcs rtest_common_name_sans_orderz0GetNamesFromCertTest.test_common_name_sans_order_sRv!N!"3":":1"=!NN JJy,,-AB CD DD!NsA ctjtjj5|j ddddy#1swYyxYw)Nz hello there)r6r7rrrr)rWs rtest_parse_non_certz(GetNamesFromCertTest.test_parse_non_certes9 ]]7>>// 0 & JJ} % & & &s A  AN) r9r:r;r<r=r)rrr r rLrrrrOs-<44>BD &rrc8eZdZdZedZdZdZdZdZ y)GetNamesFromReqTestz1Tests for certbot.crypto_util.get_names_from_req.cddlm}||i|S)Nr)get_names_from_req)r%r)r&rlrmrs rr)zGetNamesFromReqTest._callmrnrcVg|jtjdk(sJy)Nzcsr-nonames_512.pemrTrWs r test_nonamesz GetNamesFromReqTest.test_nonamesrs/ JJy,,-BC DE EErcXdg|jtjdk(sJy)NrEzcsr-nosans_512.pemrTrWs r test_nosanszGetNamesFromReqTest.test_nosansvs1 JJy,,-AB CD DDrcZgd|jtjdk(sJy)N)rEz example.orgz example.netz example.infozsubdomain.example.comzother.subdomain.example.comzcsr-6sans_512.pemrTrWs r test_sanszGetNamesFromReqTest.test_sanszs2E JJy,,-@A BC CCrchddlm}dg|jtjd|k(sJy)Nr) FILETYPE_ASN1r|r\)typ)OpenSSL.cryptorr)rUrV)rrs rtest_derzGetNamesFromReqTest.test_ders70 JJy,,];J OP PPrN) r9r:r;r<r=r)rrrrrLrrr r js/;33EDC Prr ceZdZdZdZdZy)CertLoaderTestz8Tests for certbot.crypto_util.pyopenssl_load_certificatecddlm}|t\}}|jdtj j |tjdk(sJy)Nrpyopenssl_load_certificatesha256)r%rCERTdigestrrload_certificate)rrr file_types rtest_load_valid_certz#CertLoaderTest.test_load_valid_certsQB4T:i{{8$ 88DIPPQYZ[ [[rcddlm}tjdd}t j t j5||dddy#1swYyxYw)NrrsBEGIN CERTIFICATEsASDFASDFASDF!!!)r%rr!replacer6r7rr)rr bad_cert_datas rtest_load_invalid_certz%CertLoaderTest.test_load_invalid_certsDB %9;MN ]]6<< ( 6 &} 5 6 6 6s AAN)r9r:r;r<r%r)rLrrrrsB[6rrceZdZdZdZy) NotBeforeTestz'Tests for certbot.crypto_util.notBeforecNddlm}|tjdk(sJy)Nr) notBeforez2014-12-11T22:34:45+00:00)r%r- CERT_PATH isoformat)rr-s rtest_notBeforezNotBeforeTest.test_notBefores(1#--/45 55rN)r9r:r;r<r0rLrrr+r+s 15rr+ceZdZdZdZy) NotAfterTest&Tests for certbot.crypto_util.notAftercNddlm}|tjdk(sJy)Nr)notAfterz2014-12-18T22:34:45+00:00)r%r5r.r/)rr5s r test_notAfterzNotAfterTest.test_notAfters(0 ",,.45 55rN)r9r:r;r<r6rLrrr2r2s 05rr2ceZdZdZdZy) Sha256sumTestr3c2ddlm}|tdk(sJy)Nr) sha256sum@914ffed8daf9e2c99d90ac95c77d54f32cbd556672facac380f0c063498df84e)r%r:r.)rr:s rtest_sha256sumzSha256sumTest.test_sha256sums"1# NO OOrN)r9r:r;r<r<rLrrr8r8s 0Orr8ceZdZdZdZdZy)CertAndChainFromFullchainTestz;Tests for certbot.crypto_util.cert_and_chain_from_fullchaincddlm}|j|j|j |j|j S)Nr)r)rrdump_certificaterr#decode)rcert_pemrs r_parse_and_reencode_pemz5CertAndChainFromFullchainTest._parse_and_reencode_pems?"&&v':':  # #F$7$7 BDDJFH Mrctj}|tjz}||z}|dz|z}|jdd}|j ||j |z|j tjz}ddlm}||||fD]}||\} } | |k(sJ| |k(rJtjtj5||dddy#1swYyxYw)N z r)cert_and_chain_from_fullchain) r!rASS_CERTr'rCr%rFr6r7rr) rrB chain_pem fullchain_pemspacey_fullchain_pemcrlf_fullchain_pemacmev1_fullchain_pemrF fullchaincert_out chain_outs r"test_cert_and_chain_from_fullchainz@CertAndChainFromFullchainTest.test_cert_and_chain_from_fullchains ;;=w~~//  9, '%/);*225'B $;;HE  ( ( 2 3595Q5QRYR`R`Rb5c d F')=?Q.0 *I"? "J Hix' '' ) ))  * ]]6<< ( 4 )( 3 4 4 4s  C11C:N)r9r:r;r<rCrPrLrrr>r>sEM 4rr>ceZdZdZedZdZdZejddZ ejddZ ejdd Z y ) FindChainWithIssuerTestz4Tests for certbot.crypto_util.find_chain_with_issuerc "ddlm}||||S)Nr)find_chain_with_issuer)r%rT)r& fullchains issuer_cnrmrTs rr)zFindChainWithIssuerTest._calls>%j)VDDrctjtjztjtjzgSr) CERT_LEAFrA CERT_ISSUERCERT_ALT_ISSUERrWs r_all_fullchainsz'FindChainWithIssuerTest._all_fullchainss@  "[%7%7%99  "_%;%;%==? ?rc\|j}|j|d}||dk(sJy)z/Correctly pick the chain based on the root's CNPebble Root CA 0cc6f0N)r[r))rrUmatcheds rtest_positive_matchz+FindChainWithIssuerTest.test_positive_matchs3))+ **Z)@A*Q-'''rzcertbot.crypto_util.logger.infoc|j}|dtjz|d<|j|d}||dk(sJ|j y)z5Don't pick a chain where only an intermediate matchesr^r]rN)r[rYrAr)assert_not_calledr mock_inforUr_s rtest_intermediate_matchz/FindChainWithIssuerTest.test_intermediate_matchs^))+ #1 (:(:(<< 1 **Z)@A*Q-'''##%rc||j}|j|d}||dk(sJ|jy)Nnon-existent issuerr)r[r)rbrcs r test_no_matchz%FindChainWithIssuerTest.test_no_matchs?))+ **Z)>?*Q-'''##%rz"certbot.crypto_util.logger.warningc|j}|j|dd}||dk(sJ|jddy)NrgT)warn_on_no_matchrzCertbot has been configured to prefer certificate chains with issuer '%s', but no chain from the CA matched this issuer. Using the default certificate chain instead.)r[r)assert_called_once_with)r mock_warningrUr_s rtest_warning_on_no_matchz0FindChainWithIssuerTest.test_warning_on_no_matchsV))+ **Z)>.24*Q-''',,.H " #rN) r9r:r;r<r=r)r[r`rr>rerhrmrLrrrRrRs>EE?( TZZ12 &3 &TZZ12&3& TZZ45#6#rrR__main__r^)=r<rrsysunittestrrr6certbotrrcertbot.compatrrcertbot.tests.utiltestsrUrVrsr~rrprr.r!rrGrr P256_CERTrXrYrZTempDirTestCaser rATestCaserNrirvrrrrrrrrrr rr+r2r8r>rRr9exitmainargv__file__rLrrr|s$  %&& "Y " "#3 4 ')''(89 "Y " "#3 4 (9(():; !I ! !. 1 y^,$y$$_5 )   0 9 !3 4&&&'AB !I ! !"< = !I ! !/ 2 #i##$=> ')''(AB *i// *F -i// - )8$$)0>8,,>""A))"AJ(M(##(MV >h'' > 0o 0 00.0/0(0?0()x(()$ B(++ B &8,,&6P(++P66X&&6"5H%%558$$5OH%%O4H$5$54@/#h///#d z CHH[V[[!" 2 34r