import sys def check(a, b): if a != b: print (a, b) def cert(cn): return dict(subject=((('commonName', cn),),)) from mercurial.sslutil import _verifycert # Test non-wildcard certificates check(_verifycert(cert('example.com'), 'example.com'), None) check(_verifycert(cert('example.com'), 'www.example.com'), 'certificate is for example.com') check(_verifycert(cert('www.example.com'), 'example.com'), 'certificate is for www.example.com') # Test wildcard certificates check(_verifycert(cert('*.example.com'), 'www.example.com'), None) check(_verifycert(cert('*.example.com'), 'example.com'), 'certificate is for *.example.com') check(_verifycert(cert('*.example.com'), 'w.w.example.com'), 'certificate is for *.example.com') # Test subjectAltName san_cert = {'subject': ((('commonName', 'example.com'),),), 'subjectAltName': (('DNS', '*.example.net'), ('DNS', 'example.net'))} check(_verifycert(san_cert, 'example.net'), None) check(_verifycert(san_cert, 'foo.example.net'), None) # no fallback to subject commonName when subjectAltName has DNS check(_verifycert(san_cert, 'example.com'), 'certificate is for *.example.net, example.net') # fallback to subject commonName when no DNS in subjectAltName san_cert = {'subject': ((('commonName', 'example.com'),),), 'subjectAltName': (('IP Address', '8.8.8.8'),)} check(_verifycert(san_cert, 'example.com'), None) # Avoid some pitfalls check(_verifycert(cert('*.foo'), 'foo'), 'certificate is for *.foo') check(_verifycert(cert('*o'), 'foo'), 'certificate is for *o') check(_verifycert({'subject': ()}, 'example.com'), 'no commonName or subjectAltName found in certificate') check(_verifycert(None, 'example.com'), 'no certificate received') # Unicode (IDN) certname isn't supported check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'), 'IDN in certificate not supported') import doctest def test_url(): """ >>> from mercurial.util import url This tests for edge cases in url.URL's parsing algorithm. Most of these aren't useful for documentation purposes, so they aren't part of the class's doc tests. Query strings and fragments: >>> url('http://host/a?b#c') >>> url('http://host/a?') >>> url('http://host/a#b#c') >>> url('http://host/a#b?c') >>> url('http://host/?a#b') >>> url('http://host/?a#b', parsequery=False) >>> url('http://host/?a#b', parsefragment=False) >>> url('http://host/?a#b', parsequery=False, parsefragment=False) IPv6 addresses: >>> url('ldap://[2001:db8::7]/c=GB?objectClass?one') >>> url('ldap://joe:xxx@[2001:db8::7]:80/c=GB?objectClass?one') Missing scheme, host, etc.: >>> url('://192.0.2.16:80/') >>> url('http://mercurial.selenic.com') >>> url('/foo') >>> url('bundle:/foo') >>> url('a?b#c') >>> url('http://x.com?arg=/foo') >>> url('http://joe:xxx@/foo') Just a scheme and a path: >>> url('mailto:John.Doe@example.com') >>> url('a:b:c:d') >>> url('aa:bb:cc:dd') SSH examples: >>> url('ssh://joe@host//home/joe') >>> url('ssh://joe:xxx@host/src') >>> url('ssh://joe:xxx@host') >>> url('ssh://joe@host') >>> url('ssh://host') >>> url('ssh://') >>> url('ssh:') Non-numeric port: >>> url('http://example.com:dd') >>> url('ssh://joe:xxx@host:ssh/foo') Bad authentication credentials: >>> url('http://joe@joeville:123@4:@host/a?b#c') >>> url('http://!*#?/@!*#?/:@host/a?b#c') >>> url('http://!*#?@!*#?:@host/a?b#c') >>> url('http://!*@:!*@@host/a?b#c') File paths: >>> url('a/b/c/d.g.f') >>> url('/x///z/y/') >>> url('/foo:bar') >>> url('\\\\foo:bar') >>> url('./foo:bar') Non-localhost file URL: >>> u = url('file://mercurial.selenic.com/foo') Traceback (most recent call last): File "", line 1, in ? Abort: file:// URLs can only refer to localhost Empty URL: >>> u = url('') >>> u >>> str(u) '' Empty path with query string: >>> str(url('http://foo/?bar')) 'http://foo/?bar' Invalid path: >>> u = url('http://foo/bar') >>> u.path = 'bar' >>> str(u) 'http://foo/bar' >>> u = url('file:/foo/bar/baz') >>> u >>> str(u) 'file:///foo/bar/baz' >>> u = url('file:///foo/bar/baz') >>> u >>> str(u) 'file:///foo/bar/baz' >>> u = url('file:foo/bar/baz') >>> u >>> str(u) 'file:foo/bar/baz' """ doctest.testmod(optionflags=doctest.NORMALIZE_WHITESPACE)