def getContext(self):
"""
Create an SSL context.
"""
ctx = SSL.Context(SSL.SSLv23_METHOD)
# ctx = SSL.Context(SSL.TLSv1_METHOD)
ctx.use_certificate_file(where('leaptestscert.pem'))
ctx.use_privatekey_file(where('leaptestskey.pem'))
return ctx
def getContext(self):
"""
Create an SSL context.
"""
ctx = SSL.Context(SSL.SSLv23_METHOD)
#ctx = SSL.Context(SSL.TLSv1_METHOD)
ctx.use_certificate_file(where('leaptestscert.pem'))
ctx.use_privatekey_file(where('leaptestskey.pem'))
return ctx
def test_should_proceed_cert(self):
self.pb._provider_config = mock.Mock()
self.pb._provider_config.get_ca_cert_path = mock.MagicMock(
return_value=where("cacert.pem"))
self.pb._download_if_needed = False
self.assertTrue(self.pb._should_proceed_cert())
self.pb._download_if_needed = True
self.assertFalse(self.pb._should_proceed_cert())
self.pb._provider_config.get_ca_cert_path = mock.MagicMock(
return_value=where("somefilethatdoesntexist.pem"))
self.assertTrue(self.pb._should_proceed_cert())
def test_should_proceed_cert(self):
self.pb._provider_config = mock.Mock()
self.pb._provider_config.get_ca_cert_path = mock.MagicMock(
return_value=where("cacert.pem"))
self.pb._download_if_needed = False
self.assertTrue(self.pb._should_proceed_cert())
self.pb._download_if_needed = True
self.assertFalse(self.pb._should_proceed_cert())
self.pb._provider_config.get_ca_cert_path = mock.MagicMock(
return_value=where("somefilethatdoesntexist.pem"))
self.assertTrue(self.pb._should_proceed_cert())
def test_check_api_certificate_succeeds(self):
self.pb._provider_config = ProviderConfig()
self.pb._provider_config.get_api_uri = mock.MagicMock(
return_value="https://localhost:%s" % (self.https_port,))
self.pb._provider_config.get_ca_cert_path = mock.MagicMock(
return_value=where('cacert.pem'))
self.pb._provider_config.get_api_version = mock.MagicMock(
return_value="1")
self.pb._should_proceed_cert = mock.MagicMock(return_value=True)
def check(*args):
self.pb._check_api_certificate()
d = threads.deferToThread(check)
return d
def test_check_api_certificate_succeeds(self):
self.pb._provider_config = ProviderConfig()
self.pb._provider_config.get_api_uri = mock.MagicMock(
return_value="https://localhost:%s" % (self.https_port, ))
self.pb._provider_config.get_ca_cert_path = mock.MagicMock(
return_value=where('cacert.pem'))
self.pb._provider_config.get_api_version = mock.MagicMock(
return_value="1")
self.pb._should_proceed_cert = mock.MagicMock(return_value=True)
def check(*args):
self.pb._check_api_certificate()
d = threads.deferToThread(check)
return d
def _get_capath():
return where("cacert.pem")
"""
Tests for:
* leap/common/certs.py
"""
import time
try:
import unittest2 as unittest
except ImportError:
import unittest
from leap.common import certs
from leap.common.testing.basetest import BaseLeapTest
from leap.common.testing.https_server import where
TEST_CERT_PEM = where("leaptest_combined_keycert.pem")
# Values from the test cert file:
# Not Before: Sep 3 17:52:16 2013 GMT
# Not After : Sep 1 17:52:16 2023 GMT
CERT_NOT_BEFORE = (2013, 9, 3, 17, 52, 16, 1, 246, 0)
CERT_NOT_AFTER = (2023, 9, 1, 17, 52, 16, 4, 244, 0)
class CertsTest(BaseLeapTest):
def setUp(self):
pass
def tearDown(self):
pass
def _get_capath():
return where("cacert.pem")
"""
Tests for:
* leap/common/certs.py
"""
import time
try:
import unittest2 as unittest
except ImportError:
import unittest
from leap.common import certs
from leap.common.testing.basetest import BaseLeapTest
from leap.common.testing.https_server import where
TEST_CERT_PEM = where("leaptest_combined_keycert.pem")
# Values from the test cert file:
# Not Before: Sep 3 17:52:16 2013 GMT
# Not After : Sep 1 17:52:16 2023 GMT
CERT_NOT_BEFORE = (2013, 9, 3, 17, 52, 16, 1, 246, 0)
CERT_NOT_AFTER = (2023, 9, 1, 17, 52, 16, 4, 244, 0)
class CertsTest(BaseLeapTest):
def setUp(self):
pass
def tearDown(self):
pass
class ProviderBootstrapperActiveTest(unittest.TestCase):
@classmethod
def setUpClass(cls):
factory = fake_provider.get_provider_factory()
http = reactor.listenTCP(8002, factory)
https = reactor.listenSSL(0, factory,
fake_provider.OpenSSLServerContextFactory())
get_port = lambda p: p.getHost().port
cls.http_port = get_port(http)
cls.https_port = get_port(https)
def setUp(self):
self.pb = ProviderBootstrapper()
# At certain points we are going to be replacing these methods
# directly in ProviderConfig to be able to catch calls from
# new ProviderConfig objects inside the methods tested. We
# need to save the old implementation and restore it in
# tearDown so we are sure everything is as expected for each
# test. If we do it inside each specific test, a failure in
# the test will leave the implementation with the mock.
self.old_gpp = util.get_path_prefix
self.old_load = ProviderConfig.load
self.old_save = ProviderConfig.save
self.old_api_version = ProviderConfig.get_api_version
self.old_api_uri = ProviderConfig.get_api_uri
def tearDown(self):
util.get_path_prefix = self.old_gpp
ProviderConfig.load = self.old_load
ProviderConfig.save = self.old_save
ProviderConfig.get_api_version = self.old_api_version
ProviderConfig.get_api_uri = self.old_api_uri
def test_check_https_succeeds(self):
# XXX: Need a proper CA signed cert to test this
pass
@deferred()
def test_check_https_fails(self):
self.pb._domain = "localhost:%s" % (self.https_port, )
def check(*args):
with self.assertRaises(requests.exceptions.SSLError):
self.pb._check_https()
return threads.deferToThread(check)
@deferred()
def test_second_check_https_fails(self):
self.pb._domain = "localhost:1234"
def check(*args):
with self.assertRaises(Exception):
self.pb._check_https()
return threads.deferToThread(check)
@deferred()
def test_check_https_succeeds_if_danger(self):
self.pb._domain = "localhost:%s" % (self.https_port, )
self.pb._bypass_checks = True
def check(*args):
self.pb._check_https()
return threads.deferToThread(check)
def _setup_provider_config_with(self, api, path_prefix):
"""
Sets up the ProviderConfig with mocks for the path prefix, the
api returned and load/save methods.
It modifies ProviderConfig directly instead of an object
because the object used is created in the method itself and we
cannot control that.
:param api: API to return
:type api: str
:param path_prefix: path prefix to be used when calculating
paths
:type path_prefix: str
"""
util.get_path_prefix = mock.MagicMock(return_value=path_prefix)
ProviderConfig.get_api_version = mock.MagicMock(return_value=api)
ProviderConfig.get_api_uri = mock.MagicMock(
return_value="https://*****:*****@mock.patch('leap.bitmask.config.providerconfig.ProviderConfig.get_domain',
lambda x: where('testdomain.com'))
def test_download_provider_info_new_provider(self):
self._setup_provider_config_with("1", tempfile.mkdtemp())
self._setup_providerbootstrapper(True)
self.pb._download_provider_info()
self.assertTrue(ProviderConfig.save.called)
@mock.patch(
'leap.bitmask.config.providerconfig.ProviderConfig.get_ca_cert_path',
lambda x: where('cacert.pem'))
def test_download_provider_info_not_modified(self):
self._setup_provider_config_with("1", tempfile.mkdtemp())
self._setup_providerbootstrapper(True)
provider_path = self._produce_dummy_provider_json()
# set mtime to something really new
os.utime(provider_path, (-1, time.time()))
self.pb._download_provider_info()
# we check that it doesn't save the provider
# config, because it's new enough
self.assertFalse(ProviderConfig.save.called)
@mock.patch('leap.bitmask.config.providerconfig.ProviderConfig.get_domain',
lambda x: where('testdomain.com'))
def test_download_provider_info_not_modified_and_no_cacert(self):
self._setup_provider_config_with("1", tempfile.mkdtemp())
self._setup_providerbootstrapper(True)
provider_path = self._produce_dummy_provider_json()
# set mtime to something really new
os.utime(provider_path, (-1, time.time()))
self.pb._download_provider_info()
# we check that it doesn't save the provider
# config, because it's new enough
self.assertFalse(ProviderConfig.save.called)
@mock.patch(
'leap.bitmask.config.providerconfig.ProviderConfig.get_ca_cert_path',
lambda x: where('cacert.pem'))
def test_download_provider_info_modified(self):
self._setup_provider_config_with("1", tempfile.mkdtemp())
self._setup_providerbootstrapper(True)
provider_path = self._produce_dummy_provider_json()
# set mtime to something really old
os.utime(provider_path, (-1, 100))
self.pb._download_provider_info()
self.assertTrue(ProviderConfig.load.called)
self.assertTrue(ProviderConfig.save.called)
@mock.patch(
'leap.bitmask.config.providerconfig.ProviderConfig.get_ca_cert_path',
lambda x: where('cacert.pem'))
def test_download_provider_info_unsupported_api_raises(self):
self._setup_provider_config_with("9999999", tempfile.mkdtemp())
self._setup_providerbootstrapper(False)
self._produce_dummy_provider_json()
with self.assertRaises(UnsupportedProviderAPI):
self.pb._download_provider_info()
@mock.patch(
'leap.bitmask.config.providerconfig.ProviderConfig.get_ca_cert_path',
lambda x: where('cacert.pem'))
def test_download_provider_info_unsupported_api(self):
self._setup_provider_config_with(provider.SUPPORTED_APIS[0],
tempfile.mkdtemp())
self._setup_providerbootstrapper(False)
self._produce_dummy_provider_json()
self.pb._download_provider_info()
@mock.patch(
'leap.bitmask.config.providerconfig.ProviderConfig.get_api_uri',
lambda x: 'api.uri')
@mock.patch(
'leap.bitmask.config.providerconfig.ProviderConfig.get_ca_cert_path',
lambda x: '/cert/path')
def test_check_api_certificate_skips(self):
self.pb._provider_config = ProviderConfig()
self.pb._session.get = mock.MagicMock(return_value=Response())
self.pb._should_proceed_cert = mock.MagicMock(return_value=False)
self.pb._check_api_certificate()
self.assertFalse(self.pb._session.get.called)
@deferred()
def test_check_api_certificate_fails(self):
self.pb._provider_config = ProviderConfig()
self.pb._provider_config.get_api_uri = mock.MagicMock(
return_value="https://localhost:%s" % (self.https_port, ))
self.pb._provider_config.get_ca_cert_path = mock.MagicMock(
return_value=os.path.join(
os.path.split(__file__)[0], "wrongcert.pem"))
self.pb._provider_config.get_api_version = mock.MagicMock(
return_value="1")
self.pb._should_proceed_cert = mock.MagicMock(return_value=True)
def check(*args):
with self.assertRaises(requests.exceptions.SSLError):
self.pb._check_api_certificate()
d = threads.deferToThread(check)
return d
@deferred()
def test_check_api_certificate_succeeds(self):
self.pb._provider_config = ProviderConfig()
self.pb._provider_config.get_api_uri = mock.MagicMock(
return_value="https://localhost:%s" % (self.https_port, ))
self.pb._provider_config.get_ca_cert_path = mock.MagicMock(
return_value=where('cacert.pem'))
self.pb._provider_config.get_api_version = mock.MagicMock(
return_value="1")
self.pb._should_proceed_cert = mock.MagicMock(return_value=True)
def check(*args):
self.pb._check_api_certificate()
d = threads.deferToThread(check)
return d