def testEnumSetters(self):
config = TSSLConfig()
bogus_values = ['', 'bogus', 5, 0]
for v in bogus_values:
with self.assertRaises(ValueError):
config.verify = v
for v in bogus_values:
with self.assertRaises(ValueError):
config.ssl_policy = v
def testValidateSSL(self):
valid, msg = self.server.validateSSLConfig({})
self.assertFalse(valid)
self.assertIsNotNone(msg)
cfg = TSSLConfig()
valid, msg = self.server.validateSSLConfig(cfg)
self.assertTrue(valid)
self.assertIsNone(msg)
cfg.key_path = 'thrift/test/py/test_cert.pem'
valid, msg = self.server.validateSSLConfig(cfg)
self.assertFalse(valid)
self.assertIsNotNone(msg)
cfg.key_path = ''
cfg.cert_path = 'thrift/test/py/test_cert.pem'
valid, msg = self.server.validateSSLConfig(cfg)
self.assertFalse(valid)
self.assertIsNotNone(msg)
cfg.key_path = cfg.cert_path
valid, msg = self.server.validateSSLConfig(cfg)
self.assertTrue(valid)
self.assertIsNone(msg)
cfg.client_ca_path = 'thrift/test/should/not/exist.pem'
valid, msg = self.server.validateSSLConfig(cfg)
self.assertFalse(valid)
self.assertIsNotNone(msg)
def testDefaults(self):
config = TSSLConfig()
self.assertEquals(config.cert_path, '')
self.assertEquals(config.key_path, '')
self.assertEquals(config.key_pw_path, '')
self.assertEquals(config.client_ca_path, '')
self.assertEquals(config.ecc_curve_name, '')
self.assertEquals(config.verify, SSLVerifyPeerEnum.VERIFY)
self.assertEquals(config.ssl_policy, SSLPolicy.PERMITTED)
def configureSSL(self):
config = TSSLConfig()
self.setupTickets()
self.assertEquals(config.key_path, "")
config.ssl_policy = SSLPolicy.REQUIRED
config.cert_path = 'thrift/test/py/test_cert.pem'
config.client_verify = SSLVerifyPeerEnum.VERIFY
config.key_path = None
config.ticket_file_path = self.ticket_file.name
# expect an error with a cert_path but no key_path
with self.assertRaises(ValueError):
self.server.setSSLConfig(config)
config.key_path = 'thrift/test/py/test_cert.pem'
self.server.setSSLConfig(config)
def testValidateSSL(self):
valid, msg = self.server.validateSSLConfig({})
self.assertFalse(valid)
self.assertIsNotNone(msg)
cfg = TSSLConfig()
valid, msg = self.server.validateSSLConfig(cfg)
self.assertTrue(valid)
self.assertIsNone(msg)
cfg.key_path = 'thrift/test/py/test_cert.pem'
valid, msg = self.server.validateSSLConfig(cfg)
self.assertFalse(valid)
self.assertIsNotNone(msg)
cfg.key_path = ''
cfg.cert_path = 'thrift/test/py/test_cert.pem'
valid, msg = self.server.validateSSLConfig(cfg)
self.assertFalse(valid)
self.assertIsNotNone(msg)
cfg.key_path = cfg.cert_path
valid, msg = self.server.validateSSLConfig(cfg)
self.assertTrue(valid)
self.assertIsNone(msg)
cfg.client_ca_path = 'thrift/test/should/not/exist.pem'
valid, msg = self.server.validateSSLConfig(cfg)
self.assertFalse(valid)
self.assertIsNotNone(msg)
def configureSSL(self):
config = TSSLConfig()
self.setupTickets()
self.assertEquals(config.key_path, "")
config.ssl_policy = SSLPolicy.REQUIRED
config.cert_path = 'thrift/test/py/test_cert.pem'
config.client_verify = SSLVerifyPeerEnum.VERIFY
config.key_path = None
config.ticket_file_path = self.ticket_file.name
# expect an error with a cert_path but no key_path
with self.assertRaises(ValueError):
self.server.setSSLConfig(config)
config.key_path = 'thrift/test/py/test_cert.pem'
self.server.setSSLConfig(config)