Beispiel #1
0
    def test_ping_unknown_ca_verify_invalid_ca_cert(self):

        with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:

            ca_cert_tf.write(ca_cert_invalid)
            ca_cert_tf.flush()

            server = TLSServer()
            server.start()

            sleep(0.3)

            port = server.get_port()

            config = self._get_config()
            config['address_host'] = 'https://localhost:{}/'.format(port)
            config['address_url_path'] = ''
            config['ping_method'] = 'GET'
            config['tls_verify'] = ca_cert_tf.name

            wrapper = HTTPSOAPWrapper(config, requests)

            try:
                wrapper.ping(rand_string())
            except Exception, e:
                self.assertIn('SSL3_GET_SERVER_CERTIFICATE:certificate verify failed', e.message[0][1])
            else:
Beispiel #2
0
    def test_ping_client_cert_required_no_client_cert(self):

        with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:

            ca_cert_tf.write(ca_cert)
            ca_cert_tf.flush()

            server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
            server.start()

            sleep(0.3)

            port = server.get_port()

            config = self._get_config()
            config['address_host'] = 'https://localhost:{}/'.format(port)
            config['address_url_path'] = ''
            config['ping_method'] = 'GET'
            config['tls_verify'] = ca_cert_tf.name

            wrapper = HTTPSOAPWrapper(config, requests)

            try:
                wrapper.ping(rand_string())
            except Exception, e:
                self.assertIn('SSL3_READ_BYTES:sslv3 alert handshake failure',
                              e.message[0][1])
            else:
Beispiel #3
0
    def test_ping_client_cert_required_no_client_cert(self):

        with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:

            ca_cert_tf.write(ca_cert)
            ca_cert_tf.flush()

            server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
            server.start()

            sleep(0.3)

            port = server.get_port()

            config = self._get_config()
            config['address_host'] = 'https://localhost:{}/'.format(port)
            config['address_url_path'] = ''
            config['ping_method'] = 'GET'
            config['tls_verify'] = ca_cert_tf.name

            wrapper = HTTPSOAPWrapper(config, requests)

            try:
                wrapper.ping(rand_string())
            except Exception, e:
                self.assertIn('SSL3_READ_BYTES:sslv3 alert handshake failure', e.message[0][1])
            else:
Beispiel #4
0
    def test_ping_unknown_ca_verify_invalid_ca_cert(self):

        with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:

            ca_cert_tf.write(ca_cert_invalid)
            ca_cert_tf.flush()

            server = TLSServer()
            server.start()

            sleep(2)

            port = server.get_port()

            config = self._get_config()
            config['address_host'] = 'https://localhost:{}/'.format(port)
            config['address_url_path'] = ''
            config['ping_method'] = 'GET'
            config['tls_verify'] = ca_cert_tf.name

            wrapper = HTTPSOAPWrapper(config, requests)

            try:
                wrapper.ping(rand_string())
            except Exception, e:
                self.assertIn(
                    'SSL3_GET_SERVER_CERTIFICATE:certificate verify failed',
                    e.message[0][1])
            else:
Beispiel #5
0
    def test_http_get_unknown_ca_verify_invalid_ca_cert(self):

        with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:

            ca_cert_tf.write(ca_cert_invalid)
            ca_cert_tf.flush()

            server = TLSServer()
            server.start()

            sleep(0.3)

            port = server.get_port()

            config = self._get_config()
            config['address_host'] = 'https://localhost:{}/'.format(port)
            config['address_url_path'] = ''
            config['ping_method'] = 'GET'
            config['transport'] = URL_TYPE.PLAIN_HTTP
            config['tls_verify'] = ca_cert_tf.name

            wrapper = HTTPSOAPWrapper(config, requests)

            try:
                wrapper.get('123')
            except Exception, e:
                details = e.message[0][1][0][0]
                self.assertEquals(
                    details, ('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
                              'certificate verify failed'))
            else:
Beispiel #6
0
    def test_ping_unknown_ca_verify_invalid_ca_cert(self):

        with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:

            ca_cert_tf.write(ca_cert_invalid)
            ca_cert_tf.flush()

            server = TLSServer()
            server.start()

            sleep(0.2)

            port = server.get_port()

            config = self._get_config()
            config['address_host'] = 'https://localhost:{}/'.format(port)
            config['address_url_path'] = ''
            config['ping_method'] = 'GET'
            config['tls_verify'] = ca_cert_tf.name

            wrapper = HTTPSOAPWrapper(config, requests)

            try:
                wrapper.ping(rand_string())
            except Exception as e:
                details = e.message[0][1][0][0]
                try:
                    self.assertEquals(details, ('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed'))
                except AssertionError:
                    self.assertEquals(details, ('SSL routines', 'tls_process_server_certificate', 'certificate verify failed'))
            else:
                self.fail('Excepted a TLS error here because the CA is invalid')
Beispiel #7
0
    def test_http_get_unknown_ca_verify_invalid_ca_cert(self):

        with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:

            ca_cert_tf.write(ca_cert_invalid)
            ca_cert_tf.flush()

            server = TLSServer()
            server.start()

            sleep(0.3)

            port = server.get_port()

            config = self._get_config()
            config['address_host'] = 'https://localhost:{}/'.format(port)
            config['address_url_path'] = ''
            config['ping_method'] = 'GET'
            config['transport'] = URL_TYPE.PLAIN_HTTP
            config['tls_verify'] = ca_cert_tf.name

            wrapper = HTTPSOAPWrapper(config, requests)

            try:
                wrapper.get('123')
            except Exception, e:
                details = e.message[0][1][0][0]
                self.assertEquals(details, ('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed'))
            else:
Beispiel #8
0
    def test_http_get_client_cert_required_no_client_cert(self):

        with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:

            ca_cert_tf.write(ca_cert)
            ca_cert_tf.flush()

            server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
            server.start()

            sleep(0.3)

            port = server.get_port()

            config = self._get_config()
            config['address_host'] = 'https://localhost:{}/'.format(port)
            config['address_url_path'] = ''
            config['ping_method'] = 'GET'
            config['transport'] = URL_TYPE.PLAIN_HTTP
            config['tls_verify'] = ca_cert_tf.name

            wrapper = HTTPSOAPWrapper(config, requests)

            try:
                wrapper.get('123')
            except Exception, e:
                details = e.message[0][1][0][0]
                self.assertEquals(details, ('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure'))
            else:
Beispiel #9
0
    def test_ping_client_cert_required_has_client_cert(self):

        with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:

            ca_cert_tf.write(ca_cert)
            ca_cert_tf.flush()

            with NamedTemporaryFile(prefix='zato-tls', delete=False) as client_cert_tf:

                client_cert_tf.write(client1_key)
                client_cert_tf.write('\n')
                client_cert_tf.write(client1_cert)
                client_cert_tf.flush()

                server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
                server.start()

                sleep(0.3)

                port = server.get_port()

                config = self._get_config()
                config['address_host'] = 'https://localhost:{}/'.format(port)
                config['address_url_path'] = ''
                config['ping_method'] = 'GET'
                config['tls_verify'] = ca_cert_tf.name
                config['tls_key_cert_full_path'] = client_cert_tf.name
                config['sec_type'] = SEC_DEF_TYPE.TLS_KEY_CERT

                wrapper = HTTPSOAPWrapper(config, requests)

                wrapper.ping(rand_string())
Beispiel #10
0
    def test_http_get_client_cert_required_no_client_cert(self):

        with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:

            ca_cert_tf.write(ca_cert)
            ca_cert_tf.flush()

            server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
            server.start()

            sleep(0.3)

            port = server.get_port()

            config = self._get_config()
            config['address_host'] = 'https://localhost:{}/'.format(port)
            config['address_url_path'] = ''
            config['ping_method'] = 'GET'
            config['transport'] = URL_TYPE.PLAIN_HTTP
            config['tls_verify'] = ca_cert_tf.name

            wrapper = HTTPSOAPWrapper(config, requests)

            try:
                wrapper.get('123')
            except Exception, e:
                details = e.message[0][1][0][0]
                self.assertEquals(details, ('SSL routines', 'SSL3_READ_BYTES',
                                            'sslv3 alert handshake failure'))
            else:
Beispiel #11
0
    def test_ping_client_cert_required_no_client_cert(self):

        with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:

            ca_cert_tf.write(ca_cert)
            ca_cert_tf.flush()

            server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
            server.start()

            sleep(0.3)

            port = server.get_port()

            config = self._get_config()
            config['address_host'] = 'https://localhost:{}/'.format(port)
            config['address_url_path'] = ''
            config['ping_method'] = 'GET'
            config['tls_verify'] = ca_cert_tf.name

            wrapper = HTTPSOAPWrapper(config, requests)

            try:
                wrapper.ping(rand_string())
            except Exception as e:
                details = e.message[0][1][0][0]
                try:
                    self.assertEquals(details, ('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure'))
                except AssertionError:
                    self.assertEquals(details, ('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure'))
            else:
                self.fail('Excepted a TLS error here because no TLS cert has been provided by client')
Beispiel #12
0
    def test_ping_client_cert_required_has_client_cert(self):

        with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:

            ca_cert_tf.write(ca_cert)
            ca_cert_tf.flush()

            with NamedTemporaryFile(prefix='zato-tls',
                                    delete=False) as client_cert_tf:

                client_cert_tf.write(client1_key)
                client_cert_tf.write('\n')
                client_cert_tf.write(client1_cert)
                client_cert_tf.flush()

                server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
                server.start()

                sleep(0.3)

                port = server.get_port()

                config = self._get_config()
                config['address_host'] = 'https://localhost:{}/'.format(port)
                config['address_url_path'] = ''
                config['ping_method'] = 'GET'
                config['tls_verify'] = ca_cert_tf.name
                config['tls_key_cert_full_path'] = client_cert_tf.name
                config['sec_type'] = SEC_DEF_TYPE.TLS_KEY_CERT

                wrapper = HTTPSOAPWrapper(config, requests)

                wrapper.ping(rand_string())
Beispiel #13
0
    def test_http_get_client_cert_required_has_client_cert(self):

        with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:

            ca_cert_tf.write(ca_cert)
            ca_cert_tf.flush()

            with NamedTemporaryFile(prefix='zato-tls',
                                    delete=False) as client_cert_tf:

                client_cert_tf.write(client1_key)
                client_cert_tf.write('\n')
                client_cert_tf.write(client1_cert)
                client_cert_tf.flush()

                server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
                server.start()

                sleep(0.3)

                port = server.get_port()

                config = self._get_config()
                config['ping_method'] = 'GET'
                config['tls_verify'] = ca_cert_tf.name
                config['tls_key_cert_full_path'] = client_cert_tf.name
                config['sec_type'] = SEC_DEF_TYPE.TLS_KEY_CERT
                config['address_host'] = 'https://localhost:{}/'.format(port)

                uni_data = u'uni_data'
                string_data = b'string_data'
                needs_data = 'post', 'send', 'put', 'patch'

                for url_type in URL_TYPE:
                    config['transport'] = url_type

                    for data_format in DATA_FORMAT:
                        config['data_format'] = data_format

                        for data in uni_data, string_data:

                            for name in ('get', 'delete', 'options', 'post',
                                         'send', 'put', 'patch'):
                                cid = '{}_{}'.format(name, data)

                                config['address_url_path'] = '{}-{}-{}'.format(
                                    url_type, data_format, data)
                                wrapper = HTTPSOAPWrapper(config, requests)
                                func = getattr(wrapper, name)

                                if name in needs_data:
                                    func(cid, data=data)
                                else:
                                    func(cid)
Beispiel #14
0
    def test_http_get_client_cert_required_has_client_cert(self):

        with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:

            ca_cert_tf.write(ca_cert)
            ca_cert_tf.flush()

            with NamedTemporaryFile(prefix='zato-tls', delete=False) as client_cert_tf:

                client_cert_tf.write(client1_key)
                client_cert_tf.write('\n')
                client_cert_tf.write(client1_cert)
                client_cert_tf.flush()

                server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
                server.start()

                sleep(0.3)

                port = server.get_port()

                config = self._get_config()
                config['ping_method'] = 'GET'
                config['tls_verify'] = ca_cert_tf.name
                config['tls_key_cert_full_path'] = client_cert_tf.name
                config['sec_type'] = SEC_DEF_TYPE.TLS_KEY_CERT
                config['address_host'] = 'https://localhost:{}/'.format(port)

                uni_data = u'uni_data'
                string_data = b'string_data'
                needs_data = 'post', 'send', 'put', 'patch'

                for url_type in URL_TYPE:
                    config['transport'] = url_type

                    for data_format in DATA_FORMAT:
                        config['data_format'] = data_format

                        for data in uni_data, string_data:

                            for name in('get', 'delete', 'options', 'post', 'send', 'put', 'patch'):
                                cid = '{}_{}'.format(name, data)

                                config['address_url_path'] = '{}-{}-{}'.format(url_type, data_format, data)
                                wrapper = HTTPSOAPWrapper(config, requests)
                                func = getattr(wrapper, name)

                                if name in needs_data:
                                    func(cid, data=data)
                                else:
                                    func(cid)
Beispiel #15
0
    def test_ping_unknown_ca_verify_false(self):
        server = TLSServer()
        server.start()

        sleep(0.3)

        port = server.get_port()

        config = self._get_config()
        config['address_host'] = 'https://localhost:{}/'.format(port)
        config['address_url_path'] = ''
        config['ping_method'] = 'GET'
        config['tls_verify'] = ZATO_NONE

        wrapper = HTTPSOAPWrapper(config, requests)

        self.assertIn('Code: 200', wrapper.ping(rand_string()))
Beispiel #16
0
    def test_ping_unknown_ca_verify_false(self):
        server = TLSServer()
        server.start()

        sleep(0.3)

        port = server.get_port()

        config = self._get_config()
        config['address_host'] = 'https://localhost:{}/'.format(port)
        config['address_url_path'] = ''
        config['ping_method'] = 'GET'
        config['tls_verify'] = ZATO_NONE

        wrapper = HTTPSOAPWrapper(config, requests)

        self.assertIn('Code: 200', wrapper.ping(rand_string()))
Beispiel #17
0
    def test_http_get_unknown_ca_verify_false(self):
        server = TLSServer()
        server.start()

        sleep(0.3)

        port = server.get_port()

        config = self._get_config()
        config['address_host'] = 'https://localhost:{}/'.format(port)
        config['address_url_path'] = ''
        config['ping_method'] = 'GET'
        config['transport'] = URL_TYPE.PLAIN_HTTP
        config['tls_verify'] = ZATO_NONE

        wrapper = HTTPSOAPWrapper(config, requests)

        self.assertEquals(httplib.OK, wrapper.get('123').status_code)
Beispiel #18
0
    def test_http_get_unknown_ca_verify_false(self):
        server = TLSServer()
        server.start()

        sleep(0.3)

        port = server.get_port()

        config = self._get_config()
        config['address_host'] = 'https://localhost:{}/'.format(port)
        config['address_url_path'] = ''
        config['ping_method'] = 'GET'
        config['transport'] = URL_TYPE.PLAIN_HTTP
        config['tls_verify'] = ZATO_NONE

        wrapper = HTTPSOAPWrapper(config, requests)

        self.assertEquals(httplib.OK, wrapper.get('123').status_code)