def test_ping_unknown_ca_verify_invalid_ca_cert(self):
with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:
ca_cert_tf.write(ca_cert_invalid)
ca_cert_tf.flush()
server = TLSServer()
server.start()
sleep(0.3)
port = server.get_port()
config = self._get_config()
config['address_host'] = 'https://localhost:{}/'.format(port)
config['address_url_path'] = ''
config['ping_method'] = 'GET'
config['tls_verify'] = ca_cert_tf.name
wrapper = HTTPSOAPWrapper(config, requests)
try:
wrapper.ping(rand_string())
except Exception, e:
self.assertIn('SSL3_GET_SERVER_CERTIFICATE:certificate verify failed', e.message[0][1])
else:
def test_ping_client_cert_required_no_client_cert(self):
with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:
ca_cert_tf.write(ca_cert)
ca_cert_tf.flush()
server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
server.start()
sleep(0.3)
port = server.get_port()
config = self._get_config()
config['address_host'] = 'https://localhost:{}/'.format(port)
config['address_url_path'] = ''
config['ping_method'] = 'GET'
config['tls_verify'] = ca_cert_tf.name
wrapper = HTTPSOAPWrapper(config, requests)
try:
wrapper.ping(rand_string())
except Exception, e:
self.assertIn('SSL3_READ_BYTES:sslv3 alert handshake failure',
e.message[0][1])
else:
def test_ping_client_cert_required_no_client_cert(self):
with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:
ca_cert_tf.write(ca_cert)
ca_cert_tf.flush()
server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
server.start()
sleep(0.3)
port = server.get_port()
config = self._get_config()
config['address_host'] = 'https://localhost:{}/'.format(port)
config['address_url_path'] = ''
config['ping_method'] = 'GET'
config['tls_verify'] = ca_cert_tf.name
wrapper = HTTPSOAPWrapper(config, requests)
try:
wrapper.ping(rand_string())
except Exception, e:
self.assertIn('SSL3_READ_BYTES:sslv3 alert handshake failure', e.message[0][1])
else:
def test_ping_unknown_ca_verify_invalid_ca_cert(self):
with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:
ca_cert_tf.write(ca_cert_invalid)
ca_cert_tf.flush()
server = TLSServer()
server.start()
sleep(2)
port = server.get_port()
config = self._get_config()
config['address_host'] = 'https://localhost:{}/'.format(port)
config['address_url_path'] = ''
config['ping_method'] = 'GET'
config['tls_verify'] = ca_cert_tf.name
wrapper = HTTPSOAPWrapper(config, requests)
try:
wrapper.ping(rand_string())
except Exception, e:
self.assertIn(
'SSL3_GET_SERVER_CERTIFICATE:certificate verify failed',
e.message[0][1])
else:
def test_http_get_unknown_ca_verify_invalid_ca_cert(self):
with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:
ca_cert_tf.write(ca_cert_invalid)
ca_cert_tf.flush()
server = TLSServer()
server.start()
sleep(0.3)
port = server.get_port()
config = self._get_config()
config['address_host'] = 'https://localhost:{}/'.format(port)
config['address_url_path'] = ''
config['ping_method'] = 'GET'
config['transport'] = URL_TYPE.PLAIN_HTTP
config['tls_verify'] = ca_cert_tf.name
wrapper = HTTPSOAPWrapper(config, requests)
try:
wrapper.get('123')
except Exception, e:
details = e.message[0][1][0][0]
self.assertEquals(
details, ('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
'certificate verify failed'))
else:
def test_ping_unknown_ca_verify_invalid_ca_cert(self):
with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:
ca_cert_tf.write(ca_cert_invalid)
ca_cert_tf.flush()
server = TLSServer()
server.start()
sleep(0.2)
port = server.get_port()
config = self._get_config()
config['address_host'] = 'https://localhost:{}/'.format(port)
config['address_url_path'] = ''
config['ping_method'] = 'GET'
config['tls_verify'] = ca_cert_tf.name
wrapper = HTTPSOAPWrapper(config, requests)
try:
wrapper.ping(rand_string())
except Exception as e:
details = e.message[0][1][0][0]
try:
self.assertEquals(details, ('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed'))
except AssertionError:
self.assertEquals(details, ('SSL routines', 'tls_process_server_certificate', 'certificate verify failed'))
else:
self.fail('Excepted a TLS error here because the CA is invalid')
def test_http_get_unknown_ca_verify_invalid_ca_cert(self):
with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:
ca_cert_tf.write(ca_cert_invalid)
ca_cert_tf.flush()
server = TLSServer()
server.start()
sleep(0.3)
port = server.get_port()
config = self._get_config()
config['address_host'] = 'https://localhost:{}/'.format(port)
config['address_url_path'] = ''
config['ping_method'] = 'GET'
config['transport'] = URL_TYPE.PLAIN_HTTP
config['tls_verify'] = ca_cert_tf.name
wrapper = HTTPSOAPWrapper(config, requests)
try:
wrapper.get('123')
except Exception, e:
details = e.message[0][1][0][0]
self.assertEquals(details, ('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed'))
else:
def test_http_get_client_cert_required_no_client_cert(self):
with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:
ca_cert_tf.write(ca_cert)
ca_cert_tf.flush()
server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
server.start()
sleep(0.3)
port = server.get_port()
config = self._get_config()
config['address_host'] = 'https://localhost:{}/'.format(port)
config['address_url_path'] = ''
config['ping_method'] = 'GET'
config['transport'] = URL_TYPE.PLAIN_HTTP
config['tls_verify'] = ca_cert_tf.name
wrapper = HTTPSOAPWrapper(config, requests)
try:
wrapper.get('123')
except Exception, e:
details = e.message[0][1][0][0]
self.assertEquals(details, ('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure'))
else:
def test_ping_client_cert_required_has_client_cert(self):
with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:
ca_cert_tf.write(ca_cert)
ca_cert_tf.flush()
with NamedTemporaryFile(prefix='zato-tls', delete=False) as client_cert_tf:
client_cert_tf.write(client1_key)
client_cert_tf.write('\n')
client_cert_tf.write(client1_cert)
client_cert_tf.flush()
server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
server.start()
sleep(0.3)
port = server.get_port()
config = self._get_config()
config['address_host'] = 'https://localhost:{}/'.format(port)
config['address_url_path'] = ''
config['ping_method'] = 'GET'
config['tls_verify'] = ca_cert_tf.name
config['tls_key_cert_full_path'] = client_cert_tf.name
config['sec_type'] = SEC_DEF_TYPE.TLS_KEY_CERT
wrapper = HTTPSOAPWrapper(config, requests)
wrapper.ping(rand_string())
def test_http_get_client_cert_required_no_client_cert(self):
with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:
ca_cert_tf.write(ca_cert)
ca_cert_tf.flush()
server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
server.start()
sleep(0.3)
port = server.get_port()
config = self._get_config()
config['address_host'] = 'https://localhost:{}/'.format(port)
config['address_url_path'] = ''
config['ping_method'] = 'GET'
config['transport'] = URL_TYPE.PLAIN_HTTP
config['tls_verify'] = ca_cert_tf.name
wrapper = HTTPSOAPWrapper(config, requests)
try:
wrapper.get('123')
except Exception, e:
details = e.message[0][1][0][0]
self.assertEquals(details, ('SSL routines', 'SSL3_READ_BYTES',
'sslv3 alert handshake failure'))
else:
def test_ping_client_cert_required_no_client_cert(self):
with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:
ca_cert_tf.write(ca_cert)
ca_cert_tf.flush()
server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
server.start()
sleep(0.3)
port = server.get_port()
config = self._get_config()
config['address_host'] = 'https://localhost:{}/'.format(port)
config['address_url_path'] = ''
config['ping_method'] = 'GET'
config['tls_verify'] = ca_cert_tf.name
wrapper = HTTPSOAPWrapper(config, requests)
try:
wrapper.ping(rand_string())
except Exception as e:
details = e.message[0][1][0][0]
try:
self.assertEquals(details, ('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure'))
except AssertionError:
self.assertEquals(details, ('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure'))
else:
self.fail('Excepted a TLS error here because no TLS cert has been provided by client')
def test_ping_client_cert_required_has_client_cert(self):
with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:
ca_cert_tf.write(ca_cert)
ca_cert_tf.flush()
with NamedTemporaryFile(prefix='zato-tls',
delete=False) as client_cert_tf:
client_cert_tf.write(client1_key)
client_cert_tf.write('\n')
client_cert_tf.write(client1_cert)
client_cert_tf.flush()
server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
server.start()
sleep(0.3)
port = server.get_port()
config = self._get_config()
config['address_host'] = 'https://localhost:{}/'.format(port)
config['address_url_path'] = ''
config['ping_method'] = 'GET'
config['tls_verify'] = ca_cert_tf.name
config['tls_key_cert_full_path'] = client_cert_tf.name
config['sec_type'] = SEC_DEF_TYPE.TLS_KEY_CERT
wrapper = HTTPSOAPWrapper(config, requests)
wrapper.ping(rand_string())
def test_http_get_client_cert_required_has_client_cert(self):
with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:
ca_cert_tf.write(ca_cert)
ca_cert_tf.flush()
with NamedTemporaryFile(prefix='zato-tls',
delete=False) as client_cert_tf:
client_cert_tf.write(client1_key)
client_cert_tf.write('\n')
client_cert_tf.write(client1_cert)
client_cert_tf.flush()
server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
server.start()
sleep(0.3)
port = server.get_port()
config = self._get_config()
config['ping_method'] = 'GET'
config['tls_verify'] = ca_cert_tf.name
config['tls_key_cert_full_path'] = client_cert_tf.name
config['sec_type'] = SEC_DEF_TYPE.TLS_KEY_CERT
config['address_host'] = 'https://localhost:{}/'.format(port)
uni_data = u'uni_data'
string_data = b'string_data'
needs_data = 'post', 'send', 'put', 'patch'
for url_type in URL_TYPE:
config['transport'] = url_type
for data_format in DATA_FORMAT:
config['data_format'] = data_format
for data in uni_data, string_data:
for name in ('get', 'delete', 'options', 'post',
'send', 'put', 'patch'):
cid = '{}_{}'.format(name, data)
config['address_url_path'] = '{}-{}-{}'.format(
url_type, data_format, data)
wrapper = HTTPSOAPWrapper(config, requests)
func = getattr(wrapper, name)
if name in needs_data:
func(cid, data=data)
else:
func(cid)
def test_http_get_client_cert_required_has_client_cert(self):
with NamedTemporaryFile(prefix='zato-tls', delete=False) as ca_cert_tf:
ca_cert_tf.write(ca_cert)
ca_cert_tf.flush()
with NamedTemporaryFile(prefix='zato-tls', delete=False) as client_cert_tf:
client_cert_tf.write(client1_key)
client_cert_tf.write('\n')
client_cert_tf.write(client1_cert)
client_cert_tf.flush()
server = TLSServer(cert_reqs=ssl.CERT_REQUIRED)
server.start()
sleep(0.3)
port = server.get_port()
config = self._get_config()
config['ping_method'] = 'GET'
config['tls_verify'] = ca_cert_tf.name
config['tls_key_cert_full_path'] = client_cert_tf.name
config['sec_type'] = SEC_DEF_TYPE.TLS_KEY_CERT
config['address_host'] = 'https://localhost:{}/'.format(port)
uni_data = u'uni_data'
string_data = b'string_data'
needs_data = 'post', 'send', 'put', 'patch'
for url_type in URL_TYPE:
config['transport'] = url_type
for data_format in DATA_FORMAT:
config['data_format'] = data_format
for data in uni_data, string_data:
for name in('get', 'delete', 'options', 'post', 'send', 'put', 'patch'):
cid = '{}_{}'.format(name, data)
config['address_url_path'] = '{}-{}-{}'.format(url_type, data_format, data)
wrapper = HTTPSOAPWrapper(config, requests)
func = getattr(wrapper, name)
if name in needs_data:
func(cid, data=data)
else:
func(cid)
def test_ping_unknown_ca_verify_false(self):
server = TLSServer()
server.start()
sleep(0.3)
port = server.get_port()
config = self._get_config()
config['address_host'] = 'https://localhost:{}/'.format(port)
config['address_url_path'] = ''
config['ping_method'] = 'GET'
config['tls_verify'] = ZATO_NONE
wrapper = HTTPSOAPWrapper(config, requests)
self.assertIn('Code: 200', wrapper.ping(rand_string()))
def test_ping_unknown_ca_verify_false(self):
server = TLSServer()
server.start()
sleep(0.3)
port = server.get_port()
config = self._get_config()
config['address_host'] = 'https://localhost:{}/'.format(port)
config['address_url_path'] = ''
config['ping_method'] = 'GET'
config['tls_verify'] = ZATO_NONE
wrapper = HTTPSOAPWrapper(config, requests)
self.assertIn('Code: 200', wrapper.ping(rand_string()))
def test_http_get_unknown_ca_verify_false(self):
server = TLSServer()
server.start()
sleep(0.3)
port = server.get_port()
config = self._get_config()
config['address_host'] = 'https://localhost:{}/'.format(port)
config['address_url_path'] = ''
config['ping_method'] = 'GET'
config['transport'] = URL_TYPE.PLAIN_HTTP
config['tls_verify'] = ZATO_NONE
wrapper = HTTPSOAPWrapper(config, requests)
self.assertEquals(httplib.OK, wrapper.get('123').status_code)
def test_http_get_unknown_ca_verify_false(self):
server = TLSServer()
server.start()
sleep(0.3)
port = server.get_port()
config = self._get_config()
config['address_host'] = 'https://localhost:{}/'.format(port)
config['address_url_path'] = ''
config['ping_method'] = 'GET'
config['transport'] = URL_TYPE.PLAIN_HTTP
config['tls_verify'] = ZATO_NONE
wrapper = HTTPSOAPWrapper(config, requests)
self.assertEquals(httplib.OK, wrapper.get('123').status_code)