def test02SetProperties(self):
client = MyProxyClient()
try:
client.port = None
self.fail("Expecting AttributeError raised from port set to "
"invalid type")
except TypeError:
pass
client.port = 8000
client.hostname = '127.0.0.1'
client.serverDN = '/O=NDG/OU=BADC/CN=raphael'
client.proxyCertMaxLifetime = 80000
client.proxyCertLifetime = 70000
try:
client.openSSLConfFilePath = mkPath('ssl.cnf')
self.fail("Expecting OpenSSLConfigError raised for invalid file "
"'ssl.cnf'")
except OpenSSLConfigError:
pass
client.caCertDir = mkPath('/etc/grid-security/certificates')
self.assert_(client.port == 8000)
self.assert_(client.hostname == '127.0.0.1')
self.assert_(client.serverDN == '/O=NDG/OU=BADC/CN=raphael')
self.assert_(client.proxyCertMaxLifetime == 80000)
self.assert_(client.proxyCertLifetime == 70000)
self.assert_(client.openSSLConfFilePath == mkPath('ssl.cnf'))
self.assert_(
client.caCertDir == mkPath('/etc/grid-security/certificates'))
def test02SetProperties(self):
client = MyProxyClient()
try:
client.port = None
self.fail("Expecting AttributeError raised from port set to "
"invalid type")
except TypeError:
pass
client.port = 8000
client.hostname = '127.0.0.1'
client.serverDN = '/O=NDG/OU=BADC/CN=raphael'
client.proxyCertMaxLifetime = 80000
client.proxyCertLifetime = 70000
try:
client.openSSLConfFilePath = mkPath('ssl.cnf')
self.fail("Expecting OpenSSLConfigError raised for invalid file "
"'ssl.cnf'")
except OpenSSLConfigError:
pass
client.caCertDir = mkPath('/etc/grid-security/certificates')
self.assertTrue(client.port == 8000)
self.assertTrue(client.hostname == '127.0.0.1')
self.assertTrue(client.serverDN == '/O=NDG/OU=BADC/CN=raphael')
self.assertTrue(client.proxyCertMaxLifetime == 80000)
self.assertTrue(client.proxyCertLifetime == 70000)
self.assertTrue(client.openSSLConfFilePath == mkPath('ssl.cnf'))
self.assertTrue(
client.caCertDir == mkPath('/etc/grid-security/certificates'))
def test03_ssl_verification(self):
# SSL verification callback
# Ensure no relevant environment variables are set which might affect
# the result
try:
serverDN = os.environ.get(
MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME)
if serverDN is not None:
del os.environ[MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME]
serverName = os.environ.get(
MyProxyClient.MYPROXY_SERVER_ENVVARNAME)
if serverName is not None:
del os.environ[MyProxyClient.MYPROXY_SERVER_ENVVARNAME]
client = MyProxyClient()
connection = None
errorStatus = False
successStatus = True
errorDepth = 0
valid_peer_cert_str = open(self.__class__.HOSTCERT_FILEPATH).read()
valid_peer_cert = crypto.load_certificate(crypto.FILETYPE_PEM,
valid_peer_cert_str)
# This would normally be called implicitly during the SSL handshake
status = client.ssl_verification(connection, valid_peer_cert,
errorStatus, errorDepth,
successStatus)
self.assertTrue(status == successStatus)
expired_peer_cert_str = open(
self.__class__.EXPIREDCERT_FILEPATH).read()
expired_peer_cert = crypto.load_certificate(
crypto.FILETYPE_PEM, expired_peer_cert_str)
# Match based on full DN instead - this takes precedence over
# hostname match
client.serverDN = self.__class__.HOSTCERT_DN
status = client.ssl_verification(connection, valid_peer_cert,
errorStatus, errorDepth,
successStatus)
self.assertTrue(status == successStatus)
# Check for expired certificate
status = client.ssl_verification(connection, expired_peer_cert,
errorStatus, errorDepth,
successStatus)
self.assertTrue(status == errorStatus)
finally:
if serverDN is not None:
os.environ[
MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME] = serverDN
if serverName is not None:
os.environ[
MyProxyClient.MYPROXY_SERVER_ENVVARNAME] = serverName
def test03_ssl_verification(self):
# SSL verification callback
# Ensure no relevant environment variables are set which might affect
# the result
try:
serverDN = os.environ.get(
MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME)
if serverDN is not None:
del os.environ[MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME]
serverName = os.environ.get(MyProxyClient.MYPROXY_SERVER_ENVVARNAME)
if serverName is not None:
del os.environ[MyProxyClient.MYPROXY_SERVER_ENVVARNAME]
client = MyProxyClient()
connection = None
errorStatus = False
successStatus = True
errorDepth = 0
valid_peer_cert_str = open(self.__class__.HOSTCERT_FILEPATH).read()
valid_peer_cert = crypto.load_certificate(crypto.FILETYPE_PEM,
valid_peer_cert_str)
# This would normally be called implicitly during the SSL handshake
status = client.ssl_verification(connection, valid_peer_cert,
errorStatus, errorDepth,
successStatus)
self.assertTrue(status == successStatus)
expired_peer_cert_str = open(
self.__class__.EXPIREDCERT_FILEPATH).read()
expired_peer_cert = crypto.load_certificate(crypto.FILETYPE_PEM,
expired_peer_cert_str)
# Match based on full DN instead - this takes precedence over
# hostname match
client.serverDN = self.__class__.HOSTCERT_DN
status = client.ssl_verification(connection, valid_peer_cert,
errorStatus, errorDepth,
successStatus)
self.assertTrue(status == successStatus)
# Check for expired certificate
status = client.ssl_verification(connection, expired_peer_cert,
errorStatus, errorDepth,
successStatus)
self.assertTrue(status == errorStatus)
finally:
if serverDN is not None:
os.environ[MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME
] = serverDN
if serverName is not None:
os.environ[MyProxyClient.MYPROXY_SERVER_ENVVARNAME
] = serverName
