def setUp(self):
"""
Set up client and server SSL contexts for use later.
"""
self.sKey, self.sCert = makeCertificate(O="Server Test Certificate",
CN="server")
self.cKey, self.cCert = makeCertificate(O="Client Test Certificate",
CN="client")
self.serverSSLContext = CertificateOptions(privateKey=self.sKey,
certificate=self.sCert,
requireCertificate=False)
self.clientSSLContext = CertificateOptions(requireCertificate=False)
def setUp(self):
super(CertsFilesTestCase, self).setUp()
# set up temp dir with no certs
self.no_certs_dir = tempfile.mkdtemp()
# create certs
cert1 = makeCertificate(O="Server Certificate 1", CN="cn1")
cert2 = makeCertificate(O="Server Certificate 2", CN="cn2")
cert3 = makeCertificate(O="Server Certificate 3", CN="cn3")
# set up temp dir with one cert
self.one_cert_dir = tempfile.mkdtemp()
self.cert1 = self._write_pem(cert1, self.one_cert_dir, "cert1.pem")
# set up temp dir with two certs
self.two_certs_dir = tempfile.mkdtemp()
self.cert2 = self._write_pem(cert2, self.two_certs_dir, "cert2.pem")
self.cert3 = self._write_pem(cert3, self.two_certs_dir, "cert3.pem")
def setUp(self):
super(CertsFilesTestCase, self).setUp()
# set up temp dir with no certs
self.no_certs_dir = tempfile.mkdtemp()
# create certs
cert1 = makeCertificate(O="Server Certificate 1", CN="cn1")
cert2 = makeCertificate(O="Server Certificate 2", CN="cn2")
cert3 = makeCertificate(O="Server Certificate 3", CN="cn3")
# set up temp dir with one cert
self.one_cert_dir = tempfile.mkdtemp()
self.cert1 = self._write_pem(cert1, self.one_cert_dir, "cert1.pem")
# set up temp dir with two certs
self.two_certs_dir = tempfile.mkdtemp()
self.cert2 = self._write_pem(cert2, self.two_certs_dir, "cert2.pem")
self.cert3 = self._write_pem(cert3, self.two_certs_dir, "cert3.pem")
def setUp(self):
"""
Set up client and server SSL contexts for use later.
"""
self.sKey, self.sCert = makeCertificate(
O="Server Test Certificate",
CN="server")
self.cKey, self.cCert = makeCertificate(
O="Client Test Certificate",
CN="client")
self.serverSSLContext = CertificateOptions(
privateKey=self.sKey,
certificate=self.sCert,
requireCertificate=False)
self.clientSSLContext = CertificateOptions(
requireCertificate=False)
def test_ssl_hostname_verification(self):
"""
If the endpoint passed to L{BaseQuery} has C{ssl_hostname_verification}
sets to C{True}, a L{VerifyingContextFactory} is passed to
C{connectSSL}.
"""
agent_creations = []
@implementer(IAgent)
class FakeAgent(object):
def __init__(self,
reactor,
contextFactory,
connectTimeout=None,
bindAddress=None,
pool=None):
agent_creations.append((reactor, contextFactory,
connectTimeout, bindAddress, pool))
def request(self, method, uri, headers=None, bodyProducer=None):
return Deferred()
verifyClass(IAgent, FakeAgent)
certs = [makeCertificate(O="Test Certificate", CN="something")[1]]
self.patch(base, "Agent", FakeAgent)
self.patch(ssl, "_ca_certs", certs)
endpoint = AWSServiceEndpoint(ssl_hostname_verification=True)
query = BaseQuery("an action", "creds", endpoint, reactor="ignored")
query.get_page("https://example.com/file")
self.assertEqual(len(agent_creations), 1)
[(_, contextFactory, _, _, _)] = agent_creations
self.assertIsInstance(contextFactory, ssl.VerifyingContextFactory)
def test_ssl_hostname_verification(self):
"""
If the endpoint passed to L{BaseQuery} has C{ssl_hostname_verification}
sets to C{True}, a L{VerifyingContextFactory} is passed to
C{connectSSL}.
"""
class FakeReactor(object):
def __init__(self):
self.connects = []
def connectSSL(self, host, port, client, factory):
self.connects.append((host, port, client, factory))
certs = makeCertificate(O="Test Certificate", CN="something")[1]
self.patch(ssl, "_ca_certs", certs)
fake_reactor = FakeReactor()
endpoint = AWSServiceEndpoint(ssl_hostname_verification=True)
query = BaseQuery("an action", "creds", endpoint, fake_reactor)
query.get_page("https://example.com/file")
[(host, port, client, factory)] = fake_reactor.connects
self.assertEqual("example.com", host)
self.assertEqual(443, port)
self.assertTrue(isinstance(factory, ssl.VerifyingContextFactory))
self.assertEqual("example.com", factory.host)
self.assertNotEqual([], factory.caCerts)
def test_ssl_hostname_verification(self):
"""
If the endpoint passed to L{BaseQuery} has C{ssl_hostname_verification}
sets to C{True}, a L{VerifyingContextFactory} is passed to
C{connectSSL}.
"""
agent_creations = []
@implementer(IAgent)
class FakeAgent(object):
def __init__(self, reactor, contextFactory,
connectTimeout=None, bindAddress=None, pool=None):
agent_creations.append((reactor, contextFactory,
connectTimeout, bindAddress, pool))
def request(self, method, uri, headers=None, bodyProducer=None):
return Deferred()
verifyClass(IAgent, FakeAgent)
certs = [makeCertificate(O="Test Certificate", CN="something")[1]]
self.patch(base, "Agent", FakeAgent)
self.patch(ssl, "_ca_certs", certs)
endpoint = AWSServiceEndpoint(ssl_hostname_verification=True)
query = BaseQuery("an action", "creds", endpoint, reactor="ignored")
query.get_page("https://example.com/file")
self.assertEqual(len(agent_creations), 1)
[(_, contextFactory, _, _, _)] = agent_creations
self.assertIsInstance(contextFactory, ssl.VerifyingContextFactory)
