def test_request_verify_ssl_false(self, set_verify, load_verify_locations, request,
getresponse):
"""
Test the request() method when the connection's verify_ssl setting is False.
"""
conn = server.PulpConnection('host', verify_ssl=False)
wrapper = server.HTTPSServerWrapper(conn)
class FakeResponse(object):
"""
This class is used to fake the response from httpslib.
"""
def read(self):
return '{}'
status = 200
getresponse.return_value = FakeResponse()
status, body = wrapper.request('GET', '/awesome/api/', '')
self.assertEqual(status, 200)
self.assertEqual(body, {})
# These should not have been called
self.assertEqual(set_verify.call_count, 0)
self.assertEqual(load_verify_locations.call_count, 0)
def test___init___verify_ssl_true(self):
"""
Test __init__() with validate_ssl set to True.
"""
connection = server.PulpConnection('host', verify_ssl=True)
self.assertEqual(connection.verify_ssl, True)
def test_request_with_ca_path_to_file(self, set_verify, load_verify_locations, request,
getresponse, isfile):
"""
Test the request() method when the connection's ca_path setting points to a file.
"""
ca_path = '/path/to/an/existing.file'
conn = server.PulpConnection('host', verify_ssl=True, ca_path=ca_path)
wrapper = server.HTTPSServerWrapper(conn)
class FakeResponse(object):
"""
This class is used to fake the response from httpslib.
"""
def read(self):
return '{"it": "worked!"}'
status = 200
getresponse.return_value = FakeResponse()
status, body = wrapper.request('GET', '/awesome/api/', '')
self.assertEqual(status, 200)
self.assertEqual(body, {'it': 'worked!'})
# Make sure the SSL settings are correct
set_verify.assert_called_once_with(SSL.verify_peer, depth=100)
load_verify_locations.assert_called_once_with(cafile=ca_path)
def test___init___ca_path_set(self):
"""
Test __init__() with the ca_path argument explicitly set.
"""
ca_path = '/some/path'
connection = server.PulpConnection('host', ca_path=ca_path)
self.assertEqual(connection.ca_path, ca_path)
def test___init___proxy_set(self):
"""
Test __init__() with the proxy_host & proxy_port arguments explicitly set.
"""
proxy_host = 'proxy'
proxy_port = 3128
connection = server.PulpConnection('host', proxy_host=proxy_host,
proxy_port=proxy_port)
self.assertEqual(connection.proxy_host, proxy_host)
def test_request_handles_untrusted_server_cert(self, request):
"""
Test the request() method when the server is using a certificate that is not signed by a
trusted certificate authority.
"""
conn = server.PulpConnection('host')
wrapper = server.HTTPSServerWrapper(conn)
# Let's raise the SSLError with the right string to count as a certificate problem
request.side_effect = SSL.SSLError('oh nos certificate verify failed can you believe it?')
self.assertRaises(exceptions.CertificateVerificationException, wrapper.request, 'GET',
'/awesome/api/', '')
def test_request_with_ca_cant_read(self, set_verify, load_verify_locations):
"""
Test the request() method when the connection's ca_path setting points to a path that isn't
a directory or a file.
"""
ca_path = '/does/not/exist/'
conn = server.PulpConnection('host', ca_path=ca_path)
wrapper = server.HTTPSServerWrapper(conn)
try:
wrapper.request('GET', '/awesome/api/', '')
self.fail('An exception should have been raised, and it was not.')
except exceptions.MissingCAPathException as e:
self.assertEqual(e.args[0], ca_path)
except Exception:
self.fail('The wrong exception type was raised!')
def test___init___defaults(self):
"""
Test __init__() with default parameters.
"""
host = 'host'
connection = server.PulpConnection(host)
self.assertEqual(connection.host, host)
self.assertEqual(connection.port, 443)
self.assertEqual(connection.path_prefix, '/pulp/api')
self.assertEqual(connection.timeout, 120)
self.assertTrue(isinstance(connection.log, logging.Logger))
self.assertEqual(connection.log.name, 'pulp.bindings.server')
self.assertEqual(connection.api_responses_logger, None)
self.assertEqual(connection.username, None)
self.assertEqual(connection.password, None)
self.assertEqual(connection.cert_filename, None)
self.assertEqual(connection.oauth_key, None)
self.assertEqual(connection.oauth_secret, None)
self.assertEqual(connection.oauth_user, 'admin')
# Make sure the headers are right
expected_locale = locale.getdefaultlocale()[0]
if expected_locale:
expected_locale = expected_locale.lower().replace('_', '-')
else:
expected_locale = 'en-us'
expected_headers = {
'Accept': 'application/json',
'Accept-Language': expected_locale,
'Content-Type': 'application/json'
}
self.assertEqual(connection.headers, expected_headers)
self.assertTrue(
isinstance(connection.server_wrapper, server.HTTPSServerWrapper))
self.assertEqual(connection.server_wrapper.pulp_connection, connection)
self.assertEqual(connection.verify_ssl, True)
self.assertEqual(connection.ca_path, server.DEFAULT_CA_PATH)
# 1142376 - verify default path points to a known valid file
self.assertEqual(server.DEFAULT_CA_PATH,
'/etc/pki/tls/certs/ca-bundle.crt')
def test_request_refuses_ssl(self, set_options, Context, request, getresponse):
"""
Assert that request() configures m2crypto to refuse to do SSLv2.0 and SSLv3.0.
https://bugzilla.redhat.com/show_bug.cgi?id=1153054
"""
conn = server.PulpConnection('host', verify_ssl=False)
wrapper = server.HTTPSServerWrapper(conn)
status, body = wrapper.request('GET', '/awesome/api/', '')
ssl_context = Context.mock_calls[0][1][0]
# Don't let the name of this argument scare you. Despite it's misleading name, this means
# that we are willing to do any protocol supported by the openssl installation on this box.
Context.assert_called_once_with(ssl_context, 'sslv23')
# set_options gets called twice. The Context.__init__ calls it with defaults, and then we
# call it again to tell it to not do SSLv2 or SSLv3.
self.assertEqual(set_options.call_count, 2)
self.assertEqual(set_options.mock_calls[1][1],
(ssl_context, m2.SSL_OP_NO_SSLv2 | m2.SSL_OP_NO_SSLv3))
