Esempio n. 1
0
 def test_secure_urlopen(self):
     server = TestingServer()
     server.start()
     try:
         kwds = {"timeout": 1}
         # We don't trust the server's certificate, so this fails
         # if we're doing strong validation.
         try:
             with warnings.catch_warnings(record=True) as w:
                 warnings.simplefilter("always")
                 secure_urlopen(server.base_url, **kwds)
         except ConnectionError:
             # This means we have a system ca_certs file.
             # The request is unverified and should therefore fail.
             pass
         else:
             # This means we have no system ca_certs file.
             # We issue a warning and forego verification.
             self.assertEquals(len(w), 1)  # pragma: nocover
         # The certificate doesn't belong to localhost, so this fails.
         kwds["ca_certs"] = server.certfile
         self.assertRaises(ConnectionError, secure_urlopen, server.base_url,
                           **kwds)
         # Set a valid cert for local host, trust it, we succeed.
         server.certfile = _filepath("certs/localhost.crt")
         server.keyfile = _filepath("certs/localhost.key")
         kwds["ca_certs"] = server.certfile
         self.assertEquals(
             secure_urlopen(server.base_url, **kwds).read(), "OK")
     finally:
         server.shutdown()
Esempio n. 2
0
 def test_secure_urlopen(self):
     server = TestingServer()
     server.start()
     try:
         kwds = {"timeout": 1}
         # We don't trust the server's certificate, so this fails
         # if we're doing strong validation.
         try:
             with warnings.catch_warnings(record=True) as w:
                 warnings.simplefilter("always")
                 secure_urlopen(server.base_url, **kwds)
         except ConnectionError:
             # This means we have a system ca_certs file.
             # The request is unverified and should therefore fail.
             pass
         else:
             # This means we have no system ca_certs file.
             # We issue a warning and forego verification.
             self.assertEquals(len(w), 1)  # pragma: nocover
         # The certificate doesn't belong to localhost, so this fails.
         kwds["ca_certs"] = server.certfile
         self.assertRaises(ConnectionError,
                           secure_urlopen, server.base_url, **kwds)
         # Set a valid cert for local host, trust it, we succeed.
         server.certfile = _filepath("certs/localhost.crt")
         server.keyfile = _filepath("certs/localhost.key")
         kwds["ca_certs"] = server.certfile
         self.assertEquals(secure_urlopen(server.base_url, **kwds).read(),
                           "OK")
     finally:
         server.shutdown()
Esempio n. 3
0
 def shutdown(self):
     self.running = False
     try:
         secure_urlopen(self.base_url, timeout=1).read()
     except Exception:
         pass
     self.socket.close()
     self.runthread.join()
     del self.runthread
     del self.base_url
Esempio n. 4
0
 def shutdown(self):
     self.running = False
     try:
         secure_urlopen(self.base_url, timeout=1).read()
     except Exception:
         pass
     self.socket.close()
     self.runthread.join()
     del self.runthread
     del self.base_url
Esempio n. 5
0
    def verify(self, assertion, audience=None):
        """Verify the given VEP assertion.

        This method posts the given VEP assertion to the remove verifier
        service.  If it is successfully verified then a dict giving the
        email and audience is returned.  If it is not valid then an error
        is raised.

        If the 'audience' argument is given, it first verifies that the
        audience of the assertion matches the one given.  This can help
        avoid doing lots of crypto for assertions that can't be valid.
        If you don't specify an audience, you *MUST* validate the audience
        value returned by this method.
        """
        # Read audience from assertion if not specified.
        if audience is None:
            try:
                _, token = unbundle_certs_and_assertion(assertion)
                audience = decode_json_bytes(token.split(".")[1])["aud"]
            except (KeyError, IndexError):
                raise ValueError("Malformed JWT")
        # Encode the data into x-www-form-urlencoded.
        post_data = {"assertion": assertion, "audience": audience}
        post_data = "&".join("%s=%s" % item for item in post_data.items())
        # Post it to the verifier.
        try:
            resp = secure_urlopen(self.verifier_url, post_data)
        except ConnectionError, e:
            # BrowserID server sends "500 server error" for broken assertions.
            # For now, just translate that directly.  Should check by hand.
            if "500" in str(e):
                raise ValueError("Malformed assertion")
            raise
Esempio n. 6
0
 def test_secure_urlopen(self):
     server = TestingServer()
     server.start()
     try:
         kwds = {"timeout": 1}
         # We don't trust the server's certificate, so this fails.
         self.assertRaises(ConnectionError,
                           secure_urlopen, server.base_url, **kwds)
         # The certificate doesn't belong to localhost, so this fails.
         kwds["ca_certs"] = server.certfile
         self.assertRaises(ConnectionError,
                           secure_urlopen, server.base_url, **kwds)
         # Set a valid cert for local host, trust it, we succeed.
         server.certfile = _filepath("certs/localhost.crt")
         server.keyfile = _filepath("certs/localhost.key")
         kwds["ca_certs"] = server.certfile
         self.assertEquals(secure_urlopen(server.base_url, **kwds).read(),
                           "OK")
     finally:
         server.shutdown()
Esempio n. 7
0
 def test_secure_urlopen(self):
     server = TestingServer()
     server.start()
     try:
         kwds = {"timeout": 1}
         # We don't trust the server's certificate, so this fails.
         self.assertRaises(ConnectionError, secure_urlopen, server.base_url,
                           **kwds)
         # The certificate doesn't belong to localhost, so this fails.
         kwds["ca_certs"] = server.certfile
         self.assertRaises(ConnectionError, secure_urlopen, server.base_url,
                           **kwds)
         # Set a valid cert for local host, trust it, we succeed.
         server.certfile = _filepath("certs/localhost.crt")
         server.keyfile = _filepath("certs/localhost.key")
         kwds["ca_certs"] = server.certfile
         self.assertEquals(
             secure_urlopen(server.base_url, **kwds).read(), "OK")
     finally:
         server.shutdown()
Esempio n. 8
0
def urlread(url, data=None):
    """Read the given URL, return response as a string."""
    # Anything that goes wrong inside this function will
    # be re-raised as an instance of ConnectionError.
    try:
        resp = secure_urlopen(url, data)
        try:
            info = resp.info()
        except AttributeError:
            info = {}
        content_length = info.get("Content-Length")
        if content_length is None:
            data = resp.read()
        else:
            try:
                data = resp.read(int(content_length))
            except ValueError:
                raise ConnectionError("server sent invalid content-length")
    except Exception, e:
        raise ConnectionError(str(e))