def test_positive_add_contentguard_to_existing_distribution(self): """Assert adding contentguard to existing distribution works well. 1. Create a distribution without protection 2. Assert content can be downloaded 3. Add contentguard to the distribution 4. Assert content cannot be downloaded without key 5. Assert content can be downloaded with key """ # 1 unprotected distribution distribution = self.client.using_handler(api.task_handler).post( DISTRIBUTION_PATH, gen_distribution(publication=self.publication['_href'])) self.addCleanup(self.client.delete, distribution['_href']) # Pick a filename unit_path = choice(get_file_content_paths(self.repo)) # Download it without certificate download_content_unit(self.cfg, distribution, unit_path) # Update distribution adding the guard distribution = self.client.using_handler(api.task_handler).patch( distribution['_href'], {'content_guard': self.certguard['_href']}) # Cannot download without key with self.assertRaises(HTTPError): download_content_unit(self.cfg, distribution, unit_path) # Try to download it passing the proper SSL-CLIENT-CERTIFICATE download_content_unit( self.cfg, distribution, unit_path, headers={'SSL-CLIENT-CERTIFICATE': self.client_cert})
def test_positive_remove_contentguard(self): """Assert that content can be download without guard if it is removed. 1. Create a protected distribution using the self.contentguard 2. Assert content cannot be downloaded without keys 3. Remove the contentguard 4. Assert content can be downloaded without keys """ # Create a protected distribution distribution = self.client.using_handler(api.task_handler).post( DISTRIBUTION_PATH, gen_distribution(publication=self.publication['_href'], content_guard=self.certguard['_href'])) self.addCleanup(self.client.delete, distribution['_href']) # Pick a filename unit_path = choice(get_file_content_paths(self.repo)) # Try to download it without the SSL-CLIENT-CERTIFICATE with self.assertRaises(HTTPError): download_content_unit(self.cfg, distribution, unit_path) # Update distribution removing the guard distribution = self.client.using_handler(api.task_handler).patch( distribution['_href'], {'content_guard': None}) # Now content can be downloaded download_content_unit(self.cfg, distribution, unit_path)
def test_negative_download_protected_content_without_keys(self): """Assert content protected by cert-guard cannot be downloaded. 1. Create a protected distribution using the self.contentguard. 2. Assert content cannot be downloaded without cert and key. """ # Create a protected distribution distribution = self.client.using_handler(api.task_handler).post( DISTRIBUTION_PATH, gen_distribution(publication=self.publication['_href'], content_guard=self.certguard['_href'])) self.addCleanup(self.client.delete, distribution['_href']) # Pick a filename unit_path = choice(get_file_content_paths(self.repo)) # Try to download it without the SSL-CLIENT-CERTIFICATE with self.assertRaises(HTTPError): download_content_unit(self.cfg, distribution, unit_path)
def test_positive_download_protected_content_with_keys(self): """Assert content protected by cert-guard can be downloaded. 1. Create a protected distribution using the self.contentguard. 2. Assert content can be downloaded using the proper cert and key. """ # Create a protected distribution distribution = self.client.using_handler(api.task_handler).post( DISTRIBUTION_PATH, gen_distribution(publication=self.publication['_href'], content_guard=self.certguard['_href'])) self.addCleanup(self.client.delete, distribution['_href']) # Pick a filename unit_path = choice(get_file_content_paths(self.repo)) # Try to download it passing the proper SSL-CLIENT-CERTIFICATE download_content_unit( self.cfg, distribution, unit_path, headers={'SSL-CLIENT-CERTIFICATE': self.client_cert})