def test_custom_certificates(self): # Upload a certificate. cert_contents, _ = generate_test_cert(hostname="somecoolhost", san_list=["DNS:bar", "DNS:baz"]) self.postResponse( SuperUserCustomCertificate, params=dict(certpath="testcert.crt"), file=(StringIO(cert_contents), "testcert.crt"), expected_code=204, ) # Make sure it is present. json = self.getJsonResponse(SuperUserCustomCertificates) self.assertEqual(1, len(json["certs"])) cert_info = json["certs"][0] self.assertEqual("testcert.crt", cert_info["path"]) self.assertEqual(set(["somecoolhost", "bar", "baz"]), set(cert_info["names"])) self.assertFalse(cert_info["expired"]) # Remove the certificate. self.deleteResponse(SuperUserCustomCertificate, params=dict(certpath="testcert.crt")) # Make sure it is gone. json = self.getJsonResponse(SuperUserCustomCertificates) self.assertEqual(0, len(json["certs"]))
def test_path_sanitization(self): # Upload a certificate. cert_contents, _ = generate_test_cert(hostname='somecoolhost', expires=-10) self.postResponse(SuperUserCustomCertificate, params=dict(certpath='testcert/../foobar.crt'), file=(StringIO(cert_contents), 'testcert/../foobar.crt'), expected_code=204) # Make sure it is present. json = self.getJsonResponse(SuperUserCustomCertificates) self.assertEquals(1, len(json['certs'])) cert_info = json['certs'][0] self.assertEquals('foobar.crt', cert_info['path'])
def test_path_sanitization(self): # Upload a certificate. cert_contents, _ = generate_test_cert(hostname="somecoolhost", expires=-10) self.postResponse( SuperUserCustomCertificate, params=dict(certpath="testcert/../foobar.crt"), file=(StringIO(cert_contents), "testcert/../foobar.crt"), expected_code=204, ) # Make sure it is present. json = self.getJsonResponse(SuperUserCustomCertificates) self.assertEqual(1, len(json["certs"])) cert_info = json["certs"][0] self.assertEqual("foobar.crt", cert_info["path"])
def test_expired_custom_certificate(self): # Upload a certificate. cert_contents, _ = generate_test_cert(hostname="somecoolhost", expires=-10) self.postResponse( SuperUserCustomCertificate, params=dict(certpath="testcert.crt"), file=(StringIO(cert_contents), "testcert.crt"), expected_code=204, ) # Make sure it is present. json = self.getJsonResponse(SuperUserCustomCertificates) self.assertEquals(1, len(json["certs"])) cert_info = json["certs"][0] self.assertEquals("testcert.crt", cert_info["path"]) self.assertEquals(set(["somecoolhost"]), set(cert_info["names"])) self.assertTrue(cert_info["expired"])
def test_custom_certificates(self): # Upload a certificate. cert_contents, _ = generate_test_cert(hostname='somecoolhost', san_list=['DNS:bar', 'DNS:baz']) self.postResponse(SuperUserCustomCertificate, params=dict(certpath='testcert.crt'), file=(StringIO(cert_contents), 'testcert.crt'), expected_code=204) # Make sure it is present. json = self.getJsonResponse(SuperUserCustomCertificates) self.assertEquals(1, len(json['certs'])) cert_info = json['certs'][0] self.assertEquals('testcert.crt', cert_info['path']) self.assertEquals(set(['somecoolhost', 'bar', 'baz']), set(cert_info['names'])) self.assertFalse(cert_info['expired']) # Remove the certificate. self.deleteResponse(SuperUserCustomCertificate, params=dict(certpath='testcert.crt')) # Make sure it is gone. json = self.getJsonResponse(SuperUserCustomCertificates) self.assertEquals(0, len(json['certs']))
) def test_skip_validate_ssl(unvalidated_config, app): validator = SSLValidator() validator.validate(ValidatorContext(unvalidated_config)) @pytest.mark.parametrize( "cert, server_hostname, expected_error, error_message", [ ( ("invalidcert", "invalidkey"), "someserver", ConfigValidationException, "Could not load SSL certificate: no start line", ), (generate_test_cert(hostname="someserver"), "someserver", None, None), ( generate_test_cert(hostname="invalidserver"), "someserver", ConfigValidationException, 'Supported names "invalidserver" in SSL cert do not match server hostname "someserver"', ), (generate_test_cert(hostname="someserver"), "someserver:1234", None, None), ( generate_test_cert(hostname="invalidserver"), "someserver:1234", ConfigValidationException, 'Supported names "invalidserver" in SSL cert do not match server hostname "someserver"', ), (
from test.fixtures import * from app import config_provider @pytest.mark.parametrize('unvalidated_config', [ ({}), ({'PREFERRED_URL_SCHEME': 'http'}), ({'PREFERRED_URL_SCHEME': 'https', 'EXTERNAL_TLS_TERMINATION': True}), ]) def test_skip_validate_ssl(unvalidated_config, app): validator = SSLValidator() validator.validate(ValidatorContext(unvalidated_config)) @pytest.mark.parametrize('cert, server_hostname, expected_error, error_message', [ ('invalidcert', 'someserver', ConfigValidationException, 'Could not load SSL certificate: no start line'), (generate_test_cert(hostname='someserver'), 'someserver', None, None), (generate_test_cert(hostname='invalidserver'), 'someserver', ConfigValidationException, 'Supported names "invalidserver" in SSL cert do not match server hostname "someserver"'), (generate_test_cert(hostname='someserver'), 'someserver:1234', None, None), (generate_test_cert(hostname='invalidserver'), 'someserver:1234', ConfigValidationException, 'Supported names "invalidserver" in SSL cert do not match server hostname "someserver"'), (generate_test_cert(hostname='someserver:1234'), 'someserver:1234', ConfigValidationException, 'Supported names "someserver:1234" in SSL cert do not match server hostname "someserver"'), (generate_test_cert(hostname='someserver:more'), 'someserver:more', None, None), (generate_test_cert(hostname='someserver:more'), 'someserver:more:1234', None, None), ]) def test_validate_ssl(cert, server_hostname, expected_error, error_message, app): with NamedTemporaryFile(delete=False) as cert_file: cert_file.write(cert[0]) cert_file.seek(0)