class CertValidationTest(unittest.TestCase): def setUp(self): self.config = Config() # Enable https_validate_certificates. self.config.add_section('Boto') self.config.setbool('Boto', 'https_validate_certificates', True) # Set up bogus credentials so that the auth module is willing to go # ahead and make a request; the request should fail with a service-level # error if it does get to the service (S3 or GS). self.config.add_section('Credentials') self.config.set('Credentials', 'gs_access_key_id', 'xyz') self.config.set('Credentials', 'gs_secret_access_key', 'xyz') self.config.set('Credentials', 'aws_access_key_id', 'xyz') self.config.set('Credentials', 'aws_secret_access_key', 'xyz') self._config_patch = mock.patch('boto.config', self.config) self._config_patch.start() def tearDown(self): self._config_patch.stop() def enableProxy(self): self.config.set('Boto', 'proxy', PROXY_HOST) self.config.set('Boto', 'proxy_port', PROXY_PORT) def assertConnectionThrows(self, connection_class, error): conn = connection_class('fake_id', 'fake_secret') self.assertRaises(error, conn.get_all_buckets) def do_test_valid_cert(self): # When connecting to actual servers with bundled root certificates, no # cert errors should be thrown; instead we will get "invalid # credentials" errors since the config used does not contain any # credentials. self.assertConnectionThrows(S3Connection, exception.S3ResponseError) self.assertConnectionThrows(GSConnection, exception.GSResponseError) def test_valid_cert(self): self.do_test_valid_cert() def test_valid_cert_with_proxy(self): self.enableProxy() self.do_test_valid_cert() def do_test_invalid_signature(self): self.config.set('Boto', 'ca_certificates_file', DEFAULT_CA_CERTS_FILE) self.assertConnectionThrows(S3Connection, ssl.SSLError) self.assertConnectionThrows(GSConnection, ssl.SSLError) def test_invalid_signature(self): self.do_test_invalid_signature() def test_invalid_signature_with_proxy(self): self.enableProxy() self.do_test_invalid_signature() def do_test_invalid_host(self): self.config.set('Credentials', 'gs_host', INVALID_HOSTNAME_HOST) self.config.set('Credentials', 's3_host', INVALID_HOSTNAME_HOST) self.assertConnectionThrows(S3Connection, ssl.SSLError) self.assertConnectionThrows(GSConnection, ssl.SSLError) def do_test_invalid_host(self): self.config.set('Credentials', 'gs_host', INVALID_HOSTNAME_HOST) self.config.set('Credentials', 's3_host', INVALID_HOSTNAME_HOST) self.assertConnectionThrows( S3Connection, https_connection.InvalidCertificateException) self.assertConnectionThrows( GSConnection, https_connection.InvalidCertificateException) def test_invalid_host(self): self.do_test_invalid_host() def test_invalid_host_with_proxy(self): self.enableProxy() self.do_test_invalid_host()