def test02SetProperties(self): client = MyProxyClient() try: client.port = None self.fail("Expecting AttributeError raised from port set to " "invalid type") except TypeError: pass client.port = 8000 client.hostname = '127.0.0.1' client.serverDN = '/O=NDG/OU=BADC/CN=raphael' client.proxyCertMaxLifetime = 80000 client.proxyCertLifetime = 70000 try: client.openSSLConfFilePath = mkPath('ssl.cnf') self.fail("Expecting OpenSSLConfigError raised for invalid file " "'ssl.cnf'") except OpenSSLConfigError: pass client.caCertDir = mkPath('/etc/grid-security/certificates') self.assert_(client.port == 8000) self.assert_(client.hostname == '127.0.0.1') self.assert_(client.serverDN == '/O=NDG/OU=BADC/CN=raphael') self.assert_(client.proxyCertMaxLifetime == 80000) self.assert_(client.proxyCertLifetime == 70000) self.assert_(client.openSSLConfFilePath == mkPath('ssl.cnf')) self.assert_( client.caCertDir == mkPath('/etc/grid-security/certificates'))
def test02SetProperties(self): client = MyProxyClient() try: client.port = None self.fail("Expecting AttributeError raised from port set to " "invalid type") except TypeError: pass client.port = 8000 client.hostname = '127.0.0.1' client.serverDN = '/O=NDG/OU=BADC/CN=raphael' client.proxyCertMaxLifetime = 80000 client.proxyCertLifetime = 70000 try: client.openSSLConfFilePath = mkPath('ssl.cnf') self.fail("Expecting OpenSSLConfigError raised for invalid file " "'ssl.cnf'") except OpenSSLConfigError: pass client.caCertDir = mkPath('/etc/grid-security/certificates') self.assertTrue(client.port == 8000) self.assertTrue(client.hostname == '127.0.0.1') self.assertTrue(client.serverDN == '/O=NDG/OU=BADC/CN=raphael') self.assertTrue(client.proxyCertMaxLifetime == 80000) self.assertTrue(client.proxyCertLifetime == 70000) self.assertTrue(client.openSSLConfFilePath == mkPath('ssl.cnf')) self.assertTrue( client.caCertDir == mkPath('/etc/grid-security/certificates'))
def test03_ssl_verification(self): # SSL verification callback # Ensure no relevant environment variables are set which might affect # the result try: serverDN = os.environ.get( MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME) if serverDN is not None: del os.environ[MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME] serverName = os.environ.get( MyProxyClient.MYPROXY_SERVER_ENVVARNAME) if serverName is not None: del os.environ[MyProxyClient.MYPROXY_SERVER_ENVVARNAME] client = MyProxyClient() connection = None errorStatus = False successStatus = True errorDepth = 0 valid_peer_cert_str = open(self.__class__.HOSTCERT_FILEPATH).read() valid_peer_cert = crypto.load_certificate(crypto.FILETYPE_PEM, valid_peer_cert_str) # This would normally be called implicitly during the SSL handshake status = client.ssl_verification(connection, valid_peer_cert, errorStatus, errorDepth, successStatus) self.assertTrue(status == successStatus) expired_peer_cert_str = open( self.__class__.EXPIREDCERT_FILEPATH).read() expired_peer_cert = crypto.load_certificate( crypto.FILETYPE_PEM, expired_peer_cert_str) # Match based on full DN instead - this takes precedence over # hostname match client.serverDN = self.__class__.HOSTCERT_DN status = client.ssl_verification(connection, valid_peer_cert, errorStatus, errorDepth, successStatus) self.assertTrue(status == successStatus) # Check for expired certificate status = client.ssl_verification(connection, expired_peer_cert, errorStatus, errorDepth, successStatus) self.assertTrue(status == errorStatus) finally: if serverDN is not None: os.environ[ MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME] = serverDN if serverName is not None: os.environ[ MyProxyClient.MYPROXY_SERVER_ENVVARNAME] = serverName
def test03_ssl_verification(self): # SSL verification callback # Ensure no relevant environment variables are set which might affect # the result try: serverDN = os.environ.get( MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME) if serverDN is not None: del os.environ[MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME] serverName = os.environ.get(MyProxyClient.MYPROXY_SERVER_ENVVARNAME) if serverName is not None: del os.environ[MyProxyClient.MYPROXY_SERVER_ENVVARNAME] client = MyProxyClient() connection = None errorStatus = False successStatus = True errorDepth = 0 valid_peer_cert_str = open(self.__class__.HOSTCERT_FILEPATH).read() valid_peer_cert = crypto.load_certificate(crypto.FILETYPE_PEM, valid_peer_cert_str) # This would normally be called implicitly during the SSL handshake status = client.ssl_verification(connection, valid_peer_cert, errorStatus, errorDepth, successStatus) self.assertTrue(status == successStatus) expired_peer_cert_str = open( self.__class__.EXPIREDCERT_FILEPATH).read() expired_peer_cert = crypto.load_certificate(crypto.FILETYPE_PEM, expired_peer_cert_str) # Match based on full DN instead - this takes precedence over # hostname match client.serverDN = self.__class__.HOSTCERT_DN status = client.ssl_verification(connection, valid_peer_cert, errorStatus, errorDepth, successStatus) self.assertTrue(status == successStatus) # Check for expired certificate status = client.ssl_verification(connection, expired_peer_cert, errorStatus, errorDepth, successStatus) self.assertTrue(status == errorStatus) finally: if serverDN is not None: os.environ[MyProxyClient.MYPROXY_SERVER_DN_ENVVARNAME ] = serverDN if serverName is not None: os.environ[MyProxyClient.MYPROXY_SERVER_ENVVARNAME ] = serverName