def test_request_verify_ssl_false(self, set_verify, load_verify_locations, request, getresponse): """ Test the request() method when the connection's verify_ssl setting is False. """ conn = server.PulpConnection('host', verify_ssl=False) wrapper = server.HTTPSServerWrapper(conn) class FakeResponse(object): """ This class is used to fake the response from httpslib. """ def read(self): return '{}' status = 200 getresponse.return_value = FakeResponse() status, body = wrapper.request('GET', '/awesome/api/', '') self.assertEqual(status, 200) self.assertEqual(body, {}) # These should not have been called self.assertEqual(set_verify.call_count, 0) self.assertEqual(load_verify_locations.call_count, 0)
def test_request_with_ca_path_to_file(self, set_verify, load_verify_locations, request, getresponse, isfile): """ Test the request() method when the connection's ca_path setting points to a file. """ ca_path = '/path/to/an/existing.file' conn = server.PulpConnection('host', verify_ssl=True, ca_path=ca_path) wrapper = server.HTTPSServerWrapper(conn) class FakeResponse(object): """ This class is used to fake the response from httpslib. """ def read(self): return '{"it": "worked!"}' status = 200 getresponse.return_value = FakeResponse() status, body = wrapper.request('GET', '/awesome/api/', '') self.assertEqual(status, 200) self.assertEqual(body, {'it': 'worked!'}) # Make sure the SSL settings are correct set_verify.assert_called_once_with(SSL.verify_peer, depth=100) load_verify_locations.assert_called_once_with(cafile=ca_path)
def test_request_handles_untrusted_server_cert(self, request): """ Test the request() method when the server is using a certificate that is not signed by a trusted certificate authority. """ conn = server.PulpConnection('host') wrapper = server.HTTPSServerWrapper(conn) # Let's raise the SSLError with the right string to count as a certificate problem request.side_effect = SSL.SSLError('oh nos certificate verify failed can you believe it?') self.assertRaises(exceptions.CertificateVerificationException, wrapper.request, 'GET', '/awesome/api/', '')
def test_request_with_ca_cant_read(self, set_verify, load_verify_locations): """ Test the request() method when the connection's ca_path setting points to a path that isn't a directory or a file. """ ca_path = '/does/not/exist/' conn = server.PulpConnection('host', ca_path=ca_path) wrapper = server.HTTPSServerWrapper(conn) try: wrapper.request('GET', '/awesome/api/', '') self.fail('An exception should have been raised, and it was not.') except exceptions.MissingCAPathException as e: self.assertEqual(e.args[0], ca_path) except Exception: self.fail('The wrong exception type was raised!')
def test_request_refuses_ssl(self, set_options, Context, request, getresponse): """ Assert that request() configures m2crypto to refuse to do SSLv2.0 and SSLv3.0. https://bugzilla.redhat.com/show_bug.cgi?id=1153054 """ conn = server.PulpConnection('host', verify_ssl=False) wrapper = server.HTTPSServerWrapper(conn) status, body = wrapper.request('GET', '/awesome/api/', '') ssl_context = Context.mock_calls[0][1][0] # Don't let the name of this argument scare you. Despite it's misleading name, this means # that we are willing to do any protocol supported by the openssl installation on this box. Context.assert_called_once_with(ssl_context, 'sslv23') # set_options gets called twice. The Context.__init__ calls it with defaults, and then we # call it again to tell it to not do SSLv2 or SSLv3. self.assertEqual(set_options.call_count, 2) self.assertEqual(set_options.mock_calls[1][1], (ssl_context, m2.SSL_OP_NO_SSLv2 | m2.SSL_OP_NO_SSLv3))