def test_positive_add_contentguard_to_existing_distribution(self):
"""Assert adding contentguard to existing distribution works well.
1. Create a distribution without protection
2. Assert content can be downloaded
3. Add contentguard to the distribution
4. Assert content cannot be downloaded without key
5. Assert content can be downloaded with key
"""
# 1 unprotected distribution
distribution = self.client.using_handler(api.task_handler).post(
DISTRIBUTION_PATH,
gen_distribution(publication=self.publication['_href']))
self.addCleanup(self.client.delete, distribution['_href'])
# Pick a filename
unit_path = choice(get_file_content_paths(self.repo))
# Download it without certificate
download_content_unit(self.cfg, distribution, unit_path)
# Update distribution adding the guard
distribution = self.client.using_handler(api.task_handler).patch(
distribution['_href'], {'content_guard': self.certguard['_href']})
# Cannot download without key
with self.assertRaises(HTTPError):
download_content_unit(self.cfg, distribution, unit_path)
# Try to download it passing the proper SSL-CLIENT-CERTIFICATE
download_content_unit(
self.cfg,
distribution,
unit_path,
headers={'SSL-CLIENT-CERTIFICATE': self.client_cert})
def test_positive_remove_contentguard(self):
"""Assert that content can be download without guard if it is removed.
1. Create a protected distribution using the self.contentguard
2. Assert content cannot be downloaded without keys
3. Remove the contentguard
4. Assert content can be downloaded without keys
"""
# Create a protected distribution
distribution = self.client.using_handler(api.task_handler).post(
DISTRIBUTION_PATH,
gen_distribution(publication=self.publication['_href'],
content_guard=self.certguard['_href']))
self.addCleanup(self.client.delete, distribution['_href'])
# Pick a filename
unit_path = choice(get_file_content_paths(self.repo))
# Try to download it without the SSL-CLIENT-CERTIFICATE
with self.assertRaises(HTTPError):
download_content_unit(self.cfg, distribution, unit_path)
# Update distribution removing the guard
distribution = self.client.using_handler(api.task_handler).patch(
distribution['_href'], {'content_guard': None})
# Now content can be downloaded
download_content_unit(self.cfg, distribution, unit_path)
def test_negative_download_protected_content_without_keys(self):
"""Assert content protected by cert-guard cannot be downloaded.
1. Create a protected distribution using the self.contentguard.
2. Assert content cannot be downloaded without cert and key.
"""
# Create a protected distribution
distribution = self.client.using_handler(api.task_handler).post(
DISTRIBUTION_PATH,
gen_distribution(publication=self.publication['_href'],
content_guard=self.certguard['_href']))
self.addCleanup(self.client.delete, distribution['_href'])
# Pick a filename
unit_path = choice(get_file_content_paths(self.repo))
# Try to download it without the SSL-CLIENT-CERTIFICATE
with self.assertRaises(HTTPError):
download_content_unit(self.cfg, distribution, unit_path)
def test_positive_download_protected_content_with_keys(self):
"""Assert content protected by cert-guard can be downloaded.
1. Create a protected distribution using the self.contentguard.
2. Assert content can be downloaded using the proper cert and key.
"""
# Create a protected distribution
distribution = self.client.using_handler(api.task_handler).post(
DISTRIBUTION_PATH,
gen_distribution(publication=self.publication['_href'],
content_guard=self.certguard['_href']))
self.addCleanup(self.client.delete, distribution['_href'])
# Pick a filename
unit_path = choice(get_file_content_paths(self.repo))
# Try to download it passing the proper SSL-CLIENT-CERTIFICATE
download_content_unit(
self.cfg,
distribution,
unit_path,
headers={'SSL-CLIENT-CERTIFICATE': self.client_cert})
