/brz/remove-bazaar

To get this branch, use:
bzr branch http://gegoxaren.bato24.eu/bzr/brz/remove-bazaar

« back to all changes in this revision

Viewing changes to breezy/tests/test_https_urllib.py

  • Committer: John Arbash Meinel
  • Date: 2006-04-25 15:05:42 UTC
  • mfrom: (1185.85.85 bzr-encoding)
  • mto: This revision was merged to the branch mainline in revision 1752.
  • Revision ID: john@arbash-meinel.com-20060425150542-c7b518dca9928691
[merge] the old bzr-encoding changes, reparenting them on bzr.dev

Show diffs side-by-side

added added

removed removed

Lines of Context:
breezy/tests/test_https_urllib.py
1
 
# Copyright (C) 2011, 2012, 2013, 2016 Canonical Ltd
2
 
#
3
 
# This program is free software; you can redistribute it and/or modify
4
 
# it under the terms of the GNU General Public License as published by
5
 
# the Free Software Foundation; either version 2 of the License, or
6
 
# (at your option) any later version.
7
 
#
8
 
# This program is distributed in the hope that it will be useful,
9
 
# but WITHOUT ANY WARRANTY; without even the implied warranty of
10
 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11
 
# GNU General Public License for more details.
12
 
#
13
 
# You should have received a copy of the GNU General Public License
14
 
# along with this program; if not, write to the Free Software
15
 
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
16
 
 
17
 
"""Tests for the SSL support in the urllib HTTP transport.
18
 
 
19
 
"""
20
 
 
21
 
import os
22
 
import sys
23
 
 
24
 
from .. import (
25
 
    config,
26
 
    trace,
27
 
)
28
 
from .. import tests
29
 
from ..transport.http import ssl, opt_ssl_ca_certs
30
 
 
31
 
 
32
 
class CaCertsConfigTests(tests.TestCaseInTempDir):
33
 
 
34
 
    def get_stack(self, content):
35
 
        return config.MemoryStack(content.encode('utf-8'))
36
 
 
37
 
    def test_default_exists(self):
38
 
        """Check that the default we provide exists for the tested platform."""
39
 
        stack = self.get_stack("")
40
 
        self.assertPathExists(stack.get('ssl.ca_certs'))
41
 
 
42
 
    def test_specified(self):
43
 
        self.build_tree(['cacerts.pem'])
44
 
        path = os.path.join(self.test_dir, "cacerts.pem")
45
 
        stack = self.get_stack("ssl.ca_certs = %s\n" % path)
46
 
        self.assertEqual(path, stack.get('ssl.ca_certs'))
47
 
 
48
 
    def test_specified_doesnt_exist(self):
49
 
        stack = self.get_stack('')
50
 
        # Disable the default value mechanism to force the behavior we want
51
 
        self.overrideAttr(opt_ssl_ca_certs, 'default',
52
 
                          os.path.join(self.test_dir, u"nonexisting.pem"))
53
 
        self.warnings = []
54
 
 
55
 
        def warning(*args):
56
 
            self.warnings.append(args[0] % args[1:])
57
 
        self.overrideAttr(trace, 'warning', warning)
58
 
        self.assertEqual(None, stack.get('ssl.ca_certs'))
59
 
        self.assertLength(1, self.warnings)
60
 
        self.assertContainsRe(self.warnings[0],
61
 
                              "is not valid for \"ssl.ca_certs\"")
62
 
 
63
 
 
64
 
class CertReqsConfigTests(tests.TestCaseInTempDir):
65
 
 
66
 
    def test_default(self):
67
 
        stack = config.MemoryStack(b"")
68
 
        self.assertEqual(ssl.CERT_REQUIRED, stack.get("ssl.cert_reqs"))
69
 
 
70
 
    def test_from_string(self):
71
 
        stack = config.MemoryStack(b"ssl.cert_reqs = none\n")
72
 
        self.assertEqual(ssl.CERT_NONE, stack.get("ssl.cert_reqs"))
73
 
        stack = config.MemoryStack(b"ssl.cert_reqs = required\n")
74
 
        self.assertEqual(ssl.CERT_REQUIRED, stack.get("ssl.cert_reqs"))
75
 
        stack = config.MemoryStack(b"ssl.cert_reqs = invalid\n")
76
 
        self.assertRaises(config.ConfigOptionValueError, stack.get,
77
 
                          "ssl.cert_reqs")
78
 
 
79
 
 
80
 
class MatchHostnameTests(tests.TestCase):
81
 
 
82
 
    def setUp(self):
83
 
        super(MatchHostnameTests, self).setUp()
84
 
        if sys.version_info < (2, 7, 9):
85
 
            raise tests.TestSkipped(
86
 
                'python version too old to provide proper'
87
 
                ' https hostname verification')
88
 
 
89
 
    def test_no_certificate(self):
90
 
        self.assertRaises(ValueError,
91
 
                          ssl.match_hostname, {}, "example.com")
92
 
 
93
 
    def test_wildcards_in_cert(self):
94
 
        def ok(cert, hostname):
95
 
            ssl.match_hostname(cert, hostname)
96
 
 
97
 
        def not_ok(cert, hostname):
98
 
            self.assertRaises(
99
 
                ssl.CertificateError,
100
 
                ssl.match_hostname, cert, hostname)
101
 
 
102
 
        # Python Issue #17980: avoid denials of service by refusing more than
103
 
        # one wildcard per fragment.
104
 
        if sys.version_info[:2] >= (3, 7):
105
 
            # Python 3.7 dropped support for partial wildcards, see
106
 
            # https://docs.python.org/3/whatsnew/3.7.html#ssl
107
 
            not_ok({'subject': ((('commonName', 'a*b.com'),),)}, 'axxb.com')
108
 
        else:
109
 
            ok({'subject': ((('commonName', 'a*b.com'),),)}, 'axxb.com')
110
 
        not_ok({'subject': ((('commonName', 'a*b.co*'),),)}, 'axxb.com')
111
 
        not_ok({'subject': ((('commonName', 'a*b*.com'),),)}, 'axxbxxc.com')
112
 
 
113
 
    def test_no_valid_attributes(self):
114
 
        self.assertRaises(ssl.CertificateError, ssl.match_hostname,
115
 
                          {"Problem": "Solved"}, "example.com")
116
 
 
117
 
    def test_common_name(self):
118
 
        cert = {'subject': ((('commonName', 'example.com'),),)}
119
 
        self.assertIs(None,
120
 
                      ssl.match_hostname(cert, "example.com"))
121
 
        self.assertRaises(ssl.CertificateError, ssl.match_hostname,
122
 
                          cert, "example.org")