/brz/remove-bazaar

« back to all changes in this revision

Viewing changes to breezy/tests/test_https_urllib.py

• browse files at revision 7521
• compare with another revision
• download diff
• download tarball
• view history from revision 7521

• reverse the comparison (7521 to 5200.2.2)
• stop comparing with revision 5200.2.2

Show diffs side-by-side

added

removed

breezy/tests/test_https_urllib.py

 

1

# Copyright (C) 2011, 2012, 2013, 2016 Canonical Ltd

 

2

#

 

3

# This program is free software; you can redistribute it and/or modify

 

4

# it under the terms of the GNU General Public License as published by

 

5

# the Free Software Foundation; either version 2 of the License, or

 

6

# (at your option) any later version.

 

7

#

 

8

# This program is distributed in the hope that it will be useful,

 

9

# but WITHOUT ANY WARRANTY; without even the implied warranty of

 

10

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 

11

# GNU General Public License for more details.

 

12

#

 

13

# You should have received a copy of the GNU General Public License

 

14

# along with this program; if not, write to the Free Software

 

15

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

 

16

 

 

17

"""Tests for the SSL support in the urllib HTTP transport.

 

18

 

 

19

"""

 

20

 

 

21

import os

 

22

import sys

 

23

 

 

24

from .. import (

 

25

    config,

 

26

    trace,

 

27

)

 

28

from .. import tests

 

29

from ..transport.http import ssl, opt_ssl_ca_certs

 

30

 

 

31

 

 

32

class CaCertsConfigTests(tests.TestCaseInTempDir):

 

33

 

 

34

    def get_stack(self, content):

 

35

        return config.MemoryStack(content.encode('utf-8'))

 

36

 

 

37

    def test_default_exists(self):

 

38

        """Check that the default we provide exists for the tested platform."""

 

39

        stack = self.get_stack("")

 

40

        self.assertPathExists(stack.get('ssl.ca_certs'))

 

41

 

 

42

    def test_specified(self):

 

43

        self.build_tree(['cacerts.pem'])

 

44

        path = os.path.join(self.test_dir, "cacerts.pem")

 

45

        stack = self.get_stack("ssl.ca_certs = %s\n" % path)

 

46

        self.assertEqual(path, stack.get('ssl.ca_certs'))

 

47

 

 

48

    def test_specified_doesnt_exist(self):

 

49

        stack = self.get_stack('')

 

50

        # Disable the default value mechanism to force the behavior we want

 

51

        self.overrideAttr(opt_ssl_ca_certs, 'default',

 

52

                          os.path.join(self.test_dir, u"nonexisting.pem"))

 

53

        self.warnings = []

 

54

 

 

55

        def warning(*args):

 

56

            self.warnings.append(args[0] % args[1:])

 

57

        self.overrideAttr(trace, 'warning', warning)

 

58

        self.assertEqual(None, stack.get('ssl.ca_certs'))

 

59

        self.assertLength(1, self.warnings)

 

60

        self.assertContainsRe(self.warnings[0],

 

61

                              "is not valid for \"ssl.ca_certs\"")

 

62

 

 

63

 

 

64

class CertReqsConfigTests(tests.TestCaseInTempDir):

 

65

 

 

66

    def test_default(self):

 

67

        stack = config.MemoryStack(b"")

 

68

        self.assertEqual(ssl.CERT_REQUIRED, stack.get("ssl.cert_reqs"))

 

69

 

 

70

    def test_from_string(self):

 

71

        stack = config.MemoryStack(b"ssl.cert_reqs = none\n")

 

72

        self.assertEqual(ssl.CERT_NONE, stack.get("ssl.cert_reqs"))

 

73

        stack = config.MemoryStack(b"ssl.cert_reqs = required\n")

 

74

        self.assertEqual(ssl.CERT_REQUIRED, stack.get("ssl.cert_reqs"))

 

75

        stack = config.MemoryStack(b"ssl.cert_reqs = invalid\n")

 

76

        self.assertRaises(config.ConfigOptionValueError, stack.get,

 

77

                          "ssl.cert_reqs")

 

78

 

 

79

 

 

80

class MatchHostnameTests(tests.TestCase):

 

81

 

 

82

    def test_no_certificate(self):

 

83

        self.assertRaises(ValueError,

 

84

                          ssl.match_hostname, {}, "example.com")

 

85

 

 

86

    def test_wildcards_in_cert(self):

 

87

        def ok(cert, hostname):

 

88

            ssl.match_hostname(cert, hostname)

 

89

 

 

90

        def not_ok(cert, hostname):

 

91

            self.assertRaises(

 

92

                ssl.CertificateError,

 

93

                ssl.match_hostname, cert, hostname)

 

94

 

 

95

        # Python Issue #17980: avoid denials of service by refusing more than

 

96

        # one wildcard per fragment.

 

97

        if sys.version_info[:2] >= (3, 7):

 

98

            # Python 3.7 dropped support for partial wildcards, see

 

99

            # https://docs.python.org/3/whatsnew/3.7.html#ssl

 

100

            not_ok({'subject': ((('commonName', 'a*b.com'),),)}, 'axxb.com')

 

101

        else:

 

102

            ok({'subject': ((('commonName', 'a*b.com'),),)}, 'axxb.com')

 

103

        not_ok({'subject': ((('commonName', 'a*b.co*'),),)}, 'axxb.com')

 

104

        not_ok({'subject': ((('commonName', 'a*b*.com'),),)}, 'axxbxxc.com')

 

105

 

 

106

    def test_no_valid_attributes(self):

 

107

        self.assertRaises(ssl.CertificateError, ssl.match_hostname,

 

108

                          {"Problem": "Solved"}, "example.com")

 

109

 

 

110

    def test_common_name(self):

 

111

        cert = {'subject': ((('commonName', 'example.com'),),)}

 

112

        self.assertIs(None,

 

113

                      ssl.match_hostname(cert, "example.com"))

 

114

        self.assertRaises(ssl.CertificateError, ssl.match_hostname,

 

115

                          cert, "example.org")

• Older »

Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0