/brz/remove-bazaar

To get this branch, use:
bzr branch http://gegoxaren.bato24.eu/bzr/brz/remove-bazaar

« back to all changes in this revision

Viewing changes to breezy/tests/test_https_urllib.py

  • Committer: Breezy landing bot
  • Author(s): Colin Watson
  • Date: 2020-11-16 21:47:08 UTC
  • mfrom: (7521.1.1 remove-lp-workaround)
  • Revision ID: breezy.the.bot@gmail.com-20201116214708-jos209mgxi41oy15
Remove breezy.git workaround for bazaar.launchpad.net.

Merged from https://code.launchpad.net/~cjwatson/brz/remove-lp-workaround/+merge/393710

Show diffs side-by-side

added added

removed removed

Lines of Context:
breezy/tests/test_https_urllib.py
1
 
# Copyright (C) 2011,2012 Canonical Ltd
 
1
# Copyright (C) 2011, 2012, 2013, 2016 Canonical Ltd
2
2
#
3
3
# This program is free software; you can redistribute it and/or modify
4
4
# it under the terms of the GNU General Public License as published by
19
19
"""
20
20
 
21
21
import os
22
 
import ssl
 
22
import sys
23
23
 
24
 
from bzrlib import (
 
24
from .. import (
25
25
    config,
26
26
    trace,
27
 
    )
28
 
from bzrlib.errors import (
29
 
    CertificateError,
30
 
    ConfigOptionValueError,
31
 
    )
32
 
from bzrlib.tests import (
33
 
    TestCase,
34
 
    TestCaseInTempDir,
35
 
    )
36
 
from bzrlib.transport.http import _urllib2_wrappers
37
 
 
38
 
 
39
 
class CaCertsConfigTests(TestCaseInTempDir):
 
27
)
 
28
from .. import tests
 
29
from ..transport.http import ssl, opt_ssl_ca_certs
 
30
 
 
31
 
 
32
class CaCertsConfigTests(tests.TestCaseInTempDir):
40
33
 
41
34
    def get_stack(self, content):
42
35
        return config.MemoryStack(content.encode('utf-8'))
50
43
        self.build_tree(['cacerts.pem'])
51
44
        path = os.path.join(self.test_dir, "cacerts.pem")
52
45
        stack = self.get_stack("ssl.ca_certs = %s\n" % path)
53
 
        self.assertEquals(path, stack.get('ssl.ca_certs'))
 
46
        self.assertEqual(path, stack.get('ssl.ca_certs'))
54
47
 
55
48
    def test_specified_doesnt_exist(self):
56
49
        stack = self.get_stack('')
57
50
        # Disable the default value mechanism to force the behavior we want
58
 
        self.overrideAttr(_urllib2_wrappers.opt_ssl_ca_certs, 'default',
 
51
        self.overrideAttr(opt_ssl_ca_certs, 'default',
59
52
                          os.path.join(self.test_dir, u"nonexisting.pem"))
60
53
        self.warnings = []
 
54
 
61
55
        def warning(*args):
62
56
            self.warnings.append(args[0] % args[1:])
63
57
        self.overrideAttr(trace, 'warning', warning)
64
 
        self.assertEquals(None, stack.get('ssl.ca_certs'))
 
58
        self.assertEqual(None, stack.get('ssl.ca_certs'))
65
59
        self.assertLength(1, self.warnings)
66
60
        self.assertContainsRe(self.warnings[0],
67
61
                              "is not valid for \"ssl.ca_certs\"")
68
62
 
69
63
 
70
 
class CertReqsConfigTests(TestCaseInTempDir):
 
64
class CertReqsConfigTests(tests.TestCaseInTempDir):
71
65
 
72
66
    def test_default(self):
73
 
        stack = config.MemoryStack("")
74
 
        self.assertEquals(ssl.CERT_REQUIRED, stack.get("ssl.cert_reqs"))
 
67
        stack = config.MemoryStack(b"")
 
68
        self.assertEqual(ssl.CERT_REQUIRED, stack.get("ssl.cert_reqs"))
75
69
 
76
70
    def test_from_string(self):
77
 
        stack = config.MemoryStack("ssl.cert_reqs = none\n")
78
 
        self.assertEquals(ssl.CERT_NONE, stack.get("ssl.cert_reqs"))
79
 
        stack = config.MemoryStack("ssl.cert_reqs = required\n")
80
 
        self.assertEquals(ssl.CERT_REQUIRED, stack.get("ssl.cert_reqs"))
81
 
        stack = config.MemoryStack("ssl.cert_reqs = invalid\n")
82
 
        self.assertRaises(ConfigOptionValueError, stack.get, "ssl.cert_reqs")
83
 
 
84
 
 
85
 
class MatchHostnameTests(TestCase):
 
71
        stack = config.MemoryStack(b"ssl.cert_reqs = none\n")
 
72
        self.assertEqual(ssl.CERT_NONE, stack.get("ssl.cert_reqs"))
 
73
        stack = config.MemoryStack(b"ssl.cert_reqs = required\n")
 
74
        self.assertEqual(ssl.CERT_REQUIRED, stack.get("ssl.cert_reqs"))
 
75
        stack = config.MemoryStack(b"ssl.cert_reqs = invalid\n")
 
76
        self.assertRaises(config.ConfigOptionValueError, stack.get,
 
77
                          "ssl.cert_reqs")
 
78
 
 
79
 
 
80
class MatchHostnameTests(tests.TestCase):
86
81
 
87
82
    def test_no_certificate(self):
88
83
        self.assertRaises(ValueError,
89
 
                          _urllib2_wrappers.match_hostname, {}, "example.com")
 
84
                          ssl.match_hostname, {}, "example.com")
90
85
 
91
86
    def test_wildcards_in_cert(self):
92
87
        def ok(cert, hostname):
93
 
            _urllib2_wrappers.match_hostname(cert, hostname)
 
88
            ssl.match_hostname(cert, hostname)
 
89
 
 
90
        def not_ok(cert, hostname):
 
91
            self.assertRaises(
 
92
                ssl.CertificateError,
 
93
                ssl.match_hostname, cert, hostname)
94
94
 
95
95
        # Python Issue #17980: avoid denials of service by refusing more than
96
96
        # one wildcard per fragment.
97
 
        cert = {'subject': ((('commonName', 'a*b.com'),),)}
98
 
        ok(cert, 'axxb.com')
99
 
        cert = {'subject': ((('commonName', 'a*b.co*'),),)}
100
 
        ok(cert, 'axxb.com')
101
 
        cert = {'subject': ((('commonName', 'a*b*.com'),),)}
102
 
        try:
103
 
            _urllib2_wrappers.match_hostname(cert, 'axxbxxc.com')
104
 
        except ValueError as e:
105
 
            self.assertIn("too many wildcards", str(e))
 
97
        if sys.version_info[:2] >= (3, 7):
 
98
            # Python 3.7 dropped support for partial wildcards, see
 
99
            # https://docs.python.org/3/whatsnew/3.7.html#ssl
 
100
            not_ok({'subject': ((('commonName', 'a*b.com'),),)}, 'axxb.com')
 
101
        else:
 
102
            ok({'subject': ((('commonName', 'a*b.com'),),)}, 'axxb.com')
 
103
        not_ok({'subject': ((('commonName', 'a*b.co*'),),)}, 'axxb.com')
 
104
        not_ok({'subject': ((('commonName', 'a*b*.com'),),)}, 'axxbxxc.com')
106
105
 
107
106
    def test_no_valid_attributes(self):
108
 
        self.assertRaises(CertificateError, _urllib2_wrappers.match_hostname,
 
107
        self.assertRaises(ssl.CertificateError, ssl.match_hostname,
109
108
                          {"Problem": "Solved"}, "example.com")
110
109
 
111
110
    def test_common_name(self):
112
111
        cert = {'subject': ((('commonName', 'example.com'),),)}
113
112
        self.assertIs(None,
114
 
                      _urllib2_wrappers.match_hostname(cert, "example.com"))
115
 
        self.assertRaises(CertificateError, _urllib2_wrappers.match_hostname,
 
113
                      ssl.match_hostname(cert, "example.com"))
 
114
        self.assertRaises(ssl.CertificateError, ssl.match_hostname,
116
115
                          cert, "example.org")