Commit aafce11b authored by Lucas Carvalho's avatar Lucas Carvalho

Added new tests to retrive certificate file under HTTPS.

parent c34f476e
...@@ -15,8 +15,10 @@ ...@@ -15,8 +15,10 @@
import unittest import unittest
import tempfile import tempfile
import urllib2
import slapos.libconnection
from slapos.libnetworkcache import NetworkcacheClient from slapos.libnetworkcache import NetworkcacheClient
from slapos.tests.libnetworkcachemixin import LibNetworkCacheMixin from slapos.tests.libnetworkcachemixin import LibNetworkCacheMixin, start_server, stop_server
class OfflineTest(unittest.TestCase): class OfflineTest(unittest.TestCase):
...@@ -116,8 +118,6 @@ class TestNetworkcacheClient(LibNetworkCacheMixin): ...@@ -116,8 +118,6 @@ class TestNetworkcacheClient(LibNetworkCacheMixin):
result_bool = nc._verifySignatureInCertificateList(wrong_signature_string) result_bool = nc._verifySignatureInCertificateList(wrong_signature_string)
self.assertFalse(result_bool) self.assertFalse(result_bool)
# XXX(lucas): Should we provide the file under HTTP server using
# SimpleHTTPServer? Because actually it gonna just throw an IOError.
def test_verification_with_signature_certificate_file_list_url(self): def test_verification_with_signature_certificate_file_list_url(self):
""" """
NetworkcacheClient supports to have the certification file under an HTTP NetworkcacheClient supports to have the certification file under an HTTP
...@@ -136,6 +136,48 @@ class TestNetworkcacheClient(LibNetworkCacheMixin): ...@@ -136,6 +136,48 @@ class TestNetworkcacheClient(LibNetworkCacheMixin):
self.assertRaises(IOError, \ self.assertRaises(IOError, \
nc._verifySignatureInCertificateList, signature_string) nc._verifySignatureInCertificateList, signature_string)
def test_verification_with_non_valid_remote_https_server(self):
"""
If the HTTPS server does not has a valid certificated,
URLError must be raised, because we don't trunk on such server.
"""
https_server_port, https_server_thread, file_pem = start_server()
https_server_url = 'https://localhost:%s' % https_server_port
try:
nc = NetworkcacheClient(
shacache=self.shacache_url,
shadir=self.shadir_url,
signature_private_key_file=self.signature_private_key_file,
signature_certificate_file_list=[https_server_url + self.signature_certificate_file])
signature_string = nc._getSignatureString()
self.assertRaises(urllib2.URLError,
nc._verifySignatureInCertificateList, signature_string)
finally:
stop_server(https_server_url, https_server_thread)
def test_verification_with_valid_remote_https_server(self):
"""
If the HTTPS server is a trustable server we must download the
certificate, without any problem.
"""
https_server_port, https_server_thread, file_pem = start_server()
https_server_url = 'https://localhost:%s' % https_server_port
# making the https server a valid server
slapos.libconnection.CERTIFICATE_FILE_LOCATION_LIST = [file_pem]
https_cert_url = https_server_url + self.signature_certificate_file
try:
nc = NetworkcacheClient(
shacache=self.shacache_url,
shadir=self.shadir_url,
signature_private_key_file=self.signature_private_key_file,
signature_certificate_file_list=[https_cert_url])
signature_string = nc._getSignatureString()
nc._verifySignatureInCertificateList(signature_string)
finally:
stop_server(https_server_url, https_server_thread)
def test_signature_verification_priority(self): def test_signature_verification_priority(self):
""" """
During the signature vefirication, the filesystem path has priority over During the signature vefirication, the filesystem path has priority over
...@@ -143,10 +185,10 @@ class TestNetworkcacheClient(LibNetworkCacheMixin): ...@@ -143,10 +185,10 @@ class TestNetworkcacheClient(LibNetworkCacheMixin):
certificates are not valid. certificates are not valid.
""" """
nc = NetworkcacheClient( nc = NetworkcacheClient(
shacache=self.shacache_url, shacache=self.shacache_url,
shadir=self.shadir_url, shadir=self.shadir_url,
signature_private_key_file=self.signature_private_key_file, signature_private_key_file=self.signature_private_key_file,
signature_certificate_file_list=['http://localhost:0/public.pem', signature_certificate_file_list=['http://localhost:0/public.pem',
self.signature_certificate_file]) self.signature_certificate_file])
signature_string = nc._getSignatureString() signature_string = nc._getSignatureString()
self.assertTrue(nc._verifySignatureInCertificateList(signature_string)) self.assertTrue(nc._verifySignatureInCertificateList(signature_string))
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment