Added new tests to retrive certificate file under HTTPS.

slapos/tests/test_libnetworkcache.py

@@ -15,8 +15,10 @@
 
 import unittest
 import tempfile
+import urllib2
+import slapos.libconnection
 from slapos.libnetworkcache import NetworkcacheClient
-from slapos.tests.libnetworkcachemixin import LibNetworkCacheMixin
+from slapos.tests.libnetworkcachemixin import LibNetworkCacheMixin, start_server, stop_server
 
 
 class OfflineTest(unittest.TestCase):
@@ -116,8 +118,6 @@ class TestNetworkcacheClient(LibNetworkCacheMixin):
     result_bool = nc._verifySignatureInCertificateList(wrong_signature_string)
     self.assertFalse(result_bool)
 
-  # XXX(lucas): Should we provide the file under HTTP server using
-  # SimpleHTTPServer? Because actually it gonna just throw an IOError.
   def test_verification_with_signature_certificate_file_list_url(self):
     """
       NetworkcacheClient supports to have the certification file under an HTTP
@@ -136,6 +136,48 @@ class TestNetworkcacheClient(LibNetworkCacheMixin):
     self.assertRaises(IOError, \
                         nc._verifySignatureInCertificateList, signature_string)
 
+  def test_verification_with_non_valid_remote_https_server(self):
+    """
+      If the HTTPS server does not has a valid certificated,
+      URLError must be raised, because we don't trunk on such server.
+    """
+    https_server_port, https_server_thread, file_pem = start_server()
+    https_server_url = 'https://localhost:%s' % https_server_port
+    try:
+      nc = NetworkcacheClient(
+             shacache=self.shacache_url,
+             shadir=self.shadir_url,
+             signature_private_key_file=self.signature_private_key_file,
+             signature_certificate_file_list=[https_server_url + self.signature_certificate_file])
+      signature_string = nc._getSignatureString()
+      self.assertRaises(urllib2.URLError,
+                       nc._verifySignatureInCertificateList, signature_string)
+    finally:
+      stop_server(https_server_url, https_server_thread)
+
+  def test_verification_with_valid_remote_https_server(self):
+    """
+      If the HTTPS server is a trustable server we must download the
+      certificate, without any problem.
+    """
+    https_server_port, https_server_thread, file_pem = start_server()
+    https_server_url = 'https://localhost:%s' % https_server_port
+
+    # making the https server a valid server
+    slapos.libconnection.CERTIFICATE_FILE_LOCATION_LIST = [file_pem]
+
+    https_cert_url = https_server_url + self.signature_certificate_file
+    try:
+      nc = NetworkcacheClient(
+             shacache=self.shacache_url,
+             shadir=self.shadir_url,
+             signature_private_key_file=self.signature_private_key_file,
+             signature_certificate_file_list=[https_cert_url])
+      signature_string = nc._getSignatureString()
+      nc._verifySignatureInCertificateList(signature_string)
+    finally:
+      stop_server(https_server_url, https_server_thread)
+
   def test_signature_verification_priority(self):
     """
       During the signature vefirication, the filesystem path has priority over
@@ -143,10 +185,10 @@ class TestNetworkcacheClient(LibNetworkCacheMixin):
       certificates are not valid.
     """
     nc = NetworkcacheClient(
-             shacache=self.shacache_url,
-             shadir=self.shadir_url,
-             signature_private_key_file=self.signature_private_key_file,
-             signature_certificate_file_list=['http://localhost:0/public.pem',
-                                              self.signature_certificate_file])
+           shacache=self.shacache_url,
+           shadir=self.shadir_url,
+           signature_private_key_file=self.signature_private_key_file,
+           signature_certificate_file_list=['http://localhost:0/public.pem',
+                                            self.signature_certificate_file])
     signature_string = nc._getSignatureString()
     self.assertTrue(nc._verifySignatureInCertificateList(signature_string))