Commit aafce11b authored by Lucas Carvalho's avatar Lucas Carvalho

Added new tests to retrive certificate file under HTTPS.

parent c34f476e
......@@ -15,8 +15,10 @@
import unittest
import tempfile
import urllib2
import slapos.libconnection
from slapos.libnetworkcache import NetworkcacheClient
from slapos.tests.libnetworkcachemixin import LibNetworkCacheMixin
from slapos.tests.libnetworkcachemixin import LibNetworkCacheMixin, start_server, stop_server
class OfflineTest(unittest.TestCase):
......@@ -116,8 +118,6 @@ class TestNetworkcacheClient(LibNetworkCacheMixin):
result_bool = nc._verifySignatureInCertificateList(wrong_signature_string)
self.assertFalse(result_bool)
# XXX(lucas): Should we provide the file under HTTP server using
# SimpleHTTPServer? Because actually it gonna just throw an IOError.
def test_verification_with_signature_certificate_file_list_url(self):
"""
NetworkcacheClient supports to have the certification file under an HTTP
......@@ -136,6 +136,48 @@ class TestNetworkcacheClient(LibNetworkCacheMixin):
self.assertRaises(IOError, \
nc._verifySignatureInCertificateList, signature_string)
def test_verification_with_non_valid_remote_https_server(self):
"""
If the HTTPS server does not has a valid certificated,
URLError must be raised, because we don't trunk on such server.
"""
https_server_port, https_server_thread, file_pem = start_server()
https_server_url = 'https://localhost:%s' % https_server_port
try:
nc = NetworkcacheClient(
shacache=self.shacache_url,
shadir=self.shadir_url,
signature_private_key_file=self.signature_private_key_file,
signature_certificate_file_list=[https_server_url + self.signature_certificate_file])
signature_string = nc._getSignatureString()
self.assertRaises(urllib2.URLError,
nc._verifySignatureInCertificateList, signature_string)
finally:
stop_server(https_server_url, https_server_thread)
def test_verification_with_valid_remote_https_server(self):
"""
If the HTTPS server is a trustable server we must download the
certificate, without any problem.
"""
https_server_port, https_server_thread, file_pem = start_server()
https_server_url = 'https://localhost:%s' % https_server_port
# making the https server a valid server
slapos.libconnection.CERTIFICATE_FILE_LOCATION_LIST = [file_pem]
https_cert_url = https_server_url + self.signature_certificate_file
try:
nc = NetworkcacheClient(
shacache=self.shacache_url,
shadir=self.shadir_url,
signature_private_key_file=self.signature_private_key_file,
signature_certificate_file_list=[https_cert_url])
signature_string = nc._getSignatureString()
nc._verifySignatureInCertificateList(signature_string)
finally:
stop_server(https_server_url, https_server_thread)
def test_signature_verification_priority(self):
"""
During the signature vefirication, the filesystem path has priority over
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment