summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRuben Pollan <meskio@sindominio.net>2017-06-02 01:01:10 +0200
committerRuben Pollan <meskio@sindominio.net>2017-06-05 19:42:13 +0200
commitbc7dd3e575fcd5ed6ee6aa352c97741f761130aa (patch)
tree5bd648d4194514bc3648507ef549339d0e73777c
parent97774379834f0a06731093de54c986f8f7fd51a3 (diff)
[test] validate the CA cert fingerprint check
-rw-r--r--tests/integration/bonafide/test_config.py32
1 files changed, 25 insertions, 7 deletions
diff --git a/tests/integration/bonafide/test_config.py b/tests/integration/bonafide/test_config.py
index aeb2c842..5d45189b 100644
--- a/tests/integration/bonafide/test_config.py
+++ b/tests/integration/bonafide/test_config.py
@@ -34,6 +34,8 @@ class ConfigTest(BaseHTTPSServerTestCase, unittest.TestCase, BaseLeapTest):
BaseHTTPSServerTestCase.setUp(self)
self.addr.host = 'localhost'
self.addr.port = self.PORT
+ self.cacert = os.path.join(os.path.dirname(__file__),
+ "cacert.pem")
def test_bootstrap_self_sign_cert_fails(self):
home = os.path.join(self.home, 'self_sign')
@@ -42,13 +44,29 @@ class ConfigTest(BaseHTTPSServerTestCase, unittest.TestCase, BaseLeapTest):
d = provider.callWhenMainConfigReady(lambda: "Cert was accepted")
return self.assertFailure(d, NetworkError)
+ @defer.inlineCallbacks
+ def test_bootstrap_invalid_ca_cert(self):
+ home = os.path.join(self.home, 'fp')
+ os.mkdir(home)
+ self.addr.fingerprint = "fabadafabada"
+ provider = Provider(self.addr.domain, autoconf=True, basedir=home,
+ cert_path=self.cacert)
+
+ d = provider.callWhenMainConfigReady(lambda: "CA cert fp matched")
+ yield self.assertFailure(d, NetworkError)
+ self.assertFalse(os.path.isfile(provider._get_ca_cert_path()))
+ provider._http.close()
+ try:
+ yield defer.gatherResults([
+ d, provider.ongoing_bootstrap[provider._domain]])
+ except:
+ pass
+
def test_bootstrap_pinned_cert(self):
- cacert = os.path.join(os.path.dirname(__file__),
- "cacert.pem")
home = os.path.join(self.home, 'pinned')
os.mkdir(home)
provider = Provider(self.addr.domain, autoconf=True, basedir=home,
- cert_path=cacert)
+ cert_path=self.cacert)
def check_provider():
config = provider.config()
@@ -56,16 +74,16 @@ class ConfigTest(BaseHTTPSServerTestCase, unittest.TestCase, BaseLeapTest):
self.assertEqual(config["ca_cert_fingerprint"],
"SHA256: %s" % fingerprint)
- provider.callWhenMainConfigReady(check_provider)
+ d = provider.callWhenMainConfigReady(check_provider)
return defer.gatherResults([
- provider.first_bootstrap[provider._domain],
- provider.ongoing_bootstrap[provider._domain]])
+ d, provider.ongoing_bootstrap[provider._domain]])
class Addr(object):
def __init__(self, host='localhost', port='4443'):
self.host = host
self.port = port
+ self.fingerprint = fingerprint
@property
def domain(self):
@@ -79,7 +97,7 @@ def request_handler(addr):
body = provider_json % {
'host': addr.host,
'port': addr.port,
- 'fingerprint': fingerprint
+ 'fingerprint': addr.fingerprint
}
elif self.path == '/ca.crt':