summaryrefslogtreecommitdiff
path: root/tests/integration/bonafide/test_config.py
diff options
context:
space:
mode:
authorRuben Pollan <meskio@sindominio.net>2017-05-16 18:57:16 +0200
committerRuben Pollan <meskio@sindominio.net>2017-06-05 19:42:13 +0200
commit97774379834f0a06731093de54c986f8f7fd51a3 (patch)
tree1c5c11be27a289d2f0ea02fdac4dfd96954b9c68 /tests/integration/bonafide/test_config.py
parent0edc6cf6a4270e94443fc6c8bfa73c5ca1ad5d92 (diff)
[bug] fail bonafide bootstrap for self sign certs
- Resolves: #8881
Diffstat (limited to 'tests/integration/bonafide/test_config.py')
-rw-r--r--tests/integration/bonafide/test_config.py146
1 files changed, 146 insertions, 0 deletions
diff --git a/tests/integration/bonafide/test_config.py b/tests/integration/bonafide/test_config.py
new file mode 100644
index 0000000..aeb2c84
--- /dev/null
+++ b/tests/integration/bonafide/test_config.py
@@ -0,0 +1,146 @@
+# -*- coding: utf-8 -*-
+# test_config.py
+# Copyright (C) 2015-2017 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+import os.path
+
+from BaseHTTPServer import BaseHTTPRequestHandler
+from twisted.internet import defer
+from twisted.trial import unittest
+
+from leap.bitmask.bonafide.config import Provider
+from leap.bitmask.bonafide.errors import NetworkError
+from leap.common.testing.basetest import BaseLeapTest
+from leap.common.testing.https_server import BaseHTTPSServerTestCase
+
+
+class ConfigTest(BaseHTTPSServerTestCase, unittest.TestCase, BaseLeapTest):
+
+ def setUp(self):
+ self.addr = Addr()
+ self.request_handler = request_handler(self.addr)
+ BaseHTTPSServerTestCase.setUp(self)
+ self.addr.host = 'localhost'
+ self.addr.port = self.PORT
+
+ def test_bootstrap_self_sign_cert_fails(self):
+ home = os.path.join(self.home, 'self_sign')
+ os.mkdir(home)
+ provider = Provider(self.addr.domain, autoconf=True, basedir=home)
+ d = provider.callWhenMainConfigReady(lambda: "Cert was accepted")
+ return self.assertFailure(d, NetworkError)
+
+ def test_bootstrap_pinned_cert(self):
+ cacert = os.path.join(os.path.dirname(__file__),
+ "cacert.pem")
+ home = os.path.join(self.home, 'pinned')
+ os.mkdir(home)
+ provider = Provider(self.addr.domain, autoconf=True, basedir=home,
+ cert_path=cacert)
+
+ def check_provider():
+ config = provider.config()
+ self.assertEqual(config["domain"], self.addr.host)
+ self.assertEqual(config["ca_cert_fingerprint"],
+ "SHA256: %s" % fingerprint)
+
+ provider.callWhenMainConfigReady(check_provider)
+ return defer.gatherResults([
+ provider.first_bootstrap[provider._domain],
+ provider.ongoing_bootstrap[provider._domain]])
+
+
+class Addr(object):
+ def __init__(self, host='localhost', port='4443'):
+ self.host = host
+ self.port = port
+
+ @property
+ def domain(self):
+ return "%s:%s" % (self.host, self.port)
+
+
+def request_handler(addr):
+ class RequestHandler(BaseHTTPRequestHandler):
+ def do_GET(self):
+ if self.path == '/provider.json':
+ body = provider_json % {
+ 'host': addr.host,
+ 'port': addr.port,
+ 'fingerprint': fingerprint
+ }
+
+ elif self.path == '/ca.crt':
+ cacert = os.path.join(os.path.dirname(__file__),
+ "leaptestscert.pem")
+ with open(cacert, 'r') as f:
+ castr = f.read()
+ body = castr
+
+ elif self.path == '/1/configs.json':
+ body = configs_json
+
+ else:
+ body = '{"error": "not implemented"}'
+
+ self.send_response(200)
+ self.send_header('Content-type', 'applicatino/json')
+ self.send_header('Content-Length', str(len(body)))
+ self.end_headers()
+ self.wfile.write(body)
+
+ return RequestHandler
+
+
+fingerprint = \
+ "cd0131b3352b7a29c307156b24f09fe862b1f5a2e55be7cd888048b91770f220"
+provider_json = """
+{
+ "api_uri": "https://%(host)s:%(port)s",
+ "api_version": "1",
+ "ca_cert_fingerprint": "SHA256: %(fingerprint)s",
+ "ca_cert_uri": "https://%(host)s:%(port)s/ca.crt",
+ "default_language": "en",
+ "description": {
+ "en": "example"
+ },
+ "domain": "%(host)s",
+ "enrollment_policy": "open",
+ "languages": [
+ "en"
+ ],
+ "name": {
+ "en": "Bitmask"
+ },
+ "service": {
+ "allow_anonymous": false,
+ "allow_free": true,
+ "allow_limited_bandwidth": false,
+ "allow_paid": false,
+ "allow_registration": true,
+ "allow_unlimited_bandwidth": true,
+ "bandwidth_limit": 102401,
+ "default_service_level": 1,
+ "levels": {
+ "1": {
+ "description": "hi.",
+ "name": "free"
+ }
+ }
+ },
+ "services": []
+}
+"""
+configs_json = "{}"