diff options
| author | Folker Bernitt <fbernitt@thoughtworks.com> | 2015-03-31 13:50:43 +0200 |
|---|---|---|
| committer | Folker Bernitt <fbernitt@thoughtworks.com> | 2015-03-31 13:53:13 +0200 |
| commit | a1fc37326a79b95cdb056a100b321586f1c1fb7b (patch) | |
| tree | 91584a2bcbaae7f883d338a953ac94de77a7f035 /service/test/unit/bitmask_libraries | |
| parent | faad044b8b576b6d84d88608fa5a57171e3d6169 (diff) | |
Added support for ssl fingerprint validation.
- Issue #333
- Needed to patch urrlib3 for older requests versions
- Use --leap-cert-fingerprint <SHA1> to validate fingerprint
Diffstat (limited to 'service/test/unit/bitmask_libraries')
| -rw-r--r-- | service/test/unit/bitmask_libraries/test_provider.py | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/service/test/unit/bitmask_libraries/test_provider.py b/service/test/unit/bitmask_libraries/test_provider.py index 8c0cf97e..a1e69543 100644 --- a/service/test/unit/bitmask_libraries/test_provider.py +++ b/service/test/unit/bitmask_libraries/test_provider.py @@ -15,7 +15,7 @@ # along with Pixelated. If not, see <http://www.gnu.org/licenses/>. import json -from mock import patch, MagicMock +from mock import patch, MagicMock, ANY from httmock import all_requests, HTTMock, urlmatch from requests import HTTPError from pixelated.bitmask_libraries.config import LeapConfig @@ -202,8 +202,8 @@ class LeapProviderTest(AbstractLeapTest): provider = LeapProvider('some-provider.test', self.config) provider.fetch_valid_certificate() - get_func.assert_called_once_with('https://some-provider.test/provider.json', verify=BOOTSTRAP_CA_CERT, timeout=15) - session.get.assert_called_once_with('https://some-provider.test/ca.crt', verify=BOOTSTRAP_CA_CERT, timeout=15) + session.get.assert_any_call('https://some-provider.test/ca.crt', verify=BOOTSTRAP_CA_CERT, timeout=15) + session.get.assert_any_call('https://some-provider.test/provider.json', verify=BOOTSTRAP_CA_CERT, timeout=15) def test_that_provider_cert_is_used_to_fetch_soledad_json(self): get_func = MagicMock(wraps=requests.get) @@ -214,3 +214,17 @@ class LeapProviderTest(AbstractLeapTest): provider.fetch_soledad_json() get_func.assert_called_with('https://api.some-provider.test:4430/1/config/soledad-service.json', verify=CA_CERT, timeout=15) + + def test_that_leap_fingerprint_is_validated(self): + session = MagicMock(wraps=requests.session()) + session_func = MagicMock(return_value=session) + + with patch('pixelated.bitmask_libraries.provider.which_bootstrap_fingerprint', return_value='some fingerprint'): + with patch('pixelated.bitmask_libraries.provider.which_bootstrap_bundle', return_value=False): + with patch('pixelated.bitmask_libraries.provider.requests.session', new=session_func): + with HTTMock(provider_json_mock, ca_cert_mock, not_found_mock): + provider = LeapProvider('some-provider.test', self.config) + provider.fetch_valid_certificate() + + session.get.assert_any_call('https://some-provider.test/ca.crt', verify=False, timeout=15) + session.mount.assert_called_with('https://', ANY) |