From c1a35317fe4ebb82bf7d24dc5d8c171d29c9c501 Mon Sep 17 00:00:00 2001 From: Tulio Casagrande Date: Mon, 29 Aug 2016 18:23:14 -0300 Subject: [#765] Move combined_ca_bundle to UA initialization With this change we don't have to create the combined_ca_bundle for every user at every login. To support this change, we started migrating away from the LeapCertificate class that was making the LeapProvider setup more brittle --- service/test/unit/bitmask_libraries/test_certs.py | 5 ----- service/test/unit/bitmask_libraries/test_keymanager.py | 6 ++++-- service/test/unit/bitmask_libraries/test_provider.py | 10 ++++++++-- 3 files changed, 12 insertions(+), 9 deletions(-) (limited to 'service/test/unit/bitmask_libraries') diff --git a/service/test/unit/bitmask_libraries/test_certs.py b/service/test/unit/bitmask_libraries/test_certs.py index bd9b32d3..9885759e 100644 --- a/service/test/unit/bitmask_libraries/test_certs.py +++ b/service/test/unit/bitmask_libraries/test_certs.py @@ -35,8 +35,3 @@ class CertsTest(unittest.TestCase): self.assertIsNone(certs.LEAP_FINGERPRINT) self.assertEqual(True, certs.provider_web_cert) - - def test_provider_api_cert(self): - certs = LeapCertificate(self.provider).provider_api_cert - - self.assertEqual('/some/leap/home/providers/test.leap.net/keys/client/api.pem', certs) diff --git a/service/test/unit/bitmask_libraries/test_keymanager.py b/service/test/unit/bitmask_libraries/test_keymanager.py index 1a1038b8..2d20e971 100644 --- a/service/test/unit/bitmask_libraries/test_keymanager.py +++ b/service/test/unit/bitmask_libraries/test_keymanager.py @@ -26,8 +26,9 @@ from pixelated.config import leap_config class KeymanagerTest(AbstractLeapTest): @patch('pixelated.bitmask_libraries.keymanager.KeyManager') def test_that_keymanager_is_created(self, keymanager_mock): - LeapCertificate.provider_api_cert = '/some/path/to/provider_ca_cert' when(self.provider)._discover_nicknym_server().thenReturn('https://nicknym.some-server.test:6425/') + self.provider.combined_ca_bundle = 'combined_ca_bundle' + self.provider.provider_api_cert = '/some/path/to/provider_ca_cert' leap_config.gpg_binary = '/path/to/gpg' Keymanager(self.provider, @@ -45,7 +46,8 @@ class KeymanagerTest(AbstractLeapTest): api_uri='https://api.some-server.test:4430', api_version='1', uid=self.auth.uuid, - gpgbinary='/path/to/gpg') + gpgbinary='/path/to/gpg', + combined_ca_bundle='combined_ca_bundle') @patch('pixelated.bitmask_libraries.keymanager.KeyManager') def test_gen_key(self, keymanager_mock): diff --git a/service/test/unit/bitmask_libraries/test_provider.py b/service/test/unit/bitmask_libraries/test_provider.py index 1284698f..4e7c565f 100644 --- a/service/test/unit/bitmask_libraries/test_provider.py +++ b/service/test/unit/bitmask_libraries/test_provider.py @@ -207,13 +207,12 @@ class LeapProviderTest(AbstractLeapTest): def test_that_provider_cert_is_used_to_fetch_soledad_json(self): get_func = MagicMock(wraps=requests.get) - LeapCertificate.provider_api_cert = PROVIDER_API_CERT with patch('pixelated.bitmask_libraries.provider.requests.get', new=get_func): with HTTMock(provider_json_mock, soledad_json_mock, not_found_mock): provider = LeapProvider('some-provider.test') provider.fetch_soledad_json() - get_func.assert_called_with('https://api.some-provider.test:4430/1/config/soledad-service.json', verify=PROVIDER_API_CERT, timeout=15) + get_func.assert_called_with('https://api.some-provider.test:4430/1/config/soledad-service.json', verify='/some/leap/home/providers/some-provider.test/keys/client/api.pem', timeout=15) def test_that_leap_fingerprint_is_validated(self): session = MagicMock(wraps=requests.session()) @@ -227,3 +226,10 @@ class LeapProviderTest(AbstractLeapTest): session.get.assert_any_call('https://some-provider.test/ca.crt', verify=False, timeout=15) session.mount.assert_called_with('https://', ANY) + + def test_provider_api_cert(self): + with HTTMock(provider_json_mock): + provider = LeapProvider('some-provider.test') + certs = provider.provider_api_cert + + self.assertEqual('/some/leap/home/providers/some-provider.test/keys/client/api.pem', certs) -- cgit v1.2.3