From cf6adf149d2356400e611b019353f431a032d88e Mon Sep 17 00:00:00 2001
From: Folker Bernitt <fbernitt@thoughtworks.com>
Date: Wed, 10 Feb 2016 17:06:15 +0100
Subject: Download SMTP client certificate, not VPN one

- Issue #591
---
 .../bitmask_libraries/test_smtp_cert_downloader.py | 23 ++++++---
 .../test_smtp_client_certificate.py                | 59 ++++++++++++++++++++++
 2 files changed, 74 insertions(+), 8 deletions(-)
 create mode 100644 service/test/unit/bitmask_libraries/test_smtp_client_certificate.py

(limited to 'service/test/unit/bitmask_libraries')

diff --git a/service/test/unit/bitmask_libraries/test_smtp_cert_downloader.py b/service/test/unit/bitmask_libraries/test_smtp_cert_downloader.py
index 5644ab6a..cfc9353d 100644
--- a/service/test/unit/bitmask_libraries/test_smtp_cert_downloader.py
+++ b/service/test/unit/bitmask_libraries/test_smtp_cert_downloader.py
@@ -21,6 +21,7 @@ from tempfile import NamedTemporaryFile
 from httmock import all_requests, HTTMock, urlmatch
 
 CERTIFICATE_DATA = 'some cert data'
+USERNAME = 'some_user_name'
 
 
 @all_requests
@@ -29,12 +30,17 @@ def not_found_mock(url, request):
             'content': 'foobar'}
 
 
-@urlmatch(netloc='api.some-server.test:4430', path='/1/cert')
-def ca_cert_mock(url, request):
-    return {
-        "status_code": 200,
-        "content": CERTIFICATE_DATA
-    }
+@urlmatch(netloc='api.some-server.test:4430', path='/1/smtp_cert', method='POST')
+def smtp_cert_mock(url, request):
+    if request.body == 'address=%s' % USERNAME:
+        return {
+            "status_code": 200,
+            "content": CERTIFICATE_DATA
+        }
+    else:
+        return {
+            'status_code': 401
+        }
 
 
 class TestSmtpCertDownloader(unittest.TestCase):
@@ -50,6 +56,7 @@ class TestSmtpCertDownloader(unittest.TestCase):
         self._provider.api_version = '1'
         self._provider.server_name = 'some.host.tld'
 
+        self._auth.username = USERNAME
         self._auth.session_id = 'some session id'
         self._auth.token = 'some token'
 
@@ -57,7 +64,7 @@ class TestSmtpCertDownloader(unittest.TestCase):
         unstub()
 
     def test_download_certificate(self):
-        with HTTMock(ca_cert_mock, not_found_mock):
+        with HTTMock(smtp_cert_mock, not_found_mock):
             cert_data = SmtpCertDownloader(self._provider, self._auth).download()
 
         self.assertEqual(CERTIFICATE_DATA, cert_data)
@@ -71,7 +78,7 @@ class TestSmtpCertDownloader(unittest.TestCase):
         downloader = SmtpCertDownloader(self._provider, self._auth)
 
         with NamedTemporaryFile() as tmp_file:
-            with HTTMock(ca_cert_mock, not_found_mock):
+            with HTTMock(smtp_cert_mock, not_found_mock):
                 downloader.download_to(tmp_file.name)
 
             file_content = open(tmp_file.name).read()
diff --git a/service/test/unit/bitmask_libraries/test_smtp_client_certificate.py b/service/test/unit/bitmask_libraries/test_smtp_client_certificate.py
new file mode 100644
index 00000000..1a57487a
--- /dev/null
+++ b/service/test/unit/bitmask_libraries/test_smtp_client_certificate.py
@@ -0,0 +1,59 @@
+#
+# Copyright (c) 2016 ThoughtWorks, Inc.
+#
+# Pixelated is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Pixelated is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
+import os
+import unittest
+import tempdir
+from pixelated.bitmask_libraries import session
+from leap.srp_session import SRPSession
+from mockito import mock, unstub, when, verify, never, any as ANY
+
+from pixelated.bitmask_libraries.session import SmtpClientCertificate
+
+
+class TestSmtpClientCertificate(unittest.TestCase):
+
+    def setUp(self):
+        self.tmp_dir = tempdir.TempDir()
+        self.provider = mock()
+        self.provider.domain = 'some-provider.tld'
+        self.auth = SRPSession('username', 'token', 'uuid', 'session_id')
+        self.pem_path = os.path.join(self.tmp_dir.name, 'providers', 'some-provider.tld', 'keys', 'client', 'smtp.pem')
+
+    def tearDown(self):
+        self.tmp_dir.dissolve()
+        unstub()
+
+    def test_download_certificate(self):
+        downloader = mock()
+        when(session).SmtpCertDownloader(self.provider, self.auth).thenReturn(downloader)
+
+        cert = SmtpClientCertificate(self.provider, self.auth, self.tmp_dir.name)
+        result = cert.cert_path()
+
+        self.assertEqual(self.pem_path, result)
+        verify(downloader).download_to(self.pem_path)
+
+    def test_skip_download_if_already_downloaded(self):
+
+        downloader = mock()
+        when(session).SmtpCertDownloader(self.provider, self.auth).thenReturn(downloader)
+        when(os.path).exists(self.pem_path).thenReturn(True)
+
+        cert = SmtpClientCertificate(self.provider, self.auth, self.tmp_dir.name)
+        result = cert.cert_path()
+
+        self.assertEqual(self.pem_path, result)
+        verify(downloader, never).download_to(ANY())
-- 
cgit v1.2.3