2 files changed, 58 insertions, 27 deletions

diff --git a/src/leap/soledad/tests/test_leap_backend.py b/src/leap/soledad/tests/test_leap_backend.py
index b58a5473..dbebadb5 100644
--- a/src/leap/soledad/tests/test_leap_backend.py
+++ b/src/leap/soledad/tests/test_leap_backend.py
@@ -22,6 +22,7 @@ Test Leap backend bits.
 
 import u1db
 import os
+import ssl
 try:
     import simplejson as json
 except ImportError:
@@ -35,7 +36,7 @@ from u1db.remote import (
     http_target,
 )
 
-
+from leap import soledad
 from leap.soledad.backends import leap_backend
 from leap.soledad.server import (
     SoledadApp,
@@ -509,39 +510,63 @@ class TestLeapSyncTarget(
 # The following tests come from `u1db.tests.test_https`.
 #-----------------------------------------------------------------------------
 
-def oauth_https_sync_target(test, host, path):
-    _, port = test.server.server_address
-    st = leap_backend.LeapSyncTarget(
-        'https://%s:%d/~/%s' % (host, port, path),
-        crypto=test._soledad._crypto)
-    st.set_oauth_credentials(tests.consumer1.key, tests.consumer1.secret,
-                             tests.token1.key, tests.token1.secret)
-    return st
-
 def token_leap_https_sync_target(test, host, path):
     _, port = test.server.server_address
     st = leap_backend.LeapSyncTarget(
-        'https://%s:%d/~/%s' % (host, port, path),
+        'https://%s:%d/%s' % (host, port, path),
         crypto=test._soledad._crypto)
     st.set_token_credentials('user-uuid', 'auth-token')
     return st
 
 
-#class TestLeapSyncTargetHttpsSupport(test_https.TestHttpSyncTargetHttpsSupport,
-#                                     BaseSoledadTest):
-#
-#    scenarios = [
-#        ('oauth_https', {'server_def': test_https.https_server_def,
-#                         'make_app_with_state': make_oauth_http_app,
-#                         'make_document_for_test': make_leap_document_for_test,
-#                         'sync_target': oauth_https_sync_target,
-#                         }),
-#        ('token_soledad_https', {'server_def': test_https.https_server_def,
-#                        'make_app_with_state': make_token_soledad_app,
-#                        'make_document_for_test': make_leap_document_for_test,
-#                        'sync_target': token_leap_https_sync_target}),
-#    ]
+class TestLeapSyncTargetHttpsSupport(test_https.TestHttpSyncTargetHttpsSupport,
+                                     BaseSoledadTest):
+
+    scenarios = [
+        ('token_soledad_https', {'server_def': test_https.https_server_def,
+                        'make_app_with_state': make_token_soledad_app,
+                        'make_document_for_test': make_leap_document_for_test,
+                        'sync_target': token_leap_https_sync_target}),
+    ]
 
+    def setUp(self):
+        # the parent constructor undoes our SSL monkey patch to ensure tests
+        # run smoothly with standard u1db.
+        test_https.TestHttpSyncTargetHttpsSupport.setUp(self)
+        # so here monkey patch again to test our functionality.
+        http_client._VerifiedHTTPSConnection = soledad.VerifiedHTTPSConnection
+        soledad.SOLEDAD_CERT = http_client.CA_CERTS
+
+    def test_working(self):
+        """
+        Test that SSL connections work well.
+
+        This test was adapted to patch Soledad's HTTPS connection custom class
+        with the intended CA certificates.
+        """
+        self.startServer()
+        db = self.request_state._create_database('test')
+        self.patch(soledad, 'SOLEDAD_CERT', self.cacert_pem)
+        remote_target = self.getSyncTarget('localhost', 'test')
+        remote_target.record_sync_info('other-id', 2, 'T-id')
+        self.assertEqual(
+            (2, 'T-id'), db._get_replica_gen_and_trans_id('other-id'))
+
+    def test_host_mismatch(self):
+        """
+        Test that SSL connections to a hostname different than the one in the
+        certificate raise CertificateError.
+
+        This test was adapted to patch Soledad's HTTPS connection custom class
+        with the intended CA certificates.
+        """
+        self.startServer()
+        self.request_state._create_database('test')
+        self.patch(soledad, 'SOLEDAD_CERT', self.cacert_pem)
+        remote_target = self.getSyncTarget('127.0.0.1', 'test')
+        self.assertRaises(
+            http_client.CertificateError, remote_target.record_sync_info,
+            'other-id', 2, 'T-id')
 
 #-----------------------------------------------------------------------------
 # The following tests come from `u1db.tests.test_http_database`.
diff --git a/src/leap/soledad/tests/u1db_tests/test_https.py b/src/leap/soledad/tests/u1db_tests/test_https.py
index 3f8797d8..b4b14722 100644
--- a/src/leap/soledad/tests/u1db_tests/test_https.py
+++ b/src/leap/soledad/tests/u1db_tests/test_https.py
@@ -6,13 +6,13 @@ import sys
 
 from paste import httpserver
 
-from leap.soledad.tests import u1db_tests as tests
-
 from u1db.remote import (
     http_client,
     http_target,
 )
 
+from leap import soledad
+from leap.soledad.tests import u1db_tests as tests
 from leap.soledad.tests.u1db_tests.test_remote_sync_target import (
     make_oauth_http_app,
 )
@@ -69,6 +69,12 @@ class TestHttpSyncTargetHttpsSupport(tests.TestCaseWithServer):
             self.skipTest("Requires pyOpenSSL")
         self.cacert_pem = os.path.join(os.path.dirname(__file__),
                                        'testing-certs', 'cacert.pem')
+        # The default u1db http_client class for doing HTTPS only does HTTPS
+        # if the platform is linux. Because of this, soledad replaces that
+        # class with one that will do HTTPS independent of the platform. In
+        # order to maintain the compatibility with u1db default tests, we undo
+        # that replacement here.
+        http_client._VerifiedHTTPSConnection = soledad.old__VerifiedHTTPSConnection
         super(TestHttpSyncTargetHttpsSupport, self).setUp()
 
     def getSyncTarget(self, host, path=None):