From 85fa4c91448e36658679cbac982ee00b18f95daa Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 13 May 2013 18:12:53 -0300 Subject: Refactor ssl monkey patching and fix https tests. --- src/leap/soledad/tests/test_leap_backend.py | 75 ++++++++++++++++--------- src/leap/soledad/tests/u1db_tests/test_https.py | 10 +++- 2 files changed, 58 insertions(+), 27 deletions(-) (limited to 'src/leap/soledad/tests') diff --git a/src/leap/soledad/tests/test_leap_backend.py b/src/leap/soledad/tests/test_leap_backend.py index b58a5473..dbebadb5 100644 --- a/src/leap/soledad/tests/test_leap_backend.py +++ b/src/leap/soledad/tests/test_leap_backend.py @@ -22,6 +22,7 @@ Test Leap backend bits. import u1db import os +import ssl try: import simplejson as json except ImportError: @@ -35,7 +36,7 @@ from u1db.remote import ( http_target, ) - +from leap import soledad from leap.soledad.backends import leap_backend from leap.soledad.server import ( SoledadApp, @@ -509,39 +510,63 @@ class TestLeapSyncTarget( # The following tests come from `u1db.tests.test_https`. #----------------------------------------------------------------------------- -def oauth_https_sync_target(test, host, path): - _, port = test.server.server_address - st = leap_backend.LeapSyncTarget( - 'https://%s:%d/~/%s' % (host, port, path), - crypto=test._soledad._crypto) - st.set_oauth_credentials(tests.consumer1.key, tests.consumer1.secret, - tests.token1.key, tests.token1.secret) - return st - def token_leap_https_sync_target(test, host, path): _, port = test.server.server_address st = leap_backend.LeapSyncTarget( - 'https://%s:%d/~/%s' % (host, port, path), + 'https://%s:%d/%s' % (host, port, path), crypto=test._soledad._crypto) st.set_token_credentials('user-uuid', 'auth-token') return st -#class TestLeapSyncTargetHttpsSupport(test_https.TestHttpSyncTargetHttpsSupport, -# BaseSoledadTest): -# -# scenarios = [ -# ('oauth_https', {'server_def': test_https.https_server_def, -# 'make_app_with_state': make_oauth_http_app, -# 'make_document_for_test': make_leap_document_for_test, -# 'sync_target': oauth_https_sync_target, -# }), -# ('token_soledad_https', {'server_def': test_https.https_server_def, -# 'make_app_with_state': make_token_soledad_app, -# 'make_document_for_test': make_leap_document_for_test, -# 'sync_target': token_leap_https_sync_target}), -# ] +class TestLeapSyncTargetHttpsSupport(test_https.TestHttpSyncTargetHttpsSupport, + BaseSoledadTest): + + scenarios = [ + ('token_soledad_https', {'server_def': test_https.https_server_def, + 'make_app_with_state': make_token_soledad_app, + 'make_document_for_test': make_leap_document_for_test, + 'sync_target': token_leap_https_sync_target}), + ] + def setUp(self): + # the parent constructor undoes our SSL monkey patch to ensure tests + # run smoothly with standard u1db. + test_https.TestHttpSyncTargetHttpsSupport.setUp(self) + # so here monkey patch again to test our functionality. + http_client._VerifiedHTTPSConnection = soledad.VerifiedHTTPSConnection + soledad.SOLEDAD_CERT = http_client.CA_CERTS + + def test_working(self): + """ + Test that SSL connections work well. + + This test was adapted to patch Soledad's HTTPS connection custom class + with the intended CA certificates. + """ + self.startServer() + db = self.request_state._create_database('test') + self.patch(soledad, 'SOLEDAD_CERT', self.cacert_pem) + remote_target = self.getSyncTarget('localhost', 'test') + remote_target.record_sync_info('other-id', 2, 'T-id') + self.assertEqual( + (2, 'T-id'), db._get_replica_gen_and_trans_id('other-id')) + + def test_host_mismatch(self): + """ + Test that SSL connections to a hostname different than the one in the + certificate raise CertificateError. + + This test was adapted to patch Soledad's HTTPS connection custom class + with the intended CA certificates. + """ + self.startServer() + self.request_state._create_database('test') + self.patch(soledad, 'SOLEDAD_CERT', self.cacert_pem) + remote_target = self.getSyncTarget('127.0.0.1', 'test') + self.assertRaises( + http_client.CertificateError, remote_target.record_sync_info, + 'other-id', 2, 'T-id') #----------------------------------------------------------------------------- # The following tests come from `u1db.tests.test_http_database`. diff --git a/src/leap/soledad/tests/u1db_tests/test_https.py b/src/leap/soledad/tests/u1db_tests/test_https.py index 3f8797d8..b4b14722 100644 --- a/src/leap/soledad/tests/u1db_tests/test_https.py +++ b/src/leap/soledad/tests/u1db_tests/test_https.py @@ -6,13 +6,13 @@ import sys from paste import httpserver -from leap.soledad.tests import u1db_tests as tests - from u1db.remote import ( http_client, http_target, ) +from leap import soledad +from leap.soledad.tests import u1db_tests as tests from leap.soledad.tests.u1db_tests.test_remote_sync_target import ( make_oauth_http_app, ) @@ -69,6 +69,12 @@ class TestHttpSyncTargetHttpsSupport(tests.TestCaseWithServer): self.skipTest("Requires pyOpenSSL") self.cacert_pem = os.path.join(os.path.dirname(__file__), 'testing-certs', 'cacert.pem') + # The default u1db http_client class for doing HTTPS only does HTTPS + # if the platform is linux. Because of this, soledad replaces that + # class with one that will do HTTPS independent of the platform. In + # order to maintain the compatibility with u1db default tests, we undo + # that replacement here. + http_client._VerifiedHTTPSConnection = soledad.old__VerifiedHTTPSConnection super(TestHttpSyncTargetHttpsSupport, self).setUp() def getSyncTarget(self, host, path=None): -- cgit v1.2.3