ndg.httpsclient.test.test

1 """unit tests module for ndg.httpsclient.https.HTTPSconnection class 2 3 PyOpenSSL utility to make a httplib-like interface suitable for use with 4 urllib2 5 """ 6 __author__ = "P J Kershaw (STFC)" 7 __date__ = "06/01/12" 8 __copyright__ = "(C) 2012 Science and Technology Facilities Council" 9 __license__ = "BSD - see LICENSE file in top-level directory" 10 __contact__ = "Philip.Kershaw@stfc.ac.uk" 11 __revision__ = '$Id$' 12 import logging 13 logging.basicConfig(level=logging.DEBUG) 14 log = logging.getLogger(__name__) 15 import unittest 16 import socket 17 18 from OpenSSL import SSL 19 20 from ndg.httpsclient.test import Constants 21 from ndg.httpsclient.https import HTTPSConnection 22 from ndg.httpsclient.ssl_peer_verification import ServerSSLCertVerification 23 24

25 -class TestHTTPSConnection(unittest.TestCase):

26 '''Test ndg HTTPS client HTTPSConnection class''' 27

28 - def test01_open(self):

29 conn = HTTPSConnection(Constants.HOSTNAME, port=Constants.PORT) 30 conn.connect() 31 conn.request('GET', '/') 32 resp = conn.getresponse() 33 print('Response = %s' % resp.read()) 34 conn.close()

35

36 - def test02_open_fails(self):

37 conn = HTTPSConnection(Constants.HOSTNAME, port=Constants.PORT2) 38 self.failUnlessRaises(socket.error, conn.connect)

39

40 - def test03_ssl_verification_of_peer_fails(self):

41 ctx = SSL.Context(SSL.SSLv3_METHOD) 42 43 def verify_callback(conn, x509, errnum, errdepth, preverify_ok): 44 log.debug('SSL peer certificate verification failed for %r', 45 x509.get_subject()) 46 return preverify_ok

47 48 ctx.set_verify(SSL.VERIFY_PEER, verify_callback) 49 ctx.set_verify_depth(9) 50 51 # Set bad location - unit test dir has no CA certs to verify with 52 ctx.load_verify_locations(None, Constants.UNITTEST_DIR) 53 54 conn = HTTPSConnection(Constants.HOSTNAME, port=Constants.PORT, 55 ssl_context=ctx) 56 conn.connect() 57 self.failUnlessRaises(SSL.Error, conn.request, 'GET', '/')

58

59 - def test03_ssl_verification_of_peer_succeeds(self):

60 ctx = SSL.Context(SSL.SSLv3_METHOD) 61 62 verify_callback = lambda conn, x509, errnum, errdepth, preverify_ok: \ 63 preverify_ok 64 65 ctx.set_verify(SSL.VERIFY_PEER, verify_callback) 66 ctx.set_verify_depth(9) 67 68 # Set correct location for CA certs to verify with 69 ctx.load_verify_locations(None, Constants.CACERT_DIR) 70 71 conn = HTTPSConnection(Constants.HOSTNAME, port=Constants.PORT, 72 ssl_context=ctx) 73 conn.connect() 74 conn.request('GET', '/') 75 resp = conn.getresponse() 76 print('Response = %s' % resp.read())

77

78 - def test04_ssl_verification_with_subj_alt_name(self):

79 ctx = SSL.Context(SSL.SSLv3_METHOD) 80 81 verify_callback = ServerSSLCertVerification(hostname='localhost') 82 83 ctx.set_verify(SSL.VERIFY_PEER, verify_callback) 84 ctx.set_verify_depth(9) 85 86 # Set correct location for CA certs to verify with 87 ctx.load_verify_locations(None, Constants.CACERT_DIR) 88 89 conn = HTTPSConnection(Constants.HOSTNAME, port=Constants.PORT, 90 ssl_context=ctx) 91 conn.connect() 92 conn.request('GET', '/') 93 resp = conn.getresponse() 94 print('Response = %s' % resp.read())

95

96 - def test04_ssl_verification_with_subj_common_name(self):

97 ctx = SSL.Context(SSL.SSLv3_METHOD) 98 99 # Explicitly set verification of peer hostname using peer certificate 100 # subject common name 101 verify_callback = ServerSSLCertVerification(hostname='localhost', 102 subj_alt_name_match=False) 103 104 ctx.set_verify(SSL.VERIFY_PEER, verify_callback) 105 ctx.set_verify_depth(9) 106 107 # Set correct location for CA certs to verify with 108 ctx.load_verify_locations(None, Constants.CACERT_DIR) 109 110 conn = HTTPSConnection(Constants.HOSTNAME, port=Constants.PORT, 111 ssl_context=ctx) 112 conn.connect() 113 conn.request('GET', '/') 114 resp = conn.getresponse() 115 print('Response = %s' % resp.read())

116 117 118 if __name__ == "__main__": 119 unittest.main() 120

Source Code for Module ndg.httpsclient.test.test_https