2017-02-15 20:17:07 +00:00
|
|
|
import pytest
|
|
|
|
|
|
|
|
from mock import patch
|
|
|
|
from tempfile import NamedTemporaryFile
|
|
|
|
|
2018-05-29 17:50:51 +00:00
|
|
|
from util.config.validator import ValidatorContext
|
2017-02-15 20:17:07 +00:00
|
|
|
from util.config.validators import ConfigValidationException
|
|
|
|
from util.config.validators.validate_ssl import SSLValidator, SSL_FILENAMES
|
|
|
|
from test.test_ssl_util import generate_test_cert
|
|
|
|
|
2017-04-24 18:52:30 +00:00
|
|
|
from test.fixtures import *
|
2018-05-29 17:50:51 +00:00
|
|
|
from app import config_provider
|
2017-04-24 18:52:30 +00:00
|
|
|
|
2017-02-15 20:17:07 +00:00
|
|
|
@pytest.mark.parametrize('unvalidated_config', [
|
|
|
|
({}),
|
|
|
|
({'PREFERRED_URL_SCHEME': 'http'}),
|
|
|
|
({'PREFERRED_URL_SCHEME': 'https', 'EXTERNAL_TLS_TERMINATION': True}),
|
|
|
|
])
|
2017-04-24 18:52:30 +00:00
|
|
|
def test_skip_validate_ssl(unvalidated_config, app):
|
2017-02-15 20:17:07 +00:00
|
|
|
validator = SSLValidator()
|
2018-05-29 17:50:51 +00:00
|
|
|
validator.validate(ValidatorContext(unvalidated_config))
|
2017-02-15 20:17:07 +00:00
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.parametrize('cert, expected_error, error_message', [
|
|
|
|
('invalidcert', ConfigValidationException, 'Could not load SSL certificate: no start line'),
|
|
|
|
(generate_test_cert(hostname='someserver'), None, None),
|
|
|
|
(generate_test_cert(hostname='invalidserver'), ConfigValidationException,
|
|
|
|
'Supported names "invalidserver" in SSL cert do not match server hostname "someserver"'),
|
|
|
|
])
|
2017-04-24 18:52:30 +00:00
|
|
|
def test_validate_ssl(cert, expected_error, error_message, app):
|
2017-02-15 20:17:07 +00:00
|
|
|
with NamedTemporaryFile(delete=False) as cert_file:
|
|
|
|
cert_file.write(cert[0])
|
|
|
|
cert_file.seek(0)
|
|
|
|
|
|
|
|
with NamedTemporaryFile(delete=False) as key_file:
|
|
|
|
key_file.write(cert[1])
|
|
|
|
key_file.seek(0)
|
|
|
|
|
|
|
|
def return_true(filename):
|
|
|
|
return True
|
|
|
|
|
|
|
|
def get_volume_file(filename):
|
|
|
|
if filename == SSL_FILENAMES[0]:
|
|
|
|
return open(cert_file.name)
|
|
|
|
|
|
|
|
if filename == SSL_FILENAMES[1]:
|
|
|
|
return open(key_file.name)
|
|
|
|
|
|
|
|
return None
|
|
|
|
|
|
|
|
config = {
|
|
|
|
'PREFERRED_URL_SCHEME': 'https',
|
|
|
|
'SERVER_HOSTNAME': 'someserver',
|
|
|
|
}
|
|
|
|
|
|
|
|
with patch('app.config_provider.volume_file_exists', return_true):
|
|
|
|
with patch('app.config_provider.get_volume_file', get_volume_file):
|
|
|
|
validator = SSLValidator()
|
2018-05-29 17:50:51 +00:00
|
|
|
config = ValidatorContext(config)
|
|
|
|
config.config_provider = config_provider
|
2017-02-15 20:17:07 +00:00
|
|
|
|
|
|
|
if expected_error is not None:
|
|
|
|
with pytest.raises(expected_error) as ipe:
|
2018-05-29 17:50:51 +00:00
|
|
|
validator.validate(config)
|
2017-02-15 20:17:07 +00:00
|
|
|
|
|
|
|
assert ipe.value.message == error_message
|
|
|
|
else:
|
2018-05-29 17:50:51 +00:00
|
|
|
validator.validate(config)
|