~bzr-pqm/bzr/bzr.dev

« back to all changes in this revision

Viewing changes to bzrlib/tests/test_https_urllib.py

  • Committer: Patch Queue Manager
  • Date: 2016-01-31 13:36:59 UTC
  • mfrom: (6613.1.5 1538480-match-hostname)
  • Revision ID: pqm@pqm.ubuntu.com-20160131133659-ouy92ee2wlv9xz8m
(vila) Use ssl.match_hostname instead of our own. (Vincent Ladeuil)

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
# Copyright (C) 2011,2012 Canonical Ltd
 
1
# Copyright (C) 2011, 2012, 2013, 2016 Canonical Ltd
2
2
#
3
3
# This program is free software; you can redistribute it and/or modify
4
4
# it under the terms of the GNU General Public License as published by
19
19
"""
20
20
 
21
21
import os
22
 
import ssl
 
22
import sys
23
23
 
24
24
from bzrlib import (
25
25
    config,
26
26
    trace,
27
 
    )
 
27
)
28
28
from bzrlib.errors import (
29
 
    CertificateError,
30
29
    ConfigOptionValueError,
31
 
    )
32
 
from bzrlib.tests import (
33
 
    TestCase,
34
 
    TestCaseInTempDir,
35
 
    )
 
30
)
 
31
from bzrlib import tests
36
32
from bzrlib.transport.http import _urllib2_wrappers
37
 
 
38
 
 
39
 
class CaCertsConfigTests(TestCaseInTempDir):
 
33
from bzrlib.transport.http._urllib2_wrappers import ssl
 
34
 
 
35
 
 
36
class CaCertsConfigTests(tests.TestCaseInTempDir):
40
37
 
41
38
    def get_stack(self, content):
42
39
        return config.MemoryStack(content.encode('utf-8'))
58
55
        self.overrideAttr(_urllib2_wrappers.opt_ssl_ca_certs, 'default',
59
56
                          os.path.join(self.test_dir, u"nonexisting.pem"))
60
57
        self.warnings = []
 
58
 
61
59
        def warning(*args):
62
60
            self.warnings.append(args[0] % args[1:])
63
61
        self.overrideAttr(trace, 'warning', warning)
67
65
                              "is not valid for \"ssl.ca_certs\"")
68
66
 
69
67
 
70
 
class CertReqsConfigTests(TestCaseInTempDir):
 
68
class CertReqsConfigTests(tests.TestCaseInTempDir):
71
69
 
72
70
    def test_default(self):
73
71
        stack = config.MemoryStack("")
82
80
        self.assertRaises(ConfigOptionValueError, stack.get, "ssl.cert_reqs")
83
81
 
84
82
 
85
 
class MatchHostnameTests(TestCase):
 
83
class MatchHostnameTests(tests.TestCase):
 
84
 
 
85
    def setUp(self):
 
86
        super(MatchHostnameTests, self).setUp()
 
87
        if sys.version_info < (2, 7, 9):
 
88
            raise tests.TestSkipped(
 
89
                'python version too old to provide proper'
 
90
                ' https hostname verification')
86
91
 
87
92
    def test_no_certificate(self):
88
93
        self.assertRaises(ValueError,
89
 
                          _urllib2_wrappers.match_hostname, {}, "example.com")
 
94
                          ssl.match_hostname, {}, "example.com")
90
95
 
91
96
    def test_wildcards_in_cert(self):
92
97
        def ok(cert, hostname):
93
 
            _urllib2_wrappers.match_hostname(cert, hostname)
 
98
            ssl.match_hostname(cert, hostname)
 
99
 
 
100
        def not_ok(cert, hostname):
 
101
            self.assertRaises(
 
102
                ssl.CertificateError,
 
103
                ssl.match_hostname, cert, hostname)
94
104
 
95
105
        # Python Issue #17980: avoid denials of service by refusing more than
96
106
        # one wildcard per fragment.
97
 
        cert = {'subject': ((('commonName', 'a*b.com'),),)}
98
 
        ok(cert, 'axxb.com')
99
 
        cert = {'subject': ((('commonName', 'a*b.co*'),),)}
100
 
        ok(cert, 'axxb.com')
101
 
        cert = {'subject': ((('commonName', 'a*b*.com'),),)}
102
 
        try:
103
 
            _urllib2_wrappers.match_hostname(cert, 'axxbxxc.com')
104
 
        except ValueError as e:
105
 
            self.assertIn("too many wildcards", str(e))
 
107
        ok({'subject': ((('commonName', 'a*b.com'),),)}, 'axxb.com')
 
108
        not_ok({'subject': ((('commonName', 'a*b.co*'),),)}, 'axxb.com')
 
109
        not_ok({'subject': ((('commonName', 'a*b*.com'),),)}, 'axxbxxc.com')
106
110
 
107
111
    def test_no_valid_attributes(self):
108
 
        self.assertRaises(CertificateError, _urllib2_wrappers.match_hostname,
 
112
        self.assertRaises(ssl.CertificateError, ssl.match_hostname,
109
113
                          {"Problem": "Solved"}, "example.com")
110
114
 
111
115
    def test_common_name(self):
112
116
        cert = {'subject': ((('commonName', 'example.com'),),)}
113
117
        self.assertIs(None,
114
 
                      _urllib2_wrappers.match_hostname(cert, "example.com"))
115
 
        self.assertRaises(CertificateError, _urllib2_wrappers.match_hostname,
 
118
                      ssl.match_hostname(cert, "example.com"))
 
119
        self.assertRaises(ssl.CertificateError, ssl.match_hostname,
116
120
                          cert, "example.org")