[tor-commits] [bridgedb/develop] Add unittests for bridgedb.crypto.SSLVerifyingContextFactory.
isis at torproject.org
isis at torproject.org
Sun Mar 16 16:38:46 UTC 2014
commit 9091a9220e05e9c2006a08b247466084150c8df4
Author: Isis Lovecruft <isis at torproject.org>
Date: Tue Mar 4 04:58:56 2014 +0000
Add unittests for bridgedb.crypto.SSLVerifyingContextFactory.
---
lib/bridgedb/test/test_crypto.py | 104 ++++++++++++++++++++++++++++++++++++++
1 file changed, 104 insertions(+)
diff --git a/lib/bridgedb/test/test_crypto.py b/lib/bridgedb/test/test_crypto.py
index cc1ee9a..5d69a55 100644
--- a/lib/bridgedb/test/test_crypto.py
+++ b/lib/bridgedb/test/test_crypto.py
@@ -14,16 +14,38 @@
from __future__ import print_function
from __future__ import unicode_literals
+import logging
import os
+import OpenSSL
+
+from twisted.internet import defer
from twisted.trial import unittest
+from twisted.test.proto_helpers import StringTransport
+from twisted.web.test import test_agent as txtagent
+
from bridgedb import crypto
+from bridgedb import txrecaptcha
+logging.disable(50)
+
SEKRIT_KEY = b'v\x16Xm\xfc\x1b}\x063\x85\xaa\xa5\xf9\xad\x18\xb2P\x93\xc6k\xf9'
SEKRIT_KEY += b'\x8bI\xd9\xb8xw\xf5\xec\x1b\x7f\xa8'
+class DummyEndpoint(object):
+ """An endpoint that uses a fake transport."""
+
+ def connect(self, factory):
+ """Returns a connection to a
+ :api:`twisted.test.proto_helpers.StringTransport`.
+ """
+ protocol = factory.buildProtocol(None)
+ protocol.makeConnection(StringTransport())
+ return defer.succeed(protocol)
+
+
class GetKeyTests(unittest.TestCase):
"""Tests for :func:`bridgedb.crypto.getKey`."""
@@ -56,3 +78,85 @@ class GetKeyTests(unittest.TestCase):
key (in hex): %s
SEKRIT_KEY (in hex): %s"""
% (key.encode('hex'), SEKRIT_KEY.encode('hex')))
+
+
+class SSLVerifyingContextFactoryTests(unittest.TestCase,
+ txtagent.FakeReactorAndConnectMixin):
+ """Tests for :class:`bridgedb.crypto.SSLVerifyingContextFactory`."""
+
+ _certificateText = (
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIEdjCCA16gAwIBAgIITcyHZlE/AhQwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
+ "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
+ "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwMjEyMTUxMTE2WhcNMTQwNjEyMDAwMDAw\n"
+ "WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
+ "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3\n"
+ "Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt3TOf\n"
+ "VOf4vfy4IROcEyiFzAJA+B3xkMccwA4anaD6VyGSFglRn5Oht3t+G0Mnu/LMuGba\n"
+ "EE6NEBEUEbH8KMlAcVRj58LoFIzulaRCdkVX7JK9R+kU05sggvIl1Q2quaWSjiMQ\n"
+ "SpyvKz1I2cmU5Gm4MfW/66M5ZJO323VrV19ydrgAtdbNnvVj85asrSyzwEBNxzNC\n"
+ "N6OQtOmTt4I7KLXqkROtTmTFvhAGBsvhG0hJZWhoP1aVsFO+KcE2OaIIxWQ4ckW7\n"
+ "BJEgYaXfgHo01LdR55aevGUqLfsdyT+GMZrG9k7eqAw4cq3ML2Y6RiyzskqoQL30\n"
+ "3OdYjKTIcU+i3BoFAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI\n"
+ "KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE\n"
+ "XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0\n"
+ "MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G\n"
+ "A1UdDgQWBBQN7uQBzGDjvKRna111g9iPPtaXVTAMBgNVHRMBAf8EAjAAMB8GA1Ud\n"
+ "IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW\n"
+ "eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB\n"
+ "RzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQBrVp/xys2ABQvWPxpVrYaXiaoBXdxu\n"
+ "RVVXp5Lyu8IipKqFJli81hOX9eqPG7biYeph9HiKnW31xsXebaVlWWL3NXOh5X83\n"
+ "wpzozL0AkxskTMHQknrbIGLtmG67H71aKYyCthHEjawLmYjjvkcF6f9fKdYENM4C\n"
+ "skz/yjtlPBQFAuT6J9w0b3qtc42sHNlpgIOdIRQc2YCD0p6jAo+wKjoRuRu3ILKj\n"
+ "oCVrOPbDMPN4a2gSmK8Ur0aHuEpcNghg6HJsVSANokIIwQ/r4niqL5yotsangP/5\n"
+ "rR97EIYKFz7C6LMy/PIe8xFTIyKMtM59IcpUDIwCLlM9JtNdwN4VpyKy\n"
+ "-----END CERTIFICATE-----\n")
+
+ def setUp(self):
+ """Create a fake reactor for these tests."""
+ self.reactor = self.Reactor()
+ self.url = 'https://www.example.com/someresource.html#andatag'
+
+ def test_getHostnameFromURL(self):
+ """``getHostnameFromURL()`` should return a hostname from a URI."""
+ agent = txrecaptcha._getAgent(self.reactor, self.url)
+ contextFactory = agent._contextFactory
+ self.assertRegexpMatches(contextFactory.hostname,
+ '.*www\.example\.com')
+
+ def test_verifyHostname_mismatching(self):
+ """Check that ``verifyHostname()`` returns ``False`` when the
+ ``SSLVerifyingContextFactory.hostname`` does not match the one found
+ in the level 0 certificate subject CN.
+ """
+ agent = txrecaptcha._getAgent(self.reactor, self.url)
+ contextFactory = agent._contextFactory
+ x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
+ self._certificateText)
+ conn = DummyEndpoint()
+ result = contextFactory.verifyHostname(conn, x509, 0, 0, True)
+ self.assertIs(result, False)
+
+ def test_verifyHostname_matching(self):
+ """Check that ``verifyHostname()`` returns ``True`` when the
+ ``SSLVerifyingContextFactory.hostname`` matches the one found in the
+ level 0 certificate subject CN.
+ """
+ hostname = 'www.google.com'
+ url = 'https://' + hostname + '/recaptcha'
+ contextFactory = crypto.SSLVerifyingContextFactory(url)
+ self.assertEqual(contextFactory.hostname, hostname)
+
+ x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
+ self._certificateText)
+ conn = DummyEndpoint()
+ result = contextFactory.verifyHostname(conn, x509, 0, 0, True)
+ self.assertTrue(result)
+
+ def test_getContext(self):
+ """The context factory's ``getContext()`` method should produce an
+ ``OpenSSL.SSL.Context`` object.
+ """
+ contextFactory = crypto.SSLVerifyingContextFactory(self.url)
+ self.assertIsInstance(contextFactory.getContext(),
+ OpenSSL.SSL.Context)
More information about the tor-commits
mailing list