[tor-commits] [bridgedb/master] Add unittests for bridgedb.crypto.SSLVerifyingContextFactory.

isis at torproject.org isis at torproject.org
Sun Mar 16 19:04:58 UTC 2014


commit 9091a9220e05e9c2006a08b247466084150c8df4
Author: Isis Lovecruft <isis at torproject.org>
Date:   Tue Mar 4 04:58:56 2014 +0000

    Add unittests for bridgedb.crypto.SSLVerifyingContextFactory.
---
 lib/bridgedb/test/test_crypto.py |  104 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 104 insertions(+)

diff --git a/lib/bridgedb/test/test_crypto.py b/lib/bridgedb/test/test_crypto.py
index cc1ee9a..5d69a55 100644
--- a/lib/bridgedb/test/test_crypto.py
+++ b/lib/bridgedb/test/test_crypto.py
@@ -14,16 +14,38 @@
 from __future__ import print_function
 from __future__ import unicode_literals
 
+import logging
 import os
 
+import OpenSSL
+
+from twisted.internet import defer
 from twisted.trial import unittest
+from twisted.test.proto_helpers import StringTransport
+from twisted.web.test import test_agent as txtagent
+
 from bridgedb import crypto
+from bridgedb import txrecaptcha
 
 
+logging.disable(50)
+
 SEKRIT_KEY  = b'v\x16Xm\xfc\x1b}\x063\x85\xaa\xa5\xf9\xad\x18\xb2P\x93\xc6k\xf9'
 SEKRIT_KEY += b'\x8bI\xd9\xb8xw\xf5\xec\x1b\x7f\xa8'
 
 
+class DummyEndpoint(object):
+    """An endpoint that uses a fake transport."""
+
+    def connect(self, factory):
+        """Returns a connection to a
+        :api:`twisted.test.proto_helpers.StringTransport`.
+        """
+        protocol = factory.buildProtocol(None)
+        protocol.makeConnection(StringTransport())
+        return defer.succeed(protocol)
+
+
 class GetKeyTests(unittest.TestCase):
     """Tests for :func:`bridgedb.crypto.getKey`."""
 
@@ -56,3 +78,85 @@ class GetKeyTests(unittest.TestCase):
                          key (in hex): %s
                          SEKRIT_KEY (in hex): %s"""
                          % (key.encode('hex'), SEKRIT_KEY.encode('hex')))
+
+
+class SSLVerifyingContextFactoryTests(unittest.TestCase,
+                                      txtagent.FakeReactorAndConnectMixin):
+    """Tests for :class:`bridgedb.crypto.SSLVerifyingContextFactory`."""
+
+    _certificateText = (
+        "-----BEGIN CERTIFICATE-----\n"
+        "MIIEdjCCA16gAwIBAgIITcyHZlE/AhQwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
+        "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
+        "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwMjEyMTUxMTE2WhcNMTQwNjEyMDAwMDAw\n"
+        "WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
+        "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3\n"
+        "Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt3TOf\n"
+        "VOf4vfy4IROcEyiFzAJA+B3xkMccwA4anaD6VyGSFglRn5Oht3t+G0Mnu/LMuGba\n"
+        "EE6NEBEUEbH8KMlAcVRj58LoFIzulaRCdkVX7JK9R+kU05sggvIl1Q2quaWSjiMQ\n"
+        "SpyvKz1I2cmU5Gm4MfW/66M5ZJO323VrV19ydrgAtdbNnvVj85asrSyzwEBNxzNC\n"
+        "N6OQtOmTt4I7KLXqkROtTmTFvhAGBsvhG0hJZWhoP1aVsFO+KcE2OaIIxWQ4ckW7\n"
+        "BJEgYaXfgHo01LdR55aevGUqLfsdyT+GMZrG9k7eqAw4cq3ML2Y6RiyzskqoQL30\n"
+        "3OdYjKTIcU+i3BoFAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI\n"
+        "KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE\n"
+        "XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0\n"
+        "MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G\n"
+        "A1UdDgQWBBQN7uQBzGDjvKRna111g9iPPtaXVTAMBgNVHRMBAf8EAjAAMB8GA1Ud\n"
+        "IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW\n"
+        "eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB\n"
+        "RzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQBrVp/xys2ABQvWPxpVrYaXiaoBXdxu\n"
+        "RVVXp5Lyu8IipKqFJli81hOX9eqPG7biYeph9HiKnW31xsXebaVlWWL3NXOh5X83\n"
+        "wpzozL0AkxskTMHQknrbIGLtmG67H71aKYyCthHEjawLmYjjvkcF6f9fKdYENM4C\n"
+        "skz/yjtlPBQFAuT6J9w0b3qtc42sHNlpgIOdIRQc2YCD0p6jAo+wKjoRuRu3ILKj\n"
+        "oCVrOPbDMPN4a2gSmK8Ur0aHuEpcNghg6HJsVSANokIIwQ/r4niqL5yotsangP/5\n"
+        "rR97EIYKFz7C6LMy/PIe8xFTIyKMtM59IcpUDIwCLlM9JtNdwN4VpyKy\n"
+        "-----END CERTIFICATE-----\n")
+
+    def setUp(self):
+        """Create a fake reactor for these tests."""
+        self.reactor = self.Reactor()
+        self.url = 'https://www.example.com/someresource.html#andatag'
+
+    def test_getHostnameFromURL(self):
+        """``getHostnameFromURL()`` should return a hostname from a URI."""
+        agent = txrecaptcha._getAgent(self.reactor, self.url)
+        contextFactory = agent._contextFactory
+        self.assertRegexpMatches(contextFactory.hostname,
+                                 '.*www\.example\.com')
+
+    def test_verifyHostname_mismatching(self):
+        """Check that ``verifyHostname()`` returns ``False`` when the
+        ``SSLVerifyingContextFactory.hostname`` does not match the one found
+        in the level 0 certificate subject CN.
+        """
+        agent = txrecaptcha._getAgent(self.reactor, self.url)
+        contextFactory = agent._contextFactory
+        x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
+                                               self._certificateText)
+        conn = DummyEndpoint()
+        result = contextFactory.verifyHostname(conn, x509, 0, 0, True)
+        self.assertIs(result, False)
+
+    def test_verifyHostname_matching(self):
+        """Check that ``verifyHostname()`` returns ``True`` when the
+        ``SSLVerifyingContextFactory.hostname`` matches the one found in the
+        level 0 certificate subject CN.
+        """
+        hostname = 'www.google.com'
+        url = 'https://' + hostname + '/recaptcha'
+        contextFactory = crypto.SSLVerifyingContextFactory(url)
+        self.assertEqual(contextFactory.hostname, hostname)
+
+        x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
+                                               self._certificateText)
+        conn = DummyEndpoint()
+        result = contextFactory.verifyHostname(conn, x509, 0, 0, True)
+        self.assertTrue(result)
+
+    def test_getContext(self):
+        """The context factory's ``getContext()`` method should produce an
+        ``OpenSSL.SSL.Context`` object.
+        """
+        contextFactory = crypto.SSLVerifyingContextFactory(self.url)
+        self.assertIsInstance(contextFactory.getContext(),
+                              OpenSSL.SSL.Context)





More information about the tor-commits mailing list