| Sergey Shepelev | 0112eff | 2017-05-05 06:46:43 +0300 | [diff] [blame^] | 1 | '''These tests rely on replies from public internet services |
| 2 | |
| 3 | TODO: reimplement with local stubs |
| 4 | ''' |
| 5 | import httplib2 |
| 6 | import os |
| 7 | import pytest |
| 8 | import ssl |
| 9 | import sys |
| 10 | import tests |
| 11 | |
| 12 | |
| 13 | def test_get_301_via_https(): |
| 14 | # Google always redirects to http://google.com |
| 15 | http = httplib2.Http() |
| 16 | response, content = http.request('https://code.google.com/apis/', 'GET') |
| 17 | assert response.status == 200 |
| 18 | assert response.previous.status == 301 |
| 19 | |
| 20 | |
| 21 | def test_get_via_https(): |
| 22 | # Test that we can handle HTTPS |
| 23 | http = httplib2.Http() |
| 24 | response, content = http.request('https://google.com/adsense/', 'GET') |
| 25 | assert response.status == 200 |
| 26 | |
| 27 | |
| 28 | def test_get_via_https_spec_violation_on_location(): |
| 29 | # Test that we follow redirects through HTTPS |
| 30 | # even if they violate the spec by including |
| 31 | # a relative Location: header instead of an |
| 32 | # absolute one. |
| 33 | http = httplib2.Http() |
| 34 | response, content = http.request('https://google.com/adsense', 'GET') |
| 35 | assert response.status == 200 |
| 36 | assert response.previous is not None |
| 37 | |
| 38 | |
| 39 | def test_get_via_https_key_cert(): |
| 40 | # At this point I can only test |
| 41 | # that the key and cert files are passed in |
| 42 | # correctly to httplib. It would be nice to have |
| 43 | # a real https endpoint to test against. |
| 44 | http = httplib2.Http(timeout=2) |
| 45 | http.add_certificate('akeyfile', 'acertfile', 'bitworking.org') |
| 46 | try: |
| 47 | http.request('https://bitworking.org', 'GET') |
| 48 | except AttributeError: |
| 49 | assert http.connections['https:bitworking.org'].key_file == 'akeyfile' |
| 50 | assert http.connections['https:bitworking.org'].cert_file == 'acertfile' |
| 51 | except IOError: |
| 52 | # Skip on 3.2 |
| 53 | pass |
| 54 | |
| 55 | try: |
| 56 | http.request('https://notthere.bitworking.org', 'GET') |
| 57 | except httplib2.ServerNotFoundError: |
| 58 | assert http.connections['https:notthere.bitworking.org'].key_file is None |
| 59 | assert http.connections['https:notthere.bitworking.org'].cert_file is None |
| 60 | except IOError: |
| 61 | # Skip on 3.2 |
| 62 | pass |
| 63 | |
| 64 | |
| 65 | def test_ssl_invalid_ca_certs_path(): |
| 66 | # Test that we get an ssl.SSLError when specifying a non-existent CA |
| 67 | # certs file. |
| 68 | http = httplib2.Http(ca_certs='/nosuchfile') |
| 69 | with tests.assert_raises(IOError): |
| 70 | http.request('https://www.google.com/', 'GET') |
| 71 | |
| 72 | |
| 73 | @pytest.mark.xfail( |
| 74 | sys.version_info <= (3,), |
| 75 | reason='FIXME: for unknown reason Python 2.7.10 validates www.google.com against dummy CA www.example.com', |
| 76 | ) |
| 77 | def test_ssl_wrong_ca(): |
| 78 | # Test that we get a SSLHandshakeError if we try to access |
| 79 | # https://www.google.com, using a CA cert file that doesn't contain |
| 80 | # the CA Google uses (i.e., simulating a cert that's not signed by a |
| 81 | # trusted CA). |
| 82 | other_ca_certs = os.path.join( |
| 83 | os.path.dirname(os.path.abspath(httplib2.__file__)), |
| 84 | 'test', 'other_cacerts.txt') |
| 85 | assert os.path.exists(other_ca_certs) |
| 86 | http = httplib2.Http(ca_certs=other_ca_certs) |
| 87 | http.follow_redirects = False |
| 88 | with tests.assert_raises(ssl.SSLError): |
| 89 | http.request('https://www.google.com/', 'GET') |
| 90 | |
| 91 | |
| 92 | def test_sni_hostname_validation(): |
| 93 | # TODO: make explicit test server with SNI validation |
| 94 | http = httplib2.Http() |
| 95 | http.request('https://google.com/', method='GET') |