Ubuntu One storage protocol

 === modified file 'tests/test_context.py'
 --- tests/test_context.py	2013-05-28 14:41:29 +0000
 +++ tests/test_context.py	2014-04-14 22:21:21 +0000
@@ -199,3 +199,44 @@
                                                   hostname="localhost")
          yield self.verify_context(server_context, client_context)
++
++
++class CertLoadingTestCase(unittest.TestCase):
++    """Tests for the get_certificates function."""
++
++    def test_load_all_certificates(self):
++        """Load all available certificates."""
++        certs = FakeCerts(self, "localhost")
++        self.patch(context, 'get_cert_dir', lambda: certs.cert_dir)
++        # remove the key
++        os.unlink(certs.server_key_path)
++        loaded = context.get_certificates()
++        expected = []
++        for cert_file in os.listdir(certs.cert_dir):
++            if not cert_file.endswith('.pem'):
++                continue
++            with open(os.path.join(certs.cert_dir, cert_file), 'r') as fd:
++                ca_file = ssl.Certificate.loadPEM(fd.read())
++                expected.append(ca_file.original.digest("sha1"))
++
++        certs = set(cert.digest("sha1") for cert in loaded)
++        self.assertFalse(certs.difference(set(expected)))
++
++    @defer.inlineCallbacks
++    def test_use_all_certificates_and_fail(self):
++        """Use system installed certificates and fail checking self-signed."""
++        certs = FakeCerts(self, "localhost")
++        server_context = ssl.DefaultOpenSSLContextFactory(
++            certs.server_key_path, certs.server_cert_path)
++        client_context = context.get_ssl_context(no_verify=False,
++                                                 hostname="localhost")
++        site = server.Site(FakeResource())
++        port = reactor.listenSSL(0, site, server_context)
++        self.addCleanup(port.stopListening)
++        url = "https://localhost:%d" % port.getHost().port
++        try:
++            yield client.getPage(url, contextFactory=client_context)
++        except SSL.Error:
++            return
++        else:
++            self.fail("Should fail with SSL Error.")
 === modified file 'ubuntuone/storageprotocol/context.py'
 --- ubuntuone/storageprotocol/context.py	2013-05-22 21:27:33 +0000
 +++ ubuntuone/storageprotocol/context.py	2014-04-14 22:21:21 +0000
@@ -68,13 +68,22 @@
  def get_certificates():
      """Get a list of certificate paths."""
      ssl_cert_location = get_cert_dir()
--    ca_file = ssl.Certificate.loadPEM(file(os.path.join(ssl_cert_location,
--                     'UbuntuOne-Go_Daddy_Class_2_CA.pem'), 'r').read())
--    ca_file_2 = ssl.Certificate.loadPEM(file(os.path.join(ssl_cert_location,
--                    'UbuntuOne-Go_Daddy_CA.pem'), 'r').read())
--    ca_file_3 = ssl.Certificate.loadPEM(file(os.path.join(ssl_cert_location,
--                    'UbuntuOne-ValiCert_Class_2_VA.pem'), 'r').read())
--    return [ca_file.original, ca_file_2.original, ca_file_3.original]
++    ca_files = []
++    digests = set()
++    for fname in os.listdir(ssl_cert_location):
++        full_path = os.path.join(ssl_cert_location, fname)
++        if os.path.isdir(full_path) or not fname.endswith(".pem"):
++            continue
++        with open(full_path, 'r') as fd:
++            ca_file = ssl.Certificate.loadPEM(fd.read())
++            # we need to avoid adding the same cert twice as openssl
++            # doesn't like it
++            digest = ca_file.original.digest("sha1")
++            if digest in digests:
++                continue
++            digests.add(digest)
++            ca_files.append(ca_file.original)
++    return ca_files
  def get_ssl_context(no_verify, hostname=None):