Ubuntu One storage protocol

Merge lp:~verterok/ubuntuone-storage-protocol/load-all-available-certs into lp:ubuntuone-storage-protocol

  1. load-all-available-certs
  2. Merge into trunk
Proposed by Guillermo Gonzalez
Status: Merged
Approved by: dobey
Approved revision: 165
Merged at revision: 164
Proposed branch: lp:~verterok/ubuntuone-storage-protocol/load-all-available-certs
Merge into: lp:ubuntuone-storage-protocol
Diff against target: 82 lines (+57/-7)
2 files modified
tests/test_context.py (+41/-0)
ubuntuone/storageprotocol/context.py (+16/-7)
To merge this branch: bzr merge lp:~verterok/ubuntuone-storage-protocol/load-all-available-certs
Reviewer Review Type Date Requested Status
dobey (community) Approve
Review via email: mp+215721@code.launchpad.net

Commit message

Fix get_certificates to load all certificates

Description of the change

Fix get_certificates to load all certificates

To post a comment you must log in.
lp:~verterok/ubuntuone-storage-protocol/load-all-available-certs updated
165. By Guillermo Gonzalez

avoid loading the same cert twice, and add test for this case.

Revision history for this message
dobey (dobey) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'tests/test_context.py'
--- tests/test_context.py 2013-05-28 14:41:29 +0000
+++ tests/test_context.py 2014-04-14 22:21:21 +0000
@@ -199,3 +199,44 @@
199 hostname="localhost")199 hostname="localhost")
200200
201 yield self.verify_context(server_context, client_context)201 yield self.verify_context(server_context, client_context)
202
203
204class CertLoadingTestCase(unittest.TestCase):
205 """Tests for the get_certificates function."""
206
207 def test_load_all_certificates(self):
208 """Load all available certificates."""
209 certs = FakeCerts(self, "localhost")
210 self.patch(context, 'get_cert_dir', lambda: certs.cert_dir)
211 # remove the key
212 os.unlink(certs.server_key_path)
213 loaded = context.get_certificates()
214 expected = []
215 for cert_file in os.listdir(certs.cert_dir):
216 if not cert_file.endswith('.pem'):
217 continue
218 with open(os.path.join(certs.cert_dir, cert_file), 'r') as fd:
219 ca_file = ssl.Certificate.loadPEM(fd.read())
220 expected.append(ca_file.original.digest("sha1"))
221
222 certs = set(cert.digest("sha1") for cert in loaded)
223 self.assertFalse(certs.difference(set(expected)))
224
225 @defer.inlineCallbacks
226 def test_use_all_certificates_and_fail(self):
227 """Use system installed certificates and fail checking self-signed."""
228 certs = FakeCerts(self, "localhost")
229 server_context = ssl.DefaultOpenSSLContextFactory(
230 certs.server_key_path, certs.server_cert_path)
231 client_context = context.get_ssl_context(no_verify=False,
232 hostname="localhost")
233 site = server.Site(FakeResource())
234 port = reactor.listenSSL(0, site, server_context)
235 self.addCleanup(port.stopListening)
236 url = "https://localhost:%d" % port.getHost().port
237 try:
238 yield client.getPage(url, contextFactory=client_context)
239 except SSL.Error:
240 return
241 else:
242 self.fail("Should fail with SSL Error.")
202243
=== modified file 'ubuntuone/storageprotocol/context.py'
--- ubuntuone/storageprotocol/context.py 2013-05-22 21:27:33 +0000
+++ ubuntuone/storageprotocol/context.py 2014-04-14 22:21:21 +0000
@@ -68,13 +68,22 @@
68def get_certificates():68def get_certificates():
69 """Get a list of certificate paths."""69 """Get a list of certificate paths."""
70 ssl_cert_location = get_cert_dir()70 ssl_cert_location = get_cert_dir()
71 ca_file = ssl.Certificate.loadPEM(file(os.path.join(ssl_cert_location,71 ca_files = []
72 'UbuntuOne-Go_Daddy_Class_2_CA.pem'), 'r').read())72 digests = set()
73 ca_file_2 = ssl.Certificate.loadPEM(file(os.path.join(ssl_cert_location,73 for fname in os.listdir(ssl_cert_location):
74 'UbuntuOne-Go_Daddy_CA.pem'), 'r').read())74 full_path = os.path.join(ssl_cert_location, fname)
75 ca_file_3 = ssl.Certificate.loadPEM(file(os.path.join(ssl_cert_location,75 if os.path.isdir(full_path) or not fname.endswith(".pem"):
76 'UbuntuOne-ValiCert_Class_2_VA.pem'), 'r').read())76 continue
77 return [ca_file.original, ca_file_2.original, ca_file_3.original]77 with open(full_path, 'r') as fd:
78 ca_file = ssl.Certificate.loadPEM(fd.read())
79 # we need to avoid adding the same cert twice as openssl
80 # doesn't like it
81 digest = ca_file.original.digest("sha1")
82 if digest in digests:
83 continue
84 digests.add(digest)
85 ca_files.append(ca_file.original)
86 return ca_files
7887
7988
80def get_ssl_context(no_verify, hostname=None):89def get_ssl_context(no_verify, hostname=None):

Subscribers

People subscribed via source and target branches