Ubuntu One Client

Merge lp:~alecu/ubuntuone-client/proxy-tunnel-server into lp:ubuntuone-client

proxy-tunnel-server
Merge into trunk

Proposed by Alejandro J. Cura on 2012-02-28

Status:

Merged

Approved by:

Natalia Bidart on 2012-03-08

Approved revision:

1211

Merged at revision:

1202

Proposed branch:

lp:~alecu/ubuntuone-client/proxy-tunnel-server

Merge into:

lp:ubuntuone-client

Diff against target:

953 lines (+899/-1)

9 files modified

Makefile.am (+2/-1)
tests/proxy/__init__.py (+148/-0)
tests/proxy/ssl/dummy.cert (+19/-0)
tests/proxy/ssl/dummy.key (+16/-0)
tests/proxy/test_tunnel_server.py (+351/-0)
ubuntuone/proxy/__init__.py (+14/-0)
ubuntuone/proxy/common.py (+59/-0)
ubuntuone/proxy/logger.py (+37/-0)
ubuntuone/proxy/tunnel_server.py (+253/-0)

To merge this branch:

bzr merge lp:~alecu/ubuntuone-client/proxy-tunnel-server

High

Fix Released

Link a bug report

Reviewer	Date Requested	Status
Natalia Bidart (community)	2012-02-28	Approve on 2012-03-08
Manuel de la Peña (community)	2012-02-28	Approve on 2012-03-07
Review via email: mp+95075@code.launchpad.net

Commit message

- The infrastructure for a QtNetwork based process to tunnel syncdaemon traffic thru proxies. (LP: #929207)

Description of the change

- The infrastructure for a QtNetwork based process to tunnel syncdaemon traffic thru proxies. (LP: #929207)

Revision history for this message

Manuel de la Peña (mandel) wrote on 2012-03-01:

I dont think that the following code is correct:

787 + else:
788 + return QNetworkProxy(QNetworkProxy.HttpProxy,
789 + hostName=settings.get("host", ""),
790 + port=settings.get("port", 0),
791 + user=settings.get("username", ""),
792 + password=settings.get("password", ""))

The use of "" for the username and password will give problems when dealing with the auth proxies because the first attempt would be to use them and therefore you will get a 401 instead of a 407.

505 +
506 + def test_stop_but_never_connected(self):
507 + """Stop but it was never connected."""
508 + fake_protocol = FakeServerTunnelProtocol()
509 + client = tunnel_server.RemoteSocket(fake_protocol)
510 + yield client.stop()

There is a missing decorator in the test.

review: Needs Fixing

Revision history for this message

Alejandro J. Cura (alecu) wrote on 2012-03-01:

> I dont think that the following code is correct:
>
> 787 + else:
> 788 + return QNetworkProxy(QNetworkProxy.HttpProxy,
> 789 + hostName=settings.get("host", ""),
> 790 + port=settings.get("port", 0),
> 791 + user=settings.get("username", ""),
> 792 + password=settings.get("password", ""))
>
> The use of "" for the username and password will give problems when dealing
> with the auth proxies because the first attempt would be to use them and
> therefore you will get a 401 instead of a 407.

Those values are only used when the "settings" dictionary has no key with the given name.
And I'm using empty strings because that's what QNetworkProxy uses if no parameter is given:
* https://qt-project.org/doc/qt-4.8/qnetworkproxy.html#QNetworkProxy-2

Since the current version of the tunnel is not getting the authentication, I think it's safe to use it like this. Perhaps we can add a comment or a TODO for it, and we can fix it in an upcoming branch to add authentication.

> 506 + def test_stop_but_never_connected(self):
> 507 + """Stop but it was never connected."""
> 508 + fake_protocol = FakeServerTunnelProtocol()
> 509 + client = tunnel_server.RemoteSocket(fake_protocol)
> 510 + yield client.stop()
>
> There is a missing decorator in the test.

Great catch! Thanks, I'm fixing it too.

lp:~alecu/ubuntuone-client/proxy-tunnel-server updated on 2012-03-06

1208. By Alejandro J. Cura on 2012-03-01: fixes requested on the review
1209. By Alejandro J. Cura on 2012-03-02: Use a QTimer to work around flaky signals
1210. By Alejandro J. Cura on 2012-03-06: merged with trunk

Revision history for this message

Manuel de la Peña (mandel) wrote on 2012-03-07:

I see no more issues.

review: Approve

Revision history for this message

Natalia Bidart (nataliabidart) wrote on 2012-03-07:

* Can't we re-use teh code from ubuntu-sso-client instead of defnining:

+def build_proxy(settings):

* Most of our projects and source file use this syntax for file encoding:

# -*- coding: utf8 -*-

would you consider using that form?

* There should be spaces around the % in "HTTP/1.0 %d %s"%(code, description)

The branch looks good!

review: Needs Fixing

Revision history for this message

Alejandro J. Cura (alecu) wrote on 2012-03-07:

> * Can't we re-use teh code from ubuntu-sso-client instead of defnining:
>
> +def build_proxy(settings):
>
> ?

The bits of code that build the QNetworkProxy instance and configure the proxy settings in ussoc are currently in flux, because mandel is changing it to use a QNetworkProxyFactory and to query the proxy settings on each request. As soon as mandel's branch for ussoc lands we should be able to create a different branch to make u1-client use those bits from syncdaemon, so I think it makes sense to keep this branch as is, and refactor later.

> * Most of our projects and source file use this syntax for file encoding:
>
> # -*- coding: utf8 -*-
>
> would you consider using that form?

Sure, fixing that.

> * There should be spaces around the % in "HTTP/1.0 %d %s"%(code, description)

Fixing that too.

thanks for the review!

lp:~alecu/ubuntuone-client/proxy-tunnel-server updated on 2012-03-07

1211. By Alejandro J. Cura on 2012-03-07: fixes requested in review

Revision history for this message

Natalia Bidart (nataliabidart) wrote on 2012-03-08:

Looks great!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Alejandro J. Cura

Christina A Reitbauer

Manuel de la Peña

Natalia Bidart

Rick McBride

Zachery Bir

 === modified file 'Makefile.am'
 --- Makefile.am	2012-02-10 15:07:59 +0000
 +++ Makefile.am	2012-03-07 23:48:19 +0000
@@ -53,7 +53,8 @@
  test: logging.conf $(clientdefs_DATA) Makefile
  	echo "$(PYTHONPATH)"
  	if test "x$(builddir)" == "x$(srcdir)"; then \
--		PYTHONPATH="$(PYTHONPATH)" u1trial -r $(REACTOR) -p tests/platform/windows tests; \
++		PYTHONPATH="$(PYTHONPATH)" u1trial -r $(REACTOR) -p tests/platform/windows,tests/proxy tests; \
++		PYTHONPATH="$(PYTHONPATH)" u1trial -r qt4 -p tests/platform/windows tests/proxy; \
  	fi
  	rm -rf _trial_temp
 === added directory 'tests/proxy'
 === added file 'tests/proxy/__init__.py'
 --- tests/proxy/__init__.py	1970-01-01 00:00:00 +0000
 +++ tests/proxy/__init__.py	2012-03-07 23:48:19 +0000
@@ -0,0 +1,148 @@
++# Copyright 2012 Canonical Ltd.
++#
++# This program is free software: you can redistribute it and/or modify it
++# under the terms of the GNU General Public License version 3, as published
++# by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranties of
++# MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
++# PURPOSE.  See the GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License along
++# with this program.  If not, see <http://www.gnu.org/licenses/>.
++"""Tests for the Ubuntu One proxy support."""
++
++from os import path
++from StringIO import StringIO
++
++from twisted.application import internet, service
++from twisted.internet import defer, ssl
++from twisted.web import http, resource, server
++
++SAMPLE_CONTENT = "hello world!"
++SIMPLERESOURCE = "simpleresource"
++DUMMY_KEY_FILENAME = "dummy.key"
++DUMMY_CERT_FILENAME = "dummy.cert"
++
++
++class SaveHTTPChannel(http.HTTPChannel):
++    """A save protocol to be used in tests."""
++
++    protocolInstance = None
++
++    # pylint: disable=C0103
++    def connectionMade(self):
++        """Keep track of the given protocol."""
++        SaveHTTPChannel.protocolInstance = self
++        http.HTTPChannel.connectionMade(self)
++
++
++class SaveSite(server.Site):
++    """A site that let us know when it's closed."""
++
++    protocol = SaveHTTPChannel
++
++    def __init__(self, *args, **kwargs):
++        """Create a new instance."""
++        server.Site.__init__(self, *args, **kwargs)
++        # we disable the timeout in the tests, we will deal with it manually.
++        # pylint: disable=C0103
++        self.timeOut = None
++
++
++class BaseMockWebServer(object):
++    """A mock webserver for testing"""
++
++    def __init__(self):
++        """Start up this instance."""
++        self.root = self.get_root_resource()
++        self.site = SaveSite(self.root)
++        application = service.Application('web')
++        self.service_collection = service.IServiceCollection(application)
++        #pylint: disable=E1101
++        self.tcpserver = internet.TCPServer(0, self.site)
++        self.tcpserver.setServiceParent(self.service_collection)
++        self.sslserver = internet.SSLServer(0, self.site, self.get_context())
++        self.sslserver.setServiceParent(self.service_collection)
++        self.service_collection.startService()
++
++    def get_dummy_path(self, filename):
++        """Path pointing at the dummy certificate files."""
++        base_path = path.dirname(__file__)
++        return path.join(base_path, "ssl", filename)
++
++    def get_context(self):
++        """Return an ssl context."""
++        key_path = self.get_dummy_path(DUMMY_KEY_FILENAME)
++        cert_path = self.get_dummy_path(DUMMY_CERT_FILENAME)
++        return ssl.DefaultOpenSSLContextFactory(key_path, cert_path)
++
++    def get_root_resource(self):
++        """Get the root resource with all the children."""
++        raise NotImplementedError
++
++    def get_iri(self):
++        """Build the iri for this mock server."""
++        #pylint: disable=W0212
++        port_num = self.tcpserver._port.getHost().port
++        return u"http://0.0.0.0:%d/" % port_num
++
++    def get_ssl_iri(self):
++        """Build the iri for the ssl mock server."""
++        #pylint: disable=W0212
++        port_num = self.sslserver._port.getHost().port
++        return u"https://0.0.0.0:%d/" % port_num
++
++    def stop(self):
++        """Shut it down."""
++        #pylint: disable=E1101
++        if self.site.protocol.protocolInstance:
++            self.site.protocol.protocolInstance.timeoutConnection()
++        return self.service_collection.stopService()
++
++
++class SimpleResource(resource.Resource):
++    """A simple web resource."""
++
++    def __init__(self):
++        """Initialize this mock resource."""
++        resource.Resource.__init__(self)
++        self.rendered = defer.Deferred()
++
++    def render_GET(self, request):
++        """Make a bit of html out of the resource's content."""
++        if not self.rendered.called:
++            self.rendered.callback(None)
++        return SAMPLE_CONTENT
++
++
++class MockWebServer(BaseMockWebServer):
++    """A mock webserver."""
++
++    def __init__(self):
++        """Initialize this mock server."""
++        self.simple_resource = SimpleResource()
++        super(MockWebServer, self).__init__()
++
++    def get_root_resource(self):
++        """Get the root resource with all the children."""
++        root = resource.Resource()
++        root.putChild(SIMPLERESOURCE, self.simple_resource)
++        return root
++
++
++class FakeTransport(StringIO):
++    """A fake transport that stores everything written to it."""
++
++    connected = True
++    disconnecting = False
++
++    def loseConnection(self):
++        """Mark the connection as lost."""
++        self.connected = False
++        self.disconnecting = True
++
++    def getPeer(self):
++        """Return the peer IAddress."""
++        return None
 === added directory 'tests/proxy/ssl'
 === added file 'tests/proxy/ssl/dummy.cert'
 --- tests/proxy/ssl/dummy.cert	1970-01-01 00:00:00 +0000
 +++ tests/proxy/ssl/dummy.cert	2012-03-07 23:48:19 +0000
@@ -0,0 +1,19 @@
++-----BEGIN CERTIFICATE-----
++MIIDEDCCAnmgAwIBAgIJAM/bIJ77awBCMA0GCSqGSIb3DQEBBQUAMIGgMQswCQYD
++VQQGEwJBUjETMBEGA1UECAwKRmFrZSBTdGF0ZTESMBAGA1UEBwwJRmFrZSBDaXR5
++MRUwEwYDVQQKDAxGYWtlIENvbXBhbnkxFjAUBgNVBAsMDUZha2UgRGl2aXNpb24x
++EjAQBgNVBAMMCUZha2UgTmFtZTElMCMGCSqGSIb3DQEJARYWZmFrZUBlbWFpbC5h
++ZGRyZXNzLm5vdDAeFw0xMjAyMjIxOTI0MjBaFw0yMjAyMjMxOTI0MjBaMIGgMQsw
++CQYDVQQGEwJBUjETMBEGA1UECAwKRmFrZSBTdGF0ZTESMBAGA1UEBwwJRmFrZSBD
++aXR5MRUwEwYDVQQKDAxGYWtlIENvbXBhbnkxFjAUBgNVBAsMDUZha2UgRGl2aXNp
++b24xEjAQBgNVBAMMCUZha2UgTmFtZTElMCMGCSqGSIb3DQEJARYWZmFrZUBlbWFp
++bC5hZGRyZXNzLm5vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0hbliGty
++HwfZixU609UHBQdbfO+oObrPIrIawWX5FxD6KhX4ei23idmpyYEcXLK4ivNlT4dW
++27bvhtpf6/FBbu9e1YdwcdDNoXajr9Ia4NZJyANgo9b5UIsnyTc45NlnpZgRg5zc
++Oz7Vwwr4qf6r1ljK/I2mAO7rlpH5Ak9J+RkCAwEAAaNQME4wHQYDVR0OBBYEFLwr
++ps/JLNcfpSuuylMnkvImVvkgMB8GA1UdIwQYMBaAFLwrps/JLNcfpSuuylMnkvIm
++VvkgMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAWYDBAr0MgpnBxIne
++WRz8MX0/c7IqrEuZCYMSGnU7PoX3GdNk1Lkif1ufELKSoG8jY16CDgEl26GPxA1k
++Tho7MWSLikLbuQYJs2saF9by0Y/Mrau0auxEnpHZ7pkybeKFnrIqiNKvTVMnjo5T
++FMET5qEOKKvp9IOnezCYX1nYXyY=
++-----END CERTIFICATE-----
 === added file 'tests/proxy/ssl/dummy.key'
 --- tests/proxy/ssl/dummy.key	1970-01-01 00:00:00 +0000
 +++ tests/proxy/ssl/dummy.key	2012-03-07 23:48:19 +0000
@@ -0,0 +1,16 @@
++-----BEGIN PRIVATE KEY-----
++MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANIW5Yhrch8H2YsV
++OtPVBwUHW3zvqDm6zyKyGsFl+RcQ+ioV+Hott4nZqcmBHFyyuIrzZU+HVtu274ba
++X+vxQW7vXtWHcHHQzaF2o6/SGuDWScgDYKPW+VCLJ8k3OOTZZ6WYEYOc3Ds+1cMK
+++Kn+q9ZYyvyNpgDu65aR+QJPSfkZAgMBAAECgYBSxFh7TTExjmsjAyMg700LqyFc
++8CHLVJBkL9ygkqb2cmbMC8nPgJFNSqY8T5Q35OUVQNyJ31zVxJVLAF9H2c0Xy48K
++IkbS/hntyqlJYK1yfTbTHkDiweToE3Lm+55Do1TX04AyvBrwA1O/jNGi4xIlUEAy
++1Bs8MrJ1E/j/XDn9/QJBAOuhPTgG3F7bKuBrQzv98CvC5o2Txf3vLY8nL8V24b3l
++XgqzkDLhUxReBmmkGxZfKAju3+gXFvGGpbP7V8zShg8CQQDkQGs7kArFq/KR/GCh
++CAmJaDWy4LJkSqzDHoJbTrS7YuqN6X6mW1xPRnWpYSxae38fJsCpG3Vq8Mv1Zl32
++VPZXAkEAsAeE9JYri7GwFngLgoXzJr4z/xCmmU5VetyLk7l8a6Eu4E/FKj2rE0wq
++/kDa+5ubDRFntLuLKGSu5gafUST1gQJABhdmBTfp4a6eEaFPntyNDJq4XCa8/Ao2
++JBrrVa57Ckkwg0sI8z2a8A6sUzHhsiR7lwQ8vgaakpkMiGcL+Of5jwJAA/qX3PW+
++9JXbjWxpgh7FHnZJNRZ8xSe47REGA7qS/nIlV9iRuf/9M+k3A5VqitfFxrjPwSyI
++rvKTYkk13dL4hg==
++-----END PRIVATE KEY-----
 === added file 'tests/proxy/test_tunnel_server.py'
 --- tests/proxy/test_tunnel_server.py	1970-01-01 00:00:00 +0000
 +++ tests/proxy/test_tunnel_server.py	2012-03-07 23:48:19 +0000
@@ -0,0 +1,351 @@
++# Copyright 2012 Canonical Ltd.
++#
++# This program is free software: you can redistribute it and/or modify it
++# under the terms of the GNU General Public License version 3, as published
++# by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranties of
++# MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
++# PURPOSE.  See the GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License along
++# with this program.  If not, see <http://www.gnu.org/licenses/>.
++"""Tests for the proxy tunnel."""
++
++from urlparse import urlparse
++
++from twisted.internet import defer, protocol, reactor
++
++from ubuntuone.devtools.testcases.squid import SquidTestCase
++
++from tests.proxy import (
++    FakeTransport,
++    MockWebServer,
++    SAMPLE_CONTENT,
++    SIMPLERESOURCE,
++)
++from ubuntuone.proxy import tunnel_server
++from ubuntuone.proxy.tunnel_server import CRLF
++
++
++FAKE_SESSION_TEMPLATE = (
++    "CONNECT {0.netloc} HTTP/1.0" + CRLF +
++    "Header1: value1" + CRLF +
++    "Header2: value2" + CRLF +
++    CRLF +
++    "GET {0.path} HTTP/1.0" + CRLF + CRLF
++)
++
++
++class DisconnectingProtocol(protocol.Protocol):
++    """A protocol that just disconnects."""
++
++    def connectionMade(self):
++        """Upon connecting: just disconnect."""
++        self.transport.loseConnection()
++
++
++class DisconnectingClientFactory(protocol.ClientFactory):
++    """A factory that fires a deferred on connection."""
++
++    def __init__(self):
++        """Initialize this instance."""
++        self.connected = defer.Deferred()
++
++    def buildProtocol(self, addr):
++        """The connection was made."""
++        proto = DisconnectingProtocol()
++        if not self.connected.called:
++            self.connected.callback(proto)
++        return proto
++
++
++class FakeProtocol(protocol.Protocol):
++    """A protocol that forwards some data."""
++
++    def __init__(self, factory, data):
++        """Initialize this fake."""
++        self.factory = factory
++        self.data = data
++        self.received_data = []
++
++    def connectionMade(self):
++        """Upon connection: send the stored data."""
++        self.transport.write(self.data)
++
++    def dataReceived(self, data):
++        """Some data was received."""
++        self.received_data.append(data)
++
++    def connectionLost(self, reason):
++        """The connection was lost, return the response."""
++        response = "".join(self.received_data)
++        if not self.factory.response.called:
++            self.factory.response.callback(response)
++
++
++class FakeClientFactory(protocol.ClientFactory):
++    """A factory that forwards some data to the protocol."""
++
++    def __init__(self, data):
++        """Initialize this fake."""
++        self.data = data
++        self.response = defer.Deferred()
++
++    def buildProtocol(self, addr):
++        """The connection was made."""
++        return FakeProtocol(self, self.data)
++
++
++class TunnelIntegrationTestCase(SquidTestCase):
++    """Basic tunnel integration tests."""
++
++    timeout = 3
++
++    @defer.inlineCallbacks
++    def setUp(self):
++        """Initialize this testcase."""
++        yield super(TunnelIntegrationTestCase, self).setUp()
++        self.ws = MockWebServer()
++        self.addCleanup(self.ws.stop)
++        self.dest_url = self.ws.get_iri().encode("utf-8") + SIMPLERESOURCE
++        self.tunnel_server = tunnel_server.TunnelServer()
++        self.addCleanup(self.tunnel_server.shutdown)
++
++    def test_init(self):
++        """The tunnel is started."""
++        self.assertNotEqual(self.tunnel_server.port, 0)
++
++    @defer.inlineCallbacks
++    def test_accepts_connections(self):
++        """The tunnel accepts incoming connections."""
++        ncf = DisconnectingClientFactory()
++        reactor.connectTCP("0.0.0.0", self.tunnel_server.port, ncf)
++        yield ncf.connected
++
++    @defer.inlineCallbacks
++    def test_complete_connection(self):
++        """Test from the tunnel server down."""
++        url = urlparse(self.dest_url)
++        client = FakeClientFactory(FAKE_SESSION_TEMPLATE.format(url))
++        reactor.connectTCP("0.0.0.0", self.tunnel_server.port, client)
++        response = yield client.response
++        self.assertIn(SAMPLE_CONTENT, response)
++
++
++class FakeClient(object):
++    """A fake destination client."""
++
++    protocol = None
++    connection_result = defer.succeed(True)
++
++    def connect(self, hostport):
++        """Establish a connection with the other end."""
++        return self.connection_result
++
++    def write(self, data):
++        """Write some data to the other end."""
++        if data == 'GET /simpleresource HTTP/1.0\r\n\r\n':
++            self.protocol.transport.write(SAMPLE_CONTENT)
++
++    def stop(self):
++        """Stop this fake client."""
++
++
++class ServerTunnelProtocolTestCase(SquidTestCase):
++    """Tests for the ServerTunnelProtocol."""
++
++    @defer.inlineCallbacks
++    def setUp(self):
++        """Initialize this test instance."""
++        yield super(ServerTunnelProtocolTestCase, self).setUp()
++        self.ws = MockWebServer()
++        self.addCleanup(self.ws.stop)
++        self.dest_url = self.ws.get_iri().encode("utf-8") + SIMPLERESOURCE
++        self.transport = FakeTransport()
++        self.fake_client = FakeClient()
++        self.proto = tunnel_server.ServerTunnelProtocol(
++                                                lambda _: self.fake_client)
++        self.fake_client.protocol = self.proto
++        self.proto.transport = self.transport
++
++    def test_broken_request(self):
++        """Broken request."""
++        self.proto.dataReceived("Broken request." + CRLF)
++        self.assertTrue(self.transport.getvalue().startswith("HTTP/1.0 400 "),
++                        "A broken request must fail.")
++
++    def test_wrong_method(self):
++        """Wrong method."""
++        self.proto.dataReceived("GET http://slashdot.org HTTP/1.0" + CRLF)
++        self.assertTrue(self.transport.getvalue().startswith("HTTP/1.0 405 "),
++                        "Using a wrong method fails.")
++
++    def test_invalid_http_version(self):
++        """Invalid HTTP version."""
++        self.proto.dataReceived("CONNECT 127.0.0.1:9999 HTTP/1.1" + CRLF)
++        self.assertTrue(self.transport.getvalue().startswith("HTTP/1.0 505 "),
++                        "Invalid http version is not allowed.")
++
++    def test_connection_is_established(self):
++        """The response code is sent."""
++        expected = "HTTP/1.0 200 Proxy connection established" + CRLF
++        self.proto.dataReceived("CONNECT 127.0.0.1:9999 HTTP/1.0" + CRLF * 2)
++        self.assertTrue(self.transport.getvalue().startswith(expected),
++                        "First line must be the response status")
++
++    def test_connection_fails(self):
++        """The connection to the other end fails, and it's handled."""
++        error = tunnel_server.ConnectionError()
++        self.patch(self.fake_client, "connection_result", defer.fail(error))
++        expected = "HTTP/1.0 500 Connection error" + CRLF
++        self.proto.dataReceived("CONNECT 127.0.0.1:9999 HTTP/1.0" + CRLF * 2)
++        self.assertTrue(self.transport.getvalue().startswith(expected),
++                        "The connection should fail at this point.")
++
++    def test_headers_stored(self):
++        """The request headers are stored."""
++        expected = [
++            ("Header1", "value1"),
++            ("Header2", "value2"),
++        ]
++        self.proto.dataReceived("CONNECT 127.0.0.1:9999 HTTP/1.0" + CRLF +
++                                "Header1: value1" + CRLF +
++                                "Header2: value2" + CRLF + CRLF)
++        self.assertEqual(self.proto.received_headers, expected)
++
++    def test_successful_connect(self):
++        """A successful connect thru the tunnel."""
++        url = urlparse(self.dest_url)
++        data = FAKE_SESSION_TEMPLATE.format(url)
++        self.proto.dataReceived(data)
++        lines = self.transport.getvalue().split(CRLF)
++        self.assertEqual(lines[-1], SAMPLE_CONTENT)
++
++    def test_header_split(self):
++        """Test a header with many colons."""
++        self.proto.header_line("key: host:port")
++        self.assertIn("key", dict(self.proto.received_headers))
++
++
++class FakeServerTunnelProtocol(object):
++    """A fake ServerTunnelProtocol."""
++
++    def __init__(self):
++        """Initialize this fake tunnel."""
++        self.response_received = defer.Deferred()
++
++    def response_data_received(self, data):
++        """Fire the response deferred."""
++        if not self.response_received.called:
++            self.response_received.callback(data)
++
++    def remote_disconnected(self):
++        """The remote server disconnected."""
++
++
++class RemoteSocketTestCase(SquidTestCase):
++    """Tests for the client that connects to the other side."""
++
++    timeout = 3
++    get_proxy_settings = lambda _: {}
++
++    @defer.inlineCallbacks
++    def setUp(self):
++        """Initialize this testcase."""
++        yield super(RemoteSocketTestCase, self).setUp()
++        self.ws = MockWebServer()
++        self.addCleanup(self.ws.stop)
++        self.dest_url = self.ws.get_iri().encode("utf-8") + SIMPLERESOURCE
++
++        self.addCleanup(tunnel_server.QNetworkProxy.setApplicationProxy,
++                        tunnel_server.QNetworkProxy.applicationProxy())
++        tunnel_server.QNetworkProxy.setApplicationProxy(
++                        tunnel_server.build_proxy(self.get_proxy_settings()))
++
++    def test_invalid_port(self):
++        """A request with an invalid port fails with a 400."""
++        protocol = tunnel_server.ServerTunnelProtocol(
++                                                    tunnel_server.RemoteSocket)
++        protocol.transport = FakeTransport()
++        protocol.dataReceived("CONNECT 127.0.0.1:wrong_port HTTP/1.0" +
++                              CRLF * 2)
++
++        status_line = protocol.transport.getvalue()
++        self.assertTrue(status_line.startswith("HTTP/1.0 400 "),
++                        "The port must be an integer.")
++
++    @defer.inlineCallbacks
++    def test_connection_is_finished_when_stopping(self):
++        """The client disconnects when requested."""
++        fake_protocol = FakeServerTunnelProtocol()
++        client = tunnel_server.RemoteSocket(fake_protocol)
++        url = urlparse(self.dest_url)
++        yield client.connect(url.netloc)
++        yield client.stop()
++
++    @defer.inlineCallbacks
++    def test_stop_but_never_connected(self):
++        """Stop but it was never connected."""
++        fake_protocol = FakeServerTunnelProtocol()
++        client = tunnel_server.RemoteSocket(fake_protocol)
++        yield client.stop()
++
++    @defer.inlineCallbacks
++    def test_client_write(self):
++        """Data written to the client is sent to the other side."""
++        fake_protocol = FakeServerTunnelProtocol()
++        client = tunnel_server.RemoteSocket(fake_protocol)
++        self.addCleanup(client.stop)
++        url = urlparse(self.dest_url)
++        yield client.connect(url.netloc)
++        client.write("GET /simpleresource HTTP/1.0" + CRLF * 2)
++        yield self.ws.simple_resource.rendered
++
++    @defer.inlineCallbacks
++    def test_client_read(self):
++        """Data received by the client is written into the transport."""
++        fake_protocol = FakeServerTunnelProtocol()
++        client = tunnel_server.RemoteSocket(fake_protocol)
++        self.addCleanup(client.stop)
++        url = urlparse(self.dest_url)
++        yield client.connect(url.netloc)
++        client.write("GET /simpleresource HTTP/1.0" + CRLF * 2)
++        yield self.ws.simple_resource.rendered
++        data = yield fake_protocol.response_received
++        _headers, content = str(data).split(CRLF * 2, 1)
++        self.assertEqual(content, SAMPLE_CONTENT)
++
++
++class AnonProxyRemoteSocketTestCase(RemoteSocketTestCase):
++    """Tests for the client going thru an anonymous proxy."""
++
++    get_proxy_settings = RemoteSocketTestCase.get_nonauth_proxy_settings
++
++    def parse_headers(self, raw_headers):
++        """Parse the headers."""
++        lines = raw_headers.split(CRLF)
++        header_lines = lines[1:]
++        headers_pairs = (l.split(":", 1) for l in header_lines)
++        return dict((k.lower(), v.strip()) for k, v in headers_pairs)
++
++    @defer.inlineCallbacks
++    def test_verify_client_uses_proxy(self):
++        """Verify that the client uses the proxy."""
++        fake_protocol = FakeServerTunnelProtocol()
++        client = tunnel_server.RemoteSocket(fake_protocol)
++        self.addCleanup(client.stop)
++        url = urlparse(self.dest_url)
++        yield client.connect(url.netloc)
++        client.write("GET /simpleresource HTTP/1.0" + CRLF * 2)
++        yield self.ws.simple_resource.rendered
++        data = yield fake_protocol.response_received
++        raw_headers, _content = str(data).split(CRLF * 2, 1)
++        self.parse_headers(raw_headers)
++
++
++class AuthenticatedProxyRemoteSocketTestCase(AnonProxyRemoteSocketTestCase):
++    """Tests for the client going thru an authenticated proxy."""
++
++    get_proxy_settings = RemoteSocketTestCase.get_auth_proxy_settings
 === added directory 'ubuntuone/proxy'
 === added file 'ubuntuone/proxy/__init__.py'
 --- ubuntuone/proxy/__init__.py	1970-01-01 00:00:00 +0000
 +++ ubuntuone/proxy/__init__.py	2012-03-07 23:48:19 +0000
@@ -0,0 +1,14 @@
++# Copyright 2012 Canonical Ltd.
++#
++# This program is free software: you can redistribute it and/or modify it
++# under the terms of the GNU General Public License version 3, as published
++# by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranties of
++# MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
++# PURPOSE.  See the GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License along
++# with this program.  If not, see <http://www.gnu.org/licenses/>.
++"""Ubuntu One proxy support."""
 === added file 'ubuntuone/proxy/common.py'
 --- ubuntuone/proxy/common.py	1970-01-01 00:00:00 +0000
 +++ ubuntuone/proxy/common.py	2012-03-07 23:48:19 +0000
@@ -0,0 +1,59 @@
++# -*- coding: utf8 -*-
++#
++# Copyright 2012 Canonical Ltd.
++#
++# This program is free software: you can redistribute it and/or modify it
++# under the terms of the GNU General Public License version 3, as published
++# by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranties of
++# MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
++# PURPOSE.  See the GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License along
++# with this program.  If not, see <http://www.gnu.org/licenses/>.
++"""Common classes to the tunnel client and server."""
++
++from twisted.protocols import basic
++
++CRLF = "\r\n"
++
++
++class BaseTunnelProtocol(basic.LineReceiver):
++    """CONNECT base protocol for tunnelling connections."""
++
++    delimiter = CRLF
++
++    def __init__(self):
++        """Initialize this protocol."""
++        self._first_line = True
++        self.received_headers = []
++
++    def header_line(self, line):
++        """Handle each header line received."""
++        key, value = line.split(":", 1)
++        value = value.strip()
++        self.received_headers.append((key, value))
++
++    def lineReceived(self, line):
++        """Process a line in the header."""
++        if self._first_line:
++            self._first_line = False
++            self.handle_first_line(line)
++        else:
++            if line:
++                self.header_line(line)
++            else:
++                self.setRawMode()
++                self.headers_done()
++
++    def remote_disconnected(self):
++        """The remote end closed the connection."""
++        self.transport.loseConnection()
++
++    def format_headers(self, headers):
++        """Format some headers as a few response lines."""
++        return "".join("%s: %s" % item + CRLF for item in headers.items())
++
++
 === added file 'ubuntuone/proxy/logger.py'
 --- ubuntuone/proxy/logger.py	1970-01-01 00:00:00 +0000
 +++ ubuntuone/proxy/logger.py	2012-03-07 23:48:19 +0000
@@ -0,0 +1,37 @@
++# ubuntuone.syncdaemon.logger - logging utilities
++#
++# Copyright 2009-2012 Canonical Ltd.
++#
++# This program is free software: you can redistribute it and/or modify it
++# under the terms of the GNU General Public License version 3, as published
++# by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranties of
++# MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
++# PURPOSE.  See the GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License along
++# with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++"""SyncDaemon logging utilities and config."""
++
++import logging
++import os
++
++from ubuntuone.logger import (
++    _DEBUG_LOG_LEVEL,
++    basic_formatter,
++    CustomRotatingFileHandler,
++)
++
++from ubuntuone.platform.xdg_base_directory import ubuntuone_log_dir
++
++
++LOGFILENAME = os.path.join(ubuntuone_log_dir, 'proxy.log')
++logger = logging.getLogger("ubuntuone.proxy")
++logger.setLevel(_DEBUG_LOG_LEVEL)
++handler = CustomRotatingFileHandler(filename=LOGFILENAME)
++handler.setFormatter(basic_formatter)
++handler.setLevel(_DEBUG_LOG_LEVEL)
++logger.addHandler(handler)
 === added file 'ubuntuone/proxy/tunnel_server.py'
 --- ubuntuone/proxy/tunnel_server.py	1970-01-01 00:00:00 +0000
 +++ ubuntuone/proxy/tunnel_server.py	2012-03-07 23:48:19 +0000
@@ -0,0 +1,253 @@
++# -*- coding: utf8 -*-
++#
++# Copyright 2012 Canonical Ltd.
++#
++# This program is free software: you can redistribute it and/or modify it
++# under the terms of the GNU General Public License version 3, as published
++# by the Free Software Foundation.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranties of
++# MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
++# PURPOSE.  See the GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License along
++# with this program.  If not, see <http://www.gnu.org/licenses/>.
++"""A tunnel through proxies.
++
++The layers in a tunneled proxied connection:
++
++↓ tunnelclient - initiates tcp to tunnelserver, request outward connection
++↕ client protocol - started after the tunneclient gets connected
++---process boundary---
++↕ tunnelserver - creates a tunnel instance per incoming connection
++↕ tunnel - hold a qtcpsocket to tunnelclient, and srvtunnelproto to the remote
++↕ servertunnelprotocol - gets CONNECT from tunnelclient, creates a remotesocket
++↕ remotesocket - connects to the destination server via a proxy
++↕ proxy server - goes thru firewalls
++↑ server - dialogues with the client protocol
++
++"""
++
++
++from PyQt4.QtCore import QCoreApplication, QTimer
++from PyQt4.QtNetwork import (
++    QAbstractSocket,
++    QHostAddress,
++    QNetworkProxy,
++    QTcpServer,
++    QTcpSocket,
++)
++from twisted.internet import defer, interfaces
++from zope.interface import implements
++
++from ubuntuone.proxy.common import BaseTunnelProtocol, CRLF
++from ubuntuone.proxy.logger import logger
++
++DEFAULT_CODE = 500
++DEFAULT_DESCRIPTION = "Connection error"
++
++
++class ConnectionError(Exception):
++    """The client failed connecting to the destination."""
++
++    def __init__(self, code=DEFAULT_CODE, description=DEFAULT_DESCRIPTION):
++        self.code = code
++        self.description = description
++
++
++class ProxyAuthenticationError(ConnectionError):
++    """Credentials mismatch going thru a proxy."""
++
++
++def build_proxy(settings):
++    """Create a QNetworkProxy from these settings."""
++    if "host" not in settings or "port" not in settings:
++        return QNetworkProxy(QNetworkProxy.NoProxy)
++    else:
++        # TODO: add authentication here, to replace the empty user/pass
++        return QNetworkProxy(QNetworkProxy.HttpProxy,
++                             hostName=settings.get("host", ""),
++                             port=settings.get("port", 0),
++                             user=settings.get("username", ""),
++                             password=settings.get("password", ""))
++
++
++class RemoteSocket(QTcpSocket):
++    """A dumb connection through a proxy to a destination hostport."""
++
++    def __init__(self, tunnel_protocol):
++        """Initialize this object."""
++        super(RemoteSocket, self).__init__()
++        self.protocol = tunnel_protocol
++        self.disconnected.connect(self.handle_disconnected)
++        self.connected_d = defer.Deferred()
++        self.connected.connect(self.handle_connected)
++        self.buffered_data = []
++
++    def handle_connected(self):
++        """When connected, send all pending data."""
++        self.connected_d.callback(None)
++        for d in self.buffered_data:
++            super(RemoteSocket, self).write(d)
++        self.buffered_data = []
++
++    def handle_disconnected(self):
++        """Do something with disconnections."""
++        logger.debug("Remote socket disconnected")
++        self.protocol.remote_disconnected()
++
++    def write(self, data):
++        """Write data to the remote end, buffering if not connected."""
++        if self.state() == QAbstractSocket.ConnectedState:
++            super(RemoteSocket, self).write(data)
++        else:
++            self.buffered_data.append(data)
++
++    def connect(self, hostport):
++        """Try to establish the connection to the remote end."""
++        host, port = hostport.split(":")
++
++        try:
++            port = int(port)
++        except ValueError:
++            raise ConnectionError(400, "Destination port must be an integer.")
++
++        self.readyRead.connect(self.handle_ready_read)
++        # TODO: handle the following signals in an upcoming branch
++        #self.error.connect(...)
++        #self.proxyAuthenticationRequired.connect(...)
++        self.connectToHost(host, port)
++
++        return self.connected_d
++
++    def handle_ready_read(self):
++        """Forward data from the remote end to the parent protocol."""
++        data = self.readAll()
++        self.protocol.response_data_received(data)
++
++    @defer.inlineCallbacks
++    def stop(self):
++        """Finish and cleanup."""
++        self.disconnectFromHost()
++        while self.state() != self.UnconnectedState:
++            d = defer.Deferred()
++            QTimer.singleShot(100, lambda: d.callback(None))
++            yield d
++
++
++class ServerTunnelProtocol(BaseTunnelProtocol):
++    """CONNECT sever protocol for tunnelling connections."""
++
++    def __init__(self, client_class):
++        """Initialize this protocol."""
++        BaseTunnelProtocol.__init__(self)
++        self.hostport = ""
++        self.client = client_class(self)
++
++    def error_response(self, code, description):
++        """Write a response with an error, and disconnect."""
++        self.write_transport("HTTP/1.0 %d %s" % (code, description) + CRLF * 2)
++        self.transport.loseConnection()
++        self.client.stop()
++        self.clearLineBuffer()
++
++    def write_transport(self, data):
++        """Write a response in the transport."""
++        self.transport.write(data)
++
++    def handle_first_line(self, line):
++        """Special handling for the first line received."""
++        try:
++            method, hostport, proto_version = line.split(" ", 2)
++            if proto_version != "HTTP/1.0":
++                self.error_response(505, "HTTP Version Not Supported")
++                return
++            if method != "CONNECT":
++                self.error_response(405, "Only the CONNECT method is allowed")
++                return
++            self.hostport = hostport
++        except ValueError:
++            self.error_response(400, "Bad request")
++
++    @defer.inlineCallbacks
++    def headers_done(self):
++        """An empty line was received, start connecting and switch mode."""
++        try:
++            yield self.client.connect(self.hostport)
++            response_headers = {
++                "Server": "Ubuntu One proxy tunnel",
++            }
++            self.write_transport("HTTP/1.0 200 Proxy connection established" +
++                                 CRLF + self.format_headers(response_headers) +
++                                 CRLF)
++        except ConnectionError as e:
++            self.error_response(e.code, e.description)
++
++    def rawDataReceived(self, data):
++        """Tunnel all raw data straight to the other side."""
++        self.client.write(data)
++
++    def response_data_received(self, data):
++        """Return data coming from the other side."""
++        logger.debug("writing data to the transport: %r", data)
++        self.write_transport(data)
++
++
++class Tunnel(object):
++    """An instance of a running tunnel."""
++
++    implements(interfaces.ITransport)
++
++    def __init__(self, local_socket):
++        """Initialize this Tunnel instance."""
++        self.disconnecting = False
++        self.local_socket = local_socket
++        self.protocol = ServerTunnelProtocol(RemoteSocket)
++        self.protocol.transport = self
++        local_socket.readyRead.connect(self.server_ready_read)
++        local_socket.disconnected.connect(self.local_disconnected)
++
++    def server_ready_read(self):
++        """Data available on the local end. Move it forward."""
++        data = bytes(self.local_socket.readAll())
++        self.protocol.dataReceived(data)
++
++    def write(self, data):
++        """Data available on the remote end. Bring it back."""
++        self.local_socket.write(data)
++
++    def loseConnection(self):
++        """The remote end disconnected."""
++        logger.debug("disconnecting local end.")
++        self.local_socket.close()
++
++    def local_disconnected(self):
++        """The local end disconnected."""
++        # TODO: handle this case in an upcoming branch
++
++
++class TunnelServer(object):
++    """A server for tunnel instances."""
++
++    def __init__(self):
++        """Initialize this tunnel instance."""
++        self.tunnels = []
++        self.server = QTcpServer(QCoreApplication.instance())
++        self.server.newConnection.connect(self.new_connection)
++        self.server.listen(QHostAddress.LocalHost, 0)
++
++    def new_connection(self):
++        """On a new connection create a new tunnel instance."""
++        local_socket = self.server.nextPendingConnection()
++        tunnel = Tunnel(local_socket)
++        self.tunnels.append(tunnel)
++
++    def shutdown(self):
++        """Terminate every connection."""
++        # TODO: handle this gracefully in an upcoming branch
++
++    @property
++    def port(self):
++        """The port where this server listens."""
++        return self.server.serverPort()