Merge lp:~verterok/ubuntuone-storage-protocol/load-all-available-certs-stable-13-10 into lp:ubuntuone-storage-protocol/stable-13-10

Proposed by Guillermo Gonzalez
Status: Merged
Approved by: dobey
Approved revision: 167
Merged at revision: 164
Proposed branch: lp:~verterok/ubuntuone-storage-protocol/load-all-available-certs-stable-13-10
Merge into: lp:ubuntuone-storage-protocol/stable-13-10
Diff against target: 82 lines (+57/-7)
2 files modified
tests/test_context.py (+41/-0)
ubuntuone/storageprotocol/context.py (+16/-7)
To merge this branch: bzr merge lp:~verterok/ubuntuone-storage-protocol/load-all-available-certs-stable-13-10
Reviewer Review Type Date Requested Status
dobey (community) Approve
Review via email: mp+215722@code.launchpad.net

Commit message

Fix get_certificates to load all certificates

Description of the change

Fix get_certificates to load all certificates

To post a comment you must log in.
165. By Guillermo Gonzalez

return the original cert

166. By Guillermo Gonzalez

fix test case

167. By Guillermo Gonzalez

avoid loading the same cert twice, and add test for this case.

Revision history for this message
dobey (dobey) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'tests/test_context.py'
2--- tests/test_context.py 2013-05-28 14:41:29 +0000
3+++ tests/test_context.py 2014-04-14 22:20:48 +0000
4@@ -199,3 +199,44 @@
5 hostname="localhost")
6
7 yield self.verify_context(server_context, client_context)
8+
9+
10+class CertLoadingTestCase(unittest.TestCase):
11+ """Tests for the get_certificates function."""
12+
13+ def test_load_all_certificates(self):
14+ """Load all available certificates."""
15+ certs = FakeCerts(self, "localhost")
16+ self.patch(context, 'get_cert_dir', lambda: certs.cert_dir)
17+ # remove the key
18+ os.unlink(certs.server_key_path)
19+ loaded = context.get_certificates()
20+ expected = []
21+ for cert_file in os.listdir(certs.cert_dir):
22+ if not cert_file.endswith('.pem'):
23+ continue
24+ with open(os.path.join(certs.cert_dir, cert_file), 'r') as fd:
25+ ca_file = ssl.Certificate.loadPEM(fd.read())
26+ expected.append(ca_file.original.digest("sha1"))
27+
28+ certs = set(cert.digest("sha1") for cert in loaded)
29+ self.assertFalse(certs.difference(set(expected)))
30+
31+ @defer.inlineCallbacks
32+ def test_use_all_certificates_and_fail(self):
33+ """Use system installed certificates and fail checking self-signed."""
34+ certs = FakeCerts(self, "localhost")
35+ server_context = ssl.DefaultOpenSSLContextFactory(
36+ certs.server_key_path, certs.server_cert_path)
37+ client_context = context.get_ssl_context(no_verify=False,
38+ hostname="localhost")
39+ site = server.Site(FakeResource())
40+ port = reactor.listenSSL(0, site, server_context)
41+ self.addCleanup(port.stopListening)
42+ url = "https://localhost:%d" % port.getHost().port
43+ try:
44+ yield client.getPage(url, contextFactory=client_context)
45+ except SSL.Error:
46+ return
47+ else:
48+ self.fail("Should fail with SSL Error.")
49
50=== modified file 'ubuntuone/storageprotocol/context.py'
51--- ubuntuone/storageprotocol/context.py 2013-05-22 21:27:33 +0000
52+++ ubuntuone/storageprotocol/context.py 2014-04-14 22:20:48 +0000
53@@ -68,13 +68,22 @@
54 def get_certificates():
55 """Get a list of certificate paths."""
56 ssl_cert_location = get_cert_dir()
57- ca_file = ssl.Certificate.loadPEM(file(os.path.join(ssl_cert_location,
58- 'UbuntuOne-Go_Daddy_Class_2_CA.pem'), 'r').read())
59- ca_file_2 = ssl.Certificate.loadPEM(file(os.path.join(ssl_cert_location,
60- 'UbuntuOne-Go_Daddy_CA.pem'), 'r').read())
61- ca_file_3 = ssl.Certificate.loadPEM(file(os.path.join(ssl_cert_location,
62- 'UbuntuOne-ValiCert_Class_2_VA.pem'), 'r').read())
63- return [ca_file.original, ca_file_2.original, ca_file_3.original]
64+ ca_files = []
65+ digests = set()
66+ for fname in os.listdir(ssl_cert_location):
67+ full_path = os.path.join(ssl_cert_location, fname)
68+ if os.path.isdir(full_path) or not fname.endswith(".pem"):
69+ continue
70+ with open(full_path, 'r') as fd:
71+ ca_file = ssl.Certificate.loadPEM(fd.read())
72+ # we need to avoid adding the same cert twice as openssl
73+ # doesn't like it
74+ digest = ca_file.original.digest("sha1")
75+ if digest in digests:
76+ continue
77+ digests.add(digest)
78+ ca_files.append(ca_file.original)
79+ return ca_files
80
81
82 def get_ssl_context(no_verify, hostname=None):

Subscribers

People subscribed via source and target branches