mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
kanidm/pykanidm/tests/test_ssl_ca.py
James Hodgkinson 805ac2dd16
Python module and rewritten RADIUS integration (#826) 
* added python kanidm module
* rewrote RADIUS integration
* updated the documentation
* updating github actions to run more often
* BLEEP BLOOP ASYNCIO IS GR8
* adding config to makefile to run pykanidm tests

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Firstyear <william@blackhats.net.au>
2022-06-20 20:16:55 +10:00

202 lines
6 KiB
Python
Raw Permalink Blame History

""" tests ssl validation and CA setting etc """
from pathlib import Path
import aiohttp
import aiohttp.client_exceptions
import pytest
from kanidm import KanidmClient
@pytest.mark.asyncio
async def test_ssl_valid() -> None:
"""tests a valid connection"""
url = "https://badssl.com"
async with aiohttp.ClientSession() as session:
client = KanidmClient(
uri=url,
session=session,
)
result = await client.call_get("/")
assert result.content
print(f"{result.status_code=}")
@pytest.mark.asyncio
async def test_ssl_self_signed() -> None:
"""tests with a self-signed cert"""
url = "https://self-signed.badssl.com"
async with aiohttp.ClientSession() as session:
print("testing self signed cert with defaults and expecting an error")
client = KanidmClient(
uri=url,
session=session,
)
with pytest.raises(aiohttp.client_exceptions.ClientConnectorCertificateError):
await client.call_get("/")
@pytest.mark.asyncio
async def test_ssl_self_signed_with_verify() -> None:
"""tests with a self-signed cert"""
async with aiohttp.ClientSession() as session:
client = KanidmClient(
uri="https://self-signed.badssl.com",
session=session,
verify_certificate=False,
)
result = await client.call_get("/")
assert result.content
@pytest.mark.asyncio
async def test_ssl_self_signed_no_verify_certificate() -> None:
"""tests with a self-signed cert"""
async with aiohttp.ClientSession() as session:
client = KanidmClient(
uri="https://self-signed.badssl.com",
session=session,
verify_certificate=False,
)
result = await client.call_get("/")
assert result.content
@pytest.mark.asyncio
async def test_ssl_wrong_hostname_throws_error() -> None:
"""tests with validate hostnames and wrong hostname in the cert"""
async with aiohttp.ClientSession() as session:
client = KanidmClient(
uri="https://wrong.host.badssl.com/", session=session, verify_hostnames=True
)
with pytest.raises(
aiohttp.client_exceptions.ClientConnectorCertificateError,
match="Cannot connect to host wrong.host.badssl.com:443",
):
result = await client.call_get("/")
assert result.content
@pytest.mark.asyncio
async def test_ssl_wrong_hostname_dont_verify_hostnames() -> None:
"""tests with validate hostnames and wrong hostname in the cert"""
async with aiohttp.ClientSession() as session:
client = KanidmClient(
uri="https://wrong.host.badssl.com/",
session=session,
verify_hostnames=False,
)
result = await client.call_get("/")
assert result.content
@pytest.mark.asyncio
async def test_ssl_wrong_hostname_verify_certificate() -> None:
"""tests with validate hostnames and wrong hostname in the cert"""
async with aiohttp.ClientSession() as session:
client = KanidmClient(
uri="https://wrong.host.badssl.com/",
session=session,
verify_hostnames=False,
verify_certificate=False,
)
result = await client.call_get("/")
assert result.content
@pytest.mark.asyncio
async def test_ssl_revoked() -> None:
"""tests with a revoked certificate, it'll pass but one day this should be a thing"""
async with aiohttp.ClientSession() as session:
client = KanidmClient(
uri="https://revoked.badssl.com/",
session=session,
)
result = await client.call_get("/")
assert result.content
@pytest.mark.asyncio
async def test_ssl_expired() -> None:
"""tests with an expired certificate"""
async with aiohttp.ClientSession() as session:
client = KanidmClient(
uri="https://expired.badssl.com/",
session=session,
)
with pytest.raises(
aiohttp.client_exceptions.ClientConnectorCertificateError,
match="certificate verify failed: certificate has expired",
):
result = await client.call_get("/")
assert result.content
@pytest.mark.asyncio
async def test_ssl_expired_ignore() -> None:
"""tests with an expired certificate"""
async with aiohttp.ClientSession() as session:
client = KanidmClient(
uri="https://expired.badssl.com/",
session=session,
verify_certificate=False,
)
result = await client.call_get("/")
assert result.content
@pytest.mark.asyncio
async def test_ssl_untrusted_root_throws() -> None:
"""tests with an untrusted root, which should throw an error"""
async with aiohttp.ClientSession() as session:
client = KanidmClient(
uri="https://untrusted-root.badssl.com/",
session=session,
)
with pytest.raises(
aiohttp.client_exceptions.ClientConnectorCertificateError,
match="certificate verify failed: self signed certificate in certificate chain",
):
result = await client.call_get("/")
assert result.content
@pytest.mark.asyncio
async def test_ssl_untrusted_root_configured() -> None:
"""tests with an untrusted root, which should throw an error"""
testcert = Path("./tests/badssl_trusted_ca.pem").resolve()
if not testcert.exists():
pytest.skip(f"The trusted cert is missing from {testcert}")
async with aiohttp.ClientSession() as session:
client = KanidmClient(
uri="https://untrusted-root.badssl.com/",
session=session,
ca_path=testcert.resolve().as_posix(),
)
with pytest.raises(
aiohttp.client_exceptions.ClientConnectorCertificateError,
match="certificate verify failed: self signed certificate in certificate chain",
):
result = await client.call_get("/")
assert result.content
Reference in a new issue View git blame Copy permalink