PageRenderTime 64ms CodeModel.GetById 21ms RepoModel.GetById 0ms app.codeStats 0ms

/test/conftest.py

https://github.com/shazow/urllib3
Python | 343 lines | 249 code | 75 blank | 19 comment | 31 complexity | 085b9a172f8c3e97f9fbe0954b537602 MD5 | raw file
    

  1. import contextlib
    2. 

  2. import platform
    3. 

  3. import socket
    4. 

  4. import ssl
    5. 

  5. import sys
    6. 

  6. import threading
    7. 

  7. from pathlib import Path
    8. 

  8. from typing import AbstractSet, Any, Dict, Generator, NamedTuple, Optional, Tuple
    9. 

  9. 

  10. import pytest
    11. 

  11. import trustme
    12. 

  12. from tornado import ioloop, web
    13. 

  13. 

  14. from dummyserver.handlers import TestingApp
    15. 

  15. from dummyserver.proxy import ProxyHandler
    16. 

  16. from dummyserver.server import HAS_IPV6, run_tornado_app
    17. 

  17. from dummyserver.testcase import HTTPSDummyServerTestCase
    18. 

  18. from urllib3.util import ssl_
    19. 

  19. 

  20. from .tz_stub import stub_timezone_ctx
    21. 

  21. 

  22. 

  23. # The Python 3.8+ default loop on Windows breaks Tornado
    24. 

  24. @pytest.fixture(scope="session", autouse=True)
    25. 

  25. def configure_windows_event_loop() -> None:
    26. 

  26.     if sys.version_info >= (3, 8) and platform.system() == "Windows":
    27. 

  27.         import asyncio
    28. 

  28. 

  29.         asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy())  # type: ignore[attr-defined]
    30. 

  30. 

  31. 

  32. class ServerConfig(NamedTuple):
    33. 

  33.     scheme: str
    34. 

  34.     host: str
    35. 

  35.     port: int
    36. 

  36.     ca_certs: str
    37. 

  37. 

  38.     @property
    39. 

  39.     def base_url(self) -> str:
    40. 

  40.         host = self.host
    41. 

  41.         if ":" in host:
    42. 

  42.             host = f"[{host}]"
    43. 

  43.         return f"{self.scheme}://{host}:{self.port}"
    44. 

  44. 

  45. 

  46. def _write_cert_to_dir(
    47. 

  47.     cert: trustme.LeafCert, tmpdir: Path, file_prefix: str = "server"
    48. 

  48. ) -> Dict[str, str]:
    49. 

  49.     cert_path = str(tmpdir / ("%s.pem" % file_prefix))
    50. 

  50.     key_path = str(tmpdir / ("%s.key" % file_prefix))
    51. 

  51.     cert.private_key_pem.write_to_path(key_path)
    52. 

  52.     cert.cert_chain_pems[0].write_to_path(cert_path)
    53. 

  53.     certs = {"keyfile": key_path, "certfile": cert_path}
    54. 

  54.     return certs
    55. 

  55. 

  56. 

  57. @contextlib.contextmanager
    58. 

  58. def run_server_in_thread(
    59. 

  59.     scheme: str, host: str, tmpdir: Path, ca: trustme.CA, server_cert: trustme.LeafCert
    60. 

  60. ) -> Generator[ServerConfig, None, None]:
    61. 

  61.     ca_cert_path = str(tmpdir / "ca.pem")
    62. 

  62.     server_cert_path = str(tmpdir / "server.pem")
    63. 

  63.     server_key_path = str(tmpdir / "server.key")
    64. 

  64.     ca.cert_pem.write_to_path(ca_cert_path)
    65. 

  65.     server_cert.private_key_pem.write_to_path(server_key_path)
    66. 

  66.     server_cert.cert_chain_pems[0].write_to_path(server_cert_path)
    67. 

  67.     server_certs = {"keyfile": server_key_path, "certfile": server_cert_path}
    68. 

  68. 

  69.     io_loop = ioloop.IOLoop.current()
    70. 

  70.     app = web.Application([(r".*", TestingApp)])
    71. 

  71.     server, port = run_tornado_app(app, io_loop, server_certs, scheme, host)
    72. 

  72.     server_thread = threading.Thread(target=io_loop.start)
    73. 

  73.     server_thread.start()
    74. 

  74. 

  75.     yield ServerConfig("https", host, port, ca_cert_path)
    76. 

  76. 

  77.     io_loop.add_callback(server.stop)
    78. 

  78.     io_loop.add_callback(io_loop.stop)
    79. 

  79.     server_thread.join()
    80. 

  80. 

  81. 

  82. @contextlib.contextmanager
    83. 

  83. def run_server_and_proxy_in_thread(
    84. 

  84.     proxy_scheme: str,
    85. 

  85.     proxy_host: str,
    86. 

  86.     tmpdir: Path,
    87. 

  87.     ca: trustme.CA,
    88. 

  88.     proxy_cert: trustme.LeafCert,
    89. 

  89.     server_cert: trustme.LeafCert,
    90. 

  90. ) -> Generator[Tuple[ServerConfig, ServerConfig], None, None]:
    91. 

  91.     ca_cert_path = str(tmpdir / "ca.pem")
    92. 

  92.     ca.cert_pem.write_to_path(ca_cert_path)
    93. 

  93. 

  94.     server_certs = _write_cert_to_dir(server_cert, tmpdir)
    95. 

  95.     proxy_certs = _write_cert_to_dir(proxy_cert, tmpdir, "proxy")
    96. 

  96. 

  97.     io_loop = ioloop.IOLoop.current()
    98. 

  98.     app = web.Application([(r".*", TestingApp)])
    99. 

  99.     server_app, port = run_tornado_app(app, io_loop, server_certs, "https", "localhost")
    100. 

  100.     server_config = ServerConfig("https", "localhost", port, ca_cert_path)
    101. 

  101. 

  102.     proxy = web.Application([(r".*", ProxyHandler)])
    103. 

  103.     proxy_app, proxy_port = run_tornado_app(
    104. 

  104.         proxy, io_loop, proxy_certs, proxy_scheme, proxy_host
    105. 

  105.     )
    106. 

  106.     proxy_config = ServerConfig(proxy_scheme, proxy_host, proxy_port, ca_cert_path)
    107. 

  107. 

  108.     server_thread = threading.Thread(target=io_loop.start)
    109. 

  109.     server_thread.start()
    110. 

  110. 

  111.     yield (proxy_config, server_config)
    112. 

  112. 

  113.     io_loop.add_callback(server_app.stop)
    114. 

  114.     io_loop.add_callback(proxy_app.stop)
    115. 

  115.     io_loop.add_callback(io_loop.stop)
    116. 

  116. 

  117.     server_thread.join()
    118. 

  118. 

  119. 

  120. @pytest.fixture(params=["localhost", "127.0.0.1", "::1"])
    121. 

  121. def loopback_host(request: Any) -> Generator[str, None, None]:
    122. 

  122.     host = request.param
    123. 

  123.     if host == "::1" and not HAS_IPV6:
    124. 

  124.         pytest.skip("Test requires IPv6 on loopback")
    125. 

  125.     yield host
    126. 

  126. 

  127. 

  128. @pytest.fixture()
    129. 

  129. def san_server(
    130. 

  130.     loopback_host: str, tmp_path_factory: pytest.TempPathFactory
    131. 

  131. ) -> Generator[ServerConfig, None, None]:
    132. 

  132.     tmpdir = tmp_path_factory.mktemp("certs")
    133. 

  133.     ca = trustme.CA()
    134. 

  134. 

  135.     server_cert = ca.issue_cert(loopback_host)
    136. 

  136. 

  137.     with run_server_in_thread("https", loopback_host, tmpdir, ca, server_cert) as cfg:
    138. 

  138.         yield cfg
    139. 

  139. 

  140. 

  141. @pytest.fixture()
    142. 

  142. def no_san_server(
    143. 

  143.     loopback_host: str, tmp_path_factory: pytest.TempPathFactory
    144. 

  144. ) -> Generator[ServerConfig, None, None]:
    145. 

  145.     tmpdir = tmp_path_factory.mktemp("certs")
    146. 

  146.     ca = trustme.CA()
    147. 

  147.     server_cert = ca.issue_cert(common_name=loopback_host)
    148. 

  148. 

  149.     with run_server_in_thread("https", loopback_host, tmpdir, ca, server_cert) as cfg:
    150. 

  150.         yield cfg
    151. 

  151. 

  152. 

  153. @pytest.fixture()
    154. 

  154. def no_san_server_with_different_commmon_name(
    155. 

  155.     tmp_path_factory: pytest.TempPathFactory,
    156. 

  156. ) -> Generator[ServerConfig, None, None]:
    157. 

  157.     tmpdir = tmp_path_factory.mktemp("certs")
    158. 

  158.     ca = trustme.CA()
    159. 

  159.     server_cert = ca.issue_cert(common_name="example.com")
    160. 

  160. 

  161.     with run_server_in_thread("https", "localhost", tmpdir, ca, server_cert) as cfg:
    162. 

  162.         yield cfg
    163. 

  163. 

  164. 

  165. @pytest.fixture
    166. 

  166. def no_san_proxy_with_server(
    167. 

  167.     tmp_path_factory: pytest.TempPathFactory,
    168. 

  168. ) -> Generator[Tuple[ServerConfig, ServerConfig], None, None]:
    169. 

  169.     tmpdir = tmp_path_factory.mktemp("certs")
    170. 

  170.     ca = trustme.CA()
    171. 

  171.     # only common name, no subject alternative names
    172. 

  172.     proxy_cert = ca.issue_cert(common_name="localhost")
    173. 

  173.     server_cert = ca.issue_cert("localhost")
    174. 

  174. 

  175.     with run_server_and_proxy_in_thread(
    176. 

  176.         "https", "localhost", tmpdir, ca, proxy_cert, server_cert
    177. 

  177.     ) as cfg:
    178. 

  178.         yield cfg
    179. 

  179. 

  180. 

  181. @pytest.fixture
    182. 

  182. def no_localhost_san_server(
    183. 

  183.     tmp_path_factory: pytest.TempPathFactory,
    184. 

  184. ) -> Generator[ServerConfig, None, None]:
    185. 

  185.     tmpdir = tmp_path_factory.mktemp("certs")
    186. 

  186.     ca = trustme.CA()
    187. 

  187.     # non localhost common name
    188. 

  188.     server_cert = ca.issue_cert("example.com")
    189. 

  189. 

  190.     with run_server_in_thread("https", "localhost", tmpdir, ca, server_cert) as cfg:
    191. 

  191.         yield cfg
    192. 

  192. 

  193. 

  194. @pytest.fixture
    195. 

  195. def ipv4_san_proxy_with_server(
    196. 

  196.     tmp_path_factory: pytest.TempPathFactory,
    197. 

  197. ) -> Generator[Tuple[ServerConfig, ServerConfig], None, None]:
    198. 

  198.     tmpdir = tmp_path_factory.mktemp("certs")
    199. 

  199.     ca = trustme.CA()
    200. 

  200.     # IP address in Subject Alternative Name
    201. 

  201.     proxy_cert = ca.issue_cert("127.0.0.1")
    202. 

  202. 

  203.     server_cert = ca.issue_cert("localhost")
    204. 

  204. 

  205.     with run_server_and_proxy_in_thread(
    206. 

  206.         "https", "127.0.0.1", tmpdir, ca, proxy_cert, server_cert
    207. 

  207.     ) as cfg:
    208. 

  208.         yield cfg
    209. 

  209. 

  210. 

  211. @pytest.fixture
    212. 

  212. def ipv6_san_proxy_with_server(
    213. 

  213.     tmp_path_factory: pytest.TempPathFactory,
    214. 

  214. ) -> Generator[Tuple[ServerConfig, ServerConfig], None, None]:
    215. 

  215.     tmpdir = tmp_path_factory.mktemp("certs")
    216. 

  216.     ca = trustme.CA()
    217. 

  217.     # IP addresses in Subject Alternative Name
    218. 

  218.     proxy_cert = ca.issue_cert("::1")
    219. 

  219. 

  220.     server_cert = ca.issue_cert("localhost")
    221. 

  221. 

  222.     with run_server_and_proxy_in_thread(
    223. 

  223.         "https", "::1", tmpdir, ca, proxy_cert, server_cert
    224. 

  224.     ) as cfg:
    225. 

  225.         yield cfg
    226. 

  226. 

  227. 

  228. @pytest.fixture
    229. 

  229. def ipv4_san_server(
    230. 

  230.     tmp_path_factory: pytest.TempPathFactory,
    231. 

  231. ) -> Generator[ServerConfig, None, None]:
    232. 

  232.     tmpdir = tmp_path_factory.mktemp("certs")
    233. 

  233.     ca = trustme.CA()
    234. 

  234.     # IP address in Subject Alternative Name
    235. 

  235.     server_cert = ca.issue_cert("127.0.0.1")
    236. 

  236. 

  237.     with run_server_in_thread("https", "127.0.0.1", tmpdir, ca, server_cert) as cfg:
    238. 

  238.         yield cfg
    239. 

  239. 

  240. 

  241. @pytest.fixture
    242. 

  242. def ipv6_san_server(
    243. 

  243.     tmp_path_factory: pytest.TempPathFactory,
    244. 

  244. ) -> Generator[ServerConfig, None, None]:
    245. 

  245.     if not HAS_IPV6:
    246. 

  246.         pytest.skip("Only runs on IPv6 systems")
    247. 

  247. 

  248.     tmpdir = tmp_path_factory.mktemp("certs")
    249. 

  249.     ca = trustme.CA()
    250. 

  250.     # IP address in Subject Alternative Name
    251. 

  251.     server_cert = ca.issue_cert("::1")
    252. 

  252. 

  253.     with run_server_in_thread("https", "::1", tmpdir, ca, server_cert) as cfg:
    254. 

  254.         yield cfg
    255. 

  255. 

  256. 

  257. @pytest.fixture
    258. 

  258. def ipv6_no_san_server(
    259. 

  259.     tmp_path_factory: pytest.TempPathFactory,
    260. 

  260. ) -> Generator[ServerConfig, None, None]:
    261. 

  261.     if not HAS_IPV6:
    262. 

  262.         pytest.skip("Only runs on IPv6 systems")
    263. 

  263. 

  264.     tmpdir = tmp_path_factory.mktemp("certs")
    265. 

  265.     ca = trustme.CA()
    266. 

  266.     # IP address in Common Name
    267. 

  267.     server_cert = ca.issue_cert(common_name="::1")
    268. 

  268. 

  269.     with run_server_in_thread("https", "::1", tmpdir, ca, server_cert) as cfg:
    270. 

  270.         yield cfg
    271. 

  271. 

  272. 

  273. @pytest.fixture
    274. 

  274. def stub_timezone(request: pytest.FixtureRequest) -> Generator[None, None, None]:
    275. 

  275.     """
    276. 

  276.     A pytest fixture that runs the test with a stub timezone.
    277. 

  277.     """
    278. 

  278.     with stub_timezone_ctx(request.param):  # type: ignore[attr-defined]
    279. 

  279.         yield
    280. 

  280. 

  281. 

  282. @pytest.fixture(scope="session")
    283. 

  283. def supported_tls_versions() -> AbstractSet[Optional[str]]:
    284. 

  284.     # We have to create an actual TLS connection
    285. 

  285.     # to test if the TLS version is not disabled by
    286. 

  286.     # OpenSSL config. Ubuntu 20.04 specifically
    287. 

  287.     # disables TLSv1 and TLSv1.1.
    288. 

  288.     tls_versions = set()
    289. 

  289. 

  290.     _server = HTTPSDummyServerTestCase()
    291. 

  291.     _server._start_server()
    292. 

  292.     for _ssl_version_name in (
    293. 

  293.         "PROTOCOL_TLSv1",
    294. 

  294.         "PROTOCOL_TLSv1_1",
    295. 

  295.         "PROTOCOL_TLSv1_2",
    296. 

  296.         "PROTOCOL_TLS",
    297. 

  297.     ):
    298. 

  298.         _ssl_version = getattr(ssl, _ssl_version_name, 0)
    299. 

  299.         if _ssl_version == 0:
    300. 

  300.             continue
    301. 

  301.         _sock = socket.create_connection((_server.host, _server.port))
    302. 

  302.         try:
    303. 

  303.             _sock = ssl_.ssl_wrap_socket(
    304. 

  304.                 _sock, cert_reqs=ssl.CERT_NONE, ssl_version=_ssl_version
    305. 

  305.             )
    306. 

  306.         except ssl.SSLError:
    307. 

  307.             pass
    308. 

  308.         else:
    309. 

  309.             tls_versions.add(_sock.version())
    310. 

  310.         _sock.close()
    311. 

  311.     _server._stop_server()
    312. 

  312.     return tls_versions
    313. 

  313. 

  314. 

  315. @pytest.fixture(scope="function")
    316. 

  316. def requires_tlsv1(supported_tls_versions: AbstractSet[str]) -> None:
    317. 

  317.     """Test requires TLSv1 available"""
    318. 

  318.     if not hasattr(ssl, "PROTOCOL_TLSv1") or "TLSv1" not in supported_tls_versions:
    319. 

  319.         pytest.skip("Test requires TLSv1")
    320. 

  320. 

  321. 

  322. @pytest.fixture(scope="function")
    323. 

  323. def requires_tlsv1_1(supported_tls_versions: AbstractSet[str]) -> None:
    324. 

  324.     """Test requires TLSv1.1 available"""
    325. 

  325.     if not hasattr(ssl, "PROTOCOL_TLSv1_1") or "TLSv1.1" not in supported_tls_versions:
    326. 

  326.         pytest.skip("Test requires TLSv1.1")
    327. 

  327. 

  328. 

  329. @pytest.fixture(scope="function")
    330. 

  330. def requires_tlsv1_2(supported_tls_versions: AbstractSet[str]) -> None:
    331. 

  331.     """Test requires TLSv1.2 available"""
    332. 

  332.     if not hasattr(ssl, "PROTOCOL_TLSv1_2") or "TLSv1.2" not in supported_tls_versions:
    333. 

  333.         pytest.skip("Test requires TLSv1.2")
    334. 

  334. 

  335. 

  336. @pytest.fixture(scope="function")
    337. 

  337. def requires_tlsv1_3(supported_tls_versions: AbstractSet[str]) -> None:
    338. 

  338.     """Test requires TLSv1.3 available"""
    339. 

  339.     if (
    340. 

  340.         not getattr(ssl, "HAS_TLSv1_3", False)
    341. 

  341.         or "TLSv1.3" not in supported_tls_versions
    342. 

  342.     ):
    343. 

  343.         pytest.skip("Test requires TLSv1.3")
    344. 

  344.