|
1 | 1 | import ssl |
2 | | -import unittest |
3 | | - |
4 | | -import pytest |
| 2 | +from pathlib import Path |
| 3 | +from typing import Tuple |
5 | 4 |
|
6 | 5 | from aiokafka.helpers import create_ssl_context |
7 | 6 |
|
8 | 7 |
|
9 | | -@pytest.mark.usefixtures("setup_test_class_serverless") |
10 | | -class TestHelpers(unittest.TestCase): |
11 | | - def _check_ssl_dir(self): |
12 | | - ssl_cert = self.ssl_folder |
13 | | - cafile = ssl_cert / "ca-cert" |
14 | | - certfile = ssl_cert / "cl_client.pem" |
15 | | - keyfile = ssl_cert / "cl_client.key" |
16 | | - self.assertTrue(ssl_cert.exists(), str(ssl_cert)) |
17 | | - self.assertTrue(cafile.exists(), str(cafile)) |
18 | | - self.assertTrue(certfile.exists(), str(certfile)) |
19 | | - self.assertTrue(keyfile.exists(), str(keyfile)) |
20 | | - return cafile, certfile, keyfile |
21 | | - |
22 | | - def test_create_ssl_context(self): |
23 | | - cafile, certfile, keyfile = self._check_ssl_dir() |
24 | | - |
25 | | - context = create_ssl_context() |
26 | | - self.assertEqual(context.verify_mode, ssl.CERT_REQUIRED) |
27 | | - self.assertEqual(context.check_hostname, True) |
28 | | - |
29 | | - context = create_ssl_context(cafile=str(cafile)) |
30 | | - self.assertEqual(context.verify_mode, ssl.CERT_REQUIRED) |
31 | | - self.assertEqual(context.check_hostname, True) |
32 | | - der_ca = context.get_ca_certs(binary_form=True) |
33 | | - self.assertTrue(der_ca) |
34 | | - |
35 | | - # Same with `cadata` argument |
36 | | - with cafile.open("rb") as f: |
37 | | - data = f.read() |
38 | | - context = create_ssl_context(cadata=data.decode("ascii")) |
39 | | - self.assertEqual(context.get_ca_certs(binary_form=True), der_ca) |
40 | | - # And with DER encoded binary form |
41 | | - context = create_ssl_context(cadata=der_ca[0]) |
42 | | - self.assertEqual(context.get_ca_certs(binary_form=True), der_ca) |
43 | | - |
44 | | - context = create_ssl_context( |
45 | | - cafile=str(cafile), |
46 | | - certfile=str(certfile), |
47 | | - keyfile=str(keyfile), |
48 | | - password="abcdefgh", |
49 | | - ) |
50 | | - self.assertEqual(context.verify_mode, ssl.CERT_REQUIRED) |
51 | | - self.assertEqual(context.check_hostname, True) |
52 | | - self.assertTrue(context.get_ca_certs()) |
| 8 | +def _check_ssl_dir(ssl_folder: Path) -> Tuple[Path, Path, Path]: |
| 9 | + cafile = ssl_folder / "ca-cert" |
| 10 | + certfile = ssl_folder / "cl_client.pem" |
| 11 | + keyfile = ssl_folder / "cl_client.key" |
| 12 | + assert ssl_folder.exists(), str(ssl_folder) |
| 13 | + cafile.exists(), str(cafile) |
| 14 | + certfile.exists(), str(certfile) |
| 15 | + keyfile.exists(), str(keyfile) |
| 16 | + return cafile, certfile, keyfile |
| 17 | + |
| 18 | + |
| 19 | +def test_create_ssl_context(ssl_folder: Path) -> None: |
| 20 | + cafile, certfile, keyfile = _check_ssl_dir(ssl_folder) |
| 21 | + |
| 22 | + context = create_ssl_context() |
| 23 | + assert context.verify_mode == ssl.CERT_REQUIRED |
| 24 | + assert context.check_hostname is True |
| 25 | + |
| 26 | + context = create_ssl_context(cafile=str(cafile)) |
| 27 | + assert context.verify_mode == ssl.CERT_REQUIRED |
| 28 | + assert context.check_hostname is True |
| 29 | + der_ca = context.get_ca_certs(binary_form=True) |
| 30 | + assert der_ca |
| 31 | + |
| 32 | + # Same with `cadata` argument |
| 33 | + with cafile.open("rb") as f: |
| 34 | + data = f.read() |
| 35 | + context = create_ssl_context(cadata=data.decode("ascii")) |
| 36 | + assert context.get_ca_certs(binary_form=True) == der_ca |
| 37 | + # And with DER encoded binary form |
| 38 | + context = create_ssl_context(cadata=der_ca[0]) |
| 39 | + assert context.get_ca_certs(binary_form=True) == der_ca |
| 40 | + |
| 41 | + context = create_ssl_context( |
| 42 | + cafile=str(cafile), |
| 43 | + certfile=str(certfile), |
| 44 | + keyfile=str(keyfile), |
| 45 | + password="abcdefgh", |
| 46 | + ) |
| 47 | + assert context.verify_mode == ssl.CERT_REQUIRED |
| 48 | + assert context.check_hostname is True |
| 49 | + assert context.get_ca_certs() |
0 commit comments