1'''These tests rely on replies from public internet services
2
3TODO: reimplement with local stubs
4'''
5import httplib2
6import os
7import pytest
8import ssl
9import sys
10import tests
11
12
13def test_get_301_via_https():
14    # Google always redirects to http://google.com
15    http = httplib2.Http()
16    response, content = http.request('https://code.google.com/apis/', 'GET')
17    assert response.status == 200
18    assert response.previous.status == 301
19
20
21def test_get_via_https():
22    # Test that we can handle HTTPS
23    http = httplib2.Http()
24    response, content = http.request('https://google.com/adsense/', 'GET')
25    assert response.status == 200
26
27
28def test_get_via_https_spec_violation_on_location():
29    # Test that we follow redirects through HTTPS
30    # even if they violate the spec by including
31    # a relative Location: header instead of an
32    # absolute one.
33    http = httplib2.Http()
34    response, content = http.request('https://google.com/adsense', 'GET')
35    assert response.status == 200
36    assert response.previous is not None
37
38
39def test_get_via_https_key_cert():
40    #  At this point I can only test
41    #  that the key and cert files are passed in
42    #  correctly to httplib. It would be nice to have
43    #  a real https endpoint to test against.
44    http = httplib2.Http(timeout=2)
45    http.add_certificate('akeyfile', 'acertfile', 'bitworking.org')
46    try:
47        http.request('https://bitworking.org', 'GET')
48    except AttributeError:
49        assert http.connections['https:bitworking.org'].key_file == 'akeyfile'
50        assert http.connections['https:bitworking.org'].cert_file == 'acertfile'
51    except IOError:
52        # Skip on 3.2
53        pass
54
55    try:
56        http.request('https://notthere.bitworking.org', 'GET')
57    except httplib2.ServerNotFoundError:
58        assert http.connections['https:notthere.bitworking.org'].key_file is None
59        assert http.connections['https:notthere.bitworking.org'].cert_file is None
60    except IOError:
61        # Skip on 3.2
62        pass
63
64
65def test_ssl_invalid_ca_certs_path():
66    # Test that we get an ssl.SSLError when specifying a non-existent CA
67    # certs file.
68    http = httplib2.Http(ca_certs='/nosuchfile')
69    with tests.assert_raises(IOError):
70        http.request('https://www.google.com/', 'GET')
71
72
73@pytest.mark.xfail(
74    sys.version_info <= (3,),
75    reason='FIXME: for unknown reason Python 2.7.10 validates www.google.com against dummy CA www.example.com',
76)
77def test_ssl_wrong_ca():
78    # Test that we get a SSLHandshakeError if we try to access
79    # https://www.google.com, using a CA cert file that doesn't contain
80    # the CA Google uses (i.e., simulating a cert that's not signed by a
81    # trusted CA).
82    other_ca_certs = os.path.join(
83        os.path.dirname(os.path.abspath(httplib2.__file__)),
84        'test', 'other_cacerts.txt')
85    assert os.path.exists(other_ca_certs)
86    http = httplib2.Http(ca_certs=other_ca_certs)
87    http.follow_redirects = False
88    with tests.assert_raises(ssl.SSLError):
89        http.request('https://www.google.com/', 'GET')
90
91
92def test_sni_hostname_validation():
93    # TODO: make explicit test server with SNI validation
94    http = httplib2.Http()
95    http.request('https://google.com/', method='GET')
96