78 lines
2.0 KiB
Python
78 lines
2.0 KiB
Python
"""Regression tests for the uvicorn TLS scope monkey-patch."""
|
|
from __future__ import annotations
|
|
|
|
from typing import Any
|
|
|
|
import pytest
|
|
|
|
|
|
class _FakeSSLObject:
|
|
def __init__(self, der: bytes) -> None:
|
|
self._der = der
|
|
|
|
def getpeercert(self, binary_form: bool = False) -> bytes:
|
|
assert binary_form is True
|
|
return self._der
|
|
|
|
|
|
class _FakeTransport:
|
|
def __init__(self, ssl_obj: Any = None) -> None:
|
|
self._ssl = ssl_obj
|
|
|
|
def get_extra_info(self, key: str) -> Any:
|
|
if key == "ssl_object":
|
|
return self._ssl
|
|
return None
|
|
|
|
|
|
def _make_cycle_cls():
|
|
class Cycle:
|
|
def __init__(self, scope: dict, transport: Any = None) -> None:
|
|
self.scope = scope
|
|
self.transport = transport
|
|
return Cycle
|
|
|
|
|
|
def test_wrap_cycle_injects_cert_into_scope() -> None:
|
|
from decnet.web._uvicorn_tls_scope import _wrap_cycle_init
|
|
|
|
Cycle = _make_cycle_cls()
|
|
_wrap_cycle_init(Cycle)
|
|
|
|
scope: dict = {"type": "http"}
|
|
transport = _FakeTransport(_FakeSSLObject(b"\x30\x82der"))
|
|
Cycle(scope, transport=transport)
|
|
|
|
assert scope["extensions"]["tls"]["client_cert_chain"] == [b"\x30\x82der"]
|
|
|
|
|
|
def test_wrap_cycle_noop_when_no_ssl() -> None:
|
|
from decnet.web._uvicorn_tls_scope import _wrap_cycle_init
|
|
|
|
Cycle = _make_cycle_cls()
|
|
_wrap_cycle_init(Cycle)
|
|
|
|
scope: dict = {"type": "http"}
|
|
Cycle(scope, transport=_FakeTransport(ssl_obj=None))
|
|
|
|
assert "extensions" not in scope or "tls" not in scope.get("extensions", {})
|
|
|
|
|
|
def test_wrap_cycle_noop_when_empty_der() -> None:
|
|
from decnet.web._uvicorn_tls_scope import _wrap_cycle_init
|
|
|
|
Cycle = _make_cycle_cls()
|
|
_wrap_cycle_init(Cycle)
|
|
|
|
scope: dict = {"type": "http"}
|
|
Cycle(scope, transport=_FakeTransport(_FakeSSLObject(b"")))
|
|
|
|
assert "extensions" not in scope or "tls" not in scope.get("extensions", {})
|
|
|
|
|
|
def test_install_is_idempotent() -> None:
|
|
from decnet.web import _uvicorn_tls_scope as mod
|
|
|
|
mod.install()
|
|
mod.install() # second call must not double-wrap
|