python-tuf/tests/simple_https_server.py

#!/usr/bin/env python

# Copyright 2014 - 2017, New York University and the TUF contributors
# SPDX-License-Identifier: MIT OR Apache-2.0

"""
<Program>
  simple_https_server.py

<Author>
  Vladimir Diaz.

<Started>
  June 17, 2014

<Copyright>
  See LICENSE-MIT OR LICENSE for licensing information.

<Purpose>
  Provide a simple https server that can be used by the unit tests.  For
  example, 'download.py' can connect to the https server started by this module
  to verify that https downloads are permitted.

<Reference>
  ssl.wrap_socket:
    https://docs.python.org/2/library/ssl.html#functions-constants-and-exceptions

  SimpleHTTPServer:
    http://docs.python.org/library/simplehttpserver.html#module-SimpleHTTPServer
"""

# Help with Python 3 compatibility, where the print statement is a function, an
# implicit relative import is invalid, and the '/' operator performs true
# division.  Example:  print 'hello world' raises a 'SyntaxError' exception.
from __future__ import print_function
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals

import sys
import ssl
import os
import six

keyfile = os.path.join('ssl_certs', 'ssl_cert.key')
certfile = os.path.join('ssl_certs', 'ssl_cert.crt')


if len(sys.argv) > 1 and os.path.exists(sys.argv[1]):
    certfile = sys.argv[1]

httpd = six.moves.BaseHTTPServer.HTTPServer(('localhost', 0),
    six.moves.SimpleHTTPServer.SimpleHTTPRequestHandler)

httpd.socket = ssl.wrap_socket(
    httpd.socket, keyfile=keyfile, certfile=certfile, server_side=True)

port_message = 'bind succeeded, server port is: ' \
    + str(httpd.server_address[1])
print(port_message)

if len(sys.argv) > 1 and certfile != sys.argv[1]:
  print('simple_https_server: cert file was not found: ' + sys.argv[1] +
      '; using default: ' + certfile + " certfile")

httpd.serve_forever()
Add the simple https server module. 2014-06-17 14:25:16 +00:00			`#!/usr/bin/env python`

Add copyright and license to test-related files Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com> 2017-11-30 18:33:11 +00:00			`# Copyright 2014 - 2017, New York University and the TUF contributors`
			`# SPDX-License-Identifier: MIT OR Apache-2.0`

Add the simple https server module. 2014-06-17 14:25:16 +00:00			`"""`
			`<Program>`
			`simple_https_server.py`
Add copyright and license to test-related files Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com> 2017-11-30 18:33:11 +00:00
Add the simple https server module. 2014-06-17 14:25:16 +00:00			`<Author>`
			`Vladimir Diaz.`

			`<Started>`
			`June 17, 2014`

			`<Copyright>`
Rename license files in modules Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com> 2018-02-05 16:31:19 +00:00			`See LICENSE-MIT OR LICENSE for licensing information.`
Add the simple https server module. 2014-06-17 14:25:16 +00:00
			`<Purpose>`
			`Provide a simple https server that can be used by the unit tests. For`
			`example, 'download.py' can connect to the https server started by this module`
			`to verify that https downloads are permitted.`
Add copyright and license to test-related files Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com> 2017-11-30 18:33:11 +00:00
Add the simple https server module. 2014-06-17 14:25:16 +00:00			`<Reference>`
			`ssl.wrap_socket:`
			`https://docs.python.org/2/library/ssl.html#functions-constants-and-exceptions`
Add copyright and license to test-related files Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com> 2017-11-30 18:33:11 +00:00
Add the simple https server module. 2014-06-17 14:25:16 +00:00			`SimpleHTTPServer:`
			`http://docs.python.org/library/simplehttpserver.html#module-SimpleHTTPServer`
			`"""`

			`# Help with Python 3 compatibility, where the print statement is a function, an`
			`# implicit relative import is invalid, and the '/' operator performs true`
			`# division. Example: print 'hello world' raises a 'SyntaxError' exception.`
			`from __future__ import print_function`
			`from __future__ import absolute_import`
			`from __future__ import division`
			`from __future__ import unicode_literals`

			`import sys`
			`import ssl`
Test: test download.py w/ untrusted or bad-hostname SSL certs Rewrite test_https_connection to do a more thorough test, including the use of an unknown certificate and the use of a good certificate which lists a hostname not matching that expected in the connection. In the process, made some small changes to the simple_https_server module used in tests (takes an extra argument: certificate file to use). Given the extent of the changes to test_https_connection, I also made some style adjustments to better match our code style guidelines. I also reduced the length of a delay after the https servers started from 1s to 0.2s, as part of a general campaign to speed up the TUF tests. 200ms should do to start the servers, and if not, I'll adjust it upward. Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com> 2018-09-11 19:30:40 +00:00			`import os`
Add import statements for unvendored dependencies in the unit tests 2015-06-02 14:28:02 +00:00			`import six`
Add the simple https server module. 2014-06-17 14:25:16 +00:00
Test: add proxy certs and reorganize certs in test data dir for proxy testing. Also update the test scripts to point to the new location of ssl certificates and ssl keys. Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com> 2018-09-21 16:08:44 +00:00			`keyfile = os.path.join('ssl_certs', 'ssl_cert.key')`
			`certfile = os.path.join('ssl_certs', 'ssl_cert.crt')`
Test: test download.py w/ untrusted or bad-hostname SSL certs Rewrite test_https_connection to do a more thorough test, including the use of an unknown certificate and the use of a good certificate which lists a hostname not matching that expected in the connection. In the process, made some small changes to the simple_https_server module used in tests (takes an extra argument: certificate file to use). Given the extent of the changes to test_https_connection, I also made some style adjustments to better match our code style guidelines. I also reduced the length of a delay after the https servers started from 1s to 0.2s, as part of a general campaign to speed up the TUF tests. 200ms should do to start the servers, and if not, I'll adjust it upward. Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com> 2018-09-11 19:30:40 +00:00
Add the simple https server module. 2014-06-17 14:25:16 +00:00
Make "bind successful" the first server message The current implementation for server startup in TestServerProcess relies on the fact that "bind successful..." is the first message sent by the server process. Make sure that this is true and leave a comment about this. Signed-off-by: Martin Vrachev <mvrachev@vmware.com> 2020-11-04 14:23:18 +00:00			`if len(sys.argv) > 1 and os.path.exists(sys.argv[1]):`
Tests: Queue replace tmp files, OS port creation These changes can be summarized with the following bullets: - Delegate generation of ports used for the tests to the OS - Use thread-safe Queue for processes communication instead of temporary files - Remove all instances of port generation or hardcoded ports - Make test_slow_retrieval.py fully conform with TestServerProcess Delegate generation of ports used for the tests to the OS is much better than if we manually generate them, because there is always a chance that the port we have randomly pick turns out to be taken. By giving 0 to the port argument we ask the OS to give us an arbitrary unused port. Use thread-safe Queue for processes communication instead of temporary files became a necessity because of findings made by Jussi Kukkonen. With the latest changes made in pr 1192 we were rapidly reading from the temporary files and Jussi found that it happened rarely the successful message "bind succeded..." to be corrupted. It seems, this is a thread issue related to the thread redirecting the subprocess stdout to the temp file and our thread rapidly reading from the file. By using a thread-safe Queue we eliminate this possibility. For reference read: https://github.com/theupdateframework/tuf/issues/1196 Lastly, test_slow_retrieval.py and slow_retrieval.py were refactored. Until now, slow_retrieval.py couldn't use the TestServerProcess class from utils.py for a port generation because of a bug related to httpd.handle_request(). Now, when we use httpd.serve_forever() we can refactor both of those files and fully conform with TestServerProcess. Signed-off-by: Martin Vrachev <mvrachev@vmware.com> 2020-10-27 15:28:01 +00:00			`certfile = sys.argv[1]`
Test: test download.py w/ untrusted or bad-hostname SSL certs Rewrite test_https_connection to do a more thorough test, including the use of an unknown certificate and the use of a good certificate which lists a hostname not matching that expected in the connection. In the process, made some small changes to the simple_https_server module used in tests (takes an extra argument: certificate file to use). Given the extent of the changes to test_https_connection, I also made some style adjustments to better match our code style guidelines. I also reduced the length of a delay after the https servers started from 1s to 0.2s, as part of a general campaign to speed up the TUF tests. 200ms should do to start the servers, and if not, I'll adjust it upward. Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com> 2018-09-11 19:30:40 +00:00
Tests: Queue replace tmp files, OS port creation These changes can be summarized with the following bullets: - Delegate generation of ports used for the tests to the OS - Use thread-safe Queue for processes communication instead of temporary files - Remove all instances of port generation or hardcoded ports - Make test_slow_retrieval.py fully conform with TestServerProcess Delegate generation of ports used for the tests to the OS is much better than if we manually generate them, because there is always a chance that the port we have randomly pick turns out to be taken. By giving 0 to the port argument we ask the OS to give us an arbitrary unused port. Use thread-safe Queue for processes communication instead of temporary files became a necessity because of findings made by Jussi Kukkonen. With the latest changes made in pr 1192 we were rapidly reading from the temporary files and Jussi found that it happened rarely the successful message "bind succeded..." to be corrupted. It seems, this is a thread issue related to the thread redirecting the subprocess stdout to the temp file and our thread rapidly reading from the file. By using a thread-safe Queue we eliminate this possibility. For reference read: https://github.com/theupdateframework/tuf/issues/1196 Lastly, test_slow_retrieval.py and slow_retrieval.py were refactored. Until now, slow_retrieval.py couldn't use the TestServerProcess class from utils.py for a port generation because of a bug related to httpd.handle_request(). Now, when we use httpd.serve_forever() we can refactor both of those files and fully conform with TestServerProcess. Signed-off-by: Martin Vrachev <mvrachev@vmware.com> 2020-10-27 15:28:01 +00:00			`httpd = six.moves.BaseHTTPServer.HTTPServer(('localhost', 0),`
			`six.moves.SimpleHTTPServer.SimpleHTTPRequestHandler)`
Add the simple https server module. 2014-06-17 14:25:16 +00:00
Test: test download.py w/ untrusted or bad-hostname SSL certs Rewrite test_https_connection to do a more thorough test, including the use of an unknown certificate and the use of a good certificate which lists a hostname not matching that expected in the connection. In the process, made some small changes to the simple_https_server module used in tests (takes an extra argument: certificate file to use). Given the extent of the changes to test_https_connection, I also made some style adjustments to better match our code style guidelines. I also reduced the length of a delay after the https servers started from 1s to 0.2s, as part of a general campaign to speed up the TUF tests. 200ms should do to start the servers, and if not, I'll adjust it upward. Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com> 2018-09-11 19:30:40 +00:00			`httpd.socket = ssl.wrap_socket(`
			`httpd.socket, keyfile=keyfile, certfile=certfile, server_side=True)`
Add the simple https server module. 2014-06-17 14:25:16 +00:00
Tests: Queue replace tmp files, OS port creation These changes can be summarized with the following bullets: - Delegate generation of ports used for the tests to the OS - Use thread-safe Queue for processes communication instead of temporary files - Remove all instances of port generation or hardcoded ports - Make test_slow_retrieval.py fully conform with TestServerProcess Delegate generation of ports used for the tests to the OS is much better than if we manually generate them, because there is always a chance that the port we have randomly pick turns out to be taken. By giving 0 to the port argument we ask the OS to give us an arbitrary unused port. Use thread-safe Queue for processes communication instead of temporary files became a necessity because of findings made by Jussi Kukkonen. With the latest changes made in pr 1192 we were rapidly reading from the temporary files and Jussi found that it happened rarely the successful message "bind succeded..." to be corrupted. It seems, this is a thread issue related to the thread redirecting the subprocess stdout to the temp file and our thread rapidly reading from the file. By using a thread-safe Queue we eliminate this possibility. For reference read: https://github.com/theupdateframework/tuf/issues/1196 Lastly, test_slow_retrieval.py and slow_retrieval.py were refactored. Until now, slow_retrieval.py couldn't use the TestServerProcess class from utils.py for a port generation because of a bug related to httpd.handle_request(). Now, when we use httpd.serve_forever() we can refactor both of those files and fully conform with TestServerProcess. Signed-off-by: Martin Vrachev <mvrachev@vmware.com> 2020-10-27 15:28:01 +00:00			`port_message = 'bind succeeded, server port is: ' \`
			`+ str(httpd.server_address[1])`
			`print(port_message)`
Make "bind successful" the first server message The current implementation for server startup in TestServerProcess relies on the fact that "bind successful..." is the first message sent by the server process. Make sure that this is true and leave a comment about this. Signed-off-by: Martin Vrachev <mvrachev@vmware.com> 2020-11-04 14:23:18 +00:00
			`if len(sys.argv) > 1 and certfile != sys.argv[1]:`
			`print('simple_https_server: cert file was not found: ' + sys.argv[1] +`
			`'; using default: ' + certfile + " certfile")`

Add the simple https server module. 2014-06-17 14:25:16 +00:00			`httpd.serve_forever()`