git » kxd » commit db33d92

tests: Add tests for some common error cases

author Alberto Bertogli
2024-08-15 23:31:24 UTC
committer Alberto Bertogli
2024-09-08 09:33:43 UTC
parent 2e76d3ba23b9e67cc309837ff603b6d7d85efd6a
tests: Add tests for some common error cases
tests/bad_cert/cert.pem +18 -0
tests/run_tests +47 -1 
diff --git a/tests/bad_cert/cert.pem b/tests/bad_cert/cert.pem
new file mode 100644
index 0000000..951b130
--- /dev/null
+++ b/tests/bad_cert/cert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+abcdefCCAeOgAwIBAgIIJua2egAlPEQwDQYJKoZIhvcNAQELBQAwGzEZMBcGA1UE
+ChMQa3hkLXRlc3RzLXNlcnZlcjAeFw0yNDA4MTUxOTAxMTdaFw0zNDA4MTMxOTAx
+MTdaMBsxGTAXBgNVBAoTEGt4ZC10ZXN0cy1zZXJ2ZXIwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDy3sYvXUnIm591qIWWbn3iTUyKl7ncWmGSQJ8XWXaz
+NwbNuINBy6bTf8H6BP20sCWQWYRTKYELGmZLp4fUme33y0xNnFpcbR5tqKI8SQOX
+wvCk3ox3xUnBEr7t0gHhSDVrhPRMWsWVlgPw4t3MgoDk/J97uAwGnfCXiMWZL3tM
+fFgrJja73RmzsbjamS/yjp7A6jLLe0MH/o73zaNJsyTeit6uTwU9PBEHzLgH0Udi
+97y/MQ/MQs0Wn1JtTbvV5HQSHrlwVkSQY1feSNBERnCs/l5B9CYoPX3o3a3UtyyX
+jMy6eSt3bio0Du5jYR9VoIi94FJ8SJlNgPXVgnPLr8XjAgMBAAGjQzBBMA4GA1Ud
+DwEB/wQEAwICpDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMAwG
+A1UdEQQFMAOCASowDQYJKoZIhvcNAQELBQADggEBACAGsja7xV92lyefwXDX3ZWw
+hQ5b/t5WGSXdQNG4oYWpU+EfTNU79j2Sr/RcZ/8YD6weYL75ONW2BeOTQ9Iev5du
+XAVcfgiAjz8zRru+hH7xausFJM1I5e3nhWSzAyBiyJxzSBcBUWhiNrSvStjvigTs
+XT34FYR9p+7ZGFljQlD5eeh7E5cV6UA9wIE2vXTshDCyZdoDqEoXj3HYw/sJtOdf
+kRZlOuK6GXJFxoZBIa5cJFSgq618UjwErFG7frsAKr9Da8sXBQMThMDz37mZlRST
+r3M2b4+Z13YRtFlWmqpg8HbOjBJEgPvWf6GfXiqWf6d9IxptMFk2u80IIDi38A8=
+-----END CERTIFICATE-----
diff --git a/tests/run_tests b/tests/run_tests
index 45ebfc4..dfb75c2 100755
--- a/tests/run_tests
+++ b/tests/run_tests
@@ -252,7 +252,6 @@ class Simple(TestCase):
         self.server.new_key(
             "k1",
             allowed_clients=[self.client.cert()],
-
             # Depending on the self.server.host, the client may connect to it
             # from localhost or from another IP; since it is unpredictable we
             # should allow both.
@@ -391,6 +390,41 @@ class CertFor127_0_0_1(Simple):
         self.assertEqual(key, self.server.keys["k1"])
 
 
+class CommonErrors(TestCase):
+    """Simple test cases for common errors."""
+
+    def test_invalid_schema(self):
+        self.assertClientFails("invalidschema://a/b", "unsupported URL schema")
+
+    def test_invalid_url(self):
+        self.assertClientFails(
+            " http://invalid/url",
+            "first path segment in URL cannot contain colon",
+        )
+
+    def test_empty_server_cert(self):
+        self.assertClientFails(
+            "kxd://localhost/k1",
+            "Failed to load server certs: error appending certificates",
+            cert_path="/dev/null",
+        )
+
+    def test_unknown_server_cert_file(self):
+        self.assertClientFails(
+            "kxd://localhost/k1",
+            "open /does/not/exist: no such file or directory",
+            cert_path="/does/not/exist",
+        )
+
+    def test_bad_server_cert_file(self):
+        test_dir = os.path.dirname(os.path.realpath(__file__))
+        self.assertClientFails(
+            "kxd://localhost/k1",
+            "x509: malformed certificate",
+            cert_path=test_dir + "/bad_cert/cert.pem",
+        )
+
+
 class Multiples(TestCase):
     """Tests for multiple clients and keys."""
 
@@ -519,6 +553,18 @@ class TrickyRequests(TestCase):
         # Permanently.
         self.assertEqual(response.status, 301)
 
+    def test_invalid_path(self):
+        conn = self.https_connection(
+            "localhost",
+            19840,
+            key_file=self.client.key_path(),
+            cert_file=self.client.cert_path(),
+        )
+        conn.request("GET", "/v1/a..b")
+        response = conn.getresponse()
+        conn.close()
+        self.assertEqual(response.status, 406)
+
     def test_server_cert(self):
         rawsock = socket.create_connection(("localhost", 19840))
         context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)