test_mtls.py 3.3 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
  1. # Copyright 2020 Google LLC
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License");
  4. # you may not use this file except in compliance with the License.
  5. # You may obtain a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS,
  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. # See the License for the specific language governing permissions and
  13. # limitations under the License.
  14. import mock
  15. import pytest
  16. from google.auth import exceptions
  17. from google.auth.transport import mtls
  18. @mock.patch(
  19. "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True
  20. )
  21. def test_has_default_client_cert_source(check_dca_metadata_path):
  22. check_dca_metadata_path.return_value = mock.Mock()
  23. assert mtls.has_default_client_cert_source()
  24. check_dca_metadata_path.return_value = None
  25. assert not mtls.has_default_client_cert_source()
  26. @mock.patch("google.auth.transport._mtls_helper.get_client_cert_and_key", autospec=True)
  27. @mock.patch("google.auth.transport.mtls.has_default_client_cert_source", autospec=True)
  28. def test_default_client_cert_source(
  29. has_default_client_cert_source, get_client_cert_and_key
  30. ):
  31. # Test default client cert source doesn't exist.
  32. has_default_client_cert_source.return_value = False
  33. with pytest.raises(exceptions.MutualTLSChannelError):
  34. mtls.default_client_cert_source()
  35. # The following tests will assume default client cert source exists.
  36. has_default_client_cert_source.return_value = True
  37. # Test good callback.
  38. get_client_cert_and_key.return_value = (True, b"cert", b"key")
  39. callback = mtls.default_client_cert_source()
  40. assert callback() == (b"cert", b"key")
  41. # Test bad callback which throws exception.
  42. get_client_cert_and_key.side_effect = ValueError()
  43. callback = mtls.default_client_cert_source()
  44. with pytest.raises(exceptions.MutualTLSChannelError):
  45. callback()
  46. @mock.patch(
  47. "google.auth.transport._mtls_helper.get_client_ssl_credentials", autospec=True
  48. )
  49. @mock.patch("google.auth.transport.mtls.has_default_client_cert_source", autospec=True)
  50. def test_default_client_encrypted_cert_source(
  51. has_default_client_cert_source, get_client_ssl_credentials
  52. ):
  53. # Test default client cert source doesn't exist.
  54. has_default_client_cert_source.return_value = False
  55. with pytest.raises(exceptions.MutualTLSChannelError):
  56. mtls.default_client_encrypted_cert_source("cert_path", "key_path")
  57. # The following tests will assume default client cert source exists.
  58. has_default_client_cert_source.return_value = True
  59. # Test good callback.
  60. get_client_ssl_credentials.return_value = (True, b"cert", b"key", b"passphrase")
  61. callback = mtls.default_client_encrypted_cert_source("cert_path", "key_path")
  62. with mock.patch("{}.open".format(__name__), return_value=mock.MagicMock()):
  63. assert callback() == ("cert_path", "key_path", b"passphrase")
  64. # Test bad callback which throws exception.
  65. get_client_ssl_credentials.side_effect = exceptions.ClientCertError()
  66. callback = mtls.default_client_encrypted_cert_source("cert_path", "key_path")
  67. with pytest.raises(exceptions.MutualTLSChannelError):
  68. callback()