linkchecker/tests/checker/test_https.py

# Copyright (C) 2004-2014 Bastian Kleineidam
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
"""
Test https.
"""
import datetime
from unittest.mock import patch

from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from OpenSSL import crypto

from .httpserver import HttpsServerTest, CookieRedirectHttpRequestHandler
from .. import get_file

from linkcheck import httputil


class TestHttps(HttpsServerTest):
    """
    Test https: link checking.
    """

    def __init__(self, methodName="runTest"):
        super().__init__(methodName=methodName)
        self.handler = CookieRedirectHttpRequestHandler

    @classmethod
    def setUpClass(cls):
        key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=2048,
        )

        with open(get_file("https_key.pem"), "wb") as f:
            f.write(key.private_bytes(
                encoding=serialization.Encoding.PEM,
                format=serialization.PrivateFormat.TraditionalOpenSSL,
                encryption_algorithm=serialization.NoEncryption(),
            ))

        subject = issuer = x509.Name([
            x509.NameAttribute(NameOID.ORGANIZATION_NAME, "LinkChecker"),
            x509.NameAttribute(NameOID.COMMON_NAME, "linkchecker.github.io"),
        ])

        cert = x509.CertificateBuilder().subject_name(
            subject
        ).issuer_name(
            issuer
        ).public_key(
            key.public_key()
        ).serial_number(
            x509.random_serial_number()
        ).not_valid_before(
            datetime.datetime.now(datetime.timezone.utc)
        ).not_valid_after(
            datetime.datetime(2119, 1, 2, 3, 4, 5)
        ).add_extension(
            x509.SubjectAlternativeName([x509.DNSName("localhost")]),
            critical=False,
        ).sign(key, hashes.SHA256())

        with open(get_file("https_cert.pem"), "wb") as f:
            f.write(cert.public_bytes(serialization.Encoding.PEM))

    def test_https(self):
        url = self.get_url("")
        resultlines = [
            "url %s" % url,
            "cache key %s" % url,
            "real url %s" % url,
            "valid",
        ]
        confargs = dict(sslverify=get_file("https_cert.pem"))
        with patch.dict("os.environ",
                        {"REQUESTS_CA_BUNDLE": get_file("https_cert.pem")}):
            self.direct(url, resultlines, recursionlevel=0, confargs=confargs)

    def test_x509_to_dict(self):
        with open(get_file("https_cert.pem"), "rb") as f:
            cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
        self.assertEqual(
            httputil.x509_to_dict(cert)["notAfter"], "Jan 02 03:04:05 2119 GMT"
        )
Introduce check plugins, use Python requests for http/s connections, and some code cleanups and improvements. 2014-02-28 23:12:34 +00:00			`# Copyright (C) 2004-2014 Bastian Kleineidam`
added git-svn-id: https://linkchecker.svn.sourceforge.net/svnroot/linkchecker/trunk/linkchecker@2949 e7d03fd6-7b0d-0410-9947-9c21f3af8025 2005-12-07 21:55:16 +00:00			`#`
			`# This program is free software; you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation; either version 2 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
Updated FSF address in GPL blurb 2009-07-24 21:58:20 +00:00			`# You should have received a copy of the GNU General Public License along`
			`# with this program; if not, write to the Free Software Foundation, Inc.,`
			`# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.`
added git-svn-id: https://linkchecker.svn.sourceforge.net/svnroot/linkchecker/trunk/linkchecker@2949 e7d03fd6-7b0d-0410-9947-9c21f3af8025 2005-12-07 21:55:16 +00:00			`"""`
Enable https checking using a test server Verification has to be turned off because we are using a self-signed certificate. 2019-11-11 20:12:25 +00:00			`Test https.`
added git-svn-id: https://linkchecker.svn.sourceforge.net/svnroot/linkchecker/trunk/linkchecker@2949 e7d03fd6-7b0d-0410-9947-9c21f3af8025 2005-12-07 21:55:16 +00:00			`"""`
Use cryptography to generate certificate in TestHttps Replacing deprecated use of pyOpenSSL. linkchecker/tests/checker/test_https.py:45: DeprecationWarning: X509Extension support in pyOpenSSL is deprecated. You should use the APIs in cryptography. [crypto.X509Extension(b"subjectAltName", False, b"DNS:localhost")]) 2023-11-07 19:30:59 +00:00			`import datetime`
Enable certificate verification during https test 2021-11-22 19:27:18 +00:00			`from unittest.mock import patch`

Use cryptography to generate certificate in TestHttps Replacing deprecated use of pyOpenSSL. linkchecker/tests/checker/test_https.py:45: DeprecationWarning: X509Extension support in pyOpenSSL is deprecated. You should use the APIs in cryptography. [crypto.X509Extension(b"subjectAltName", False, b"DNS:localhost")]) 2023-11-07 19:30:59 +00:00			`from cryptography import x509`
			`from cryptography.x509.oid import NameOID`
			`from cryptography.hazmat.primitives import hashes, serialization`
			`from cryptography.hazmat.primitives.asymmetric import rsa`
Enable https checking using a test server Verification has to be turned off because we are using a self-signed certificate. 2019-11-11 20:12:25 +00:00			`from OpenSSL import crypto`
Mark TestHttps.test_https as known to fail This test depends on the way http://amazon.com/ works. I don't think that's a good idea. 2017-02-01 16:44:21 +00:00
Enable https checking using a test server Verification has to be turned off because we are using a self-signed certificate. 2019-11-11 20:12:25 +00:00			`from .httpserver import HttpsServerTest, CookieRedirectHttpRequestHandler`
			`from .. import get_file`
added git-svn-id: https://linkchecker.svn.sourceforge.net/svnroot/linkchecker/trunk/linkchecker@2949 e7d03fd6-7b0d-0410-9947-9c21f3af8025 2005-12-07 21:55:16 +00:00
Fix TypeError when checking https link and test File "/usr/lib/python3.7/site-packages/linkcheck/httputil.py", line 68, in asn1_generaltime_to_seconds line: res = datetime.strptime(timestr, timeformat + 'Z') locals: res = <local> None datetime = <global> <class 'datetime.datetime'> datetime.strptime = <global> <built-in method strptime of type object at 0x7fa39064dda0> timestr = <local> b'20191106202117Z' timeformat = <local> '%Y%m%d%H%M%S' TypeError: strptime() argument 1 must be str, not bytes pyOpenSSL OpenSSL.crypto.X509.get_notAfter() returns bytes: https://www.pyopenssl.org/en/stable/api/crypto.html#OpenSSL.crypto.X509.get_notAfter 2019-11-11 20:12:25 +00:00			`from linkcheck import httputil`

added git-svn-id: https://linkchecker.svn.sourceforge.net/svnroot/linkchecker/trunk/linkchecker@2949 e7d03fd6-7b0d-0410-9947-9c21f3af8025 2005-12-07 21:55:16 +00:00
Enable https checking using a test server Verification has to be turned off because we are using a self-signed certificate. 2019-11-11 20:12:25 +00:00			`class TestHttps(HttpsServerTest):`
added git-svn-id: https://linkchecker.svn.sourceforge.net/svnroot/linkchecker/trunk/linkchecker@2949 e7d03fd6-7b0d-0410-9947-9c21f3af8025 2005-12-07 21:55:16 +00:00			`"""`
			`Test https: link checking.`
			`"""`

Run black on tests/ 2020-05-28 19:29:13 +00:00			`def __init__(self, methodName="runTest"):`
Convert to Python 3 super() 2020-06-03 19:06:36 +00:00			`super().__init__(methodName=methodName)`
Enable https checking using a test server Verification has to be turned off because we are using a self-signed certificate. 2019-11-11 20:12:25 +00:00			`self.handler = CookieRedirectHttpRequestHandler`

			`@classmethod`
			`def setUpClass(cls):`
Use cryptography to generate certificate in TestHttps Replacing deprecated use of pyOpenSSL. linkchecker/tests/checker/test_https.py:45: DeprecationWarning: X509Extension support in pyOpenSSL is deprecated. You should use the APIs in cryptography. [crypto.X509Extension(b"subjectAltName", False, b"DNS:localhost")]) 2023-11-07 19:30:59 +00:00			`key = rsa.generate_private_key(`
			`public_exponent=65537,`
			`key_size=2048,`
			`)`

Enable https checking using a test server Verification has to be turned off because we are using a self-signed certificate. 2019-11-11 20:12:25 +00:00			`with open(get_file("https_key.pem"), "wb") as f:`
Use cryptography to generate certificate in TestHttps Replacing deprecated use of pyOpenSSL. linkchecker/tests/checker/test_https.py:45: DeprecationWarning: X509Extension support in pyOpenSSL is deprecated. You should use the APIs in cryptography. [crypto.X509Extension(b"subjectAltName", False, b"DNS:localhost")]) 2023-11-07 19:30:59 +00:00			`f.write(key.private_bytes(`
			`encoding=serialization.Encoding.PEM,`
			`format=serialization.PrivateFormat.TraditionalOpenSSL,`
			`encryption_algorithm=serialization.NoEncryption(),`
			`))`

			`subject = issuer = x509.Name([`
			`x509.NameAttribute(NameOID.ORGANIZATION_NAME, "LinkChecker"),`
			`x509.NameAttribute(NameOID.COMMON_NAME, "linkchecker.github.io"),`
			`])`

			`cert = x509.CertificateBuilder().subject_name(`
			`subject`
			`).issuer_name(`
			`issuer`
			`).public_key(`
			`key.public_key()`
			`).serial_number(`
			`x509.random_serial_number()`
			`).not_valid_before(`
			`datetime.datetime.now(datetime.timezone.utc)`
			`).not_valid_after(`
			`datetime.datetime(2119, 1, 2, 3, 4, 5)`
			`).add_extension(`
			`x509.SubjectAlternativeName([x509.DNSName("localhost")]),`
			`critical=False,`
			`).sign(key, hashes.SHA256())`

Enable https checking using a test server Verification has to be turned off because we are using a self-signed certificate. 2019-11-11 20:12:25 +00:00			`with open(get_file("https_cert.pem"), "wb") as f:`
Use cryptography to generate certificate in TestHttps Replacing deprecated use of pyOpenSSL. linkchecker/tests/checker/test_https.py:45: DeprecationWarning: X509Extension support in pyOpenSSL is deprecated. You should use the APIs in cryptography. [crypto.X509Extension(b"subjectAltName", False, b"DNS:localhost")]) 2023-11-07 19:30:59 +00:00			`f.write(cert.public_bytes(serialization.Encoding.PEM))`
Enable https checking using a test server Verification has to be turned off because we are using a self-signed certificate. 2019-11-11 20:12:25 +00:00
Remove spaces after names in class method definitions And also nested functions. This is a PEP 8 convention, E211. 2020-05-16 19:19:42 +00:00			`def test_https(self):`
Enable https checking using a test server Verification has to be turned off because we are using a self-signed certificate. 2019-11-11 20:12:25 +00:00			`url = self.get_url("")`
added git-svn-id: https://linkchecker.svn.sourceforge.net/svnroot/linkchecker/trunk/linkchecker@2949 e7d03fd6-7b0d-0410-9947-9c21f3af8025 2005-12-07 21:55:16 +00:00			`resultlines = [`
Remove u string prefixes 2020-04-30 19:11:59 +00:00			`"url %s" % url,`
			`"cache key %s" % url,`
			`"real url %s" % url,`
			`"valid",`
added git-svn-id: https://linkchecker.svn.sourceforge.net/svnroot/linkchecker/trunk/linkchecker@2949 e7d03fd6-7b0d-0410-9947-9c21f3af8025 2005-12-07 21:55:16 +00:00			`]`
Resolve InsecureRequestWarning for test_https 2024-08-27 18:40:32 +00:00			`confargs = dict(sslverify=get_file("https_cert.pem"))`
Enable certificate verification during https test 2021-11-22 19:27:18 +00:00			`with patch.dict("os.environ",`
			`{"REQUESTS_CA_BUNDLE": get_file("https_cert.pem")}):`
			`self.direct(url, resultlines, recursionlevel=0, confargs=confargs)`
Fix TypeError when checking https link and test File "/usr/lib/python3.7/site-packages/linkcheck/httputil.py", line 68, in asn1_generaltime_to_seconds line: res = datetime.strptime(timestr, timeformat + 'Z') locals: res = <local> None datetime = <global> <class 'datetime.datetime'> datetime.strptime = <global> <built-in method strptime of type object at 0x7fa39064dda0> timestr = <local> b'20191106202117Z' timeformat = <local> '%Y%m%d%H%M%S' TypeError: strptime() argument 1 must be str, not bytes pyOpenSSL OpenSSL.crypto.X509.get_notAfter() returns bytes: https://www.pyopenssl.org/en/stable/api/crypto.html#OpenSSL.crypto.X509.get_notAfter 2019-11-11 20:12:25 +00:00
			`def test_x509_to_dict(self):`
			`with open(get_file("https_cert.pem"), "rb") as f:`
			`cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())`
Run black on tests/ 2020-05-28 19:29:13 +00:00			`self.assertEqual(`
			`httputil.x509_to_dict(cert)["notAfter"], "Jan 02 03:04:05 2119 GMT"`
			`)`