1# Copyright 2020 Google LLC 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14 15import mock 16import pytest 17 18from google.auth import exceptions 19from google.auth.transport import mtls 20 21 22@mock.patch( 23 "google.auth.transport._mtls_helper._check_dca_metadata_path", autospec=True 24) 25def test_has_default_client_cert_source(check_dca_metadata_path): 26 check_dca_metadata_path.return_value = mock.Mock() 27 assert mtls.has_default_client_cert_source() 28 29 check_dca_metadata_path.return_value = None 30 assert not mtls.has_default_client_cert_source() 31 32 33@mock.patch("google.auth.transport._mtls_helper.get_client_cert_and_key", autospec=True) 34@mock.patch("google.auth.transport.mtls.has_default_client_cert_source", autospec=True) 35def test_default_client_cert_source( 36 has_default_client_cert_source, get_client_cert_and_key 37): 38 # Test default client cert source doesn't exist. 39 has_default_client_cert_source.return_value = False 40 with pytest.raises(exceptions.MutualTLSChannelError): 41 mtls.default_client_cert_source() 42 43 # The following tests will assume default client cert source exists. 44 has_default_client_cert_source.return_value = True 45 46 # Test good callback. 47 get_client_cert_and_key.return_value = (True, b"cert", b"key") 48 callback = mtls.default_client_cert_source() 49 assert callback() == (b"cert", b"key") 50 51 # Test bad callback which throws exception. 52 get_client_cert_and_key.side_effect = ValueError() 53 callback = mtls.default_client_cert_source() 54 with pytest.raises(exceptions.MutualTLSChannelError): 55 callback() 56 57 58@mock.patch( 59 "google.auth.transport._mtls_helper.get_client_ssl_credentials", autospec=True 60) 61@mock.patch("google.auth.transport.mtls.has_default_client_cert_source", autospec=True) 62def test_default_client_encrypted_cert_source( 63 has_default_client_cert_source, get_client_ssl_credentials 64): 65 # Test default client cert source doesn't exist. 66 has_default_client_cert_source.return_value = False 67 with pytest.raises(exceptions.MutualTLSChannelError): 68 mtls.default_client_encrypted_cert_source("cert_path", "key_path") 69 70 # The following tests will assume default client cert source exists. 71 has_default_client_cert_source.return_value = True 72 73 # Test good callback. 74 get_client_ssl_credentials.return_value = (True, b"cert", b"key", b"passphrase") 75 callback = mtls.default_client_encrypted_cert_source("cert_path", "key_path") 76 with mock.patch("{}.open".format(__name__), return_value=mock.MagicMock()): 77 assert callback() == ("cert_path", "key_path", b"passphrase") 78 79 # Test bad callback which throws exception. 80 get_client_ssl_credentials.side_effect = exceptions.ClientCertError() 81 callback = mtls.default_client_encrypted_cert_source("cert_path", "key_path") 82 with pytest.raises(exceptions.MutualTLSChannelError): 83 callback() 84