diff --git a/tests/test_cli.py b/tests/test_cli.py index eb4dde0..cdf40d8 100644 --- a/tests/test_cli.py +++ b/tests/test_cli.py @@ -1,15 +1,22 @@ import os import requests +from falcon import testing from click.testing import CliRunner from certidude.cli import entry_point as cli from datetime import datetime, timedelta from cryptography.hazmat.primitives import hashes, serialization from cryptography.x509.oid import NameOID -import thread +import pytest from xattr import setxattr runner = CliRunner() +@pytest.fixture(scope='module') +def client(): + from certidude.api import certidude_app + return testing.TestClient(certidude_app()) + + def test_cli_setup_authority(): result = runner.invoke(cli, ['setup', 'authority']) assert not result.exception @@ -21,7 +28,9 @@ def test_cli_setup_authority(): assert authority.ca_cert.not_valid_before < datetime.now() assert authority.ca_cert.not_valid_after > datetime.now() + timedelta(days=7000) - thread.start_new_thread(runner.invoke, (cli, ['serve', '-p', '8080'])) + # Try starting up forked server + result = runner.invoke(cli, ['serve', '-f', '-p', '8080']) + assert not result.exception from cryptography import x509 from cryptography.hazmat.primitives.asymmetric import rsa, padding @@ -39,7 +48,7 @@ def test_cli_setup_authority(): csr.sign(key, hashes.SHA256(), default_backend()).public_bytes(serialization.Encoding.PEM)) # Check that we can retrieve empty CRL - r = requests.get("http://localhost:8080/api/revoked") + r = client().simulate_get("/api/revoked/") assert r.status_code == 200 result = runner.invoke(cli, ['list', '-srv']) @@ -62,43 +71,43 @@ def test_cli_setup_authority(): # Test CA certificate fetch - r = requests.get("http://localhost:8080/api/certificate") + r = client().simulate_get("/api/certificate") assert r.status_code == 200 assert r.headers.get('content-type') == "application/x-x509-ca-cert" # Test signed certificate API call - r = requests.get("http://localhost:8080/api/signed/test2") + r = client().simulate_get("/api/signed/test2") assert r.status_code == 200 assert r.headers.get('content-type') == "application/x-pem-file" - r = requests.get("http://localhost:8080/api/signed/test2", headers={"Accept":"application/json"}) + r = client().simulate_get("/api/signed/test2", headers={"Accept":"application/json"}) assert r.status_code == 200 assert r.headers.get('content-type') == "application/json" # Test revocations API call - r = requests.get("http://localhost:8080/api/revoked") + r = client().simulate_get("/api/revoked") assert r.status_code == 200 assert r.headers.get('content-type') == "application/x-pkcs7-crl" - r = requests.get("http://localhost:8080/api/revoked", + r = client().simulate_get("/api/revoked", headers={"Accept":"application/x-pem-file"}) assert r.status_code == 200 assert r.headers.get('content-type') == "application/x-pem-file" # Test attribute fetching API call - r = requests.get("http://localhost:8080/api/signed/test2/attr/") + r = client().simulate_get("/api/signed/test2/attr/") assert r.status_code == 403 path, _, _ = authority.get_signed("test2") setxattr(path, "user.lease.address", b"127.0.0.1") - r = requests.get("http://localhost:8080/api/signed/test2/attr/") + r = client().simulate_get("/api/signed/test2/attr/") assert r.status_code == 200 # Tags should not be visible anonymously - r = requests.get("http://localhost:8080/api/signed/test2/tag/") + r = client().simulate_get("/api/signed/test2/tag/") assert r.status_code == 401 @@ -108,3 +117,6 @@ def test_cli_setup_authority(): result = runner.invoke(cli, ['revoke', 'test3']) assert not result.exception + + +