ClientTlsContext tests and rename-o-rama (#68)

The arguments to these functions confused me so I renamed them.

Author: graebm

awscrt/io.py

@@ -129,9 +129,9 @@ class TlsVersion(IntEnum):
 
 class TlsContextOptions(object):
     __slots__ = (
-        'min_tls_ver', 'ca_path', 'ca_buffer', 'alpn_list',
+        'min_tls_ver', 'ca_dirpath', 'ca_buffer', 'alpn_list',
         'certificate_buffer', 'private_key_buffer',
-        'pkcs12_path', 'pkcs12_password', 'verify_peer')
+        'pkcs12_filepath', 'pkcs12_password', 'verify_peer')
 
     def __init__(self):
 
@@ -141,31 +141,30 @@ def __init__(self):
         self.min_tls_ver = TlsVersion.DEFAULT
         self.verify_peer = True
 
-    def override_default_trust_store_from_path(self, ca_path, ca_file):
+    def override_default_trust_store_from_path(self, ca_dirpath, ca_filepath):
 
-        assert isinstance_str(ca_path) or ca_path is None
-        assert isinstance_str(ca_file) or ca_file is None
+        assert isinstance_str(ca_dirpath) or ca_dirpath is None
+        assert isinstance_str(ca_filepath) or ca_filepath is None
 
-        ca_buffer = None
-        if ca_file:
-            ca_buffer = _read_binary_file(ca_file)
+        if ca_filepath:
+            ca_buffer = _read_binary_file(ca_filepath)
+            self.override_default_trust_store(ca_buffer)
 
-        self.ca_path = ca_path
-        self.override_default_trust_store(ca_buffer)
+        self.ca_dirpath = ca_dirpath
 
     def override_default_trust_store(self, rootca_buffer):
         assert isinstance(rootca_buffer, bytes)
 
         self.ca_buffer = rootca_buffer
 
     @staticmethod
-    def create_client_with_mtls_from_path(cert_path, pk_path):
+    def create_client_with_mtls_from_path(cert_filepath, pk_filepath):
 
-        assert isinstance_str(cert_path)
-        assert isinstance_str(pk_path)
+        assert isinstance_str(cert_filepath)
+        assert isinstance_str(pk_filepath)
 
-        cert_buffer = _read_binary_file(cert_path)
-        key_buffer = _read_binary_file(pk_path)
+        cert_buffer = _read_binary_file(cert_filepath)
+        key_buffer = _read_binary_file(pk_filepath)
 
         return TlsContextOptions.create_client_with_mtls(cert_buffer, key_buffer)
 
@@ -182,25 +181,25 @@ def create_client_with_mtls(cert_buffer, key_buffer):
         return opt
 
     @staticmethod
-    def create_client_with_mtls_pkcs12(pkcs12_path, pkcs12_password):
+    def create_client_with_mtls_pkcs12(pkcs12_filepath, pkcs12_password):
 
-        assert isinstance_str(pkcs12_path)
+        assert isinstance_str(pkcs12_filepath)
         assert isinstance_str(pkcs12_password)
 
         opt = TlsContextOptions()
-        opt.pkcs12_path = pkcs12_path
+        opt.pkcs12_filepath = pkcs12_filepath
         opt.pkcs12_password = pkcs12_password
         opt.verify_peer = True
         return opt
 
     @staticmethod
-    def create_server_from_path(cert_path, pk_path):
+    def create_server_from_path(cert_filepath, pk_filepath):
 
-        assert isinstance_str(cert_path)
-        assert isinstance_str(pk_path)
+        assert isinstance_str(cert_filepath)
+        assert isinstance_str(pk_filepath)
 
-        cert_buffer = _read_binary_file(cert_path)
-        key_buffer = _read_binary_file(pk_path)
+        cert_buffer = _read_binary_file(cert_filepath)
+        key_buffer = _read_binary_file(pk_filepath)
 
         return TlsContextOptions.create_server(cert_buffer, key_buffer)
 
@@ -216,13 +215,13 @@ def create_server(cert_buffer, key_buffer):
         return opt
 
     @staticmethod
-    def create_server_pkcs12(pkcs12_path, pkcs12_password):
+    def create_server_pkcs12(pkcs12_filepath, pkcs12_password):
 
-        assert isinstance_str(pkcs12_path)
+        assert isinstance_str(pkcs12_filepath)
         assert isinstance_str(pkcs12_password)
 
         opt = TlsContextOptions()
-        opt.pkcs12_path = pkcs12_path
+        opt.pkcs12_filepath = pkcs12_filepath
         opt.pkcs12_password = pkcs12_password
         opt.verify_peer = False
         return opt
@@ -237,12 +236,12 @@ def __init__(self, options):
         super(ClientTlsContext, self).__init__()
         self._binding = _awscrt.client_tls_ctx_new(
             options.min_tls_ver.value,
-            options.ca_path,
+            options.ca_dirpath,
             options.ca_buffer,
             options.alpn_list,
             options.certificate_buffer,
             options.private_key_buffer,
-            options.pkcs12_path,
+            options.pkcs12_filepath,
             options.pkcs12_password,
             options.verify_peer
         )

source/io.c

@@ -369,30 +369,30 @@ PyObject *aws_py_client_tls_ctx_new(PyObject *self, PyObject *args) {
     struct aws_allocator *allocator = aws_py_get_allocator();
 
     int min_tls_version;
-    const char *ca_path;
+    const char *ca_dirpath;
     const char *ca_buffer;
     Py_ssize_t ca_buffer_len;
     const char *alpn_list;
     const char *certificate_buffer;
     Py_ssize_t certificate_buffer_len;
     const char *private_key_buffer;
     Py_ssize_t private_key_buffer_len;
-    const char *pkcs12_path;
+    const char *pkcs12_filepath;
     const char *pkcs12_password;
     uint8_t verify_peer;
     if (!PyArg_ParseTuple(
             args,
             "bzz#zz#z#zzb",
             &min_tls_version,
-            &ca_path,
+            &ca_dirpath,
             &ca_buffer,
             &ca_buffer_len,
             &alpn_list,
             &certificate_buffer,
             &certificate_buffer_len,
             &private_key_buffer,
             &private_key_buffer_len,
-            &pkcs12_path,
+            &pkcs12_filepath,
             &pkcs12_password,
             &verify_peer)) {
         return NULL;
@@ -415,8 +415,8 @@ PyObject *aws_py_client_tls_ctx_new(PyObject *self, PyObject *args) {
 
     ctx_options.minimum_tls_version = min_tls_version;
 
-    if (ca_path) {
-        if (aws_tls_ctx_options_override_default_trust_store_from_path(&ctx_options, ca_path, NULL)) {
+    if (ca_dirpath) {
+        if (aws_tls_ctx_options_override_default_trust_store_from_path(&ctx_options, ca_dirpath, NULL)) {
             PyErr_SetAwsLastError();
             goto ctx_options_failure;
         }
@@ -438,9 +438,10 @@ PyObject *aws_py_client_tls_ctx_new(PyObject *self, PyObject *args) {
     }
 
 #ifdef __APPLE__
-    if (pkcs12_path && pkcs12_password) {
+    if (pkcs12_filepath && pkcs12_password) {
         struct aws_byte_cursor password = aws_byte_cursor_from_c_str(pkcs12_password);
-        if (aws_tls_ctx_options_init_client_mtls_pkcs12_from_path(&ctx_options, allocator, pkcs12_path, &password)) {
+        if (aws_tls_ctx_options_init_client_mtls_pkcs12_from_path(
+                &ctx_options, allocator, pkcs12_filepath, &password)) {
             PyErr_SetAwsLastError();
             goto ctx_options_failure;
         }

test/files/short.txt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzjCCArYCCQCoztOER4pOkzANBgkqhkiG9w0BAQsFADCBqDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxIDAeBgNV
+BAoMF0FtYXpvbiBXZWIgU2VydmljZXMgSW5jMRswGQYDVQQLDBJBV1MgU0RLcyBh
+bmQgVG9vbHMxEjAQBgNVBAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaGVu
+c29AYW1hem9uLmNvbTAeFw0xNzA5MDEwMjE2MThaFw00NTAxMTcwMjE2MThaMIGo
+MQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2Vh
+dHRsZTEgMB4GA1UECgwXQW1hem9uIFdlYiBTZXJ2aWNlcyBJbmMxGzAZBgNVBAsM
+EkFXUyBTREtzIGFuZCBUb29sczESMBAGA1UEAwwJbG9jYWxob3N0MR8wHQYJKoZI
+hvcNAQkBFhBoZW5zb0BhbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEA12pXSPgORAMlQtYRbxuz/Ocaoran3C2Fjyjhu0vucSEZSwxDJp75
+TBQEMafSpSEKAQLeDt7xuDRDYn52V4UE6cF+xTWhtzsf7mhN/lHaDPcvR2ASPAEk
+zkil8KCLY4e6tTxSwQ97splNuEZ099HoJYTTLFaReIfd1D3zZ1EYcSw8w+GZ2SxE
+UfYUSL2CFmIYSkQjnlsJCIpCoGgDiBAPbIUJO3KWBDX0JgGDbx3Wf3jXG/Y6T63L
+PsO+AS20RCvcEF0F/rlDINzI5EAHO1TOEd9fKOu+JAK06Pw1m77BgOrE7FtvIG7k
+YNVuOEPeInOHkOuqryDisB1PwiyPNIbqdQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
+AQDL3vA0QeYb+XE8pUm3lxwso4zf0lwYi8Fni23ThqlvTNrP0glaWNu28aa03F5r
+Jc80acRjySG8q/gqwMMLOE+xqLgTzAHLYDnX2BZdaeIJWdgQP/YrWACrnYlVJ4kZ
+fi3QiBU0b5OgQdwX0csr6NQ7fv5i9EiNdPf+Ll1gxQj0Q0AaJzb4+TUL4dHZV3L6
+RRRK5KpTI3I+5A3vLSYSgwlVT+qB4J6+Z7O9SZX8s0xnm569tECbRnDDYv3E90SU
+QMN6Rzsr2crUzQSMq2hQTnrpFvRX52Yw7Dkz4SgkP3Q4xzvITPgA8REgHd4eDgrz
+36J362qmeHxjl/+KLxv/Vr4b
+-----END CERTIFICATE-----

test/resources/unittests.crt

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC7jCCAdYCAQAwgagxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9u
+MRAwDgYDVQQHDAdTZWF0dGxlMSAwHgYDVQQKDBdBbWF6b24gV2ViIFNlcnZpY2Vz
+IEluYzEbMBkGA1UECwwSQVdTIFNES3MgYW5kIFRvb2xzMRIwEAYDVQQDDAlsb2Nh
+bGhvc3QxHzAdBgkqhkiG9w0BCQEWEGhlbnNvQGFtYXpvbi5jb20wggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXaldI+A5EAyVC1hFvG7P85xqitqfcLYWP
+KOG7S+5xIRlLDEMmnvlMFAQxp9KlIQoBAt4O3vG4NENifnZXhQTpwX7FNaG3Ox/u
+aE3+UdoM9y9HYBI8ASTOSKXwoItjh7q1PFLBD3uymU24RnT30eglhNMsVpF4h93U
+PfNnURhxLDzD4ZnZLERR9hRIvYIWYhhKRCOeWwkIikKgaAOIEA9shQk7cpYENfQm
+AYNvHdZ/eNcb9jpPrcs+w74BLbREK9wQXQX+uUMg3MjkQAc7VM4R318o674kArTo
+/DWbvsGA6sTsW28gbuRg1W44Q94ic4eQ66qvIOKwHU/CLI80hup1AgMBAAGgADAN
+BgkqhkiG9w0BAQsFAAOCAQEASvXJuyYUTu58xtT2kAE9J8OQdyfYvAiTskN7JNHq
+Y3Dcj1IsHfpsthbop5sgoXFYnPDBHQjd5c8KD8SgzSwjReeGQFUUsdG8uB6w2dhM
+Kbqiz/Ny0AD+HyuVN3PqavbGJqcIetabskAxX5TP943WYveaJcz8D7+6B97S2Vk5
+5o8oiOeNOPqn2UC8erHjkw1kf1Rl4wa2jbmcrUjvsM9DiekYdbpAr+3xgoRDj03J
+bvTv4p2RQyO8hHaRX0zlpidXyfOEAjMz6ZqhItE++pxSbZ0aNfzm/c12CsTqB4ZA
+nGgVk67n/vmEPtobZGhIZoDGBsh1HJyApNX+JEP/av56gg==
+-----END CERTIFICATE REQUEST-----

test/resources/unittests.csr

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA12pXSPgORAMlQtYRbxuz/Ocaoran3C2Fjyjhu0vucSEZSwxD
+Jp75TBQEMafSpSEKAQLeDt7xuDRDYn52V4UE6cF+xTWhtzsf7mhN/lHaDPcvR2AS
+PAEkzkil8KCLY4e6tTxSwQ97splNuEZ099HoJYTTLFaReIfd1D3zZ1EYcSw8w+GZ
+2SxEUfYUSL2CFmIYSkQjnlsJCIpCoGgDiBAPbIUJO3KWBDX0JgGDbx3Wf3jXG/Y6
+T63LPsO+AS20RCvcEF0F/rlDINzI5EAHO1TOEd9fKOu+JAK06Pw1m77BgOrE7Ftv
+IG7kYNVuOEPeInOHkOuqryDisB1PwiyPNIbqdQIDAQABAoIBAESQuI+lRQUo6ydG
+8+2lp7iL5tJ7yRov8x8KKC9xj8e6fU6B7K3SVA9/H4aeoFGnHoQL4ZpiJBY5rGkh
+T5Gz6UhuKmejFoI384Xy9UBJ1VnjI81YKvWmd4yhWxAoSbW4chlVxhFlWD4UxcQt
+yPVIftfSW1T1iQAQXu87eMod6eW7VWlyMKicYkBGB2ohI0hW8chx361z96QcpxhA
+yBAfnhxuTgKFYSRVfwYSOjHYPOvozmU7Wj0iURT+1MM4iO8YlBDuZEJArs3WAdIe
+pmCq6snzOAJ6Y9iE0EGti9QGiAo6na/nWAfVlRSMyS/C1GC0oM0MnpRKSLW0tvLV
+vtJG81ECgYEA7lzGpdlAKwWNKPc2YIbtUNomD/eOr7TzYedYxJ88SG52THjgE3Pu
+poF3wZFjdtlwx1u4nsxlVe50FBTCN5s2FV4/8YP980zis+HtUC5pWCO3Oy6+DjSj
+K9st+mGyzYjl3opVqcQZkHj1LPqNxBmvFpDgAtVZfdKSdyuzZpj8s5sCgYEA51rj
+EFa/ijILp1P5vKn8b3pIfQFSsUsX5NXTy31f/2UwVV491djMyNyhtaRcrXP9CYpq
+38o1xvUaxe2hlND/jiBjBHfsC13oUOVz8TrAzxDKAzbGLcOT2trgxMFbR8Ez+jur
+1yQbPnoKZrB7SopAkcVqZv4ks0LLu+BLfEFXYy8CgYEApN8xXDgoRVnCqQpN53iM
+n/c0iqjOXkTIb/jIksAdv3AAjaayP2JaOXul7RL2fJeshYiw684vbb/RNK6jJDlM
+sH0Pt6t3tZmB2bC1KFfh7+BMdjg/p63LC6PAasa3GanObh67YADPOfoghCsOcgzd
+6brt56fRDdHgE2P75ER/zm8CgYEArAxx6bepT3syIWiYww3itYBJofS26zP9++Zs
+T9rX5hT5IbMo5vwIJqO0+mDVrwQfu9Wc7vnwjhm+pEy4qfPW6Hn7SNppxnY6itZo
+J4/azOIeaM92B5h3Pv0gxBFK8YyjO8beXurx+79ENuOtfFxd8knOe/Mplcnpurjt
+SeVJuG8CgYBxEYouOM9UuZlblXQXfudTWWf+x5CEWxyJgKaktHEh3iees1gB7ZPb
+OewLa8AYVjqbNgS/r/aUFjpBbCov8ICxcy86SuGda10LDFX83sbyMm8XhktfyC3L
+54irVW5mNUDcA8s9+DloeTlUlJIr8J/RADC9rpqHLaZzcdvpIMhVsw==
+-----END RSA PRIVATE KEY-----

test/resources/unittests.key

@@ -12,7 +12,7 @@
 # permissions and limitations under the License.
 
 from __future__ import absolute_import
-from awscrt.io import ClientBootstrap, DefaultHostResolver, EventLoopGroup
+from awscrt.io import ClientBootstrap, ClientTlsContext, DefaultHostResolver, EventLoopGroup, TlsContextOptions
 from test import NativeResourceTest
 import unittest
 
@@ -42,5 +42,31 @@ def test_init(self):
         bootstrap = ClientBootstrap(event_loop_group, host_resolver)
 
 
+class ClientTlsContextTest(NativeResourceTest):
+    def test_init_defaults(self):
+        opt = TlsContextOptions()
+        ctx = ClientTlsContext(opt)
+
+    def test_with_mtls_from_path(self):
+        opt = TlsContextOptions.create_client_with_mtls_from_path(
+            'test/resources/unittests.crt', 'test/resources/unittests.key')
+        ctx = ClientTlsContext(opt)
+
+    def test_with_mtls_pkcs12(self):
+        opt = TlsContextOptions.create_client_with_mtls_pkcs12(
+            'test/resources/unittests.p12', '1234')
+        ctx = ClientTlsContext(opt)
+
+    def test_override_default_trust_store_dir(self):
+        opt = TlsContextOptions()
+        opt.override_default_trust_store_from_path('test/resources', None)
+        ctx = ClientTlsContext(opt)
+
+    def test_override_default_trust_store_file(self):
+        opt = TlsContextOptions()
+        opt.override_default_trust_store_from_path(None, 'test/resources/unittests.crt')
+        ctx = ClientTlsContext(opt)
+
+
 if __name__ == '__main__':
     unittest.main()