mirror of
https://github.com/tahoe-lafs/tahoe-lafs.git
synced 2024-12-19 13:07:56 +00:00
Merge pull request #1220 from tahoe-lafs/3902-listen-storage-http
Listen with storage HTTP protocol on same port as Foolscap Fixes ticket:3902
This commit is contained in:
commit
f56b43468b
@ -47,27 +47,27 @@ This can be considered to expand to "**N**\ ew URLs" or "Authe\ **N**\ ticating
|
||||
The anticipated use for a **NURL** will still be to establish a TLS connection to a peer.
|
||||
The protocol run over that TLS connection could be Foolscap though it is more likely to be an HTTP-based protocol (such as GBS).
|
||||
|
||||
Unlike fURLs, only a single net-loc is included, for consistency with other forms of URLs.
|
||||
As a result, multiple NURLs may be available for a single server.
|
||||
|
||||
Syntax
|
||||
------
|
||||
|
||||
The EBNF for a NURL is as follows::
|
||||
|
||||
nurl = scheme, hash, "@", net-loc-list, "/", swiss-number, [ version1 ]
|
||||
|
||||
scheme = "pb://"
|
||||
nurl = tcp-nurl | tor-nurl | i2p-nurl
|
||||
tcp-nurl = "pb://", hash, "@", tcp-loc, "/", swiss-number, [ version1 ]
|
||||
tor-nurl = "pb+tor://", hash, "@", tcp-loc, "/", swiss-number, [ version1 ]
|
||||
i2p-nurl = "pb+i2p://", hash, "@", i2p-loc, "/", swiss-number, [ version1 ]
|
||||
|
||||
hash = unreserved
|
||||
|
||||
net-loc-list = net-loc, [ { ",", net-loc } ]
|
||||
net-loc = tcp-loc | tor-loc | i2p-loc
|
||||
|
||||
tcp-loc = [ "tcp:" ], hostname, [ ":" port ]
|
||||
tor-loc = "tor:", hostname, [ ":" port ]
|
||||
i2p-loc = "i2p:", i2p-addr, [ ":" port ]
|
||||
|
||||
i2p-addr = { unreserved }, ".i2p"
|
||||
tcp-loc = hostname, [ ":" port ]
|
||||
hostname = domain | IPv4address | IPv6address
|
||||
|
||||
i2p-loc = i2p-addr, [ ":" port ]
|
||||
i2p-addr = { unreserved }, ".i2p"
|
||||
|
||||
swiss-number = segment
|
||||
|
||||
version1 = "#v=1"
|
||||
@ -87,11 +87,13 @@ These differences are separated into distinct versions.
|
||||
Version 0
|
||||
---------
|
||||
|
||||
A Foolscap fURL is considered the canonical definition of a version 0 NURL.
|
||||
In theory, a Foolscap fURL with a single netloc is considered the canonical definition of a version 0 NURL.
|
||||
Notably,
|
||||
the hash component is defined as the base32-encoded SHA1 hash of the DER form of an x509v3 certificate.
|
||||
A version 0 NURL is identified by the absence of the ``v=1`` fragment.
|
||||
|
||||
In practice, real world fURLs may have more than one netloc, so lack of version fragment will likely just involve dispatching the fURL to a different parser.
|
||||
|
||||
Examples
|
||||
~~~~~~~~
|
||||
|
||||
@ -119,7 +121,7 @@ The hash component of a version 1 NURL differs in three ways from the prior vers
|
||||
*all* certificate fields should be considered within the context of the relationship identified by the SPKI hash.
|
||||
|
||||
3. The hash is encoded using urlsafe-base64 (without padding) instead of base32.
|
||||
This provides a more compact representation and minimizes the usability impacts of switching from a 160 bit hash to a 224 bit hash.
|
||||
This provides a more compact representation and minimizes the usability impacts of switching from a 160 bit hash to a 256 bit hash.
|
||||
|
||||
A version 1 NURL is identified by the presence of the ``v=1`` fragment.
|
||||
Though the length of the hash string (38 bytes) could also be used to differentiate it from a version 0 NURL,
|
||||
|
1
newsfragments/3902.feature
Normal file
1
newsfragments/3902.feature
Normal file
@ -0,0 +1 @@
|
||||
The new HTTPS-based storage server is now enabled transparently on the same port as the Foolscap server. This will not have any user-facing impact until the HTTPS storage protocol is supported in clients as well.
|
@ -1,17 +1,9 @@
|
||||
"""
|
||||
Ported to Python 3.
|
||||
"""
|
||||
from __future__ import absolute_import
|
||||
from __future__ import division
|
||||
from __future__ import print_function
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from future.utils import PY2
|
||||
if PY2:
|
||||
from future.builtins import filter, map, zip, ascii, chr, hex, input, next, oct, open, pow, round, super, bytes, dict, list, object, range, max, min # noqa: F401
|
||||
# Don't use future str to prevent leaking future's newbytes into foolscap, which they break.
|
||||
from past.builtins import unicode as str
|
||||
from __future__ import annotations
|
||||
|
||||
from typing import Optional
|
||||
import os, stat, time, weakref
|
||||
from base64 import urlsafe_b64encode
|
||||
from functools import partial
|
||||
@ -591,6 +583,10 @@ def anonymous_storage_enabled(config):
|
||||
|
||||
@implementer(IStatsProducer)
|
||||
class _Client(node.Node, pollmixin.PollMixin):
|
||||
"""
|
||||
This class should be refactored; see
|
||||
https://tahoe-lafs.org/trac/tahoe-lafs/ticket/3931
|
||||
"""
|
||||
|
||||
STOREDIR = 'storage'
|
||||
NODETYPE = "client"
|
||||
@ -658,6 +654,14 @@ class _Client(node.Node, pollmixin.PollMixin):
|
||||
if webport:
|
||||
self.init_web(webport) # strports string
|
||||
|
||||
# TODO this may be the wrong location for now? but as temporary measure
|
||||
# it allows us to get NURLs for testing in test_istorageserver.py. This
|
||||
# will eventually get fixed one way or another in
|
||||
# https://tahoe-lafs.org/trac/tahoe-lafs/ticket/3901. See also
|
||||
# https://tahoe-lafs.org/trac/tahoe-lafs/ticket/3931 for the bigger
|
||||
# picture issue.
|
||||
self.storage_nurls : Optional[set] = None
|
||||
|
||||
def init_stats_provider(self):
|
||||
self.stats_provider = StatsProvider(self)
|
||||
self.stats_provider.setServiceParent(self)
|
||||
@ -818,6 +822,10 @@ class _Client(node.Node, pollmixin.PollMixin):
|
||||
if anonymous_storage_enabled(self.config):
|
||||
furl_file = self.config.get_private_path("storage.furl").encode(get_filesystem_encoding())
|
||||
furl = self.tub.registerReference(FoolscapStorageServer(ss), furlFile=furl_file)
|
||||
(_, _, swissnum) = decode_furl(furl)
|
||||
self.storage_nurls = self.tub.negotiationClass.add_storage_server(
|
||||
ss, swissnum.encode("ascii")
|
||||
)
|
||||
announcement["anonymous-storage-FURL"] = furl
|
||||
|
||||
enabled_storage_servers = self._enable_storage_servers(
|
||||
|
@ -55,6 +55,8 @@ from allmydata.util.yamlutil import (
|
||||
from . import (
|
||||
__full_version__,
|
||||
)
|
||||
from .protocol_switch import create_tub_with_https_support
|
||||
|
||||
|
||||
def _common_valid_config():
|
||||
return configutil.ValidConfiguration({
|
||||
@ -706,7 +708,10 @@ def create_tub(tub_options, default_connection_handlers, foolscap_connection_han
|
||||
:param dict tub_options: every key-value pair in here will be set in
|
||||
the new Tub via `Tub.setOption`
|
||||
"""
|
||||
tub = Tub(**kwargs)
|
||||
# We listen simulataneously for both Foolscap and HTTPS on the same port,
|
||||
# so we have to create a special Foolscap Tub for that to work:
|
||||
tub = create_tub_with_https_support(**kwargs)
|
||||
|
||||
for (name, value) in list(tub_options.items()):
|
||||
tub.setOption(name, value)
|
||||
handlers = default_connection_handlers.copy()
|
||||
|
210
src/allmydata/protocol_switch.py
Normal file
210
src/allmydata/protocol_switch.py
Normal file
@ -0,0 +1,210 @@
|
||||
"""
|
||||
Support for listening with both HTTPS and Foolscap on the same port.
|
||||
|
||||
The goal is to make the transition from Foolscap to HTTPS-based protocols as
|
||||
simple as possible, with no extra configuration needed. Listening on the same
|
||||
port means a user upgrading Tahoe-LAFS will automatically get HTTPS working
|
||||
with no additional changes.
|
||||
|
||||
Use ``create_tub_with_https_support()`` creates a new ``Tub`` that has its
|
||||
``negotiationClass`` modified to be a new subclass tied to that specific
|
||||
``Tub`` instance. Calling ``tub.negotiationClass.add_storage_server(...)``
|
||||
then adds relevant information for a storage server once it becomes available
|
||||
later in the configuration process.
|
||||
"""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
from itertools import chain
|
||||
|
||||
from twisted.internet.protocol import Protocol
|
||||
from twisted.internet.interfaces import IDelayedCall
|
||||
from twisted.internet.ssl import CertificateOptions
|
||||
from twisted.web.server import Site
|
||||
from twisted.protocols.tls import TLSMemoryBIOFactory
|
||||
from twisted.internet import reactor
|
||||
|
||||
from hyperlink import DecodedURL
|
||||
from foolscap.negotiate import Negotiation
|
||||
from foolscap.api import Tub
|
||||
|
||||
from .storage.http_server import HTTPServer, build_nurl
|
||||
from .storage.server import StorageServer
|
||||
|
||||
|
||||
class _PretendToBeNegotiation(type):
|
||||
"""
|
||||
Metaclass that allows ``_FoolscapOrHttps`` to pretend to be a
|
||||
``Negotiation`` instance, since Foolscap does some checks like
|
||||
``assert isinstance(protocol, tub.negotiationClass)`` in its internals,
|
||||
and sometimes that ``protocol`` is a ``_FoolscapOrHttps`` instance, but
|
||||
sometimes it's a ``Negotiation`` instance.
|
||||
"""
|
||||
|
||||
def __instancecheck__(self, instance):
|
||||
return issubclass(instance.__class__, self) or isinstance(instance, Negotiation)
|
||||
|
||||
|
||||
class _FoolscapOrHttps(Protocol, metaclass=_PretendToBeNegotiation):
|
||||
"""
|
||||
Based on initial query, decide whether we're talking Foolscap or HTTP.
|
||||
|
||||
Additionally, pretends to be a ``foolscap.negotiate.Negotiation`` instance,
|
||||
since these are created by Foolscap's ``Tub``, by setting this to be the
|
||||
tub's ``negotiationClass``.
|
||||
|
||||
Do not instantiate directly, use ``create_tub_with_https_support(...)``
|
||||
instead. The way this class works is that a new subclass is created for a
|
||||
specific ``Tub`` instance.
|
||||
"""
|
||||
|
||||
# These are class attributes; they will be set by
|
||||
# create_tub_with_https_support() and add_storage_server().
|
||||
|
||||
# The Twisted HTTPS protocol factory wrapping the storage server HTTP API:
|
||||
https_factory: TLSMemoryBIOFactory
|
||||
# The tub that created us:
|
||||
tub: Tub
|
||||
|
||||
@classmethod
|
||||
def add_storage_server(
|
||||
cls, storage_server: StorageServer, swissnum: bytes
|
||||
) -> set[DecodedURL]:
|
||||
"""
|
||||
Update a ``_FoolscapOrHttps`` subclass for a specific ``Tub`` instance
|
||||
with the class attributes it requires for a specific storage server.
|
||||
|
||||
Returns the resulting NURLs.
|
||||
"""
|
||||
# We need to be a subclass:
|
||||
assert cls != _FoolscapOrHttps
|
||||
# The tub instance must already be set:
|
||||
assert hasattr(cls, "tub")
|
||||
assert isinstance(cls.tub, Tub)
|
||||
|
||||
# Tub.myCertificate is a twisted.internet.ssl.PrivateCertificate
|
||||
# instance.
|
||||
certificate_options = CertificateOptions(
|
||||
privateKey=cls.tub.myCertificate.privateKey.original,
|
||||
certificate=cls.tub.myCertificate.original,
|
||||
)
|
||||
|
||||
http_storage_server = HTTPServer(storage_server, swissnum)
|
||||
cls.https_factory = TLSMemoryBIOFactory(
|
||||
certificate_options,
|
||||
False,
|
||||
Site(http_storage_server.get_resource()),
|
||||
)
|
||||
|
||||
storage_nurls = set()
|
||||
# Individual hints can be in the form
|
||||
# "tcp:host:port,tcp:host:port,tcp:host:port".
|
||||
for location_hint in chain.from_iterable(
|
||||
hints.split(",") for hints in cls.tub.locationHints
|
||||
):
|
||||
if location_hint.startswith("tcp:"):
|
||||
_, hostname, port = location_hint.split(":")
|
||||
port = int(port)
|
||||
storage_nurls.add(
|
||||
build_nurl(
|
||||
hostname,
|
||||
port,
|
||||
str(swissnum, "ascii"),
|
||||
cls.tub.myCertificate.original.to_cryptography(),
|
||||
)
|
||||
)
|
||||
# TODO this is probably where we'll have to support Tor and I2P?
|
||||
# See https://tahoe-lafs.org/trac/tahoe-lafs/ticket/3888#comment:9
|
||||
# for discussion (there will be separate tickets added for those at
|
||||
# some point.)
|
||||
return storage_nurls
|
||||
|
||||
def __init__(self, *args, **kwargs):
|
||||
self._foolscap: Negotiation = Negotiation(*args, **kwargs)
|
||||
|
||||
def __setattr__(self, name, value):
|
||||
if name in {"_foolscap", "_buffer", "transport", "__class__", "_timeout"}:
|
||||
object.__setattr__(self, name, value)
|
||||
else:
|
||||
setattr(self._foolscap, name, value)
|
||||
|
||||
def __getattr__(self, name):
|
||||
return getattr(self._foolscap, name)
|
||||
|
||||
def _convert_to_negotiation(self):
|
||||
"""
|
||||
Convert self to a ``Negotiation`` instance.
|
||||
"""
|
||||
self.__class__ = Negotiation # type: ignore
|
||||
self.__dict__ = self._foolscap.__dict__
|
||||
|
||||
def initClient(self, *args, **kwargs):
|
||||
# After creation, a Negotiation instance either has initClient() or
|
||||
# initServer() called. Since this is a client, we're never going to do
|
||||
# HTTP, so we can immediately become a Negotiation instance.
|
||||
assert not hasattr(self, "_buffer")
|
||||
self._convert_to_negotiation()
|
||||
return self.initClient(*args, **kwargs)
|
||||
|
||||
def connectionMade(self):
|
||||
self._buffer: bytes = b""
|
||||
self._timeout: IDelayedCall = reactor.callLater(
|
||||
30, self.transport.abortConnection
|
||||
)
|
||||
|
||||
def connectionLost(self, reason):
|
||||
if self._timeout.active():
|
||||
self._timeout.cancel()
|
||||
|
||||
def dataReceived(self, data: bytes) -> None:
|
||||
"""Handle incoming data.
|
||||
|
||||
Once we've decided which protocol we are, update self.__class__, at
|
||||
which point all methods will be called on the new class.
|
||||
"""
|
||||
self._buffer += data
|
||||
if len(self._buffer) < 8:
|
||||
return
|
||||
|
||||
# Check if it looks like a Foolscap request. If so, it can handle this
|
||||
# and later data, otherwise assume HTTPS.
|
||||
self._timeout.cancel()
|
||||
if self._buffer.startswith(b"GET /id/"):
|
||||
# We're a Foolscap Negotiation server protocol instance:
|
||||
transport = self.transport
|
||||
buf = self._buffer
|
||||
self._convert_to_negotiation()
|
||||
self.makeConnection(transport)
|
||||
self.dataReceived(buf)
|
||||
return
|
||||
else:
|
||||
# We're a HTTPS protocol instance, serving the storage protocol:
|
||||
assert self.transport is not None
|
||||
protocol = self.https_factory.buildProtocol(self.transport.getPeer())
|
||||
protocol.makeConnection(self.transport)
|
||||
protocol.dataReceived(self._buffer)
|
||||
|
||||
# Update the factory so it knows we're transforming to a new
|
||||
# protocol object (we'll do that next)
|
||||
value = self.https_factory.protocols.pop(protocol)
|
||||
self.https_factory.protocols[self] = value
|
||||
|
||||
# Transform self into the TLS protocol 🪄
|
||||
self.__class__ = protocol.__class__
|
||||
self.__dict__ = protocol.__dict__
|
||||
|
||||
|
||||
def create_tub_with_https_support(**kwargs) -> Tub:
|
||||
"""
|
||||
Create a new Tub that also supports HTTPS.
|
||||
|
||||
This involves creating a new protocol switch class for the specific ``Tub``
|
||||
instance.
|
||||
"""
|
||||
the_tub = Tub(**kwargs)
|
||||
|
||||
class FoolscapOrHttpForTub(_FoolscapOrHttps):
|
||||
tub = the_tub
|
||||
|
||||
the_tub.negotiationClass = FoolscapOrHttpForTub # type: ignore
|
||||
return the_tub
|
@ -4,12 +4,13 @@ HTTP server for storage.
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
from typing import Dict, List, Set, Tuple, Any, Callable, Union
|
||||
from typing import Dict, List, Set, Tuple, Any, Callable, Union, cast
|
||||
from functools import wraps
|
||||
from base64 import b64decode
|
||||
import binascii
|
||||
from tempfile import TemporaryFile
|
||||
|
||||
from cryptography.x509 import Certificate as CryptoCertificate
|
||||
from zope.interface import implementer
|
||||
from klein import Klein
|
||||
from twisted.web import http
|
||||
@ -18,6 +19,7 @@ from twisted.internet.interfaces import (
|
||||
IStreamServerEndpoint,
|
||||
IPullProducer,
|
||||
)
|
||||
from twisted.internet.address import IPv4Address, IPv6Address
|
||||
from twisted.internet.defer import Deferred
|
||||
from twisted.internet.ssl import CertificateOptions, Certificate, PrivateCertificate
|
||||
from twisted.web.server import Site, Request
|
||||
@ -193,7 +195,12 @@ class UploadsInProgress(object):
|
||||
|
||||
def remove_write_bucket(self, bucket: BucketWriter):
|
||||
"""Stop tracking the given ``BucketWriter``."""
|
||||
storage_index, share_number = self._bucketwriters.pop(bucket)
|
||||
try:
|
||||
storage_index, share_number = self._bucketwriters.pop(bucket)
|
||||
except KeyError:
|
||||
# This is probably a BucketWriter created by Foolscap, so just
|
||||
# ignore it.
|
||||
return
|
||||
uploads_index = self._uploads[storage_index]
|
||||
uploads_index.shares.pop(share_number)
|
||||
uploads_index.upload_secrets.pop(share_number)
|
||||
@ -862,6 +869,29 @@ class _TLSEndpointWrapper(object):
|
||||
)
|
||||
|
||||
|
||||
def build_nurl(
|
||||
hostname: str, port: int, swissnum: str, certificate: CryptoCertificate
|
||||
) -> DecodedURL:
|
||||
"""
|
||||
Construct a HTTPS NURL, given the hostname, port, server swissnum, and x509
|
||||
certificate for the server. Clients can then connect to the server using
|
||||
this NURL.
|
||||
"""
|
||||
return DecodedURL().replace(
|
||||
fragment="v=1", # how we know this NURL is HTTP-based (i.e. not Foolscap)
|
||||
host=hostname,
|
||||
port=port,
|
||||
path=(swissnum,),
|
||||
userinfo=(
|
||||
str(
|
||||
get_spki_hash(certificate),
|
||||
"ascii",
|
||||
),
|
||||
),
|
||||
scheme="pb",
|
||||
)
|
||||
|
||||
|
||||
def listen_tls(
|
||||
server: HTTPServer,
|
||||
hostname: str,
|
||||
@ -881,22 +911,15 @@ def listen_tls(
|
||||
"""
|
||||
endpoint = _TLSEndpointWrapper.from_paths(endpoint, private_key_path, cert_path)
|
||||
|
||||
def build_nurl(listening_port: IListeningPort) -> DecodedURL:
|
||||
nurl = DecodedURL().replace(
|
||||
fragment="v=1", # how we know this NURL is HTTP-based (i.e. not Foolscap)
|
||||
host=hostname,
|
||||
port=listening_port.getHost().port,
|
||||
path=(str(server._swissnum, "ascii"),),
|
||||
userinfo=(
|
||||
str(
|
||||
get_spki_hash(load_pem_x509_certificate(cert_path.getContent())),
|
||||
"ascii",
|
||||
),
|
||||
),
|
||||
scheme="pb",
|
||||
def get_nurl(listening_port: IListeningPort) -> DecodedURL:
|
||||
address = cast(Union[IPv4Address, IPv6Address], listening_port.getHost())
|
||||
return build_nurl(
|
||||
hostname,
|
||||
address.port,
|
||||
str(server._swissnum, "ascii"),
|
||||
load_pem_x509_certificate(cert_path.getContent()),
|
||||
)
|
||||
return nurl
|
||||
|
||||
return endpoint.listen(Site(server.get_resource())).addCallback(
|
||||
lambda listening_port: (build_nurl(listening_port), listening_port)
|
||||
lambda listening_port: (get_nurl(listening_port), listening_port)
|
||||
)
|
||||
|
@ -18,21 +18,14 @@ from unittest import SkipTest
|
||||
from twisted.internet.defer import inlineCallbacks, returnValue, succeed
|
||||
from twisted.internet.task import Clock
|
||||
from twisted.internet import reactor
|
||||
from twisted.internet.endpoints import serverFromString
|
||||
from twisted.python.filepath import FilePath
|
||||
from foolscap.api import Referenceable, RemoteException
|
||||
|
||||
from allmydata.interfaces import IStorageServer # really, IStorageClient
|
||||
# A better name for this would be IStorageClient...
|
||||
from allmydata.interfaces import IStorageServer
|
||||
|
||||
from .common_system import SystemTestMixin
|
||||
from .common import AsyncTestCase, SameProcessStreamEndpointAssigner
|
||||
from .certs import (
|
||||
generate_certificate,
|
||||
generate_private_key,
|
||||
private_key_to_file,
|
||||
cert_to_file,
|
||||
)
|
||||
from .common import AsyncTestCase
|
||||
from allmydata.storage.server import StorageServer # not a IStorageServer!!
|
||||
from allmydata.storage.http_server import HTTPServer, listen_tls
|
||||
from allmydata.storage.http_client import StorageClient
|
||||
from allmydata.storage_client import _HTTPStorageServer
|
||||
|
||||
@ -1084,40 +1077,17 @@ class _FoolscapMixin(_SharedMixin):
|
||||
class _HTTPMixin(_SharedMixin):
|
||||
"""Run tests on the HTTP version of ``IStorageServer``."""
|
||||
|
||||
def setUp(self):
|
||||
self._port_assigner = SameProcessStreamEndpointAssigner()
|
||||
self._port_assigner.setUp()
|
||||
self.addCleanup(self._port_assigner.tearDown)
|
||||
return _SharedMixin.setUp(self)
|
||||
|
||||
@inlineCallbacks
|
||||
def _get_istorage_server(self):
|
||||
swissnum = b"1234"
|
||||
http_storage_server = HTTPServer(self.server, swissnum)
|
||||
|
||||
# Listen on randomly assigned port, using self-signed cert:
|
||||
private_key = generate_private_key()
|
||||
certificate = generate_certificate(private_key)
|
||||
_, endpoint_string = self._port_assigner.assign(reactor)
|
||||
nurl, listening_port = yield listen_tls(
|
||||
http_storage_server,
|
||||
"127.0.0.1",
|
||||
serverFromString(reactor, endpoint_string),
|
||||
private_key_to_file(FilePath(self.mktemp()), private_key),
|
||||
cert_to_file(FilePath(self.mktemp()), certificate),
|
||||
)
|
||||
self.addCleanup(listening_port.stopListening)
|
||||
nurl = list(self.clients[0].storage_nurls)[0]
|
||||
|
||||
# Create HTTP client with non-persistent connections, so we don't leak
|
||||
# state across tests:
|
||||
returnValue(
|
||||
_HTTPStorageServer.from_http_client(
|
||||
StorageClient.from_nurl(nurl, reactor, persistent=False)
|
||||
)
|
||||
client: IStorageServer = _HTTPStorageServer.from_http_client(
|
||||
StorageClient.from_nurl(nurl, reactor, persistent=False)
|
||||
)
|
||||
self.assertTrue(IStorageServer.providedBy(client))
|
||||
|
||||
# Eventually should also:
|
||||
# self.assertTrue(IStorageServer.providedBy(client))
|
||||
return succeed(client)
|
||||
|
||||
|
||||
class FoolscapSharedAPIsTests(
|
||||
|
43
src/allmydata/test/test_protocol_switch.py
Normal file
43
src/allmydata/test/test_protocol_switch.py
Normal file
@ -0,0 +1,43 @@
|
||||
"""
|
||||
Unit tests for ``allmydata.protocol_switch``.
|
||||
|
||||
By its nature, most of the testing needs to be end-to-end; essentially any test
|
||||
that uses real Foolscap (``test_system.py``, integration tests) ensures
|
||||
Foolscap still works. ``test_istorageserver.py`` tests the HTTP support.
|
||||
"""
|
||||
|
||||
from foolscap.negotiate import Negotiation
|
||||
|
||||
from .common import TestCase
|
||||
from ..protocol_switch import _PretendToBeNegotiation
|
||||
|
||||
|
||||
class UtilityTests(TestCase):
|
||||
"""Tests for utilities in the protocol switch code."""
|
||||
|
||||
def test_metaclass(self):
|
||||
"""
|
||||
A class that has the ``_PretendToBeNegotiation`` metaclass will support
|
||||
``isinstance()``'s normal semantics on its own instances, but will also
|
||||
indicate that ``Negotiation`` instances are its instances.
|
||||
"""
|
||||
|
||||
class Parent(metaclass=_PretendToBeNegotiation):
|
||||
pass
|
||||
|
||||
class Child(Parent):
|
||||
pass
|
||||
|
||||
class Other:
|
||||
pass
|
||||
|
||||
p = Parent()
|
||||
self.assertIsInstance(p, Parent)
|
||||
self.assertIsInstance(Negotiation(), Parent)
|
||||
self.assertNotIsInstance(Other(), Parent)
|
||||
|
||||
c = Child()
|
||||
self.assertIsInstance(c, Child)
|
||||
self.assertIsInstance(c, Parent)
|
||||
self.assertIsInstance(Negotiation(), Child)
|
||||
self.assertNotIsInstance(Other(), Child)
|
@ -198,6 +198,10 @@ class PinningHTTPSValidation(AsyncTestCase):
|
||||
response = await self.request(url, certificate)
|
||||
self.assertEqual(await response.content(), b"YOYODYNE")
|
||||
|
||||
# We keep getting TLSMemoryBIOProtocol being left around, so try harder
|
||||
# to wait for it to finish.
|
||||
await deferLater(reactor, 0.001)
|
||||
|
||||
# A potential attack to test is a private key that doesn't match the
|
||||
# certificate... but OpenSSL (quite rightly) won't let you listen with that
|
||||
# so I don't know how to test that! See
|
||||
|
Loading…
Reference in New Issue
Block a user