From 1835ec35c3c54365f9349d4a253a16fb2f08a1e2 Mon Sep 17 00:00:00 2001
From: Katarina Bulkova <kbulkova@redhat.com>
Date: Fri, 30 Apr 2021 10:42:42 +0200
Subject: [PATCH] [WIP] Test for dock-pulp with invalid user certificate

If user provides invalid certificate, dock-pulp fails with traceback.
OpenSSL is not required by dockpulp per se, however one of its dependecies
uses OpenSSL (if installed).
This change fixes this behaviour and adds tests for such scenario.

Signed-off-by: Katarina Bulkova <kbulkova@redhat.com>
---
 dockpulp/__init__.py        |  3 ++-
 tests/requirements.txt      |  1 +
 tests/test_pulp_instance.py | 38 +++++++++++++++++++++++++++++++------
 3 files changed, 35 insertions(+), 7 deletions(-)

diff --git a/dockpulp/__init__.py b/dockpulp/__init__.py
index 0904fa8..c687b5a 100644
--- a/dockpulp/__init__.py
+++ b/dockpulp/__init__.py
@@ -41,6 +41,7 @@
 from six.moves.urllib.parse import urlparse
 from requests.adapters import HTTPAdapter
 from requests.packages.urllib3.util.retry import Retry
+from OpenSSL.SSL import Error as OpenSSLError
 from operator import itemgetter
 import multiprocessing
 
@@ -158,7 +159,7 @@ def __call__(self, meth, api, **kwargs):
                     warnings.simplefilter("ignore")
                 answer = c(url, **kwargs)
 
-        except requests.exceptions.SSLError:
+        except (OpenSSLError, requests.exceptions.SSLError):
             if not self.verify:
                 raise errors.DockPulpLoginError(
                     'Expired or bad certificate, please re-login')
diff --git a/tests/requirements.txt b/tests/requirements.txt
index 8ef2ae3..5a78709 100644
--- a/tests/requirements.txt
+++ b/tests/requirements.txt
@@ -5,3 +5,4 @@ responses
 requests
 flexmock
 simplejson
+pyOpenSSL
diff --git a/tests/test_pulp_instance.py b/tests/test_pulp_instance.py
index ff1c599..d864bff 100755
--- a/tests/test_pulp_instance.py
+++ b/tests/test_pulp_instance.py
@@ -1,20 +1,24 @@
 #!/usr/bin/python
 # -*- coding: utf-8 -*-
 
-from copy import deepcopy
-from datetime import datetime
-from dockpulp import Pulp, Crane, RequestsHttpCaller, errors, log
-import pytest
 import hashlib
 import json
-import requests
-import tarfile
 import logging
 import subprocess
+import tarfile
+from copy import deepcopy
+from datetime import datetime
 from tempfile import NamedTemporaryFile
 from textwrap import dedent
+
+import pytest
+import requests
+from OpenSSL.SSL import Error as OpenSSLError
 from flexmock import flexmock
 from requests.packages.urllib3.util import Retry
+
+from dockpulp import Pulp, Crane, RequestsHttpCaller, errors, log
+
 log.setLevel(logging.CRITICAL)
 
 
@@ -310,6 +314,28 @@ def test_set_certs(self, pulp, cert, key):
         assert pulp.certificate == cert
         assert pulp.key == key
 
+    @pytest.mark.parametrize('tid, url', [
+        ('111', '/pulp/api/v2/tasks/111/')])
+    def test_invalid_cert(self, pulp, tid, url):
+        flexmock(requests.Session)
+        (requests.Session.should_receive('get').once().and_raise(OpenSSLError))
+        with pytest.raises(errors.DockPulpLoginError):
+            pulp.getTask(tid)
+
+    @pytest.mark.parametrize('tid, url', [
+        ('111', '/pulp/api/v2/tasks/111/')
+    ])
+    def test_always_valid_cert(self, pulp, tid, url):
+        class Answer:
+            def __init__(self):
+                self.ok = True
+                self.json = (lambda: None)
+                self.status_code = 200
+
+        flexmock(requests.Session)
+        (requests.Session.should_receive('get').once().and_return(Answer()))
+        pulp.getTask(tid)
+
     @pytest.mark.parametrize('tid, url', [
         ('111', '/pulp/api/v2/tasks/111/')
     ])