diff --git a/MANIFEST.in b/MANIFEST.in
index 12c4cc72f66ed0d114ad36421a2ea707d4fdf4b7..52ce78136f9227cd6ef40ed787dadeb1d83b88c7 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -1,4 +1,6 @@
recursive-include python2 *.py *.txt
recursive-include python3 *.py *.txt
+graft test
+graft tests
include python2/httplib2/test/*.txt
include requirements*.txt
diff --git a/PKG-INFO b/PKG-INFO
index 91c95b4fb7e870923ee9bea284583d8d52ab6414..d4feabef7dceb9b1319ea14705f9a6d6396150ef 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: httplib2
-Version: 0.14.0
+Version: 0.17.4
Summary: A comprehensive HTTP client library.
Home-page: https://github.com/httplib2/httplib2
Author: Joe Gregorio
diff --git a/debian/changelog b/debian/changelog
index de1a4659e7270ab1df5b5362c1e80bc94f6109ca..d545a031e29688bbdbd86781e55be624d3b2a44d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+python-httplib2 (0.17.4-1) UNRELEASED; urgency=medium
+
+ * Bump version to 0.17.4
+ * Use upstream's new test suite in tests/ & test/
+ - python3/httplib2test.py is deprecated
+ * Refresh d/p/0001-Use-system-ca-certificates-not-the-bundled-ones.patch
+ * Drop d/p/0002-Fix-debug-in-HTTPSConnectionWithTimeout.connect.patch
+ - Fixed upstream
+ * Add d/p/skip-ca-md-too-weak-ssl-tests.patch
+ - Skip some tests, which fail because of CA_MD_TOO_WEAK ssl error with
+ newer OpenSSL version
+
+ -- Lukas Märdian <lukas.maerdian@canonical.com> Wed, 20 May 2020 09:24:13 +0200
+
python-httplib2 (0.14.0-3) unstable; urgency=medium
* Team upload.
diff --git a/debian/patches/0001-Use-system-ca-certificates-not-the-bundled-ones.patch b/debian/patches/0001-Use-system-ca-certificates-not-the-bundled-ones.patch
index 1d2f839997a3bf9a8e713dd15c0fb914433ea7eb..06259e21a340128e7e80948215b72153c4c3c167 100644
--- a/debian/patches/0001-Use-system-ca-certificates-not-the-bundled-ones.patch
+++ b/debian/patches/0001-Use-system-ca-certificates-not-the-bundled-ones.patch
@@ -10,11 +10,9 @@ Bug-Ubuntu: https://launchpad.net/bugs/882027
setup.py | 1 -
3 files changed, 4 insertions(+), 5 deletions(-)
-diff --git a/python2/httplib2/__init__.py b/python2/httplib2/__init__.py
-index 98228e3..d64493b 100644
--- a/python2/httplib2/__init__.py
+++ b/python2/httplib2/__init__.py
-@@ -269,8 +269,8 @@ class NotRunningAppEngineEnvironment(HttpLib2Error):
+@@ -276,8 +276,8 @@ class NotRunningAppEngineEnvironment(Htt
# requesting that URI again.
DEFAULT_MAX_REDIRECTS = 5
@@ -25,13 +23,11 @@ index 98228e3..d64493b 100644
# Which headers are hop-by-hop headers by default
HOP_BY_HOP = [
-diff --git a/python3/httplib2/__init__.py b/python3/httplib2/__init__.py
-index 4312f30..35605e5 100644
--- a/python3/httplib2/__init__.py
+++ b/python3/httplib2/__init__.py
-@@ -161,8 +161,8 @@ HOP_BY_HOP = [
- "upgrade",
- ]
+@@ -168,8 +168,8 @@ SAFE_METHODS = ("GET", "HEAD", "OPTIONS"
+ REDIRECT_CODES = frozenset((300, 301, 302, 303, 307, 308))
+
-from httplib2 import certs
-CA_CERTS = certs.where()
@@ -40,11 +36,9 @@ index 4312f30..35605e5 100644
# PROTOCOL_TLS is python 3.5.3+. PROTOCOL_SSLv23 is deprecated.
# Both PROTOCOL_TLS and PROTOCOL_SSLv23 are equivalent and means:
-diff --git a/setup.py b/setup.py
-index db1db61..144c6f7 100755
--- a/setup.py
+++ b/setup.py
-@@ -84,7 +84,6 @@ A comprehensive HTTP client library, ``httplib2`` supports many features left ou
+@@ -84,7 +84,6 @@ A comprehensive HTTP client library, ``h
""",
package_dir=pkgdir,
packages=["httplib2"],
diff --git a/debian/patches/0002-Fix-debug-in-HTTPSConnectionWithTimeout.connect.patch b/debian/patches/0002-Fix-debug-in-HTTPSConnectionWithTimeout.connect.patch
deleted file mode 100644
index 756021f29b245bf39a5e00e68ace8d05ec11b8f4..0000000000000000000000000000000000000000
--- a/debian/patches/0002-Fix-debug-in-HTTPSConnectionWithTimeout.connect.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Colin Watson <cjwatson@debian.org>
-Date: Sat, 11 Apr 2020 00:00:47 +0100
-Subject: Fix debug in HTTPSConnectionWithTimeout.connect
-
-There was one more layer of parentheses than there should have been.
-
-Fixes #161.
-
-Origin: upstream, https://github.com/httplib2/httplib2/commit/59586b5f0ccfa9d570d8c7d908d00d34cf1f3c89
-Bug: https://github.com/httplib2/httplib2/issues/161
----
- python3/httplib2/__init__.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/python3/httplib2/__init__.py b/python3/httplib2/__init__.py
-index 35605e5..05574ee 100644
---- a/python3/httplib2/__init__.py
-+++ b/python3/httplib2/__init__.py
-@@ -1351,7 +1351,7 @@ class HTTPSConnectionWithTimeout(http.client.HTTPSConnection):
- except socket.error as e:
- socket_err = e
- if self.debuglevel > 0:
-- print("connect fail: ({0}, {1})".format((self.host, self.port)))
-+ print("connect fail: ({0}, {1})".format(self.host, self.port))
- if use_proxy:
- print(
- "proxy: {0}".format(
diff --git a/debian/patches/series b/debian/patches/series
index 08a6027b0ea0be8fd854854f7d785b94ec95b712..ffbd53d0199483f04209de1b416cbc6085e77ac6 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,2 @@
0001-Use-system-ca-certificates-not-the-bundled-ones.patch
-0002-Fix-debug-in-HTTPSConnectionWithTimeout.connect.patch
+skip-ca-md-too-weak-ssl-tests.patch
diff --git a/debian/patches/skip-ca-md-too-weak-ssl-tests.patch b/debian/patches/skip-ca-md-too-weak-ssl-tests.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c066731715cc3f43f4a0a9a0d3134541dca813aa
--- /dev/null
+++ b/debian/patches/skip-ca-md-too-weak-ssl-tests.patch
@@ -0,0 +1,108 @@
+diff --git a/tests/test_https.py b/tests/test_https.py
+index 39d7d59..530320f 100644
+--- a/tests/test_https.py
++++ b/tests/test_https.py
+@@ -6,6 +6,7 @@ import ssl
+ import tests
+
+
++@pytest.mark.skip(reason="FIXME: ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3991)")
+ def test_get_via_https():
+ # Test that we can handle HTTPS
+ http = httplib2.Http(ca_certs=tests.CA_CERTS)
+@@ -14,6 +15,7 @@ def test_get_via_https():
+ assert response.status == 200
+
+
++@pytest.mark.skip(reason="FIXME: ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3991)")
+ def test_get_301_via_https():
+ http = httplib2.Http(ca_certs=tests.CA_CERTS)
+ glocation = [""] # nonlocal kind of trick, maybe redundant
+@@ -32,6 +34,7 @@ def test_get_301_via_https():
+ assert response.previous["location"] == glocation[0]
+
+
++@pytest.mark.skip(reason="FIXME: ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3991)")
+ def test_get_301_via_https_spec_violation_on_location():
+ # Test that we follow redirects through HTTPS
+ # even if they violate the spec by including
+@@ -50,6 +53,7 @@ def test_get_301_via_https_spec_violation_on_location():
+ assert response.previous.status == 301
+
+
++@pytest.mark.skip(reason="FIXME: ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3991)")
+ def test_invalid_ca_certs_path():
+ http = httplib2.Http(ca_certs="/nosuchfile")
+ with tests.server_const_http(request_count=0, tls=True) as uri:
+@@ -57,6 +61,7 @@ def test_invalid_ca_certs_path():
+ http.request(uri, "GET")
+
+
++@pytest.mark.skip(reason="FIXME: ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3991)")
+ def test_not_trusted_ca():
+ # Test that we get a SSLHandshakeError if we try to access
+ # server using a CA cert file that doesn't contain server's CA.
+@@ -106,10 +111,7 @@ def test_set_max_tls_version():
+ assert expect_success
+
+
+-@pytest.mark.skipif(
+- not hasattr(tests.ssl_context(), "minimum_version"),
+- reason="ssl doesn't support TLS min/max",
+-)
++@pytest.mark.skip(reason="FIXME: ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3991)")
+ def test_min_tls_version():
+ def setup_tls(context, server, skip_errors):
+ skip_errors.append("WRONG_VERSION_NUMBER")
+@@ -126,10 +128,7 @@ def test_min_tls_version():
+ assert e.reason in ("UNSUPPORTED_PROTOCOL", "VERSION_TOO_LOW")
+
+
+-@pytest.mark.skipif(
+- not hasattr(tests.ssl_context(), "maximum_version"),
+- reason="ssl doesn't support TLS min/max",
+-)
++@pytest.mark.skip(reason="FIXME: ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3991)")
+ def test_max_tls_version():
+ http = httplib2.Http(ca_certs=tests.CA_CERTS, tls_maximum_version="TLSv1")
+ with tests.server_const_http(tls=True) as uri:
+@@ -138,6 +137,7 @@ def test_max_tls_version():
+ assert tls_ver == "TLSv1.0"
+
+
++@pytest.mark.skip(reason="FIXME: ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3991)")
+ def test_client_cert_verified():
+ cert_log = []
+
+@@ -161,6 +161,7 @@ def test_client_cert_verified():
+ assert cert_log[0]["serialNumber"] == "E2AA6A96D1BF1AEC"
+
+
++@pytest.mark.skip(reason="FIXME: ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3991)")
+ def test_client_cert_password_verified():
+ cert_log = []
+
+@@ -185,10 +186,7 @@ def test_client_cert_password_verified():
+ assert cert_log[0]["serialNumber"] == "E2AA6A96D1BF1AED"
+
+
+-@pytest.mark.skipif(
+- not hasattr(tests.ssl_context(), "set_servername_callback"),
+- reason="SSLContext.set_servername_callback is not available",
+-)
++@pytest.mark.skip(reason="FIXME: ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3991)")
+ def test_sni_set_servername_callback():
+ sni_log = []
+
+diff --git a/tests/test_proxy.py b/tests/test_proxy.py
+index edafe01..6f7494d 100644
+--- a/tests/test_proxy.py
++++ b/tests/test_proxy.py
+@@ -191,6 +191,7 @@ def test_functional_noproxy_star_http(monkeypatch):
+ assert response.status == 200
+
+
++@pytest.mark.skip(reason="FIXME: ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:3991)")
+ def test_functional_noproxy_star_https(monkeypatch):
+ def handler(request):
+ if request.method == "CONNECT":
diff --git a/debian/source/include-binaries b/debian/source/include-binaries
new file mode 100644
index 0000000000000000000000000000000000000000..92e2c610c4de148ffed0f93b29d2a3160d87160c
--- /dev/null
+++ b/debian/source/include-binaries
@@ -0,0 +1,2 @@
+test/deflate/deflated-content
+test/deflate/deflated.asis
diff --git a/debian/tests/control b/debian/tests/control
index e42300e618ec5aa7d9d3196cf4d211e09d1c7c28..52166067dc6c44b707697811361c86a044524694 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -1,2 +1,7 @@
-Test-Command: python3 python3/httplib2test.py --verbose
+Test-Command: pytest-3 tests/
+Depends: @,
+ python3-pytest,
+ python3-pytest-cov,
+ python3-pytest-timeout,
+ python3-mock,
Restrictions: allow-stderr
diff --git a/python2/httplib2/__init__.py b/python2/httplib2/__init__.py
index 98228e3b2e9461be3bdda483d4b147f555990018..97e06c1ad4d2229137251466bcd2a7066142e42b 100644
--- a/python2/httplib2/__init__.py
+++ b/python2/httplib2/__init__.py
@@ -19,7 +19,7 @@ __contributors__ = [
"Alex Yu",
]
__license__ = "MIT"
-__version__ = '0.14.0'
+__version__ = '0.17.4'
import base64
import calendar
@@ -76,7 +76,7 @@ if ssl is not None:
def _ssl_wrap_socket(
- sock, key_file, cert_file, disable_validation, ca_certs, ssl_version, hostname
+ sock, key_file, cert_file, disable_validation, ca_certs, ssl_version, hostname, key_password
):
if disable_validation:
cert_reqs = ssl.CERT_NONE
@@ -90,11 +90,16 @@ def _ssl_wrap_socket(
context.verify_mode = cert_reqs
context.check_hostname = cert_reqs != ssl.CERT_NONE
if cert_file:
- context.load_cert_chain(cert_file, key_file)
+ if key_password:
+ context.load_cert_chain(cert_file, key_file, key_password)
+ else:
+ context.load_cert_chain(cert_file, key_file)
if ca_certs:
context.load_verify_locations(ca_certs)
return context.wrap_socket(sock, server_hostname=hostname)
else:
+ if key_password:
+ raise NotSupportedOnThisPlatform("Certificate with password is not supported.")
return ssl.wrap_socket(
sock,
keyfile=key_file,
@@ -106,7 +111,7 @@ def _ssl_wrap_socket(
def _ssl_wrap_socket_unsupported(
- sock, key_file, cert_file, disable_validation, ca_certs, ssl_version, hostname
+ sock, key_file, cert_file, disable_validation, ca_certs, ssl_version, hostname, key_password
):
if not disable_validation:
raise CertificateValidationUnsupported(
@@ -114,6 +119,8 @@ def _ssl_wrap_socket_unsupported(
"the ssl module installed. To avoid this error, install "
"the ssl module, or explicity disable validation."
)
+ if key_password:
+ raise NotSupportedOnThisPlatform("Certificate with password is not supported.")
ssl_sock = socket.ssl(sock, key_file, cert_file)
return httplib.FakeSocket(sock, ssl_sock)
@@ -122,7 +129,7 @@ if ssl is None:
_ssl_wrap_socket = _ssl_wrap_socket_unsupported
if sys.version_info >= (2, 3):
- from iri2uri import iri2uri
+ from .iri2uri import iri2uri
else:
def iri2uri(uri):
@@ -284,6 +291,12 @@ HOP_BY_HOP = [
"upgrade",
]
+# https://tools.ietf.org/html/rfc7231#section-8.1.3
+SAFE_METHODS = ("GET", "HEAD") # TODO add "OPTIONS", "TRACE"
+
+# To change, assign to `Http().redirect_codes`
+REDIRECT_CODES = frozenset((300, 301, 302, 303, 307, 308))
+
def _get_end2end_headers(response):
hopbyhop = list(HOP_BY_HOP)
@@ -978,8 +991,13 @@ class Credentials(object):
class KeyCerts(Credentials):
"""Identical to Credentials except that
name/password are mapped to key/cert."""
+ def add(self, key, cert, domain, password):
+ self.credentials.append((domain.lower(), key, cert, password))
- pass
+ def iter(self, domain):
+ for (cdomain, key, cert, password) in self.credentials:
+ if cdomain == "" or domain == cdomain:
+ yield (key, cert, password)
class AllHosts(object):
@@ -1150,7 +1168,6 @@ class HTTPConnectionWithTimeout(httplib.HTTPConnection):
raise ProxiesUnavailableError(
"Proxy support missing but proxy use was requested!"
)
- msg = "getaddrinfo returns an empty list"
if self.proxy_info and self.proxy_info.isgood():
use_proxy = True
proxy_type, proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass, proxy_headers = (
@@ -1165,6 +1182,8 @@ class HTTPConnectionWithTimeout(httplib.HTTPConnection):
host = self.host
port = self.port
+ socket_err = None
+
for res in socket.getaddrinfo(host, port, 0, socket.SOCK_STREAM):
af, socktype, proto, canonname, sa = res
try:
@@ -1206,7 +1225,8 @@ class HTTPConnectionWithTimeout(httplib.HTTPConnection):
self.sock.connect((self.host, self.port) + sa[2:])
else:
self.sock.connect(sa)
- except socket.error as msg:
+ except socket.error as e:
+ socket_err = e
if self.debuglevel > 0:
print("connect fail: (%s, %s)" % (self.host, self.port))
if use_proxy:
@@ -1229,7 +1249,7 @@ class HTTPConnectionWithTimeout(httplib.HTTPConnection):
continue
break
if not self.sock:
- raise socket.error(msg)
+ raise socket_err or socket.error("getaddrinfo returns an empty list")
class HTTPSConnectionWithTimeout(httplib.HTTPSConnection):
@@ -1253,10 +1273,19 @@ class HTTPSConnectionWithTimeout(httplib.HTTPSConnection):
ca_certs=None,
disable_ssl_certificate_validation=False,
ssl_version=None,
+ key_password=None,
):
- httplib.HTTPSConnection.__init__(
- self, host, port=port, key_file=key_file, cert_file=cert_file, strict=strict
- )
+ if key_password:
+ httplib.HTTPSConnection.__init__(self, host, port=port, strict=strict)
+ self._context.load_cert_chain(cert_file, key_file, key_password)
+ self.key_file = key_file
+ self.cert_file = cert_file
+ self.key_password = key_password
+ else:
+ httplib.HTTPSConnection.__init__(
+ self, host, port=port, key_file=key_file, cert_file=cert_file, strict=strict
+ )
+ self.key_password = None
self.timeout = timeout
self.proxy_info = proxy_info
if ca_certs is None:
@@ -1317,7 +1346,6 @@ class HTTPSConnectionWithTimeout(httplib.HTTPSConnection):
def connect(self):
"Connect to a host on a given (SSL) port."
- msg = "getaddrinfo returns an empty list"
if self.proxy_info and self.proxy_info.isgood():
use_proxy = True
proxy_type, proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass, proxy_headers = (
@@ -1332,6 +1360,8 @@ class HTTPSConnectionWithTimeout(httplib.HTTPSConnection):
host = self.host
port = self.port
+ socket_err = None
+
address_info = socket.getaddrinfo(host, port, 0, socket.SOCK_STREAM)
for family, socktype, proto, canonname, sockaddr in address_info:
try:
@@ -1366,6 +1396,7 @@ class HTTPSConnectionWithTimeout(httplib.HTTPSConnection):
self.ca_certs,
self.ssl_version,
self.host,
+ self.key_password,
)
if self.debuglevel > 0:
print("connect: (%s, %s)" % (self.host, self.port))
@@ -1413,7 +1444,8 @@ class HTTPSConnectionWithTimeout(httplib.HTTPSConnection):
raise
except (socket.timeout, socket.gaierror):
raise
- except socket.error as msg:
+ except socket.error as e:
+ socket_err = e
if self.debuglevel > 0:
print("connect fail: (%s, %s)" % (self.host, self.port))
if use_proxy:
@@ -1436,7 +1468,7 @@ class HTTPSConnectionWithTimeout(httplib.HTTPSConnection):
continue
break
if not self.sock:
- raise socket.error(msg)
+ raise socket_err or socket.error("getaddrinfo returns an empty list")
SCHEME_TO_CONNECTION = {
@@ -1515,7 +1547,10 @@ class AppEngineHttpsConnection(httplib.HTTPSConnection):
ca_certs=None,
disable_ssl_certificate_validation=False,
ssl_version=None,
+ key_password=None,
):
+ if key_password:
+ raise NotSupportedOnThisPlatform("Certificate with password is not supported.")
httplib.HTTPSConnection.__init__(
self,
host,
@@ -1632,10 +1667,14 @@ class Http(object):
# If set to False then no redirects are followed, even safe ones.
self.follow_redirects = True
+ self.redirect_codes = REDIRECT_CODES
+
# Which HTTP methods do we apply optimistic concurrency to, i.e.
# which methods get an "if-match:" etag header added to them.
self.optimistic_concurrency_methods = ["PUT", "PATCH"]
+ self.safe_methods = list(SAFE_METHODS)
+
# If 'follow_redirects' is True, and this is set to True then
# all redirecs are followed, including unsafe ones.
self.follow_all_redirects = False
@@ -1649,6 +1688,16 @@ class Http(object):
# Keep Authorization: headers on a redirect.
self.forward_authorization_headers = False
+ def close(self):
+ """Close persistent connections, clear sensitive data.
+ Not thread-safe, requires external synchronization against concurrent requests.
+ """
+ existing, self.connections = self.connections, {}
+ for _, c in existing.iteritems():
+ c.close()
+ self.certificates.clear()
+ self.clear_credentials()
+
def __getstate__(self):
state_dict = copy.copy(self.__dict__)
# In case request is augmented by some foreign object such as
@@ -1680,10 +1729,10 @@ class Http(object):
any time a request requires authentication."""
self.credentials.add(name, password, domain)
- def add_certificate(self, key, cert, domain):
+ def add_certificate(self, key, cert, domain, password=None):
"""Add a key and cert that will be used
any time a request requires authentication."""
- self.certificates.add(key, cert, domain)
+ self.certificates.add(key, cert, domain, password)
def clear_credentials(self):
"""Remove all the names and passwords
@@ -1819,10 +1868,10 @@ class Http(object):
if (
self.follow_all_redirects
- or (method in ["GET", "HEAD"])
- or response.status == 303
+ or method in self.safe_methods
+ or response.status in (303, 308)
):
- if self.follow_redirects and response.status in [300, 301, 302, 303, 307]:
+ if self.follow_redirects and response.status in self.redirect_codes:
# Pick out the location header and basically start from the beginning
# remembering first to strip the ETag header and decrement our 'depth'
if redirections:
@@ -1842,7 +1891,7 @@ class Http(object):
response["location"] = urlparse.urljoin(
absolute_uri, location
)
- if response.status == 301 and method in ["GET", "HEAD"]:
+ if response.status == 308 or (response.status == 301 and method in self.safe_methods):
response["-x-permanent-redirect-url"] = response["location"]
if "content-location" not in response:
response["content-location"] = absolute_uri
@@ -1879,7 +1928,7 @@ class Http(object):
response,
content,
)
- elif response.status in [200, 203] and method in ["GET", "HEAD"]:
+ elif response.status in [200, 203] and method in self.safe_methods:
# Don't cache 206's since we aren't going to handle byte range requests
if "content-location" not in response:
response["content-location"] = absolute_uri
@@ -1925,7 +1974,7 @@ class Http(object):
a string that contains the response entity body.
"""
conn_key = ''
-
+
try:
if headers is None:
headers = {}
@@ -1958,6 +2007,7 @@ class Http(object):
ca_certs=self.ca_certs,
disable_ssl_certificate_validation=self.disable_ssl_certificate_validation,
ssl_version=self.ssl_version,
+ key_password=certs[0][2],
)
else:
conn = self.connections[conn_key] = connection_type(
@@ -1978,6 +2028,7 @@ class Http(object):
headers["accept-encoding"] = "gzip, deflate"
info = email.Message.Message()
+ cachekey = None
cached_value = None
if self.cache:
cachekey = defrag_uri.encode("utf-8")
@@ -1998,8 +2049,6 @@ class Http(object):
self.cache.delete(cachekey)
cachekey = None
cached_value = None
- else:
- cachekey = None
if (
method in self.optimistic_concurrency_methods
@@ -2011,13 +2060,15 @@ class Http(object):
# http://www.w3.org/1999/04/Editing/
headers["if-match"] = info["etag"]
- if method not in ["GET", "HEAD"] and self.cache and cachekey:
- # RFC 2616 Section 13.10
+ # https://tools.ietf.org/html/rfc7234
+ # A cache MUST invalidate the effective Request URI as well as [...] Location and Content-Location
+ # when a non-error status code is received in response to an unsafe request method.
+ if self.cache and cachekey and method not in self.safe_methods:
self.cache.delete(cachekey)
# Check the vary header in the cache to see if this request
# matches what varies in the cache.
- if method in ["GET", "HEAD"] and "vary" in info:
+ if method in self.safe_methods and "vary" in info:
vary = info["vary"]
vary_headers = vary.lower().replace(" ", "").split(",")
for header in vary_headers:
@@ -2028,11 +2079,14 @@ class Http(object):
break
if (
- cached_value
- and method in ["GET", "HEAD"]
- and self.cache
+ self.cache
+ and cached_value
+ and (method in self.safe_methods or info["status"] == "308")
and "range" not in headers
):
+ redirect_method = method
+ if info["status"] not in ("307", "308"):
+ redirect_method = "GET"
if "-x-permanent-redirect-url" in info:
# Should cached permanent redirects be counted in our redirection count? For now, yes.
if redirections <= 0:
@@ -2043,7 +2097,7 @@ class Http(object):
)
(response, new_content) = self.request(
info["-x-permanent-redirect-url"],
- method="GET",
+ method=redirect_method,
headers=headers,
redirections=redirections - 1,
)
@@ -2140,7 +2194,7 @@ class Http(object):
conn = self.connections.pop(conn_key, None)
if conn:
conn.close()
-
+
if self.force_exception_to_status_code:
if isinstance(e, HttpLib2ErrorWithResponse):
response = e.response
diff --git a/python2/httplib2/socks.py b/python2/httplib2/socks.py
index 5cef77606cf39b766d30204edae97fa9d531c196..71eb4ebf96ee1122c4a2711f6762e4e4529f863c 100644
--- a/python2/httplib2/socks.py
+++ b/python2/httplib2/socks.py
@@ -238,7 +238,15 @@ class socksocket(socket.socket):
headers - Additional or modified headers for the proxy connect
request.
"""
- self.__proxy = (proxytype, addr, port, rdns, username, password, headers)
+ self.__proxy = (
+ proxytype,
+ addr,
+ port,
+ rdns,
+ username.encode() if username else None,
+ password.encode() if password else None,
+ headers,
+ )
def __negotiatesocks5(self, destaddr, destport):
"""__negotiatesocks5(self,destaddr,destport)
diff --git a/python3/httplib2.egg-info/PKG-INFO b/python3/httplib2.egg-info/PKG-INFO
index 91c95b4fb7e870923ee9bea284583d8d52ab6414..d4feabef7dceb9b1319ea14705f9a6d6396150ef 100644
--- a/python3/httplib2.egg-info/PKG-INFO
+++ b/python3/httplib2.egg-info/PKG-INFO
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: httplib2
-Version: 0.14.0
+Version: 0.17.4
Summary: A comprehensive HTTP client library.
Home-page: https://github.com/httplib2/httplib2
Author: Joe Gregorio
diff --git a/python3/httplib2.egg-info/SOURCES.txt b/python3/httplib2.egg-info/SOURCES.txt
index e6010c7afacd716504734ad362852afd16796bf8..fa56dba12f35e271a60ad3482945d787494c5538 100644
--- a/python3/httplib2.egg-info/SOURCES.txt
+++ b/python3/httplib2.egg-info/SOURCES.txt
@@ -29,4 +29,89 @@ python3/httplib2.egg-info/PKG-INFO
python3/httplib2.egg-info/SOURCES.txt
python3/httplib2.egg-info/dependency_links.txt
python3/httplib2.egg-info/top_level.txt
-python3/httplib2/test/other_cacerts.txt
\ No newline at end of file
+python3/httplib2/test/other_cacerts.txt
+test/.htaccess
+test/test.asis
+test/300/final-destination.txt
+test/300/with-location-header.asis
+test/300/without-location-header.asis
+test/301/final-destination.txt
+test/301/onestep.asis
+test/302/.myhtaccess
+test/302/final-destination.txt
+test/302/no-location.asis
+test/302/onestep.asis
+test/302/twostep.asis
+test/303/303.cgi
+test/303/final-destination.txt
+test/303/redirect-to-header-reflector.cgi
+test/303/redirect-to-reflector.cgi
+test/304/end2end.cgi
+test/304/test_etag.txt
+test/304/last-modified-only/.htaccess
+test/304/last-modified-only/last-modified-only.txt
+test/307/final-destination.txt
+test/307/onestep.asis
+test/410/410.asis
+test/basic/.htaccess
+test/basic/file.txt
+test/basic/passwdfile
+test/basic-nested/.htaccess
+test/basic-nested/file.txt
+test/basic-nested/passwdfile
+test/basic-nested/subdir/.htaccess
+test/basic-nested/subdir/file.txt
+test/basic-nested/subdir/passwdfile
+test/basic2/.htaccess
+test/basic2/file.txt
+test/basic2/passwdfile
+test/conditional-updates/test.cgi
+test/deflate/deflated-content
+test/deflate/deflated-headers.txt
+test/deflate/deflated.asis
+test/deflate/failed-compression.asis
+test/digest/.htaccess
+test/digest/digestpw
+test/digest/file.txt
+test/digest-expire/.htaccess
+test/digest-expire/digestpw
+test/digest-expire/file.txt
+test/duplicate-headers/multilink.asis
+test/gzip/.htaccess
+test/gzip/failed-compression.asis
+test/gzip/final-destination.txt
+test/gzip/post.cgi
+test/methods/method_reflector.cgi
+test/no-store/no-store.asis
+test/reflector/reflector.cgi
+test/timeout/timeout.cgi
+test/user-agent/test.cgi
+test/vary/accept-double.asis
+test/vary/accept.asis
+test/vary/no-vary.asis
+test/vary/unused-header.asis
+tests/__init__.py
+tests/test_auth.py
+tests/test_cacerts_from_env.py
+tests/test_cache.py
+tests/test_encoding.py
+tests/test_http.py
+tests/test_https.py
+tests/test_other.py
+tests/test_proxy.py
+tests/test_uri.py
+tests/tls/ca.key
+tests/tls/ca.pem
+tests/tls/ca.srl
+tests/tls/ca_unused.pem
+tests/tls/client.crt
+tests/tls/client.key
+tests/tls/client.pem
+tests/tls/client_chain.pem
+tests/tls/client_encrypted.crt
+tests/tls/client_encrypted.key
+tests/tls/client_encrypted.pem
+tests/tls/server.crt
+tests/tls/server.key
+tests/tls/server.pem
+tests/tls/server_chain.pem
\ No newline at end of file
diff --git a/python3/httplib2/__init__.py b/python3/httplib2/__init__.py
index 4312f300914a58a1862a5a07739df56b49289ec3..8785cc18e01f3fa8c9031d71bdf0fcd9dc5a7c84 100644
--- a/python3/httplib2/__init__.py
+++ b/python3/httplib2/__init__.py
@@ -15,7 +15,7 @@ __contributors__ = [
"Alex Yu",
]
__license__ = "MIT"
-__version__ = '0.14.0'
+__version__ = '0.17.4'
import base64
import calendar
@@ -161,6 +161,13 @@ HOP_BY_HOP = [
"upgrade",
]
+# https://tools.ietf.org/html/rfc7231#section-8.1.3
+SAFE_METHODS = ("GET", "HEAD", "OPTIONS", "TRACE")
+
+# To change, assign to `Http().redirect_codes`
+REDIRECT_CODES = frozenset((300, 301, 302, 303, 307, 308))
+
+
from httplib2 import certs
CA_CERTS = certs.where()
@@ -175,7 +182,7 @@ DEFAULT_TLS_VERSION = getattr(ssl, "PROTOCOL_TLS", None) or getattr(
def _build_ssl_context(
disable_ssl_certificate_validation, ca_certs, cert_file=None, key_file=None,
- maximum_version=None, minimum_version=None,
+ maximum_version=None, minimum_version=None, key_password=None,
):
if not hasattr(ssl, "SSLContext"):
raise RuntimeError("httplib2 requires Python 3.2+ for ssl.SSLContext")
@@ -207,7 +214,7 @@ def _build_ssl_context(
context.load_verify_locations(ca_certs)
if cert_file:
- context.load_cert_chain(cert_file, key_file)
+ context.load_cert_chain(cert_file, key_file, key_password)
return context
@@ -315,7 +322,7 @@ def _parse_cache_control(headers):
# Whether to use a strict mode to parse WWW-Authenticate headers
# Might lead to bad results in case of ill-formed header value,
# so disabled by default, falling back to relaxed parsing.
-# Set to true to turn on, usefull for testing servers.
+# Set to true to turn on, useful for testing servers.
USE_WWW_AUTH_STRICT_PARSING = 0
# In regex below:
@@ -959,8 +966,13 @@ class Credentials(object):
class KeyCerts(Credentials):
"""Identical to Credentials except that
name/password are mapped to key/cert."""
+ def add(self, key, cert, domain, password):
+ self.credentials.append((domain.lower(), key, cert, password))
- pass
+ def iter(self, domain):
+ for (cdomain, key, cert, password) in self.credentials:
+ if cdomain == "" or domain == cdomain:
+ yield (key, cert, password)
class AllHosts(object):
@@ -999,10 +1011,10 @@ class ProxyInfo(object):
proxy_headers: Additional or modified headers for the proxy connect
request.
"""
- if isinstance(proxy_user, str):
- proxy_user = proxy_user.encode()
- if isinstance(proxy_pass, str):
- proxy_pass = proxy_pass.encode()
+ if isinstance(proxy_user, bytes):
+ proxy_user = proxy_user.decode()
+ if isinstance(proxy_pass, bytes):
+ proxy_pass = proxy_pass.decode()
self.proxy_type, self.proxy_host, self.proxy_port, self.proxy_rdns, self.proxy_user, self.proxy_pass, self.proxy_headers = (
proxy_type,
proxy_host,
@@ -1245,6 +1257,7 @@ class HTTPSConnectionWithTimeout(http.client.HTTPSConnection):
disable_ssl_certificate_validation=False,
tls_maximum_version=None,
tls_minimum_version=None,
+ key_password=None,
):
self.disable_ssl_certificate_validation = disable_ssl_certificate_validation
@@ -1257,19 +1270,21 @@ class HTTPSConnectionWithTimeout(http.client.HTTPSConnection):
context = _build_ssl_context(
self.disable_ssl_certificate_validation, self.ca_certs, cert_file, key_file,
maximum_version=tls_maximum_version, minimum_version=tls_minimum_version,
+ key_password=key_password,
)
super(HTTPSConnectionWithTimeout, self).__init__(
host,
port=port,
- key_file=key_file,
- cert_file=cert_file,
timeout=timeout,
context=context,
)
+ self.key_file = key_file
+ self.cert_file = cert_file
+ self.key_password = key_password
def connect(self):
"""Connect to a host on a given (SSL) port."""
- if self.proxy_info and self.proxy_info.isgood():
+ if self.proxy_info and self.proxy_info.isgood() and self.proxy_info.applies_to(self.host):
use_proxy = True
proxy_type, proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass, proxy_headers = (
self.proxy_info.astuple()
@@ -1351,7 +1366,7 @@ class HTTPSConnectionWithTimeout(http.client.HTTPSConnection):
except socket.error as e:
socket_err = e
if self.debuglevel > 0:
- print("connect fail: ({0}, {1})".format((self.host, self.port)))
+ print("connect fail: ({0}, {1})".format(self.host, self.port))
if use_proxy:
print(
"proxy: {0}".format(
@@ -1459,10 +1474,14 @@ class Http(object):
# If set to False then no redirects are followed, even safe ones.
self.follow_redirects = True
+ self.redirect_codes = REDIRECT_CODES
+
# Which HTTP methods do we apply optimistic concurrency to, i.e.
# which methods get an "if-match:" etag header added to them.
self.optimistic_concurrency_methods = ["PUT", "PATCH"]
+ self.safe_methods = list(SAFE_METHODS)
+
# If 'follow_redirects' is True, and this is set to True then
# all redirecs are followed, including unsafe ones.
self.follow_all_redirects = False
@@ -1476,6 +1495,16 @@ class Http(object):
# Keep Authorization: headers on a redirect.
self.forward_authorization_headers = False
+ def close(self):
+ """Close persistent connections, clear sensitive data.
+ Not thread-safe, requires external synchronization against concurrent requests.
+ """
+ existing, self.connections = self.connections, {}
+ for _, c in existing.items():
+ c.close()
+ self.certificates.clear()
+ self.clear_credentials()
+
def __getstate__(self):
state_dict = copy.copy(self.__dict__)
# In case request is augmented by some foreign object such as
@@ -1507,10 +1536,10 @@ class Http(object):
any time a request requires authentication."""
self.credentials.add(name, password, domain)
- def add_certificate(self, key, cert, domain):
+ def add_certificate(self, key, cert, domain, password=None):
"""Add a key and cert that will be used
any time a request requires authentication."""
- self.certificates.add(key, cert, domain)
+ self.certificates.add(key, cert, domain, password)
def clear_credentials(self):
"""Remove all the names and passwords
@@ -1645,10 +1674,10 @@ class Http(object):
if (
self.follow_all_redirects
- or (method in ["GET", "HEAD"])
- or response.status == 303
+ or method in self.safe_methods
+ or response.status in (303, 308)
):
- if self.follow_redirects and response.status in [300, 301, 302, 303, 307]:
+ if self.follow_redirects and response.status in self.redirect_codes:
# Pick out the location header and basically start from the beginning
# remembering first to strip the ETag header and decrement our 'depth'
if redirections:
@@ -1668,7 +1697,7 @@ class Http(object):
response["location"] = urllib.parse.urljoin(
absolute_uri, location
)
- if response.status == 301 and method in ["GET", "HEAD"]:
+ if response.status == 308 or (response.status == 301 and (method in self.safe_methods)):
response["-x-permanent-redirect-url"] = response["location"]
if "content-location" not in response:
response["content-location"] = absolute_uri
@@ -1705,7 +1734,7 @@ class Http(object):
response,
content,
)
- elif response.status in [200, 203] and method in ["GET", "HEAD"]:
+ elif response.status in [200, 203] and method in self.safe_methods:
# Don't cache 206's since we aren't going to handle byte range requests
if "content-location" not in response:
response["content-location"] = absolute_uri
@@ -1782,6 +1811,7 @@ a string that contains the response entity body.
disable_ssl_certificate_validation=self.disable_ssl_certificate_validation,
tls_maximum_version=self.tls_maximum_version,
tls_minimum_version=self.tls_minimum_version,
+ key_password=certs[0][2],
)
else:
conn = self.connections[conn_key] = connection_type(
@@ -1803,6 +1833,7 @@ a string that contains the response entity body.
headers["accept-encoding"] = "gzip, deflate"
info = email.message.Message()
+ cachekey = None
cached_value = None
if self.cache:
cachekey = defrag_uri
@@ -1820,8 +1851,6 @@ a string that contains the response entity body.
self.cache.delete(cachekey)
cachekey = None
cached_value = None
- else:
- cachekey = None
if (
method in self.optimistic_concurrency_methods
@@ -1833,13 +1862,15 @@ a string that contains the response entity body.
# http://www.w3.org/1999/04/Editing/
headers["if-match"] = info["etag"]
- if method not in ["GET", "HEAD"] and self.cache and cachekey:
- # RFC 2616 Section 13.10
+ # https://tools.ietf.org/html/rfc7234
+ # A cache MUST invalidate the effective Request URI as well as [...] Location and Content-Location
+ # when a non-error status code is received in response to an unsafe request method.
+ if self.cache and cachekey and method not in self.safe_methods:
self.cache.delete(cachekey)
# Check the vary header in the cache to see if this request
# matches what varies in the cache.
- if method in ["GET", "HEAD"] and "vary" in info:
+ if method in self.safe_methods and "vary" in info:
vary = info["vary"]
vary_headers = vary.lower().replace(" ", "").split(",")
for header in vary_headers:
@@ -1850,11 +1881,14 @@ a string that contains the response entity body.
break
if (
- cached_value
- and method in ["GET", "HEAD"]
- and self.cache
+ self.cache
+ and cached_value
+ and (method in self.safe_methods or info["status"] == "308")
and "range" not in headers
):
+ redirect_method = method
+ if info["status"] not in ("307", "308"):
+ redirect_method = "GET"
if "-x-permanent-redirect-url" in info:
# Should cached permanent redirects be counted in our redirection count? For now, yes.
if redirections <= 0:
@@ -1865,7 +1899,7 @@ a string that contains the response entity body.
)
(response, new_content) = self.request(
info["-x-permanent-redirect-url"],
- method="GET",
+ method=redirect_method,
headers=headers,
redirections=redirections - 1,
)
diff --git a/python3/httplib2/socks.py b/python3/httplib2/socks.py
index 2926b4e57f860ed1db6e958972ac020658aaa58d..cc68e634c7def34dbf2dd0be8b0cca17970a73f9 100644
--- a/python3/httplib2/socks.py
+++ b/python3/httplib2/socks.py
@@ -238,7 +238,15 @@ class socksocket(socket.socket):
headers - Additional or modified headers for the proxy connect
request.
"""
- self.__proxy = (proxytype, addr, port, rdns, username, password, headers)
+ self.__proxy = (
+ proxytype,
+ addr,
+ port,
+ rdns,
+ username.encode() if username else None,
+ password.encode() if password else None,
+ headers,
+ )
def __negotiatesocks5(self, destaddr, destport):
"""__negotiatesocks5(self,destaddr,destport)
diff --git a/setup.py b/setup.py
index db1db615c7fe7382015cb4573a0c1375380fbdca..c7111764e955d254c88d079bb0e22c0f04accca8 100755
--- a/setup.py
+++ b/setup.py
@@ -4,7 +4,7 @@ import setuptools.command.test
import sys
pkgdir = {"": "python%s" % sys.version_info[0]}
-VERSION = '0.14.0'
+VERSION = '0.17.4'
# `python setup.py test` uses existing Python environment, no virtualenv, no pip.
diff --git a/test/.htaccess b/test/.htaccess
new file mode 100755
index 0000000000000000000000000000000000000000..863f8e41d3fbd280b0d6e8372c36b7dd4527a696
--- /dev/null
+++ b/test/.htaccess
@@ -0,0 +1,8 @@
+AddHandler cgi-script .asis
+Options +ExecCGI +Indexes
+ExpiresActive On
+ExpiresDefault "access plus 2 hours"
+<IfModule mod_security.c>
+SecFilterEngine Off
+SecFilterScanPOST off
+</IfModule>
diff --git a/test/300/final-destination.txt b/test/300/final-destination.txt
new file mode 100755
index 0000000000000000000000000000000000000000..4ffba65e22551d619172f6fe904bda47a9e1f05a
--- /dev/null
+++ b/test/300/final-destination.txt
@@ -0,0 +1 @@
+This is the final destination.
diff --git a/test/300/with-location-header.asis b/test/300/with-location-header.asis
new file mode 100755
index 0000000000000000000000000000000000000000..8f2e9c2cafcf21484350b92931b38c1c1df23588
--- /dev/null
+++ b/test/300/with-location-header.asis
@@ -0,0 +1,5 @@
+#!/usr/bin/tail --lines=+2
+Status: 300 Mutliple Choices
+Location: http://bitworking.org/projects/httplib2/test/300/final-destination.txt
+
+
diff --git a/test/300/without-location-header.asis b/test/300/without-location-header.asis
new file mode 100755
index 0000000000000000000000000000000000000000..dae30557a2e2bb27ffa8696ce751422b3c4ce284
--- /dev/null
+++ b/test/300/without-location-header.asis
@@ -0,0 +1,12 @@
+#!/usr/bin/tail --lines=+2
+Status: 300 Mutliple Choices
+Content-Type: text/html
+
+<html>
+ <body>
+ <ol>
+ <li><a href="http://example.com/">Choice A</a></li>
+ <li><a href="http://example.org">Choice B</a></li>
+ </ol>
+ </body>
+</html>
diff --git a/test/301/final-destination.txt b/test/301/final-destination.txt
new file mode 100755
index 0000000000000000000000000000000000000000..4ffba65e22551d619172f6fe904bda47a9e1f05a
--- /dev/null
+++ b/test/301/final-destination.txt
@@ -0,0 +1 @@
+This is the final destination.
diff --git a/test/301/onestep.asis b/test/301/onestep.asis
new file mode 100755
index 0000000000000000000000000000000000000000..9d8be495b6898bf3708919b6e3c7121e18c03bd6
--- /dev/null
+++ b/test/301/onestep.asis
@@ -0,0 +1,15 @@
+#!/usr/bin/tail --lines=+2
+Status: 301 Now where did I leave that URL
+Location: http://bitworking.org/projects/httplib2/test/302/final-destination.txt
+Content-type: text/html
+
+<html>
+<head>
+<title>Lame excuses'R'us</title>
+</head>
+<body>
+<h1>Fred's exceptionally wonderful page has moved to
+<a href="http://example.com/foo/bar.html">Joe's</a> site.
+</h1>
+</body>
+</html>
diff --git a/test/302/.myhtaccess b/test/302/.myhtaccess
new file mode 100644
index 0000000000000000000000000000000000000000..844154fbe6113fa7a2926ff72713365bed6bad77
--- /dev/null
+++ b/test/302/.myhtaccess
@@ -0,0 +1 @@
+Redirect temp onestep final-destination.txt
diff --git a/test/302/final-destination.txt b/test/302/final-destination.txt
new file mode 100755
index 0000000000000000000000000000000000000000..4ffba65e22551d619172f6fe904bda47a9e1f05a
--- /dev/null
+++ b/test/302/final-destination.txt
@@ -0,0 +1 @@
+This is the final destination.
diff --git a/test/302/no-location.asis b/test/302/no-location.asis
new file mode 100755
index 0000000000000000000000000000000000000000..8ffaac34c7fcf73e250fa69aad9bb551fd9dd297
--- /dev/null
+++ b/test/302/no-location.asis
@@ -0,0 +1,7 @@
+#!/usr/bin/tail --lines=+2
+Content-Type: text/plain
+Status: 302 Found
+
+This is content.
+Note there is no Location header given.
+This should err.
diff --git a/test/302/onestep.asis b/test/302/onestep.asis
new file mode 100755
index 0000000000000000000000000000000000000000..e5ef8650bc854542d3443a677fdfb1c30494c34e
--- /dev/null
+++ b/test/302/onestep.asis
@@ -0,0 +1,15 @@
+#!/usr/bin/tail --lines=+2
+Status: 302 Now where did I leave that URL
+Location: http://bitworking.org/projects/httplib2/test/302/final-destination.txt
+Content-type: text/html
+
+<html>
+<head>
+<title>Lame excuses'R'us</title>
+</head>
+<body>
+<h1>Fred's exceptionally wonderful page has moved to
+<a href="http://example.com/foo/bar.html">Joe's</a> site.
+</h1>
+</body>
+</html>
diff --git a/test/302/twostep.asis b/test/302/twostep.asis
new file mode 100755
index 0000000000000000000000000000000000000000..62daab5d86e461a2f414c75a0bfd6587b39011b5
--- /dev/null
+++ b/test/302/twostep.asis
@@ -0,0 +1,15 @@
+#!/usr/bin/tail --lines=+2
+Status: 302 Now where did I leave that URL
+Location: http://bitworking.org/projects/httplib2/test/302/onestep.asis
+Content-type: text/html
+
+<html>
+<head>
+<title>Lame excuses'R'us</title>
+</head>
+<body>
+<h1>Fred's exceptionally wonderful page has moved to
+<a href="http://example.com/foo/bar.html">Joe's</a> site.
+</h1>
+</body>
+</html>
diff --git a/test/303/303.cgi b/test/303/303.cgi
new file mode 100755
index 0000000000000000000000000000000000000000..c6500b8d40cd844df3410cf6043183b8cf5a5acb
--- /dev/null
+++ b/test/303/303.cgi
@@ -0,0 +1,13 @@
+#!/usr/bin/env python
+import os
+
+# Always returns an empty response body
+# and adds in the X-Method: header with the
+# method that was sent to the CGI
+
+print "Status: 303 See Other"
+print "Location: http://bitworking.org/projects/httplib2/test/303/final-destination.txt"
+print "X-Method: %s" % os.environ['REQUEST_METHOD']
+print ""
+
+
diff --git a/test/303/final-destination.txt b/test/303/final-destination.txt
new file mode 100755
index 0000000000000000000000000000000000000000..4ffba65e22551d619172f6fe904bda47a9e1f05a
--- /dev/null
+++ b/test/303/final-destination.txt
@@ -0,0 +1 @@
+This is the final destination.
diff --git a/test/303/redirect-to-header-reflector.cgi b/test/303/redirect-to-header-reflector.cgi
new file mode 100644
index 0000000000000000000000000000000000000000..e06b1669224440c52cffcc47b57670431946737e
--- /dev/null
+++ b/test/303/redirect-to-header-reflector.cgi
@@ -0,0 +1,13 @@
+#!/usr/bin/env python
+import os
+
+# Always returns an empty response body
+# and adds in the X-Method: header with the
+# method that was sent to the CGI
+
+print "Status: 303 See Other"
+print "Location: http://bitworking.org/projects/httplib2/test/reflector/reflector.cgi"
+print "X-Method: %s" % os.environ['REQUEST_METHOD']
+print ""
+
+
diff --git a/test/303/redirect-to-reflector.cgi b/test/303/redirect-to-reflector.cgi
new file mode 100755
index 0000000000000000000000000000000000000000..b42100a04ddc0715454d569dbab89004b5ae6e1e
--- /dev/null
+++ b/test/303/redirect-to-reflector.cgi
@@ -0,0 +1,13 @@
+#!/usr/bin/env python
+import os
+
+# Always returns an empty response body
+# and adds in the X-Method: header with the
+# method that was sent to the CGI
+
+print "Status: 303 See Other"
+print "Location: http://bitworking.org/projects/httplib2/test/methods/method_reflector.cgi"
+print "X-Method: %s" % os.environ['REQUEST_METHOD']
+print ""
+
+
diff --git a/test/304/end2end.cgi b/test/304/end2end.cgi
new file mode 100755
index 0000000000000000000000000000000000000000..f158f6639775cfc20f86fe014bd8a0ae2f3c21d5
--- /dev/null
+++ b/test/304/end2end.cgi
@@ -0,0 +1,13 @@
+#!/usr/bin/env python
+import os
+
+
+etag = os.environ.get("HTTP_IF_NONE_MATCH", None)
+if etag:
+ print "Status: 304 Not Modified"
+else:
+ print "Status: 200 Ok"
+ print 'ETag: "123456779"'
+ print "Content-Type: text/html"
+ print ""
+ print "<html></html>"
diff --git a/test/304/last-modified-only/.htaccess b/test/304/last-modified-only/.htaccess
new file mode 100755
index 0000000000000000000000000000000000000000..7ec3ed9d4bd4f186926bac514c85823156539510
--- /dev/null
+++ b/test/304/last-modified-only/.htaccess
@@ -0,0 +1 @@
+FileETag None
diff --git a/test/304/last-modified-only/last-modified-only.txt b/test/304/last-modified-only/last-modified-only.txt
new file mode 100755
index 0000000000000000000000000000000000000000..baad07385e069754b4ab7cb77d620ac38c1f27f1
--- /dev/null
+++ b/test/304/last-modified-only/last-modified-only.txt
@@ -0,0 +1 @@
+This file should automatically get an ETag from Apache.
diff --git a/test/304/test_etag.txt b/test/304/test_etag.txt
new file mode 100755
index 0000000000000000000000000000000000000000..baad07385e069754b4ab7cb77d620ac38c1f27f1
--- /dev/null
+++ b/test/304/test_etag.txt
@@ -0,0 +1 @@
+This file should automatically get an ETag from Apache.
diff --git a/test/307/final-destination.txt b/test/307/final-destination.txt
new file mode 100755
index 0000000000000000000000000000000000000000..4ffba65e22551d619172f6fe904bda47a9e1f05a
--- /dev/null
+++ b/test/307/final-destination.txt
@@ -0,0 +1 @@
+This is the final destination.
diff --git a/test/307/onestep.asis b/test/307/onestep.asis
new file mode 100755
index 0000000000000000000000000000000000000000..eb5385858e130973ff25f5eaa66c0ba90dada0e5
--- /dev/null
+++ b/test/307/onestep.asis
@@ -0,0 +1,15 @@
+#!/usr/bin/tail --lines=+2
+Status: 307 Temporary Redirect
+Location: http://bitworking.org/projects/httplib2/test/307/final-destination.txt
+Content-type: text/html
+
+<html>
+<head>
+<title>Lame excuses'R'us</title>
+</head>
+<body>
+<h1>Fred's exceptionally wonderful page has moved to
+<a href="http://example.com/foo/bar.html">Joe's</a> site.
+</h1>
+</body>
+</html>
diff --git a/test/410/410.asis b/test/410/410.asis
new file mode 100755
index 0000000000000000000000000000000000000000..d3827d22cf7d7fd689d3598fabbecf62d68648fc
--- /dev/null
+++ b/test/410/410.asis
@@ -0,0 +1,12 @@
+#!/usr/bin/tail --lines=+2
+Status: 410 Gone
+Content-type: text/html
+
+<html>
+<head>
+<title>Gone</title>
+</head>
+<body>
+<h1>Don't request me again.</h1>
+</body>
+</html>
diff --git a/test/basic-nested/.htaccess b/test/basic-nested/.htaccess
new file mode 100755
index 0000000000000000000000000000000000000000..32b52525c383f33296674fdfc0e90f6f88797bca
--- /dev/null
+++ b/test/basic-nested/.htaccess
@@ -0,0 +1,4 @@
+AuthUserFile /home/jcgregorio/webapps/bitworking/projects/httplib2/test/basic/passwdfile
+AuthName "a realm with spaces"
+AuthType Basic
+require valid-user
diff --git a/test/basic-nested/file.txt b/test/basic-nested/file.txt
new file mode 100755
index 0000000000000000000000000000000000000000..395b52f93374cb60f28e01b37229b889b0ade428
--- /dev/null
+++ b/test/basic-nested/file.txt
@@ -0,0 +1,2 @@
+This is the content.
+
diff --git a/test/basic-nested/passwdfile b/test/basic-nested/passwdfile
new file mode 100755
index 0000000000000000000000000000000000000000..7de4f2389a4ee09f5efdecdafc2a273e17b9af40
--- /dev/null
+++ b/test/basic-nested/passwdfile
@@ -0,0 +1 @@
+joe:J5h11U4s90MWc
diff --git a/test/basic-nested/subdir/.htaccess b/test/basic-nested/subdir/.htaccess
new file mode 100755
index 0000000000000000000000000000000000000000..1bb62ed2d79be5499bdacf6ebac2fc2c7c11058e
--- /dev/null
+++ b/test/basic-nested/subdir/.htaccess
@@ -0,0 +1,4 @@
+AuthUserFile /home/jcgregorio/webapps/bitworking/projects/httplib2/test/basic2/passwdfile
+AuthName "justarealm"
+AuthType Basic
+require valid-user
diff --git a/test/basic-nested/subdir/file.txt b/test/basic-nested/subdir/file.txt
new file mode 100755
index 0000000000000000000000000000000000000000..395b52f93374cb60f28e01b37229b889b0ade428
--- /dev/null
+++ b/test/basic-nested/subdir/file.txt
@@ -0,0 +1,2 @@
+This is the content.
+
diff --git a/test/basic-nested/subdir/passwdfile b/test/basic-nested/subdir/passwdfile
new file mode 100755
index 0000000000000000000000000000000000000000..2ddbadcb5f17206ac94d452b6799b0f81fe6fab9
--- /dev/null
+++ b/test/basic-nested/subdir/passwdfile
@@ -0,0 +1 @@
+fred:TBd7idzkX/v6Q
diff --git a/test/basic/.htaccess b/test/basic/.htaccess
new file mode 100755
index 0000000000000000000000000000000000000000..32b52525c383f33296674fdfc0e90f6f88797bca
--- /dev/null
+++ b/test/basic/.htaccess
@@ -0,0 +1,4 @@
+AuthUserFile /home/jcgregorio/webapps/bitworking/projects/httplib2/test/basic/passwdfile
+AuthName "a realm with spaces"
+AuthType Basic
+require valid-user
diff --git a/test/basic/file.txt b/test/basic/file.txt
new file mode 100755
index 0000000000000000000000000000000000000000..395b52f93374cb60f28e01b37229b889b0ade428
--- /dev/null
+++ b/test/basic/file.txt
@@ -0,0 +1,2 @@
+This is the content.
+
diff --git a/test/basic/passwdfile b/test/basic/passwdfile
new file mode 100755
index 0000000000000000000000000000000000000000..7de4f2389a4ee09f5efdecdafc2a273e17b9af40
--- /dev/null
+++ b/test/basic/passwdfile
@@ -0,0 +1 @@
+joe:J5h11U4s90MWc
diff --git a/test/basic2/.htaccess b/test/basic2/.htaccess
new file mode 100755
index 0000000000000000000000000000000000000000..1bb62ed2d79be5499bdacf6ebac2fc2c7c11058e
--- /dev/null
+++ b/test/basic2/.htaccess
@@ -0,0 +1,4 @@
+AuthUserFile /home/jcgregorio/webapps/bitworking/projects/httplib2/test/basic2/passwdfile
+AuthName "justarealm"
+AuthType Basic
+require valid-user
diff --git a/test/basic2/file.txt b/test/basic2/file.txt
new file mode 100755
index 0000000000000000000000000000000000000000..395b52f93374cb60f28e01b37229b889b0ade428
--- /dev/null
+++ b/test/basic2/file.txt
@@ -0,0 +1,2 @@
+This is the content.
+
diff --git a/test/basic2/passwdfile b/test/basic2/passwdfile
new file mode 100755
index 0000000000000000000000000000000000000000..2ddbadcb5f17206ac94d452b6799b0f81fe6fab9
--- /dev/null
+++ b/test/basic2/passwdfile
@@ -0,0 +1 @@
+fred:TBd7idzkX/v6Q
diff --git a/test/conditional-updates/test.cgi b/test/conditional-updates/test.cgi
new file mode 100755
index 0000000000000000000000000000000000000000..45b2131a0c6ba503606a3567538af1aca4d2cc6b
--- /dev/null
+++ b/test/conditional-updates/test.cgi
@@ -0,0 +1,28 @@
+#!/usr/bin/env python
+import os
+
+# Always returns an empty response body
+# and adds in the X-Method: header with the
+# method that was sent to the CGI
+
+method = os.environ['REQUEST_METHOD']
+if "GET" == method:
+ if "123456789" == os.environ.get('HTTP_IF_NONE_MATCH', ''):
+ print "Status: 304 Not Modified"
+ else:
+ print "Status: 200 Ok"
+ print "ETag: 123456789"
+ print ""
+elif method in ["PUT", "PATCH", "DELETE"]:
+ if "123456789" == os.environ.get('HTTP_IF_MATCH', ''):
+ print "Status: 200 Ok"
+ print ""
+ else:
+ print "Status: 412 Precondition Failed"
+ print ""
+else:
+ print "Status: 405 Method Not Allowed"
+ print ""
+
+
+
diff --git a/test/deflate/deflated-content b/test/deflate/deflated-content
new file mode 100644
index 0000000000000000000000000000000000000000..4a548b499cd15af90003563325c04a228467e1b2
Binary files /dev/null and b/test/deflate/deflated-content differ
diff --git a/test/deflate/deflated-headers.txt b/test/deflate/deflated-headers.txt
new file mode 100755
index 0000000000000000000000000000000000000000..54409ad965dd2f8440907b2ab73a661103e856f0
--- /dev/null
+++ b/test/deflate/deflated-headers.txt
@@ -0,0 +1,3 @@
+Content-type: text/plain
+Content-Encoding: deflate
+
diff --git a/test/deflate/deflated.asis b/test/deflate/deflated.asis
new file mode 100755
index 0000000000000000000000000000000000000000..607286aa9baf14652393c72f864c3628f789521e
Binary files /dev/null and b/test/deflate/deflated.asis differ
diff --git a/test/deflate/failed-compression.asis b/test/deflate/failed-compression.asis
new file mode 100755
index 0000000000000000000000000000000000000000..4256c2ef41942682d360b33b12d20b479f83c6bb
--- /dev/null
+++ b/test/deflate/failed-compression.asis
@@ -0,0 +1,6 @@
+#!/usr/bin/tail --lines=+2
+Content-Encoding: gzip
+Content-Type: text/plain
+Status: 200 Ok
+
+This is obviously not compressed.
diff --git a/test/digest-expire/.htaccess b/test/digest-expire/.htaccess
new file mode 100755
index 0000000000000000000000000000000000000000..fb62e51d9b64bc59da43f228de804c099a344c65
--- /dev/null
+++ b/test/digest-expire/.htaccess
@@ -0,0 +1,5 @@
+AuthType Digest
+AuthDigestNonceLifetime 1
+AuthName "myrealm"
+AuthUserFile /home/jcgregorio/webapps/bitworking/projects/httplib2/test/digest/digestpw
+Require valid-user
diff --git a/test/digest-expire/digestpw b/test/digest-expire/digestpw
new file mode 100755
index 0000000000000000000000000000000000000000..fcdc74f9430544d8d327dd7b1d5b89bdc5b970ca
--- /dev/null
+++ b/test/digest-expire/digestpw
@@ -0,0 +1 @@
+joe:myrealm:079c7228d541e1b282713f4c146de5e7
diff --git a/test/digest-expire/file.txt b/test/digest-expire/file.txt
new file mode 100755
index 0000000000000000000000000000000000000000..d39bb09e22ee4973658a52d87369efdcba6a96bb
--- /dev/null
+++ b/test/digest-expire/file.txt
@@ -0,0 +1 @@
+This is spinal tap.
diff --git a/test/digest/.htaccess b/test/digest/.htaccess
new file mode 100755
index 0000000000000000000000000000000000000000..a3cf9c8a1215e800e05bed00d9e86f4c20cd9b1b
--- /dev/null
+++ b/test/digest/.htaccess
@@ -0,0 +1,4 @@
+AuthType Digest
+AuthName "myrealm"
+AuthUserFile /home/jcgregorio/webapps/bitworking/projects/httplib2/test/digest/digestpw
+Require valid-user
diff --git a/test/digest/digestpw b/test/digest/digestpw
new file mode 100755
index 0000000000000000000000000000000000000000..fcdc74f9430544d8d327dd7b1d5b89bdc5b970ca
--- /dev/null
+++ b/test/digest/digestpw
@@ -0,0 +1 @@
+joe:myrealm:079c7228d541e1b282713f4c146de5e7
diff --git a/test/digest/file.txt b/test/digest/file.txt
new file mode 100755
index 0000000000000000000000000000000000000000..d39bb09e22ee4973658a52d87369efdcba6a96bb
--- /dev/null
+++ b/test/digest/file.txt
@@ -0,0 +1 @@
+This is spinal tap.
diff --git a/test/duplicate-headers/multilink.asis b/test/duplicate-headers/multilink.asis
new file mode 100755
index 0000000000000000000000000000000000000000..b7290351a2dd4eb84f646e48173b39863e676763
--- /dev/null
+++ b/test/duplicate-headers/multilink.asis
@@ -0,0 +1,7 @@
+#!/usr/bin/tail --lines=+2
+Link: <http://bitworking.org>; rel="home"; title="BitWorking"
+Link: <http://bitworking.org/index.rss>; rel="feed"; title="BitWorking"
+Content-Type: text/plain
+Status: 200 Ok
+
+This is content
diff --git a/test/gzip/.htaccess b/test/gzip/.htaccess
new file mode 100755
index 0000000000000000000000000000000000000000..fedf381b7e92dd2cd448c414d496139c1cba775f
--- /dev/null
+++ b/test/gzip/.htaccess
@@ -0,0 +1 @@
+AddOutputFilterByType DEFLATE text/html text/plain
diff --git a/test/gzip/failed-compression.asis b/test/gzip/failed-compression.asis
new file mode 100755
index 0000000000000000000000000000000000000000..4256c2ef41942682d360b33b12d20b479f83c6bb
--- /dev/null
+++ b/test/gzip/failed-compression.asis
@@ -0,0 +1,6 @@
+#!/usr/bin/tail --lines=+2
+Content-Encoding: gzip
+Content-Type: text/plain
+Status: 200 Ok
+
+This is obviously not compressed.
diff --git a/test/gzip/final-destination.txt b/test/gzip/final-destination.txt
new file mode 100755
index 0000000000000000000000000000000000000000..4ffba65e22551d619172f6fe904bda47a9e1f05a
--- /dev/null
+++ b/test/gzip/final-destination.txt
@@ -0,0 +1 @@
+This is the final destination.
diff --git a/test/gzip/post.cgi b/test/gzip/post.cgi
new file mode 100755
index 0000000000000000000000000000000000000000..8a037270722bc45be9ec0678aa0d8ede2388727e
--- /dev/null
+++ b/test/gzip/post.cgi
@@ -0,0 +1,12 @@
+#!/usr/bin/env python
+import zlib
+import os
+from StringIO import StringIO
+
+# Always returns a gzipped response body
+print "Status: 200 Ok"
+print ""
+
+print(zlib.compress('This is a compressed string'))
+
+
diff --git a/test/methods/method_reflector.cgi b/test/methods/method_reflector.cgi
new file mode 100755
index 0000000000000000000000000000000000000000..ae55af8bf5d15ab11be3e18f7d5dd7c5bb4a6bef
--- /dev/null
+++ b/test/methods/method_reflector.cgi
@@ -0,0 +1,12 @@
+#!/usr/bin/env python
+import os
+
+# Always returns an empty response body
+# and adds in the X-Method: header with the
+# method that was sent to the CGI
+
+print "Status: 200 Ok"
+print "X-Method: %s" % os.environ['REQUEST_METHOD']
+print ""
+
+
diff --git a/test/no-store/no-store.asis b/test/no-store/no-store.asis
new file mode 100755
index 0000000000000000000000000000000000000000..f376778bdf09c8191f1a95e36547594d2756a092
--- /dev/null
+++ b/test/no-store/no-store.asis
@@ -0,0 +1,9 @@
+#!/usr/bin/tail --lines=+2
+Status: 200 Ok
+Last-Modified: Fri, 30 Dec 2005 21:57:33 GMT
+Etag: "11c415a-8826-eb9c2d40"
+Cache-Control: max-age=7200, no-store
+Expires: Mon, 02 Jan 2006 04:06:44 GMT
+Content-Type: text/plain
+
+fred
diff --git a/test/reflector/reflector.cgi b/test/reflector/reflector.cgi
new file mode 100755
index 0000000000000000000000000000000000000000..10c24a5f15877237d1fe1108c300a04641690a1a
--- /dev/null
+++ b/test/reflector/reflector.cgi
@@ -0,0 +1,14 @@
+#!/usr/bin/env python
+import os
+
+# Always returns an empty response body
+# and adds in the X-Method: header with the
+# method that was sent to the CGI
+
+print "Status: 200 Ok"
+print "Content-type: text/plain"
+print 'ETag: "alsjflaksjfasj"'
+print ""
+print "\n".join(["%s=%s" % (key, value) for key, value in os.environ.iteritems()])
+
+
diff --git a/test/test.asis b/test/test.asis
new file mode 100755
index 0000000000000000000000000000000000000000..5cdf3316e715a31b2fc3ee1c84b08c28ed1287b8
--- /dev/null
+++ b/test/test.asis
@@ -0,0 +1,15 @@
+#!/usr/bin/tail --lines=+2
+Status: 301 Now where did I leave that URL
+Location: http://example.com/foo/bar.html
+Content-type: text/html
+
+<html>
+<head>
+<title>Lame excuses'R'us</title>
+</head>
+<body>
+<h1>Fred's exceptionally wonderful page has moved to
+<a href="http://example.com/foo/bar.html">Joe's</a> site.
+</h1>
+</body>
+</html>
diff --git a/test/timeout/timeout.cgi b/test/timeout/timeout.cgi
new file mode 100755
index 0000000000000000000000000000000000000000..07e15c056dcf5fdee1842007af67294631a3bb53
--- /dev/null
+++ b/test/timeout/timeout.cgi
@@ -0,0 +1,15 @@
+#!/usr/bin/env python
+import os
+import time
+
+# Always returns an empty response body
+# and adds in the X-Method: header with the
+# method that was sent to the CGI
+time.sleep(3)
+
+print "Status: 200 Ok"
+print "Content-type: text/plain"
+print ""
+print "3 seconds later"
+
+
diff --git a/test/user-agent/test.cgi b/test/user-agent/test.cgi
new file mode 100755
index 0000000000000000000000000000000000000000..a7b5454f16c79fec16e2275c0931aefa956563fb
--- /dev/null
+++ b/test/user-agent/test.cgi
@@ -0,0 +1,12 @@
+#!/usr/bin/env python
+import os
+
+# Always returns an empty response body
+# and adds in the X-Method: header with the
+# method that was sent to the CGI
+
+print "Status: 200 Ok"
+print "Content-Type: text/plain"
+print ""
+print os.environ.get('HTTP_USER_AGENT', '')
+
diff --git a/test/vary/accept-double.asis b/test/vary/accept-double.asis
new file mode 100755
index 0000000000000000000000000000000000000000..a2fc2fb6629eab7de049c8fb928477709f4e95e8
--- /dev/null
+++ b/test/vary/accept-double.asis
@@ -0,0 +1,7 @@
+#!/usr/bin/tail --lines=+2
+Content-Type: text/plain
+Vary: Accept, Accept-Language
+Status: 200 OK
+
+We could've been some HTML.
+And Danish!
diff --git a/test/vary/accept.asis b/test/vary/accept.asis
new file mode 100755
index 0000000000000000000000000000000000000000..559945f4bd7ebc68ec8f7f6e0d547e088b93ad1c
--- /dev/null
+++ b/test/vary/accept.asis
@@ -0,0 +1,6 @@
+#!/usr/bin/tail --lines=+2
+Content-Type: text/plain
+Vary: Accept
+Status: 200 OK
+
+We could've been some HTML.
diff --git a/test/vary/no-vary.asis b/test/vary/no-vary.asis
new file mode 100755
index 0000000000000000000000000000000000000000..46dc9a1dc1b983d47f5592ed55a9a9c32b0b5604
--- /dev/null
+++ b/test/vary/no-vary.asis
@@ -0,0 +1,5 @@
+#!/usr/bin/tail --lines=+2
+Content-Type: text/plain
+Status: 200 OK
+
+We could've been some HTML.
diff --git a/test/vary/unused-header.asis b/test/vary/unused-header.asis
new file mode 100755
index 0000000000000000000000000000000000000000..2002f48b65fc5c116d4f5ee8b1ae531877a43e1a
--- /dev/null
+++ b/test/vary/unused-header.asis
@@ -0,0 +1,6 @@
+#!/usr/bin/tail --lines=+2
+Content-Type: text/plain
+Vary: X-No-Such-Header
+Status: 200 OK
+
+I've never heard of a header called X-No-Such-Header.
diff --git a/tests/__init__.py b/tests/__init__.py
new file mode 100644
index 0000000000000000000000000000000000000000..a15db9ed4672b1c58e6be9a9585aa5f70c6e303c
--- /dev/null
+++ b/tests/__init__.py
@@ -0,0 +1,756 @@
+from __future__ import print_function
+
+import base64
+import contextlib
+import copy
+import email.utils
+import functools
+import gzip
+import hashlib
+import httplib2
+import os
+import random
+import re
+import shutil
+import six
+import socket
+import ssl
+import struct
+import sys
+import threading
+import time
+import traceback
+import zlib
+from six.moves import http_client, queue
+
+
+DUMMY_URL = "http://127.0.0.1:1"
+DUMMY_HTTPS_URL = "https://127.0.0.1:2"
+
+tls_dir = os.path.join(os.path.dirname(__file__), "tls")
+CA_CERTS = os.path.join(tls_dir, "ca.pem")
+CA_UNUSED_CERTS = os.path.join(tls_dir, "ca_unused.pem")
+CLIENT_PEM = os.path.join(tls_dir, "client.pem")
+CLIENT_ENCRYPTED_PEM = os.path.join(tls_dir, "client_encrypted.pem")
+SERVER_PEM = os.path.join(tls_dir, "server.pem")
+SERVER_CHAIN = os.path.join(tls_dir, "server_chain.pem")
+
+
+@contextlib.contextmanager
+def assert_raises(exc_type):
+ def _name(t):
+ return getattr(t, "__name__", None) or str(t)
+
+ if not isinstance(exc_type, tuple):
+ exc_type = (exc_type,)
+ names = ", ".join(map(_name, exc_type))
+
+ try:
+ yield
+ except exc_type:
+ pass
+ else:
+ assert False, "Expected exception(s) {0}".format(names)
+
+
+class BufferedReader(object):
+ """io.BufferedReader with \r\n support
+ """
+
+ def __init__(self, sock):
+ self._buf = b""
+ self._end = False
+ self._newline = b"\r\n"
+ self._sock = sock
+ if isinstance(sock, bytes):
+ self._sock = None
+ self._buf = sock
+
+ def _fill(self, target=1, more=None, untilend=False):
+ if more:
+ target = len(self._buf) + more
+ while untilend or (len(self._buf) < target):
+ # crutch to enable HttpRequest.from_bytes
+ if self._sock is None:
+ chunk = b""
+ else:
+ chunk = self._sock.recv(8 << 10)
+ # print('!!! recv', chunk)
+ if not chunk:
+ self._end = True
+ if untilend:
+ return
+ else:
+ raise EOFError
+ self._buf += chunk
+
+ def peek(self, size):
+ self._fill(target=size)
+ return self._buf[:size]
+
+ def read(self, size):
+ self._fill(target=size)
+ chunk, self._buf = self._buf[:size], self._buf[size:]
+ return chunk
+
+ def readall(self):
+ self._fill(untilend=True)
+ chunk, self._buf = self._buf, b""
+ return chunk
+
+ def readline(self):
+ while True:
+ i = self._buf.find(self._newline)
+ if i >= 0:
+ break
+ self._fill(more=1)
+ inext = i + len(self._newline)
+ line, self._buf = self._buf[:inext], self._buf[inext:]
+ return line
+
+
+def parse_http_message(kind, buf):
+ if buf._end:
+ return None
+ try:
+ start_line = buf.readline()
+ except EOFError:
+ return None
+ msg = kind()
+ msg.raw = start_line
+ if kind is HttpRequest:
+ assert re.match(
+ br".+ HTTP/\d\.\d\r\n$", start_line
+ ), "Start line does not look like HTTP request: " + repr(start_line)
+ msg.method, msg.uri, msg.proto = start_line.rstrip().decode().split(" ", 2)
+ assert msg.proto.startswith("HTTP/"), repr(start_line)
+ elif kind is HttpResponse:
+ assert re.match(
+ br"^HTTP/\d\.\d \d+ .+\r\n$", start_line
+ ), "Start line does not look like HTTP response: " + repr(start_line)
+ msg.proto, msg.status, msg.reason = start_line.rstrip().decode().split(" ", 2)
+ msg.status = int(msg.status)
+ assert msg.proto.startswith("HTTP/"), repr(start_line)
+ else:
+ raise Exception("Use HttpRequest or HttpResponse .from_{bytes,buffered}")
+ msg.version = msg.proto[5:]
+
+ while True:
+ line = buf.readline()
+ msg.raw += line
+ line = line.rstrip()
+ if not line:
+ break
+ t = line.decode().split(":", 1)
+ msg.headers[t[0].lower()] = t[1].lstrip()
+
+ content_length_string = msg.headers.get("content-length", "")
+ if content_length_string.isdigit():
+ content_length = int(content_length_string)
+ msg.body = msg.body_raw = buf.read(content_length)
+ elif msg.headers.get("transfer-encoding") == "chunked":
+ raise NotImplemented
+ elif msg.version == "1.0":
+ msg.body = msg.body_raw = buf.readall()
+ else:
+ msg.body = msg.body_raw = b""
+
+ msg.raw += msg.body_raw
+ return msg
+
+
+class HttpMessage(object):
+ def __init__(self):
+ self.headers = {}
+
+ @classmethod
+ def from_bytes(cls, bs):
+ buf = BufferedReader(bs)
+ return parse_http_message(cls, buf)
+
+ @classmethod
+ def from_buffered(cls, buf):
+ return parse_http_message(cls, buf)
+
+ def __repr__(self):
+ return "{} {}".format(self.__class__, repr(vars(self)))
+
+
+class HttpRequest(HttpMessage):
+ pass
+
+
+class HttpResponse(HttpMessage):
+ pass
+
+
+class MockResponse(six.BytesIO):
+ def __init__(self, body, **kwargs):
+ six.BytesIO.__init__(self, body)
+ self.headers = kwargs
+
+ def items(self):
+ return self.headers.items()
+
+ def iteritems(self):
+ return six.iteritems(self.headers)
+
+
+class MockHTTPConnection(object):
+ """This class is just a mock of httplib.HTTPConnection used for testing
+ """
+
+ def __init__(
+ self,
+ host,
+ port=None,
+ key_file=None,
+ cert_file=None,
+ strict=None,
+ timeout=None,
+ proxy_info=None,
+ ):
+ self.host = host
+ self.port = port
+ self.timeout = timeout
+ self.log = ""
+ self.sock = None
+
+ def set_debuglevel(self, level):
+ pass
+
+ def connect(self):
+ "Connect to a host on a given port."
+ pass
+
+ def close(self):
+ pass
+
+ def request(self, method, request_uri, body, headers):
+ pass
+
+ def getresponse(self):
+ return MockResponse(b"the body", status="200")
+
+
+class MockHTTPBadStatusConnection(object):
+ """Mock of httplib.HTTPConnection that raises BadStatusLine.
+ """
+
+ num_calls = 0
+
+ def __init__(
+ self,
+ host,
+ port=None,
+ key_file=None,
+ cert_file=None,
+ strict=None,
+ timeout=None,
+ proxy_info=None,
+ ):
+ self.host = host
+ self.port = port
+ self.timeout = timeout
+ self.log = ""
+ self.sock = None
+ MockHTTPBadStatusConnection.num_calls = 0
+
+ def set_debuglevel(self, level):
+ pass
+
+ def connect(self):
+ pass
+
+ def close(self):
+ pass
+
+ def request(self, method, request_uri, body, headers):
+ pass
+
+ def getresponse(self):
+ MockHTTPBadStatusConnection.num_calls += 1
+ raise http_client.BadStatusLine("")
+
+
+@contextlib.contextmanager
+def server_socket(fun, request_count=1, timeout=5, scheme="", tls=None):
+ """Base socket server for tests.
+ Likely you want to use server_request or other higher level helpers.
+ All arguments except fun can be passed to other server_* helpers.
+
+ :param fun: fun(client_sock, tick) called after successful accept().
+ :param request_count: test succeeds after exactly this number of requests, triggered by tick(request)
+ :param timeout: seconds.
+ :param scheme: affects yielded value
+ "" - build normal http/https URI.
+ string - build normal URI using supplied scheme.
+ None - yield (addr, port) tuple.
+ :param tls:
+ None (default) - plain HTTP.
+ True - HTTPS with reasonable defaults. Likely you want httplib2.Http(ca_certs=tests.CA_CERTS)
+ string - path to custom server cert+key PEM file.
+ callable - function(context, listener, skip_errors) -> ssl_wrapped_listener
+ """
+ gresult = [None]
+ gcounter = [0]
+ tls_skip_errors = [
+ "TLSV1_ALERT_UNKNOWN_CA",
+ ]
+
+ def tick(request):
+ gcounter[0] += 1
+ keep = True
+ keep &= gcounter[0] < request_count
+ if request is not None:
+ keep &= request.headers.get("connection", "").lower() != "close"
+ return keep
+
+ def server_socket_thread(srv):
+ try:
+ while gcounter[0] < request_count:
+ try:
+ client, _ = srv.accept()
+ except ssl.SSLError as e:
+ if e.reason in tls_skip_errors:
+ return
+ raise
+
+ try:
+ client.settimeout(timeout)
+ fun(client, tick)
+ finally:
+ try:
+ client.shutdown(socket.SHUT_RDWR)
+ except (IOError, socket.error):
+ pass
+ # FIXME: client.close() introduces connection reset by peer
+ # at least in other/connection_close test
+ # should not be a problem since socket would close upon garbage collection
+ if gcounter[0] > request_count:
+ gresult[0] = Exception(
+ "Request count expected={0} actual={1}".format(
+ request_count, gcounter[0]
+ )
+ )
+ except Exception as e:
+ # traceback.print_exc caused IOError: concurrent operation on sys.stderr.close() under setup.py test
+ print(traceback.format_exc(), file=sys.stderr)
+ gresult[0] = e
+
+ bind_hostname = "localhost"
+ server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ server.bind((bind_hostname, 0))
+ try:
+ server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+ except socket.error as ex:
+ print("non critical error on SO_REUSEADDR", ex)
+ server.listen(10)
+ server.settimeout(timeout)
+ server_port = server.getsockname()[1]
+ if tls is True:
+ tls = SERVER_CHAIN
+ if tls:
+ context = ssl_context()
+ if callable(tls):
+ context.load_cert_chain(SERVER_CHAIN)
+ server = tls(context, server, tls_skip_errors)
+ else:
+ context.load_cert_chain(tls)
+ server = context.wrap_socket(server, server_side=True)
+ if scheme == "":
+ scheme = "https" if tls else "http"
+
+ t = threading.Thread(target=server_socket_thread, args=(server,))
+ t.daemon = True
+ t.start()
+ if scheme is None:
+ yield (bind_hostname, server_port)
+ else:
+ yield u"{scheme}://{host}:{port}/".format(scheme=scheme, host=bind_hostname, port=server_port)
+ server.close()
+ t.join()
+ if gresult[0] is not None:
+ raise gresult[0]
+
+
+def server_yield(fun, **kwargs):
+ q = queue.Queue(1)
+ g = fun(q.get)
+
+ def server_yield_socket_handler(sock, tick):
+ buf = BufferedReader(sock)
+ i = 0
+ while True:
+ request = HttpRequest.from_buffered(buf)
+ if request is None:
+ break
+ i += 1
+ request.client_sock = sock
+ request.number = i
+ q.put(request)
+ response = six.next(g)
+ sock.sendall(response)
+ request.client_sock = None
+ if not tick(request):
+ break
+
+ return server_socket(server_yield_socket_handler, **kwargs)
+
+
+def server_request(request_handler, **kwargs):
+ def server_request_socket_handler(sock, tick):
+ buf = BufferedReader(sock)
+ i = 0
+ while True:
+ request = HttpRequest.from_buffered(buf)
+ if request is None:
+ break
+ # print("--- debug request\n" + request.raw.decode("ascii", "replace"))
+ i += 1
+ request.client_sock = sock
+ request.number = i
+ response = request_handler(request=request)
+ # print("--- debug response\n" + response.decode("ascii", "replace"))
+ sock.sendall(response)
+ request.client_sock = None
+ if not tick(request):
+ break
+
+ return server_socket(server_request_socket_handler, **kwargs)
+
+
+def server_const_bytes(response_content, **kwargs):
+ return server_request(lambda request: response_content, **kwargs)
+
+
+_http_kwargs = (
+ "proto",
+ "status",
+ "headers",
+ "body",
+ "add_content_length",
+ "add_date",
+ "add_etag",
+ "undefined_body_length",
+)
+
+
+def http_response_bytes(
+ proto="HTTP/1.1",
+ status="200 OK",
+ headers=None,
+ body=b"",
+ add_content_length=True,
+ add_date=False,
+ add_etag=False,
+ undefined_body_length=False,
+ **kwargs
+):
+ if undefined_body_length:
+ add_content_length = False
+ if headers is None:
+ headers = {}
+ if add_content_length:
+ headers.setdefault("content-length", str(len(body)))
+ if add_date:
+ headers.setdefault("date", email.utils.formatdate())
+ if add_etag:
+ headers.setdefault("etag", '"{0}"'.format(hashlib.md5(body).hexdigest()))
+ header_string = "".join("{0}: {1}\r\n".format(k, v) for k, v in headers.items())
+ if (
+ not undefined_body_length
+ and proto != "HTTP/1.0"
+ and "content-length" not in headers
+ ):
+ raise Exception(
+ "httplib2.tests.http_response_bytes: client could not figure response body length"
+ )
+ if str(status).isdigit():
+ status = "{} {}".format(status, http_client.responses[status])
+ response = (
+ "{proto} {status}\r\n{headers}\r\n".format(
+ proto=proto, status=status, headers=header_string
+ ).encode()
+ + body
+ )
+ return response
+
+
+def make_http_reflect(**kwargs):
+ assert "body" not in kwargs, "make_http_reflect will overwrite response " "body"
+
+ def fun(request):
+ kw = copy.deepcopy(kwargs)
+ kw["body"] = request.raw
+ response = http_response_bytes(**kw)
+ return response
+
+ return fun
+
+
+def server_route(routes, **kwargs):
+ response_404 = http_response_bytes(status="404 Not Found")
+ response_wildcard = routes.get("")
+
+ def handler(request):
+ target = routes.get(request.uri, response_wildcard) or response_404
+ if callable(target):
+ response = target(request=request)
+ else:
+ response = target
+ return response
+
+ return server_request(handler, **kwargs)
+
+
+def server_const_http(**kwargs):
+ response_kwargs = {k: kwargs.pop(k) for k in dict(kwargs) if k in _http_kwargs}
+ response = http_response_bytes(**response_kwargs)
+ return server_const_bytes(response, **kwargs)
+
+
+def server_list_http(responses, **kwargs):
+ i = iter(responses)
+
+ def handler(request):
+ return next(i)
+
+ kwargs.setdefault("request_count", len(responses))
+ return server_request(handler, **kwargs)
+
+
+def server_reflect(**kwargs):
+ response_kwargs = {k: kwargs.pop(k) for k in dict(kwargs) if k in _http_kwargs}
+ http_handler = make_http_reflect(**response_kwargs)
+ return server_request(http_handler, **kwargs)
+
+
+def http_parse_auth(s):
+ """https://tools.ietf.org/html/rfc7235#section-2.1
+ """
+ scheme, rest = s.split(" ", 1)
+ result = {}
+ while True:
+ m = httplib2.WWW_AUTH_RELAXED.search(rest)
+ if not m:
+ break
+ if len(m.groups()) == 3:
+ key, value, rest = m.groups()
+ result[key.lower()] = httplib2.UNQUOTE_PAIRS.sub(r"\1", value)
+ return result
+
+
+def store_request_response(out):
+ def wrapper(fun):
+ @functools.wraps(fun)
+ def wrapped(request, *a, **kw):
+ response_bytes = fun(request, *a, **kw)
+ if out is not None:
+ response = HttpResponse.from_bytes(response_bytes)
+ out.append((request, response))
+ return response_bytes
+
+ return wrapped
+
+ return wrapper
+
+
+def http_reflect_with_auth(
+ allow_scheme, allow_credentials, out_renew_nonce=None, out_requests=None
+):
+ """allow_scheme - 'basic', 'digest', etc allow_credentials - sequence of ('name', 'password') out_renew_nonce - None | [function]
+
+ Way to return nonce renew function to caller.
+ Kind of `out` parameter in some programming languages.
+ Allows to keep same signature for all handler builder functions.
+ out_requests - None | []
+ If set to list, every parsed request will be appended here.
+ """
+ glastnc = [None]
+ gnextnonce = [None]
+ gserver_nonce = [gen_digest_nonce(salt=b"n")]
+ realm = "httplib2 test"
+ server_opaque = gen_digest_nonce(salt=b"o")
+
+ def renew_nonce():
+ if gnextnonce[0]:
+ assert False, (
+ "previous nextnonce was not used, probably bug in " "test code"
+ )
+ gnextnonce[0] = gen_digest_nonce()
+ return gserver_nonce[0], gnextnonce[0]
+
+ if out_renew_nonce:
+ out_renew_nonce[0] = renew_nonce
+
+ def deny(**kwargs):
+ nonce_stale = kwargs.pop("nonce_stale", False)
+ if nonce_stale:
+ kwargs.setdefault("body", b"nonce stale")
+ if allow_scheme == "basic":
+ authenticate = 'basic realm="{realm}"'.format(realm=realm)
+ elif allow_scheme == "digest":
+ authenticate = (
+ 'digest realm="{realm}", qop="auth"'
+ + ', nonce="{nonce}", opaque="{opaque}"'
+ + (", stale=true" if nonce_stale else "")
+ ).format(realm=realm, nonce=gserver_nonce[0], opaque=server_opaque)
+ else:
+ raise Exception("unknown allow_scheme={0}".format(allow_scheme))
+ deny_headers = {"www-authenticate": authenticate}
+ kwargs.setdefault("status", 401)
+ # supplied headers may overwrite generated ones
+ deny_headers.update(kwargs.get("headers", {}))
+ kwargs["headers"] = deny_headers
+ kwargs.setdefault("body", b"HTTP authorization required")
+ return http_response_bytes(**kwargs)
+
+ @store_request_response(out_requests)
+ def http_reflect_with_auth_handler(request):
+ auth_header = request.headers.get("authorization", "")
+ if not auth_header:
+ return deny()
+ if " " not in auth_header:
+ return http_response_bytes(
+ status=400, body=b"authorization header syntax error"
+ )
+ scheme, data = auth_header.split(" ", 1)
+ scheme = scheme.lower()
+ if scheme != allow_scheme:
+ return deny(body=b"must use different auth scheme")
+ if scheme == "basic":
+ decoded = base64.b64decode(data).decode()
+ username, password = decoded.split(":", 1)
+ if (username, password) in allow_credentials:
+ return make_http_reflect()(request)
+ else:
+ return deny(body=b"supplied credentials are not allowed")
+ elif scheme == "digest":
+ server_nonce_old = gserver_nonce[0]
+ nextnonce = gnextnonce[0]
+ if nextnonce:
+ # server decided to change nonce, in this case, guided by caller test code
+ gserver_nonce[0] = nextnonce
+ gnextnonce[0] = None
+ server_nonce_current = gserver_nonce[0]
+ auth_info = http_parse_auth(data)
+ client_cnonce = auth_info.get("cnonce", "")
+ client_nc = auth_info.get("nc", "")
+ client_nonce = auth_info.get("nonce", "")
+ client_opaque = auth_info.get("opaque", "")
+ client_qop = auth_info.get("qop", "auth").strip('"')
+
+ # TODO: auth_info.get('algorithm', 'md5')
+ hasher = hashlib.md5
+
+ # TODO: client_qop auth-int
+ ha2 = hasher(":".join((request.method, request.uri)).encode()).hexdigest()
+
+ if client_nonce != server_nonce_current:
+ if client_nonce == server_nonce_old:
+ return deny(nonce_stale=True)
+ return deny(body=b"invalid nonce")
+ if not client_nc:
+ return deny(body=b"auth-info nc missing")
+ if client_opaque != server_opaque:
+ return deny(
+ body="auth-info opaque mismatch expected={} actual={}".format(
+ server_opaque, client_opaque
+ ).encode()
+ )
+ for allow_username, allow_password in allow_credentials:
+ ha1 = hasher(
+ ":".join((allow_username, realm, allow_password)).encode()
+ ).hexdigest()
+ allow_response = hasher(
+ ":".join(
+ (ha1, client_nonce, client_nc, client_cnonce, client_qop, ha2)
+ ).encode()
+ ).hexdigest()
+ rspauth_ha2 = hasher(":{}".format(request.uri).encode()).hexdigest()
+ rspauth = hasher(
+ ":".join(
+ (
+ ha1,
+ client_nonce,
+ client_nc,
+ client_cnonce,
+ client_qop,
+ rspauth_ha2,
+ )
+ ).encode()
+ ).hexdigest()
+ if auth_info.get("response", "") == allow_response:
+ # TODO: fix or remove doubtful comment
+ # do we need to save nc only on success?
+ glastnc[0] = client_nc
+ allow_headers = {
+ "authentication-info": " ".join(
+ (
+ 'nextnonce="{}"'.format(nextnonce) if nextnonce else "",
+ "qop={}".format(client_qop),
+ 'rspauth="{}"'.format(rspauth),
+ 'cnonce="{}"'.format(client_cnonce),
+ "nc={}".format(client_nc),
+ )
+ ).strip()
+ }
+ return make_http_reflect(headers=allow_headers)(request)
+ return deny(body=b"supplied credentials are not allowed")
+ else:
+ return http_response_bytes(
+ status=400,
+ body="unknown authorization scheme={0}".format(scheme).encode(),
+ )
+
+ return http_reflect_with_auth_handler
+
+
+def get_cache_path():
+ default = "./_httplib2_test_cache"
+ path = os.environ.get("httplib2_test_cache_path") or default
+ if os.path.exists(path):
+ shutil.rmtree(path)
+ return path
+
+
+def gen_digest_nonce(salt=b""):
+ t = struct.pack(">Q", int(time.time() * 1e9))
+ return base64.b64encode(t + b":" + hashlib.sha1(t + salt).digest()).decode()
+
+
+def gen_password():
+ length = random.randint(8, 64)
+ return "".join(six.unichr(random.randint(0, 127)) for _ in range(length))
+
+
+def gzip_compress(bs):
+ # gzipobj = zlib.compressobj(9, zlib.DEFLATED, zlib.MAX_WBITS | 16)
+ # result = gzipobj.compress(text) + gzipobj.flush()
+ buf = six.BytesIO()
+ gf = gzip.GzipFile(fileobj=buf, mode="wb", compresslevel=6)
+ gf.write(bs)
+ gf.close()
+ return buf.getvalue()
+
+
+def gzip_decompress(bs):
+ return zlib.decompress(bs, zlib.MAX_WBITS | 16)
+
+
+def deflate_compress(bs):
+ do = zlib.compressobj(9, zlib.DEFLATED, -zlib.MAX_WBITS)
+ return do.compress(bs) + do.flush()
+
+
+def deflate_decompress(bs):
+ return zlib.decompress(bs, -zlib.MAX_WBITS)
+
+
+def ssl_context(protocol=None):
+ """Workaround for old SSLContext() required protocol argument.
+ """
+ if sys.version_info < (3, 5, 3):
+ return ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ return ssl.SSLContext()
diff --git a/tests/test_auth.py b/tests/test_auth.py
new file mode 100644
index 0000000000000000000000000000000000000000..6efd6cbbcb8a913f51af686ba52b19eb67313635
--- /dev/null
+++ b/tests/test_auth.py
@@ -0,0 +1,371 @@
+import httplib2
+import pytest
+import tests
+from six.moves import urllib
+
+
+def test_credentials():
+ c = httplib2.Credentials()
+ c.add("joe", "password")
+ assert tuple(c.iter("bitworking.org"))[0] == ("joe", "password")
+ assert tuple(c.iter(""))[0] == ("joe", "password")
+ c.add("fred", "password2", "wellformedweb.org")
+ assert tuple(c.iter("bitworking.org"))[0] == ("joe", "password")
+ assert len(tuple(c.iter("bitworking.org"))) == 1
+ assert len(tuple(c.iter("wellformedweb.org"))) == 2
+ assert ("fred", "password2") in tuple(c.iter("wellformedweb.org"))
+ c.clear()
+ assert len(tuple(c.iter("bitworking.org"))) == 0
+ c.add("fred", "password2", "wellformedweb.org")
+ assert ("fred", "password2") in tuple(c.iter("wellformedweb.org"))
+ assert len(tuple(c.iter("bitworking.org"))) == 0
+ assert len(tuple(c.iter(""))) == 0
+
+
+def test_basic():
+ # Test Basic Authentication
+ http = httplib2.Http()
+ password = tests.gen_password()
+ handler = tests.http_reflect_with_auth(
+ allow_scheme="basic", allow_credentials=(("joe", password),)
+ )
+ with tests.server_request(handler, request_count=3) as uri:
+ response, content = http.request(uri, "GET")
+ assert response.status == 401
+ http.add_credentials("joe", password)
+ response, content = http.request(uri, "GET")
+ assert response.status == 200
+
+
+def test_basic_for_domain():
+ # Test Basic Authentication
+ http = httplib2.Http()
+ password = tests.gen_password()
+ handler = tests.http_reflect_with_auth(
+ allow_scheme="basic", allow_credentials=(("joe", password),)
+ )
+ with tests.server_request(handler, request_count=4) as uri:
+ response, content = http.request(uri, "GET")
+ assert response.status == 401
+ http.add_credentials("joe", password, "example.org")
+ response, content = http.request(uri, "GET")
+ assert response.status == 401
+ domain = urllib.parse.urlparse(uri)[1]
+ http.add_credentials("joe", password, domain)
+ response, content = http.request(uri, "GET")
+ assert response.status == 200
+
+
+def test_basic_two_credentials():
+ # Test Basic Authentication with multiple sets of credentials
+ http = httplib2.Http()
+ password1 = tests.gen_password()
+ password2 = tests.gen_password()
+ allowed = [("joe", password1)] # exploit shared mutable list
+ handler = tests.http_reflect_with_auth(
+ allow_scheme="basic", allow_credentials=allowed
+ )
+ with tests.server_request(handler, request_count=7) as uri:
+ http.add_credentials("fred", password2)
+ response, content = http.request(uri, "GET")
+ assert response.status == 401
+ http.add_credentials("joe", password1)
+ response, content = http.request(uri, "GET")
+ assert response.status == 200
+ allowed[0] = ("fred", password2)
+ response, content = http.request(uri, "GET")
+ assert response.status == 200
+
+
+def test_digest():
+ # Test that we support Digest Authentication
+ http = httplib2.Http()
+ password = tests.gen_password()
+ handler = tests.http_reflect_with_auth(
+ allow_scheme="digest", allow_credentials=(("joe", password),)
+ )
+ with tests.server_request(handler, request_count=3) as uri:
+ response, content = http.request(uri, "GET")
+ assert response.status == 401
+ http.add_credentials("joe", password)
+ response, content = http.request(uri, "GET")
+ assert response.status == 200, content.decode()
+
+
+def test_digest_next_nonce_nc():
+ # Test that if the server sets nextnonce that we reset
+ # the nonce count back to 1
+ http = httplib2.Http()
+ password = tests.gen_password()
+ grenew_nonce = [None]
+ handler = tests.http_reflect_with_auth(
+ allow_scheme="digest",
+ allow_credentials=(("joe", password),),
+ out_renew_nonce=grenew_nonce,
+ )
+ with tests.server_request(handler, request_count=5) as uri:
+ http.add_credentials("joe", password)
+ response1, _ = http.request(uri, "GET")
+ info = httplib2._parse_www_authenticate(response1, "authentication-info")
+ assert response1.status == 200
+ assert info.get("digest", {}).get("nc") == "00000001", info
+ assert not info.get("digest", {}).get("nextnonce"), info
+ response2, _ = http.request(uri, "GET")
+ info2 = httplib2._parse_www_authenticate(response2, "authentication-info")
+ assert info2.get("digest", {}).get("nc") == "00000002", info2
+ grenew_nonce[0]()
+ response3, content = http.request(uri, "GET")
+ info3 = httplib2._parse_www_authenticate(response3, "authentication-info")
+ assert response3.status == 200
+ assert info3.get("digest", {}).get("nc") == "00000001", info3
+
+
+def test_digest_auth_stale():
+ # Test that we can handle a nonce becoming stale
+ http = httplib2.Http()
+ password = tests.gen_password()
+ grenew_nonce = [None]
+ requests = []
+ handler = tests.http_reflect_with_auth(
+ allow_scheme="digest",
+ allow_credentials=(("joe", password),),
+ out_renew_nonce=grenew_nonce,
+ out_requests=requests,
+ )
+ with tests.server_request(handler, request_count=4) as uri:
+ http.add_credentials("joe", password)
+ response, _ = http.request(uri, "GET")
+ assert response.status == 200
+ info = httplib2._parse_www_authenticate(
+ requests[0][1].headers, "www-authenticate"
+ )
+ grenew_nonce[0]()
+ response, _ = http.request(uri, "GET")
+ assert response.status == 200
+ assert not response.fromcache
+ assert getattr(response, "_stale_digest", False)
+ info2 = httplib2._parse_www_authenticate(
+ requests[2][1].headers, "www-authenticate"
+ )
+ nonce1 = info.get("digest", {}).get("nonce", "")
+ nonce2 = info2.get("digest", {}).get("nonce", "")
+ assert nonce1 != ""
+ assert nonce2 != ""
+ assert nonce1 != nonce2, (nonce1, nonce2)
+
+
+@pytest.mark.parametrize(
+ "data",
+ (
+ ({}, {}),
+ ({"www-authenticate": ""}, {}),
+ (
+ {
+ "www-authenticate": 'Test realm="test realm" , foo=foo ,bar="bar", baz=baz,qux=qux'
+ },
+ {
+ "test": {
+ "realm": "test realm",
+ "foo": "foo",
+ "bar": "bar",
+ "baz": "baz",
+ "qux": "qux",
+ }
+ },
+ ),
+ (
+ {"www-authenticate": 'T*!%#st realm=to*!%#en, to*!%#en="quoted string"'},
+ {"t*!%#st": {"realm": "to*!%#en", "to*!%#en": "quoted string"}},
+ ),
+ (
+ {"www-authenticate": 'Test realm="a \\"test\\" realm"'},
+ {"test": {"realm": 'a "test" realm'}},
+ ),
+ ({"www-authenticate": 'Basic realm="me"'}, {"basic": {"realm": "me"}}),
+ (
+ {"www-authenticate": 'Basic realm="me", algorithm="MD5"'},
+ {"basic": {"realm": "me", "algorithm": "MD5"}},
+ ),
+ (
+ {"www-authenticate": 'Basic realm="me", algorithm=MD5'},
+ {"basic": {"realm": "me", "algorithm": "MD5"}},
+ ),
+ (
+ {"www-authenticate": 'Basic realm="me",other="fred" '},
+ {"basic": {"realm": "me", "other": "fred"}},
+ ),
+ ({"www-authenticate": 'Basic REAlm="me" '}, {"basic": {"realm": "me"}}),
+ (
+ {
+ "www-authenticate": 'Digest realm="digest1", qop="auth,auth-int", nonce="7102dd2", opaque="e9517f"'
+ },
+ {
+ "digest": {
+ "realm": "digest1",
+ "qop": "auth,auth-int",
+ "nonce": "7102dd2",
+ "opaque": "e9517f",
+ }
+ },
+ ),
+ # multiple schema choice
+ (
+ {
+ "www-authenticate": 'Digest realm="multi-d", nonce="8b11d0f6", opaque="cc069c" Basic realm="multi-b" '
+ },
+ {
+ "digest": {"realm": "multi-d", "nonce": "8b11d0f6", "opaque": "cc069c"},
+ "basic": {"realm": "multi-b"},
+ },
+ ),
+ # FIXME
+ # comma between schemas (glue for multiple headers with same name)
+ # ({'www-authenticate': 'Digest realm="2-comma-d", qop="auth-int", nonce="c0c8ff1", Basic realm="2-comma-b"'},
+ # {'digest': {'realm': '2-comma-d', 'qop': 'auth-int', 'nonce': 'c0c8ff1'},
+ # 'basic': {'realm': '2-comma-b'}}),
+ # FIXME
+ # comma between schemas + WSSE (glue for multiple headers with same name)
+ # ({'www-authenticate': 'Digest realm="com3d", Basic realm="com3b", WSSE realm="com3w", profile="token"'},
+ # {'digest': {'realm': 'com3d'}, 'basic': {'realm': 'com3b'}, 'wsse': {'realm': 'com3w', profile': 'token'}}),
+ # FIXME
+ # multiple syntax figures
+ # ({'www-authenticate':
+ # 'Digest realm="brig", qop \t=\t"\tauth,auth-int", nonce="(*)&^&$%#",opaque="5ccc"' +
+ # ', Basic REAlm="zoo", WSSE realm="very", profile="UsernameToken"'},
+ # {'digest': {'realm': 'brig', 'qop': 'auth,auth-int', 'nonce': '(*)&^&$%#', 'opaque': '5ccc'},
+ # 'basic': {'realm': 'zoo'},
+ # 'wsse': {'realm': 'very', 'profile': 'UsernameToken'}}),
+ # more quote combos
+ (
+ {
+ "www-authenticate": 'Digest realm="myrealm", nonce="KBAA=3", algorithm=MD5, qop="auth", stale=true'
+ },
+ {
+ "digest": {
+ "realm": "myrealm",
+ "nonce": "KBAA=3",
+ "algorithm": "MD5",
+ "qop": "auth",
+ "stale": "true",
+ }
+ },
+ ),
+ ),
+ ids=lambda data: str(data[0]),
+)
+@pytest.mark.parametrize("strict", (True, False), ids=("strict", "relax"))
+def test_parse_www_authenticate_correct(data, strict):
+ headers, info = data
+ # FIXME: move strict to parse argument
+ httplib2.USE_WWW_AUTH_STRICT_PARSING = strict
+ try:
+ assert httplib2._parse_www_authenticate(headers) == info
+ finally:
+ httplib2.USE_WWW_AUTH_STRICT_PARSING = 0
+
+
+def test_parse_www_authenticate_malformed():
+ # TODO: test (and fix) header value 'barbqwnbm-bb...:asd' leads to dead loop
+ with tests.assert_raises(httplib2.MalformedHeader):
+ httplib2._parse_www_authenticate(
+ {
+ "www-authenticate": 'OAuth "Facebook Platform" "invalid_token" "Invalid OAuth access token."'
+ }
+ )
+
+
+def test_digest_object():
+ credentials = ("joe", "password")
+ host = None
+ request_uri = "/test/digest/"
+ headers = {}
+ response = {
+ "www-authenticate": 'Digest realm="myrealm", nonce="KBAA=35", algorithm=MD5, qop="auth"'
+ }
+ content = b""
+
+ d = httplib2.DigestAuthentication(
+ credentials, host, request_uri, headers, response, content, None
+ )
+ d.request("GET", request_uri, headers, content, cnonce="33033375ec278a46")
+ our_request = "authorization: " + headers["authorization"]
+ working_request = (
+ 'authorization: Digest username="joe", realm="myrealm", '
+ 'nonce="KBAA=35", uri="/test/digest/"'
+ + ', algorithm=MD5, response="de6d4a123b80801d0e94550411b6283f", '
+ 'qop=auth, nc=00000001, cnonce="33033375ec278a46"'
+ )
+ assert our_request == working_request
+
+
+def test_digest_object_with_opaque():
+ credentials = ("joe", "password")
+ host = None
+ request_uri = "/digest/opaque/"
+ headers = {}
+ response = {
+ "www-authenticate": 'Digest realm="myrealm", nonce="30352fd", algorithm=MD5, '
+ 'qop="auth", opaque="atestopaque"'
+ }
+ content = ""
+
+ d = httplib2.DigestAuthentication(
+ credentials, host, request_uri, headers, response, content, None
+ )
+ d.request("GET", request_uri, headers, content, cnonce="5ec2")
+ our_request = "authorization: " + headers["authorization"]
+ working_request = (
+ 'authorization: Digest username="joe", realm="myrealm", '
+ 'nonce="30352fd", uri="/digest/opaque/", algorithm=MD5'
+ + ', response="a1fab43041f8f3789a447f48018bee48", qop=auth, nc=00000001, '
+ 'cnonce="5ec2", opaque="atestopaque"'
+ )
+ assert our_request == working_request
+
+
+def test_digest_object_stale():
+ credentials = ("joe", "password")
+ host = None
+ request_uri = "/digest/stale/"
+ headers = {}
+ response = httplib2.Response({})
+ response["www-authenticate"] = (
+ 'Digest realm="myrealm", nonce="bd669f", '
+ 'algorithm=MD5, qop="auth", stale=true'
+ )
+ response.status = 401
+ content = b""
+ d = httplib2.DigestAuthentication(
+ credentials, host, request_uri, headers, response, content, None
+ )
+ # Returns true to force a retry
+ assert d.response(response, content)
+
+
+def test_digest_object_auth_info():
+ credentials = ("joe", "password")
+ host = None
+ request_uri = "/digest/nextnonce/"
+ headers = {}
+ response = httplib2.Response({})
+ response["www-authenticate"] = (
+ 'Digest realm="myrealm", nonce="barney", '
+ 'algorithm=MD5, qop="auth", stale=true'
+ )
+ response["authentication-info"] = 'nextnonce="fred"'
+ content = b""
+ d = httplib2.DigestAuthentication(
+ credentials, host, request_uri, headers, response, content, None
+ )
+ # Returns true to force a retry
+ assert not d.response(response, content)
+ assert d.challenge["nonce"] == "fred"
+ assert d.challenge["nc"] == 1
+
+
+def test_wsse_algorithm():
+ digest = httplib2._wsse_username_token(
+ "d36e316282959a9ed4c89851497a717f", "2003-12-15T14:43:07Z", "taadtaadpstcsm"
+ )
+ expected = b"quR/EWLAV4xLf9Zqyw4pDmfV9OY="
+ assert expected == digest
diff --git a/tests/test_cacerts_from_env.py b/tests/test_cacerts_from_env.py
new file mode 100644
index 0000000000000000000000000000000000000000..cb2bd9f599e68feb2a26c047618fab15ef56d391
--- /dev/null
+++ b/tests/test_cacerts_from_env.py
@@ -0,0 +1,72 @@
+import os
+import sys
+import mock
+import pytest
+import tempfile
+import httplib2
+
+
+CA_CERTS_BUILTIN = os.path.join(os.path.dirname(httplib2.__file__), "cacerts.txt")
+CERTIFI_CERTS_FILE = "unittest_certifi_file"
+CUSTOM_CA_CERTS = "unittest_custom_ca_certs"
+
+
+@pytest.fixture()
+def clean_env():
+ current_env_var = os.environ.get("HTTPLIB2_CA_CERTS")
+ if current_env_var is not None:
+ os.environ.pop("HTTPLIB2_CA_CERTS")
+ yield
+ if current_env_var is not None:
+ os.environ["HTTPLIB2_CA_CERTS"] = current_env_var
+
+
+@pytest.fixture()
+def ca_certs_tmpfile(clean_env):
+ tmpfd, tmpfile = tempfile.mkstemp()
+ open(tmpfile, 'a').close()
+ yield tmpfile
+ os.remove(tmpfile)
+
+
+@mock.patch("httplib2.certs.certifi_available", False)
+@mock.patch("httplib2.certs.custom_ca_locater_available", False)
+def test_certs_file_from_builtin(clean_env):
+ assert httplib2.certs.where() == CA_CERTS_BUILTIN
+
+
+@mock.patch("httplib2.certs.certifi_available", False)
+@mock.patch("httplib2.certs.custom_ca_locater_available", False)
+def test_certs_file_from_environment(ca_certs_tmpfile):
+ os.environ["HTTPLIB2_CA_CERTS"] = ca_certs_tmpfile
+ assert httplib2.certs.where() == ca_certs_tmpfile
+ os.environ["HTTPLIB2_CA_CERTS"] = ""
+ with pytest.raises(RuntimeError):
+ httplib2.certs.where()
+ os.environ.pop("HTTPLIB2_CA_CERTS")
+ assert httplib2.certs.where() == CA_CERTS_BUILTIN
+
+
+@mock.patch("httplib2.certs.certifi_where", mock.MagicMock(return_value=CERTIFI_CERTS_FILE))
+@mock.patch("httplib2.certs.certifi_available", True)
+@mock.patch("httplib2.certs.custom_ca_locater_available", False)
+def test_certs_file_from_certifi(clean_env):
+ assert httplib2.certs.where() == CERTIFI_CERTS_FILE
+
+
+@mock.patch("httplib2.certs.certifi_available", False)
+@mock.patch("httplib2.certs.custom_ca_locater_available", True)
+@mock.patch("httplib2.certs.custom_ca_locater_where", mock.MagicMock(return_value=CUSTOM_CA_CERTS))
+def test_certs_file_from_custom_getter(clean_env):
+ assert httplib2.certs.where() == CUSTOM_CA_CERTS
+
+
+@mock.patch("httplib2.certs.certifi_available", False)
+@mock.patch("httplib2.certs.custom_ca_locater_available", False)
+def test_with_certifi_removed_from_modules(ca_certs_tmpfile):
+ if "certifi" in sys.modules:
+ del sys.modules["certifi"]
+ os.environ["HTTPLIB2_CA_CERTS"] = ca_certs_tmpfile
+ assert httplib2.certs.where() == ca_certs_tmpfile
+ os.environ.pop("HTTPLIB2_CA_CERTS")
+ assert httplib2.certs.where() == CA_CERTS_BUILTIN
diff --git a/tests/test_cache.py b/tests/test_cache.py
new file mode 100644
index 0000000000000000000000000000000000000000..1f1fde7a41a91ccb21ce30d399960edbc8ff5828
--- /dev/null
+++ b/tests/test_cache.py
@@ -0,0 +1,455 @@
+import email.utils
+import httplib2
+import pytest
+import re
+import tests
+import time
+
+dummy_url = "http://127.0.0.1:1"
+
+
+def test_get_only_if_cached_cache_hit():
+ # Test that can do a GET with cache and 'only-if-cached'
+ http = httplib2.Http(cache=tests.get_cache_path())
+ with tests.server_const_http(add_etag=True) as uri:
+ http.request(uri, "GET")
+ response, content = http.request(
+ uri, "GET", headers={"cache-control": "only-if-cached"}
+ )
+ assert response.fromcache
+ assert response.status == 200
+
+
+def test_get_only_if_cached_cache_miss():
+ # Test that can do a GET with no cache with 'only-if-cached'
+ http = httplib2.Http(cache=tests.get_cache_path())
+ with tests.server_const_http(request_count=0) as uri:
+ response, content = http.request(
+ uri, "GET", headers={"cache-control": "only-if-cached"}
+ )
+ assert not response.fromcache
+ assert response.status == 504
+
+
+def test_get_only_if_cached_no_cache_at_all():
+ # Test that can do a GET with no cache with 'only-if-cached'
+ # Of course, there might be an intermediary beyond us
+ # that responds to the 'only-if-cached', so this
+ # test can't really be guaranteed to pass.
+ http = httplib2.Http()
+ with tests.server_const_http(request_count=0) as uri:
+ response, content = http.request(
+ uri, "GET", headers={"cache-control": "only-if-cached"}
+ )
+ assert not response.fromcache
+ assert response.status == 504
+
+
+@pytest.mark.skip(reason="was commented in legacy code")
+def test_TODO_vary_no():
+ pass
+ # when there is no vary, a different Accept header (e.g.) should not
+ # impact if the cache is used
+ # test that the vary header is not sent
+ # uri = urllib.parse.urljoin(base, "vary/no-vary.asis")
+ # response, content = http.request(uri, 'GET', headers={'Accept': 'text/plain'})
+ # assert response.status == 200
+ # assert 'vary' not in response
+ #
+ # response, content = http.request(uri, 'GET', headers={'Accept': 'text/plain'})
+ # assert response.status == 200
+ # assert response.fromcache, "Should be from cache"
+ #
+ # response, content = http.request(uri, 'GET', headers={'Accept': 'text/html'})
+ # assert response.status == 200
+ # assert response.fromcache, "Should be from cache"
+
+
+def test_vary_header_is_sent():
+ # Verifies RFC 2616 13.6.
+ # See https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html.
+ http = httplib2.Http(cache=tests.get_cache_path())
+ response = tests.http_response_bytes(
+ headers={"vary": "Accept", "cache-control": "max-age=300"}, add_date=True
+ )
+ with tests.server_const_bytes(response, request_count=3) as uri:
+ response, content = http.request(uri, "GET", headers={"accept": "text/plain"})
+ assert response.status == 200
+ assert "vary" in response
+
+ # get the resource again, from the cache since accept header in this
+ # request is the same as the request
+ response, content = http.request(uri, "GET", headers={"Accept": "text/plain"})
+ assert response.status == 200
+ assert response.fromcache, "Should be from cache"
+
+ # get the resource again, not from cache since Accept headers does not match
+ response, content = http.request(uri, "GET", headers={"Accept": "text/html"})
+ assert response.status == 200
+ assert not response.fromcache, "Should not be from cache"
+
+ # get the resource again, without any Accept header, so again no match
+ response, content = http.request(uri, "GET")
+ assert response.status == 200
+ assert not response.fromcache, "Should not be from cache"
+
+
+def test_vary_header_double():
+ http = httplib2.Http(cache=tests.get_cache_path())
+ response = tests.http_response_bytes(
+ headers={"vary": "Accept, Accept-Language", "cache-control": "max-age=300"},
+ add_date=True,
+ )
+ with tests.server_const_bytes(response, request_count=3) as uri:
+ response, content = http.request(
+ uri,
+ "GET",
+ headers={
+ "Accept": "text/plain",
+ "Accept-Language": "da, en-gb;q=0.8, en;q=0.7",
+ },
+ )
+ assert response.status == 200
+ assert "vary" in response
+
+ # we are from cache
+ response, content = http.request(
+ uri,
+ "GET",
+ headers={
+ "Accept": "text/plain",
+ "Accept-Language": "da, en-gb;q=0.8, en;q=0.7",
+ },
+ )
+ assert response.fromcache, "Should be from cache"
+
+ response, content = http.request(uri, "GET", headers={"Accept": "text/plain"})
+ assert response.status == 200
+ assert not response.fromcache
+
+ # get the resource again, not from cache, varied headers don't match exact
+ response, content = http.request(uri, "GET", headers={"Accept-Language": "da"})
+ assert response.status == 200
+ assert not response.fromcache, "Should not be from cache"
+
+
+def test_vary_unused_header():
+ http = httplib2.Http(cache=tests.get_cache_path())
+ response = tests.http_response_bytes(
+ headers={"vary": "X-No-Such-Header", "cache-control": "max-age=300"},
+ add_date=True,
+ )
+ with tests.server_const_bytes(response, request_count=1) as uri:
+ # A header's value is not considered to vary if it's not used at all.
+ response, content = http.request(uri, "GET", headers={"Accept": "text/plain"})
+ assert response.status == 200
+ assert "vary" in response
+
+ # we are from cache
+ response, content = http.request(uri, "GET", headers={"Accept": "text/plain"})
+ assert response.fromcache, "Should be from cache"
+
+
+def test_get_cache_control_no_cache():
+ # Test Cache-Control: no-cache on requests
+ http = httplib2.Http(cache=tests.get_cache_path())
+ with tests.server_const_http(
+ add_date=True,
+ add_etag=True,
+ headers={"cache-control": "max-age=300"},
+ request_count=2,
+ ) as uri:
+ response, _ = http.request(uri, "GET", headers={"accept-encoding": "identity"})
+ assert response.status == 200
+ assert response["etag"] != ""
+ assert not response.fromcache
+ response, _ = http.request(uri, "GET", headers={"accept-encoding": "identity"})
+ assert response.status == 200
+ assert response.fromcache
+ response, _ = http.request(
+ uri,
+ "GET",
+ headers={"accept-encoding": "identity", "Cache-Control": "no-cache"},
+ )
+ assert response.status == 200
+ assert not response.fromcache
+
+
+def test_get_cache_control_pragma_no_cache():
+ # Test Pragma: no-cache on requests
+ http = httplib2.Http(cache=tests.get_cache_path())
+ with tests.server_const_http(
+ add_date=True,
+ add_etag=True,
+ headers={"cache-control": "max-age=300"},
+ request_count=2,
+ ) as uri:
+ response, _ = http.request(uri, "GET", headers={"accept-encoding": "identity"})
+ assert response["etag"] != ""
+ response, _ = http.request(uri, "GET", headers={"accept-encoding": "identity"})
+ assert response.status == 200
+ assert response.fromcache
+ response, _ = http.request(
+ uri, "GET", headers={"accept-encoding": "identity", "Pragma": "no-cache"}
+ )
+ assert response.status == 200
+ assert not response.fromcache
+
+
+def test_get_cache_control_no_store_request():
+ # A no-store request means that the response should not be stored.
+ http = httplib2.Http(cache=tests.get_cache_path())
+ with tests.server_const_http(
+ add_date=True,
+ add_etag=True,
+ headers={"cache-control": "max-age=300"},
+ request_count=2,
+ ) as uri:
+ response, _ = http.request(uri, "GET", headers={"Cache-Control": "no-store"})
+ assert response.status == 200
+ assert not response.fromcache
+ response, _ = http.request(uri, "GET", headers={"Cache-Control": "no-store"})
+ assert response.status == 200
+ assert not response.fromcache
+
+
+def test_get_cache_control_no_store_response():
+ # A no-store response means that the response should not be stored.
+ http = httplib2.Http(cache=tests.get_cache_path())
+ with tests.server_const_http(
+ add_date=True,
+ add_etag=True,
+ headers={"cache-control": "max-age=300, no-store"},
+ request_count=2,
+ ) as uri:
+ response, _ = http.request(uri, "GET")
+ assert response.status == 200
+ assert not response.fromcache
+ response, _ = http.request(uri, "GET")
+ assert response.status == 200
+ assert not response.fromcache
+
+
+def test_get_cache_control_no_cache_no_store_request():
+ # Test that a no-store, no-cache clears the entry from the cache
+ # even if it was cached previously.
+ http = httplib2.Http(cache=tests.get_cache_path())
+ with tests.server_const_http(
+ add_date=True,
+ add_etag=True,
+ headers={"cache-control": "max-age=300"},
+ request_count=3,
+ ) as uri:
+ response, _ = http.request(uri, "GET")
+ response, _ = http.request(uri, "GET")
+ assert response.fromcache
+ response, _ = http.request(
+ uri, "GET", headers={"Cache-Control": "no-store, no-cache"}
+ )
+ assert response.status == 200
+ assert not response.fromcache
+ response, _ = http.request(
+ uri, "GET", headers={"Cache-Control": "no-store, no-cache"}
+ )
+ assert response.status == 200
+ assert not response.fromcache
+
+
+def test_update_invalidates_cache():
+ # Test that calling PUT or DELETE on a
+ # URI that is cache invalidates that cache.
+ http = httplib2.Http(cache=tests.get_cache_path())
+
+ def handler(request):
+ if request.method in ("PUT", "PATCH", "DELETE"):
+ return tests.http_response_bytes(status=405)
+ return tests.http_response_bytes(
+ add_date=True, add_etag=True, headers={"cache-control": "max-age=300"}
+ )
+
+ with tests.server_request(handler, request_count=3) as uri:
+ response, _ = http.request(uri, "GET")
+ response, _ = http.request(uri, "GET")
+ assert response.fromcache
+ response, _ = http.request(uri, "DELETE")
+ assert response.status == 405
+ assert not response.fromcache
+ response, _ = http.request(uri, "GET")
+ assert not response.fromcache
+
+
+def handler_conditional_update(request):
+ respond = tests.http_response_bytes
+ if request.method == "GET":
+ if request.headers.get("if-none-match", "") == "12345":
+ return respond(status=304)
+ return respond(
+ add_date=True, headers={"etag": "12345", "cache-control": "max-age=300"}
+ )
+ elif request.method in ("PUT", "PATCH", "DELETE"):
+ if request.headers.get("if-match", "") == "12345":
+ return respond(status=200)
+ return respond(status=412)
+ return respond(status=405)
+
+
+@pytest.mark.parametrize("method", ("PUT", "PATCH"))
+def test_update_uses_cached_etag(method):
+ # Test that we natively support http://www.w3.org/1999/04/Editing/
+ http = httplib2.Http(cache=tests.get_cache_path())
+ with tests.server_request(handler_conditional_update, request_count=3) as uri:
+ response, _ = http.request(uri, "GET")
+ assert response.status == 200
+ assert not response.fromcache
+ response, _ = http.request(uri, "GET")
+ assert response.status == 200
+ assert response.fromcache
+ response, _ = http.request(uri, method, body=b"foo")
+ assert response.status == 200
+ response, _ = http.request(uri, method, body=b"foo")
+ assert response.status == 412
+
+
+def test_update_uses_cached_etag_and_oc_method():
+ # Test that we natively support http://www.w3.org/1999/04/Editing/
+ http = httplib2.Http(cache=tests.get_cache_path())
+ with tests.server_request(handler_conditional_update, request_count=2) as uri:
+ response, _ = http.request(uri, "GET")
+ assert response.status == 200
+ assert not response.fromcache
+ response, _ = http.request(uri, "GET")
+ assert response.status == 200
+ assert response.fromcache
+ http.optimistic_concurrency_methods.append("DELETE")
+ response, _ = http.request(uri, "DELETE")
+ assert response.status == 200
+
+
+def test_update_uses_cached_etag_overridden():
+ # Test that we natively support http://www.w3.org/1999/04/Editing/
+ http = httplib2.Http(cache=tests.get_cache_path())
+ with tests.server_request(handler_conditional_update, request_count=2) as uri:
+ response, content = http.request(uri, "GET")
+ assert response.status == 200
+ assert not response.fromcache
+ response, content = http.request(uri, "GET")
+ assert response.status == 200
+ assert response.fromcache
+ response, content = http.request(
+ uri, "PUT", body=b"foo", headers={"if-match": "fred"}
+ )
+ assert response.status == 412
+
+
+@pytest.mark.parametrize(
+ "data",
+ (
+ ({}, {}),
+ ({"cache-control": " no-cache"}, {"no-cache": 1}),
+ (
+ {"cache-control": " no-store, max-age = 7200"},
+ {"no-store": 1, "max-age": "7200"},
+ ),
+ ({"cache-control": " , "}, {"": 1}), # FIXME
+ (
+ {"cache-control": "Max-age=3600;post-check=1800,pre-check=3600"},
+ {"max-age": "3600;post-check=1800", "pre-check": "3600"},
+ ),
+ ),
+ ids=lambda data: str(data[0]),
+)
+def test_parse_cache_control(data):
+ header, expected = data
+ assert httplib2._parse_cache_control(header) == expected
+
+
+def test_normalize_headers():
+ # Test that we normalize headers to lowercase
+ h = httplib2._normalize_headers({"Cache-Control": "no-cache", "Other": "Stuff"})
+ assert "cache-control" in h
+ assert "other" in h
+ assert h["other"] == "Stuff"
+
+
+@pytest.mark.parametrize(
+ "data",
+ (
+ (
+ {"cache-control": "no-cache"},
+ {"cache-control": "max-age=7200"},
+ "TRANSPARENT",
+ ),
+ ({}, {"cache-control": "max-age=fred, min-fresh=barney"}, "STALE"),
+ ({}, {"date": "{now}", "expires": "{now+3}"}, "FRESH"),
+ (
+ {},
+ {"date": "{now}", "expires": "{now+3}", "cache-control": "no-cache"},
+ "STALE",
+ ),
+ ({"cache-control": "must-revalidate"}, {}, "STALE"),
+ ({}, {"cache-control": "must-revalidate"}, "STALE"),
+ ({}, {"date": "{now}", "cache-control": "max-age=0"}, "STALE"),
+ ({"cache-control": "only-if-cached"}, {}, "FRESH"),
+ ({}, {"date": "{now}", "expires": "0"}, "STALE"),
+ ({}, {"data": "{now+3}"}, "STALE"),
+ (
+ {"cache-control": "max-age=0"},
+ {"date": "{now}", "cache-control": "max-age=2"},
+ "STALE",
+ ),
+ (
+ {"cache-control": "min-fresh=2"},
+ {"date": "{now}", "expires": "{now+2}"},
+ "STALE",
+ ),
+ (
+ {"cache-control": "min-fresh=2"},
+ {"date": "{now}", "expires": "{now+4}"},
+ "FRESH",
+ ),
+ ),
+ ids=lambda data: str(data),
+)
+def test_entry_disposition(data):
+ now = time.time()
+ nowre = re.compile(r"{now([\+\-]\d+)?}")
+
+ def render(s):
+ m = nowre.match(s)
+ if m:
+ offset = int(m.expand(r"\1")) if m.group(1) else 0
+ s = email.utils.formatdate(now + offset, usegmt=True)
+ return s
+
+ request, response, expected = data
+ request = {k: render(v) for k, v in request.items()}
+ response = {k: render(v) for k, v in response.items()}
+ assert httplib2._entry_disposition(response, request) == expected
+
+
+def test_expiration_model_fresh():
+ response_headers = {
+ "date": email.utils.formatdate(usegmt=True),
+ "cache-control": "max-age=2",
+ }
+ assert httplib2._entry_disposition(response_headers, {}) == "FRESH"
+ # TODO: add current time as _entry_disposition argument to avoid sleep in tests
+ time.sleep(3)
+ assert httplib2._entry_disposition(response_headers, {}) == "STALE"
+
+
+def test_expiration_model_date_and_expires():
+ now = time.time()
+ response_headers = {
+ "date": email.utils.formatdate(now, usegmt=True),
+ "expires": email.utils.formatdate(now + 2, usegmt=True),
+ }
+ assert httplib2._entry_disposition(response_headers, {}) == "FRESH"
+ time.sleep(3)
+ assert httplib2._entry_disposition(response_headers, {}) == "STALE"
+
+
+# TODO: Repeat all cache tests with memcache. pytest.mark.parametrize
+# cache = memcache.Client(['127.0.0.1:11211'], debug=0)
+# #cache = memcache.Client(['10.0.0.4:11211'], debug=1)
+# http = httplib2.Http(cache)
diff --git a/tests/test_encoding.py b/tests/test_encoding.py
new file mode 100644
index 0000000000000000000000000000000000000000..c7eead5c14d14630c73ac6ab1c3f049cf39401c4
--- /dev/null
+++ b/tests/test_encoding.py
@@ -0,0 +1,97 @@
+import httplib2
+import tests
+
+
+def test_gzip_head():
+ # Test that we don't try to decompress a HEAD response
+ http = httplib2.Http()
+ response = tests.http_response_bytes(
+ headers={"content-encoding": "gzip", "content-length": 42}
+ )
+ with tests.server_const_bytes(response) as uri:
+ response, content = http.request(uri, "HEAD")
+ assert response.status == 200
+ assert int(response["content-length"]) != 0
+ assert content == b""
+
+
+def test_gzip_get():
+ # Test that we support gzip compression
+ http = httplib2.Http()
+ response = tests.http_response_bytes(
+ headers={"content-encoding": "gzip"},
+ body=tests.gzip_compress(b"properly compressed"),
+ )
+ with tests.server_const_bytes(response) as uri:
+ response, content = http.request(uri, "GET")
+ assert response.status == 200
+ assert "content-encoding" not in response
+ assert "-content-encoding" in response
+ assert int(response["content-length"]) == len(b"properly compressed")
+ assert content == b"properly compressed"
+
+
+def test_gzip_post_response():
+ http = httplib2.Http()
+ response = tests.http_response_bytes(
+ headers={"content-encoding": "gzip"},
+ body=tests.gzip_compress(b"properly compressed"),
+ )
+ with tests.server_const_bytes(response) as uri:
+ response, content = http.request(uri, "POST", body=b"")
+ assert response.status == 200
+ assert "content-encoding" not in response
+ assert "-content-encoding" in response
+
+
+def test_gzip_malformed_response():
+ http = httplib2.Http()
+ # Test that we raise a good exception when the gzip fails
+ http.force_exception_to_status_code = False
+ response = tests.http_response_bytes(
+ headers={"content-encoding": "gzip"}, body=b"obviously not compressed"
+ )
+ with tests.server_const_bytes(response, request_count=2) as uri:
+ with tests.assert_raises(httplib2.FailedToDecompressContent):
+ http.request(uri, "GET")
+
+ # Re-run the test with out the exceptions
+ http.force_exception_to_status_code = True
+
+ response, content = http.request(uri, "GET")
+ assert response.status == 500
+ assert response.reason.startswith("Content purported")
+
+
+def test_deflate_get():
+ # Test that we support deflate compression
+ http = httplib2.Http()
+ response = tests.http_response_bytes(
+ headers={"content-encoding": "deflate"},
+ body=tests.deflate_compress(b"properly compressed"),
+ )
+ with tests.server_const_bytes(response) as uri:
+ response, content = http.request(uri, "GET")
+ assert response.status == 200
+ assert "content-encoding" not in response
+ assert int(response["content-length"]) == len(b"properly compressed")
+ assert content == b"properly compressed"
+
+
+def test_deflate_malformed_response():
+ # Test that we raise a good exception when the deflate fails
+ http = httplib2.Http()
+ http.force_exception_to_status_code = False
+ response = tests.http_response_bytes(
+ headers={"content-encoding": "deflate"}, body=b"obviously not compressed"
+ )
+ with tests.server_const_bytes(response, request_count=2) as uri:
+ with tests.assert_raises(httplib2.FailedToDecompressContent):
+ http.request(uri, "GET")
+
+ # Re-run the test with out the exceptions
+ http.force_exception_to_status_code = True
+
+ response, content = http.request(uri, "GET")
+ assert response.status == 500
+ assert response.reason.startswith("Content purported")
diff --git a/tests/test_http.py b/tests/test_http.py
new file mode 100644
index 0000000000000000000000000000000000000000..df990167c523e2f1d79b97dbcf85fb0be5724125
--- /dev/null
+++ b/tests/test_http.py
@@ -0,0 +1,705 @@
+from __future__ import absolute_import
+from __future__ import division
+from __future__ import print_function
+
+import email.utils
+import errno
+import httplib2
+import mock
+import os
+import pytest
+from six.moves import http_client, urllib
+import socket
+import tests
+
+
+def _raise_connection_refused_exception(*args, **kwargs):
+ raise socket.error(errno.ECONNREFUSED, "Connection refused.")
+
+
+def test_connection_type():
+ http = httplib2.Http()
+ http.force_exception_to_status_code = False
+ response, content = http.request(
+ tests.DUMMY_URL, connection_type=tests.MockHTTPConnection
+ )
+ assert response["content-location"] == tests.DUMMY_URL
+ assert content == b"the body"
+
+
+def test_bad_status_line_retry():
+ http = httplib2.Http()
+ old_retries = httplib2.RETRIES
+ httplib2.RETRIES = 1
+ http.force_exception_to_status_code = False
+ try:
+ response, content = http.request(
+ tests.DUMMY_URL, connection_type=tests.MockHTTPBadStatusConnection
+ )
+ except http_client.BadStatusLine:
+ assert tests.MockHTTPBadStatusConnection.num_calls == 2
+ httplib2.RETRIES = old_retries
+
+
+def test_unknown_server():
+ http = httplib2.Http()
+ http.force_exception_to_status_code = False
+ with tests.assert_raises(httplib2.ServerNotFoundError):
+ with mock.patch("socket.socket.connect", side_effect=socket.gaierror):
+ http.request("http://no-such-hostname./")
+
+ # Now test with exceptions turned off
+ http.force_exception_to_status_code = True
+ response, content = http.request("http://no-such-hostname./")
+ assert response["content-type"] == "text/plain"
+ assert content.startswith(b"Unable to find")
+ assert response.status == 400
+
+
+@pytest.mark.skipif(
+ os.environ.get("TRAVIS_PYTHON_VERSION") in ("2.7", "pypy"),
+ reason="Fails on Travis py27/pypy, works elsewhere. "
+ "See https://travis-ci.org/httplib2/httplib2/jobs/408769880.",
+)
+@mock.patch("socket.socket.connect", spec=True)
+def test_connection_refused_raises_exception(mock_socket_connect):
+ mock_socket_connect.side_effect = _raise_connection_refused_exception
+ http = httplib2.Http()
+ http.force_exception_to_status_code = False
+ with tests.assert_raises(socket.error):
+ http.request(tests.DUMMY_URL)
+
+
+@pytest.mark.skipif(
+ os.environ.get("TRAVIS_PYTHON_VERSION") in ("2.7", "pypy"),
+ reason="Fails on Travis py27/pypy, works elsewhere. "
+ "See https://travis-ci.org/httplib2/httplib2/jobs/408769880.",
+)
+@mock.patch("socket.socket.connect", spec=True)
+def test_connection_refused_returns_response(mock_socket_connect):
+ mock_socket_connect.side_effect = _raise_connection_refused_exception
+ http = httplib2.Http()
+ http.force_exception_to_status_code = True
+ response, content = http.request(tests.DUMMY_URL)
+ content = content.lower()
+ assert response["content-type"] == "text/plain"
+ assert (
+ b"connection refused" in content
+ or b"actively refused" in content
+ or b"socket is not connected" in content
+ )
+ assert response.status == 400
+
+
+def test_get_iri():
+ http = httplib2.Http()
+ query = u"?a=\N{CYRILLIC CAPITAL LETTER DJE}"
+ with tests.server_reflect() as uri:
+ response, content = http.request(uri + query, "GET")
+ assert response.status == 200
+ reflected = tests.HttpRequest.from_bytes(content)
+ assert reflected.uri == "/?a=%D0%82"
+
+
+def test_get_is_default_method():
+ # Test that GET is the default method
+ http = httplib2.Http()
+ with tests.server_reflect() as uri:
+ response, content = http.request(uri)
+ assert response.status == 200
+ reflected = tests.HttpRequest.from_bytes(content)
+ assert reflected.method == "GET"
+
+
+def test_different_methods():
+ # Test that all methods can be used
+ http = httplib2.Http()
+ methods = ["GET", "PUT", "DELETE", "POST", "unknown"]
+ with tests.server_reflect(request_count=len(methods)) as uri:
+ for method in methods:
+ response, content = http.request(uri, method, body=b" ")
+ assert response.status == 200
+ reflected = tests.HttpRequest.from_bytes(content)
+ assert reflected.method == method
+
+
+def test_head_read():
+ # Test that we don't try to read the response of a HEAD request
+ # since httplib blocks response.read() for HEAD requests.
+ http = httplib2.Http()
+ respond_with = b"HTTP/1.0 200 OK\r\ncontent-length: " b"14\r\n\r\nnon-empty-body"
+ with tests.server_const_bytes(respond_with) as uri:
+ response, content = http.request(uri, "HEAD")
+ assert response.status == 200
+ assert content == b""
+
+
+def test_get_no_cache():
+ # Test that can do a GET w/o the cache turned on.
+ http = httplib2.Http()
+ with tests.server_const_http() as uri:
+ response, content = http.request(uri, "GET")
+ assert response.status == 200
+ assert response.previous is None
+
+
+def test_user_agent():
+ # Test that we provide a default user-agent
+ http = httplib2.Http()
+ with tests.server_reflect() as uri:
+ response, content = http.request(uri, "GET")
+ assert response.status == 200
+ reflected = tests.HttpRequest.from_bytes(content)
+ assert reflected.headers.get("user-agent", "").startswith("Python-httplib2/")
+
+
+def test_user_agent_non_default():
+ # Test that the default user-agent can be over-ridden
+ http = httplib2.Http()
+ with tests.server_reflect() as uri:
+ response, content = http.request(uri, "GET", headers={"User-Agent": "fred/1.0"})
+ assert response.status == 200
+ reflected = tests.HttpRequest.from_bytes(content)
+ assert reflected.headers.get("user-agent") == "fred/1.0"
+
+
+def test_get_300_with_location():
+ # Test the we automatically follow 300 redirects if a Location: header is provided
+ http = httplib2.Http()
+ final_content = b"This is the final destination.\n"
+ routes = {
+ "/final": tests.http_response_bytes(body=final_content),
+ "": tests.http_response_bytes(
+ status="300 Multiple Choices", headers={"location": "/final"}
+ ),
+ }
+ with tests.server_route(routes, request_count=2) as uri:
+ response, content = http.request(uri, "GET")
+ assert response.status == 200
+ assert content == final_content
+ assert response.previous.status == 300
+ assert not response.previous.fromcache
+
+ # Confirm that the intermediate 300 is not cached
+ with tests.server_route(routes, request_count=2) as uri:
+ response, content = http.request(uri, "GET")
+ assert response.status == 200
+ assert content == final_content
+ assert response.previous.status == 300
+ assert not response.previous.fromcache
+
+
+def test_get_300_with_location_noredirect():
+ # Test the we automatically follow 300 redirects if a Location: header is provided
+ http = httplib2.Http()
+ http.follow_redirects = False
+ response = tests.http_response_bytes(
+ status="300 Multiple Choices",
+ headers={"location": "/final"},
+ body=b"redirect body",
+ )
+ with tests.server_const_bytes(response) as uri:
+ response, content = http.request(uri, "GET")
+ assert response.status == 300
+
+
+def test_get_300_without_location():
+ # Not giving a Location: header in a 300 response is acceptable
+ # In which case we just return the 300 response
+ http = httplib2.Http()
+ with tests.server_const_http(
+ status="300 Multiple Choices", body=b"redirect body"
+ ) as uri:
+ response, content = http.request(uri, "GET")
+ assert response.status == 300
+ assert response.previous is None
+ assert content == b"redirect body"
+
+
+def test_get_301():
+ # Test that we automatically follow 301 redirects
+ # and that we cache the 301 response
+ http = httplib2.Http(cache=tests.get_cache_path())
+ destination = ""
+ routes = {
+ "/final": tests.http_response_bytes(body=b"This is the final destination.\n"),
+ "": tests.http_response_bytes(
+ status="301 Now where did I leave that URL",
+ headers={"location": "/final"},
+ body=b"redirect body",
+ ),
+ }
+ with tests.server_route(routes, request_count=3) as uri:
+ destination = urllib.parse.urljoin(uri, "/final")
+ response1, content1 = http.request(uri, "GET")
+ response2, content2 = http.request(uri, "GET")
+ assert response1.status == 200
+ assert "content-location" in response2
+ assert response1["content-location"] == destination
+ assert content1 == b"This is the final destination.\n"
+ assert response1.previous.status == 301
+ assert not response1.previous.fromcache
+
+ assert response2.status == 200
+ assert response2["content-location"] == destination
+ assert content2 == b"This is the final destination.\n"
+ assert response2.previous.status == 301
+ assert response2.previous.fromcache
+
+
+@pytest.mark.skip(
+ not os.environ.get("httplib2_test_still_run_skipped")
+ and os.environ.get("TRAVIS_PYTHON_VERSION") in ("2.7", "pypy"),
+ reason="FIXME: timeout on Travis py27 and pypy, works elsewhere",
+)
+def test_head_301():
+ # Test that we automatically follow 301 redirects
+ http = httplib2.Http()
+ destination = ""
+ routes = {
+ "/final": tests.http_response_bytes(body=b"This is the final destination.\n"),
+ "": tests.http_response_bytes(
+ status="301 Now where did I leave that URL",
+ headers={"location": "/final"},
+ body=b"redirect body",
+ ),
+ }
+ with tests.server_route(routes, request_count=2) as uri:
+ destination = urllib.parse.urljoin(uri, "/final")
+ response, content = http.request(uri, "HEAD")
+ assert response.status == 200
+ assert response["content-location"] == destination
+ assert response.previous.status == 301
+ assert not response.previous.fromcache
+
+
+@pytest.mark.xfail(
+ reason=(
+ "FIXME: 301 cache works only with follow_redirects, should work " "regardless"
+ )
+)
+def test_get_301_no_redirect():
+ # Test that we cache the 301 response
+ http = httplib2.Http(cache=tests.get_cache_path(), timeout=0.5)
+ http.follow_redirects = False
+ response = tests.http_response_bytes(
+ status="301 Now where did I leave that URL",
+ headers={"location": "/final", "cache-control": "max-age=300"},
+ body=b"redirect body",
+ add_date=True,
+ )
+ with tests.server_const_bytes(response) as uri:
+ response, _ = http.request(uri, "GET")
+ assert response.status == 301
+ assert not response.fromcache
+ response, _ = http.request(uri, "GET")
+ assert response.status == 301
+ assert response.fromcache
+
+
+def test_get_302():
+ # Test that we automatically follow 302 redirects
+ # and that we DO NOT cache the 302 response
+ http = httplib2.Http(cache=tests.get_cache_path())
+ second_url, final_url = "", ""
+ routes = {
+ "/final": tests.http_response_bytes(body=b"This is the final destination.\n"),
+ "/second": tests.http_response_bytes(
+ status="302 Found", headers={"location": "/final"}, body=b"second redirect"
+ ),
+ "": tests.http_response_bytes(
+ status="302 Found", headers={"location": "/second"}, body=b"redirect body"
+ ),
+ }
+ with tests.server_route(routes, request_count=7) as uri:
+ second_url = urllib.parse.urljoin(uri, "/second")
+ final_url = urllib.parse.urljoin(uri, "/final")
+ response1, content1 = http.request(second_url, "GET")
+ response2, content2 = http.request(second_url, "GET")
+ response3, content3 = http.request(uri, "GET")
+ assert response1.status == 200
+ assert response1["content-location"] == final_url
+ assert content1 == b"This is the final destination.\n"
+ assert response1.previous.status == 302
+ assert not response1.previous.fromcache
+
+ assert response2.status == 200
+ # FIXME:
+ # assert response2.fromcache
+ assert response2["content-location"] == final_url
+ assert content2 == b"This is the final destination.\n"
+ assert response2.previous.status == 302
+ assert not response2.previous.fromcache
+ assert response2.previous["content-location"] == second_url
+
+ assert response3.status == 200
+ # FIXME:
+ # assert response3.fromcache
+ assert content3 == b"This is the final destination.\n"
+ assert response3.previous.status == 302
+ assert not response3.previous.fromcache
+
+
+def test_get_302_redirection_limit():
+ # Test that we can set a lower redirection limit
+ # and that we raise an exception when we exceed
+ # that limit.
+ http = httplib2.Http()
+ http.force_exception_to_status_code = False
+ routes = {
+ "/second": tests.http_response_bytes(
+ status="302 Found", headers={"location": "/final"}, body=b"second redirect"
+ ),
+ "": tests.http_response_bytes(
+ status="302 Found", headers={"location": "/second"}, body=b"redirect body"
+ ),
+ }
+ with tests.server_route(routes, request_count=4) as uri:
+ try:
+ http.request(uri, "GET", redirections=1)
+ assert False, "This should not happen"
+ except httplib2.RedirectLimit:
+ pass
+ except Exception:
+ assert False, "Threw wrong kind of exception "
+
+ # Re-run the test with out the exceptions
+ http.force_exception_to_status_code = True
+ response, content = http.request(uri, "GET", redirections=1)
+
+ assert response.status == 500
+ assert response.reason.startswith("Redirected more")
+ assert response["status"] == "302"
+ assert content == b"second redirect"
+ assert response.previous is not None
+
+
+def test_get_302_no_location():
+ # Test that we throw an exception when we get
+ # a 302 with no Location: header.
+ http = httplib2.Http()
+ http.force_exception_to_status_code = False
+ with tests.server_const_http(status="302 Found", request_count=2) as uri:
+ try:
+ http.request(uri, "GET")
+ assert False, "Should never reach here"
+ except httplib2.RedirectMissingLocation:
+ pass
+ except Exception:
+ assert False, "Threw wrong kind of exception "
+
+ # Re-run the test with out the exceptions
+ http.force_exception_to_status_code = True
+ response, content = http.request(uri, "GET")
+
+ assert response.status == 500
+ assert response.reason.startswith("Redirected but")
+ assert "302" == response["status"]
+ assert content == b""
+
+
+@pytest.mark.skip(
+ not os.environ.get("httplib2_test_still_run_skipped")
+ and os.environ.get("TRAVIS_PYTHON_VERSION") in ("2.7", "pypy"),
+ reason="FIXME: timeout on Travis py27 and pypy, works elsewhere",
+)
+def test_303():
+ # Do a follow-up GET on a Location: header
+ # returned from a POST that gave a 303.
+ http = httplib2.Http()
+ routes = {
+ "/final": tests.make_http_reflect(),
+ "": tests.make_http_reflect(
+ status="303 See Other", headers={"location": "/final"}
+ ),
+ }
+ with tests.server_route(routes, request_count=2) as uri:
+ response, content = http.request(uri, "POST", " ")
+ assert response.status == 200
+ reflected = tests.HttpRequest.from_bytes(content)
+ assert reflected.uri == "/final"
+ assert response.previous.status == 303
+
+ # Skip follow-up GET
+ http = httplib2.Http()
+ http.follow_redirects = False
+ with tests.server_route(routes, request_count=1) as uri:
+ response, content = http.request(uri, "POST", " ")
+ assert response.status == 303
+
+ # All methods can be used
+ http = httplib2.Http()
+ cases = "DELETE GET HEAD POST PUT EVEN_NEW_ONES".split(" ")
+ with tests.server_route(routes, request_count=len(cases) * 2) as uri:
+ for method in cases:
+ response, content = http.request(uri, method, body=b"q q")
+ assert response.status == 200
+ reflected = tests.HttpRequest.from_bytes(content)
+ assert reflected.method == "GET"
+
+
+def test_etag_used():
+ # Test that we use ETags properly to validate our cache
+ cache_path = tests.get_cache_path()
+ http = httplib2.Http(cache=cache_path)
+ response_kwargs = dict(
+ add_date=True,
+ add_etag=True,
+ body=b"something",
+ headers={"cache-control": "public,max-age=300"},
+ )
+
+ def handler(request):
+ if request.headers.get("range"):
+ return tests.http_response_bytes(status=206, **response_kwargs)
+ return tests.http_response_bytes(**response_kwargs)
+
+ with tests.server_request(handler, request_count=2) as uri:
+ response, _ = http.request(uri, "GET", headers={"accept-encoding": "identity"})
+ assert response["etag"] == '"437b930db84b8079c2dd804a71936b5f"'
+
+ http.request(uri, "GET", headers={"accept-encoding": "identity"})
+ response, _ = http.request(
+ uri,
+ "GET",
+ headers={"accept-encoding": "identity", "cache-control": "must-revalidate"},
+ )
+ assert response.status == 200
+ assert response.fromcache
+
+ # TODO: API to read cache item, at least internal to tests
+ cache_file_name = os.path.join(
+ cache_path, httplib2.safename(httplib2.urlnorm(uri)[-1])
+ )
+ with open(cache_file_name, "r") as f:
+ status_line = f.readline()
+ assert status_line.startswith("status:")
+
+ response, content = http.request(
+ uri, "HEAD", headers={"accept-encoding": "identity"}
+ )
+ assert response.status == 200
+ assert response.fromcache
+
+ response, content = http.request(
+ uri, "GET", headers={"accept-encoding": "identity", "range": "bytes=0-0"}
+ )
+ assert response.status == 206
+ assert not response.fromcache
+
+
+def test_etag_ignore():
+ # Test that we can forcibly ignore ETags
+ http = httplib2.Http(cache=tests.get_cache_path())
+ response_kwargs = dict(add_date=True, add_etag=True)
+ with tests.server_reflect(request_count=3, **response_kwargs) as uri:
+ response, content = http.request(
+ uri, "GET", headers={"accept-encoding": "identity"}
+ )
+ assert response.status == 200
+ assert response["etag"] != ""
+
+ response, content = http.request(
+ uri,
+ "GET",
+ headers={"accept-encoding": "identity", "cache-control": "max-age=0"},
+ )
+ reflected = tests.HttpRequest.from_bytes(content)
+ assert reflected.headers.get("if-none-match")
+
+ http.ignore_etag = True
+ response, content = http.request(
+ uri,
+ "GET",
+ headers={"accept-encoding": "identity", "cache-control": "max-age=0"},
+ )
+ assert not response.fromcache
+ reflected = tests.HttpRequest.from_bytes(content)
+ assert not reflected.headers.get("if-none-match")
+
+
+def test_etag_override():
+ # Test that we can forcibly ignore ETags
+ http = httplib2.Http(cache=tests.get_cache_path())
+ response_kwargs = dict(add_date=True, add_etag=True)
+ with tests.server_reflect(request_count=3, **response_kwargs) as uri:
+ response, _ = http.request(uri, "GET", headers={"accept-encoding": "identity"})
+ assert response.status == 200
+ assert response["etag"] != ""
+
+ response, content = http.request(
+ uri,
+ "GET",
+ headers={"accept-encoding": "identity", "cache-control": "max-age=0"},
+ )
+ assert response.status == 200
+ reflected = tests.HttpRequest.from_bytes(content)
+ assert reflected.headers.get("if-none-match")
+ assert reflected.headers.get("if-none-match") != "fred"
+
+ response, content = http.request(
+ uri,
+ "GET",
+ headers={
+ "accept-encoding": "identity",
+ "cache-control": "max-age=0",
+ "if-none-match": "fred",
+ },
+ )
+ assert response.status == 200
+ reflected = tests.HttpRequest.from_bytes(content)
+ assert reflected.headers.get("if-none-match") == "fred"
+
+
+@pytest.mark.skip(reason="was commented in legacy code")
+def test_get_304_end_to_end():
+ pass
+ # Test that end to end headers get overwritten in the cache
+ # uri = urllib.parse.urljoin(base, "304/end2end.cgi")
+ # response, content = http.request(uri, 'GET')
+ # assertNotEqual(response['etag'], "")
+ # old_date = response['date']
+ # time.sleep(2)
+
+ # response, content = http.request(uri, 'GET', headers = {'Cache-Control': 'max-age=0'})
+ # # The response should be from the cache, but the Date: header should be updated.
+ # new_date = response['date']
+ # assert new_date != old_date
+ # assert response.status == 200
+ # assert response.fromcache == True
+
+
+def test_get_304_last_modified():
+ # Test that we can still handle a 304
+ # by only using the last-modified cache validator.
+ http = httplib2.Http(cache=tests.get_cache_path())
+ date = email.utils.formatdate()
+
+ def handler(read):
+ read()
+ yield tests.http_response_bytes(
+ status=200, body=b"something", headers={"date": date, "last-modified": date}
+ )
+
+ request2 = read()
+ assert request2.headers["if-modified-since"] == date
+ yield tests.http_response_bytes(status=304)
+
+ with tests.server_yield(handler, request_count=2) as uri:
+ response, content = http.request(uri, "GET")
+ assert response.get("last-modified") == date
+
+ response, content = http.request(uri, "GET")
+ assert response.status == 200
+ assert response.fromcache
+
+
+def test_get_307():
+ # Test that we do follow 307 redirects but
+ # do not cache the 307
+ http = httplib2.Http(cache=tests.get_cache_path(), timeout=1)
+ r307 = tests.http_response_bytes(status=307, headers={"location": "/final"})
+ r200 = tests.http_response_bytes(
+ status=200,
+ add_date=True,
+ body=b"final content\n",
+ headers={"cache-control": "max-age=300"},
+ )
+
+ with tests.server_list_http([r307, r200, r307]) as uri:
+ response, content = http.request(uri, "GET")
+ assert response.previous.status == 307
+ assert not response.previous.fromcache
+ assert response.status == 200
+ assert not response.fromcache
+ assert content == b"final content\n"
+
+ response, content = http.request(uri, "GET")
+ assert response.previous.status == 307
+ assert not response.previous.fromcache
+ assert response.status == 200
+ assert response.fromcache
+ assert content == b"final content\n"
+
+
+def test_post_307():
+ # 307: follow with same method
+ http = httplib2.Http(cache=tests.get_cache_path(), timeout=1)
+ http.follow_all_redirects = True
+ r307 = tests.http_response_bytes(status=307, headers={"location": "/final"})
+ r200 = tests.http_response_bytes(status=200, body=b"final content\n")
+
+ with tests.server_list_http([r307, r200, r307, r200]) as uri:
+ response, content = http.request(uri, "POST")
+ assert response.previous.status == 307
+ assert not response.previous.fromcache
+ assert response.status == 200
+ assert not response.fromcache
+ assert content == b"final content\n"
+
+ response, content = http.request(uri, "POST")
+ assert response.previous.status == 307
+ assert not response.previous.fromcache
+ assert response.status == 200
+ assert not response.fromcache
+ assert content == b"final content\n"
+
+
+def test_change_308():
+ # 308: follow with same method, cache redirect
+ http = httplib2.Http(cache=tests.get_cache_path(), timeout=1)
+ routes = {
+ "/final": tests.make_http_reflect(),
+ "": tests.http_response_bytes(
+ status="308 Permanent Redirect",
+ add_date=True,
+ headers={"cache-control": "max-age=300", "location": "/final"},
+ ),
+ }
+
+ with tests.server_route(routes, request_count=3) as uri:
+ response, content = http.request(uri, "CHANGE", body=b"hello308")
+ assert response.previous.status == 308
+ assert not response.previous.fromcache
+ assert response.status == 200
+ assert not response.fromcache
+ assert content.startswith(b"CHANGE /final HTTP")
+
+ response, content = http.request(uri, "CHANGE")
+ assert response.previous.status == 308
+ assert response.previous.fromcache
+ assert response.status == 200
+ assert not response.fromcache
+ assert content.startswith(b"CHANGE /final HTTP")
+
+
+def test_get_410():
+ # Test that we pass 410's through
+ http = httplib2.Http()
+ with tests.server_const_http(status=410) as uri:
+ response, content = http.request(uri, "GET")
+ assert response.status == 410
+
+
+def test_get_duplicate_headers():
+ # Test that duplicate headers get concatenated via ','
+ http = httplib2.Http()
+ response = b"""HTTP/1.0 200 OK\r\n\
+Link: link1\r\n\
+Content-Length: 7\r\n\
+Link: link2\r\n\r\n\
+content"""
+ with tests.server_const_bytes(response) as uri:
+ response, content = http.request(uri, "GET")
+ assert response.status == 200
+ assert content == b"content"
+ assert response["link"], "link1, link2"
+
+
+def test_custom_redirect_codes():
+ http = httplib2.Http()
+ http.redirect_codes = set([300])
+ with tests.server_const_http(status=301, request_count=1) as uri:
+ response, content = http.request(uri, "GET")
+ assert response.status == 301
+ assert response.previous is None
diff --git a/tests/test_https.py b/tests/test_https.py
new file mode 100644
index 0000000000000000000000000000000000000000..39d7d59a497c748e64f2cd9f5c54f840ba54f00f
--- /dev/null
+++ b/tests/test_https.py
@@ -0,0 +1,203 @@
+import httplib2
+import pytest
+from six.moves import urllib
+import socket
+import ssl
+import tests
+
+
+def test_get_via_https():
+ # Test that we can handle HTTPS
+ http = httplib2.Http(ca_certs=tests.CA_CERTS)
+ with tests.server_const_http(tls=True) as uri:
+ response, _ = http.request(uri, "GET")
+ assert response.status == 200
+
+
+def test_get_301_via_https():
+ http = httplib2.Http(ca_certs=tests.CA_CERTS)
+ glocation = [""] # nonlocal kind of trick, maybe redundant
+
+ def handler(request):
+ if request.uri == "/final":
+ return tests.http_response_bytes(body=b"final")
+ return tests.http_response_bytes(status="301 goto", headers={"location": glocation[0]})
+
+ with tests.server_request(handler, request_count=2, tls=True) as uri:
+ glocation[0] = urllib.parse.urljoin(uri, "/final")
+ response, content = http.request(uri, "GET")
+ assert response.status == 200
+ assert content == b"final"
+ assert response.previous.status == 301
+ assert response.previous["location"] == glocation[0]
+
+
+def test_get_301_via_https_spec_violation_on_location():
+ # Test that we follow redirects through HTTPS
+ # even if they violate the spec by including
+ # a relative Location: header instead of an absolute one.
+ http = httplib2.Http(ca_certs=tests.CA_CERTS)
+
+ def handler(request):
+ if request.uri == "/final":
+ return tests.http_response_bytes(body=b"final")
+ return tests.http_response_bytes(status="301 goto", headers={"location": "/final"})
+
+ with tests.server_request(handler, request_count=2, tls=True) as uri:
+ response, content = http.request(uri, "GET")
+ assert response.status == 200
+ assert content == b"final"
+ assert response.previous.status == 301
+
+
+def test_invalid_ca_certs_path():
+ http = httplib2.Http(ca_certs="/nosuchfile")
+ with tests.server_const_http(request_count=0, tls=True) as uri:
+ with tests.assert_raises(IOError):
+ http.request(uri, "GET")
+
+
+def test_not_trusted_ca():
+ # Test that we get a SSLHandshakeError if we try to access
+ # server using a CA cert file that doesn't contain server's CA.
+ http = httplib2.Http(ca_certs=tests.CA_UNUSED_CERTS)
+ with tests.server_const_http(tls=True) as uri:
+ try:
+ http.request(uri, "GET")
+ assert False, "expected CERTIFICATE_VERIFY_FAILED"
+ except ssl.SSLError as e:
+ assert e.reason == "CERTIFICATE_VERIFY_FAILED"
+ except httplib2.SSLHandshakeError: # Python2
+ pass
+
+
+@pytest.mark.skipif(
+ not hasattr(tests.ssl_context(), "minimum_version"),
+ reason="ssl doesn't support TLS min/max",
+)
+def test_set_min_tls_version():
+ # Test setting minimum TLS version
+ # We expect failure on Python < 3.7 or OpenSSL < 1.1
+ expect_success = hasattr(ssl.SSLContext(), 'minimum_version')
+ try:
+ http = httplib2.Http(tls_minimum_version="TLSv1_2")
+ http.request(tests.DUMMY_HTTPS_URL)
+ except RuntimeError:
+ assert not expect_success
+ except socket.error:
+ assert expect_success
+
+
+@pytest.mark.skipif(
+ not hasattr(tests.ssl_context(), "maximum_version"),
+ reason="ssl doesn't support TLS min/max",
+)
+def test_set_max_tls_version():
+ # Test setting maximum TLS version
+ # We expect RuntimeError on Python < 3.7 or OpenSSL < 1.1
+ # We expect socket error otherwise
+ expect_success = hasattr(ssl.SSLContext(), 'maximum_version')
+ try:
+ http = httplib2.Http(tls_maximum_version="TLSv1_2")
+ http.request(tests.DUMMY_HTTPS_URL)
+ except RuntimeError:
+ assert not expect_success
+ except socket.error:
+ assert expect_success
+
+
+@pytest.mark.skipif(
+ not hasattr(tests.ssl_context(), "minimum_version"),
+ reason="ssl doesn't support TLS min/max",
+)
+def test_min_tls_version():
+ def setup_tls(context, server, skip_errors):
+ skip_errors.append("WRONG_VERSION_NUMBER")
+ context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_1)
+ context.load_cert_chain(tests.SERVER_CHAIN)
+ return context.wrap_socket(server, server_side=True)
+
+ http = httplib2.Http(ca_certs=tests.CA_CERTS, tls_minimum_version="TLSv1_2")
+ with tests.server_const_http(tls=setup_tls) as uri:
+ try:
+ http.request(uri)
+ assert False, "expected SSLError"
+ except ssl.SSLError as e:
+ assert e.reason in ("UNSUPPORTED_PROTOCOL", "VERSION_TOO_LOW")
+
+
+@pytest.mark.skipif(
+ not hasattr(tests.ssl_context(), "maximum_version"),
+ reason="ssl doesn't support TLS min/max",
+)
+def test_max_tls_version():
+ http = httplib2.Http(ca_certs=tests.CA_CERTS, tls_maximum_version="TLSv1")
+ with tests.server_const_http(tls=True) as uri:
+ http.request(uri)
+ _, tls_ver, _ = http.connections.popitem()[1].sock.cipher()
+ assert tls_ver == "TLSv1.0"
+
+
+def test_client_cert_verified():
+ cert_log = []
+
+ def setup_tls(context, server, skip_errors):
+ context.load_verify_locations(cafile=tests.CA_CERTS)
+ context.verify_mode = ssl.CERT_REQUIRED
+ return context.wrap_socket(server, server_side=True)
+
+ def handler(request):
+ cert_log.append(request.client_sock.getpeercert())
+ return tests.http_response_bytes()
+
+ http = httplib2.Http(ca_certs=tests.CA_CERTS)
+ with tests.server_request(handler, tls=setup_tls) as uri:
+ uri_parsed = urllib.parse.urlparse(uri)
+ http.add_certificate(tests.CLIENT_PEM, tests.CLIENT_PEM, uri_parsed.netloc)
+ http.request(uri)
+
+ assert len(cert_log) == 1
+ # TODO extract serial from tests.CLIENT_PEM
+ assert cert_log[0]["serialNumber"] == "E2AA6A96D1BF1AEC"
+
+
+def test_client_cert_password_verified():
+ cert_log = []
+
+ def setup_tls(context, server, skip_errors):
+ context.load_verify_locations(cafile=tests.CA_CERTS)
+ context.verify_mode = ssl.CERT_REQUIRED
+ return context.wrap_socket(server, server_side=True)
+
+ def handler(request):
+ cert_log.append(request.client_sock.getpeercert())
+ return tests.http_response_bytes()
+
+ http = httplib2.Http(ca_certs=tests.CA_CERTS)
+ with tests.server_request(handler, tls=setup_tls) as uri:
+ uri_parsed = urllib.parse.urlparse(uri)
+ http.add_certificate(tests.CLIENT_ENCRYPTED_PEM, tests.CLIENT_ENCRYPTED_PEM,
+ uri_parsed.netloc, password="12345")
+ http.request(uri)
+
+ assert len(cert_log) == 1
+ # TODO extract serial from tests.CLIENT_PEM
+ assert cert_log[0]["serialNumber"] == "E2AA6A96D1BF1AED"
+
+
+@pytest.mark.skipif(
+ not hasattr(tests.ssl_context(), "set_servername_callback"),
+ reason="SSLContext.set_servername_callback is not available",
+)
+def test_sni_set_servername_callback():
+ sni_log = []
+
+ def setup_tls(context, server, skip_errors):
+ context.set_servername_callback(lambda _sock, hostname, _context: sni_log.append(hostname))
+ return context.wrap_socket(server, server_side=True)
+
+ http = httplib2.Http(ca_certs=tests.CA_CERTS)
+ with tests.server_const_http(tls=setup_tls) as uri:
+ uri_parsed = urllib.parse.urlparse(uri)
+ http.request(uri)
+ assert sni_log == [uri_parsed.hostname]
diff --git a/tests/test_other.py b/tests/test_other.py
new file mode 100644
index 0000000000000000000000000000000000000000..0f450ab57de500b4fb78285492319135759c5348
--- /dev/null
+++ b/tests/test_other.py
@@ -0,0 +1,255 @@
+import httplib2
+import mock
+import os
+import pickle
+import pytest
+import socket
+import sys
+import tests
+import time
+from six.moves import urllib
+
+
+@pytest.mark.skipif(
+ sys.version_info <= (3,),
+ reason=(
+ "TODO: httplib2._convert_byte_str was defined only in python3 code " "version"
+ ),
+)
+def test_convert_byte_str():
+ with tests.assert_raises(TypeError):
+ httplib2._convert_byte_str(4)
+ assert httplib2._convert_byte_str(b"Hello") == "Hello"
+ assert httplib2._convert_byte_str("World") == "World"
+
+
+def test_reflect():
+ http = httplib2.Http()
+ with tests.server_reflect() as uri:
+ response, content = http.request(uri + "?query", "METHOD")
+ assert response.status == 200
+ host = urllib.parse.urlparse(uri).netloc
+ assert content.startswith(
+ """\
+METHOD /?query HTTP/1.1\r\n\
+Host: {host}\r\n""".format(
+ host=host
+ ).encode()
+ ), content
+
+
+def test_pickle_http():
+ http = httplib2.Http(cache=tests.get_cache_path())
+ new_http = pickle.loads(pickle.dumps(http))
+
+ assert tuple(sorted(new_http.__dict__)) == tuple(sorted(http.__dict__))
+ assert new_http.credentials.credentials == http.credentials.credentials
+ assert new_http.certificates.credentials == http.certificates.credentials
+ assert new_http.cache.cache == http.cache.cache
+ for key in new_http.__dict__:
+ if key not in ("cache", "certificates", "credentials"):
+ assert getattr(new_http, key) == getattr(http, key)
+
+
+def test_pickle_http_with_connection():
+ http = httplib2.Http()
+ http.request("http://random-domain:81/", connection_type=tests.MockHTTPConnection)
+ new_http = pickle.loads(pickle.dumps(http))
+ assert tuple(http.connections) == ("http:random-domain:81",)
+ assert new_http.connections == {}
+
+
+def test_pickle_custom_request_http():
+ http = httplib2.Http()
+ http.request = lambda: None
+ http.request.dummy_attr = "dummy_value"
+ new_http = pickle.loads(pickle.dumps(http))
+ assert getattr(new_http.request, "dummy_attr", None) is None
+
+
+@pytest.mark.xfail(
+ sys.version_info >= (3,),
+ reason=(
+ "FIXME: for unknown reason global timeout test fails in Python3 "
+ "with response 200"
+ ),
+)
+def test_timeout_global():
+ def handler(request):
+ time.sleep(0.5)
+ return tests.http_response_bytes()
+
+ try:
+ socket.setdefaulttimeout(0.1)
+ except Exception:
+ pytest.skip("cannot set global socket timeout")
+ try:
+ http = httplib2.Http()
+ http.force_exception_to_status_code = True
+ with tests.server_request(handler) as uri:
+ response, content = http.request(uri)
+ assert response.status == 408
+ assert response.reason.startswith("Request Timeout")
+ finally:
+ socket.setdefaulttimeout(None)
+
+
+def test_timeout_individual():
+ def handler(request):
+ time.sleep(0.5)
+ return tests.http_response_bytes()
+
+ http = httplib2.Http(timeout=0.1)
+ http.force_exception_to_status_code = True
+
+ with tests.server_request(handler) as uri:
+ response, content = http.request(uri)
+ assert response.status == 408
+ assert response.reason.startswith("Request Timeout")
+
+
+def test_timeout_subsequent():
+ class Handler(object):
+ number = 0
+
+ @classmethod
+ def handle(cls, request):
+ # request.number is always 1 because of
+ # the new socket connection each time
+ cls.number += 1
+ if cls.number % 2 != 0:
+ time.sleep(0.6)
+ return tests.http_response_bytes(status=500)
+ return tests.http_response_bytes(status=200)
+
+ http = httplib2.Http(timeout=0.5)
+ http.force_exception_to_status_code = True
+
+ with tests.server_request(Handler.handle, request_count=2) as uri:
+ response, _ = http.request(uri)
+ assert response.status == 408
+ assert response.reason.startswith("Request Timeout")
+
+ response, _ = http.request(uri)
+ assert response.status == 200
+
+
+def test_timeout_https():
+ c = httplib2.HTTPSConnectionWithTimeout("localhost", 80, timeout=47)
+ assert 47 == c.timeout
+
+
+# @pytest.mark.xfail(
+# sys.version_info >= (3,),
+# reason='[py3] last request should open new connection, but client does not realize socket was closed by server',
+# )
+def test_connection_close():
+ http = httplib2.Http()
+ g = []
+
+ def handler(request):
+ g.append(request.number)
+ return tests.http_response_bytes(proto="HTTP/1.1")
+
+ with tests.server_request(handler, request_count=3) as uri:
+ http.request(uri, "GET") # conn1 req1
+ for c in http.connections.values():
+ assert c.sock is not None
+ http.request(uri, "GET", headers={"connection": "close"})
+ time.sleep(0.7)
+ http.request(uri, "GET") # conn2 req1
+ assert g == [1, 2, 1]
+
+
+def test_get_end2end_headers():
+ # one end to end header
+ response = {"content-type": "application/atom+xml", "te": "deflate"}
+ end2end = httplib2._get_end2end_headers(response)
+ assert "content-type" in end2end
+ assert "te" not in end2end
+ assert "connection" not in end2end
+
+ # one end to end header that gets eliminated
+ response = {
+ "connection": "content-type",
+ "content-type": "application/atom+xml",
+ "te": "deflate",
+ }
+ end2end = httplib2._get_end2end_headers(response)
+ assert "content-type" not in end2end
+ assert "te" not in end2end
+ assert "connection" not in end2end
+
+ # Degenerate case of no headers
+ response = {}
+ end2end = httplib2._get_end2end_headers(response)
+ assert len(end2end) == 0
+
+ # Degenerate case of connection referrring to a header not passed in
+ response = {"connection": "content-type"}
+ end2end = httplib2._get_end2end_headers(response)
+ assert len(end2end) == 0
+
+
+@pytest.mark.xfail(
+ os.environ.get("TRAVIS_PYTHON_VERSION") in ("2.7", "pypy"),
+ reason="FIXME: fail on Travis py27 and pypy, works elsewhere",
+)
+@pytest.mark.parametrize("scheme", ("http", "https"))
+def test_ipv6(scheme):
+ # Even if IPv6 isn't installed on a machine it should just raise socket.error
+ uri = "{scheme}://[::1]:1/".format(scheme=scheme)
+ try:
+ httplib2.Http(timeout=0.1).request(uri)
+ except socket.gaierror:
+ assert False, "should get the address family right for IPv6"
+ except socket.error:
+ pass
+
+
+@pytest.mark.parametrize(
+ "conn_type",
+ (httplib2.HTTPConnectionWithTimeout, httplib2.HTTPSConnectionWithTimeout),
+)
+def test_connection_proxy_info_attribute_error(conn_type):
+ # HTTPConnectionWithTimeout did not initialize its .proxy_info attribute
+ # https://github.com/httplib2/httplib2/pull/97
+ # Thanks to Joseph Ryan https://github.com/germanjoey
+ conn = conn_type("no-such-hostname.", 80)
+ # TODO: replace mock with dummy local server
+ with tests.assert_raises(socket.gaierror):
+ with mock.patch("socket.socket.connect", side_effect=socket.gaierror):
+ conn.request("GET", "/")
+
+
+def test_http_443_forced_https():
+ http = httplib2.Http()
+ http.force_exception_to_status_code = True
+ uri = "http://localhost:443/"
+ # sorry, using internal structure of Http to check chosen scheme
+ with mock.patch("httplib2.Http._request") as m:
+ http.request(uri)
+ assert len(m.call_args) > 0, "expected Http._request() call"
+ conn = m.call_args[0][0]
+ assert isinstance(conn, httplib2.HTTPConnectionWithTimeout)
+
+
+def test_close():
+ http = httplib2.Http()
+ assert len(http.connections) == 0
+ with tests.server_const_http() as uri:
+ http.request(uri)
+ assert len(http.connections) == 1
+ http.close()
+ assert len(http.connections) == 0
+
+
+def test_connect_exception_type():
+ # This autoformatting PR actually changed the behavior of error handling:
+ # https://github.com/httplib2/httplib2/pull/105/files#diff-c6669c781a2dee1b2d2671cab4e21c66L985
+ # potentially changing the type of the error raised by connect()
+ # https://github.com/httplib2/httplib2/pull/150
+ http = httplib2.Http()
+ with mock.patch("httplib2.socket.socket.connect", side_effect=socket.timeout("foo")):
+ with tests.assert_raises(socket.timeout):
+ http.request(tests.DUMMY_URL)
diff --git a/tests/test_proxy.py b/tests/test_proxy.py
new file mode 100644
index 0000000000000000000000000000000000000000..edafe01c8b8a9b3d8af17c9ba217bcc30c622c0a
--- /dev/null
+++ b/tests/test_proxy.py
@@ -0,0 +1,207 @@
+"""Proxy tests.
+
+Tests do modify `os.environ` global states. Each test must be run in separate
+process. Must use `pytest --forked` or similar technique.
+"""
+
+from __future__ import absolute_import
+from __future__ import division
+from __future__ import print_function
+
+import httplib2
+import mock
+import os
+import pytest
+import socket
+import tests
+from six.moves import urllib
+
+
+def _raise_name_not_known_error(*args, **kwargs):
+ raise socket.gaierror(socket.EAI_NONAME, "Name or service not known")
+
+
+def test_from_url():
+ pi = httplib2.proxy_info_from_url("http://myproxy.example.com")
+ assert pi.proxy_host == "myproxy.example.com"
+ assert pi.proxy_port == 80
+ assert pi.proxy_user is None
+
+
+def test_from_url_ident():
+ pi = httplib2.proxy_info_from_url("http://zoidberg:fish@someproxy:99")
+ assert pi.proxy_host == "someproxy"
+ assert pi.proxy_port == 99
+ assert pi.proxy_user == "zoidberg"
+ assert pi.proxy_pass == "fish"
+
+
+def test_from_env(monkeypatch):
+ assert os.environ.get("http_proxy") is None
+ monkeypatch.setenv("http_proxy", "http://myproxy.example.com:8080")
+ pi = httplib2.proxy_info_from_environment()
+ assert pi.proxy_host == "myproxy.example.com"
+ assert pi.proxy_port == 8080
+
+
+def test_from_env_https(monkeypatch):
+ assert os.environ.get("http_proxy") is None
+ monkeypatch.setenv("http_proxy", "http://myproxy.example.com:80")
+ monkeypatch.setenv("https_proxy", "http://myproxy.example.com:81")
+ pi = httplib2.proxy_info_from_environment("https")
+ assert pi.proxy_host == "myproxy.example.com"
+ assert pi.proxy_port == 81
+
+
+def test_from_env_none():
+ os.environ.clear()
+ pi = httplib2.proxy_info_from_environment()
+ assert pi is None
+
+
+def test_applies_to(monkeypatch):
+ monkeypatch.setenv("http_proxy", "http://myproxy.example.com:80")
+ monkeypatch.setenv("https_proxy", "http://myproxy.example.com:81")
+ monkeypatch.setenv("no_proxy", "localhost,example.com,.wildcard")
+ pi = httplib2.proxy_info_from_environment()
+ assert not pi.applies_to("localhost")
+ assert pi.applies_to("www.google.com")
+ assert pi.applies_to("prefixlocalhost")
+ assert pi.applies_to("www.example.com")
+ assert pi.applies_to("sub.example.com")
+ assert not pi.applies_to("sub.wildcard")
+ assert not pi.applies_to("pub.sub.wildcard")
+
+
+def test_noproxy_trailing_comma(monkeypatch):
+ monkeypatch.setenv("http_proxy", "http://myproxy.example.com:80")
+ monkeypatch.setenv("no_proxy", "localhost,other.host,")
+ pi = httplib2.proxy_info_from_environment()
+ assert not pi.applies_to("localhost")
+ assert not pi.applies_to("other.host")
+ assert pi.applies_to("example.domain")
+
+
+def test_noproxy_star(monkeypatch):
+ monkeypatch.setenv("http_proxy", "http://myproxy.example.com:80")
+ monkeypatch.setenv("NO_PROXY", "*")
+ pi = httplib2.proxy_info_from_environment()
+ for host in ("localhost", "169.254.38.192", "www.google.com"):
+ assert not pi.applies_to(host)
+
+
+def test_headers():
+ headers = {"key0": "val0", "key1": "val1"}
+ pi = httplib2.ProxyInfo(
+ httplib2.socks.PROXY_TYPE_HTTP, "localhost", 1234, proxy_headers=headers
+ )
+ assert pi.proxy_headers == headers
+
+
+@pytest.mark.skipif(
+ os.environ.get("TRAVIS_PYTHON_VERSION") in ("2.7", "pypy"),
+ reason="Fails on Travis py27/pypy, works elsewhere. "
+ "See https://travis-ci.org/httplib2/httplib2/jobs/408769880.",
+)
+@mock.patch("socket.socket.connect", spec=True)
+def test_server_not_found_error_is_raised_for_invalid_hostname(mock_socket_connect):
+ """Invalidates https://github.com/httplib2/httplib2/pull/100."""
+ mock_socket_connect.side_effect = _raise_name_not_known_error
+ http = httplib2.Http(
+ proxy_info=httplib2.ProxyInfo(
+ httplib2.socks.PROXY_TYPE_HTTP, "255.255.255.255", 8001
+ )
+ )
+ with tests.assert_raises(httplib2.ServerNotFoundError):
+ http.request("http://invalid.hostname.foo.bar/", "GET")
+
+
+def test_auth_str_bytes():
+ # https://github.com/httplib2/httplib2/pull/115
+ # Proxy-Authorization b64encode() TypeError: a bytes-like object is required, not 'str'
+ with tests.server_const_http(request_count=2) as uri:
+ uri_parsed = urllib.parse.urlparse(uri)
+ http = httplib2.Http(
+ proxy_info=httplib2.ProxyInfo(
+ httplib2.socks.PROXY_TYPE_HTTP,
+ proxy_host=uri_parsed.hostname,
+ proxy_port=uri_parsed.port,
+ proxy_rdns=True,
+ proxy_user=u"user_str",
+ proxy_pass=u"pass_str",
+ )
+ )
+ response, _ = http.request(uri, "GET")
+ assert response.status == 200
+
+ with tests.server_const_http(request_count=2) as uri:
+ uri_parsed = urllib.parse.urlparse(uri)
+ http = httplib2.Http(
+ proxy_info=httplib2.ProxyInfo(
+ httplib2.socks.PROXY_TYPE_HTTP,
+ proxy_host=uri_parsed.hostname,
+ proxy_port=uri_parsed.port,
+ proxy_rdns=True,
+ proxy_user=b"user_bytes",
+ proxy_pass=b"pass_bytes",
+ )
+ )
+ response, _ = http.request(uri, "GET")
+ assert response.status == 200
+
+
+def test_socks5_auth():
+ def proxy_conn(client, tick):
+ data = client.recv(64)
+ assert data == b"\x05\x02\x00\x02"
+ client.send(b"\x05\x02") # select username/password auth
+ data = client.recv(64)
+ assert data == b"\x01\x08user_str\x08pass_str"
+ client.send(b"\x01\x01") # deny
+ tick(None)
+
+ with tests.server_socket(proxy_conn) as uri:
+ uri_parsed = urllib.parse.urlparse(uri)
+ proxy_info = httplib2.ProxyInfo(
+ httplib2.socks.PROXY_TYPE_SOCKS5,
+ proxy_host=uri_parsed.hostname,
+ proxy_port=uri_parsed.port,
+ proxy_rdns=True,
+ proxy_user=u"user_str",
+ proxy_pass=u"pass_str",
+ )
+ http = httplib2.Http(proxy_info=proxy_info)
+ with tests.assert_raises(httplib2.socks.Socks5AuthError):
+ http.request(uri, "GET")
+
+
+def test_functional_noproxy_star_http(monkeypatch):
+ def handler(request):
+ if request.method == "CONNECT":
+ return tests.http_response_bytes(
+ status="400 Expected direct", headers={"connection": "close"},
+ )
+ return tests.http_response_bytes()
+
+ with tests.server_request(handler) as uri:
+ monkeypatch.setenv("http_proxy", uri)
+ monkeypatch.setenv("no_proxy", "*")
+ http = httplib2.Http()
+ response, _ = http.request(uri, "GET")
+ assert response.status == 200
+
+
+def test_functional_noproxy_star_https(monkeypatch):
+ def handler(request):
+ if request.method == "CONNECT":
+ return tests.http_response_bytes(
+ status="400 Expected direct", headers={"connection": "close"},
+ )
+ return tests.http_response_bytes()
+
+ with tests.server_request(handler, tls=True) as uri:
+ monkeypatch.setenv("https_proxy", uri)
+ monkeypatch.setenv("no_proxy", "*")
+ http = httplib2.Http(ca_certs=tests.CA_CERTS)
+ response, _ = http.request(uri, "GET")
+ assert response.status == 200
diff --git a/tests/test_uri.py b/tests/test_uri.py
new file mode 100644
index 0000000000000000000000000000000000000000..9eb42cf1f540269370846f85603630b70a808d1a
--- /dev/null
+++ b/tests/test_uri.py
@@ -0,0 +1,115 @@
+import httplib2
+import pytest
+
+
+def test_from_std66():
+ cases = (
+ ("http://example.com", ("http", "example.com", "", None, None)),
+ ("https://example.com", ("https", "example.com", "", None, None)),
+ ("https://example.com:8080", ("https", "example.com:8080", "", None, None)),
+ ("http://example.com/", ("http", "example.com", "/", None, None)),
+ ("http://example.com/path", ("http", "example.com", "/path", None, None)),
+ (
+ "http://example.com/path?a=1&b=2",
+ ("http", "example.com", "/path", "a=1&b=2", None),
+ ),
+ (
+ "http://example.com/path?a=1&b=2#fred",
+ ("http", "example.com", "/path", "a=1&b=2", "fred"),
+ ),
+ (
+ "http://example.com/path?a=1&b=2#fred",
+ ("http", "example.com", "/path", "a=1&b=2", "fred"),
+ ),
+ )
+ for a, b in cases:
+ assert httplib2.parse_uri(a) == b
+
+
+def test_norm():
+ cases = (
+ ("http://example.org", "http://example.org/"),
+ ("http://EXAMple.org", "http://example.org/"),
+ ("http://EXAMple.org?=b", "http://example.org/?=b"),
+ ("http://EXAMple.org/mypath?a=b", "http://example.org/mypath?a=b"),
+ ("http://localhost:80", "http://localhost:80/"),
+ )
+ for a, b in cases:
+ assert httplib2.urlnorm(a)[-1] == b
+
+ assert httplib2.urlnorm("http://localhost:80/") == httplib2.urlnorm(
+ "HTTP://LOCALHOST:80"
+ )
+
+ try:
+ httplib2.urlnorm("/")
+ assert False, "Non-absolute URIs should raise an exception"
+ except httplib2.RelativeURIError:
+ pass
+
+
+@pytest.mark.parametrize(
+ "data",
+ (
+ ("", ",d41d8cd98f00b204e9800998ecf8427e"),
+ (
+ "http://example.org/fred/?a=b",
+ "example.orgfreda=b,58489f63a7a83c3b7794a6a398ee8b1f",
+ ),
+ (
+ "http://example.org/fred?/a=b",
+ "example.orgfreda=b,8c5946d56fec453071f43329ff0be46b",
+ ),
+ (
+ "http://www.example.org/fred?/a=b",
+ "www.example.orgfreda=b,499c44b8d844a011b67ea2c015116968",
+ ),
+ (
+ "https://www.example.org/fred?/a=b",
+ "www.example.orgfreda=b,692e843a333484ce0095b070497ab45d",
+ ),
+ (
+ httplib2.urlnorm("http://WWW")[-1],
+ httplib2.safename(httplib2.urlnorm("http://www")[-1]),
+ ),
+ (
+ u"http://\u2304.org/fred/?a=b",
+ ".orgfreda=b,ecaf0f97756c0716de76f593bd60a35e",
+ ),
+ (
+ "normal-resource-name.js",
+ "normal-resource-name.js,8ff7c46fd6e61bf4e91a0a1606954a54",
+ ),
+ (
+ "foo://dom/path/brath/carapath",
+ "dompathbrathcarapath,83db942781ed975c7a5b7c24039f8ca3",
+ ),
+ ("with/slash", "withslash,17cc656656bb8ce2411bd41ead56d176"),
+ (
+ "thisistoomuch" * 42,
+ ("thisistoomuch" * 6) + "thisistoomuc,c4553439dd179422c6acf6a8ac093eb6",
+ ),
+ (u"\u043f\u0440", ",9f18c0db74a9734e9d18461e16345083"),
+ (u"\u043f\u0440".encode("utf-8"), ",9f18c0db74a9734e9d18461e16345083"),
+ (
+ b"column\tvalues/unstr.zip",
+ "columnvaluesunstr.zip,b9740dcd0553e11b526450ceb8f76683",
+ ),
+ ),
+ ids=str,
+)
+def test_safename(data):
+ result = httplib2.safename(data[0])
+ assert result == data[1]
+
+
+def test_safename2():
+ assert httplib2.safename("http://www") != httplib2.safename("https://www")
+
+ # Test the max length limits
+ uri = "http://" + ("w" * 200) + ".org"
+ uri2 = "http://" + ("w" * 201) + ".org"
+ assert httplib2.safename(uri) != httplib2.safename(uri2)
+ # Max length should be 90 + 1 (',') + 32 = 123
+ assert len(httplib2.safename(uri2)) == 123
+ assert len(httplib2.safename(uri)) == 123
diff --git a/tests/tls/ca.key b/tests/tls/ca.key
new file mode 100644
index 0000000000000000000000000000000000000000..cc1bb1ae59b7e7eb55f54ec5f860d14ef2c90c83
--- /dev/null
+++ b/tests/tls/ca.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAxBKerwr0M3230xWKMvxB20+AR9SojbQIN2/8EI9pbSrjmlTH
+PFXWf02q2Ll0GPbcnSKOMnAARptVCkxEfkDGPN03Ux0jjGu2MrwZHURXM2gHsQn3
+3Gj3HCreFLMxIqMFfGeB9T0VxurgUek/+bR85QBVNE9GrQfrAN8O+ScOpCOENh5r
+lYc/QscH/S0QJvttbGAZFP1bB/Xjltwd6fF3rZgCfTJ88B2UIcEVt+X/kc/0QByP
+PACAnCaE4cB2q+SJVEMYP6BLDVvCPRO53UC8cqsLfpKUz73two/No4PhMHwCPspC
++wKlAD3+GWmsatz0rRysm7V0GghCGe+T5JHsGwIDAQABAoIBAE+7KqAPmkIeC1Rg
+2/PjtHwUFhwfk/MblIPGm/+38a0c1bT6aJJWbYUS9jhvIZDNQeT8GkrUVKhhnfE0
+Fl4oxPQXGNpJbR0657o11xiZo8QZt5b8cLhGTsY7gFd2jrKBDEgMZ0JsdqCO/m0Q
+pp1KEcelnQBKhHj0UVHnYtVaVo/T0ciS06l0urxpXBW2Bcg5lP/KzBD9md9UJrPU
+9oPM2snMlBTGKH79eTZu4eyKWOMIK+0vSLBnJkAZtNjvitftEs+a0AvVSF+uXbow
+sz7WUpm+BR2wTKikfNMa5nNaLUCdE3sB/1fHQeT7reLEfIVrIfHCyNHi2X0xwWBP
+n9U/Q1ECgYEA/qT9JhIZsy1HjHNliFhfW1lBMLRZdiQwyQeoV0N1aMy68rV3kDqr
+z8qIaHRt2zCgbKgEhB2WRuIL57mXK3WRhk3KP5LEG0wKr7n58iiTtipH/I/04rTG
+RAcYUIR8gDpvd0P1YUJ4dSMqPLDP13+ikA8C3EfL78nxMeCdhyuBA0cCgYEAxR3Q
+Smjkcs8pckl04qOZnnGRpKg/Hmu2wIg2WNisI97t35B0dkZhTOGfsCuMOWJixzEp
+35ZgUzWUd3ACrgZQcxUYlBAdo849QE7lx1Nys8kouPEjbVsRH8Fs1JJkEiVYhoWV
+8JfVzv6Mb95ZBGlvYsiq6p9hT0mLykDNt0xG8o0CgYBOHj1O1ZSuxABEFQ6b0kiG
+lI4MK/eZ56ZTtZauFpLJMK1VUdg5Fdapaz+Hk9gzuuosCys/gHgejLAMSYIXofyf
+z/Nwp0yj9yL8H7iO0mXmJ3hoAZ2lgsGkEu0hnlM3XzXcx6taR/L+NGh7r95DBPPQ
+79n3y8rDaBcnLvoEgpMUdwKBgQCBN6Qdw1lO8gMHiqP3FqxTs7t4J1sJRC9PU3vd
+Dlz6Pt/NGNNf3Y9XaOjYAhQwYhDC57W9fsSyh4NGMMVw8261onS0S0RC56Y7i/0R
+h+C/fvUVF+7Td0loedIwH68+PgEkXloGmGJvCWtiwm20eLGuHkH9AHI4Gcxrz8OL
+j5NK2QKBgCYKtCqB1rXp4k4KcHYQBSmbIN9aEzd4OqjYtzvrYv8wE8ooRim8dd55
+xRRh1r6Nx7+/KoXg7FgaLbDex4dGeCExjvXLmtJNOj0QwJwID84ZhmzjvL26sY8F
+rrt4XPaZv8/5T5kiXE2Mtp3LyIPlq0tRXepdyltrTFPfX3HR+ph2
+-----END RSA PRIVATE KEY-----
diff --git a/tests/tls/ca.pem b/tests/tls/ca.pem
new file mode 100644
index 0000000000000000000000000000000000000000..1c05e64f5e7fe47a501e7ec156eaafc64beeaa5c
--- /dev/null
+++ b/tests/tls/ca.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRDCCAiwCCQC5E5PSm8flUjANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJa
+WjEKMAgGA1UECAwBLjEKMAgGA1UEBwwBLjEWMBQGA1UECgwNaHR0cGxpYjItdGVz
+dDEKMAgGA1UECwwBLjEZMBcGA1UEAwwQaHR0cGxpYjItdGVzdC1DQTAeFw0xOTA5
+MjYxNTAzMzRaFw0yOTA5MjMxNTAzMzRaMGQxCzAJBgNVBAYTAlpaMQowCAYDVQQI
+DAEuMQowCAYDVQQHDAEuMRYwFAYDVQQKDA1odHRwbGliMi10ZXN0MQowCAYDVQQL
+DAEuMRkwFwYDVQQDDBBodHRwbGliMi10ZXN0LUNBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAxBKerwr0M3230xWKMvxB20+AR9SojbQIN2/8EI9pbSrj
+mlTHPFXWf02q2Ll0GPbcnSKOMnAARptVCkxEfkDGPN03Ux0jjGu2MrwZHURXM2gH
+sQn33Gj3HCreFLMxIqMFfGeB9T0VxurgUek/+bR85QBVNE9GrQfrAN8O+ScOpCOE
+Nh5rlYc/QscH/S0QJvttbGAZFP1bB/Xjltwd6fF3rZgCfTJ88B2UIcEVt+X/kc/0
+QByPPACAnCaE4cB2q+SJVEMYP6BLDVvCPRO53UC8cqsLfpKUz73two/No4PhMHwC
+PspC+wKlAD3+GWmsatz0rRysm7V0GghCGe+T5JHsGwIDAQABMA0GCSqGSIb3DQEB
+CwUAA4IBAQB4b+DWt0An4YoXj7lb/+N7FVr2m5UVyBI+bbEGI/qsql/Ixiaef69M
+jej7n5ucUx8GBql62W0c3/E3qZFfo49ngH1WC5gkKQH9V4jGZui5CUfmNE6WepQ/
+vL6eKXUp7RoJ/hWVhGm1uV3OShF+EN0t2wZttYg4lip0FjrY8tRWdjw5yu61wWVu
+WuHxTzKiHe9emjhhUBgnWRnNeYPTRs0xM2Awv5KYPq2cmrjGbSz3mYDkBpbiJUp4
+pM9g8qLmsDO2yrlVF659D08+5zkmMbyqnn84X0n3SM3Yn0ayZOmbNHiXoAzklZNP
+7xiyxMEAfVQOITsvSDG2PzbZlGGtbaka
+-----END CERTIFICATE-----
diff --git a/tests/tls/ca.srl b/tests/tls/ca.srl
new file mode 100644
index 0000000000000000000000000000000000000000..ad8d4163aad1cf3b87e2f65bec3ef71d6c0d7de5
--- /dev/null
+++ b/tests/tls/ca.srl
@@ -0,0 +1 @@
+E2AA6A96D1BF1AEE
diff --git a/tests/tls/ca_unused.pem b/tests/tls/ca_unused.pem
new file mode 100644
index 0000000000000000000000000000000000000000..4c4291aa0567d8ce457bb628bf328bc0c9f3e61e
--- /dev/null
+++ b/tests/tls/ca_unused.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUjCCAjoCCQC47jeQyttLgzANBgkqhkiG9w0BAQsFADBrMQswCQYDVQQGEwJa
+WjEKMAgGA1UECAwBLjEKMAgGA1UEBwwBLjEWMBQGA1UECgwNaHR0cGxpYjItdGVz
+dDEKMAgGA1UECwwBLjEgMB4GA1UEAwwXaHR0cGxpYjItdGVzdC1DQS11bnVzZWQw
+HhcNMTkwOTI2MTUwMzM0WhcNMjkwOTIzMTUwMzM0WjBrMQswCQYDVQQGEwJaWjEK
+MAgGA1UECAwBLjEKMAgGA1UEBwwBLjEWMBQGA1UECgwNaHR0cGxpYjItdGVzdDEK
+MAgGA1UECwwBLjEgMB4GA1UEAwwXaHR0cGxpYjItdGVzdC1DQS11bnVzZWQwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEEp6vCvQzfbfTFYoy/EHbT4BH
+1KiNtAg3b/wQj2ltKuOaVMc8VdZ/TarYuXQY9tydIo4ycABGm1UKTER+QMY83TdT
+HSOMa7YyvBkdRFczaAexCffcaPccKt4UszEiowV8Z4H1PRXG6uBR6T/5tHzlAFU0
+T0atB+sA3w75Jw6kI4Q2HmuVhz9Cxwf9LRAm+21sYBkU/VsH9eOW3B3p8XetmAJ9
+MnzwHZQhwRW35f+Rz/RAHI88AICcJoThwHar5IlUQxg/oEsNW8I9E7ndQLxyqwt+
+kpTPve3Cj82jg+EwfAI+ykL7AqUAPf4Zaaxq3PStHKybtXQaCEIZ75PkkewbAgMB
+AAEwDQYJKoZIhvcNAQELBQADggEBAFbeSPQgXJxfHc1m8wJ4eSW470gXjHZD82uH
+sZTj6v+UZlYzVUgDt+KEdZpoIP8C0prhez+scB6YcwiwP5iHfH3AB51jVoQvKAFt
+4TNKt9LvOuOzGKk9LmO41xYO6KjAOWuoERdYtBR0h0CyOm756iHwO0bQEELiePfU
+hB7o9SlVg0aMcWtbrGBLGBy6HE0p3Oiq/ny0G8r/gshnHvLku6JOxg0XJGDi3LuG
+ezBF0HFwK56NaB2syDtQRCT7I5yqLBK2AlwhcbZat07vLFPeDyw4Omh6COJ/tQsU
+qIcVJ6kS7VJejjWQD8z5CybYDnmBJJqXW4ixUs8wu0l3miaBdiM=
+-----END CERTIFICATE-----
diff --git a/tests/tls/client.crt b/tests/tls/client.crt
new file mode 100644
index 0000000000000000000000000000000000000000..9430e274b5f52e1e09a19c4e38e0697582b95fd3
--- /dev/null
+++ b/tests/tls/client.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSDCCAjACCQDiqmqW0b8a7DANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJa
+WjEKMAgGA1UECAwBLjEKMAgGA1UEBwwBLjEWMBQGA1UECgwNaHR0cGxpYjItdGVz
+dDEKMAgGA1UECwwBLjEZMBcGA1UEAwwQaHR0cGxpYjItdGVzdC1DQTAeFw0xOTA5
+MjYxNTAzMzRaFw0yOTA5MjMxNTAzMzRaMGgxCzAJBgNVBAYTAlpaMQowCAYDVQQI
+DAEuMQowCAYDVQQHDAEuMRYwFAYDVQQKDA1odHRwbGliMi10ZXN0MQowCAYDVQQL
+DAEuMR0wGwYDVQQDDBRodHRwbGliMi10ZXN0LWNsaWVudDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALtXT//Esar+MDk6Gcj3KDLAyTU7jPqUx4S83LNI
+GumuBmOg7oe16SSM//NUFhCHiHr4IzeqDOD2Dq1aM661Ta2EINHvpG+9BEkCWkFr
+q4eh0pfocsvU64dtd26TCk9Q4Qqaj4t4HSYYv1hz8UFh5RNLVjgtbR7OQ37Oumcg
+jRGnelV/ck6u5BvN/fKK7p/W6hPcO9OjJDAmlVNZVPtP2ki6Lv/Q87x34X+1/Qb1
+LILUOG5mdfCTmf2tYh9bXqZmqoidTY4O7/JiPuT0+1056Ja8bDGYSFXPvvqd1aEW
+nGA22MEzd74w9A4tIieCRHlGGOSf0AGsVTmHKRf5bpQjaCsCAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAi/X3QjpzPap9IhpHqvgFirsEepruz8lCk+Zo6A/+DP/PocII
+/8jWdIV87RDDkkaVGvWOywZyUNN1RAfrt/jGCW8xgCaSGWRab10QIW8DGhbP6FTz
+7xcBnQzcoc1gggZBcwOjkRuefW2zkgGIJo5XxHlBfo3T9nX4086Py/b+VoAmcIlm
+Y/LNHxtIyDDiOgGK9x7+IqEXQuo/p2z5oFubj/hyNJhXaYU2u7nNMXICYY/eY4vX
+GgZ44lGZ2YR7NwzqM5UHNXr7/VJzgxWwAgyZUT8DdnjkZY4wLt1JJas5n3oldBsA
++og2cMk0oOsiFAwHAwE7St4oFY0ivKDhttf7WQ==
+-----END CERTIFICATE-----
diff --git a/tests/tls/client.key b/tests/tls/client.key
new file mode 100644
index 0000000000000000000000000000000000000000..9a442b88b22d4daf5e24dab093a3a44561f8cd11
--- /dev/null
+++ b/tests/tls/client.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAu1dP/8Sxqv4wOToZyPcoMsDJNTuM+pTHhLzcs0ga6a4GY6Du
+h7XpJIz/81QWEIeIevgjN6oM4PYOrVozrrVNrYQg0e+kb70ESQJaQWurh6HSl+hy
+y9Trh213bpMKT1DhCpqPi3gdJhi/WHPxQWHlE0tWOC1tHs5Dfs66ZyCNEad6VX9y
+Tq7kG8398orun9bqE9w706MkMCaVU1lU+0/aSLou/9DzvHfhf7X9BvUsgtQ4bmZ1
+8JOZ/a1iH1tepmaqiJ1Njg7v8mI+5PT7XTnolrxsMZhIVc+++p3VoRacYDbYwTN3
+vjD0Di0iJ4JEeUYY5J/QAaxVOYcpF/lulCNoKwIDAQABAoIBAQCtzBeUYWauCni0
+bnlDXj91rjI7504nneTm+MsKq6cECQU2YjNHxXRQC1rb47NAjGwKIK+TUXf3L254
+VglCWEKC6eQEvvxfCQyzqrIOpRORlYeok+YDwTjr/5rgAxt6b78GtlLbAYiRMj45
+kf5MOMRqvOZ04XetL4+gUarOR3131L38ysReluabsCXkgIH9kZHmgOW2El4lmoHp
+CQpvMkJWyoVZvDbjLi0JoEljHGpfdWNdcllHP4dbNSQtfgG3VXXFgKqWQ8ZiY2U1
+y5SxHaeAjKHBUoGeinox/Myzan3xCysZb+gi5UxcrE7dn5lSB2/AMBymYShI/2qi
+UWq64JeJAoGBAPLtHRIcbRn53IhXGwcdFAn7JUSzKvr+gUfJiyfbw28CDWVRgTce
+JN+FzTuW92Iwm3ppBKmJ5PcZZnqt7VTtWfLvP126YaGctqZHSWiD9oK3EzDJEWIO
+trpMlJkeB+IQlvYMCiC+G+6XFBCdB7X3X1D9Y9z11Kf/arx24bB/ByVlAoGBAMVs
+YZRL9idgwgU4LMOqaPkU99de4wzYF44joZrp3Eme3dC9sdHrDtDy6OpiQu4zP+Ax
+5cws6M6txd5meAh2YwRhJBmGUYIQuhhNKQjhoeovw0tbtXO9rAHPegXPqg8xwzY9
+Ntc/WlfwM0O7ROfOq4r9erWBn0B7xspxRMH+LIZPAoGBALVW326XnbHYXRHBxEFJ
+KZ5Rxf5EqP74YVVPU/uLB5akN4+8ifK1I91fqlajWUQI+Ocl4f8VGsCCS4ekshfF
+nnHEus6ixSK5M3dom5nTeH8XXtH6JmnGhg0IAZ1TV5sfuzEsx5qtj3hJewbz0b+6
+S4LPxG47bGWEOw84xzzTdmgpAoGAGj87heTHeBrEEL+UK/tW826XOLnzw7xi/VG9
+ZYQb9mm5ocvmfTscACmbT7X6ogKMRnk7zPZXiUrPGK9U3AMpTObBTudtpLYml56C
+ixy8Uw9Ajp9Fs3qPCLqVxXoDaPu7sVVYGivhDfnwRtv54Du40MS8cK8oBgGuvzFp
+68SoFL8CgYAY7KvTfTKk4oWWeclmwEoe04woV7J6XuB7OnbxYpKpiGh4juN1E6wo
+n9UhAVzO6cAfK/ZuhTkDtvJSsXtQ1xElZLMIG1Yb7yikRyO73EHRUpHon3Gah+79
+MM6uZReiEdkx/hMthL45jP85hfVM89M7LYj9SBoxY2xpuzN+HmiezQ==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/tls/client.pem b/tests/tls/client.pem
new file mode 100644
index 0000000000000000000000000000000000000000..f12775f86ab4b87240809f4a0ef2ff21b78b5935
--- /dev/null
+++ b/tests/tls/client.pem
@@ -0,0 +1,47 @@
+-----BEGIN CERTIFICATE-----
+MIIDSDCCAjACCQDiqmqW0b8a7DANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJa
+WjEKMAgGA1UECAwBLjEKMAgGA1UEBwwBLjEWMBQGA1UECgwNaHR0cGxpYjItdGVz
+dDEKMAgGA1UECwwBLjEZMBcGA1UEAwwQaHR0cGxpYjItdGVzdC1DQTAeFw0xOTA5
+MjYxNTAzMzRaFw0yOTA5MjMxNTAzMzRaMGgxCzAJBgNVBAYTAlpaMQowCAYDVQQI
+DAEuMQowCAYDVQQHDAEuMRYwFAYDVQQKDA1odHRwbGliMi10ZXN0MQowCAYDVQQL
+DAEuMR0wGwYDVQQDDBRodHRwbGliMi10ZXN0LWNsaWVudDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALtXT//Esar+MDk6Gcj3KDLAyTU7jPqUx4S83LNI
+GumuBmOg7oe16SSM//NUFhCHiHr4IzeqDOD2Dq1aM661Ta2EINHvpG+9BEkCWkFr
+q4eh0pfocsvU64dtd26TCk9Q4Qqaj4t4HSYYv1hz8UFh5RNLVjgtbR7OQ37Oumcg
+jRGnelV/ck6u5BvN/fKK7p/W6hPcO9OjJDAmlVNZVPtP2ki6Lv/Q87x34X+1/Qb1
+LILUOG5mdfCTmf2tYh9bXqZmqoidTY4O7/JiPuT0+1056Ja8bDGYSFXPvvqd1aEW
+nGA22MEzd74w9A4tIieCRHlGGOSf0AGsVTmHKRf5bpQjaCsCAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAi/X3QjpzPap9IhpHqvgFirsEepruz8lCk+Zo6A/+DP/PocII
+/8jWdIV87RDDkkaVGvWOywZyUNN1RAfrt/jGCW8xgCaSGWRab10QIW8DGhbP6FTz
+7xcBnQzcoc1gggZBcwOjkRuefW2zkgGIJo5XxHlBfo3T9nX4086Py/b+VoAmcIlm
+Y/LNHxtIyDDiOgGK9x7+IqEXQuo/p2z5oFubj/hyNJhXaYU2u7nNMXICYY/eY4vX
+GgZ44lGZ2YR7NwzqM5UHNXr7/VJzgxWwAgyZUT8DdnjkZY4wLt1JJas5n3oldBsA
++og2cMk0oOsiFAwHAwE7St4oFY0ivKDhttf7WQ==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAu1dP/8Sxqv4wOToZyPcoMsDJNTuM+pTHhLzcs0ga6a4GY6Du
+h7XpJIz/81QWEIeIevgjN6oM4PYOrVozrrVNrYQg0e+kb70ESQJaQWurh6HSl+hy
+y9Trh213bpMKT1DhCpqPi3gdJhi/WHPxQWHlE0tWOC1tHs5Dfs66ZyCNEad6VX9y
+Tq7kG8398orun9bqE9w706MkMCaVU1lU+0/aSLou/9DzvHfhf7X9BvUsgtQ4bmZ1
+8JOZ/a1iH1tepmaqiJ1Njg7v8mI+5PT7XTnolrxsMZhIVc+++p3VoRacYDbYwTN3
+vjD0Di0iJ4JEeUYY5J/QAaxVOYcpF/lulCNoKwIDAQABAoIBAQCtzBeUYWauCni0
+bnlDXj91rjI7504nneTm+MsKq6cECQU2YjNHxXRQC1rb47NAjGwKIK+TUXf3L254
+VglCWEKC6eQEvvxfCQyzqrIOpRORlYeok+YDwTjr/5rgAxt6b78GtlLbAYiRMj45
+kf5MOMRqvOZ04XetL4+gUarOR3131L38ysReluabsCXkgIH9kZHmgOW2El4lmoHp
+CQpvMkJWyoVZvDbjLi0JoEljHGpfdWNdcllHP4dbNSQtfgG3VXXFgKqWQ8ZiY2U1
+y5SxHaeAjKHBUoGeinox/Myzan3xCysZb+gi5UxcrE7dn5lSB2/AMBymYShI/2qi
+UWq64JeJAoGBAPLtHRIcbRn53IhXGwcdFAn7JUSzKvr+gUfJiyfbw28CDWVRgTce
+JN+FzTuW92Iwm3ppBKmJ5PcZZnqt7VTtWfLvP126YaGctqZHSWiD9oK3EzDJEWIO
+trpMlJkeB+IQlvYMCiC+G+6XFBCdB7X3X1D9Y9z11Kf/arx24bB/ByVlAoGBAMVs
+YZRL9idgwgU4LMOqaPkU99de4wzYF44joZrp3Eme3dC9sdHrDtDy6OpiQu4zP+Ax
+5cws6M6txd5meAh2YwRhJBmGUYIQuhhNKQjhoeovw0tbtXO9rAHPegXPqg8xwzY9
+Ntc/WlfwM0O7ROfOq4r9erWBn0B7xspxRMH+LIZPAoGBALVW326XnbHYXRHBxEFJ
+KZ5Rxf5EqP74YVVPU/uLB5akN4+8ifK1I91fqlajWUQI+Ocl4f8VGsCCS4ekshfF
+nnHEus6ixSK5M3dom5nTeH8XXtH6JmnGhg0IAZ1TV5sfuzEsx5qtj3hJewbz0b+6
+S4LPxG47bGWEOw84xzzTdmgpAoGAGj87heTHeBrEEL+UK/tW826XOLnzw7xi/VG9
+ZYQb9mm5ocvmfTscACmbT7X6ogKMRnk7zPZXiUrPGK9U3AMpTObBTudtpLYml56C
+ixy8Uw9Ajp9Fs3qPCLqVxXoDaPu7sVVYGivhDfnwRtv54Du40MS8cK8oBgGuvzFp
+68SoFL8CgYAY7KvTfTKk4oWWeclmwEoe04woV7J6XuB7OnbxYpKpiGh4juN1E6wo
+n9UhAVzO6cAfK/ZuhTkDtvJSsXtQ1xElZLMIG1Yb7yikRyO73EHRUpHon3Gah+79
+MM6uZReiEdkx/hMthL45jP85hfVM89M7LYj9SBoxY2xpuzN+HmiezQ==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/tls/client_chain.pem b/tests/tls/client_chain.pem
new file mode 100644
index 0000000000000000000000000000000000000000..e2427d7ad7b38cc1ba32799088b49a2f77e56acd
--- /dev/null
+++ b/tests/tls/client_chain.pem
@@ -0,0 +1,67 @@
+-----BEGIN CERTIFICATE-----
+MIIDSDCCAjACCQDiqmqW0b8a7DANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJa
+WjEKMAgGA1UECAwBLjEKMAgGA1UEBwwBLjEWMBQGA1UECgwNaHR0cGxpYjItdGVz
+dDEKMAgGA1UECwwBLjEZMBcGA1UEAwwQaHR0cGxpYjItdGVzdC1DQTAeFw0xOTA5
+MjYxNTAzMzRaFw0yOTA5MjMxNTAzMzRaMGgxCzAJBgNVBAYTAlpaMQowCAYDVQQI
+DAEuMQowCAYDVQQHDAEuMRYwFAYDVQQKDA1odHRwbGliMi10ZXN0MQowCAYDVQQL
+DAEuMR0wGwYDVQQDDBRodHRwbGliMi10ZXN0LWNsaWVudDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALtXT//Esar+MDk6Gcj3KDLAyTU7jPqUx4S83LNI
+GumuBmOg7oe16SSM//NUFhCHiHr4IzeqDOD2Dq1aM661Ta2EINHvpG+9BEkCWkFr
+q4eh0pfocsvU64dtd26TCk9Q4Qqaj4t4HSYYv1hz8UFh5RNLVjgtbR7OQ37Oumcg
+jRGnelV/ck6u5BvN/fKK7p/W6hPcO9OjJDAmlVNZVPtP2ki6Lv/Q87x34X+1/Qb1
+LILUOG5mdfCTmf2tYh9bXqZmqoidTY4O7/JiPuT0+1056Ja8bDGYSFXPvvqd1aEW
+nGA22MEzd74w9A4tIieCRHlGGOSf0AGsVTmHKRf5bpQjaCsCAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAi/X3QjpzPap9IhpHqvgFirsEepruz8lCk+Zo6A/+DP/PocII
+/8jWdIV87RDDkkaVGvWOywZyUNN1RAfrt/jGCW8xgCaSGWRab10QIW8DGhbP6FTz
+7xcBnQzcoc1gggZBcwOjkRuefW2zkgGIJo5XxHlBfo3T9nX4086Py/b+VoAmcIlm
+Y/LNHxtIyDDiOgGK9x7+IqEXQuo/p2z5oFubj/hyNJhXaYU2u7nNMXICYY/eY4vX
+GgZ44lGZ2YR7NwzqM5UHNXr7/VJzgxWwAgyZUT8DdnjkZY4wLt1JJas5n3oldBsA
++og2cMk0oOsiFAwHAwE7St4oFY0ivKDhttf7WQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDRDCCAiwCCQC5E5PSm8flUjANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJa
+WjEKMAgGA1UECAwBLjEKMAgGA1UEBwwBLjEWMBQGA1UECgwNaHR0cGxpYjItdGVz
+dDEKMAgGA1UECwwBLjEZMBcGA1UEAwwQaHR0cGxpYjItdGVzdC1DQTAeFw0xOTA5
+MjYxNTAzMzRaFw0yOTA5MjMxNTAzMzRaMGQxCzAJBgNVBAYTAlpaMQowCAYDVQQI
+DAEuMQowCAYDVQQHDAEuMRYwFAYDVQQKDA1odHRwbGliMi10ZXN0MQowCAYDVQQL
+DAEuMRkwFwYDVQQDDBBodHRwbGliMi10ZXN0LUNBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAxBKerwr0M3230xWKMvxB20+AR9SojbQIN2/8EI9pbSrj
+mlTHPFXWf02q2Ll0GPbcnSKOMnAARptVCkxEfkDGPN03Ux0jjGu2MrwZHURXM2gH
+sQn33Gj3HCreFLMxIqMFfGeB9T0VxurgUek/+bR85QBVNE9GrQfrAN8O+ScOpCOE
+Nh5rlYc/QscH/S0QJvttbGAZFP1bB/Xjltwd6fF3rZgCfTJ88B2UIcEVt+X/kc/0
+QByPPACAnCaE4cB2q+SJVEMYP6BLDVvCPRO53UC8cqsLfpKUz73two/No4PhMHwC
+PspC+wKlAD3+GWmsatz0rRysm7V0GghCGe+T5JHsGwIDAQABMA0GCSqGSIb3DQEB
+CwUAA4IBAQB4b+DWt0An4YoXj7lb/+N7FVr2m5UVyBI+bbEGI/qsql/Ixiaef69M
+jej7n5ucUx8GBql62W0c3/E3qZFfo49ngH1WC5gkKQH9V4jGZui5CUfmNE6WepQ/
+vL6eKXUp7RoJ/hWVhGm1uV3OShF+EN0t2wZttYg4lip0FjrY8tRWdjw5yu61wWVu
+WuHxTzKiHe9emjhhUBgnWRnNeYPTRs0xM2Awv5KYPq2cmrjGbSz3mYDkBpbiJUp4
+pM9g8qLmsDO2yrlVF659D08+5zkmMbyqnn84X0n3SM3Yn0ayZOmbNHiXoAzklZNP
+7xiyxMEAfVQOITsvSDG2PzbZlGGtbaka
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAu1dP/8Sxqv4wOToZyPcoMsDJNTuM+pTHhLzcs0ga6a4GY6Du
+h7XpJIz/81QWEIeIevgjN6oM4PYOrVozrrVNrYQg0e+kb70ESQJaQWurh6HSl+hy
+y9Trh213bpMKT1DhCpqPi3gdJhi/WHPxQWHlE0tWOC1tHs5Dfs66ZyCNEad6VX9y
+Tq7kG8398orun9bqE9w706MkMCaVU1lU+0/aSLou/9DzvHfhf7X9BvUsgtQ4bmZ1
+8JOZ/a1iH1tepmaqiJ1Njg7v8mI+5PT7XTnolrxsMZhIVc+++p3VoRacYDbYwTN3
+vjD0Di0iJ4JEeUYY5J/QAaxVOYcpF/lulCNoKwIDAQABAoIBAQCtzBeUYWauCni0
+bnlDXj91rjI7504nneTm+MsKq6cECQU2YjNHxXRQC1rb47NAjGwKIK+TUXf3L254
+VglCWEKC6eQEvvxfCQyzqrIOpRORlYeok+YDwTjr/5rgAxt6b78GtlLbAYiRMj45
+kf5MOMRqvOZ04XetL4+gUarOR3131L38ysReluabsCXkgIH9kZHmgOW2El4lmoHp
+CQpvMkJWyoVZvDbjLi0JoEljHGpfdWNdcllHP4dbNSQtfgG3VXXFgKqWQ8ZiY2U1
+y5SxHaeAjKHBUoGeinox/Myzan3xCysZb+gi5UxcrE7dn5lSB2/AMBymYShI/2qi
+UWq64JeJAoGBAPLtHRIcbRn53IhXGwcdFAn7JUSzKvr+gUfJiyfbw28CDWVRgTce
+JN+FzTuW92Iwm3ppBKmJ5PcZZnqt7VTtWfLvP126YaGctqZHSWiD9oK3EzDJEWIO
+trpMlJkeB+IQlvYMCiC+G+6XFBCdB7X3X1D9Y9z11Kf/arx24bB/ByVlAoGBAMVs
+YZRL9idgwgU4LMOqaPkU99de4wzYF44joZrp3Eme3dC9sdHrDtDy6OpiQu4zP+Ax
+5cws6M6txd5meAh2YwRhJBmGUYIQuhhNKQjhoeovw0tbtXO9rAHPegXPqg8xwzY9
+Ntc/WlfwM0O7ROfOq4r9erWBn0B7xspxRMH+LIZPAoGBALVW326XnbHYXRHBxEFJ
+KZ5Rxf5EqP74YVVPU/uLB5akN4+8ifK1I91fqlajWUQI+Ocl4f8VGsCCS4ekshfF
+nnHEus6ixSK5M3dom5nTeH8XXtH6JmnGhg0IAZ1TV5sfuzEsx5qtj3hJewbz0b+6
+S4LPxG47bGWEOw84xzzTdmgpAoGAGj87heTHeBrEEL+UK/tW826XOLnzw7xi/VG9
+ZYQb9mm5ocvmfTscACmbT7X6ogKMRnk7zPZXiUrPGK9U3AMpTObBTudtpLYml56C
+ixy8Uw9Ajp9Fs3qPCLqVxXoDaPu7sVVYGivhDfnwRtv54Du40MS8cK8oBgGuvzFp
+68SoFL8CgYAY7KvTfTKk4oWWeclmwEoe04woV7J6XuB7OnbxYpKpiGh4juN1E6wo
+n9UhAVzO6cAfK/ZuhTkDtvJSsXtQ1xElZLMIG1Yb7yikRyO73EHRUpHon3Gah+79
+MM6uZReiEdkx/hMthL45jP85hfVM89M7LYj9SBoxY2xpuzN+HmiezQ==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/tls/client_encrypted.crt b/tests/tls/client_encrypted.crt
new file mode 100644
index 0000000000000000000000000000000000000000..6301dd5c90b80bfc187536fab86383753f9e42bd
--- /dev/null
+++ b/tests/tls/client_encrypted.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjQCCQDiqmqW0b8a7TANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJa
+WjEKMAgGA1UECAwBLjEKMAgGA1UEBwwBLjEWMBQGA1UECgwNaHR0cGxpYjItdGVz
+dDEKMAgGA1UECwwBLjEZMBcGA1UEAwwQaHR0cGxpYjItdGVzdC1DQTAeFw0xOTA5
+MjYxNTAzMzRaFw0yOTA5MjMxNTAzMzRaMGwxCzAJBgNVBAYTAlpaMQowCAYDVQQI
+DAEuMQowCAYDVQQHDAEuMRYwFAYDVQQKDA1odHRwbGliMi10ZXN0MQowCAYDVQQL
+DAEuMSEwHwYDVQQDDBhodHRwbGliMi10ZXN0LWNsaWVudC1lbmMwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7V0//xLGq/jA5OhnI9ygywMk1O4z6lMeE
+vNyzSBrprgZjoO6HtekkjP/zVBYQh4h6+CM3qgzg9g6tWjOutU2thCDR76RvvQRJ
+AlpBa6uHodKX6HLL1OuHbXdukwpPUOEKmo+LeB0mGL9Yc/FBYeUTS1Y4LW0ezkN+
+zrpnII0Rp3pVf3JOruQbzf3yiu6f1uoT3DvToyQwJpVTWVT7T9pIui7/0PO8d+F/
+tf0G9SyC1DhuZnXwk5n9rWIfW16mZqqInU2ODu/yYj7k9PtdOeiWvGwxmEhVz776
+ndWhFpxgNtjBM3e+MPQOLSIngkR5Rhjkn9ABrFU5hykX+W6UI2grAgMBAAEwDQYJ
+KoZIhvcNAQEFBQADggEBAKiBTMX/FwUusM4PIsmGqXisOBo6LEf2YtfzQrtxw4eY
+eWeKsi3aM2GquCqh0R7loEW+yQoxPEBaNeOBeN3v8sdhTu+9NjK31tWCYr7jvEa5
+TqjlUUMD1176YBQ8axI51lVcaBIoRdvf8nXm7idvp82eBBXQtnREjd8oKcEz7v4x
+ECJ+RWGJTEIWXq3fuVvBAJeopNVz+Utt61DCxziKbu+ndv0kQeXZ7KPFiBnARcEi
+7GvTeHUA0cbpHrNY0ob7ozcjGiPwW5HPi+DYZYfRm2PqI9vowmKt9By+8Uz03K3L
+XMZkGJ28uoo37Rbjs8+pMVDdHoUrm6hZTkw5XGgsA6I=
+-----END CERTIFICATE-----
diff --git a/tests/tls/client_encrypted.key b/tests/tls/client_encrypted.key
new file mode 100644
index 0000000000000000000000000000000000000000..747b1fb76c03f40b9d10dbf8ddae78968d4ebe9d
--- /dev/null
+++ b/tests/tls/client_encrypted.key
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,84B979083590A865DF5700455C62AEAF
+
+Q2vQ9vhIV6C3aL4Uk9XIqtsgdN9VN+Ep3mDY7FKbycrcZgDnXbZ5ys50cF8TyJZx
+ITYV5ms9MjjUi1cj3hhUfQSu1bJ+gKGWpxHD1Cxub9XLcGJrjfGomO0r5lNe4YZf
+of4qc+XpoY+dZTHyFuKn44LiynAG0esqexNc7BcqbGSw6cjm6exvDWbmz0svy2RO
+TTfea6oh2+CiHUWqIbjIEoK/tJXXzUq9LwEMGdvyQX5KJDLmsWdxejnqsMmSDBH4
+Bm5ax7AIcO4SE1AdYzzDNI11bZXyQu1UWtgL3D4sDo4iwbHzq9CFXSI21tgwW3WT
+LK3Pbt6IAJctwNZozwWDT9c0r226WZv/lYk4bkhvGDuLFMgMwjmW24i4VuU7giiv
+sna6jJNk0gQ0XCWiIgtjhrH8noefj07SPb5miXQjhbCvz3F5TqGobWS6xSCX+KMF
+LfjJdG5f6QHfnzm+fmIuc/JdcHMCf/2q3bvHuTOoYoJXMY9kcKS5PXckADsQkzmM
+2AeoegO8x25ClHRBSOgwee9tkrD5VTX3uK92/rnnt3KUiS8Rdf6jbYpJg2rvCTAd
+NF6GCCp+YNw3o7a5IehhhwXWKh0BK02e6IPU9Z6KFTX8LGFOPy8BIghyNILPpfeC
+Ir2WWr8asfBLvwy5Pj6Wzfvu6EPC6H0RIxzhTTfaZ0KZR3ZN1Fwd49FNql50UeHH
+M5x1vzi4JuRak4z22+uL3GEdkBs/PAoVMfctHTMEiDrH3mgYrEj5yhCgUjJhMP6w
+dk6gUaXcPZ6JymUtrZsjcc3cXDD6Vn6i1SH2e9rMf9/QBKGZH3ufkBJ9s0HVsacq
+bHg63+BGhmLXFcnEimGVY86py8TfQfuirFOEURoYJMUTCl046GV11AJeF0L+EOUH
+nst2Z9l86vCH+7sdVPsVG8jFaeOunr50VkCu/ephGsUSHjNRVagsVOSojknMyNki
+D13Oolykusq9zuHMBBRceNRoAHLSk02aHiuwlvQmAVaSJxIebtFZJmG1asXMSK/M
+iYjLNb7P+fjpvxYwk1bxXTyTToHLsmvDeGyMj3EhrEh83o/Xoo+bac7OW+l18wWw
+N5b5Jcrj0e/O08+dJ5UBXGJ36V5WENTdOjctFTRtZhggkvB1QBZLa1g9khxz0VEw
+q0yGYCmjMK2YxpJhH+FAprUM+0Ei9IxIjDY295CEOrKkeJGb9+A8CWLoCi8z0zAc
+vQU/uaQsK1BKamKGmu7x+xCyoLSprzNlPjipJttUqkE00kFX9sBJZXW/rI+fQRJI
+sYn9UqNp/ay00uswwcoFLAnX7YdKiJrB5jaR5oyLFXpIPQa76594iRcf+9XkD9Ca
+KlscDNVnfSW7bkp7LJ+Rm6+OKWCSjglL8uIyBEzoNFCyiEnnzebE+jwvVBaDlbPd
+xMwMzU8vHsb9dYd7RMdd+YBIxngzyJiVl6Zpfy9B74vhL+ndyWKZg2Rsunlrcms7
+YIVg/LuAfgH4jXg38yzHHEkArGZg5TFaGUD8rJwMIPil6LOQ4D+jK8/fcV9bhBuH
+LzBJ4gtPwUnvYqsaiIAeGi2EVllW0Ka+aTTzM1Yascl2q9WROvutAT0zz0M6smpO
+-----END RSA PRIVATE KEY-----
diff --git a/tests/tls/client_encrypted.pem b/tests/tls/client_encrypted.pem
new file mode 100644
index 0000000000000000000000000000000000000000..578aa7f1bc2a8f27b1aca4577ade6019e0a4cc19
--- /dev/null
+++ b/tests/tls/client_encrypted.pem
@@ -0,0 +1,50 @@
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjQCCQDiqmqW0b8a7TANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJa
+WjEKMAgGA1UECAwBLjEKMAgGA1UEBwwBLjEWMBQGA1UECgwNaHR0cGxpYjItdGVz
+dDEKMAgGA1UECwwBLjEZMBcGA1UEAwwQaHR0cGxpYjItdGVzdC1DQTAeFw0xOTA5
+MjYxNTAzMzRaFw0yOTA5MjMxNTAzMzRaMGwxCzAJBgNVBAYTAlpaMQowCAYDVQQI
+DAEuMQowCAYDVQQHDAEuMRYwFAYDVQQKDA1odHRwbGliMi10ZXN0MQowCAYDVQQL
+DAEuMSEwHwYDVQQDDBhodHRwbGliMi10ZXN0LWNsaWVudC1lbmMwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7V0//xLGq/jA5OhnI9ygywMk1O4z6lMeE
+vNyzSBrprgZjoO6HtekkjP/zVBYQh4h6+CM3qgzg9g6tWjOutU2thCDR76RvvQRJ
+AlpBa6uHodKX6HLL1OuHbXdukwpPUOEKmo+LeB0mGL9Yc/FBYeUTS1Y4LW0ezkN+
+zrpnII0Rp3pVf3JOruQbzf3yiu6f1uoT3DvToyQwJpVTWVT7T9pIui7/0PO8d+F/
+tf0G9SyC1DhuZnXwk5n9rWIfW16mZqqInU2ODu/yYj7k9PtdOeiWvGwxmEhVz776
+ndWhFpxgNtjBM3e+MPQOLSIngkR5Rhjkn9ABrFU5hykX+W6UI2grAgMBAAEwDQYJ
+KoZIhvcNAQEFBQADggEBAKiBTMX/FwUusM4PIsmGqXisOBo6LEf2YtfzQrtxw4eY
+eWeKsi3aM2GquCqh0R7loEW+yQoxPEBaNeOBeN3v8sdhTu+9NjK31tWCYr7jvEa5
+TqjlUUMD1176YBQ8axI51lVcaBIoRdvf8nXm7idvp82eBBXQtnREjd8oKcEz7v4x
+ECJ+RWGJTEIWXq3fuVvBAJeopNVz+Utt61DCxziKbu+ndv0kQeXZ7KPFiBnARcEi
+7GvTeHUA0cbpHrNY0ob7ozcjGiPwW5HPi+DYZYfRm2PqI9vowmKt9By+8Uz03K3L
+XMZkGJ28uoo37Rbjs8+pMVDdHoUrm6hZTkw5XGgsA6I=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,84B979083590A865DF5700455C62AEAF
+
+Q2vQ9vhIV6C3aL4Uk9XIqtsgdN9VN+Ep3mDY7FKbycrcZgDnXbZ5ys50cF8TyJZx
+ITYV5ms9MjjUi1cj3hhUfQSu1bJ+gKGWpxHD1Cxub9XLcGJrjfGomO0r5lNe4YZf
+of4qc+XpoY+dZTHyFuKn44LiynAG0esqexNc7BcqbGSw6cjm6exvDWbmz0svy2RO
+TTfea6oh2+CiHUWqIbjIEoK/tJXXzUq9LwEMGdvyQX5KJDLmsWdxejnqsMmSDBH4
+Bm5ax7AIcO4SE1AdYzzDNI11bZXyQu1UWtgL3D4sDo4iwbHzq9CFXSI21tgwW3WT
+LK3Pbt6IAJctwNZozwWDT9c0r226WZv/lYk4bkhvGDuLFMgMwjmW24i4VuU7giiv
+sna6jJNk0gQ0XCWiIgtjhrH8noefj07SPb5miXQjhbCvz3F5TqGobWS6xSCX+KMF
+LfjJdG5f6QHfnzm+fmIuc/JdcHMCf/2q3bvHuTOoYoJXMY9kcKS5PXckADsQkzmM
+2AeoegO8x25ClHRBSOgwee9tkrD5VTX3uK92/rnnt3KUiS8Rdf6jbYpJg2rvCTAd
+NF6GCCp+YNw3o7a5IehhhwXWKh0BK02e6IPU9Z6KFTX8LGFOPy8BIghyNILPpfeC
+Ir2WWr8asfBLvwy5Pj6Wzfvu6EPC6H0RIxzhTTfaZ0KZR3ZN1Fwd49FNql50UeHH
+M5x1vzi4JuRak4z22+uL3GEdkBs/PAoVMfctHTMEiDrH3mgYrEj5yhCgUjJhMP6w
+dk6gUaXcPZ6JymUtrZsjcc3cXDD6Vn6i1SH2e9rMf9/QBKGZH3ufkBJ9s0HVsacq
+bHg63+BGhmLXFcnEimGVY86py8TfQfuirFOEURoYJMUTCl046GV11AJeF0L+EOUH
+nst2Z9l86vCH+7sdVPsVG8jFaeOunr50VkCu/ephGsUSHjNRVagsVOSojknMyNki
+D13Oolykusq9zuHMBBRceNRoAHLSk02aHiuwlvQmAVaSJxIebtFZJmG1asXMSK/M
+iYjLNb7P+fjpvxYwk1bxXTyTToHLsmvDeGyMj3EhrEh83o/Xoo+bac7OW+l18wWw
+N5b5Jcrj0e/O08+dJ5UBXGJ36V5WENTdOjctFTRtZhggkvB1QBZLa1g9khxz0VEw
+q0yGYCmjMK2YxpJhH+FAprUM+0Ei9IxIjDY295CEOrKkeJGb9+A8CWLoCi8z0zAc
+vQU/uaQsK1BKamKGmu7x+xCyoLSprzNlPjipJttUqkE00kFX9sBJZXW/rI+fQRJI
+sYn9UqNp/ay00uswwcoFLAnX7YdKiJrB5jaR5oyLFXpIPQa76594iRcf+9XkD9Ca
+KlscDNVnfSW7bkp7LJ+Rm6+OKWCSjglL8uIyBEzoNFCyiEnnzebE+jwvVBaDlbPd
+xMwMzU8vHsb9dYd7RMdd+YBIxngzyJiVl6Zpfy9B74vhL+ndyWKZg2Rsunlrcms7
+YIVg/LuAfgH4jXg38yzHHEkArGZg5TFaGUD8rJwMIPil6LOQ4D+jK8/fcV9bhBuH
+LzBJ4gtPwUnvYqsaiIAeGi2EVllW0Ka+aTTzM1Yascl2q9WROvutAT0zz0M6smpO
+-----END RSA PRIVATE KEY-----
diff --git a/tests/tls/server.crt b/tests/tls/server.crt
new file mode 100644
index 0000000000000000000000000000000000000000..e29537ad781690d5574c152a3bd3893f6cb5cbe8
--- /dev/null
+++ b/tests/tls/server.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPTCCAiUCCQDiqmqW0b8a7jANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJa
+WjEKMAgGA1UECAwBLjEKMAgGA1UEBwwBLjEWMBQGA1UECgwNaHR0cGxpYjItdGVz
+dDEKMAgGA1UECwwBLjEZMBcGA1UEAwwQaHR0cGxpYjItdGVzdC1DQTAeFw0xOTA5
+MjYxNTAzMzRaFw0yOTA5MjMxNTAzMzRaMF0xCzAJBgNVBAYTAlpaMQowCAYDVQQI
+DAEuMQowCAYDVQQHDAEuMRYwFAYDVQQKDA1odHRwbGliMi10ZXN0MQowCAYDVQQL
+DAEuMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCu9WJEGBARCdyqt+/ip53p+S7N0lKGv0w75LfqVldIQGYMAf9xSMcb
+PSTds9rYq8g7XaehNJ628w0hWnHDEU1x28ULMlL22p91inEmWANyi+flCopgUgPe
+sQkc+kcXUVv+/Of8eclIXCxni67J8fK7nH/48ML+qdWes9nrtMRB5z/2mC7sc53x
+4faJdOpCx13CaHvYPIHJfT7d7haTDBGLVCSC90tB5WvK7E1hIoIddqwrthWopRcS
+iSmQfJZmKPgPTtnVX1r3meLEVcdLcZ9OO8r1buUrBdB5Z25K5r0nCYzAk4AyJ1pq
+8tjajMwsunbLFOQ6X9DNRCVOG0XDpu0ZAgMBAAEwDQYJKoZIhvcNAQEFBQADggEB
+AGVLrbXSANOMZpWevPJUMoZMJ4H26q9+tJ4kVi36ufQOaRBJ19lc73wt/5CL1Zzx
+uHBWJSMkUXn3CIXjyV9QsP3YF94yG9LghIKI/0Z+DK5j1TomplS13DZ+JuUIbogZ
+gwTXy/EuAxynUO+iyLD3c7/rJO94luWd2Ct9ljv9Kza7LxeEjKloBeGxddWgeU7/
+OdkPzLmvCxAsK/Wk4LAKG0p3ZwIqLdusMl6TBpStntLhh98M5xQXoozmRo8bBlp5
+kjItngdSWKWyXalw93SGEoPhe7u6fAxMBBuEpAtF5DS+mzTHB/wbJz1FuD3f973J
+4MeDFTIHtkTp/lYrbSmWvzU=
+-----END CERTIFICATE-----
diff --git a/tests/tls/server.key b/tests/tls/server.key
new file mode 100644
index 0000000000000000000000000000000000000000..9a1f1dd28bc5b134e0d83193e58590d5ecaf34ab
--- /dev/null
+++ b/tests/tls/server.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEArvViRBgQEQncqrfv4qed6fkuzdJShr9MO+S36lZXSEBmDAH/
+cUjHGz0k3bPa2KvIO12noTSetvMNIVpxwxFNcdvFCzJS9tqfdYpxJlgDcovn5QqK
+YFID3rEJHPpHF1Fb/vzn/HnJSFwsZ4uuyfHyu5x/+PDC/qnVnrPZ67TEQec/9pgu
+7HOd8eH2iXTqQsddwmh72DyByX0+3e4WkwwRi1QkgvdLQeVryuxNYSKCHXasK7YV
+qKUXEokpkHyWZij4D07Z1V9a95nixFXHS3GfTjvK9W7lKwXQeWduSua9JwmMwJOA
+MidaavLY2ozMLLp2yxTkOl/QzUQlThtFw6btGQIDAQABAoIBAFyq69lVRW1A4/go
+ZI6QaTu8F+Y8OCnWuPIgOqmMAb7rHSHPDRVbjtoGkLg8wvVwRyXqfRcNX+NW6OV5
+mjfPuk1MMhm0Fe1Z7ou7QCMnCuxo3fKamqBZ0GLrMgB/L5hSJ3/vRJCdkNcauwo9
+Gd8sn3xvb/jSzPVFzze32vzVSf39NSxcLRGnMb1Y/1U5jA7Bc+XbPb1fvWJ9ZJec
+o5wz0VLNWgYEt3dnvWZOf1ONx50ROwlKFOPhdYg/IQxzkWxOu6ZcleJrJsf5eCvj
+o2Ogm6bWMhTO73MYjHD0+hR6xl3g/vIBe+N4e4LmnI7BBQRe9SKrazqBt35/5Zs5
+IKFDPAECgYEA5M2sI7dnbHK1Ur+AIGEan3sWtbXOvg0xihCXRojE5oSKC5BFf5ny
+LvZ/VcszhjFv6ruUunXtN8qXJ8n3QQQXyuEeKpkGCvJqE8inREKSTexLj06niU1r
+w4XyyEvIckz42sv2k0mwH7qCIwAMkAQtqnM/ue2aCuyKKP5OLqqlSskCgYEAw8E/
+3zWbLwtWb6VtyaSv9/xHL71SXkxpY9FIc7MFhQLnvR6ZgZS42fXopeo04Byx6cZ3
+3QM8UPYE77H0ch3r1HdZIIXLw2aX8SnZtHtchU50cdmhCV51D6dk/bftxgncFzxp
+nHRwoPhJTXF/y0+jNP8m5Tn5YgxzJ9Sec7WuZ9ECgYEAnFqURMADNA/bKxXkR7wz
+xkIGDdyU0DkR3mhiB/hUnbZ641YOuBkKb99Qut8mcZB9C2puQ1Fs7tBJpQ4WId7b
+J2/Y/oEdqQNpS+W1sCbR9eAA7ohwYpp+htmVRBzNeJZzBImXEaWsbrI0VhilfRDt
+5+nj5Xmh588mxsapxKgmVkkCgYEAhJiaEy/UdgFQA0AjJbsQFwIjlgq/iHBp0tso
+IHba/kYBgvD/Oe7rZ3hSplAGkOfe+2McPfC7InwCy/nWgpYR8FEHZig65ZjQwuJ+
+POpyuTlzVsr7ccUxtfDFT7cOsF5tXq/lOb0FrYOA45xF3AmNm5BZYFvsuKWGOyyi
+R+6AvIECgYAXQ8Ud5GX0aXm8cRbwLStamooBreeCKQ9plLnXdqiwkjoeqhdHcWzh
+M4Cws86fbRSWESqvY3NVJCA5Na9HN0/LH/UlxN8tfrEfv1al/2UXN8zIL1a1uVfK
+H9CtL9znc7mJKBODBxDXgdC+QHMdtGwGU5QYTVwlPEBbdM/2JwgBfw==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/tls/server.pem b/tests/tls/server.pem
new file mode 100644
index 0000000000000000000000000000000000000000..83277c134f1f609f6af936767ca484585d463e13
--- /dev/null
+++ b/tests/tls/server.pem
@@ -0,0 +1,47 @@
+-----BEGIN CERTIFICATE-----
+MIIDPTCCAiUCCQDiqmqW0b8a7jANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJa
+WjEKMAgGA1UECAwBLjEKMAgGA1UEBwwBLjEWMBQGA1UECgwNaHR0cGxpYjItdGVz
+dDEKMAgGA1UECwwBLjEZMBcGA1UEAwwQaHR0cGxpYjItdGVzdC1DQTAeFw0xOTA5
+MjYxNTAzMzRaFw0yOTA5MjMxNTAzMzRaMF0xCzAJBgNVBAYTAlpaMQowCAYDVQQI
+DAEuMQowCAYDVQQHDAEuMRYwFAYDVQQKDA1odHRwbGliMi10ZXN0MQowCAYDVQQL
+DAEuMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCu9WJEGBARCdyqt+/ip53p+S7N0lKGv0w75LfqVldIQGYMAf9xSMcb
+PSTds9rYq8g7XaehNJ628w0hWnHDEU1x28ULMlL22p91inEmWANyi+flCopgUgPe
+sQkc+kcXUVv+/Of8eclIXCxni67J8fK7nH/48ML+qdWes9nrtMRB5z/2mC7sc53x
+4faJdOpCx13CaHvYPIHJfT7d7haTDBGLVCSC90tB5WvK7E1hIoIddqwrthWopRcS
+iSmQfJZmKPgPTtnVX1r3meLEVcdLcZ9OO8r1buUrBdB5Z25K5r0nCYzAk4AyJ1pq
+8tjajMwsunbLFOQ6X9DNRCVOG0XDpu0ZAgMBAAEwDQYJKoZIhvcNAQEFBQADggEB
+AGVLrbXSANOMZpWevPJUMoZMJ4H26q9+tJ4kVi36ufQOaRBJ19lc73wt/5CL1Zzx
+uHBWJSMkUXn3CIXjyV9QsP3YF94yG9LghIKI/0Z+DK5j1TomplS13DZ+JuUIbogZ
+gwTXy/EuAxynUO+iyLD3c7/rJO94luWd2Ct9ljv9Kza7LxeEjKloBeGxddWgeU7/
+OdkPzLmvCxAsK/Wk4LAKG0p3ZwIqLdusMl6TBpStntLhh98M5xQXoozmRo8bBlp5
+kjItngdSWKWyXalw93SGEoPhe7u6fAxMBBuEpAtF5DS+mzTHB/wbJz1FuD3f973J
+4MeDFTIHtkTp/lYrbSmWvzU=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEArvViRBgQEQncqrfv4qed6fkuzdJShr9MO+S36lZXSEBmDAH/
+cUjHGz0k3bPa2KvIO12noTSetvMNIVpxwxFNcdvFCzJS9tqfdYpxJlgDcovn5QqK
+YFID3rEJHPpHF1Fb/vzn/HnJSFwsZ4uuyfHyu5x/+PDC/qnVnrPZ67TEQec/9pgu
+7HOd8eH2iXTqQsddwmh72DyByX0+3e4WkwwRi1QkgvdLQeVryuxNYSKCHXasK7YV
+qKUXEokpkHyWZij4D07Z1V9a95nixFXHS3GfTjvK9W7lKwXQeWduSua9JwmMwJOA
+MidaavLY2ozMLLp2yxTkOl/QzUQlThtFw6btGQIDAQABAoIBAFyq69lVRW1A4/go
+ZI6QaTu8F+Y8OCnWuPIgOqmMAb7rHSHPDRVbjtoGkLg8wvVwRyXqfRcNX+NW6OV5
+mjfPuk1MMhm0Fe1Z7ou7QCMnCuxo3fKamqBZ0GLrMgB/L5hSJ3/vRJCdkNcauwo9
+Gd8sn3xvb/jSzPVFzze32vzVSf39NSxcLRGnMb1Y/1U5jA7Bc+XbPb1fvWJ9ZJec
+o5wz0VLNWgYEt3dnvWZOf1ONx50ROwlKFOPhdYg/IQxzkWxOu6ZcleJrJsf5eCvj
+o2Ogm6bWMhTO73MYjHD0+hR6xl3g/vIBe+N4e4LmnI7BBQRe9SKrazqBt35/5Zs5
+IKFDPAECgYEA5M2sI7dnbHK1Ur+AIGEan3sWtbXOvg0xihCXRojE5oSKC5BFf5ny
+LvZ/VcszhjFv6ruUunXtN8qXJ8n3QQQXyuEeKpkGCvJqE8inREKSTexLj06niU1r
+w4XyyEvIckz42sv2k0mwH7qCIwAMkAQtqnM/ue2aCuyKKP5OLqqlSskCgYEAw8E/
+3zWbLwtWb6VtyaSv9/xHL71SXkxpY9FIc7MFhQLnvR6ZgZS42fXopeo04Byx6cZ3
+3QM8UPYE77H0ch3r1HdZIIXLw2aX8SnZtHtchU50cdmhCV51D6dk/bftxgncFzxp
+nHRwoPhJTXF/y0+jNP8m5Tn5YgxzJ9Sec7WuZ9ECgYEAnFqURMADNA/bKxXkR7wz
+xkIGDdyU0DkR3mhiB/hUnbZ641YOuBkKb99Qut8mcZB9C2puQ1Fs7tBJpQ4WId7b
+J2/Y/oEdqQNpS+W1sCbR9eAA7ohwYpp+htmVRBzNeJZzBImXEaWsbrI0VhilfRDt
+5+nj5Xmh588mxsapxKgmVkkCgYEAhJiaEy/UdgFQA0AjJbsQFwIjlgq/iHBp0tso
+IHba/kYBgvD/Oe7rZ3hSplAGkOfe+2McPfC7InwCy/nWgpYR8FEHZig65ZjQwuJ+
+POpyuTlzVsr7ccUxtfDFT7cOsF5tXq/lOb0FrYOA45xF3AmNm5BZYFvsuKWGOyyi
+R+6AvIECgYAXQ8Ud5GX0aXm8cRbwLStamooBreeCKQ9plLnXdqiwkjoeqhdHcWzh
+M4Cws86fbRSWESqvY3NVJCA5Na9HN0/LH/UlxN8tfrEfv1al/2UXN8zIL1a1uVfK
+H9CtL9znc7mJKBODBxDXgdC+QHMdtGwGU5QYTVwlPEBbdM/2JwgBfw==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/tls/server_chain.pem b/tests/tls/server_chain.pem
new file mode 100644
index 0000000000000000000000000000000000000000..d590275ed22e1c5443b0368229f772a0d8f901d0
--- /dev/null
+++ b/tests/tls/server_chain.pem
@@ -0,0 +1,67 @@
+-----BEGIN CERTIFICATE-----
+MIIDPTCCAiUCCQDiqmqW0b8a7jANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJa
+WjEKMAgGA1UECAwBLjEKMAgGA1UEBwwBLjEWMBQGA1UECgwNaHR0cGxpYjItdGVz
+dDEKMAgGA1UECwwBLjEZMBcGA1UEAwwQaHR0cGxpYjItdGVzdC1DQTAeFw0xOTA5
+MjYxNTAzMzRaFw0yOTA5MjMxNTAzMzRaMF0xCzAJBgNVBAYTAlpaMQowCAYDVQQI
+DAEuMQowCAYDVQQHDAEuMRYwFAYDVQQKDA1odHRwbGliMi10ZXN0MQowCAYDVQQL
+DAEuMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCu9WJEGBARCdyqt+/ip53p+S7N0lKGv0w75LfqVldIQGYMAf9xSMcb
+PSTds9rYq8g7XaehNJ628w0hWnHDEU1x28ULMlL22p91inEmWANyi+flCopgUgPe
+sQkc+kcXUVv+/Of8eclIXCxni67J8fK7nH/48ML+qdWes9nrtMRB5z/2mC7sc53x
+4faJdOpCx13CaHvYPIHJfT7d7haTDBGLVCSC90tB5WvK7E1hIoIddqwrthWopRcS
+iSmQfJZmKPgPTtnVX1r3meLEVcdLcZ9OO8r1buUrBdB5Z25K5r0nCYzAk4AyJ1pq
+8tjajMwsunbLFOQ6X9DNRCVOG0XDpu0ZAgMBAAEwDQYJKoZIhvcNAQEFBQADggEB
+AGVLrbXSANOMZpWevPJUMoZMJ4H26q9+tJ4kVi36ufQOaRBJ19lc73wt/5CL1Zzx
+uHBWJSMkUXn3CIXjyV9QsP3YF94yG9LghIKI/0Z+DK5j1TomplS13DZ+JuUIbogZ
+gwTXy/EuAxynUO+iyLD3c7/rJO94luWd2Ct9ljv9Kza7LxeEjKloBeGxddWgeU7/
+OdkPzLmvCxAsK/Wk4LAKG0p3ZwIqLdusMl6TBpStntLhh98M5xQXoozmRo8bBlp5
+kjItngdSWKWyXalw93SGEoPhe7u6fAxMBBuEpAtF5DS+mzTHB/wbJz1FuD3f973J
+4MeDFTIHtkTp/lYrbSmWvzU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDRDCCAiwCCQC5E5PSm8flUjANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJa
+WjEKMAgGA1UECAwBLjEKMAgGA1UEBwwBLjEWMBQGA1UECgwNaHR0cGxpYjItdGVz
+dDEKMAgGA1UECwwBLjEZMBcGA1UEAwwQaHR0cGxpYjItdGVzdC1DQTAeFw0xOTA5
+MjYxNTAzMzRaFw0yOTA5MjMxNTAzMzRaMGQxCzAJBgNVBAYTAlpaMQowCAYDVQQI
+DAEuMQowCAYDVQQHDAEuMRYwFAYDVQQKDA1odHRwbGliMi10ZXN0MQowCAYDVQQL
+DAEuMRkwFwYDVQQDDBBodHRwbGliMi10ZXN0LUNBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAxBKerwr0M3230xWKMvxB20+AR9SojbQIN2/8EI9pbSrj
+mlTHPFXWf02q2Ll0GPbcnSKOMnAARptVCkxEfkDGPN03Ux0jjGu2MrwZHURXM2gH
+sQn33Gj3HCreFLMxIqMFfGeB9T0VxurgUek/+bR85QBVNE9GrQfrAN8O+ScOpCOE
+Nh5rlYc/QscH/S0QJvttbGAZFP1bB/Xjltwd6fF3rZgCfTJ88B2UIcEVt+X/kc/0
+QByPPACAnCaE4cB2q+SJVEMYP6BLDVvCPRO53UC8cqsLfpKUz73two/No4PhMHwC
+PspC+wKlAD3+GWmsatz0rRysm7V0GghCGe+T5JHsGwIDAQABMA0GCSqGSIb3DQEB
+CwUAA4IBAQB4b+DWt0An4YoXj7lb/+N7FVr2m5UVyBI+bbEGI/qsql/Ixiaef69M
+jej7n5ucUx8GBql62W0c3/E3qZFfo49ngH1WC5gkKQH9V4jGZui5CUfmNE6WepQ/
+vL6eKXUp7RoJ/hWVhGm1uV3OShF+EN0t2wZttYg4lip0FjrY8tRWdjw5yu61wWVu
+WuHxTzKiHe9emjhhUBgnWRnNeYPTRs0xM2Awv5KYPq2cmrjGbSz3mYDkBpbiJUp4
+pM9g8qLmsDO2yrlVF659D08+5zkmMbyqnn84X0n3SM3Yn0ayZOmbNHiXoAzklZNP
+7xiyxMEAfVQOITsvSDG2PzbZlGGtbaka
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEArvViRBgQEQncqrfv4qed6fkuzdJShr9MO+S36lZXSEBmDAH/
+cUjHGz0k3bPa2KvIO12noTSetvMNIVpxwxFNcdvFCzJS9tqfdYpxJlgDcovn5QqK
+YFID3rEJHPpHF1Fb/vzn/HnJSFwsZ4uuyfHyu5x/+PDC/qnVnrPZ67TEQec/9pgu
+7HOd8eH2iXTqQsddwmh72DyByX0+3e4WkwwRi1QkgvdLQeVryuxNYSKCHXasK7YV
+qKUXEokpkHyWZij4D07Z1V9a95nixFXHS3GfTjvK9W7lKwXQeWduSua9JwmMwJOA
+MidaavLY2ozMLLp2yxTkOl/QzUQlThtFw6btGQIDAQABAoIBAFyq69lVRW1A4/go
+ZI6QaTu8F+Y8OCnWuPIgOqmMAb7rHSHPDRVbjtoGkLg8wvVwRyXqfRcNX+NW6OV5
+mjfPuk1MMhm0Fe1Z7ou7QCMnCuxo3fKamqBZ0GLrMgB/L5hSJ3/vRJCdkNcauwo9
+Gd8sn3xvb/jSzPVFzze32vzVSf39NSxcLRGnMb1Y/1U5jA7Bc+XbPb1fvWJ9ZJec
+o5wz0VLNWgYEt3dnvWZOf1ONx50ROwlKFOPhdYg/IQxzkWxOu6ZcleJrJsf5eCvj
+o2Ogm6bWMhTO73MYjHD0+hR6xl3g/vIBe+N4e4LmnI7BBQRe9SKrazqBt35/5Zs5
+IKFDPAECgYEA5M2sI7dnbHK1Ur+AIGEan3sWtbXOvg0xihCXRojE5oSKC5BFf5ny
+LvZ/VcszhjFv6ruUunXtN8qXJ8n3QQQXyuEeKpkGCvJqE8inREKSTexLj06niU1r
+w4XyyEvIckz42sv2k0mwH7qCIwAMkAQtqnM/ue2aCuyKKP5OLqqlSskCgYEAw8E/
+3zWbLwtWb6VtyaSv9/xHL71SXkxpY9FIc7MFhQLnvR6ZgZS42fXopeo04Byx6cZ3
+3QM8UPYE77H0ch3r1HdZIIXLw2aX8SnZtHtchU50cdmhCV51D6dk/bftxgncFzxp
+nHRwoPhJTXF/y0+jNP8m5Tn5YgxzJ9Sec7WuZ9ECgYEAnFqURMADNA/bKxXkR7wz
+xkIGDdyU0DkR3mhiB/hUnbZ641YOuBkKb99Qut8mcZB9C2puQ1Fs7tBJpQ4WId7b
+J2/Y/oEdqQNpS+W1sCbR9eAA7ohwYpp+htmVRBzNeJZzBImXEaWsbrI0VhilfRDt
+5+nj5Xmh588mxsapxKgmVkkCgYEAhJiaEy/UdgFQA0AjJbsQFwIjlgq/iHBp0tso
+IHba/kYBgvD/Oe7rZ3hSplAGkOfe+2McPfC7InwCy/nWgpYR8FEHZig65ZjQwuJ+
+POpyuTlzVsr7ccUxtfDFT7cOsF5tXq/lOb0FrYOA45xF3AmNm5BZYFvsuKWGOyyi
+R+6AvIECgYAXQ8Ud5GX0aXm8cRbwLStamooBreeCKQ9plLnXdqiwkjoeqhdHcWzh
+M4Cws86fbRSWESqvY3NVJCA5Na9HN0/LH/UlxN8tfrEfv1al/2UXN8zIL1a1uVfK
+H9CtL9znc7mJKBODBxDXgdC+QHMdtGwGU5QYTVwlPEBbdM/2JwgBfw==
+-----END RSA PRIVATE KEY-----