use a www.elastic.co instead of httpbin.org for SSL tests

Author: miguelgrinberg

.github/workflows/ci.yml

@@ -61,6 +61,12 @@ jobs:
         image: kennethreitz/httpbin
         ports:
           - 8080:80
+      elasticsearch:
+        image: docker.elastic.co/elasticsearch/elasticsearch:9.0.2
+        env:
+          discovery.type: single-node
+        ports:
+          - 9200:9200
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2

tests/conftest.py

@@ -67,9 +67,9 @@ async def perform_request(self, *args, **kwargs):
 
 
 @pytest.fixture(scope="session", params=[True, False])
-def httpbin_cert_fingerprint(request) -> str:
-    """Gets the SHA256 fingerprint of the certificate for 'httpbin.org'"""
-    sock = socket.create_connection(("httpbin.org", 443))
+def cert_fingerprint(request) -> str:
+    """Gets the SHA256 fingerprint of the certificate for localhost:9200"""
+    sock = socket.create_connection(("localhost", 9200))
     ctx = ssl.create_default_context()
     ctx.check_hostname = False
     ctx.verify_mode = ssl.CERT_NONE

tests/node/test_http_aiohttp.py

@@ -290,40 +290,44 @@ async def test_head_workaround(self, aiohttp_fixed_head_bug):
 
 
 @pytest.mark.asyncio
-async def test_ssl_assert_fingerprint(httpbin_cert_fingerprint):
+async def test_ssl_assert_fingerprint(cert_fingerprint):
     with warnings.catch_warnings(record=True) as w:
         node = AiohttpHttpNode(
             NodeConfig(
                 scheme="https",
-                host="httpbin.org",
-                port=443,
-                ssl_assert_fingerprint=httpbin_cert_fingerprint,
+                host="localhost",
+                port=9200,
+                ssl_assert_fingerprint=cert_fingerprint,
             )
         )
         resp, _ = await node.perform_request("GET", "/")
 
-    assert resp.status == 200
+    assert resp.status == 401
     assert [str(x.message) for x in w if x.category != DeprecationWarning] == []
 
 
 @pytest.mark.asyncio
 async def test_default_headers():
-    node = AiohttpHttpNode(NodeConfig(scheme="https", host="httpbin.org", port=443))
+    node = AiohttpHttpNode(NodeConfig(scheme="http", host="localhost", port=8080))
     resp, data = await node.perform_request("GET", "/anything")
 
     assert resp.status == 200
     headers = json.loads(data)["headers"]
     headers.pop("X-Amzn-Trace-Id", None)
-    assert headers == {"Host": "httpbin.org", "User-Agent": DEFAULT_USER_AGENT}
+    assert headers == {
+        "Connection": "keep-alive",
+        "Host": "localhost:8080",
+        "User-Agent": DEFAULT_USER_AGENT,
+    }
 
 
 @pytest.mark.asyncio
 async def test_custom_headers():
     node = AiohttpHttpNode(
         NodeConfig(
-            scheme="https",
-            host="httpbin.org",
-            port=443,
+            scheme="http",
+            host="localhost",
+            port=8080,
             headers={"accept-encoding": "gzip", "Content-Type": "application/json"},
         )
     )
@@ -341,8 +345,9 @@ async def test_custom_headers():
     headers.pop("X-Amzn-Trace-Id", None)
     assert headers == {
         "Accept-Encoding": "gzip",
+        "Connection": "keep-alive",
         "Content-Type": "application/x-ndjson",
-        "Host": "httpbin.org",
+        "Host": "localhost:8080",
         "User-Agent": "custom-agent/1.2.3",
     }
 
@@ -351,9 +356,9 @@ async def test_custom_headers():
 async def test_custom_user_agent():
     node = AiohttpHttpNode(
         NodeConfig(
-            scheme="https",
-            host="httpbin.org",
-            port=443,
+            scheme="http",
+            host="localhost",
+            port=8080,
             headers={
                 "accept-encoding": "gzip",
                 "Content-Type": "application/json",
@@ -371,8 +376,9 @@ async def test_custom_user_agent():
     headers.pop("X-Amzn-Trace-Id", None)
     assert headers == {
         "Accept-Encoding": "gzip",
+        "Connection": "keep-alive",
         "Content-Type": "application/json",
-        "Host": "httpbin.org",
+        "Host": "localhost:8080",
         "User-Agent": "custom-agent/1.2.3",
     }
 
@@ -385,7 +391,7 @@ def test_repr():
 @pytest.mark.asyncio
 async def test_head():
     node = AiohttpHttpNode(
-        NodeConfig(scheme="https", host="httpbin.org", port=443, http_compress=True)
+        NodeConfig(scheme="http", host="localhost", port=8080, http_compress=True)
     )
     resp, data = await node.perform_request("HEAD", "/anything")
 

tests/node/test_http_httpx.py

@@ -145,13 +145,13 @@ async def test_merge_headers(self):
         assert request.headers["h3"] == "v3"
 
 
-def test_ssl_assert_fingerprint(httpbin_cert_fingerprint):
+def test_ssl_assert_fingerprint(cert_fingerprint):
     with pytest.raises(ValueError, match="httpx does not support certificate pinning"):
         HttpxAsyncHttpNode(
             NodeConfig(
                 scheme="https",
-                host="httpbin.org",
-                port=443,
-                ssl_assert_fingerprint=httpbin_cert_fingerprint,
+                host="localhost",
+                port=9200,
+                ssl_assert_fingerprint=cert_fingerprint,
             )
         )

tests/node/test_urllib3_chain_certs.py

@@ -35,8 +35,8 @@ def test_ssl_assert_fingerprint_invalid_length(node_cls):
         node_cls(
             NodeConfig(
                 "https",
-                "httpbin.org",
-                443,
+                "localhost",
+                9200,
                 ssl_assert_fingerprint="0000",
             )
         )
@@ -52,17 +52,17 @@ def test_ssl_assert_fingerprint_invalid_length(node_cls):
 @pytest.mark.parametrize(
     "ssl_assert_fingerprint",
     [
-        "8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e",
-        "8e:cd:e6:88:4f:3d:87:b1:12:5b:a3:1a:c3:fc:b1:3d:70:16:de:7f:57:cc:90:4f:e1:cb:97:c6:ae:98:19:6e",
-        "8ECDE6884F3D87B1125BA31AC3FCB13D7016DE7F57CC904FE1CB97C6AE98196E",
+        "18efbd94dda87e3598a1251f9440cd2f4fd1dbf08be007c1012e992e830ca262",
+        "18:EF:BD:94:DD:A8:7E:35:98:A1:25:1F:94:40:CD:2F:4F:D1:DB:F0:8B:E0:07:C1:01:2E:99:2E:83:0C:A2:62",
+        "18EFBD94DDA87E3598A1251F9440CD2F4FD1DBF08BE007C1012E992E830CA262",
     ],
 )
 def test_assert_fingerprint_in_cert_chain(node_cls, ssl_assert_fingerprint):
     with warnings.catch_warnings(record=True) as w:
         node = node_cls(
             NodeConfig(
                 "https",
-                "httpbin.org",
+                "www.elastic.co",
                 443,
                 ssl_assert_fingerprint=ssl_assert_fingerprint,
             )
@@ -79,7 +79,7 @@ def test_assert_fingerprint_in_cert_chain_failure(node_cls):
     node = node_cls(
         NodeConfig(
             "https",
-            "httpbin.org",
+            "www.elastic.co",
             443,
             ssl_assert_fingerprint="0" * 64,
         )
@@ -89,11 +89,12 @@ def test_assert_fingerprint_in_cert_chain_failure(node_cls):
         node.perform_request("GET", "/")
 
     err = str(e.value)
+    print(err)
     assert "Fingerprints did not match." in err
     # This is the bad value we "expected"
     assert (
         'Expected "0000000000000000000000000000000000000000000000000000000000000000",'
         in err
     )
     # This is the root CA for httpbin.org with a leading comma to denote more than one cert was listed.
-    assert ', "8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e"' in err
+    assert '"18efbd94dda87e3598a1251f9440cd2f4fd1dbf08be007c1012e992e830ca262"' in err