55 lines
2.1 KiB
Python
55 lines
2.1 KiB
Python
"""Tests for SSL/TLS configuration in gateway RPC connections."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import ssl
|
|
|
|
from app.services.openclaw.gateway_rpc import GatewayConfig, _create_ssl_context
|
|
|
|
|
|
def test_create_ssl_context_returns_none_for_ws_protocol() -> None:
|
|
"""SSL context should be None for non-secure websocket connections."""
|
|
config = GatewayConfig(url="ws://gateway.example:18789/ws")
|
|
ssl_context = _create_ssl_context(config)
|
|
|
|
assert ssl_context is None
|
|
|
|
|
|
def test_create_ssl_context_returns_none_for_wss_with_secure_mode() -> None:
|
|
"""SSL context should be None for wss:// with default verification (secure mode)."""
|
|
config = GatewayConfig(url="wss://gateway.example:18789/ws", allow_insecure_tls=False)
|
|
ssl_context = _create_ssl_context(config)
|
|
|
|
assert ssl_context is None
|
|
|
|
|
|
def test_create_ssl_context_disables_verification_when_allow_insecure_tls_true() -> None:
|
|
"""SSL context should disable certificate verification when allow_insecure_tls is True."""
|
|
config = GatewayConfig(url="wss://gateway.example:18789/ws", allow_insecure_tls=True)
|
|
ssl_context = _create_ssl_context(config)
|
|
|
|
assert ssl_context is not None
|
|
assert isinstance(ssl_context, ssl.SSLContext)
|
|
assert ssl_context.check_hostname is False
|
|
assert ssl_context.verify_mode == ssl.CERT_NONE
|
|
|
|
|
|
def test_create_ssl_context_respects_localhost_with_insecure_flag() -> None:
|
|
"""SSL context for localhost should respect allow_insecure_tls flag."""
|
|
config = GatewayConfig(url="wss://localhost:18789/ws", allow_insecure_tls=True)
|
|
ssl_context = _create_ssl_context(config)
|
|
|
|
assert ssl_context is not None
|
|
assert ssl_context.check_hostname is False
|
|
assert ssl_context.verify_mode == ssl.CERT_NONE
|
|
|
|
|
|
def test_create_ssl_context_respects_ip_address_with_insecure_flag() -> None:
|
|
"""SSL context for IP addresses should respect allow_insecure_tls flag."""
|
|
config = GatewayConfig(url="wss://192.168.1.100:18789/ws", allow_insecure_tls=True)
|
|
ssl_context = _create_ssl_context(config)
|
|
|
|
assert ssl_context is not None
|
|
assert ssl_context.check_hostname is False
|
|
assert ssl_context.verify_mode == ssl.CERT_NONE
|