minor: PR tweaks based on review: doc, casing, typos, updates

- two reversions to unnecessary changes
- some typo fixes
- capitalization of HTTP/S where reasonable
- commenting out code section with ''' rather than #

Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>

Author: awwad

tests/proxy_server.py

@@ -1,6 +1,6 @@
 #!/usr/bin/env python
 
-# This code is taken from: https://github.com/inaz2/proxy2
+# This code is taken from: github.com/inaz2/proxy2
 # Credit goes to the author. It has been very slightly modified here to use
 # IPv4 instead of IPv6, and to only attempt interception of HTTPS traffic
 # (instead of relaying via HTTP CONNECT) if new global variable INTERCEPT is

tests/test_download.py

@@ -197,28 +197,29 @@ def test_download_url_to_tempfileobj_and_urls(self):
 
 
 
+  '''
   # This test uses sites on the internet, requiring a net connection to succeed.
   # Since this is the only such test in TUF, I'm not going to enable it... but
   # it's here in case it's useful for diagnosis.
-  # def test_https_validation(self):
-  #   """
-  #   Use some known URLs on the net to ensure that TUF download checks SSL
-  #   certificates appropriately.
-  #   """
-  #   # We should never get as far as the target file download itself, so the
-  #   # length we pass to safe_download and unsafe_download shouldn't matter.
-  #   irrelevant_length = 10
-  #
-  #   for bad_url in [
-  #       'https://expired.badssl.com/', # expired certificate
-  #       'https://wrong.host.badssl.com/', ]: # hostname verification fail
-  #
-  #     with self.assertRaises(requests.exceptions.SSLError):
-  #       download.safe_download(bad_url, irrelevant_length)
-  #
-  #     with self.assertRaises(requests.exceptions.SSLError):
-  #       download.unsafe_download(bad_url, irrelevant_length)
+  def test_https_validation(self):
+    """
+    Use some known URLs on the net to ensure that TUF download checks SSL
+    certificates appropriately.
+    """
+    # We should never get as far as the target file download itself, so the
+    # length we pass to safe_download and unsafe_download shouldn't matter.
+    irrelevant_length = 10
+
+    for bad_url in [
+        'https://expired.badssl.com/', # expired certificate
+        'https://wrong.host.badssl.com/', ]: # hostname verification fail
 
+      with self.assertRaises(requests.exceptions.SSLError):
+        download.safe_download(bad_url, irrelevant_length)
+
+      with self.assertRaises(requests.exceptions.SSLError):
+        download.unsafe_download(bad_url, irrelevant_length)
+  '''
 
 
 
@@ -250,10 +251,12 @@ def test_https_connection(self):
     bad_cert_fname = os.path.join('ssl_certs', 'ssl_cert_wronghost.crt')
     expired_cert_fname = os.path.join('ssl_certs', 'ssl_cert_expired.crt')
 
-    # Launch three https servers (serve files in the current dir).
-    # The first we expect to operate correctly.
-    # The second we run with an HTTPS certificate with an unexpected hostname.
-    # The third we run with an HTTPS certificate that is expired.
+    # Launch four HTTPS servers (serve files in the current dir).
+    # 1: we expect to operate correctly
+    # 2: also good; uses a slightly different cert (controls for the cert
+    #    generation method used for the next two, in case it comes to matter)
+    # 3: run with an HTTPS certificate with an unexpected hostname
+    # 4: run with an HTTPS certificate that is expired
     port1 = str(random.randint(30000, 45000))
     port2 = str(int(port1) + 1)
     port3 = str(int(port1) + 2)
@@ -267,7 +270,7 @@ def test_https_connection(self):
     bad_https_server_proc = subprocess.Popen(command3, stderr=subprocess.PIPE)
     expd_https_server_proc = subprocess.Popen(command4, stderr=subprocess.PIPE)
 
-    # Provide a delay long enough to allow the https servers to start.
+    # Provide a delay long enough to allow the HTTPS servers to start.
     # Encountered an error on one test system at delay value of 0.2s, so
     # increasing to 0.5s.
     # Expect to see "Connection refused" if this delay is not long enough
@@ -280,7 +283,7 @@ def test_https_connection(self):
     bad_https_url = good_https_url.replace(':' + port1, ':' + port3)
     expired_https_url = good_https_url.replace(':' + port1, ':' + port4)
 
-    # Download the target file using an https connection.
+    # Download the target file using an HTTPS connection.
 
     # Use try-finally solely to ensure that the server processes are killed.
     try:
@@ -291,7 +294,7 @@ def test_https_connection(self):
       # Try connecting to the server process with the bad cert while trusting
       # the bad cert. Expect failure because even though we trust it, the
       # hostname we're connecting to does not match the hostname in the cert.
-      logger.info('Trying https download of target file: ' + bad_https_url)
+      logger.info('Trying HTTPS download of target file: ' + bad_https_url)
       with self.assertRaises(requests.exceptions.SSLError):
         download.safe_download(bad_https_url, target_data_length)
       with self.assertRaises(requests.exceptions.SSLError):
@@ -301,13 +304,13 @@ def test_https_connection(self):
       # trusting the good certs (trusting the bad cert instead). Expect failure
       # because even though the server's cert file is otherwise OK, we don't
       # trust it.
-      print('Trying https download of target file: ' + good_https_url)
+      print('Trying HTTPS download of target file: ' + good_https_url)
       with self.assertRaises(requests.exceptions.SSLError):
         download.safe_download(good_https_url, target_data_length)
       with self.assertRaises(requests.exceptions.SSLError):
         download.unsafe_download(good_https_url, target_data_length)
 
-      print('Trying https download of target file: ' + good2_https_url)
+      print('Trying HTTPS download of target file: ' + good2_https_url)
       with self.assertRaises(requests.exceptions.SSLError):
         download.safe_download(good2_https_url, target_data_length)
       with self.assertRaises(requests.exceptions.SSLError):
@@ -319,7 +322,7 @@ def test_https_connection(self):
       # Try connecting to the server process with the expired cert while
       # trusting the expired cert. Expect failure because even though we trust
       # it, it is expired.
-      logger.info('Trying https download of target file: ' + expired_https_url)
+      logger.info('Trying HTTPS download of target file: ' + expired_https_url)
       with self.assertRaises(requests.exceptions.SSLError):
         download.safe_download(expired_https_url, target_data_length)
       with self.assertRaises(requests.exceptions.SSLError):
@@ -334,12 +337,12 @@ def test_https_connection(self):
       #       still trusting the good cert. Perhaps it's a caching issue....?
       #       I'm not especially concerned yet, but take note for later....
       os.environ['REQUESTS_CA_BUNDLE'] = good_cert_fname
-      logger.info('Trying https download of target file: ' + good_https_url)
+      logger.info('Trying HTTPS download of target file: ' + good_https_url)
       download.safe_download(good_https_url, target_data_length)
       download.unsafe_download(good_https_url, target_data_length)
 
       os.environ['REQUESTS_CA_BUNDLE'] = good2_cert_fname
-      logger.info('Trying https download of target file: ' + good2_https_url)
+      logger.info('Trying HTTPS download of target file: ' + good2_https_url)
       download.safe_download(good2_https_url, target_data_length)
       download.unsafe_download(good2_https_url, target_data_length)
 

tests/test_proxy_use.py

@@ -64,7 +64,7 @@ def setUpClass(cls):
     """
     Setup performed before the first test function (TestWithProxies class
     method) runs.
-    Launch http, https, and proxy servers in the current working directory.
+    Launch HTTP, HTTPS, and proxy servers in the current working directory.
     We'll set up four servers:
      - HTTP server (simple_server.py)
      - HTTPS server (simple_https_server.py)
@@ -95,8 +95,7 @@ def setUpClass(cls):
     cls.http_proxy_port = cls.http_port + 2
     cls.http_proxy_proc = subprocess.Popen(
         ['python', 'proxy_server.py', str(cls.http_proxy_port)],
-        stderr=subprocess.PIPE)
-    # Note that the http proxy server's address uses http://, regardless of the
+    # Note that the HTTP proxy server's address uses http://, regardless of the
     # type of connection used with the target server.
     cls.http_proxy_addr = 'http://127.0.0.1:' + str(cls.http_proxy_port)
 
@@ -117,8 +116,7 @@ def setUpClass(cls):
     cls.https_proxy_proc = subprocess.Popen(
         ['python', 'proxy_server.py', str(cls.https_proxy_port), 'intercept',
         os.path.join('ssl_certs', 'ssl_cert.crt')],
-        stderr=subprocess.PIPE)
-    # Note that the https proxy server's address uses https://, regardless of
+    # Note that the HTTPS proxy server's address uses https://, regardless of
     # the type of connection used with the target server.
     cls.https_proxy_addr = 'https://127.0.0.1:' + str(cls.https_proxy_port)
 
@@ -201,7 +199,7 @@ def test_baseline_no_proxy(self):
     HTTP proxy, and perform an HTTP connection with the final server.
     """
 
-    logger.info('Trying http download with no proxy: ' + self.url)
+    logger.info('Trying HTTP download with no proxy: ' + self.url)
     download.safe_download(self.url, self.target_data_length)
     download.unsafe_download(self.url, self.target_data_length)
 
@@ -217,15 +215,15 @@ def test_http_dl_via_smart_http_proxy(self):
 
     self.set_env_value('HTTP_PROXY', self.http_proxy_addr)
 
-    logger.info('Trying http download via http proxy: ' + self.url)
+    logger.info('Trying HTTP download via HTTP proxy: ' + self.url)
     download.safe_download(self.url, self.target_data_length)
     download.unsafe_download(self.url, self.target_data_length)
 
 
 
 
 
-  def test_httpS_dl_via_smart_http_proxy(self):
+  def test_https_dl_via_smart_http_proxy(self):
     """
     Test a length-validating TUF download of a file through a proxy. Use an
     HTTP proxy that supports HTTP CONNECT (which essentially causes it to act
@@ -242,15 +240,15 @@ def test_httpS_dl_via_smart_http_proxy(self):
     self.set_env_value('REQUESTS_CA_BUNDLE',
         os.path.join('ssl_certs', 'ssl_cert.crt'))
 
-    logger.info('Trying httpS download via http proxy: ' + self.url_https)
+    logger.info('Trying HTTPS download via HTTP proxy: ' + self.url_https)
     download.safe_download(self.url_https, self.target_data_length)
     download.unsafe_download(self.url_https, self.target_data_length)
 
 
 
 
 
-  def test_http_dl_via_httpS_proxy(self):
+  def test_http_dl_via_https_proxy(self):
     """
     Test a length-validating TUF download of a file through a proxy. Use an
     HTTPS proxy, and perform an HTTP connection with the final server.
@@ -263,15 +261,15 @@ def test_http_dl_via_httpS_proxy(self):
     self.set_env_value('REQUESTS_CA_BUNDLE',
         os.path.join('ssl_certs', 'proxy_ca.crt'))
 
-    logger.info('Trying http download via httpS proxy: ' + self.url_https)
+    logger.info('Trying HTTP download via HTTPS proxy: ' + self.url_https)
     download.safe_download(self.url, self.target_data_length)
     download.unsafe_download(self.url, self.target_data_length)
 
 
 
 
 
-  def test_httpS_dl_via_httpS_proxy(self):
+  def test_https_dl_via_https_proxy(self):
     """
     Test a length-validating TUF download of a file through a proxy. Use an
     HTTPS proxy, and perform an HTTPS connection with the final server.
@@ -286,7 +284,7 @@ def test_httpS_dl_via_httpS_proxy(self):
     self.set_env_value('REQUESTS_CA_BUNDLE',
         os.path.join('ssl_certs', 'proxy_ca.crt'))
 
-    logger.info('Trying httpS download via httpS proxy: ' + self.url_https)
+    logger.info('Trying HTTPS download via HTTPS proxy: ' + self.url_https)
     download.safe_download(self.url_https, self.target_data_length)
     download.unsafe_download(self.url_https, self.target_data_length)
 
@@ -340,7 +338,7 @@ def restore_env_value(self, key):
       # del os.environ[key] should unset the variable. Otherwise, we'll just
       # have to settle for setting it to an empty string.
       # See os.environ in:
-      #    https://docs.python.org/2/library/os.html#process-parameters)
+      #    https://docs.python.org/2/library/os.html#process-parameters
       os.environ[key] = ''
       del os.environ[key]
 

tuf/exceptions.py

@@ -172,8 +172,8 @@ def __init__(self, expected_length, observed_length):
     self.observed_length = observed_length #bytes
 
   def __str__(self):
-    return 'Observed length (' + repr(self.observed_length)+\
-           ') != expected length (' + repr(self.expected_length) + ').'
+    return 'Observed length (' + repr(self.observed_length) + \
+        ') < expected length (' + repr(self.expected_length) + ').'
 
 
 class SlowRetrievalError(DownloadError):

tuf/settings.py

@@ -75,7 +75,7 @@
 DEFAULT_TARGETS_REQUIRED_LENGTH = 5000000 #bytes
 
 # Set a timeout value in seconds (float) for non-blocking socket operations.
-SOCKET_TIMEOUT = 5 #seconds
+SOCKET_TIMEOUT = 4 #seconds
 
 # The maximum chunk of data, in bytes, we would download in every round.
 CHUNK_SIZE = 400000 #bytes