diff --git a/aiohttp/client_reqrep.py b/aiohttp/client_reqrep.py index 817c3d4af27..511a659f3ab 100644 --- a/aiohttp/client_reqrep.py +++ b/aiohttp/client_reqrep.py @@ -547,8 +547,8 @@ def update_proxy( proxy_auth: Optional[BasicAuth], proxy_headers: Optional[LooseHeaders], ) -> None: - if proxy and not proxy.scheme == "http": - raise ValueError("Only http proxies are supported") + # if proxy and not proxy.scheme == "http": + # raise ValueError("Only http proxies are supported") if proxy_auth and not isinstance(proxy_auth, helpers.BasicAuth): raise ValueError("proxy_auth must be None or BasicAuth() tuple") self.proxy = proxy diff --git a/requirements/test.txt b/requirements/test.txt index 5e3b21bd391..c2a6ec4ac0f 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -5,6 +5,7 @@ cryptography==3.3.1; platform_machine!="i686" and python_version<"3.9" # no 32-b freezegun==1.1.0 mypy==0.910; implementation_name=="cpython" mypy-extensions==0.4.3; implementation_name=="cpython" +proxy.py==2.0.0 pytest==6.1.2 pytest-cov==2.12.1 pytest-mock==3.6.1 diff --git a/tests/conftest.py b/tests/conftest.py index 85f482b56d6..574a4f76cf7 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -69,6 +69,12 @@ def tls_ca_certificate_pem_path(tls_certificate_authority): yield ca_cert_pem +@pytest.fixture +def tls_ca_private_key_pem_path(tls_certificate_authority): + with tls_certificate_authority.private_key_pem.tempfile() as ca_key_pem: + yield ca_key_pem + + @pytest.fixture def tls_certificate_pem_path(tls_certificate): with tls_certificate.private_key_and_cert_chain_pem.tempfile() as cert_pem: diff --git a/tests/test_proxy_functional.py b/tests/test_proxy_functional.py index 68763cd446e..2070626209a 100644 --- a/tests/test_proxy_functional.py +++ b/tests/test_proxy_functional.py @@ -1,8 +1,10 @@ import asyncio +import logging import os import pathlib from unittest import mock +import proxy import pytest from yarl import URL @@ -10,6 +12,79 @@ from aiohttp import web +@pytest.fixture +def secure_proxy_url( + aiohttp_unused_port, tls_ca_certificate_pem_path, tls_ca_private_key_pem_path +): + """Return the an instance of a running secure proxy.""" + unused_port = str(aiohttp_unused_port()) + address = "127.0.0.1" + input_args = [ + "--num-workers", + "1", + "--hostname", + "127.0.0.1", + "--port", + unused_port, + "--cert-file", + tls_ca_certificate_pem_path, + "--key-file", + tls_ca_private_key_pem_path, + ] + proxy_url = URL.build(scheme="https", host=address, port=unused_port) + with proxy.Proxy(input_args=input_args): + yield proxy_url + + +# @pytest.mark.xfail +# @pytest.mark.parametrize("protocol", ["http", "http"]) +async def test_secure_proxy_http_absolute_path( + aiohttp_server, + ssl_ctx, + secure_proxy_url, + get_request, + # protocol +) -> None: + """Test urls can be requested through a secure proxy.""" + + async def handler(request): + return web.Response(text="Test message") + + app = web.Application() + app.router.add_route("GET", "/", handler) + server = await aiohttp_server(app) + + # url = URL.build(scheme=protocol, host=server.host, port=server.port) + url = URL.build(scheme="http", host=server.host, port=server.port) + response = await get_request(url=url, proxy=secure_proxy_url, ssl=False) + assert response.status == 200 + + +# @pytest.mark.xfail +# @pytest.mark.parametrize("protocol", ["http", "http"]) +async def test_secure_proxy_https_absolute_path( + aiohttp_server, + ssl_ctx, + secure_proxy_url, + get_request, + client_ssl_ctx, + # protocol +) -> None: + """Test urls can be requested through a secure proxy.""" + + async def handler(request): + return web.Response(text="Test message") + + app = web.Application() + app.router.add_route("GET", "/", handler) + server = await aiohttp_server(app, ssl=ssl_ctx) + + url = URL.build(scheme="https", host=server.host, port=server.port) + response = await get_request(url=url, ssl=client_ssl_ctx) + # response = await get_request(url=url, proxy=secure_proxy_url) + assert response.status == 200 + + @pytest.fixture def proxy_test_server(aiohttp_raw_server, loop, monkeypatch): # Handle all proxy requests and imitate remote server response.