From b8d2ee315f5b055fd374dee247bc0fe518fcab11 Mon Sep 17 00:00:00 2001
From: Kaitlin Farr <kaitlin.farr@jhuapl.edu>
Date: Thu, 28 Sep 2017 20:16:33 -0400
Subject: [PATCH] Dynamically determine SSL version in unit tests

KMIP by default tries to use PROTOCOL_TLSv1_2, but not all systems that
run the unit tests necessarily have this.

Dynamically determine the version to use.

Change-Id: Ia13841b3547332d6d5044b446b073dc2394bb8fb
---
 barbican/tests/plugin/test_kmip.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/barbican/tests/plugin/test_kmip.py b/barbican/tests/plugin/test_kmip.py
index 59c55ab3e..b2dfd85ec 100644
--- a/barbican/tests/plugin/test_kmip.py
+++ b/barbican/tests/plugin/test_kmip.py
@@ -13,7 +13,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 import base64
+import ssl
 import stat
+import testtools
 
 import mock
 
@@ -97,6 +99,13 @@ class WhenTestingKMIPSecretStore(utils.BaseTestCase):
         CONF.kmip_plugin.keyfile = None
         CONF.kmip_plugin.pkcs1_only = False
 
+        # get the latest protocol that SSL supports
+        protocol_dict = ssl.__dict__.get('_PROTOCOL_NAMES')
+        latest_protocol = protocol_dict.get(max(protocol_dict.keys()))
+        if not latest_protocol.startswith('PROTOCOL_'):
+            latest_protocol = 'PROTOCOL_' + latest_protocol
+        CONF.kmip_plugin.ssl_version = latest_protocol
+
         self.secret_store = kss.KMIPSecretStore(CONF)
         self.credential = self.secret_store.credential
         self.symmetric_type = secret_store.SecretType.SYMMETRIC
@@ -144,6 +153,8 @@ class WhenTestingKMIPSecretStore(utils.BaseTestCase):
         secret_store = kss.KMIPSecretStore(CONF)
         self.assertTrue(secret_store.pkcs1_only)
 
+    @testtools.skipIf(not getattr(ssl, "PROTOCOL_TLSv1_2", None),
+                      "TLSv1.2 is not available on this system")
     def test_enable_tlsv12_config_option(self):
         ssl_version = "PROTOCOL_TLSv1_2"
         CONF = kss.CONF
@@ -151,6 +162,8 @@ class WhenTestingKMIPSecretStore(utils.BaseTestCase):
         kss.KMIPSecretStore(CONF)
         self.assertEqual(ssl_version, CONF.kmip_plugin.ssl_version)
 
+    @testtools.skipIf(not getattr(ssl, "PROTOCOL_TLSv1", None),
+                      "TLSv1 is not available on this system")
     def test_enable_tlsv1_config_option(self):
         ssl_version = "PROTOCOL_TLSv1"
         CONF = kss.CONF