From 0f870e946a6cb95db3719508b6cd37788ca6bf80 Mon Sep 17 00:00:00 2001
From: Pablo Alexis Dominguez Grau <pabloadominguezgrau@gmail.com>
Date: Wed, 13 Mar 2024 22:14:27 -0400
Subject: [PATCH] Add unit test forcing ValueError when using MD5 (#9120)

---
 tests/repositories/test_http_repository.py | 38 ++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/tests/repositories/test_http_repository.py b/tests/repositories/test_http_repository.py
index 22e59bf06f0..45627d9be1f 100644
--- a/tests/repositories/test_http_repository.py
+++ b/tests/repositories/test_http_repository.py
@@ -183,3 +183,41 @@ def test_calculate_sha256(
         calculated_hash
         == "sha256:e216b70f013c47b82a72540d34347632c5bfe59fd54f5fe5d51f6a68b19aaf84"
     )
+
+
+def test_calculate_sha256_defaults_to_sha256_on_md5_errors(
+    mocker: MockerFixture,
+) -> None:
+    suppressed_value_error = False
+
+    def mock_hashlib_md5_error() -> None:
+        nonlocal suppressed_value_error
+        suppressed_value_error = True
+        raise ValueError(
+            "[digital envelope routines: EVP_DigestInit_ex] disabled for FIPS"
+        )
+
+    filename = "poetry_core-1.5.0-py3-none-any.whl"
+    filepath = MockRepository.DIST_FIXTURES / filename
+    mock_download = mocker.patch(
+        "poetry.repositories.http_repository.download_file",
+        side_effect=lambda _, dest, *args, **kwargs: shutil.copy(filepath, dest),
+    )
+    mock_hashlib = mocker.patch("hashlib.md5", side_effect=mock_hashlib_md5_error)
+
+    domain = "foo.com"
+    link = Link(
+        f"https://{domain}/{filename}",
+        hashes={"md5": "be7589b4902793e66d7d979bd8581591"},
+    )
+    repo = MockRepository()
+
+    calculated_hash = repo.calculate_sha256(link)
+
+    assert suppressed_value_error
+    assert mock_download.call_count == 1
+    assert mock_hashlib.call_count == 1
+    assert (
+        calculated_hash
+        == "sha256:e216b70f013c47b82a72540d34347632c5bfe59fd54f5fe5d51f6a68b19aaf84"
+    )