def test_validate_with_keys(self):
v_h = VirtualHost()
v_h.keys = [mock.MagicMock()]
v_h.validate()
v_h.keys[0].validate.assert_called_once_with()
def test___init__(self):
v_h = VirtualHost()
self.assertIsInstance(v_h, VirtualHost)
self.assertEqual(v_h.keys, [])
self.assertEqual(v_h.hostnames, set())
self.assertEqual(v_h.trust_anchors, [])
self.assertEqual(v_h.app_protocols, [])
def test_validate_without_keys(self):
v_h = VirtualHost()
with self.assertRaises(ValueError):
v_h.validate()
def test_matches_hostname_with_matching_name(self):
v_h = VirtualHost()
v_h.hostnames = set([b'example.com'])
self.assertTrue(v_h.matches_hostname(b'example.com'))
def handleArgs(argv, argString, flagsList=[]):
# Convert to getopt argstring format:
# Add ":" after each arg, ie "abc" -> "a:b:c:"
getOptArgString = ":".join(argString) + ":"
try:
opts, argv = getopt.getopt(argv, getOptArgString, flagsList)
except getopt.GetoptError as e:
printError(e)
# Default values if arg not present
privateKey = None
cert_chain = None
virtual_hosts = []
v_host_cert = None
username = None
password = None
tacks = None
verifierDB = None
reqCert = False
directory = None
expLabel = None
expLength = 20
alpn = []
dhparam = None
psk = None
psk_ident = None
psk_hash = 'sha256'
resumption = False
ssl3 = False
max_ver = None
tickets = None
ciphers = []
request_pha = False
require_pha = False
for opt, arg in opts:
if opt == "-k":
s = open(arg, "rb").read()
if sys.version_info[0] >= 3:
s = str(s, 'utf-8')
# OpenSSL/m2crypto does not support RSASSA-PSS certificates
if not privateKey:
privateKey = parsePEMKey(s,
private=True,
implementations=["python"])
else:
if not v_host_cert:
raise ValueError("Virtual host certificate missing "
"(must be listed before key)")
p_key = parsePEMKey(s,
private=True,
implementations=["python"])
if not virtual_hosts:
virtual_hosts.append(VirtualHost())
virtual_hosts[0].keys.append(
Keypair(p_key, v_host_cert.x509List))
v_host_cert = None
elif opt == "-c":
s = open(arg, "rb").read()
if sys.version_info[0] >= 3:
s = str(s, 'utf-8')
if not cert_chain:
cert_chain = X509CertChain()
cert_chain.parsePemList(s)
else:
v_host_cert = X509CertChain()
v_host_cert.parsePemList(s)
elif opt == "-u":
username = arg
elif opt == "-p":
password = arg
elif opt == "-t":
if tackpyLoaded:
s = open(arg, "rU").read()
tacks = Tack.createFromPemList(s)
elif opt == "-v":
verifierDB = VerifierDB(arg)
verifierDB.open()
elif opt == "-d":
directory = arg
elif opt == "--reqcert":
reqCert = True
elif opt == "-l":
expLabel = arg
elif opt == "-L":
expLength = int(arg)
elif opt == "-a":
alpn.append(bytearray(arg, 'utf-8'))
elif opt == "--param":
s = open(arg, "rb").read()
if sys.version_info[0] >= 3:
s = str(s, 'utf-8')
dhparam = parseDH(s)
elif opt == "--psk":
psk = a2b_hex(arg)
elif opt == "--psk-ident":
psk_ident = bytearray(arg, 'utf-8')
elif opt == "--psk-sha384":
psk_hash = 'sha384'
elif opt == "--resumption":
resumption = True
elif opt == "--ssl3":
ssl3 = True
elif opt == "--max-ver":
max_ver = ver_to_tuple(arg)
elif opt == "--tickets":
tickets = int(arg)
elif opt == "--cipherlist":
ciphers.append(arg)
elif opt == "--request-pha":
request_pha = True
elif opt == "--require-pha":
require_pha = True
else:
assert (False)
# when no names provided, don't return array
if not alpn:
alpn = None
if (psk and not psk_ident) or (not psk and psk_ident):
printError("PSK and IDENTITY must be set together")
if not argv:
printError("Missing address")
if len(argv) > 1:
printError("Too many arguments")
#Split address into hostname/port tuple
address = argv[0]
address = address.split(":")
if len(address) != 2:
raise SyntaxError("Must specify <host>:<port>")
address = (address[0], int(address[1]))
# Populate the return list
retList = [address]
if "k" in argString:
retList.append(privateKey)
if "c" in argString:
retList.append(cert_chain)
retList.append(virtual_hosts)
if "u" in argString:
retList.append(username)
if "p" in argString:
retList.append(password)
if "t" in argString:
retList.append(tacks)
if "v" in argString:
retList.append(verifierDB)
if "d" in argString:
retList.append(directory)
if "reqcert" in flagsList:
retList.append(reqCert)
if "l" in argString:
retList.append(expLabel)
if "L" in argString:
retList.append(expLength)
if "a" in argString:
retList.append(alpn)
if "param=" in flagsList:
retList.append(dhparam)
if "psk=" in flagsList:
retList.append(psk)
if "psk-ident=" in flagsList:
retList.append(psk_ident)
if "psk-sha384" in flagsList:
retList.append(psk_hash)
if "resumption" in flagsList:
retList.append(resumption)
if "ssl3" in flagsList:
retList.append(ssl3)
if "max-ver=" in flagsList:
retList.append(max_ver)
if "tickets=" in flagsList:
retList.append(tickets)
if "cipherlist=" in flagsList:
retList.append(ciphers)
if "request-pha" in flagsList:
retList.append(request_pha)
if "require-pha" in flagsList:
retList.append(require_pha)
return retList