def test_fails_when_client_auth_failed(self):
# Given a server that does NOT support SCSV and that requires client authentication
with LegacyOpenSslServer(
client_auth_config=ClientAuthConfigEnum.REQUIRED) as server:
# And sslyze does NOT provide a client certificate
server_location = ServerNetworkLocationViaDirectConnection(
hostname=server.hostname,
ip_address=server.ip_address,
port=server.port)
server_info = ServerConnectivityTester().perform(server_location)
# When testing for SCSV, it fails as a client cert was not supplied
with pytest.raises(ClientCertificateRequested):
FallbackScsvImplementation.scan_server(server_info)
def test_works_when_client_auth_succeeded(self):
# Given a server that does NOT support SCSV and that requires client authentication
with LegacyOpenSslServer(
client_auth_config=ClientAuthConfigEnum.REQUIRED) as server:
server_location = ServerNetworkLocationViaDirectConnection(
hostname=server.hostname,
ip_address=server.ip_address,
port=server.port)
# And sslyze provides a client certificate
network_config = ServerNetworkConfiguration(
tls_server_name_indication=server.hostname,
tls_client_auth_credentials=ClientAuthenticationCredentials(
certificate_chain_path=server.get_client_certificate_path(
),
key_path=server.get_client_key_path()),
)
server_info = ServerConnectivityTester().perform(
server_location, network_config)
# When testing for SCSV, it succeeds
result: FallbackScsvScanResult = FallbackScsvImplementation.scan_server(
server_info)
# And the server is reported as NOT supporting SCSV
assert not result.supports_fallback_scsv
def test_fallback_good(self):
# Given a server that supports SCSV
server_location = ServerNetworkLocationViaDirectConnection.with_ip_address_lookup(
"www.google.com", 443)
server_info = ServerConnectivityTester().perform(server_location)
# When testing for SCSV, it succeeds
result: FallbackScsvScanResult = FallbackScsvImplementation.perform(
server_info)
# And the server is reported as supporting SCSV
assert result.supports_fallback_scsv
def test_fallback_bad(self):
# Given a server that does NOT support SCSV
with LegacyOpenSslServer() as server:
server_location = ServerNetworkLocationViaDirectConnection(
hostname=server.hostname,
ip_address=server.ip_address,
port=server.port)
server_info = ServerConnectivityTester().perform(server_location)
# When testing for SCSV, it succeeds
result: FallbackScsvScanResult = FallbackScsvImplementation.scan_server(
server_info)
# And the server is reported as NOT supporting SCSV
assert not result.supports_fallback_scsv
def test_fallback_good(self):
# Given a server that supports SCSV
server_location = ServerNetworkLocation("www.google.com", 443)
server_info = check_connectivity_to_server_and_return_info(
server_location)
# When testing for SCSV, it succeeds
result: FallbackScsvScanResult = FallbackScsvImplementation.scan_server(
server_info)
# And the server is reported as supporting SCSV
assert result.supports_fallback_scsv
# And a CLI output can be generated
assert FallbackScsvImplementation.cli_connector_cls.result_to_console_output(
result)