def test_bad_alpn(self): host, port = self.server.socket.getsockname()[:2] with self.assertRaises(errors.Error): crypto_util.probe_sni(b'localhost', host=host, port=port, timeout=1, alpn_protocols=[b"bad-alpn"])
def test_it(self): host, port = self.server.socket.getsockname()[:2] cert = crypto_util.probe_sni(b'localhost', host=host, port=port, timeout=1) self.assertEqual(jose.ComparableX509(cert), jose.ComparableX509(self.certs[b'localhost'][1]))
def test_connect(self): socknames = self.servers.getsocknames() # connect to all addresses for sockname in socknames: host, port = sockname[:2] cert = crypto_util.probe_sni( b'localhost', host=host, port=port, timeout=1) self.assertEqual(jose.ComparableX509(cert), jose.ComparableX509(self.certs[b'localhost'][1]))
def certificate(self, cert, name, alt_host=None, port=443): """Verifies the certificate presented at name is cert""" host = alt_host if alt_host else socket.gethostbyname(name) try: presented_cert = crypto_util.probe_sni(name, host, port) except acme_errors.Error as error: logger.exception(error) return False return presented_cert.digest("sha256") == cert.digest("sha256")
def test_challenge_certs(self): host, port = self.server.socket.getsockname()[:2] cert = crypto_util.probe_sni( b'localhost', host=host, port=port, timeout=1, alpn_protocols=[b"acme-tls/1"]) # Expect challenge cert when connecting with ALPN. self.assertEqual( jose.ComparableX509(cert), jose.ComparableX509(self.challenge_certs[b'localhost'][1]) )
def test_it(self): max_attempts = 5 while max_attempts: max_attempts -= 1 try: cert = crypto_util.probe_sni(b"localhost", b"0.0.0.0", self.port) except errors.Error: self.assertTrue(max_attempts > 0, "Timeout!") time.sleep(1) # wait until thread starts else: self.assertEqual(jose.ComparableX509(cert), test_util.load_comparable_cert("cert.pem")) break
def test_live(self): self.process.start() cert = None for _ in range(50): time.sleep(0.1) try: cert = crypto_util.probe_sni(b'localhost', b'127.0.0.1', self.port) break except errors.Error: # pragma: no cover pass self.assertEqual(jose.ComparableX509(cert), test_util.load_comparable_cert('rsa2048_cert.pem'))
def test_it(self, mock_logger): # Use a Queue because mock objects aren't thread safe. q = queue.Queue() # type: queue.Queue[int] # Add port number to the queue. mock_logger.info.side_effect = lambda *args: q.put(args[-1]) self.thread.start() # After the timeout, an exception is raised if the queue is empty. port = q.get(timeout=5) cert = crypto_util.probe_sni(b'localhost', b'0.0.0.0', port) self.assertEqual(jose.ComparableX509(cert), test_util.load_comparable_cert('rsa2048_cert.pem'))
def test_it(self): max_attempts = 5 while max_attempts: max_attempts -= 1 try: cert = crypto_util.probe_sni(b'localhost', b'0.0.0.0', self.port) except errors.Error: self.assertTrue(max_attempts > 0, "Timeout!") time.sleep(1) # wait until thread starts else: self.assertEqual(jose.ComparableX509(cert), test_util.load_comparable_cert('cert.pem')) break
def test_it(self, mock_logger): # Use a Queue because mock objects aren't thread safe. q = queue.Queue() # type: queue.Queue[int] # Add port number to the queue. mock_logger.info.side_effect = lambda *args: q.put(args[-1]) self.thread.start() # After the timeout, an exception is raised if the queue is empty. port = q.get(timeout=5) cert = crypto_util.probe_sni(b'localhost', b'0.0.0.0', port) self.assertEqual(jose.ComparableX509(cert), test_util.load_comparable_cert( 'rsa2048_cert.pem'))
def probe_cert(self, domain, **kwargs): """Probe DVSNI challenge certificate. :param unicode domain: """ if "host" not in kwargs: host = socket.gethostbyname(domain) logging.debug('%s resolved to %s', domain, host) kwargs["host"] = host kwargs.setdefault("port", self.PORT) kwargs["name"] = self.z_domain # TODO: try different methods? # pylint: disable=protected-access return crypto_util.probe_sni(**kwargs)
def probe_cert(self, domain, host=None, port=None): """Probe tls-alpn-01 challenge certificate. :param unicode domain: domain being validated, required. :param string host: IP address used to probe the certificate. :param int port: Port used to probe the certificate. """ if host is None: host = socket.gethostbyname(domain) logger.debug('%s resolved to %s', domain, host) if port is None: port = self.PORT return crypto_util.probe_sni(host=host, port=port, name=domain, alpn_protocols=[self.ACME_TLS_1_PROTOCOL])
def probe_cert(self, domain, **kwargs): """Probe tls-sni-01 challenge certificate. :param unicode domain: """ # TODO: domain is not necessary if host is provided if "host" not in kwargs: host = socket.gethostbyname(domain) logger.debug('%s resolved to %s', domain, host) kwargs["host"] = host kwargs.setdefault("port", self.PORT) kwargs["name"] = self.z_domain # TODO: try different methods? return crypto_util.probe_sni(**kwargs)
def certificate(self, cert, name, alt_host=None, port=443): """Verifies the certificate presented at name is cert""" if alt_host is None: host = socket.gethostbyname(name).encode() elif isinstance(alt_host, bytes): host = alt_host else: host = alt_host.encode() name = name if isinstance(name, bytes) else name.encode() try: presented_cert = crypto_util.probe_sni(name, host, port) except acme_errors.Error as error: logger.exception(str(error)) return False return presented_cert.digest("sha256") == cert.digest("sha256")
def certificate(self, cert, name, alt_host=None, port=443): """Verifies the certificate presented at name is cert""" if alt_host is None: host = socket.gethostbyname(name) elif isinstance(alt_host, six.binary_type): host = alt_host else: host = alt_host.encode() name = name if isinstance(name, six.binary_type) else name.encode() try: presented_cert = crypto_util.probe_sni(name, host, port) except acme_errors.Error as error: logger.exception(str(error)) return False return presented_cert.digest("sha256") == cert.digest("sha256")
def certificate(self, cert, name, alt_host=None, port=443): """Verifies the certificate presented at name is cert""" if alt_host is None: host = socket.gethostbyname(name).encode() elif isinstance(alt_host, bytes): host = alt_host else: host = alt_host.encode() name = name if isinstance(name, bytes) else name.encode() try: presented_cert = crypto_util.probe_sni(name, host, port) except acme_errors.Error as error: logger.exception(str(error)) return False # Despite documentation saying that bytes are expected for digest(), we must provide a str. return presented_cert.digest(cast(bytes, "sha256")) == cert.digest("sha256")
def test_it(self): max_attempts = 5 for attempt in range(max_attempts): try: cert = crypto_util.probe_sni(b'localhost', b'0.0.0.0', self.port) except errors.Error: self.assertTrue(attempt + 1 < max_attempts, "Timeout!") time.sleep(1) # wait until thread starts else: self.assertEqual( jose.ComparableX509(cert), test_util.load_comparable_cert('rsa2048_cert.pem')) break if attempt == 0: # the first attempt is always meant to fail, so we can test # the socket failure code-path for probe_sni, as well self.thread.start()
def certificate(self, cert: crypto.X509, name: Union[str, bytes], alt_host: Optional[str] = None, port: int = 443) -> bool: """Verifies the certificate presented at name is cert""" if alt_host is None: # In fact, socket.gethostbyname accepts both bytes and str, but types do not know that. host = socket.gethostbyname(cast(str, name)).encode() elif isinstance(alt_host, bytes): host = alt_host else: host = alt_host.encode() name = name if isinstance(name, bytes) else name.encode() try: presented_cert = crypto_util.probe_sni(name, host, port) except acme_errors.Error as error: logger.exception(str(error)) return False return presented_cert.digest("sha256") == cert.digest("sha256")
def test_it(self): max_attempts = 5 for attempt in range(max_attempts): try: cert = crypto_util.probe_sni( b'localhost', b'0.0.0.0', self.port) except errors.Error: self.assertTrue(attempt + 1 < max_attempts, "Timeout!") time.sleep(1) # wait until thread starts else: self.assertEqual(jose.ComparableX509(cert), test_util.load_comparable_cert( 'rsa2048_cert.pem')) break if attempt == 0: # the first attempt is always meant to fail, so we can test # the socket failure code-path for probe_sni, as well self.thread.start()
def test_it(self): host, port = self.server.socket.getsockname()[:2] cert = crypto_util.probe_sni( b'localhost', host=host, port=port, timeout=1) self.assertEqual(jose.ComparableX509(cert), jose.ComparableX509(self.certs[b'localhost'][1]))
def test_dvsni(self): host, port = self.server.socket.getsockname()[:2] cert = crypto_util.probe_sni(b"localhost", host=host, port=port) self.assertEqual(jose.ComparableX509(cert), jose.ComparableX509(self.certs[b"localhost"][1]))
def test_dvsni(self): cert = crypto_util.probe_sni( b'localhost', *self.server.socket.getsockname()) self.assertEqual(jose.ComparableX509(cert), jose.ComparableX509(self.certs[b'localhost'][1]))
def _probe(self, name): from acme.crypto_util import probe_sni return jose.ComparableX509(probe_sni( name, host='127.0.0.1', port=self.port))
def _probe(self, name): from acme.crypto_util import probe_sni return jose.ComparableX509( probe_sni(name, host='127.0.0.1', port=self.port))