def setUp(self): self._temp_dir = tempfile.mkdtemp(prefix='sslproxy_', dir='/tmp') self.ca_cert_path = self._temp_dir + 'testCA.pem' self.cert_path = self._temp_dir + 'testCA-cert.cer' self.wrong_ca_cert_path = self._temp_dir + 'wrong.pem' self.wrong_cert_path = self._temp_dir + 'wrong-cert.cer' # Write both pem and cer files for certificates certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(), cert_path=self.ca_cert_path) certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(), cert_path=self.ca_cert_path)
def test_generate_cert(self): ca_cert_path = os.path.join(self._temp_dir, 'testCA.pem') issuer = 'testIssuer' certutils.write_dummy_ca_cert( *certutils.generate_dummy_ca_cert(issuer), cert_path=ca_cert_path) with open(ca_cert_path, 'r') as root_file: root_string = root_file.read() subject = 'testSubject' cert_string = certutils.generate_cert(root_string, '', subject) cert = certutils.load_cert(cert_string) self.assertEqual(issuer, cert.get_issuer().commonName) self.assertEqual(subject, cert.get_subject().commonName) with open(ca_cert_path, 'r') as ca_cert_file: ca_cert_str = ca_cert_file.read() cert_string = certutils.generate_cert(ca_cert_str, cert_string, 'host.com') cert = certutils.load_cert(cert_string) self.assertEqual(issuer, cert.get_issuer().commonName) self.assertEqual(subject, cert.get_subject().commonName) self.assertEqual(2, cert.get_version()) self.assertEqual(2, cert.get_extension_count()) self.assertEqual(b"subjectAltName", cert.get_extension(0).get_short_name()) self.assertEqual(b"extendedKeyUsage", cert.get_extension(1).get_short_name())
def InstallTestCa(self): """Install a randomly generated root CA on the android device. This allows transparent HTTPS testing with WPR server without need to tweak application network stack. """ if certutils.openssl_import_error: logging.warning('The OpenSSL module is unavailable. ' 'Will fallback to ignoring certificate errors.') return try: self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(), 'testca.pem') certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(), cert_path=self._wpr_ca_cert_path) self._device_cert_util = adb_install_cert.AndroidCertInstaller( self._adb.device_serial(), None, self._wpr_ca_cert_path) logging.info('Installing test certificate authority on device: %s', self._adb.device_serial()) self._device_cert_util.install_cert(overwrite_cert=True) self._is_test_ca_installed = True except Exception: # Fallback to ignoring certificate errors. self.RemoveTestCa() logging.warning( 'Unable to install test certificate authority on device: ' '%s. Will fallback to ignoring certificate errors.' % self._adb.device_serial())
def _InstallTestCa(self): if not self._platform_backend.supports_test_ca: return assert not self.is_test_ca_installed, 'Test CA is already installed' if certutils.openssl_import_error: logging.warning( 'The OpenSSL module is unavailable. ' 'Browsers may fall back to ignoring certificate errors.') return if not platformsettings.HasSniSupport(): logging.warning( 'Web Page Replay requires SNI support (pyOpenSSL 0.13 or greater) ' 'to generate certificates from a test CA. ' 'Browsers may fall back to ignoring certificate errors.') return self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(), 'testca.pem') try: certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(), cert_path=self._wpr_ca_cert_path) self._platform_backend.InstallTestCa(self._wpr_ca_cert_path) logging.info( 'Test certificate authority installed on target platform.') except Exception: logging.exception( 'Failed to install test certificate authority on target platform. ' 'Browsers may fall back to ignoring certificate errors.') self._RemoveTestCa()
def _InstallTestCa(self): if not self._platform_backend.supports_test_ca: return assert not self.is_test_ca_installed, 'Test CA is already installed' if certutils.openssl_import_error: logging.warning( 'The OpenSSL module is unavailable. ' 'Browsers may fall back to ignoring certificate errors.') return if not platformsettings.HasSniSupport(): logging.warning( 'Web Page Replay requires SNI support (pyOpenSSL 0.13 or greater) ' 'to generate certificates from a test CA. ' 'Browsers may fall back to ignoring certificate errors.') return self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(), 'testca.pem') try: certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(), cert_path=self._wpr_ca_cert_path) self._platform_backend.InstallTestCa(self._wpr_ca_cert_path) logging.info('Test certificate authority installed on target platform.') except Exception: logging.exception( 'Failed to install test certificate authority on target platform. ' 'Browsers may fall back to ignoring certificate errors.') self._RemoveTestCa()
def test_generate_cert(self): ca_cert_path = os.path.join(self._temp_dir, 'testCA.pem') issuer = 'testIssuer' certutils.write_dummy_ca_cert( *certutils.generate_dummy_ca_cert(issuer), cert_path=ca_cert_path) with open(ca_cert_path, 'r') as root_file: root_string = root_file.read() subject = 'testSubject' cert_string = certutils.generate_cert( root_string, '', subject) cert = certutils.load_cert(cert_string) self.assertEqual(issuer, cert.get_issuer().commonName) self.assertEqual(subject, cert.get_subject().commonName) with open(ca_cert_path, 'r') as ca_cert_file: ca_cert_str = ca_cert_file.read() cert_string = certutils.generate_cert(ca_cert_str, cert_string, 'host.com') cert = certutils.load_cert(cert_string) self.assertEqual(issuer, cert.get_issuer().commonName) self.assertEqual(subject, cert.get_subject().commonName) self.assertEqual(2, cert.get_version()) self.assertEqual(2, cert.get_extension_count()) self.assertEqual(b"subjectAltName", cert.get_extension(0).get_short_name()) self.assertEqual(b"extendedKeyUsage", cert.get_extension(1).get_short_name())
def InstallTestCa(self): """Install a randomly generated root CA on the android device. This allows transparent HTTPS testing with WPR server without need to tweak application network stack. """ if certutils.openssl_import_error: logging.warning( 'The OpenSSL module is unavailable. ' 'Will fallback to ignoring certificate errors.') return try: self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(), 'testca.pem') certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(), cert_path=self._wpr_ca_cert_path) self._device_cert_util = adb_install_cert.AndroidCertInstaller( self._adb.device_serial(), None, self._wpr_ca_cert_path) logging.info('Installing test certificate authority on device: %s', self._adb.device_serial()) self._device_cert_util.install_cert(overwrite_cert=True) self._is_test_ca_installed = True except Exception: # Fallback to ignoring certificate errors. self.RemoveTestCa() logging.warning('Unable to install test certificate authority on device: ' '%s. Will fallback to ignoring certificate errors.' % self._adb.device_serial())
def RemoteWprHost(device, wpr_archive_path, record=False, network_condition_name=None, disable_script_injection=False): """Launches web page replay host. Args: device: Android device. wpr_archive_path: host sided WPR archive's path. record: Enables or disables WPR archive recording. network_condition_name: Network condition name available in emulation.NETWORK_CONDITIONS. disable_script_injection: Disable JavaScript file injections that is fighting against resources name entropy. Returns: Additional flags list that may be used for chromium to load web page through the running web page replay host. """ assert device if wpr_archive_path == None: _VerifySilentWprHost(record, network_condition_name) yield [] return # Deploy certification authority to the device. temp_certificate_dir = tempfile.mkdtemp() wpr_ca_cert_path = os.path.join(temp_certificate_dir, 'testca.pem') certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(), cert_path=wpr_ca_cert_path) device_cert_util = adb_install_cert.AndroidCertInstaller( device.adb.GetDeviceSerial(), None, wpr_ca_cert_path) device_cert_util.install_cert(overwrite_cert=True) try: # Set up WPR server with _WprHost(wpr_archive_path, record=record, network_condition_name=network_condition_name, disable_script_injection=disable_script_injection, wpr_ca_cert_path=wpr_ca_cert_path) as (http_port, https_port): # Set up the forwarder. forwarder.Forwarder.Map([(0, http_port), (0, https_port)], device) device_http_port = forwarder.Forwarder.DevicePortForHostPort( http_port) device_https_port = forwarder.Forwarder.DevicePortForHostPort( https_port) try: yield _FormatWPRRelatedChromeArgumentFor(device_http_port, device_https_port, escape=True) finally: # Tear down the forwarder. forwarder.Forwarder.UnmapDevicePort(device_http_port, device) forwarder.Forwarder.UnmapDevicePort(device_https_port, device) finally: # Remove certification authority from the device. device_cert_util.remove_cert() shutil.rmtree(temp_certificate_dir)
def RemoteWprHost(device, wpr_archive_path, record=False, network_condition_name=None, disable_script_injection=False, out_log_path=None): """Launches web page replay host. Args: device: Android device. wpr_archive_path: host sided WPR archive's path. record: Enables or disables WPR archive recording. network_condition_name: Network condition name available in emulation.NETWORK_CONDITIONS. disable_script_injection: Disable JavaScript file injections that is fighting against resources name entropy. out_log_path: Path of the WPR host's log. Returns: Additional flags list that may be used for chromium to load web page through the running web page replay host. """ assert device if wpr_archive_path == None: _VerifySilentWprHost(record, network_condition_name) yield [] return # Deploy certification authority to the device. temp_certificate_dir = tempfile.mkdtemp() wpr_ca_cert_path = os.path.join(temp_certificate_dir, 'testca.pem') certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(), cert_path=wpr_ca_cert_path) device_cert_util = adb_install_cert.AndroidCertInstaller( device.adb.GetDeviceSerial(), None, wpr_ca_cert_path) device_cert_util.install_cert(overwrite_cert=True) try: # Set up WPR server with _WprHost( wpr_archive_path, record=record, network_condition_name=network_condition_name, disable_script_injection=disable_script_injection, wpr_ca_cert_path=wpr_ca_cert_path, out_log_path=out_log_path) as (http_port, https_port): # Set up the forwarder. forwarder.Forwarder.Map([(0, http_port), (0, https_port)], device) device_http_port = forwarder.Forwarder.DevicePortForHostPort(http_port) device_https_port = forwarder.Forwarder.DevicePortForHostPort(https_port) try: yield _FormatWPRRelatedChromeArgumentFor(device_http_port, device_https_port, escape=True) finally: # Tear down the forwarder. forwarder.Forwarder.UnmapDevicePort(device_http_port, device) forwarder.Forwarder.UnmapDevicePort(device_https_port, device) finally: # Remove certification authority from the device. device_cert_util.remove_cert() shutil.rmtree(temp_certificate_dir)
def test_get_host_cert(self): ca_cert_path = os.path.join(self._temp_dir, 'rootCA.pem') issuer = 'testCA' certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(issuer), cert_path=ca_cert_path) with Server(ca_cert_path) as server: cert_str = certutils.get_host_cert('localhost', server.server_port) cert = certutils.load_cert(cert_str) self.assertEqual(issuer, cert.get_subject().commonName)
def test_get_host_cert(self): ca_cert_path = os.path.join(self._temp_dir, 'rootCA.pem') issuer = 'testCA' certutils.write_dummy_ca_cert( *certutils.generate_dummy_ca_cert(issuer), cert_path=ca_cert_path) with Server(ca_cert_path) as server: cert_str = certutils.get_host_cert('localhost', server.server_port) cert = certutils.load_cert(cert_str) self.assertEqual(issuer, cert.get_subject().commonName)
def _InstallTestCa(self): """Generates and deploys a test certificate authority.""" print "Installing test certificate authority on device: %s" % (self._device.adb.GetDeviceSerial()) self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(), "testca.pem") certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(), cert_path=self._wpr_ca_cert_path) self._device_cert_util = adb_install_cert.AndroidCertInstaller( self._device.adb.GetDeviceSerial(), None, self._wpr_ca_cert_path ) self._device_cert_util.install_cert(overwrite_cert=True) self._is_test_ca_installed = True
def _InstallTestCa(self): """Generates and deploys a test certificate authority.""" print 'Installing test certificate authority on device: %s' % ( self._device.adb.GetDeviceSerial()) self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(), 'testca.pem') certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(), cert_path=self._wpr_ca_cert_path) self._device_cert_util = adb_install_cert.AndroidCertInstaller( self._device.adb.GetDeviceSerial(), None, self._wpr_ca_cert_path) self._device_cert_util.install_cert(overwrite_cert=True) self._is_test_ca_installed = True
def test_write_dummy_ca_cert(self): base_path = os.path.join(self._temp_dir, 'testCA') ca_cert_path = base_path + '.pem' cert_path = base_path + '-cert.pem' ca_cert_android = base_path + '-cert.cer' ca_cert_windows = base_path + '-cert.p12' self.assertFalse(os.path.exists(ca_cert_path)) self.assertFalse(os.path.exists(cert_path)) self.assertFalse(os.path.exists(ca_cert_android)) self.assertFalse(os.path.exists(ca_cert_windows)) c, k = certutils.generate_dummy_ca_cert() certutils.write_dummy_ca_cert(c, k, ca_cert_path) self._check_cert_file(ca_cert_path, c, k) self._check_cert_file(cert_path, c) self._check_cert_file(ca_cert_android, c) self.assertTrue(os.path.exists(ca_cert_windows))
def LocalWprHost(wpr_archive_path, record=False, network_condition_name=None, disable_script_injection=False, out_log_path=None): """Launches web page replay host. Args: wpr_archive_path: host sided WPR archive's path. record: Enables or disables WPR archive recording. network_condition_name: Network condition name available in emulation.NETWORK_CONDITIONS. disable_script_injection: Disable JavaScript file injections that is fighting against resources name entropy. out_log_path: Path of the WPR host's log. Returns: WprAttribute """ if wpr_archive_path == None: _VerifySilentWprHost(record, network_condition_name) yield [] return with common_util.TemporaryDirectory() as temp_home_dir: # Generate a root certification authority certificate for WPR. private_ca_cert_path = os.path.join(temp_home_dir, 'wpr.pem') ca_cert_path = os.path.join(temp_home_dir, 'wpr-cert.pem') certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(), cert_path=private_ca_cert_path) assert os.path.isfile(ca_cert_path) certutils.install_cert_in_nssdb(temp_home_dir, ca_cert_path) with _WprHost(wpr_archive_path, record=record, network_condition_name=network_condition_name, disable_script_injection=disable_script_injection, wpr_ca_cert_path=private_ca_cert_path, out_log_path=out_log_path) as (http_port, https_port): chrome_args = _FormatWPRRelatedChromeArgumentFor(http_port, https_port, escape=False) yield WprAttribute(chrome_args=chrome_args, chrome_env_override={'HOME': temp_home_dir})
def LocalWprHost(wpr_archive_path, record=False, network_condition_name=None, disable_script_injection=False, out_log_path=None): """Launches web page replay host. Args: wpr_archive_path: host sided WPR archive's path. record: Enables or disables WPR archive recording. network_condition_name: Network condition name available in emulation.NETWORK_CONDITIONS. disable_script_injection: Disable JavaScript file injections that is fighting against resources name entropy. out_log_path: Path of the WPR host's log. Returns: WprAttribute """ if wpr_archive_path == None: _VerifySilentWprHost(record, network_condition_name) yield [] return with common_util.TemporaryDirectory() as temp_home_dir: # Generate a root certification authority certificate for WPR. private_ca_cert_path = os.path.join(temp_home_dir, 'wpr.pem') ca_cert_path = os.path.join(temp_home_dir, 'wpr-cert.pem') certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(), cert_path=private_ca_cert_path) assert os.path.isfile(ca_cert_path) certutils.install_cert_in_nssdb(temp_home_dir, ca_cert_path) with _WprHost( wpr_archive_path, record=record, network_condition_name=network_condition_name, disable_script_injection=disable_script_injection, wpr_ca_cert_path=private_ca_cert_path, out_log_path=out_log_path) as (http_port, https_port): chrome_args = _FormatWPRRelatedChromeArgumentFor(http_port, https_port, escape=False) yield WprAttribute(chrome_args=chrome_args, chrome_env_override={'HOME': temp_home_dir})
def test_generate_cert(self): ca_cert_path = os.path.join(self._temp_dir, 'testCA.pem') issuer = 'testIssuer' certutils.write_dummy_ca_cert( *certutils.generate_dummy_ca_cert(issuer), cert_path=ca_cert_path) with open(ca_cert_path, 'r') as root_file: root_string = root_file.read() subject = 'testSubject' cert_string = certutils.generate_cert(root_string, '', subject) cert = certutils.load_cert(cert_string) self.assertEqual(issuer, cert.get_issuer().commonName) self.assertEqual(subject, cert.get_subject().commonName) with open(ca_cert_path, 'r') as ca_cert_file: ca_cert_str = ca_cert_file.read() cert_string = certutils.generate_cert(ca_cert_str, cert_string, 'host') cert = certutils.load_cert(cert_string) self.assertEqual(issuer, cert.get_issuer().commonName) self.assertEqual(subject, cert.get_subject().commonName)
def test_generate_cert(self): ca_cert_path = os.path.join(self._temp_dir, 'testCA.pem') issuer = 'testIssuer' certutils.write_dummy_ca_cert( *certutils.generate_dummy_ca_cert(issuer), cert_path=ca_cert_path) with open(ca_cert_path, 'r') as root_file: root_string = root_file.read() subject = 'testSubject' cert_string = certutils.generate_cert( root_string, '', subject) cert = certutils.load_cert(cert_string) self.assertEqual(issuer, cert.get_issuer().commonName) self.assertEqual(subject, cert.get_subject().commonName) with open(ca_cert_path, 'r') as ca_cert_file: ca_cert_str = ca_cert_file.read() cert_string = certutils.generate_cert(ca_cert_str, cert_string, 'host') cert = certutils.load_cert(cert_string) self.assertEqual(issuer, cert.get_issuer().commonName) self.assertEqual(subject, cert.get_subject().commonName)
def InstallTestCa(self): """Install a randomly generated root CA on the android device. This allows transparent HTTPS testing with WPR server without need to tweak application network stack. """ # TODO(slamm): Move certificate creation related to webpagereplay.py. # The only code that needs to be in platform backend is installing the cert. if certutils.openssl_import_error: logging.warning('The OpenSSL module is unavailable. ' 'Will fallback to ignoring certificate errors.') return if not platformsettings.HasSniSupport(): logging.warning( 'Web Page Replay requires SNI support (pyOpenSSL 0.13 or greater) ' 'to generate certificates from a test CA. ' 'Will fallback to ignoring certificate errors.') return try: self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(), 'testca.pem') certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(), cert_path=self._wpr_ca_cert_path) self._device_cert_util = adb_install_cert.AndroidCertInstaller( self._device.adb.GetDeviceSerial(), None, self._wpr_ca_cert_path) logging.info('Installing test certificate authority on device: %s', str(self._device)) self._device_cert_util.install_cert(overwrite_cert=True) self._is_test_ca_installed = True except Exception as e: # Fallback to ignoring certificate errors. self.RemoveTestCa() logging.warning( 'Unable to install test certificate authority on device: %s. ' 'Will fallback to ignoring certificate errors. Install error: %s', str(self._device), e)
def InstallTestCa(self): """Install a randomly generated root CA on the android device. This allows transparent HTTPS testing with WPR server without need to tweak application network stack. """ # TODO(slamm): Move certificate creation related to webpagereplay.py. # The only code that needs to be in platform backend is installing the cert. if certutils.openssl_import_error: logging.warning("The OpenSSL module is unavailable. " "Will fallback to ignoring certificate errors.") return if not platformsettings.HasSniSupport(): logging.warning( "Web Page Replay requires SNI support (pyOpenSSL 0.13 or greater) " "to generate certificates from a test CA. " "Will fallback to ignoring certificate errors." ) return try: self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(), "testca.pem") certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(), cert_path=self._wpr_ca_cert_path) self._device_cert_util = adb_install_cert.AndroidCertInstaller( self._device.adb.GetDeviceSerial(), None, self._wpr_ca_cert_path ) logging.info("Installing test certificate authority on device: %s", str(self._device)) self._device_cert_util.install_cert(overwrite_cert=True) self._is_test_ca_installed = True except Exception as e: # Fallback to ignoring certificate errors. self.RemoveTestCa() logging.warning( "Unable to install test certificate authority on device: %s. " "Will fallback to ignoring certificate errors. Install error: %s", str(self._device), e, )
def test_generate_dummy_ca_cert(self): subject = 'testSubject' c, _ = certutils.generate_dummy_ca_cert(subject) c = certutils.load_cert(c) self.assertEqual(c.get_subject().commonName, subject)
def WprHost(device, wpr_archive_path, record=False, network_condition_name=None, disable_script_injection=False): """Launches web page replay host. Args: device: Android device. wpr_archive_path: host sided WPR archive's path. network_condition_name: Network condition name available in chrome_setup.NETWORK_CONDITIONS. record: Enables or disables WPR archive recording. Returns: Additional flags list that may be used for chromium to load web page through the running web page replay host. """ assert device if wpr_archive_path == None: assert not record, 'WPR cannot record without a specified archive.' assert not network_condition_name, ('WPR cannot emulate network condition' + ' without a specified archive.') yield [] return wpr_server_args = ['--use_closest_match'] if record: wpr_server_args.append('--record') if os.path.exists(wpr_archive_path): os.remove(wpr_archive_path) else: assert os.path.exists(wpr_archive_path) if network_condition_name: condition = chrome_setup.NETWORK_CONDITIONS[network_condition_name] if record: logging.warning('WPR network condition is ignored when recording.') else: wpr_server_args.extend([ '--down', chrome_setup.BandwidthToString(condition['download']), '--up', chrome_setup.BandwidthToString(condition['upload']), '--delay_ms', str(condition['latency']), '--shaping_type', 'proxy']) if disable_script_injection: # Remove default WPR injected scripts like deterministic.js which # overrides Math.random. wpr_server_args.extend(['--inject_scripts', '']) # Deploy certification authority to the device. temp_certificate_dir = tempfile.mkdtemp() wpr_ca_cert_path = os.path.join(temp_certificate_dir, 'testca.pem') certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(), cert_path=wpr_ca_cert_path) device_cert_util = adb_install_cert.AndroidCertInstaller( device.adb.GetDeviceSerial(), None, wpr_ca_cert_path) device_cert_util.install_cert(overwrite_cert=True) wpr_server_args.extend(['--should_generate_certs', '--https_root_ca_cert_path=' + wpr_ca_cert_path]) # Set up WPR server and device forwarder. wpr_server = webpagereplay.ReplayServer(wpr_archive_path, '127.0.0.1', 0, 0, None, wpr_server_args) ports = wpr_server.StartServer()[:-1] host_http_port = ports[0] host_https_port = ports[1] forwarder.Forwarder.Map([(0, host_http_port), (0, host_https_port)], device) device_http_port = forwarder.Forwarder.DevicePortForHostPort(host_http_port) device_https_port = forwarder.Forwarder.DevicePortForHostPort(host_https_port) try: yield [ '--host-resolver-rules="MAP * 127.0.0.1,EXCLUDE localhost"', '--testing-fixed-http-port={}'.format(device_http_port), '--testing-fixed-https-port={}'.format(device_https_port)] finally: forwarder.Forwarder.UnmapDevicePort(device_http_port, device) forwarder.Forwarder.UnmapDevicePort(device_https_port, device) wpr_server.StopServer() # Remove certification authority from the device. device_cert_util.remove_cert() shutil.rmtree(temp_certificate_dir)