Example #1
0
    def setUp(self):
        self._temp_dir = tempfile.mkdtemp(prefix='sslproxy_', dir='/tmp')
        self.ca_cert_path = self._temp_dir + 'testCA.pem'
        self.cert_path = self._temp_dir + 'testCA-cert.cer'
        self.wrong_ca_cert_path = self._temp_dir + 'wrong.pem'
        self.wrong_cert_path = self._temp_dir + 'wrong-cert.cer'

        # Write both pem and cer files for certificates
        certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(),
                                      cert_path=self.ca_cert_path)
        certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(),
                                      cert_path=self.ca_cert_path)
Example #2
0
  def setUp(self):
    self._temp_dir = tempfile.mkdtemp(prefix='sslproxy_', dir='/tmp')
    self.ca_cert_path = self._temp_dir + 'testCA.pem'
    self.cert_path = self._temp_dir + 'testCA-cert.cer'
    self.wrong_ca_cert_path = self._temp_dir + 'wrong.pem'
    self.wrong_cert_path = self._temp_dir + 'wrong-cert.cer'

    # Write both pem and cer files for certificates
    certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(),
                                  cert_path=self.ca_cert_path)
    certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(),
                                  cert_path=self.ca_cert_path)
Example #3
0
    def test_generate_cert(self):
        ca_cert_path = os.path.join(self._temp_dir, 'testCA.pem')
        issuer = 'testIssuer'
        certutils.write_dummy_ca_cert(
            *certutils.generate_dummy_ca_cert(issuer), cert_path=ca_cert_path)

        with open(ca_cert_path, 'r') as root_file:
            root_string = root_file.read()
        subject = 'testSubject'
        cert_string = certutils.generate_cert(root_string, '', subject)
        cert = certutils.load_cert(cert_string)
        self.assertEqual(issuer, cert.get_issuer().commonName)
        self.assertEqual(subject, cert.get_subject().commonName)

        with open(ca_cert_path, 'r') as ca_cert_file:
            ca_cert_str = ca_cert_file.read()
        cert_string = certutils.generate_cert(ca_cert_str, cert_string,
                                              'host.com')
        cert = certutils.load_cert(cert_string)
        self.assertEqual(issuer, cert.get_issuer().commonName)
        self.assertEqual(subject, cert.get_subject().commonName)
        self.assertEqual(2, cert.get_version())
        self.assertEqual(2, cert.get_extension_count())
        self.assertEqual(b"subjectAltName",
                         cert.get_extension(0).get_short_name())
        self.assertEqual(b"extendedKeyUsage",
                         cert.get_extension(1).get_short_name())
Example #4
0
    def InstallTestCa(self):
        """Install a randomly generated root CA on the android device.

    This allows transparent HTTPS testing with WPR server without need
    to tweak application network stack.
    """
        if certutils.openssl_import_error:
            logging.warning('The OpenSSL module is unavailable. '
                            'Will fallback to ignoring certificate errors.')
            return

        try:
            self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(),
                                                  'testca.pem')
            certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(),
                                          cert_path=self._wpr_ca_cert_path)
            self._device_cert_util = adb_install_cert.AndroidCertInstaller(
                self._adb.device_serial(), None, self._wpr_ca_cert_path)
            logging.info('Installing test certificate authority on device: %s',
                         self._adb.device_serial())
            self._device_cert_util.install_cert(overwrite_cert=True)
            self._is_test_ca_installed = True
        except Exception:
            # Fallback to ignoring certificate errors.
            self.RemoveTestCa()
            logging.warning(
                'Unable to install test certificate authority on device: '
                '%s. Will fallback to ignoring certificate errors.' %
                self._adb.device_serial())
Example #5
0
 def _InstallTestCa(self):
     if not self._platform_backend.supports_test_ca:
         return
     assert not self.is_test_ca_installed, 'Test CA is already installed'
     if certutils.openssl_import_error:
         logging.warning(
             'The OpenSSL module is unavailable. '
             'Browsers may fall back to ignoring certificate errors.')
         return
     if not platformsettings.HasSniSupport():
         logging.warning(
             'Web Page Replay requires SNI support (pyOpenSSL 0.13 or greater) '
             'to generate certificates from a test CA. '
             'Browsers may fall back to ignoring certificate errors.')
         return
     self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(), 'testca.pem')
     try:
         certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(),
                                       cert_path=self._wpr_ca_cert_path)
         self._platform_backend.InstallTestCa(self._wpr_ca_cert_path)
         logging.info(
             'Test certificate authority installed on target platform.')
     except Exception:
         logging.exception(
             'Failed to install test certificate authority on target platform. '
             'Browsers may fall back to ignoring certificate errors.')
         self._RemoveTestCa()
 def _InstallTestCa(self):
   if not self._platform_backend.supports_test_ca:
     return
   assert not self.is_test_ca_installed, 'Test CA is already installed'
   if certutils.openssl_import_error:
     logging.warning(
         'The OpenSSL module is unavailable. '
         'Browsers may fall back to ignoring certificate errors.')
     return
   if not platformsettings.HasSniSupport():
     logging.warning(
         'Web Page Replay requires SNI support (pyOpenSSL 0.13 or greater) '
         'to generate certificates from a test CA. '
         'Browsers may fall back to ignoring certificate errors.')
     return
   self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(), 'testca.pem')
   try:
     certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(),
                                   cert_path=self._wpr_ca_cert_path)
     self._platform_backend.InstallTestCa(self._wpr_ca_cert_path)
     logging.info('Test certificate authority installed on target platform.')
   except Exception:
     logging.exception(
         'Failed to install test certificate authority on target platform. '
         'Browsers may fall back to ignoring certificate errors.')
     self._RemoveTestCa()
  def test_generate_cert(self):
    ca_cert_path = os.path.join(self._temp_dir, 'testCA.pem')
    issuer = 'testIssuer'
    certutils.write_dummy_ca_cert(
        *certutils.generate_dummy_ca_cert(issuer), cert_path=ca_cert_path)

    with open(ca_cert_path, 'r') as root_file:
      root_string = root_file.read()
    subject = 'testSubject'
    cert_string = certutils.generate_cert(
        root_string, '', subject)
    cert = certutils.load_cert(cert_string)
    self.assertEqual(issuer, cert.get_issuer().commonName)
    self.assertEqual(subject, cert.get_subject().commonName)

    with open(ca_cert_path, 'r') as ca_cert_file:
      ca_cert_str = ca_cert_file.read()
    cert_string = certutils.generate_cert(ca_cert_str, cert_string,
                                          'host.com')
    cert = certutils.load_cert(cert_string)
    self.assertEqual(issuer, cert.get_issuer().commonName)
    self.assertEqual(subject, cert.get_subject().commonName)
    self.assertEqual(2, cert.get_version())
    self.assertEqual(2, cert.get_extension_count())
    self.assertEqual(b"subjectAltName", cert.get_extension(0).get_short_name())
    self.assertEqual(b"extendedKeyUsage",
                     cert.get_extension(1).get_short_name())
  def InstallTestCa(self):
    """Install a randomly generated root CA on the android device.

    This allows transparent HTTPS testing with WPR server without need
    to tweak application network stack.
    """
    if certutils.openssl_import_error:
      logging.warning(
          'The OpenSSL module is unavailable. '
          'Will fallback to ignoring certificate errors.')
      return

    try:
      self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(), 'testca.pem')
      certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(),
                                    cert_path=self._wpr_ca_cert_path)
      self._device_cert_util = adb_install_cert.AndroidCertInstaller(
          self._adb.device_serial(), None, self._wpr_ca_cert_path)
      logging.info('Installing test certificate authority on device: %s',
                   self._adb.device_serial())
      self._device_cert_util.install_cert(overwrite_cert=True)
      self._is_test_ca_installed = True
    except Exception:
      # Fallback to ignoring certificate errors.
      self.RemoveTestCa()
      logging.warning('Unable to install test certificate authority on device: '
                      '%s. Will fallback to ignoring certificate errors.'
                      % self._adb.device_serial())
Example #9
0
def RemoteWprHost(device,
                  wpr_archive_path,
                  record=False,
                  network_condition_name=None,
                  disable_script_injection=False):
    """Launches web page replay host.

  Args:
    device: Android device.
    wpr_archive_path: host sided WPR archive's path.
    record: Enables or disables WPR archive recording.
    network_condition_name: Network condition name available in
        emulation.NETWORK_CONDITIONS.
    disable_script_injection: Disable JavaScript file injections that is
      fighting against resources name entropy.

  Returns:
    Additional flags list that may be used for chromium to load web page through
    the running web page replay host.
  """
    assert device
    if wpr_archive_path == None:
        _VerifySilentWprHost(record, network_condition_name)
        yield []
        return
    # Deploy certification authority to the device.
    temp_certificate_dir = tempfile.mkdtemp()
    wpr_ca_cert_path = os.path.join(temp_certificate_dir, 'testca.pem')
    certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(),
                                  cert_path=wpr_ca_cert_path)
    device_cert_util = adb_install_cert.AndroidCertInstaller(
        device.adb.GetDeviceSerial(), None, wpr_ca_cert_path)
    device_cert_util.install_cert(overwrite_cert=True)
    try:
        # Set up WPR server
        with _WprHost(wpr_archive_path,
                      record=record,
                      network_condition_name=network_condition_name,
                      disable_script_injection=disable_script_injection,
                      wpr_ca_cert_path=wpr_ca_cert_path) as (http_port,
                                                             https_port):
            # Set up the forwarder.
            forwarder.Forwarder.Map([(0, http_port), (0, https_port)], device)
            device_http_port = forwarder.Forwarder.DevicePortForHostPort(
                http_port)
            device_https_port = forwarder.Forwarder.DevicePortForHostPort(
                https_port)
            try:
                yield _FormatWPRRelatedChromeArgumentFor(device_http_port,
                                                         device_https_port,
                                                         escape=True)
            finally:
                # Tear down the forwarder.
                forwarder.Forwarder.UnmapDevicePort(device_http_port, device)
                forwarder.Forwarder.UnmapDevicePort(device_https_port, device)
    finally:
        # Remove certification authority from the device.
        device_cert_util.remove_cert()
        shutil.rmtree(temp_certificate_dir)
def RemoteWprHost(device, wpr_archive_path, record=False,
                  network_condition_name=None,
                  disable_script_injection=False,
                  out_log_path=None):
  """Launches web page replay host.

  Args:
    device: Android device.
    wpr_archive_path: host sided WPR archive's path.
    record: Enables or disables WPR archive recording.
    network_condition_name: Network condition name available in
        emulation.NETWORK_CONDITIONS.
    disable_script_injection: Disable JavaScript file injections that is
      fighting against resources name entropy.
    out_log_path: Path of the WPR host's log.

  Returns:
    Additional flags list that may be used for chromium to load web page through
    the running web page replay host.
  """
  assert device
  if wpr_archive_path == None:
    _VerifySilentWprHost(record, network_condition_name)
    yield []
    return
  # Deploy certification authority to the device.
  temp_certificate_dir = tempfile.mkdtemp()
  wpr_ca_cert_path = os.path.join(temp_certificate_dir, 'testca.pem')
  certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(),
                                cert_path=wpr_ca_cert_path)
  device_cert_util = adb_install_cert.AndroidCertInstaller(
      device.adb.GetDeviceSerial(), None, wpr_ca_cert_path)
  device_cert_util.install_cert(overwrite_cert=True)
  try:
    # Set up WPR server
    with _WprHost(
        wpr_archive_path,
        record=record,
        network_condition_name=network_condition_name,
        disable_script_injection=disable_script_injection,
        wpr_ca_cert_path=wpr_ca_cert_path,
        out_log_path=out_log_path) as (http_port, https_port):
      # Set up the forwarder.
      forwarder.Forwarder.Map([(0, http_port), (0, https_port)], device)
      device_http_port = forwarder.Forwarder.DevicePortForHostPort(http_port)
      device_https_port = forwarder.Forwarder.DevicePortForHostPort(https_port)
      try:
        yield _FormatWPRRelatedChromeArgumentFor(device_http_port,
                                                 device_https_port,
                                                 escape=True)
      finally:
        # Tear down the forwarder.
        forwarder.Forwarder.UnmapDevicePort(device_http_port, device)
        forwarder.Forwarder.UnmapDevicePort(device_https_port, device)
  finally:
    # Remove certification authority from the device.
    device_cert_util.remove_cert()
    shutil.rmtree(temp_certificate_dir)
  def test_get_host_cert(self):
    ca_cert_path = os.path.join(self._temp_dir, 'rootCA.pem')
    issuer = 'testCA'
    certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(issuer),
                                  cert_path=ca_cert_path)

    with Server(ca_cert_path) as server:
      cert_str = certutils.get_host_cert('localhost', server.server_port)
      cert = certutils.load_cert(cert_str)
      self.assertEqual(issuer, cert.get_subject().commonName)
Example #12
0
    def test_get_host_cert(self):
        ca_cert_path = os.path.join(self._temp_dir, 'rootCA.pem')
        issuer = 'testCA'
        certutils.write_dummy_ca_cert(
            *certutils.generate_dummy_ca_cert(issuer), cert_path=ca_cert_path)

        with Server(ca_cert_path) as server:
            cert_str = certutils.get_host_cert('localhost', server.server_port)
            cert = certutils.load_cert(cert_str)
            self.assertEqual(issuer, cert.get_subject().commonName)
 def _InstallTestCa(self):
     """Generates and deploys a test certificate authority."""
     print "Installing test certificate authority on device: %s" % (self._device.adb.GetDeviceSerial())
     self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(), "testca.pem")
     certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(), cert_path=self._wpr_ca_cert_path)
     self._device_cert_util = adb_install_cert.AndroidCertInstaller(
         self._device.adb.GetDeviceSerial(), None, self._wpr_ca_cert_path
     )
     self._device_cert_util.install_cert(overwrite_cert=True)
     self._is_test_ca_installed = True
Example #14
0
 def _InstallTestCa(self):
   """Generates and deploys a test certificate authority."""
   print 'Installing test certificate authority on device: %s' % (
       self._device.adb.GetDeviceSerial())
   self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(), 'testca.pem')
   certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(),
                                 cert_path=self._wpr_ca_cert_path)
   self._device_cert_util = adb_install_cert.AndroidCertInstaller(
       self._device.adb.GetDeviceSerial(), None, self._wpr_ca_cert_path)
   self._device_cert_util.install_cert(overwrite_cert=True)
   self._is_test_ca_installed = True
  def test_write_dummy_ca_cert(self):
    base_path = os.path.join(self._temp_dir, 'testCA')
    ca_cert_path = base_path + '.pem'
    cert_path = base_path + '-cert.pem'
    ca_cert_android = base_path + '-cert.cer'
    ca_cert_windows = base_path + '-cert.p12'

    self.assertFalse(os.path.exists(ca_cert_path))
    self.assertFalse(os.path.exists(cert_path))
    self.assertFalse(os.path.exists(ca_cert_android))
    self.assertFalse(os.path.exists(ca_cert_windows))
    c, k = certutils.generate_dummy_ca_cert()
    certutils.write_dummy_ca_cert(c, k, ca_cert_path)

    self._check_cert_file(ca_cert_path, c, k)
    self._check_cert_file(cert_path, c)
    self._check_cert_file(ca_cert_android, c)
    self.assertTrue(os.path.exists(ca_cert_windows))
Example #16
0
    def test_write_dummy_ca_cert(self):
        base_path = os.path.join(self._temp_dir, 'testCA')
        ca_cert_path = base_path + '.pem'
        cert_path = base_path + '-cert.pem'
        ca_cert_android = base_path + '-cert.cer'
        ca_cert_windows = base_path + '-cert.p12'

        self.assertFalse(os.path.exists(ca_cert_path))
        self.assertFalse(os.path.exists(cert_path))
        self.assertFalse(os.path.exists(ca_cert_android))
        self.assertFalse(os.path.exists(ca_cert_windows))
        c, k = certutils.generate_dummy_ca_cert()
        certutils.write_dummy_ca_cert(c, k, ca_cert_path)

        self._check_cert_file(ca_cert_path, c, k)
        self._check_cert_file(cert_path, c)
        self._check_cert_file(ca_cert_android, c)
        self.assertTrue(os.path.exists(ca_cert_windows))
def LocalWprHost(wpr_archive_path,
                 record=False,
                 network_condition_name=None,
                 disable_script_injection=False,
                 out_log_path=None):
    """Launches web page replay host.

  Args:
    wpr_archive_path: host sided WPR archive's path.
    record: Enables or disables WPR archive recording.
    network_condition_name: Network condition name available in
        emulation.NETWORK_CONDITIONS.
    disable_script_injection: Disable JavaScript file injections that is
      fighting against resources name entropy.
    out_log_path: Path of the WPR host's log.

  Returns:
    WprAttribute
  """
    if wpr_archive_path == None:
        _VerifySilentWprHost(record, network_condition_name)
        yield []
        return

    with common_util.TemporaryDirectory() as temp_home_dir:
        # Generate a root certification authority certificate for WPR.
        private_ca_cert_path = os.path.join(temp_home_dir, 'wpr.pem')
        ca_cert_path = os.path.join(temp_home_dir, 'wpr-cert.pem')
        certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(),
                                      cert_path=private_ca_cert_path)
        assert os.path.isfile(ca_cert_path)
        certutils.install_cert_in_nssdb(temp_home_dir, ca_cert_path)

        with _WprHost(wpr_archive_path,
                      record=record,
                      network_condition_name=network_condition_name,
                      disable_script_injection=disable_script_injection,
                      wpr_ca_cert_path=private_ca_cert_path,
                      out_log_path=out_log_path) as (http_port, https_port):
            chrome_args = _FormatWPRRelatedChromeArgumentFor(http_port,
                                                             https_port,
                                                             escape=False)
            yield WprAttribute(chrome_args=chrome_args,
                               chrome_env_override={'HOME': temp_home_dir})
Example #18
0
def LocalWprHost(wpr_archive_path, record=False,
                 network_condition_name=None,
                 disable_script_injection=False,
                 out_log_path=None):
  """Launches web page replay host.

  Args:
    wpr_archive_path: host sided WPR archive's path.
    record: Enables or disables WPR archive recording.
    network_condition_name: Network condition name available in
        emulation.NETWORK_CONDITIONS.
    disable_script_injection: Disable JavaScript file injections that is
      fighting against resources name entropy.
    out_log_path: Path of the WPR host's log.

  Returns:
    WprAttribute
  """
  if wpr_archive_path == None:
    _VerifySilentWprHost(record, network_condition_name)
    yield []
    return

  with common_util.TemporaryDirectory() as temp_home_dir:
    # Generate a root certification authority certificate for WPR.
    private_ca_cert_path = os.path.join(temp_home_dir, 'wpr.pem')
    ca_cert_path = os.path.join(temp_home_dir, 'wpr-cert.pem')
    certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(),
                                  cert_path=private_ca_cert_path)
    assert os.path.isfile(ca_cert_path)
    certutils.install_cert_in_nssdb(temp_home_dir, ca_cert_path)

    with _WprHost(
        wpr_archive_path,
        record=record,
        network_condition_name=network_condition_name,
        disable_script_injection=disable_script_injection,
        wpr_ca_cert_path=private_ca_cert_path,
        out_log_path=out_log_path) as (http_port, https_port):
      chrome_args = _FormatWPRRelatedChromeArgumentFor(http_port, https_port,
                                                       escape=False)
      yield WprAttribute(chrome_args=chrome_args,
                         chrome_env_override={'HOME': temp_home_dir})
Example #19
0
    def test_generate_cert(self):
        ca_cert_path = os.path.join(self._temp_dir, 'testCA.pem')
        issuer = 'testIssuer'
        certutils.write_dummy_ca_cert(
            *certutils.generate_dummy_ca_cert(issuer), cert_path=ca_cert_path)

        with open(ca_cert_path, 'r') as root_file:
            root_string = root_file.read()
        subject = 'testSubject'
        cert_string = certutils.generate_cert(root_string, '', subject)
        cert = certutils.load_cert(cert_string)
        self.assertEqual(issuer, cert.get_issuer().commonName)
        self.assertEqual(subject, cert.get_subject().commonName)

        with open(ca_cert_path, 'r') as ca_cert_file:
            ca_cert_str = ca_cert_file.read()
        cert_string = certutils.generate_cert(ca_cert_str, cert_string, 'host')
        cert = certutils.load_cert(cert_string)
        self.assertEqual(issuer, cert.get_issuer().commonName)
        self.assertEqual(subject, cert.get_subject().commonName)
Example #20
0
  def test_generate_cert(self):
    ca_cert_path = os.path.join(self._temp_dir, 'testCA.pem')
    issuer = 'testIssuer'
    certutils.write_dummy_ca_cert(
        *certutils.generate_dummy_ca_cert(issuer), cert_path=ca_cert_path)

    with open(ca_cert_path, 'r') as root_file:
      root_string = root_file.read()
    subject = 'testSubject'
    cert_string = certutils.generate_cert(
        root_string, '', subject)
    cert = certutils.load_cert(cert_string)
    self.assertEqual(issuer, cert.get_issuer().commonName)
    self.assertEqual(subject, cert.get_subject().commonName)

    with open(ca_cert_path, 'r') as ca_cert_file:
      ca_cert_str = ca_cert_file.read()
    cert_string = certutils.generate_cert(ca_cert_str, cert_string,
                                          'host')
    cert = certutils.load_cert(cert_string)
    self.assertEqual(issuer, cert.get_issuer().commonName)
    self.assertEqual(subject, cert.get_subject().commonName)
Example #21
0
    def InstallTestCa(self):
        """Install a randomly generated root CA on the android device.

    This allows transparent HTTPS testing with WPR server without need
    to tweak application network stack.
    """
        # TODO(slamm): Move certificate creation related to webpagereplay.py.
        # The only code that needs to be in platform backend is installing the cert.
        if certutils.openssl_import_error:
            logging.warning('The OpenSSL module is unavailable. '
                            'Will fallback to ignoring certificate errors.')
            return
        if not platformsettings.HasSniSupport():
            logging.warning(
                'Web Page Replay requires SNI support (pyOpenSSL 0.13 or greater) '
                'to generate certificates from a test CA. '
                'Will fallback to ignoring certificate errors.')
            return
        try:
            self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(),
                                                  'testca.pem')
            certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(),
                                          cert_path=self._wpr_ca_cert_path)
            self._device_cert_util = adb_install_cert.AndroidCertInstaller(
                self._device.adb.GetDeviceSerial(), None,
                self._wpr_ca_cert_path)
            logging.info('Installing test certificate authority on device: %s',
                         str(self._device))
            self._device_cert_util.install_cert(overwrite_cert=True)
            self._is_test_ca_installed = True
        except Exception as e:
            # Fallback to ignoring certificate errors.
            self.RemoveTestCa()
            logging.warning(
                'Unable to install test certificate authority on device: %s. '
                'Will fallback to ignoring certificate errors. Install error: %s',
                str(self._device), e)
    def InstallTestCa(self):
        """Install a randomly generated root CA on the android device.

    This allows transparent HTTPS testing with WPR server without need
    to tweak application network stack.
    """
        # TODO(slamm): Move certificate creation related to webpagereplay.py.
        # The only code that needs to be in platform backend is installing the cert.
        if certutils.openssl_import_error:
            logging.warning("The OpenSSL module is unavailable. " "Will fallback to ignoring certificate errors.")
            return
        if not platformsettings.HasSniSupport():
            logging.warning(
                "Web Page Replay requires SNI support (pyOpenSSL 0.13 or greater) "
                "to generate certificates from a test CA. "
                "Will fallback to ignoring certificate errors."
            )
            return
        try:
            self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(), "testca.pem")
            certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(), cert_path=self._wpr_ca_cert_path)
            self._device_cert_util = adb_install_cert.AndroidCertInstaller(
                self._device.adb.GetDeviceSerial(), None, self._wpr_ca_cert_path
            )
            logging.info("Installing test certificate authority on device: %s", str(self._device))
            self._device_cert_util.install_cert(overwrite_cert=True)
            self._is_test_ca_installed = True
        except Exception as e:
            # Fallback to ignoring certificate errors.
            self.RemoveTestCa()
            logging.warning(
                "Unable to install test certificate authority on device: %s. "
                "Will fallback to ignoring certificate errors. Install error: %s",
                str(self._device),
                e,
            )
 def test_generate_dummy_ca_cert(self):
   subject = 'testSubject'
   c, _ = certutils.generate_dummy_ca_cert(subject)
   c = certutils.load_cert(c)
   self.assertEqual(c.get_subject().commonName, subject)
Example #24
0
def WprHost(device, wpr_archive_path, record=False,
            network_condition_name=None,
            disable_script_injection=False):
  """Launches web page replay host.

  Args:
    device: Android device.
    wpr_archive_path: host sided WPR archive's path.
    network_condition_name: Network condition name available in
        chrome_setup.NETWORK_CONDITIONS.
    record: Enables or disables WPR archive recording.

  Returns:
    Additional flags list that may be used for chromium to load web page through
    the running web page replay host.
  """
  assert device
  if wpr_archive_path == None:
    assert not record, 'WPR cannot record without a specified archive.'
    assert not network_condition_name, ('WPR cannot emulate network condition' +
                                        ' without a specified archive.')
    yield []
    return

  wpr_server_args = ['--use_closest_match']
  if record:
    wpr_server_args.append('--record')
    if os.path.exists(wpr_archive_path):
      os.remove(wpr_archive_path)
  else:
    assert os.path.exists(wpr_archive_path)
  if network_condition_name:
    condition = chrome_setup.NETWORK_CONDITIONS[network_condition_name]
    if record:
      logging.warning('WPR network condition is ignored when recording.')
    else:
      wpr_server_args.extend([
          '--down', chrome_setup.BandwidthToString(condition['download']),
          '--up', chrome_setup.BandwidthToString(condition['upload']),
          '--delay_ms', str(condition['latency']),
          '--shaping_type', 'proxy'])

  if disable_script_injection:
    # Remove default WPR injected scripts like deterministic.js which
    # overrides Math.random.
    wpr_server_args.extend(['--inject_scripts', ''])

  # Deploy certification authority to the device.
  temp_certificate_dir = tempfile.mkdtemp()
  wpr_ca_cert_path = os.path.join(temp_certificate_dir, 'testca.pem')
  certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(),
                                cert_path=wpr_ca_cert_path)

  device_cert_util = adb_install_cert.AndroidCertInstaller(
      device.adb.GetDeviceSerial(), None, wpr_ca_cert_path)
  device_cert_util.install_cert(overwrite_cert=True)
  wpr_server_args.extend(['--should_generate_certs',
                          '--https_root_ca_cert_path=' + wpr_ca_cert_path])

  # Set up WPR server and device forwarder.
  wpr_server = webpagereplay.ReplayServer(wpr_archive_path,
      '127.0.0.1', 0, 0, None, wpr_server_args)
  ports = wpr_server.StartServer()[:-1]
  host_http_port = ports[0]
  host_https_port = ports[1]

  forwarder.Forwarder.Map([(0, host_http_port), (0, host_https_port)], device)
  device_http_port = forwarder.Forwarder.DevicePortForHostPort(host_http_port)
  device_https_port = forwarder.Forwarder.DevicePortForHostPort(host_https_port)

  try:
    yield [
      '--host-resolver-rules="MAP * 127.0.0.1,EXCLUDE localhost"',
      '--testing-fixed-http-port={}'.format(device_http_port),
      '--testing-fixed-https-port={}'.format(device_https_port)]
  finally:
    forwarder.Forwarder.UnmapDevicePort(device_http_port, device)
    forwarder.Forwarder.UnmapDevicePort(device_https_port, device)
    wpr_server.StopServer()

    # Remove certification authority from the device.
    device_cert_util.remove_cert()
    shutil.rmtree(temp_certificate_dir)
Example #25
0
 def test_generate_dummy_ca_cert(self):
     subject = 'testSubject'
     c, _ = certutils.generate_dummy_ca_cert(subject)
     c = certutils.load_cert(c)
     self.assertEqual(c.get_subject().commonName, subject)