def test_generate_cert(self): ca_cert_path = os.path.join(self._temp_dir, 'testCA.pem') issuer = 'testIssuer' certutils.write_dummy_ca_cert( *certutils.generate_dummy_ca_cert(issuer), cert_path=ca_cert_path) with open(ca_cert_path, 'r') as root_file: root_string = root_file.read() subject = 'testSubject' cert_string = certutils.generate_cert( root_string, '', subject) cert = certutils.load_cert(cert_string) self.assertEqual(issuer, cert.get_issuer().commonName) self.assertEqual(subject, cert.get_subject().commonName) with open(ca_cert_path, 'r') as ca_cert_file: ca_cert_str = ca_cert_file.read() cert_string = certutils.generate_cert(ca_cert_str, cert_string, 'host.com') cert = certutils.load_cert(cert_string) self.assertEqual(issuer, cert.get_issuer().commonName) self.assertEqual(subject, cert.get_subject().commonName) self.assertEqual(2, cert.get_version()) self.assertEqual(2, cert.get_extension_count()) self.assertEqual(b"subjectAltName", cert.get_extension(0).get_short_name()) self.assertEqual(b"extendedKeyUsage", cert.get_extension(1).get_short_name())
def test_generate_cert(self): ca_cert_path = os.path.join(self._temp_dir, 'testCA.pem') issuer = 'testIssuer' certutils.write_dummy_ca_cert( *certutils.generate_dummy_ca_cert(issuer), cert_path=ca_cert_path) with open(ca_cert_path, 'r') as root_file: root_string = root_file.read() subject = 'testSubject' cert_string = certutils.generate_cert(root_string, '', subject) cert = certutils.load_cert(cert_string) self.assertEqual(issuer, cert.get_issuer().commonName) self.assertEqual(subject, cert.get_subject().commonName) with open(ca_cert_path, 'r') as ca_cert_file: ca_cert_str = ca_cert_file.read() cert_string = certutils.generate_cert(ca_cert_str, cert_string, 'host.com') cert = certutils.load_cert(cert_string) self.assertEqual(issuer, cert.get_issuer().commonName) self.assertEqual(subject, cert.get_subject().commonName) self.assertEqual(2, cert.get_version()) self.assertEqual(2, cert.get_extension_count()) self.assertEqual(b"subjectAltName", cert.get_extension(0).get_short_name()) self.assertEqual(b"extendedKeyUsage", cert.get_extension(1).get_short_name())
def test_get_host_cert(self): ca_cert_path = os.path.join(self._temp_dir, 'rootCA.pem') issuer = 'testCA' certutils.write_dummy_ca_cert( *certutils.generate_dummy_ca_cert(issuer), cert_path=ca_cert_path) with Server(ca_cert_path) as server: cert_str = certutils.get_host_cert('localhost', server.server_port) cert = certutils.load_cert(cert_str) self.assertEqual(issuer, cert.get_subject().commonName)
def test_get_host_cert(self): ca_cert_path = os.path.join(self._temp_dir, 'rootCA.pem') issuer = 'testCA' certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(issuer), cert_path=ca_cert_path) with Server(ca_cert_path) as server: cert_str = certutils.get_host_cert('localhost', server.server_port) cert = certutils.load_cert(cert_str) self.assertEqual(issuer, cert.get_subject().commonName)
def test_generate_cert(self): ca_cert_path = os.path.join(self._temp_dir, 'testCA.pem') issuer = 'testIssuer' certutils.write_dummy_ca_cert( *certutils.generate_dummy_ca_cert(issuer), cert_path=ca_cert_path) with open(ca_cert_path, 'r') as root_file: root_string = root_file.read() subject = 'testSubject' cert_string = certutils.generate_cert(root_string, '', subject) cert = certutils.load_cert(cert_string) self.assertEqual(issuer, cert.get_issuer().commonName) self.assertEqual(subject, cert.get_subject().commonName) with open(ca_cert_path, 'r') as ca_cert_file: ca_cert_str = ca_cert_file.read() cert_string = certutils.generate_cert(ca_cert_str, cert_string, 'host') cert = certutils.load_cert(cert_string) self.assertEqual(issuer, cert.get_issuer().commonName) self.assertEqual(subject, cert.get_subject().commonName)
def test_generate_cert(self): ca_cert_path = os.path.join(self._temp_dir, 'testCA.pem') issuer = 'testIssuer' certutils.write_dummy_ca_cert( *certutils.generate_dummy_ca_cert(issuer), cert_path=ca_cert_path) with open(ca_cert_path, 'r') as root_file: root_string = root_file.read() subject = 'testSubject' cert_string = certutils.generate_cert( root_string, '', subject) cert = certutils.load_cert(cert_string) self.assertEqual(issuer, cert.get_issuer().commonName) self.assertEqual(subject, cert.get_subject().commonName) with open(ca_cert_path, 'r') as ca_cert_file: ca_cert_str = ca_cert_file.read() cert_string = certutils.generate_cert(ca_cert_str, cert_string, 'host') cert = certutils.load_cert(cert_string) self.assertEqual(issuer, cert.get_issuer().commonName) self.assertEqual(subject, cert.get_subject().commonName)
def handle_servername(connection): """A SNI callback that happens during do_handshake().""" try: host = connection.get_servername() if host: cert_str = (handler.server.get_certificate(host)) new_context = certutils.get_ssl_context() cert = certutils.load_cert(cert_str) new_context.use_certificate(cert) new_context.use_privatekey_file(handler.server.ca_cert_path) connection.set_context(new_context) return new_context # else: fail with 'no domain.shared cipher' except Exception, e: # Do not leak any exceptions or else openssl crashes. logging.error('Exception in SNI handler: %s', e)
def handle_servername(connection): """A SNI callback that happens during do_handshake().""" try: host = connection.get_servername() if host: cert_str = ( handler.server.get_certificate(host)) new_context = certutils.get_ssl_context() cert = certutils.load_cert(cert_str) new_context.use_certificate(cert) new_context.use_privatekey_file(handler.server.ca_cert_path) connection.set_context(new_context) return new_context # else: fail with 'no shared cipher' except Exception, e: # Do not leak any exceptions or else openssl crashes. logging.error('Exception in SNI handler: %s', e)
def test_generate_dummy_ca_cert(self): subject = 'testSubject' c, _ = certutils.generate_dummy_ca_cert(subject) c = certutils.load_cert(c) self.assertEqual(c.get_subject().commonName, subject)