def _InstallTestCa(self):
if not self._platform_backend.supports_test_ca:
return
assert not self.is_test_ca_installed, 'Test CA is already installed'
if certutils.openssl_import_error:
logging.warning(
'The OpenSSL module is unavailable. '
'Browsers may fall back to ignoring certificate errors.')
return
if not platformsettings.HasSniSupport():
logging.warning(
'Web Page Replay requires SNI support (pyOpenSSL 0.13 or greater) '
'to generate certificates from a test CA. '
'Browsers may fall back to ignoring certificate errors.')
return
self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(), 'testca.pem')
try:
certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(),
cert_path=self._wpr_ca_cert_path)
self._platform_backend.InstallTestCa(self._wpr_ca_cert_path)
logging.info(
'Test certificate authority installed on target platform.')
except Exception:
logging.exception(
'Failed to install test certificate authority on target platform. '
'Browsers may fall back to ignoring certificate errors.')
self._RemoveTestCa()
def InstallTestCa(self):
"""Install a randomly generated root CA on the android device.
This allows transparent HTTPS testing with WPR server without need
to tweak application network stack.
"""
# TODO(slamm): Move certificate creation related to webpagereplay.py.
# The only code that needs to be in platform backend is installing the cert.
if certutils.openssl_import_error:
logging.warning('The OpenSSL module is unavailable. '
'Will fallback to ignoring certificate errors.')
return
if not platformsettings.HasSniSupport():
logging.warning(
'Web Page Replay requires SNI support (pyOpenSSL 0.13 or greater) '
'to generate certificates from a test CA. '
'Will fallback to ignoring certificate errors.')
return
try:
self._wpr_ca_cert_path = os.path.join(tempfile.mkdtemp(),
'testca.pem')
certutils.write_dummy_ca_cert(*certutils.generate_dummy_ca_cert(),
cert_path=self._wpr_ca_cert_path)
self._device_cert_util = adb_install_cert.AndroidCertInstaller(
self._device.adb.GetDeviceSerial(), None,
self._wpr_ca_cert_path)
logging.info('Installing test certificate authority on device: %s',
str(self._device))
self._device_cert_util.install_cert(overwrite_cert=True)
self._is_test_ca_installed = True
except Exception as e:
# Fallback to ignoring certificate errors.
self.RemoveTestCa()
logging.warning(
'Unable to install test certificate authority on device: %s. '
'Will fallback to ignoring certificate errors. Install error: %s',
str(self._device), e)
def _CheckFeatureSupport(self):
if (self._options.should_generate_certs and
not platformsettings.HasSniSupport()):
self._parser.error('Option --should_generate_certs requires pyOpenSSL '
'0.13 or greater for SNI support.')
def test_has_sni(self): # Check that no exception is raised. platformsettings.HasSniSupport()
