class TestHTTPS(tservers.HTTPProxTest, CommonMixin, TcpMixin): ssl = True ssloptions = pathod.SSLOptions(request_client_cert=True) def test_clientcert_file(self): try: self.config.clientcerts = os.path.join( tutils.test_data.path("data/clientcert"), "client.pem") f = self.pathod("304") assert f.status_code == 304 assert self.server.last_log()["request"]["clientcert"]["keyinfo"] finally: self.config.clientcerts = None def test_clientcert_dir(self): try: self.config.clientcerts = tutils.test_data.path("data/clientcert") f = self.pathod("304") assert f.status_code == 304 assert self.server.last_log()["request"]["clientcert"]["keyinfo"] finally: self.config.clientcerts = None def test_error_post_connect(self): p = self.pathoc() assert p.request("get:/:i0,'invalid\r\n\r\n'").status_code == 400
class TestHTTPSUpstreamServerVerificationWBadCert(tservers.HTTPProxTest): """ Test upstream server certificate verification with an untrusted server cert. """ ssl = True ssloptions = pathod.SSLOptions( cn="untrusted-cert", certs=[("untrusted-cert", tutils.test_data.path("data/untrusted-server.crt"))]) def _request(self): p = self.pathoc() # We need to make an actual request because the upstream connection is lazy-loaded. return p.request("get:/p/242") def test_default_verification_w_bad_cert(self): """Should use no verification.""" self.config.openssl_trusted_ca_server = tutils.test_data.path( "data/trusted-cadir/trusted-ca.pem") assert self._request().status_code == 242 def test_no_verification_w_bad_cert(self): self.config.openssl_verification_mode_server = SSL.VERIFY_NONE self.config.openssl_trusted_ca_server = tutils.test_data.path( "data/trusted-cadir/trusted-ca.pem") assert self._request().status_code == 242 def test_verification_w_bad_cert(self): self.config.openssl_verification_mode_server = SSL.VERIFY_PEER self.config.openssl_trusted_ca_server = tutils.test_data.path( "data/trusted-cadir/trusted-ca.pem") assert self._request().status_code == 502
class TestHTTPSUpstreamServerVerificationWBadCert(tservers.HTTPProxTest): """ Test upstream server certificate verification with an untrusted server cert. """ ssl = True ssloptions = pathod.SSLOptions( cn="untrusted-cert", certs=[("untrusted-cert", tutils.test_data.path("data/untrusted-server.crt"))]) def test_default_verification_w_bad_cert(self): """Should use no verification.""" self.config.openssl_trusted_ca_server = tutils.test_data.path( "data/trusted-cadir/trusted-ca.pem") self.pathoc() def test_no_verification_w_bad_cert(self): self.config.openssl_verification_mode_server = SSL.VERIFY_NONE self.config.openssl_trusted_ca_server = tutils.test_data.path( "data/trusted-cadir/trusted-ca.pem") self.pathoc() def test_verification_w_bad_cert(self): self.config.openssl_verification_mode_server = SSL.VERIFY_PEER self.config.openssl_trusted_ca_server = tutils.test_data.path( "data/trusted-cadir/trusted-ca.pem") tutils.raises("SSL handshake error", self.pathoc)
class TestHTTPSNoCommonName(tservers.HTTPProxTest, CommonMixin): """ Test what happens if we get a cert without common name back. """ ssl = True ssloptions=pathod.SSLOptions(certfile=tutils.test_data.path("data/no_common_name.pem"), keyfile=tutils.test_data.path("data/no_common_name.pem"))
class TestDaemonSSL(_TestDaemon): ssl = True ssloptions = pathod.SSLOptions(request_client_cert=True, sans=["test1.com", "test2.com"]) def test_sni(self): c = pathoc.Pathoc(("127.0.0.1", self.d.port), ssl=True, sni="foobar.com") c.connect() c.request("get:/p/200") r = c.request("get:/api/log") d = json.loads(r.content) assert d["log"][0]["request"]["sni"] == "foobar.com" def test_showssl(self): assert "certificate chain" in self.tval(["get:/p/200"], showssl=True) def test_clientcert(self): c = pathoc.Pathoc( ("127.0.0.1", self.d.port), ssl=True, clientcert=tutils.test_data.path("data/clientcert/client.pem")) c.connect() c.request("get:/p/200") r = c.request("get:/api/log") d = json.loads(r.content) assert d["log"][0]["request"]["clientcert"]["keyinfo"]
class _TestDaemon: ssloptions = pathod.SSLOptions() @classmethod def setUpAll(self): self.d = test.Daemon(ssl=self.ssl, ssloptions=self.ssloptions, staticdir=tutils.test_data.path("data"), anchors=[(re.compile("/anchor/.*"), language.parse_response("202"))]) @classmethod def tearDownAll(self): self.d.shutdown() def setUp(self): self.d.clear_log() def test_info(self): c = pathoc.Pathoc(("127.0.0.1", self.d.port), ssl=self.ssl) c.connect() resp = c.request("get:/api/info") assert tuple(json.loads(resp.content)["version"]) == version.IVERSION def tval(self, requests, showreq=False, showresp=False, explain=False, showssl=False, hexdump=False, timeout=None, ignorecodes=(), ignoretimeout=None, showsummary=True): s = cStringIO.StringIO() c = pathoc.Pathoc(("127.0.0.1", self.d.port), ssl=self.ssl, showreq=showreq, showresp=showresp, explain=explain, hexdump=hexdump, ignorecodes=ignorecodes, ignoretimeout=ignoretimeout, showsummary=showsummary, fp=s) c.connect(showssl=showssl, fp=s) if timeout: c.settimeout(timeout) for i in requests: r = language.parse_requests(i)[0] if explain: r = r.freeze(language.Settings()) try: c.request(r) except (http.HttpError, tcp.NetLibError), v: pass return s.getvalue()
class TestHTTPSNoCommonName(tservers.HTTPProxTest): """ Test what happens if we get a cert without common name back. """ ssl = True ssloptions = pathod.SSLOptions( certs=[("*", tutils.test_data.path("data/no_common_name.pem"))]) def test_http(self): f = self.pathod("202") assert f.sslinfo.certchain[0].get_subject().CN == "127.0.0.1"
class TestHTTPS(tservers.HTTPProxTest, CommonMixin, TcpMixin): ssl = True ssloptions = pathod.SSLOptions(request_client_cert=True) clientcerts = True def test_clientcert(self): f = self.pathod("304") assert f.status_code == 304 assert self.server.last_log()["request"]["clientcert"]["keyinfo"] def test_error_post_connect(self): p = self.pathoc() assert p.request("get:/:i0,'invalid\r\n\r\n'").status_code == 400
class _TestDaemon: ssloptions = pathod.SSLOptions() @classmethod def setUpAll(self): self.d = test.Daemon(ssl=self.ssl, ssloptions=self.ssloptions, staticdir=tutils.test_data.path("data"), anchors=[("/anchor/.*", "202")]) @classmethod def tearDownAll(self): self.d.shutdown() def setUp(self): self.d.clear_log() def test_info(self): c = pathoc.Pathoc(("127.0.0.1", self.d.port), ssl=self.ssl) c.connect() r = c.request("get:/api/info") assert tuple(json.loads(r.content)["version"]) == version.IVERSION def tval(self, requests, showreq=False, showresp=False, explain=False, showssl=False, hexdump=False, timeout=None, ignorecodes=None, ignoretimeout=None): c = pathoc.Pathoc(("127.0.0.1", self.d.port), ssl=self.ssl) c.connect() if timeout: c.settimeout(timeout) s = cStringIO.StringIO() for i in requests: c.print_request(i, showreq=showreq, showresp=showresp, explain=explain, showssl=showssl, hexdump=hexdump, ignorecodes=ignorecodes, ignoretimeout=ignoretimeout, fp=s) return s.getvalue()
def setUpAll(self): so = pathod.SSLOptions(not_after_connect=self.not_after_connect) self.d = test.Daemon(staticdir=test_data.path("data"), anchors=[("/anchor/.*", "202:da")], ssl=self.ssl, ssloptions=so, sizelimit=1 * 1024 * 1024, noweb=self.noweb, noapi=self.noapi, nohang=self.nohang, timeout=self.timeout, hexdump=self.hexdump, logreq=True, logresp=True, explain=True)
def setup_class(cls): opts = cls.ssloptions or {} cls.confdir = tempfile.mkdtemp() opts["confdir"] = cls.confdir so = pathod.SSLOptions(**opts) cls.d = test.Daemon(staticdir=test_data.path("data"), anchors=[(re.compile("/anchor/.*"), "202:da")], ssl=cls.ssl, ssloptions=so, sizelimit=1 * 1024 * 1024, noweb=cls.noweb, noapi=cls.noapi, nohang=cls.nohang, timeout=cls.timeout, hexdump=cls.hexdump, nocraft=cls.nocraft, logreq=True, logresp=True, explain=True)
def setUpAll(self): opts = self.ssloptions or {} self.confdir = tempfile.mkdtemp() opts["confdir"] = self.confdir so = pathod.SSLOptions(**opts) self.d = test.Daemon( staticdir=test_data.path("data"), anchors=[("/anchor/.*", "202:da")], ssl = self.ssl, ssloptions = so, sizelimit=1*1024*1024, noweb = self.noweb, noapi = self.noapi, nohang = self.nohang, timeout = self.timeout, hexdump = self.hexdump, logreq = True, logresp = True, explain = True )
class TestDaemonSSL(_TestDaemon): ssl = True ssloptions = pathod.SSLOptions( request_client_cert=True, sans=["test1.com", "test2.com"], alpn_select=b'h2', ) def test_sni(self): c = pathoc.Pathoc(("127.0.0.1", self.d.port), ssl=True, sni="foobar.com", fp=None) c.connect() c.request("get:/p/200") r = c.request("get:/api/log") d = json.loads(r.content) assert d["log"][0]["request"]["sni"] == "foobar.com" def test_showssl(self): assert "certificate chain" in self.tval(["get:/p/200"], showssl=True) def test_clientcert(self): c = pathoc.Pathoc( ("127.0.0.1", self.d.port), ssl=True, clientcert=tutils.test_data.path("data/clientcert/client.pem"), fp=None) c.connect() c.request("get:/p/200") r = c.request("get:/api/log") d = json.loads(r.content) assert d["log"][0]["request"]["clientcert"]["keyinfo"] def test_http2_without_ssl(self): fp = cStringIO.StringIO() c = pathoc.Pathoc(("127.0.0.1", self.d.port), use_http2=True, ssl=False, fp=fp) tutils.raises(NotImplementedError, c.connect)
class _TestDaemon: ssloptions = pathod.SSLOptions() @classmethod def setUpAll(self): self.d = test.Daemon(ssl=self.ssl, ssloptions=self.ssloptions, staticdir=tutils.test_data.path("data"), anchors=[("/anchor/.*", "202")]) @classmethod def tearDownAll(self): self.d.shutdown() def setUp(self): self.d.clear_log() def test_info(self): c = pathoc.Pathoc(("127.0.0.1", self.d.port), ssl=self.ssl) c.connect() r = c.request("get:/api/info") assert tuple(json.loads(r.content)["version"]) == version.IVERSION
def setUpAll(klass): opts = klass.ssloptions or {} klass.confdir = tempfile.mkdtemp() opts["confdir"] = klass.confdir so = pathod.SSLOptions(**opts) klass.d = test.Daemon( staticdir=test_data.path("data"), anchors=[ (re.compile("/anchor/.*"), language.parse_response("202:da")) ], ssl = klass.ssl, ssloptions = so, sizelimit = 1*1024*1024, noweb = klass.noweb, noapi = klass.noapi, nohang = klass.nohang, timeout = klass.timeout, hexdump = klass.hexdump, logreq = True, logresp = True, explain = True )
class TestHTTPSUpstreamServerVerificationWTrustedCert(tservers.HTTPProxTest): """ Test upstream server certificate verification with a trusted server cert. """ ssl = True ssloptions = pathod.SSLOptions( cn="trusted-cert", certs=[("trusted-cert", tutils.test_data.path("data/trusted-server.crt"))]) def test_verification_w_cadir(self): self.config.openssl_verification_mode_server = SSL.VERIFY_PEER self.config.openssl_trusted_cadir_server = tutils.test_data.path( "data/trusted-cadir/") self.pathoc() def test_verification_w_pemfile(self): self.config.openssl_verification_mode_server = SSL.VERIFY_PEER self.config.openssl_trusted_ca_server = tutils.test_data.path( "data/trusted-cadir/trusted-ca.pem") self.pathoc()