コード例 #1
0
    def test_authenticate_clean(self):
        ba = authentication.BasicProxyAuth(authentication.PassManNonAnon(),
                                           "test")

        headers = Headers()
        vals = ("basic", "foo", "bar")
        headers[ba.AUTH_HEADER] = authentication.assemble_http_basic_auth(
            *vals)
        assert ba.authenticate(headers)

        ba.clean(headers)
        assert ba.AUTH_HEADER not in headers

        headers[ba.AUTH_HEADER] = ""
        assert not ba.authenticate(headers)

        headers[ba.AUTH_HEADER] = "foo"
        assert not ba.authenticate(headers)

        vals = ("foo", "foo", "bar")
        headers[ba.AUTH_HEADER] = authentication.assemble_http_basic_auth(
            *vals)
        assert not ba.authenticate(headers)

        ba = authentication.BasicProxyAuth(authentication.PassMan(), "test")
        vals = ("basic", "foo", "bar")
        headers[ba.AUTH_HEADER] = authentication.assemble_http_basic_auth(
            *vals)
        assert not ba.authenticate(headers)
コード例 #2
0
 def test_simple(self):
     ba = authentication.BasicProxyAuth(authentication.PassManNonAnon(),
                                        "test")
     headers = Headers()
     assert ba.auth_challenge_headers()
     assert not ba.authenticate(headers)
コード例 #3
0
 def test_simple(self):
     p = authentication.PassManNonAnon()
     assert not p.test("", "")
     assert p.test("user", "")
コード例 #4
0
 def test_simple(self):
     na = authentication.NullProxyAuth(authentication.PassManNonAnon())
     assert not na.auth_challenge_headers()
     assert na.authenticate("foo")
     na.clean({})
コード例 #5
0
    def configure(self, options: moptions.Options, updated: Any) -> None:
        if options.add_upstream_certs_to_client_chain and not options.ssl_insecure:
            raise exceptions.OptionsError(
                "The verify-upstream-cert requires certificate verification to be disabled. "
                "If upstream certificates are verified then extra upstream certificates are "
                "not available for inclusion to the client chain.")

        if options.ssl_insecure:
            self.openssl_verification_mode_server = SSL.VERIFY_NONE
        else:
            self.openssl_verification_mode_server = SSL.VERIFY_PEER

        self.check_ignore = HostMatcher(options.ignore_hosts)
        self.check_tcp = HostMatcher(options.tcp_hosts)

        self.openssl_method_client, self.openssl_options_client = \
            tcp.sslversion_choices[options.ssl_version_client]
        self.openssl_method_server, self.openssl_options_server = \
            tcp.sslversion_choices[options.ssl_version_server]

        certstore_path = os.path.expanduser(options.cadir)
        if not os.path.exists(os.path.dirname(certstore_path)):
            raise exceptions.OptionsError(
                "Certificate Authority parent directory does not exist: %s" %
                os.path.dirname(options.cadir))
        self.certstore = certs.CertStore.from_store(certstore_path,
                                                    CONF_BASENAME)

        if options.clientcerts:
            clientcerts = os.path.expanduser(options.clientcerts)
            if not os.path.exists(clientcerts):
                raise exceptions.OptionsError(
                    "Client certificate path does not exist: %s" %
                    options.clientcerts)
            self.clientcerts = clientcerts

        for spec, cert in options.certs:
            cert = os.path.expanduser(cert)
            if not os.path.exists(cert):
                raise exceptions.OptionsError(
                    "Certificate file does not exist: %s" % cert)
            try:
                self.certstore.add_cert_file(spec, cert)
            except crypto.Error:
                raise exceptions.OptionsError(
                    "Invalid certificate format: %s" % cert)

        self.upstream_server = None
        self.upstream_auth = None
        if options.upstream_server:
            self.upstream_server = parse_server_spec(options.upstream_server)
        if options.upstream_auth:
            self.upstream_auth = parse_upstream_auth(options.upstream_auth)

        self.authenticator = authentication.NullProxyAuth(None)
        needsauth = any([
            options.auth_nonanonymous, options.auth_singleuser,
            options.auth_htpasswd
        ])
        if needsauth:
            if options.mode == "transparent":
                raise exceptions.OptionsError(
                    "Proxy Authentication not supported in transparent mode.")
            elif options.mode == "socks5":
                raise exceptions.OptionsError(
                    "Proxy Authentication not supported in SOCKS mode. "
                    "https://github.com/mitmproxy/mitmproxy/issues/738")
            elif options.auth_singleuser:
                parts = options.auth_singleuser.split(':')
                if len(parts) != 2:
                    raise exceptions.OptionsError(
                        "Invalid single-user specification. "
                        "Please use the format username:password")
                password_manager = authentication.PassManSingleUser(*parts)
            elif options.auth_nonanonymous:
                password_manager = authentication.PassManNonAnon()
            elif options.auth_htpasswd:
                try:
                    password_manager = authentication.PassManHtpasswd(
                        options.auth_htpasswd)
                except ValueError as v:
                    raise exceptions.OptionsError(str(v))
            if options.mode == "reverse":
                self.authenticator = authentication.BasicWebsiteAuth(
                    password_manager, self.upstream_server.address)
            else:
                self.authenticator = authentication.BasicProxyAuth(
                    password_manager, "mitmproxy")