mitmproxy/test/netlib/test_certutils.py

181 lines
5.8 KiB
Python
Raw Normal View History

2012-06-27 04:42:00 +00:00
import os
2015-08-01 12:49:15 +00:00
from netlib import certutils, tutils
2012-06-27 04:42:00 +00:00
# class TestDNTree:
# def test_simple(self):
# d = certutils.DNTree()
# d.add("foo.com", "foo")
# d.add("bar.com", "bar")
# assert d.get("foo.com") == "foo"
# assert d.get("bar.com") == "bar"
# assert not d.get("oink.com")
# assert not d.get("oink")
# assert not d.get("")
# assert not d.get("oink.oink")
#
# d.add("*.match.org", "match")
# assert not d.get("match.org")
# assert d.get("foo.match.org") == "match"
# assert d.get("foo.foo.match.org") == "match"
#
# def test_wildcard(self):
# d = certutils.DNTree()
# d.add("foo.com", "foo")
# assert not d.get("*.foo.com")
# d.add("*.foo.com", "wild")
#
# d = certutils.DNTree()
# d.add("*", "foo")
# assert d.get("foo.com") == "foo"
# assert d.get("*.foo.com") == "foo"
# assert d.get("com") == "foo"
2012-06-27 04:42:00 +00:00
class TestCertStore:
def test_create_explicit(self):
with tutils.tmpdir() as d:
2014-03-04 01:12:58 +00:00
ca = certutils.CertStore.from_store(d, "test")
2015-09-20 16:12:55 +00:00
assert ca.get_cert(b"foo", [])
2014-03-04 01:12:58 +00:00
ca2 = certutils.CertStore.from_store(d, "test")
2015-09-20 16:12:55 +00:00
assert ca2.get_cert(b"foo", [])
2014-03-04 01:12:58 +00:00
2016-02-02 17:15:55 +00:00
assert ca.default_ca.get_serial_number() == ca2.default_ca.get_serial_number()
def test_create_no_common_name(self):
with tutils.tmpdir() as d:
ca = certutils.CertStore.from_store(d, "test")
assert ca.get_cert(None, [])[0].cn is None
def test_create_tmp(self):
with tutils.tmpdir() as d:
2014-03-04 01:12:58 +00:00
ca = certutils.CertStore.from_store(d, "test")
2015-09-20 16:12:55 +00:00
assert ca.get_cert(b"foo.com", [])
assert ca.get_cert(b"foo.com", [])
assert ca.get_cert(b"*.foo.com", [])
2015-09-20 16:12:55 +00:00
r = ca.get_cert(b"*.foo.com", [])
2014-10-08 22:15:39 +00:00
assert r[1] == ca.default_privatekey
def test_sans(self):
with tutils.tmpdir() as d:
ca = certutils.CertStore.from_store(d, "test")
2015-09-20 16:12:55 +00:00
c1 = ca.get_cert(b"foo.com", [b"*.bar.com"])
ca.get_cert(b"foo.bar.com", [])
# assert c1 == c2
2015-09-20 16:12:55 +00:00
c3 = ca.get_cert(b"bar.com", [])
assert not c1 == c3
def test_sans_change(self):
with tutils.tmpdir() as d:
ca = certutils.CertStore.from_store(d, "test")
2015-09-20 16:12:55 +00:00
ca.get_cert(b"foo.com", [b"*.bar.com"])
cert, key, chain_file = ca.get_cert(b"foo.bar.com", [b"*.baz.com"])
assert b"*.baz.com" in cert.altnames
def test_expire(self):
with tutils.tmpdir() as d:
ca = certutils.CertStore.from_store(d, "test")
ca.STORE_CAP = 3
ca.get_cert(b"one.com", [])
ca.get_cert(b"two.com", [])
ca.get_cert(b"three.com", [])
assert (b"one.com", ()) in ca.certs
assert (b"two.com", ()) in ca.certs
assert (b"three.com", ()) in ca.certs
ca.get_cert(b"one.com", [])
assert (b"one.com", ()) in ca.certs
assert (b"two.com", ()) in ca.certs
assert (b"three.com", ()) in ca.certs
ca.get_cert(b"four.com", [])
assert (b"one.com", ()) not in ca.certs
assert (b"two.com", ()) in ca.certs
assert (b"three.com", ()) in ca.certs
assert (b"four.com", ()) in ca.certs
def test_overrides(self):
with tutils.tmpdir() as d:
ca1 = certutils.CertStore.from_store(os.path.join(d, "ca1"), "test")
ca2 = certutils.CertStore.from_store(os.path.join(d, "ca2"), "test")
2015-05-30 00:02:58 +00:00
assert not ca1.default_ca.get_serial_number(
) == ca2.default_ca.get_serial_number()
2015-09-20 16:12:55 +00:00
dc = ca2.get_cert(b"foo.com", [b"sans.example.com"])
dcp = os.path.join(d, "dc")
f = open(dcp, "wb")
f.write(dc[0].to_pem())
f.close()
2015-09-20 16:12:55 +00:00
ca1.add_cert_file(b"foo.com", dcp)
2015-09-20 16:12:55 +00:00
ret = ca1.get_cert(b"foo.com", [])
assert ret[0].serial == dc[0].serial
2012-06-27 04:42:00 +00:00
class TestDummyCert:
2012-06-27 04:42:00 +00:00
def test_with_ca(self):
with tutils.tmpdir() as d:
2014-03-04 01:12:58 +00:00
ca = certutils.CertStore.from_store(d, "test")
r = certutils.dummy_cert(
2014-10-08 22:15:39 +00:00
ca.default_privatekey,
2014-10-08 18:46:30 +00:00
ca.default_ca,
2015-09-20 17:40:09 +00:00
b"foo.com",
[b"one.com", b"two.com", b"*.three.com"]
2012-06-27 04:42:00 +00:00
)
2015-09-20 17:40:09 +00:00
assert r.cn == b"foo.com"
2012-06-27 04:42:00 +00:00
2016-02-02 17:15:55 +00:00
r = certutils.dummy_cert(
ca.default_privatekey,
ca.default_ca,
None,
[]
)
assert r.cn is None
2012-06-27 04:42:00 +00:00
class TestSSLCert:
2012-06-27 04:42:00 +00:00
def test_simple(self):
with open(tutils.test_data.path("data/text_cert"), "rb") as f:
d = f.read()
2015-02-27 21:02:52 +00:00
c1 = certutils.SSLCert.from_pem(d)
2015-09-20 17:40:09 +00:00
assert c1.cn == b"google.com"
2015-02-27 21:02:52 +00:00
assert len(c1.altnames) == 436
2012-06-27 04:42:00 +00:00
with open(tutils.test_data.path("data/text_cert_2"), "rb") as f:
d = f.read()
2015-02-27 21:02:52 +00:00
c2 = certutils.SSLCert.from_pem(d)
2015-09-20 17:40:09 +00:00
assert c2.cn == b"www.inode.co.nz"
2015-02-27 21:02:52 +00:00
assert len(c2.altnames) == 2
assert c2.digest("sha1")
assert c2.notbefore
assert c2.notafter
assert c2.subject
assert c2.keyinfo == ("RSA", 2048)
assert c2.serial
assert c2.issuer
assert c2.to_pem()
assert c2.has_expired is not None
assert not c1 == c2
assert c1 != c2
2012-06-27 04:42:00 +00:00
def test_err_broken_sans(self):
with open(tutils.test_data.path("data/text_cert_weird1"), "rb") as f:
d = f.read()
c = certutils.SSLCert.from_pem(d)
# This breaks unless we ignore a decoding error.
2015-02-27 21:02:52 +00:00
assert c.altnames is not None
2012-06-27 04:42:00 +00:00
def test_der(self):
with open(tutils.test_data.path("data/dercert"), "rb") as f:
d = f.read()
2012-06-27 04:42:00 +00:00
s = certutils.SSLCert.from_der(d)
assert s.cn