mitmproxy/test/test_certutils.py

import os
from netlib import certutils, tutils

# class TestDNTree:
#     def test_simple(self):
#         d = certutils.DNTree()
#         d.add("foo.com", "foo")
#         d.add("bar.com", "bar")
#         assert d.get("foo.com") == "foo"
#         assert d.get("bar.com") == "bar"
#         assert not d.get("oink.com")
#         assert not d.get("oink")
#         assert not d.get("")
#         assert not d.get("oink.oink")
#
#         d.add("*.match.org", "match")
#         assert not d.get("match.org")
#         assert d.get("foo.match.org") == "match"
#         assert d.get("foo.foo.match.org") == "match"
#
#     def test_wildcard(self):
#         d = certutils.DNTree()
#         d.add("foo.com", "foo")
#         assert not d.get("*.foo.com")
#         d.add("*.foo.com", "wild")
#
#         d = certutils.DNTree()
#         d.add("*", "foo")
#         assert d.get("foo.com") == "foo"
#         assert d.get("*.foo.com") == "foo"
#         assert d.get("com") == "foo"


class TestCertStore:

    def test_create_explicit(self):
        with tutils.tmpdir() as d:
            ca = certutils.CertStore.from_store(d, "test")
            assert ca.get_cert(b"foo", [])

            ca2 = certutils.CertStore.from_store(d, "test")
            assert ca2.get_cert(b"foo", [])

            assert ca.default_ca.get_serial_number(
            ) == ca2.default_ca.get_serial_number()

    def test_create_tmp(self):
        with tutils.tmpdir() as d:
            ca = certutils.CertStore.from_store(d, "test")
            assert ca.get_cert(b"foo.com", [])
            assert ca.get_cert(b"foo.com", [])
            assert ca.get_cert(b"*.foo.com", [])

            r = ca.get_cert(b"*.foo.com", [])
            assert r[1] == ca.default_privatekey

    def test_add_cert(self):
        with tutils.tmpdir() as d:
            certutils.CertStore.from_store(d, "test")

    def test_sans(self):
        with tutils.tmpdir() as d:
            ca = certutils.CertStore.from_store(d, "test")
            c1 = ca.get_cert(b"foo.com", [b"*.bar.com"])
            ca.get_cert(b"foo.bar.com", [])
            # assert c1 == c2
            c3 = ca.get_cert(b"bar.com", [])
            assert not c1 == c3

    def test_sans_change(self):
        with tutils.tmpdir() as d:
            ca = certutils.CertStore.from_store(d, "test")
            ca.get_cert(b"foo.com", [b"*.bar.com"])
            cert, key, chain_file = ca.get_cert(b"foo.bar.com", [b"*.baz.com"])
            assert b"*.baz.com" in cert.altnames

    def test_overrides(self):
        with tutils.tmpdir() as d:
            ca1 = certutils.CertStore.from_store(os.path.join(d, "ca1"), "test")
            ca2 = certutils.CertStore.from_store(os.path.join(d, "ca2"), "test")
            assert not ca1.default_ca.get_serial_number(
            ) == ca2.default_ca.get_serial_number()

            dc = ca2.get_cert(b"foo.com", [b"sans.example.com"])
            dcp = os.path.join(d, "dc")
            f = open(dcp, "wb")
            f.write(dc[0].to_pem())
            f.close()
            ca1.add_cert_file(b"foo.com", dcp)

            ret = ca1.get_cert(b"foo.com", [])
            assert ret[0].serial == dc[0].serial


class TestDummyCert:

    def test_with_ca(self):
        with tutils.tmpdir() as d:
            ca = certutils.CertStore.from_store(d, "test")
            r = certutils.dummy_cert(
                ca.default_privatekey,
                ca.default_ca,
                b"foo.com",
                [b"one.com", b"two.com", b"*.three.com"]
            )
            assert r.cn == b"foo.com"


class TestSSLCert:

    def test_simple(self):
        with open(tutils.test_data.path("data/text_cert"), "rb") as f:
            d = f.read()
        c1 = certutils.SSLCert.from_pem(d)
        assert c1.cn == b"google.com"
        assert len(c1.altnames) == 436

        with open(tutils.test_data.path("data/text_cert_2"), "rb") as f:
            d = f.read()
        c2 = certutils.SSLCert.from_pem(d)
        assert c2.cn == b"www.inode.co.nz"
        assert len(c2.altnames) == 2
        assert c2.digest("sha1")
        assert c2.notbefore
        assert c2.notafter
        assert c2.subject
        assert c2.keyinfo == ("RSA", 2048)
        assert c2.serial
        assert c2.issuer
        assert c2.to_pem()
        assert c2.has_expired is not None

        assert not c1 == c2
        assert c1 != c2

    def test_err_broken_sans(self):
        with open(tutils.test_data.path("data/text_cert_weird1"), "rb") as f:
            d = f.read()
        c = certutils.SSLCert.from_pem(d)
        # This breaks unless we ignore a decoding error.
        assert c.altnames is not None

    def test_der(self):
        with open(tutils.test_data.path("data/dercert"), "rb") as f:
            d = f.read()
        s = certutils.SSLCert.from_der(d)
        assert s.cn
Add certutils to netlib. 2012-06-27 04:42:00 +00:00			`import os`
fix tutils imports 2015-08-01 12:49:15 +00:00			`from netlib import certutils, tutils`
Add certutils to netlib. 2012-06-27 04:42:00 +00:00
temporarily replace DNTree with a simpler cert lookup mechanism, fix mitmproxy/mitmproxy#295 2014-07-18 20:55:25 +00:00			`# class TestDNTree:`
			`# def test_simple(self):`
			`# d = certutils.DNTree()`
			`# d.add("foo.com", "foo")`
			`# d.add("bar.com", "bar")`
			`# assert d.get("foo.com") == "foo"`
			`# assert d.get("bar.com") == "bar"`
			`# assert not d.get("oink.com")`
			`# assert not d.get("oink")`
			`# assert not d.get("")`
			`# assert not d.get("oink.oink")`
			`#`
			`# d.add("*.match.org", "match")`
			`# assert not d.get("match.org")`
			`# assert d.get("foo.match.org") == "match"`
			`# assert d.get("foo.foo.match.org") == "match"`
			`#`
			`# def test_wildcard(self):`
			`# d = certutils.DNTree()`
			`# d.add("foo.com", "foo")`
			`# assert not d.get("*.foo.com")`
			`# d.add("*.foo.com", "wild")`
			`#`
			`# d = certutils.DNTree()`
			`# d.add("*", "foo")`
			`# assert d.get("foo.com") == "foo"`
			`# assert d.get("*.foo.com") == "foo"`
			`# assert d.get("com") == "foo"`
Much more sophisticated certificate store - Handle wildcard lookup - Handle lookup of SANs - Provide hooks for registering override certs and keys for specific domains (including wildcard specifications) 2014-03-05 00:19:16 +00:00
Add certutils to netlib. 2012-06-27 04:42:00 +00:00
Basic certificate store implementation and cert utils API cleanup. 2013-01-05 12:15:53 +00:00			`class TestCertStore:`
cleanup code with autopep8 run the following command: $ autopep8 -i -r -a -a . 2015-05-27 09:18:54 +00:00
Basic certificate store implementation and cert utils API cleanup. 2013-01-05 12:15:53 +00:00			`def test_create_explicit(self):`
			`with tutils.tmpdir() as d:`
Beef up CertStore, add DH params. 2014-03-04 01:12:58 +00:00			`ca = certutils.CertStore.from_store(d, "test")`
python3++ 2015-09-20 16:12:55 +00:00			`assert ca.get_cert(b"foo", [])`
Beef up CertStore, add DH params. 2014-03-04 01:12:58 +00:00
			`ca2 = certutils.CertStore.from_store(d, "test")`
python3++ 2015-09-20 16:12:55 +00:00			`assert ca2.get_cert(b"foo", [])`
Beef up CertStore, add DH params. 2014-03-04 01:12:58 +00:00
Adjust pep8 parameters, reformat 2015-05-30 00:02:58 +00:00			`assert ca.default_ca.get_serial_number(`
			`) == ca2.default_ca.get_serial_number()`
Basic certificate store implementation and cert utils API cleanup. 2013-01-05 12:15:53 +00:00
			`def test_create_tmp(self):`
			`with tutils.tmpdir() as d:`
Beef up CertStore, add DH params. 2014-03-04 01:12:58 +00:00			`ca = certutils.CertStore.from_store(d, "test")`
python3++ 2015-09-20 16:12:55 +00:00			`assert ca.get_cert(b"foo.com", [])`
			`assert ca.get_cert(b"foo.com", [])`
			`assert ca.get_cert(b"*.foo.com", [])`
Basic certificate store implementation and cert utils API cleanup. 2013-01-05 12:15:53 +00:00
python3++ 2015-09-20 16:12:55 +00:00			`r = ca.get_cert(b"*.foo.com", [])`
clean up code 2014-10-08 22:15:39 +00:00			`assert r[1] == ca.default_privatekey`
Much more sophisticated certificate store - Handle wildcard lookup - Handle lookup of SANs - Provide hooks for registering override certs and keys for specific domains (including wildcard specifications) 2014-03-05 00:19:16 +00:00
			`def test_add_cert(self):`
			`with tutils.tmpdir() as d:`
cleanup code with autoflake run the following command: $ autoflake -r -i --remove-all-unused-imports --remove-unused-variables . 2015-05-27 09:25:33 +00:00			`certutils.CertStore.from_store(d, "test")`
Much more sophisticated certificate store - Handle wildcard lookup - Handle lookup of SANs - Provide hooks for registering override certs and keys for specific domains (including wildcard specifications) 2014-03-05 00:19:16 +00:00
			`def test_sans(self):`
			`with tutils.tmpdir() as d:`
			`ca = certutils.CertStore.from_store(d, "test")`
python3++ 2015-09-20 16:12:55 +00:00			`c1 = ca.get_cert(b"foo.com", [b"*.bar.com"])`
			`ca.get_cert(b"foo.bar.com", [])`
temporarily replace DNTree with a simpler cert lookup mechanism, fix mitmproxy/mitmproxy#295 2014-07-18 20:55:25 +00:00			`# assert c1 == c2`
python3++ 2015-09-20 16:12:55 +00:00			`c3 = ca.get_cert(b"bar.com", [])`
Much more sophisticated certificate store - Handle wildcard lookup - Handle lookup of SANs - Provide hooks for registering override certs and keys for specific domains (including wildcard specifications) 2014-03-05 00:19:16 +00:00			`assert not c1 == c3`

add test case for mitmproxy/mitmproxy#295 2014-07-16 23:47:24 +00:00			`def test_sans_change(self):`
			`with tutils.tmpdir() as d:`
			`ca = certutils.CertStore.from_store(d, "test")`
python3++ 2015-09-20 16:12:55 +00:00			`ca.get_cert(b"foo.com", [b"*.bar.com"])`
			`cert, key, chain_file = ca.get_cert(b"foo.bar.com", [b"*.baz.com"])`
			`assert b"*.baz.com" in cert.altnames`
add test case for mitmproxy/mitmproxy#295 2014-07-16 23:47:24 +00:00
Much more sophisticated certificate store - Handle wildcard lookup - Handle lookup of SANs - Provide hooks for registering override certs and keys for specific domains (including wildcard specifications) 2014-03-05 00:19:16 +00:00			`def test_overrides(self):`
			`with tutils.tmpdir() as d:`
			`ca1 = certutils.CertStore.from_store(os.path.join(d, "ca1"), "test")`
			`ca2 = certutils.CertStore.from_store(os.path.join(d, "ca2"), "test")`
Adjust pep8 parameters, reformat 2015-05-30 00:02:58 +00:00			`assert not ca1.default_ca.get_serial_number(`
			`) == ca2.default_ca.get_serial_number()`
Much more sophisticated certificate store - Handle wildcard lookup - Handle lookup of SANs - Provide hooks for registering override certs and keys for specific domains (including wildcard specifications) 2014-03-05 00:19:16 +00:00
python3++ 2015-09-20 16:12:55 +00:00			`dc = ca2.get_cert(b"foo.com", [b"sans.example.com"])`
Much more sophisticated certificate store - Handle wildcard lookup - Handle lookup of SANs - Provide hooks for registering override certs and keys for specific domains (including wildcard specifications) 2014-03-05 00:19:16 +00:00			`dcp = os.path.join(d, "dc")`
			`f = open(dcp, "wb")`
			`f.write(dc[0].to_pem())`
			`f.close()`
python3++ 2015-09-20 16:12:55 +00:00			`ca1.add_cert_file(b"foo.com", dcp)`
Much more sophisticated certificate store - Handle wildcard lookup - Handle lookup of SANs - Provide hooks for registering override certs and keys for specific domains (including wildcard specifications) 2014-03-05 00:19:16 +00:00
python3++ 2015-09-20 16:12:55 +00:00			`ret = ca1.get_cert(b"foo.com", [])`
Much more sophisticated certificate store - Handle wildcard lookup - Handle lookup of SANs - Provide hooks for registering override certs and keys for specific domains (including wildcard specifications) 2014-03-05 00:19:16 +00:00			`assert ret[0].serial == dc[0].serial`

Basic certificate store implementation and cert utils API cleanup. 2013-01-05 12:15:53 +00:00
Add certutils to netlib. 2012-06-27 04:42:00 +00:00			`class TestDummyCert:`
cleanup code with autopep8 run the following command: $ autopep8 -i -r -a -a . 2015-05-27 09:18:54 +00:00
Add certutils to netlib. 2012-06-27 04:42:00 +00:00			`def test_with_ca(self):`
			`with tutils.tmpdir() as d:`
Beef up CertStore, add DH params. 2014-03-04 01:12:58 +00:00			`ca = certutils.CertStore.from_store(d, "test")`
Revamp dummy cert generation. We no longer use on-disk storage - we just keep the certs in memory. 2013-08-12 04:03:29 +00:00			`r = certutils.dummy_cert(`
clean up code 2014-10-08 22:15:39 +00:00			`ca.default_privatekey,`
CertStore: add support for cert chains 2014-10-08 18:46:30 +00:00			`ca.default_ca,`
python3++ 2015-09-20 17:40:09 +00:00			`b"foo.com",`
			`[b"one.com", b"two.com", b"*.three.com"]`
Add certutils to netlib. 2012-06-27 04:42:00 +00:00			`)`
python3++ 2015-09-20 17:40:09 +00:00			`assert r.cn == b"foo.com"`
Add certutils to netlib. 2012-06-27 04:42:00 +00:00

			`class TestSSLCert:`
cleanup code with autopep8 run the following command: $ autopep8 -i -r -a -a . 2015-05-27 09:18:54 +00:00
Add certutils to netlib. 2012-06-27 04:42:00 +00:00			`def test_simple(self):`
always use with statement to open files 2014-08-16 16:35:58 +00:00			`with open(tutils.test_data.path("data/text_cert"), "rb") as f:`
			`d = f.read()`
100% test coverage :tada: 2015-02-27 21:02:52 +00:00			`c1 = certutils.SSLCert.from_pem(d)`
python3++ 2015-09-20 17:40:09 +00:00			`assert c1.cn == b"google.com"`
100% test coverage :tada: 2015-02-27 21:02:52 +00:00			`assert len(c1.altnames) == 436`
Add certutils to netlib. 2012-06-27 04:42:00 +00:00
always use with statement to open files 2014-08-16 16:35:58 +00:00			`with open(tutils.test_data.path("data/text_cert_2"), "rb") as f:`
			`d = f.read()`
100% test coverage :tada: 2015-02-27 21:02:52 +00:00			`c2 = certutils.SSLCert.from_pem(d)`
python3++ 2015-09-20 17:40:09 +00:00			`assert c2.cn == b"www.inode.co.nz"`
100% test coverage :tada: 2015-02-27 21:02:52 +00:00			`assert len(c2.altnames) == 2`
			`assert c2.digest("sha1")`
			`assert c2.notbefore`
			`assert c2.notafter`
			`assert c2.subject`
			`assert c2.keyinfo == ("RSA", 2048)`
			`assert c2.serial`
			`assert c2.issuer`
			`assert c2.to_pem()`
			`assert c2.has_expired is not None`

			`assert not c1 == c2`
			`assert c1 != c2`
Add certutils to netlib. 2012-06-27 04:42:00 +00:00
Ignore SAN entries that we don't understand. 2012-07-24 02:55:54 +00:00			`def test_err_broken_sans(self):`
always use with statement to open files 2014-08-16 16:35:58 +00:00			`with open(tutils.test_data.path("data/text_cert_weird1"), "rb") as f:`
			`d = f.read()`
			`c = certutils.SSLCert.from_pem(d)`
Ignore SAN entries that we don't understand. 2012-07-24 02:55:54 +00:00			`# This breaks unless we ignore a decoding error.`
100% test coverage :tada: 2015-02-27 21:02:52 +00:00			`assert c.altnames is not None`
Ignore SAN entries that we don't understand. 2012-07-24 02:55:54 +00:00
Add certutils to netlib. 2012-06-27 04:42:00 +00:00			`def test_der(self):`
always use with statement to open files 2014-08-16 16:35:58 +00:00			`with open(tutils.test_data.path("data/dercert"), "rb") as f:`
			`d = f.read()`
Add certutils to netlib. 2012-06-27 04:42:00 +00:00			`s = certutils.SSLCert.from_der(d)`
			`assert s.cn`