Merge pull request #2066 from Kriechi/certs-tests

certs: coverage++

mitmproxy/certs.py

@@ -356,14 +356,14 @@ class CertStore:
 
 
 class _GeneralName(univ.Choice):
-    # We are only interested in dNSNames. We use a default handler to ignore
-    # other types.
-    # TODO: We should also handle iPAddresses.
+    # We only care about dNSName and iPAddress
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('dNSName', char.IA5String().subtype(
             implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)
-        )
-        ),
+        )),
+        namedtype.NamedType('iPAddress', univ.OctetString().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7)
+        )),
     )
 
 
@@ -477,5 +477,10 @@ class SSLCert(serializable.Serializable):
                 except PyAsn1Error:
                     continue
                 for i in dec[0]:
-                    altnames.append(i[0].asOctets())
+                    if i[0] is None and isinstance(i[1], univ.OctetString) and not isinstance(i[1], char.IA5String):
+                        # This would give back the IP address: b'.'.join([str(e).encode() for e in i[1].asNumbers()])
+                        continue
+                    else:
+                        e = i[0].asOctets()
+                    altnames.append(e)
         return altnames

setup.cfg

@@ -34,7 +34,6 @@ exclude =
     mitmproxy/proxy/root_context.py
     mitmproxy/proxy/server.py
     mitmproxy/tools/
-    mitmproxy/certs.py
     mitmproxy/controller.py
     mitmproxy/export.py
     mitmproxy/flow.py
@@ -50,7 +49,6 @@ exclude =
     mitmproxy/addonmanager.py
     mitmproxy/addons/onboardingapp/app.py
     mitmproxy/addons/termlog.py
-    mitmproxy/certs.py
     mitmproxy/contentviews/base.py
     mitmproxy/contentviews/wbxml.py
     mitmproxy/contentviews/xml_html.py

test/mitmproxy/net/test_tcp.py

@@ -602,12 +602,6 @@ class TestDHParams(tservers.ServerTestBase):
             ret = c.get_current_cipher()
             assert ret[0] == "DHE-RSA-AES256-SHA"
 
-    def test_create_dhparams(self):
-        with tutils.tmpdir() as d:
-            filename = os.path.join(d, "dhparam.pem")
-            certs.CertStore.load_dhparam(filename)
-            assert os.path.exists(filename)
-
 
 class TestTCPClient:
 

test/mitmproxy/test_certs.py

@@ -117,6 +117,12 @@ class TestCertStore:
             ret = ca1.get_cert(b"foo.com", [])
             assert ret[0].serial == dc[0].serial
 
+    def test_create_dhparams(self):
+        with tutils.tmpdir() as d:
+            filename = os.path.join(d, "dhparam.pem")
+            certs.CertStore.load_dhparam(filename)
+            assert os.path.exists(filename)
+
 
 class TestDummyCert:
 
@@ -127,9 +133,10 @@ class TestDummyCert:
                 ca.default_privatekey,
                 ca.default_ca,
                 b"foo.com",
-                [b"one.com", b"two.com", b"*.three.com"]
+                [b"one.com", b"two.com", b"*.three.com", b"127.0.0.1"]
             )
             assert r.cn == b"foo.com"
+            assert r.altnames == [b'one.com', b'two.com', b'*.three.com']
 
             r = certs.dummy_cert(
                 ca.default_privatekey,
@@ -138,6 +145,7 @@ class TestDummyCert:
                 []
             )
             assert r.cn is None
+            assert r.altnames == []
 
 
 class TestSSLCert:
@@ -179,3 +187,20 @@ class TestSSLCert:
             d = f.read()
         s = certs.SSLCert.from_der(d)
         assert s.cn
+
+    def test_state(self):
+        with open(tutils.test_data.path("mitmproxy/net/data/text_cert"), "rb") as f:
+            d = f.read()
+        c = certs.SSLCert.from_pem(d)
+
+        c.get_state()
+        c2 = c.copy()
+        a = c.get_state()
+        b = c2.get_state()
+        assert a == b
+        assert c == c2
+        assert c is not c2
+
+        x = certs.SSLCert('')
+        x.set_state(a)
+        assert x == c