Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2025-02-02 08:15:22 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #3382 from abhigyank/org

Browse Source 
Change variable o to organization for generated certficates.
This commit is contained in:
Thomas Kriechbaumer 2018-11-12 09:34:16 +01:00 committed by GitHub
commit 6f893a83c0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
mitmproxy/certs.py
View File

@ -36,14 +36,14 @@ rD693XKIHUCWOjMh1if6omGXKHH40QuME2gNa50+YPn1iYDl88uDbbMCAQI=
""" """
def create_ca(o, cn, exp): def create_ca(organization, cn, exp):
key = OpenSSL.crypto.PKey() key = OpenSSL.crypto.PKey()
key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048) key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
cert = OpenSSL.crypto.X509() cert = OpenSSL.crypto.X509()
cert.set_serial_number(int(time.time() * 10000)) cert.set_serial_number(int(time.time() * 10000))
cert.set_version(2) cert.set_version(2)
cert.get_subject().CN = cn cert.get_subject().CN = cn
cert.get_subject().O = o cert.get_subject().O = organization
cert.gmtime_adj_notBefore(-3600 * 48) cert.gmtime_adj_notBefore(-3600 * 48)
cert.gmtime_adj_notAfter(exp) cert.gmtime_adj_notAfter(exp)
cert.set_issuer(cert.get_subject()) cert.set_issuer(cert.get_subject())
@ -80,7 +80,7 @@ def create_ca(o, cn, exp):
return key, cert return key, cert
def dummy_cert(privkey, cacert, commonname, sans, o): def dummy_cert(privkey, cacert, commonname, sans, organization):
""" """
Generates a dummy certificate. Generates a dummy certificate.
@ -88,7 +88,7 @@ def dummy_cert(privkey, cacert, commonname, sans, o):
cacert: CA certificate cacert: CA certificate
commonname: Common name for the generated certificate. commonname: Common name for the generated certificate.
sans: A list of Subject Alternate Names. sans: A list of Subject Alternate Names.
o: Organization name for the generated certificate. organization: Organization name for the generated certificate.
Returns cert if operation succeeded, None if not. Returns cert if operation succeeded, None if not.
""" """
@ -108,8 +108,8 @@ def dummy_cert(privkey, cacert, commonname, sans, o):
cert.set_issuer(cacert.get_subject()) cert.set_issuer(cacert.get_subject())
if commonname is not None and len(commonname) < 64: if commonname is not None and len(commonname) < 64:
cert.get_subject().CN = commonname cert.get_subject().CN = commonname
if o is not None: if organization is not None:
cert.get_subject().O = o cert.get_subject().O = organization
cert.set_serial_number(int(time.time() * 10000)) cert.set_serial_number(int(time.time() * 10000))
if ss: if ss:
cert.set_version(2) cert.set_version(2)
@ -215,14 +215,14 @@ class CertStore:
os.umask(original_umask) os.umask(original_umask)
@staticmethod @staticmethod
def create_store(path, basename, o=None, cn=None, expiry=DEFAULT_EXP): def create_store(path, basename, organization=None, cn=None, expiry=DEFAULT_EXP):
if not os.path.exists(path): if not os.path.exists(path):
os.makedirs(path) os.makedirs(path)
o = o or basename organization = organization or basename
cn = cn or basename cn = cn or basename
key, ca = create_ca(o=o, cn=cn, exp=expiry) key, ca = create_ca(organization=organization, cn=cn, exp=expiry)
# Dump the CA plus private key # Dump the CA plus private key
with CertStore.umask_secret(), open(os.path.join(path, basename + "-ca.pem"), "wb") as f: with CertStore.umask_secret(), open(os.path.join(path, basename + "-ca.pem"), "wb") as f:
f.write( f.write(
@ -308,7 +308,7 @@ class CertStore:
ret.append(b"*." + b".".join(parts[i:])) ret.append(b"*." + b".".join(parts[i:]))
return ret return ret
def get_cert(self, commonname: typing.Optional[bytes], sans: typing.List[bytes], o: typing.Optional[bytes] = None): def get_cert(self, commonname: typing.Optional[bytes], sans: typing.List[bytes], organization: typing.Optional[bytes] = None):
""" """
Returns an (cert, privkey, cert_chain) tuple. Returns an (cert, privkey, cert_chain) tuple.
@ -317,7 +317,7 @@ class CertStore:
sans: A list of Subject Alternate Names. sans: A list of Subject Alternate Names.
o: Organization name for the generated certificate. organization: Organization name for the generated certificate.
""" """
potential_keys: typing.List[TCertId] = [] potential_keys: typing.List[TCertId] = []
@ -341,7 +341,7 @@ class CertStore:
self.default_ca, self.default_ca,
commonname, commonname,
sans, sans,
o), organization),
privatekey=self.default_privatekey, privatekey=self.default_privatekey,
chain_file=self.default_chain_file) chain_file=self.default_chain_file)
self.certs[(commonname, tuple(sans))] = entry self.certs[(commonname, tuple(sans))] = entry
@ -454,7 +454,7 @@ class Cert(serializable.Serializable):
return c return c
@property @property
def o(self): def organization(self):
c = None c = None
for i in self.subject: for i in self.subject:
if i[0] == b"O": if i[0] == b"O":

10
mitmproxy/proxy/protocol/tls.py
View File

@ -464,12 +464,12 @@ class TlsLayer(base.Layer):
def _find_cert(self): def _find_cert(self):
""" """
This function determines the Common Name (CN) and Subject Alternative Names (SANs) This function determines the Common Name (CN), Subject Alternative Names (SANs) and Organization Name
our certificate should have and then fetches a matching cert from the certstore. our certificate should have and then fetches a matching cert from the certstore.
""" """
host = None host = None
sans = set() sans = set()
o = None organization = None
# In normal operation, the server address should always be known at this point. # In normal operation, the server address should always be known at this point.
# However, we may just want to establish TLS so that we can send an error message to the client, # However, we may just want to establish TLS so that we can send an error message to the client,
@ -489,8 +489,8 @@ class TlsLayer(base.Layer):
if upstream_cert.cn: if upstream_cert.cn:
sans.add(host) sans.add(host)
host = upstream_cert.cn.decode("utf8").encode("idna") host = upstream_cert.cn.decode("utf8").encode("idna")
if upstream_cert.o: if upstream_cert.organization:
o = upstream_cert.o organization = upstream_cert.organization
# Also add SNI values. # Also add SNI values.
if self._client_hello.sni: if self._client_hello.sni:
sans.add(self._client_hello.sni.encode("idna")) sans.add(self._client_hello.sni.encode("idna"))
@ -501,4 +501,4 @@ class TlsLayer(base.Layer):
# In other words, the Common Name is irrelevant then. # In other words, the Common Name is irrelevant then.
if host: if host:
sans.add(host) sans.add(host)
return self.config.certstore.get_cert(host, list(sans), o) return self.config.certstore.get_cert(host, list(sans), organization)

6
test/mitmproxy/test_certs.py
View File

@ -134,7 +134,7 @@ class TestDummyCert:
) )
assert r.cn == b"foo.com" assert r.cn == b"foo.com"
assert r.altnames == [b'one.com', b'two.com', b'*.three.com'] assert r.altnames == [b'one.com', b'two.com', b'*.three.com']
assert r.o == b"Foo Ltd." assert r.organization == b"Foo Ltd."
r = certs.dummy_cert( r = certs.dummy_cert(
ca.default_privatekey, ca.default_privatekey,
@ -144,7 +144,7 @@ class TestDummyCert:
None None
) )
assert r.cn is None assert r.cn is None
assert r.o is None assert r.organization is None
assert r.altnames == [] assert r.altnames == []
@ -156,7 +156,7 @@ class TestCert:
c1 = certs.Cert.from_pem(d) c1 = certs.Cert.from_pem(d)
assert c1.cn == b"google.com" assert c1.cn == b"google.com"
assert len(c1.altnames) == 436 assert len(c1.altnames) == 436
assert c1.o == b"Google Inc" assert c1.organization == b"Google Inc"
with open(tdata.path("mitmproxy/net/data/text_cert_2"), "rb") as f: with open(tdata.path("mitmproxy/net/data/text_cert_2"), "rb") as f:
d = f.read() d = f.read()