Add tests for add-server-certs-to-client-chain feature

2024-11-23 00:01:36 +00:00 · 2016-03-15 14:58:38 +00:00 · 2016-03-15 14:58:38 +00:00 · 776e625413
commit 776e625413
parent 9b970b0303
2 changed files with 62 additions and 0 deletions
--- a/test/mitmproxy/test_server.py
+++ b/test/mitmproxy/test_server.py
@ -999,3 +999,63 @@ class TestProxyChainingSSLReconnect(tservers.HTTPUpstreamProxyTest):
        # (both terminated)
        # nothing happened here
        assert self.chain[1].tmaster.state.flow_count() == 2
+
+
+class TestHTTPSAddServerCertsToClientChainTrue(tservers.HTTPProxyTest):
+    ssl = True
+    add_server_certs_to_client_chain = True
+    servercert = tutils.test_data.path("data/trusted-server.crt")
+    ssloptions = pathod.SSLOptions(
+            cn="trusted-cert",
+            certs=[
+                ("trusted-cert", servercert)
+            ]
+    )
+
+    def test_add_server_certs_to_client_chain_true(self):
+        """
+        If --add-server-certs-to-client-chain is True, then the client should receive the server's certificates
+        """
+        with open(self.servercert, "rb") as f:
+            d = f.read()
+        c1 = SSLCert.from_pem(d)
+        p = self.pathoc()
+        print("digest of p.cert[1]: %s"%p.server_certs[1].digest('sha256'))
+        print("digest of c1.cert[1]: %s"%c1.digest('sha256'))
+        server_cert_found_in_client_chain = False
+
+        for cert in p.server_certs:
+            if cert.digest('sha256') == c1.digest('sha256'):
+                server_cert_found_in_client_chain = True
+                break
+
+        assert(server_cert_found_in_client_chain == True)
+
+
+class TestHTTPSAddServerCertsToClientChainFalse(tservers.HTTPProxyTest):
+    ssl = True
+    add_server_certs_to_client_chain = False
+    servercert = tutils.test_data.path("data/trusted-server.crt")
+    ssloptions = pathod.SSLOptions(
+            cn="trusted-cert",
+            certs=[
+                ("trusted-cert", servercert)
+            ]
+    )
+
+    def test_add_server_certs_to_client_chain_false(self):
+        """
+        If --add-server-certs-to-client-chain is False, then the client should not receive the server's certificates
+        """
+        with open(self.servercert, "rb") as f:
+            d = f.read()
+        c1 = SSLCert.from_pem(d)
+        p = self.pathoc()
+        server_cert_found_in_client_chain = False
+
+        for cert in p.server_certs:
+            if cert.digest('sha256') == c1.digest('sha256'):
+                server_cert_found_in_client_chain = True
+                break
+
+        assert(server_cert_found_in_client_chain == False)
--- a/test/mitmproxy/tservers.py
+++ b/test/mitmproxy/tservers.py
@ -86,6 +86,7 @@ class ProxyTestBase(object):
    no_upstream_cert = False
    authenticator = None
    masterclass = TestMaster
+    add_server_certs_to_client_chain = False

    @classmethod
    def setup_class(cls):
@ -129,6 +130,7 @@ class ProxyTestBase(object):
            no_upstream_cert = cls.no_upstream_cert,
            cadir = cls.cadir,
            authenticator = cls.authenticator,
+            add_server_certs_to_client_chain = cls.add_server_certs_to_client_chain,
        )