mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-26 18:18:25 +00:00
Add tests for add-server-certs-to-client-chain feature
This commit is contained in:
ikoz
parent
9b970b0303
commit
776e625413
@ -999,3 +999,63 @@ class TestProxyChainingSSLReconnect(tservers.HTTPUpstreamProxyTest):
|
|||||||
# (both terminated)
|
# (both terminated)
|
||||||
# nothing happened here
|
# nothing happened here
|
||||||
assert self.chain[1].tmaster.state.flow_count() == 2
|
assert self.chain[1].tmaster.state.flow_count() == 2
|
||||||
|
|
||||||
|
|
||||||
|
class TestHTTPSAddServerCertsToClientChainTrue(tservers.HTTPProxyTest):
|
||||||
|
ssl = True
|
||||||
|
add_server_certs_to_client_chain = True
|
||||||
|
servercert = tutils.test_data.path("data/trusted-server.crt")
|
||||||
|
ssloptions = pathod.SSLOptions(
|
||||||
|
cn="trusted-cert",
|
||||||
|
certs=[
|
||||||
|
("trusted-cert", servercert)
|
||||||
|
]
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_add_server_certs_to_client_chain_true(self):
|
||||||
|
"""
|
||||||
|
If --add-server-certs-to-client-chain is True, then the client should receive the server's certificates
|
||||||
|
"""
|
||||||
|
with open(self.servercert, "rb") as f:
|
||||||
|
d = f.read()
|
||||||
|
c1 = SSLCert.from_pem(d)
|
||||||
|
p = self.pathoc()
|
||||||
|
print("digest of p.cert[1]: %s"%p.server_certs[1].digest('sha256'))
|
||||||
|
print("digest of c1.cert[1]: %s"%c1.digest('sha256'))
|
||||||
|
server_cert_found_in_client_chain = False
|
||||||
|
|
||||||
|
for cert in p.server_certs:
|
||||||
|
if cert.digest('sha256') == c1.digest('sha256'):
|
||||||
|
server_cert_found_in_client_chain = True
|
||||||
|
break
|
||||||
|
|
||||||
|
assert(server_cert_found_in_client_chain == True)
|
||||||
|
|
||||||
|
|
||||||
|
class TestHTTPSAddServerCertsToClientChainFalse(tservers.HTTPProxyTest):
|
||||||
|
ssl = True
|
||||||
|
add_server_certs_to_client_chain = False
|
||||||
|
servercert = tutils.test_data.path("data/trusted-server.crt")
|
||||||
|
ssloptions = pathod.SSLOptions(
|
||||||
|
cn="trusted-cert",
|
||||||
|
certs=[
|
||||||
|
("trusted-cert", servercert)
|
||||||
|
]
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_add_server_certs_to_client_chain_false(self):
|
||||||
|
"""
|
||||||
|
If --add-server-certs-to-client-chain is False, then the client should not receive the server's certificates
|
||||||
|
"""
|
||||||
|
with open(self.servercert, "rb") as f:
|
||||||
|
d = f.read()
|
||||||
|
c1 = SSLCert.from_pem(d)
|
||||||
|
p = self.pathoc()
|
||||||
|
server_cert_found_in_client_chain = False
|
||||||
|
|
||||||
|
for cert in p.server_certs:
|
||||||
|
if cert.digest('sha256') == c1.digest('sha256'):
|
||||||
|
server_cert_found_in_client_chain = True
|
||||||
|
break
|
||||||
|
|
||||||
|
assert(server_cert_found_in_client_chain == False)
|
||||||
|
|||||||
@ -86,6 +86,7 @@ class ProxyTestBase(object):
|
|||||||
no_upstream_cert = False
|
no_upstream_cert = False
|
||||||
authenticator = None
|
authenticator = None
|
||||||
masterclass = TestMaster
|
masterclass = TestMaster
|
||||||
|
add_server_certs_to_client_chain = False
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def setup_class(cls):
|
def setup_class(cls):
|
||||||
@ -129,6 +130,7 @@ class ProxyTestBase(object):
|
|||||||
no_upstream_cert = cls.no_upstream_cert,
|
no_upstream_cert = cls.no_upstream_cert,
|
||||||
cadir = cls.cadir,
|
cadir = cls.cadir,
|
||||||
authenticator = cls.authenticator,
|
authenticator = cls.authenticator,
|
||||||
|
add_server_certs_to_client_chain = cls.add_server_certs_to_client_chain,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user