mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-26 18:18:25 +00:00
Change variable o to organization for generated certficates.
This commit is contained in:
parent
d4f4cfe225
commit
cda4248610
@ -36,14 +36,14 @@ rD693XKIHUCWOjMh1if6omGXKHH40QuME2gNa50+YPn1iYDl88uDbbMCAQI=
|
||||
"""
|
||||
|
||||
|
||||
def create_ca(o, cn, exp):
|
||||
def create_ca(organization, cn, exp):
|
||||
key = OpenSSL.crypto.PKey()
|
||||
key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
|
||||
cert = OpenSSL.crypto.X509()
|
||||
cert.set_serial_number(int(time.time() * 10000))
|
||||
cert.set_version(2)
|
||||
cert.get_subject().CN = cn
|
||||
cert.get_subject().O = o
|
||||
cert.get_subject().O = organization
|
||||
cert.gmtime_adj_notBefore(-3600 * 48)
|
||||
cert.gmtime_adj_notAfter(exp)
|
||||
cert.set_issuer(cert.get_subject())
|
||||
@ -80,7 +80,7 @@ def create_ca(o, cn, exp):
|
||||
return key, cert
|
||||
|
||||
|
||||
def dummy_cert(privkey, cacert, commonname, sans, o):
|
||||
def dummy_cert(privkey, cacert, commonname, sans, organization):
|
||||
"""
|
||||
Generates a dummy certificate.
|
||||
|
||||
@ -88,7 +88,7 @@ def dummy_cert(privkey, cacert, commonname, sans, o):
|
||||
cacert: CA certificate
|
||||
commonname: Common name for the generated certificate.
|
||||
sans: A list of Subject Alternate Names.
|
||||
o: Organization name for the generated certificate.
|
||||
organization: Organization name for the generated certificate.
|
||||
|
||||
Returns cert if operation succeeded, None if not.
|
||||
"""
|
||||
@ -108,8 +108,8 @@ def dummy_cert(privkey, cacert, commonname, sans, o):
|
||||
cert.set_issuer(cacert.get_subject())
|
||||
if commonname is not None and len(commonname) < 64:
|
||||
cert.get_subject().CN = commonname
|
||||
if o is not None:
|
||||
cert.get_subject().O = o
|
||||
if organization is not None:
|
||||
cert.get_subject().O = organization
|
||||
cert.set_serial_number(int(time.time() * 10000))
|
||||
if ss:
|
||||
cert.set_version(2)
|
||||
@ -215,14 +215,14 @@ class CertStore:
|
||||
os.umask(original_umask)
|
||||
|
||||
@staticmethod
|
||||
def create_store(path, basename, o=None, cn=None, expiry=DEFAULT_EXP):
|
||||
def create_store(path, basename, organization=None, cn=None, expiry=DEFAULT_EXP):
|
||||
if not os.path.exists(path):
|
||||
os.makedirs(path)
|
||||
|
||||
o = o or basename
|
||||
organization = organization or basename
|
||||
cn = cn or basename
|
||||
|
||||
key, ca = create_ca(o=o, cn=cn, exp=expiry)
|
||||
key, ca = create_ca(organization=organization, cn=cn, exp=expiry)
|
||||
# Dump the CA plus private key
|
||||
with CertStore.umask_secret(), open(os.path.join(path, basename + "-ca.pem"), "wb") as f:
|
||||
f.write(
|
||||
@ -308,7 +308,7 @@ class CertStore:
|
||||
ret.append(b"*." + b".".join(parts[i:]))
|
||||
return ret
|
||||
|
||||
def get_cert(self, commonname: typing.Optional[bytes], sans: typing.List[bytes], o: typing.Optional[bytes] = None):
|
||||
def get_cert(self, commonname: typing.Optional[bytes], sans: typing.List[bytes], organization: typing.Optional[bytes] = None):
|
||||
"""
|
||||
Returns an (cert, privkey, cert_chain) tuple.
|
||||
|
||||
@ -317,7 +317,7 @@ class CertStore:
|
||||
|
||||
sans: A list of Subject Alternate Names.
|
||||
|
||||
o: Organization name for the generated certificate.
|
||||
organization: Organization name for the generated certificate.
|
||||
"""
|
||||
|
||||
potential_keys: typing.List[TCertId] = []
|
||||
@ -341,7 +341,7 @@ class CertStore:
|
||||
self.default_ca,
|
||||
commonname,
|
||||
sans,
|
||||
o),
|
||||
organization),
|
||||
privatekey=self.default_privatekey,
|
||||
chain_file=self.default_chain_file)
|
||||
self.certs[(commonname, tuple(sans))] = entry
|
||||
@ -454,7 +454,7 @@ class Cert(serializable.Serializable):
|
||||
return c
|
||||
|
||||
@property
|
||||
def o(self):
|
||||
def organization(self):
|
||||
c = None
|
||||
for i in self.subject:
|
||||
if i[0] == b"O":
|
||||
|
@ -464,12 +464,12 @@ class TlsLayer(base.Layer):
|
||||
|
||||
def _find_cert(self):
|
||||
"""
|
||||
This function determines the Common Name (CN) and Subject Alternative Names (SANs)
|
||||
This function determines the Common Name (CN), Subject Alternative Names (SANs) and Organization Name
|
||||
our certificate should have and then fetches a matching cert from the certstore.
|
||||
"""
|
||||
host = None
|
||||
sans = set()
|
||||
o = None
|
||||
organization = None
|
||||
|
||||
# In normal operation, the server address should always be known at this point.
|
||||
# However, we may just want to establish TLS so that we can send an error message to the client,
|
||||
@ -489,8 +489,8 @@ class TlsLayer(base.Layer):
|
||||
if upstream_cert.cn:
|
||||
sans.add(host)
|
||||
host = upstream_cert.cn.decode("utf8").encode("idna")
|
||||
if upstream_cert.o:
|
||||
o = upstream_cert.o
|
||||
if upstream_cert.organization:
|
||||
organization = upstream_cert.organization
|
||||
# Also add SNI values.
|
||||
if self._client_hello.sni:
|
||||
sans.add(self._client_hello.sni.encode("idna"))
|
||||
@ -501,4 +501,4 @@ class TlsLayer(base.Layer):
|
||||
# In other words, the Common Name is irrelevant then.
|
||||
if host:
|
||||
sans.add(host)
|
||||
return self.config.certstore.get_cert(host, list(sans), o)
|
||||
return self.config.certstore.get_cert(host, list(sans), organization)
|
||||
|
@ -134,7 +134,7 @@ class TestDummyCert:
|
||||
)
|
||||
assert r.cn == b"foo.com"
|
||||
assert r.altnames == [b'one.com', b'two.com', b'*.three.com']
|
||||
assert r.o == b"Foo Ltd."
|
||||
assert r.organization == b"Foo Ltd."
|
||||
|
||||
r = certs.dummy_cert(
|
||||
ca.default_privatekey,
|
||||
@ -144,7 +144,7 @@ class TestDummyCert:
|
||||
None
|
||||
)
|
||||
assert r.cn is None
|
||||
assert r.o is None
|
||||
assert r.organization is None
|
||||
assert r.altnames == []
|
||||
|
||||
|
||||
@ -156,7 +156,7 @@ class TestCert:
|
||||
c1 = certs.Cert.from_pem(d)
|
||||
assert c1.cn == b"google.com"
|
||||
assert len(c1.altnames) == 436
|
||||
assert c1.o == b"Google Inc"
|
||||
assert c1.organization == b"Google Inc"
|
||||
|
||||
with open(tdata.path("mitmproxy/net/data/text_cert_2"), "rb") as f:
|
||||
d = f.read()
|
||||
|
Loading…
Reference in New Issue
Block a user