Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-23 00:01:36 +00:00
Code Issues Projects Releases Wiki Activity

Add Organization field for the generated certificate (#3376)

Browse Source 
add organization field for the generated certificate
This commit is contained in:
Abcdefghijklmnopqrstuvwxyzxyz 2018-11-09 16:06:04 +08:00 committed by Maximilian Hils
parent 3f3ed4743a
commit d4f4cfe225
3 changed files with 28 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
mitmproxy/certs.py
View File

@ -80,7 +80,7 @@ def create_ca(o, cn, exp):
return key, cert
def dummy_cert(privkey, cacert, commonname, sans):
def dummy_cert(privkey, cacert, commonname, sans, o):
"""
Generates a dummy certificate.
@ -88,6 +88,7 @@ def dummy_cert(privkey, cacert, commonname, sans):
cacert: CA certificate
commonname: Common name for the generated certificate.
sans: A list of Subject Alternate Names.
o: Organization name for the generated certificate.
Returns cert if operation succeeded, None if not.
"""
@ -107,6 +108,8 @@ def dummy_cert(privkey, cacert, commonname, sans):
cert.set_issuer(cacert.get_subject())
if commonname is not None and len(commonname) < 64:
cert.get_subject().CN = commonname
if o is not None:
cert.get_subject().O = o
cert.set_serial_number(int(time.time() * 10000))
if ss:
cert.set_version(2)
@ -305,7 +308,7 @@ class CertStore:
ret.append(b"*." + b".".join(parts[i:]))
return ret
def get_cert(self, commonname: typing.Optional[bytes], sans: typing.List[bytes]):
def get_cert(self, commonname: typing.Optional[bytes], sans: typing.List[bytes], o: typing.Optional[bytes] = None):
"""
Returns an (cert, privkey, cert_chain) tuple.
@ -313,6 +316,8 @@ class CertStore:
valid, plain-ASCII, IDNA-encoded domain name.
sans: A list of Subject Alternate Names.
o: Organization name for the generated certificate.
"""
potential_keys: typing.List[TCertId] = []
@ -335,7 +340,8 @@ class CertStore:
self.default_privatekey,
self.default_ca,
commonname,
sans),
sans,
o),
privatekey=self.default_privatekey,
chain_file=self.default_chain_file)
self.certs[(commonname, tuple(sans))] = entry
@ -447,6 +453,14 @@ class Cert(serializable.Serializable):
c = i[1]
return c
@property
def o(self):
c = None
for i in self.subject:
if i[0] == b"O":
c = i[1]
return c
@property
def altnames(self):
"""

5
mitmproxy/proxy/protocol/tls.py
View File

@ -469,6 +469,7 @@ class TlsLayer(base.Layer):
"""
host = None
sans = set()
o = None
# In normal operation, the server address should always be known at this point.
# However, we may just want to establish TLS so that we can send an error message to the client,
@ -488,6 +489,8 @@ class TlsLayer(base.Layer):
if upstream_cert.cn:
sans.add(host)
host = upstream_cert.cn.decode("utf8").encode("idna")
if upstream_cert.o:
o = upstream_cert.o
# Also add SNI values.
if self._client_hello.sni:
sans.add(self._client_hello.sni.encode("idna"))
@ -498,4 +501,4 @@ class TlsLayer(base.Layer):
# In other words, the Common Name is irrelevant then.
if host:
sans.add(host)
return self.config.certstore.get_cert(host, list(sans))
return self.config.certstore.get_cert(host, list(sans), o)

9
test/mitmproxy/test_certs.py
View File

@ -129,18 +129,22 @@ class TestDummyCert:
ca.default_privatekey,
ca.default_ca,
b"foo.com",
[b"one.com", b"two.com", b"*.three.com", b"127.0.0.1"]
[b"one.com", b"two.com", b"*.three.com", b"127.0.0.1"],
b"Foo Ltd."
)
assert r.cn == b"foo.com"
assert r.altnames == [b'one.com', b'two.com', b'*.three.com']
assert r.o == b"Foo Ltd."
r = certs.dummy_cert(
ca.default_privatekey,
ca.default_ca,
None,
[]
[],
None
)
assert r.cn is None
assert r.o is None
assert r.altnames == []
@ -152,6 +156,7 @@ class TestCert:
c1 = certs.Cert.from_pem(d)
assert c1.cn == b"google.com"
assert len(c1.altnames) == 436
assert c1.o == b"Google Inc"
with open(tdata.path("mitmproxy/net/data/text_cert_2"), "rb") as f:
d = f.read()