Merge pull request #2066 from Kriechi/certs-tests

certs: coverage++
author: Thomas Kriechbaumer <Kriechi@users.noreply.github.com> 2017-02-26 20:55:56 +0100
committer: GitHub <noreply@github.com> 2017-02-26 20:55:56 +0100
commit: 19b2208c27ac0d1240462377d34a727c3fada53d (patch)
tree: e023f982e8d310e13c09c41d83af1216ccc1751f
parent: 9b6986ea87927115f1974e2c3a442b17e86e352c (diff)
parent: e0bc1109c0e2b726436d3a7426f658fbdcffe136 (diff)
download: mitmproxy-19b2208c27ac0d1240462377d34a727c3fada53d.tar.gz
mitmproxy-19b2208c27ac0d1240462377d34a727c3fada53d.tar.bz2
mitmproxy-19b2208c27ac0d1240462377d34a727c3fada53d.zip
4 files changed, 39 insertions, 17 deletions
diff --git a/mitmproxy/certs.py b/mitmproxy/certs.py
index 4b939c80..6485eed7 100644
--- a/mitmproxy/certs.py
+++ b/mitmproxy/certs.py
@@ -93,9 +93,9 @@ def dummy_cert(privkey, cacert, commonname, sans):
         try:
             ipaddress.ip_address(i.decode("ascii"))
         except ValueError:
-            ss.append(b"DNS: %s" % i)
+            ss.append(b"DNS:%s" % i)
         else:
-            ss.append(b"IP: %s" % i)
+            ss.append(b"IP:%s" % i)
     ss = b", ".join(ss)
 
     cert = OpenSSL.crypto.X509()
@@ -356,14 +356,14 @@ class CertStore:
 
 
 class _GeneralName(univ.Choice):
-    # We are only interested in dNSNames. We use a default handler to ignore
-    # other types.
-    # TODO: We should also handle iPAddresses.
+    # We only care about dNSName and iPAddress
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('dNSName', char.IA5String().subtype(
             implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)
-        )
-        ),
+        )),
+        namedtype.NamedType('iPAddress', univ.OctetString().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7)
+        )),
     )
 
 
@@ -477,5 +477,10 @@ class SSLCert(serializable.Serializable):
                 except PyAsn1Error:
                     continue
                 for i in dec[0]:
-                    altnames.append(i[0].asOctets())
+                    if i[0] is None and isinstance(i[1], univ.OctetString) and not isinstance(i[1], char.IA5String):
+                        # This would give back the IP address: b'.'.join([str(e).encode() for e in i[1].asNumbers()])
+                        continue
+                    else:
+                        e = i[0].asOctets()
+                    altnames.append(e)
         return altnames
diff --git a/setup.cfg b/setup.cfg
index 79a87318..7fbb7f73 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -34,7 +34,6 @@ exclude =
     mitmproxy/proxy/root_context.py
     mitmproxy/proxy/server.py
     mitmproxy/tools/
-    mitmproxy/certs.py
     mitmproxy/controller.py
     mitmproxy/export.py
     mitmproxy/flow.py
@@ -50,7 +49,6 @@ exclude =
     mitmproxy/addonmanager.py
     mitmproxy/addons/onboardingapp/app.py
     mitmproxy/addons/termlog.py
-    mitmproxy/certs.py
     mitmproxy/contentviews/base.py
     mitmproxy/contentviews/wbxml.py
     mitmproxy/contentviews/xml_html.py
diff --git a/test/mitmproxy/net/test_tcp.py b/test/mitmproxy/net/test_tcp.py
index 252d896c..cf010f6e 100644
--- a/test/mitmproxy/net/test_tcp.py
+++ b/test/mitmproxy/net/test_tcp.py
@@ -602,12 +602,6 @@ class TestDHParams(tservers.ServerTestBase):
             ret = c.get_current_cipher()
             assert ret[0] == "DHE-RSA-AES256-SHA"
 
-    def test_create_dhparams(self):
-        with tutils.tmpdir() as d:
-            filename = os.path.join(d, "dhparam.pem")
-            certs.CertStore.load_dhparam(filename)
-            assert os.path.exists(filename)
-
 
 class TestTCPClient:
 
diff --git a/test/mitmproxy/test_certs.py b/test/mitmproxy/test_certs.py
index f1eff9ba..9bd3ad25 100644
--- a/test/mitmproxy/test_certs.py
+++ b/test/mitmproxy/test_certs.py
@@ -117,6 +117,12 @@ class TestCertStore:
             ret = ca1.get_cert(b"foo.com", [])
             assert ret[0].serial == dc[0].serial
 
+    def test_create_dhparams(self):
+        with tutils.tmpdir() as d:
+            filename = os.path.join(d, "dhparam.pem")
+            certs.CertStore.load_dhparam(filename)
+            assert os.path.exists(filename)
+
 
 class TestDummyCert:
 
@@ -127,9 +133,10 @@ class TestDummyCert:
                 ca.default_privatekey,
                 ca.default_ca,
                 b"foo.com",
-                [b"one.com", b"two.com", b"*.three.com"]
+                [b"one.com", b"two.com", b"*.three.com", b"127.0.0.1"]
             )
             assert r.cn == b"foo.com"
+            assert r.altnames == [b'one.com', b'two.com', b'*.three.com']
 
             r = certs.dummy_cert(
                 ca.default_privatekey,
@@ -138,6 +145,7 @@ class TestDummyCert:
                 []
             )
             assert r.cn is None
+            assert r.altnames == []
 
 
 class TestSSLCert:
@@ -179,3 +187,20 @@ class TestSSLCert:
             d = f.read()
         s = certs.SSLCert.from_der(d)
         assert s.cn
+
+    def test_state(self):
+        with open(tutils.test_data.path("mitmproxy/net/data/text_cert"), "rb") as f:
+            d = f.read()
+        c = certs.SSLCert.from_pem(d)
+
+        c.get_state()
+        c2 = c.copy()
+        a = c.get_state()
+        b = c2.get_state()
+        assert a == b
+        assert c == c2
+        assert c is not c2
+
+        x = certs.SSLCert('')
+        x.set_state(a)
+        assert x == c
author	Thomas Kriechbaumer <Kriechi@users.noreply.github.com>	2017-02-26 20:55:56 +0100
committer	GitHub <noreply@github.com>	2017-02-26 20:55:56 +0100
commit	19b2208c27ac0d1240462377d34a727c3fada53d (patch)
tree	e023f982e8d310e13c09c41d83af1216ccc1751f
parent	9b6986ea87927115f1974e2c3a442b17e86e352c (diff)
parent	e0bc1109c0e2b726436d3a7426f658fbdcffe136 (diff)
download	mitmproxy-19b2208c27ac0d1240462377d34a727c3fada53d.tar.gz mitmproxy-19b2208c27ac0d1240462377d34a727c3fada53d.tar.bz2 mitmproxy-19b2208c27ac0d1240462377d34a727c3fada53d.zip