diff options
| -rw-r--r-- | mitmproxy/certs.py | 26 | ||||
| -rw-r--r-- | mitmproxy/proxy/protocol/tls.py | 10 | ||||
| -rw-r--r-- | test/mitmproxy/test_certs.py | 6 |
3 files changed, 21 insertions, 21 deletions
diff --git a/mitmproxy/certs.py b/mitmproxy/certs.py index 6970618e..6f5f8c09 100644 --- a/mitmproxy/certs.py +++ b/mitmproxy/certs.py @@ -36,14 +36,14 @@ rD693XKIHUCWOjMh1if6omGXKHH40QuME2gNa50+YPn1iYDl88uDbbMCAQI= """ -def create_ca(o, cn, exp): +def create_ca(organization, cn, exp): key = OpenSSL.crypto.PKey() key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048) cert = OpenSSL.crypto.X509() cert.set_serial_number(int(time.time() * 10000)) cert.set_version(2) cert.get_subject().CN = cn - cert.get_subject().O = o + cert.get_subject().O = organization cert.gmtime_adj_notBefore(-3600 * 48) cert.gmtime_adj_notAfter(exp) cert.set_issuer(cert.get_subject()) @@ -80,7 +80,7 @@ def create_ca(o, cn, exp): return key, cert -def dummy_cert(privkey, cacert, commonname, sans, o): +def dummy_cert(privkey, cacert, commonname, sans, organization): """ Generates a dummy certificate. @@ -88,7 +88,7 @@ def dummy_cert(privkey, cacert, commonname, sans, o): cacert: CA certificate commonname: Common name for the generated certificate. sans: A list of Subject Alternate Names. - o: Organization name for the generated certificate. + organization: Organization name for the generated certificate. Returns cert if operation succeeded, None if not. """ @@ -108,8 +108,8 @@ def dummy_cert(privkey, cacert, commonname, sans, o): cert.set_issuer(cacert.get_subject()) if commonname is not None and len(commonname) < 64: cert.get_subject().CN = commonname - if o is not None: - cert.get_subject().O = o + if organization is not None: + cert.get_subject().O = organization cert.set_serial_number(int(time.time() * 10000)) if ss: cert.set_version(2) @@ -215,14 +215,14 @@ class CertStore: os.umask(original_umask) @staticmethod - def create_store(path, basename, o=None, cn=None, expiry=DEFAULT_EXP): + def create_store(path, basename, organization=None, cn=None, expiry=DEFAULT_EXP): if not os.path.exists(path): os.makedirs(path) - o = o or basename + organization = organization or basename cn = cn or basename - key, ca = create_ca(o=o, cn=cn, exp=expiry) + key, ca = create_ca(organization=organization, cn=cn, exp=expiry) # Dump the CA plus private key with CertStore.umask_secret(), open(os.path.join(path, basename + "-ca.pem"), "wb") as f: f.write( @@ -308,7 +308,7 @@ class CertStore: ret.append(b"*." + b".".join(parts[i:])) return ret - def get_cert(self, commonname: typing.Optional[bytes], sans: typing.List[bytes], o: typing.Optional[bytes] = None): + def get_cert(self, commonname: typing.Optional[bytes], sans: typing.List[bytes], organization: typing.Optional[bytes] = None): """ Returns an (cert, privkey, cert_chain) tuple. @@ -317,7 +317,7 @@ class CertStore: sans: A list of Subject Alternate Names. - o: Organization name for the generated certificate. + organization: Organization name for the generated certificate. """ potential_keys: typing.List[TCertId] = [] @@ -341,7 +341,7 @@ class CertStore: self.default_ca, commonname, sans, - o), + organization), privatekey=self.default_privatekey, chain_file=self.default_chain_file) self.certs[(commonname, tuple(sans))] = entry @@ -454,7 +454,7 @@ class Cert(serializable.Serializable): return c @property - def o(self): + def organization(self): c = None for i in self.subject: if i[0] == b"O": diff --git a/mitmproxy/proxy/protocol/tls.py b/mitmproxy/proxy/protocol/tls.py index 3577af13..096aae9f 100644 --- a/mitmproxy/proxy/protocol/tls.py +++ b/mitmproxy/proxy/protocol/tls.py @@ -464,12 +464,12 @@ class TlsLayer(base.Layer): def _find_cert(self): """ - This function determines the Common Name (CN) and Subject Alternative Names (SANs) + This function determines the Common Name (CN), Subject Alternative Names (SANs) and Organization Name our certificate should have and then fetches a matching cert from the certstore. """ host = None sans = set() - o = None + organization = None # In normal operation, the server address should always be known at this point. # However, we may just want to establish TLS so that we can send an error message to the client, @@ -489,8 +489,8 @@ class TlsLayer(base.Layer): if upstream_cert.cn: sans.add(host) host = upstream_cert.cn.decode("utf8").encode("idna") - if upstream_cert.o: - o = upstream_cert.o + if upstream_cert.organization: + organization = upstream_cert.organization # Also add SNI values. if self._client_hello.sni: sans.add(self._client_hello.sni.encode("idna")) @@ -501,4 +501,4 @@ class TlsLayer(base.Layer): # In other words, the Common Name is irrelevant then. if host: sans.add(host) - return self.config.certstore.get_cert(host, list(sans), o) + return self.config.certstore.get_cert(host, list(sans), organization) diff --git a/test/mitmproxy/test_certs.py b/test/mitmproxy/test_certs.py index 9b4c9516..b8ad1d36 100644 --- a/test/mitmproxy/test_certs.py +++ b/test/mitmproxy/test_certs.py @@ -134,7 +134,7 @@ class TestDummyCert: ) assert r.cn == b"foo.com" assert r.altnames == [b'one.com', b'two.com', b'*.three.com'] - assert r.o == b"Foo Ltd." + assert r.organization == b"Foo Ltd." r = certs.dummy_cert( ca.default_privatekey, @@ -144,7 +144,7 @@ class TestDummyCert: None ) assert r.cn is None - assert r.o is None + assert r.organization is None assert r.altnames == [] @@ -156,7 +156,7 @@ class TestCert: c1 = certs.Cert.from_pem(d) assert c1.cn == b"google.com" assert len(c1.altnames) == 436 - assert c1.o == b"Google Inc" + assert c1.organization == b"Google Inc" with open(tdata.path("mitmproxy/net/data/text_cert_2"), "rb") as f: d = f.read() |