From 776e625413fe7937853e1c812773f123b0bad9fc Mon Sep 17 00:00:00 2001 From: ikoz Date: Tue, 15 Mar 2016 14:58:38 +0000 Subject: Add tests for add-server-certs-to-client-chain feature --- test/mitmproxy/test_server.py | 60 +++++++++++++++++++++++++++++++++++++++++++ test/mitmproxy/tservers.py | 2 ++ 2 files changed, 62 insertions(+) (limited to 'test') diff --git a/test/mitmproxy/test_server.py b/test/mitmproxy/test_server.py index d7b23bbb..3286df89 100644 --- a/test/mitmproxy/test_server.py +++ b/test/mitmproxy/test_server.py @@ -999,3 +999,63 @@ class TestProxyChainingSSLReconnect(tservers.HTTPUpstreamProxyTest): # (both terminated) # nothing happened here assert self.chain[1].tmaster.state.flow_count() == 2 + + +class TestHTTPSAddServerCertsToClientChainTrue(tservers.HTTPProxyTest): + ssl = True + add_server_certs_to_client_chain = True + servercert = tutils.test_data.path("data/trusted-server.crt") + ssloptions = pathod.SSLOptions( + cn="trusted-cert", + certs=[ + ("trusted-cert", servercert) + ] + ) + + def test_add_server_certs_to_client_chain_true(self): + """ + If --add-server-certs-to-client-chain is True, then the client should receive the server's certificates + """ + with open(self.servercert, "rb") as f: + d = f.read() + c1 = SSLCert.from_pem(d) + p = self.pathoc() + print("digest of p.cert[1]: %s"%p.server_certs[1].digest('sha256')) + print("digest of c1.cert[1]: %s"%c1.digest('sha256')) + server_cert_found_in_client_chain = False + + for cert in p.server_certs: + if cert.digest('sha256') == c1.digest('sha256'): + server_cert_found_in_client_chain = True + break + + assert(server_cert_found_in_client_chain == True) + + +class TestHTTPSAddServerCertsToClientChainFalse(tservers.HTTPProxyTest): + ssl = True + add_server_certs_to_client_chain = False + servercert = tutils.test_data.path("data/trusted-server.crt") + ssloptions = pathod.SSLOptions( + cn="trusted-cert", + certs=[ + ("trusted-cert", servercert) + ] + ) + + def test_add_server_certs_to_client_chain_false(self): + """ + If --add-server-certs-to-client-chain is False, then the client should not receive the server's certificates + """ + with open(self.servercert, "rb") as f: + d = f.read() + c1 = SSLCert.from_pem(d) + p = self.pathoc() + server_cert_found_in_client_chain = False + + for cert in p.server_certs: + if cert.digest('sha256') == c1.digest('sha256'): + server_cert_found_in_client_chain = True + break + + assert(server_cert_found_in_client_chain == False) diff --git a/test/mitmproxy/tservers.py b/test/mitmproxy/tservers.py index b7b5de9e..cabd8e1f 100644 --- a/test/mitmproxy/tservers.py +++ b/test/mitmproxy/tservers.py @@ -86,6 +86,7 @@ class ProxyTestBase(object): no_upstream_cert = False authenticator = None masterclass = TestMaster + add_server_certs_to_client_chain = False @classmethod def setup_class(cls): @@ -129,6 +130,7 @@ class ProxyTestBase(object): no_upstream_cert = cls.no_upstream_cert, cadir = cls.cadir, authenticator = cls.authenticator, + add_server_certs_to_client_chain = cls.add_server_certs_to_client_chain, ) -- cgit v1.2.3 From efc3e942d5444dc345ae3f65d1e08f9a3b6313b1 Mon Sep 17 00:00:00 2001 From: ikoz Date: Wed, 16 Mar 2016 17:43:48 +0000 Subject: Restructuring of the AddServerCertsToClientChain test so that it uses a Mixin - also removed some extra printf statements --- test/mitmproxy/test_server.py | 63 +++++++++++++++++-------------------------- 1 file changed, 25 insertions(+), 38 deletions(-) (limited to 'test') diff --git a/test/mitmproxy/test_server.py b/test/mitmproxy/test_server.py index 3286df89..560c7b34 100644 --- a/test/mitmproxy/test_server.py +++ b/test/mitmproxy/test_server.py @@ -1001,61 +1001,48 @@ class TestProxyChainingSSLReconnect(tservers.HTTPUpstreamProxyTest): assert self.chain[1].tmaster.state.flow_count() == 2 -class TestHTTPSAddServerCertsToClientChainTrue(tservers.HTTPProxyTest): - ssl = True - add_server_certs_to_client_chain = True - servercert = tutils.test_data.path("data/trusted-server.crt") - ssloptions = pathod.SSLOptions( - cn="trusted-cert", - certs=[ - ("trusted-cert", servercert) - ] - ) +class AddServerCertsToClientChainMixin: - def test_add_server_certs_to_client_chain_true(self): - """ - If --add-server-certs-to-client-chain is True, then the client should receive the server's certificates - """ + def test_add_server_certs_to_client_chain(self): with open(self.servercert, "rb") as f: d = f.read() c1 = SSLCert.from_pem(d) p = self.pathoc() - print("digest of p.cert[1]: %s"%p.server_certs[1].digest('sha256')) - print("digest of c1.cert[1]: %s"%c1.digest('sha256')) server_cert_found_in_client_chain = False - for cert in p.server_certs: if cert.digest('sha256') == c1.digest('sha256'): server_cert_found_in_client_chain = True break + assert(server_cert_found_in_client_chain == self.add_server_certs_to_client_chain) - assert(server_cert_found_in_client_chain == True) +class TestHTTPSAddServerCertsToClientChainTrue(tservers.HTTPProxyTest, AddServerCertsToClientChainMixin): -class TestHTTPSAddServerCertsToClientChainFalse(tservers.HTTPProxyTest): + """ + If --add-server-certs-to-client-chain is True, then the client should receive the server's certificates + """ + add_server_certs_to_client_chain = True ssl = True - add_server_certs_to_client_chain = False servercert = tutils.test_data.path("data/trusted-server.crt") ssloptions = pathod.SSLOptions( - cn="trusted-cert", - certs=[ - ("trusted-cert", servercert) - ] + cn="trusted-cert", + certs=[ + ("trusted-cert", servercert) + ] ) - def test_add_server_certs_to_client_chain_false(self): - """ - If --add-server-certs-to-client-chain is False, then the client should not receive the server's certificates - """ - with open(self.servercert, "rb") as f: - d = f.read() - c1 = SSLCert.from_pem(d) - p = self.pathoc() - server_cert_found_in_client_chain = False - for cert in p.server_certs: - if cert.digest('sha256') == c1.digest('sha256'): - server_cert_found_in_client_chain = True - break +class TestHTTPSAddServerCertsToClientChainFalse(tservers.HTTPProxyTest, AddServerCertsToClientChainMixin): - assert(server_cert_found_in_client_chain == False) + """ + If --add-server-certs-to-client-chain is False, then the client should not receive the server's certificates + """ + add_server_certs_to_client_chain = False + ssl = True + servercert = tutils.test_data.path("data/trusted-server.crt") + ssloptions = pathod.SSLOptions( + cn="trusted-cert", + certs=[ + ("trusted-cert", servercert) + ] + ) -- cgit v1.2.3 From d26c7f4ca58165377f60d68babd47cf7e9377b3e Mon Sep 17 00:00:00 2001 From: ikoz Date: Wed, 16 Mar 2016 18:43:51 +0000 Subject: Move more init things inside AddServerCertsToClientChainMixin --- test/mitmproxy/test_server.py | 33 +++++++++++++-------------------- 1 file changed, 13 insertions(+), 20 deletions(-) (limited to 'test') diff --git a/test/mitmproxy/test_server.py b/test/mitmproxy/test_server.py index 560c7b34..a2d1a578 100644 --- a/test/mitmproxy/test_server.py +++ b/test/mitmproxy/test_server.py @@ -1003,6 +1003,15 @@ class TestProxyChainingSSLReconnect(tservers.HTTPUpstreamProxyTest): class AddServerCertsToClientChainMixin: + ssl = True + servercert = tutils.test_data.path("data/trusted-server.crt") + ssloptions = pathod.SSLOptions( + cn="trusted-cert", + certs=[ + ("trusted-cert", servercert) + ] + ) + def test_add_server_certs_to_client_chain(self): with open(self.servercert, "rb") as f: d = f.read() @@ -1016,33 +1025,17 @@ class AddServerCertsToClientChainMixin: assert(server_cert_found_in_client_chain == self.add_server_certs_to_client_chain) -class TestHTTPSAddServerCertsToClientChainTrue(tservers.HTTPProxyTest, AddServerCertsToClientChainMixin): +class TestHTTPSAddServerCertsToClientChainTrue(AddServerCertsToClientChainMixin, tservers.HTTPProxyTest): """ - If --add-server-certs-to-client-chain is True, then the client should receive the server's certificates + If --add-server-certs-to-client-chain is True, then the client should receive the upstream server's certificates """ add_server_certs_to_client_chain = True - ssl = True - servercert = tutils.test_data.path("data/trusted-server.crt") - ssloptions = pathod.SSLOptions( - cn="trusted-cert", - certs=[ - ("trusted-cert", servercert) - ] - ) -class TestHTTPSAddServerCertsToClientChainFalse(tservers.HTTPProxyTest, AddServerCertsToClientChainMixin): +class TestHTTPSAddServerCertsToClientChainFalse(AddServerCertsToClientChainMixin, tservers.HTTPProxyTest): """ - If --add-server-certs-to-client-chain is False, then the client should not receive the server's certificates + If --add-server-certs-to-client-chain is False, then the client should not receive the upstream server's certificates """ add_server_certs_to_client_chain = False - ssl = True - servercert = tutils.test_data.path("data/trusted-server.crt") - ssloptions = pathod.SSLOptions( - cn="trusted-cert", - certs=[ - ("trusted-cert", servercert) - ] - ) -- cgit v1.2.3 From 9cc55f211fcc74990eb5fafc3945dec6599f94b7 Mon Sep 17 00:00:00 2001 From: ikoz Date: Wed, 16 Mar 2016 19:20:18 +0000 Subject: Rename 'server' to 'upstream' in identifiers related to the AddServerCertsToClientChain feature --- test/mitmproxy/test_server.py | 24 ++++++++++++------------ test/mitmproxy/tservers.py | 4 ++-- 2 files changed, 14 insertions(+), 14 deletions(-) (limited to 'test') diff --git a/test/mitmproxy/test_server.py b/test/mitmproxy/test_server.py index a2d1a578..26e53e8a 100644 --- a/test/mitmproxy/test_server.py +++ b/test/mitmproxy/test_server.py @@ -1001,7 +1001,7 @@ class TestProxyChainingSSLReconnect(tservers.HTTPUpstreamProxyTest): assert self.chain[1].tmaster.state.flow_count() == 2 -class AddServerCertsToClientChainMixin: +class AddUpstreamCertsToClientChainMixin: ssl = True servercert = tutils.test_data.path("data/trusted-server.crt") @@ -1012,30 +1012,30 @@ class AddServerCertsToClientChainMixin: ] ) - def test_add_server_certs_to_client_chain(self): + def test_add_upstream_certs_to_client_chain(self): with open(self.servercert, "rb") as f: d = f.read() - c1 = SSLCert.from_pem(d) + upstreamCert = SSLCert.from_pem(d) p = self.pathoc() - server_cert_found_in_client_chain = False - for cert in p.server_certs: - if cert.digest('sha256') == c1.digest('sha256'): - server_cert_found_in_client_chain = True + upstream_cert_found_in_client_chain = False + for receivedCert in p.server_certs: + if receivedCert.digest('sha256') == upstreamCert.digest('sha256'): + upstream_cert_found_in_client_chain = True break - assert(server_cert_found_in_client_chain == self.add_server_certs_to_client_chain) + assert(upstream_cert_found_in_client_chain == self.add_upstream_certs_to_client_chain) -class TestHTTPSAddServerCertsToClientChainTrue(AddServerCertsToClientChainMixin, tservers.HTTPProxyTest): +class TestHTTPSAddUpstreamCertsToClientChainTrue(AddUpstreamCertsToClientChainMixin, tservers.HTTPProxyTest): """ If --add-server-certs-to-client-chain is True, then the client should receive the upstream server's certificates """ - add_server_certs_to_client_chain = True + add_upstream_certs_to_client_chain = True -class TestHTTPSAddServerCertsToClientChainFalse(AddServerCertsToClientChainMixin, tservers.HTTPProxyTest): +class TestHTTPSAddUpstreamCertsToClientChainFalse(AddUpstreamCertsToClientChainMixin, tservers.HTTPProxyTest): """ If --add-server-certs-to-client-chain is False, then the client should not receive the upstream server's certificates """ - add_server_certs_to_client_chain = False + add_upstream_certs_to_client_chain = False diff --git a/test/mitmproxy/tservers.py b/test/mitmproxy/tservers.py index cabd8e1f..4fa519cc 100644 --- a/test/mitmproxy/tservers.py +++ b/test/mitmproxy/tservers.py @@ -86,7 +86,7 @@ class ProxyTestBase(object): no_upstream_cert = False authenticator = None masterclass = TestMaster - add_server_certs_to_client_chain = False + add_upstream_certs_to_client_chain = False @classmethod def setup_class(cls): @@ -130,7 +130,7 @@ class ProxyTestBase(object): no_upstream_cert = cls.no_upstream_cert, cadir = cls.cadir, authenticator = cls.authenticator, - add_server_certs_to_client_chain = cls.add_server_certs_to_client_chain, + add_upstream_certs_to_client_chain = cls.add_upstream_certs_to_client_chain, ) -- cgit v1.2.3