Rooba
/
mitmproxy
mirror of https://github.com/mitmproxy/mitmproxy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add tests for client certificate support.

This commit is contained in:
Aldo Cortesi 2013-01-20 22:39:28 +13:00
parent 294bca139c
commit 25cb9471f0
8 changed files with 101 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libmproxy/proxy.py
View File

@ -29,14 +29,12 @@ class ProxyError(Exception):
return "ProxyError(%s, %s)"%(self.code, self.msg)
class Log(controller.Msg):
def __init__(self, msg):
controller.Msg.__init__(self)
self.msg = msg
class ProxyConfig:
def __init__(self, certfile = None, cacert = None, clientcerts = None, no_upstream_cert=False, body_size_limit = None, reverse_proxy=None, transparent_proxy=None, certdir = None, authenticator=None):
assert not (reverse_proxy and transparent_proxy)

3
test/data/clientcert/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
client.crt
client.key
client.req

66
test/data/clientcert/127.0.0.1.pem
View File

@ -1,32 +1,42 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQC+6rG6A/BGD0dI+mh2FZIqQZn82z/pGs4f3pyxbHb+ROxjjQOr
fDCw2jc11XDxK7CXpDQAnkO6au/sQ5t50vSZ+PGhFD+t558VV2ausB5OYZsR7RRx
gl1jsxWdde3EHGjxSK+aXRgFpVrZzPLSy6dl8tMoqUMWIBi0u1WTbmyYjwIDAQAB
AoGBAKyqhmK9/Sjf2JDgKGnjyHX/Ls3JXVvtqk6Yfw7YEiaVH1ZJyu/lOgQ414YQ
rDzyTpxXHdERUh/fZ24/FvZvHFgy5gWEQjQPpprIxvqCLKJhX73L2+TnXmfYDApb
J7V/JfnTeOaK9LTpHsofB98A1s9DWX/ccOgKTtZIYMjYpdoBAkEA9hLvtixbO2A2
ZgDcA9ftVX2WwdpRH+mYXl1G60Fem5nlO3Rl3FDoafRvSQNZiqyOlObvKbbYh/S2
L7ihEMMNYQJBAMaeLnAc9jO/z4ApTqSBGUpM9b7ul16aSgq56saUI0VULIZcXeo3
3BwdL2fEOOnzjNy6NpH2BW63h/+2t7lV++8CQQDK+S+1Sr0uKtx0Iv1YRkHEJMW3
vQbxldNS8wnOf6s0GisVcZubsTkkPLWWuiaf1ln9xMc9106gRmAI2PgyRVHBAkA6
iI+C9uYP5i1Oxd2pWWqMnRWnSUVO2gWMF7J7B1lFq0Lb7gi3Z/L0Th2UZR2oxN/0
hORkK676LBhmYgDPG+n9AkAJOnPIFQVAEBAO9bAxFrje8z6GRt332IlgxuiTeDE3
EAlH9tmZma4Tri4sWnhJwCsxl+5hWamI8NL4EIeXRvPw
MIIEpQIBAAKCAQEA5+OwETm917hxPTtzE05OA5eEoQ6aFqqHIVqfKb3p8BLmpLmH
tqT/ebYL6QrXg23Zz1Tb0Q/qWWHrZRtTrwVJDG1wE2OlN9l9V8bK3LAtSNpuG71d
s0kp8Z2u70lONMlAkiwLz5H+GyJpldAEW3/8ShKQ/b01uxOn7OX70+7R8VtPUPsB
WF5GftpZNzzhKaO9xoJsdPalA5zG/ArbkJokw6Djey1SMaCl7hcc7vy+hZrzNmTe
CVRIq4g0L1CnzvmCaN0Sc3IM2YsO1ur0HoWNOm2ls7Y8sSpoicuAeIQizFJzyeEm
jENQYoYfSwy70UzR7PQRK48+o9Ndk8cA8wunRwIDAQABAoIBAC1PumnDRKtQaSAz
66qMFIZzJwFpnwZqz/jegldfusSkjNkHP9OarikUP4OMEMynvHXc+Q8C8yIAFkUt
b861U67P+6RuRiyBnRJ3z9ALxO2FcRqOiC6uTzndO/+Z7WQ3Jxzo6m3m8yZONR+H
BDL08VFwC1DplgQ2NQv/bJPfCLsGY0ckKJ02Wu/CqVKG0xhTAKU4CRv8fNpdI9n9
3N+oHnh9ZvuEzB19Mj60AsRxG6pCpnSsvHNvxDFnAxTZ3erv/z9NGCkIJ/EXkHSr
Bm9VtfHocvIHSOrePgUD51wjCj0JdPHijiInNoy3BkMBJjIBV7F7hCYhPNKVc1TM
zjniSaECgYEA/58NmMQGi0plPiWB0eRxcwUEfhbBf9npVag5aowDlSLhkXXGhA8K
RbFIkedjv43usLqS7Nn0SxrPoFH/gGFjxFUxZMh3bhIYYZ05NyC1WN7Gsd8OWg4J
iRqd2HNG74Il6DCOX/PCi94ihOIhjI1FnONPafeXCpzELPLYbOJrn48CgYEA6Dui
VB8jZJAut5J3qKfJzTXS4n49mrsSrHogOixZgdJ8j+8EN//v+q/oYa4VBASKYZpD
EQvyfT35xwDXZU2PyBYQCsgedsXby+LnxVcg5q6a+yNBHVOfWxI5NBLx1ANLF2L1
dYofcHAgiPo47JgJu2Xvi599zTMIg8je2GEOoMkCgYEA+HHNlEoKFj2zkyh/OdJv
lZwt1qMlZK8WQ2OiknUNUlk5pdgznszDbiM15mFgKKC5elmMTdo0vv6LCEZKL6v4
fK1UuaDBu2CpA878+iC3QW4c7mpel5aHHBObkPHR4x263Ca9anMQBkNbh44Fj4cL
PsYLvHGhAvaFES7ivUl/0u8CgYEAkq9QGhhM77EOgQ73m8TXd1He8QbR/JDa+6xr
/LKUmqaL3RIYtRJozwwbGM+vIImJqpqYcAT+1lK2GReT9b2m6rfczCKY82aILWEW
ChS9iFeTNruO3mo6RnjdPuIUc1jdLlloNyTWNNvuAPcjy3VA+GgrhSJpgJoSb8MJ
1tx/M9kCgYEAt+W8W71pFg8cf3VdYjgDhqOJVzINztVSkHRwpkqTchhNo+22WrRc
Bzd56Q2/6Bm8P4EuTZQF9bY7YSk1y2kXQQNx9VyBA9RnQUvtb+LCny9P5TK328jc
wwHeCcodiHe+aCM8t0bU8I0k5xRuX18m9Dml0IL0rvDSlj3+tYorrJs=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICsDCCAhmgAwIBAgIJAI7G7a/d5YwEMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTAwMjAyMDM0MTExWhcNMTEwMjAyMDM0MTExWjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQC+6rG6A/BGD0dI+mh2FZIqQZn82z/pGs4f3pyxbHb+ROxjjQOrfDCw2jc11XDx
K7CXpDQAnkO6au/sQ5t50vSZ+PGhFD+t558VV2ausB5OYZsR7RRxgl1jsxWdde3E
HGjxSK+aXRgFpVrZzPLSy6dl8tMoqUMWIBi0u1WTbmyYjwIDAQABo4GnMIGkMB0G
A1UdDgQWBBS+MFJTsriCPNYsj8/4f+PympPEkzB1BgNVHSMEbjBsgBS+MFJTsriC
PNYsj8/4f+PympPEk6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAI7G7a/d
5YwEMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAlpan/QX2fpXVRihV
lQic2DktF4xd5unrZnFC8X8ScNX1ClU+AO79ejaobt4YGjeVYs0iQQsUL2E0G43c
mOXfsq1b970Ep6xRS76EmZ+tTdFBd86tFTIhZJrOi67gs+twj5V2elyp3tQpg2ze
G/jwDQS8V1X9CbfqBQriL7x5Tk4=
MIICYDCCAckCAQEwDQYJKoZIhvcNAQEFBQAwKDESMBAGA1UEAxMJbWl0bXByb3h5
MRIwEAYDVQQKEwltaXRtcHJveHkwHhcNMTMwMTIwMDg1MDEwWhcNMTUxMDE3MDg1
MDEwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UE
ChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA5+OwETm917hxPTtzE05OA5eEoQ6aFqqHIVqfKb3p8BLmpLmH
tqT/ebYL6QrXg23Zz1Tb0Q/qWWHrZRtTrwVJDG1wE2OlN9l9V8bK3LAtSNpuG71d
s0kp8Z2u70lONMlAkiwLz5H+GyJpldAEW3/8ShKQ/b01uxOn7OX70+7R8VtPUPsB
WF5GftpZNzzhKaO9xoJsdPalA5zG/ArbkJokw6Djey1SMaCl7hcc7vy+hZrzNmTe
CVRIq4g0L1CnzvmCaN0Sc3IM2YsO1ur0HoWNOm2ls7Y8sSpoicuAeIQizFJzyeEm
jENQYoYfSwy70UzR7PQRK48+o9Ndk8cA8wunRwIDAQABMA0GCSqGSIb3DQEBBQUA
A4GBAMF+bvgrGUpaMGgE8/NfVWLpYD62cl9+5Tq5l52UZ5LC1NZLcQxtHzRJe1Vs
YYxNRRSe9C2UKq6/t8wA40nXAlBwQl2LbfgJn3M8+jFUb89QCvHptcfZhDd63My4
eA8L5ciHfbEu6YuG1Oh+iJZ4+yXegiJtMr4pBYC4EvMwmi/N
-----END CERTIFICATE-----

5
test/data/clientcert/client.cnf Normal file
View File

@ -0,0 +1,5 @@
[ ssl_client ]
basicConstraints = CA:FALSE
nsCertType = client
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth

42
test/data/clientcert/client.pem Normal file
View File

@ -0,0 +1,42 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvePcOuHOLzXSNGmunF+adQIsFIVx5F40WmvtLPiuV2mrcJyY
lMvluOk36Yf39jIUlAqP5y2JvzoPI3BAEZHFt4taIe3LrDddolsyzcAWcyQD9ow1
eTfuF7wIMgi0TY27Azvu602CGZWdlteGiKanaEOn6nsoDZEIxCK4TnaNFFDQSXRq
/9+1X5AsHmaaaUJd+uGhWOfBLuXEDuURGHtnD4TKMpKupS0BX6X5J9QXKNiMQe0B
8T8o196+1gl/wsYyTzESUV1YWe5kAEsqAWZvmLee5+16DIV/CUVk4OS9Ny/fCZY1
wxvCnUankHNTJtcgNPZ9s1c1MD1NIKrI3NekdwIDAQABAoIBAEKESAgEQ0J8Wvbr
MjQqtSNZsHE70YqKiVJHThybvA54wIpBAJ3W0tC0OVa/v1dpcZXuITx80iy/PMBQ
ONEuvBCwatFJyDe6aT1PLvut1u9cZVr/AFhHBEsiHcjRDb/A7wqR+v5H91PY+gv1
0XWa0zeNw4s6uuwNqwFxnBg4JPFBRx2C//ds9qiySqoBeElAtZ0kP5t+6hwJ32pn
gA1ZSBVBJUjt3Mgq9Rb1AT+lcWULbX0vHr4YzBeO15sTIOlcxxeKD6tWCdc4/0DQ
L6BefU9FC0xjq7xB7KgGGWiGJvo86YBL520jpXs7oOoIcufWab5Fj1I9klDWAd9d
0M1GdfkCgYEA55pi+avXZxHZ3yr/PR0C5eABFlM1P+u76BkadCxUetndrLEjQKNT
q5aMEGYFPt4zt12MeFmp9PH9N7dLZC4pKMtxl59vugoZtg3Qmnsv7I91dJL6qP1h
SaeQkR+eZXDydlXJYE+v/IArbSraby/p2ja1HNeY5kZrLYKq36guTJMCgYEA0eSa
qkA0zG2pPQjbesBgn5flS9pkGssyveHMUz9khH8l+jYBoFJMFw9/iiokkHjNDzqR
2WkcAiuiCq8Qwt3Y7Pa9AFmRlbvMn3mVMjcdl6KhFwNSSuNA9/jdXlBZw0eQAmui
usmkU4ZDAMsJUYL2CwGkWbwkUGF7Sq3kygaU2w0CgYBoOeUywK+WNcVblij5IrYs
Jwu2NUnwczDD+ZAbGdwG0UbeMXVQ4G+F96EevBq+ORcC/Pl7K7a9ga1XxogKFG/3
aN68wkZwbZ02fa8T5j4h8kmEZaSiKiz/DYaUmKsasaKbuG2AhzwGoNNqNG/Ku8A8
sIP+79NiRexztasaLcBwOwKBgQC6hr7QJ+kD9zxcKj/qMYZsra8vHrCxgvzf9AcB
wCdS/C/C0TXWxOwr3jEIlvURktkg/Hray+cBIseJWRS7KC38QDWsVuzjNRbebk0h
aAubUwJ3khMSzCxTck0/4IY03abkD8V423N2aq2mycjJMGn5VAc7W9ClwkuwDSNy
SjEFDQKBgEuTzRXhBql1ZLMZlephjYXe0Q2Q9JBX9hbZ+EC+nxqa1of1lQeVRMGV
fGLgxHmts5NkUCCon+/XPF4F/Lv+YsHDg5J7Evwy80GU4LkkM8NdGy6RbT1Rof7U
9+q66ntLWnzI5nWaUjg6qyJ7hx+IVynmK/F22WhbuJ5iqFEFnSQ/
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICYDCCAckCAQEwDQYJKoZIhvcNAQEFBQAwKDESMBAGA1UEAxMJbWl0bXByb3h5
MRIwEAYDVQQKEwltaXRtcHJveHkwHhcNMTMwMTIwMDg0OTM5WhcNMTUxMDE3MDg0
OTM5WjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UE
ChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAvePcOuHOLzXSNGmunF+adQIsFIVx5F40WmvtLPiuV2mrcJyY
lMvluOk36Yf39jIUlAqP5y2JvzoPI3BAEZHFt4taIe3LrDddolsyzcAWcyQD9ow1
eTfuF7wIMgi0TY27Azvu602CGZWdlteGiKanaEOn6nsoDZEIxCK4TnaNFFDQSXRq
/9+1X5AsHmaaaUJd+uGhWOfBLuXEDuURGHtnD4TKMpKupS0BX6X5J9QXKNiMQe0B
8T8o196+1gl/wsYyTzESUV1YWe5kAEsqAWZvmLee5+16DIV/CUVk4OS9Ny/fCZY1
wxvCnUankHNTJtcgNPZ9s1c1MD1NIKrI3NekdwIDAQABMA0GCSqGSIb3DQEBBQUA
A4GBAM9i0K4Sffaofi/k9QT7GJKWqmQKQVJoueC8ZZvkHRbUoOexIPnKduCzgreZ
M+QCteZHXT0UEMjscm5MuiF+/32sVGsF1aCPWc1esggpuLkhWtxjJtA9d1PE4xjt
z3+hyF+/tAkSVwVtj2WouczBY9HULP2uR1G19DwOJwIaup1Q
-----END CERTIFICATE-----

8
test/data/clientcert/make Executable file
View File

@ -0,0 +1,8 @@
#!/bin/sh
openssl genrsa -out client.key 2048
openssl req -key client.key -new -out client.req
openssl x509 -req -days 365 -in client.req -signkey client.key -out client.crt -extfile client.cnf -extensions ssl_client
openssl x509 -req -days 1000 -in client.req -CA ~/.mitmproxy/mitmproxy-ca.pem -CAkey ~/.mitmproxy/mitmproxy-ca.pem -set_serial 00001 -out client.crt -extensions ssl_client
cat client.key client.crt > 127.0.0.1.pem
openssl x509 -text -noout -in 127.0.0.1.pem

5
test/test_server.py
View File

@ -71,9 +71,10 @@ class TestHTTP(tutils.HTTPProxTest, SanityMixin):
class TestHTTPS(tutils.HTTPProxTest, SanityMixin):
ssl = True
# FIXME: Instrument pathod to actually test that client cert is being sent
# correctly.
clientcerts = True
def test_clientcert(self):
f = self.pathod("304")
assert self.last_log()["request"]["clientcert"]["keyinfo"]
class TestReverse(tutils.ReverseProxTest, SanityMixin):

5
test/tutils.py
View File

@ -116,9 +116,8 @@ class ProxTestBase:
"""
return self.server.urlbase
def log(self):
pthread = self.proxy
return pthread.tmaster.log
def last_log(self):
return self.server.last_log()
class HTTPProxTest(ProxTestBase):