Rudimentary testing for client certs.

2013-01-18 17:08:30 +13:00 · 2013-01-18 17:08:30 +13:00 · 6600c589ab
parent 0f406e9daa
commit 6600c589ab
5 changed files with 41 additions and 2 deletions
--- a/libmproxy/flow.py
+++ b/libmproxy/flow.py
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@ -85,7 +85,7 @@ class ServerConnection(tcp.TCPClient):
        if scheme == "https":
            clientcert = None
            if self.config.clientcerts:
-                path = os.path.join(self.config.clientcerts, self.host) + ".pem"
+                path = os.path.join(self.config.clientcerts, self.host.encode("idna")) + ".pem"
                if os.path.exists(path):
                    clientcert = path
            try:
--- a/test/data/clientcert/127.0.0.1.pem
+++ b/test/data/clientcert/127.0.0.1.pem
@ -0,0 +1,32 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC+6rG6A/BGD0dI+mh2FZIqQZn82z/pGs4f3pyxbHb+ROxjjQOr
+fDCw2jc11XDxK7CXpDQAnkO6au/sQ5t50vSZ+PGhFD+t558VV2ausB5OYZsR7RRx
+gl1jsxWdde3EHGjxSK+aXRgFpVrZzPLSy6dl8tMoqUMWIBi0u1WTbmyYjwIDAQAB
+AoGBAKyqhmK9/Sjf2JDgKGnjyHX/Ls3JXVvtqk6Yfw7YEiaVH1ZJyu/lOgQ414YQ
+rDzyTpxXHdERUh/fZ24/FvZvHFgy5gWEQjQPpprIxvqCLKJhX73L2+TnXmfYDApb
+J7V/JfnTeOaK9LTpHsofB98A1s9DWX/ccOgKTtZIYMjYpdoBAkEA9hLvtixbO2A2
+ZgDcA9ftVX2WwdpRH+mYXl1G60Fem5nlO3Rl3FDoafRvSQNZiqyOlObvKbbYh/S2
+L7ihEMMNYQJBAMaeLnAc9jO/z4ApTqSBGUpM9b7ul16aSgq56saUI0VULIZcXeo3
+3BwdL2fEOOnzjNy6NpH2BW63h/+2t7lV++8CQQDK+S+1Sr0uKtx0Iv1YRkHEJMW3
+vQbxldNS8wnOf6s0GisVcZubsTkkPLWWuiaf1ln9xMc9106gRmAI2PgyRVHBAkA6
+iI+C9uYP5i1Oxd2pWWqMnRWnSUVO2gWMF7J7B1lFq0Lb7gi3Z/L0Th2UZR2oxN/0
+hORkK676LBhmYgDPG+n9AkAJOnPIFQVAEBAO9bAxFrje8z6GRt332IlgxuiTeDE3
+EAlH9tmZma4Tri4sWnhJwCsxl+5hWamI8NL4EIeXRvPw
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICsDCCAhmgAwIBAgIJAI7G7a/d5YwEMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTAwMjAyMDM0MTExWhcNMTEwMjAyMDM0MTExWjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQC+6rG6A/BGD0dI+mh2FZIqQZn82z/pGs4f3pyxbHb+ROxjjQOrfDCw2jc11XDx
+K7CXpDQAnkO6au/sQ5t50vSZ+PGhFD+t558VV2ausB5OYZsR7RRxgl1jsxWdde3E
+HGjxSK+aXRgFpVrZzPLSy6dl8tMoqUMWIBi0u1WTbmyYjwIDAQABo4GnMIGkMB0G
+A1UdDgQWBBS+MFJTsriCPNYsj8/4f+PympPEkzB1BgNVHSMEbjBsgBS+MFJTsriC
+PNYsj8/4f+PympPEk6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
+U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAI7G7a/d
+5YwEMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAlpan/QX2fpXVRihV
+lQic2DktF4xd5unrZnFC8X8ScNX1ClU+AO79ejaobt4YGjeVYs0iQQsUL2E0G43c
+mOXfsq1b970Ep6xRS76EmZ+tTdFBd86tFTIhZJrOi67gs+twj5V2elyp3tQpg2ze
+G/jwDQS8V1X9CbfqBQriL7x5Tk4=
+-----END CERTIFICATE-----
--- a/test/test_server.py
+++ b/test/test_server.py
@ -71,6 +71,9 @@ class TestHTTP(tutils.HTTPProxTest, SanityMixin):

 class TestHTTPS(tutils.HTTPProxTest, SanityMixin):
    ssl = True
+    # FIXME: Instrument pathod to actually test that client cert is being sent
+    # correctly.
+    clientcerts = True


 class TestReverse(tutils.ReverseProxTest, SanityMixin):
--- a/test/tutils.py
+++ b/test/tutils.py
@ -123,9 +123,13 @@ class ProxTestBase:

 class HTTPProxTest(ProxTestBase):
    ssl = None
+    clientcerts = False
    @classmethod
    def get_proxy_config(cls):
-        return dict()
+        d = dict()
+        if cls.clientcerts:
+            d["clientcerts"] = test_data.path("data/clientcert")
+        return d

    def pathoc(self, connect_to = None):
        p = libpathod.pathoc.Pathoc("localhost", self.proxy.port)