From 6600c589abec204a2282ffcf8566dde7e02307ae Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Fri, 18 Jan 2013 17:08:30 +1300 Subject: [PATCH] Rudimentary testing for client certs. --- libmproxy/flow.py | 0 libmproxy/proxy.py | 2 +- test/data/clientcert/127.0.0.1.pem | 32 ++++++++++++++++++++++++++++++ test/test_server.py | 3 +++ test/tutils.py | 6 +++++- 5 files changed, 41 insertions(+), 2 deletions(-) mode change 100755 => 100644 libmproxy/flow.py mode change 100755 => 100644 libmproxy/proxy.py create mode 100644 test/data/clientcert/127.0.0.1.pem diff --git a/libmproxy/flow.py b/libmproxy/flow.py old mode 100755 new mode 100644 diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py old mode 100755 new mode 100644 index db29f65ad..036d26d32 --- a/libmproxy/proxy.py +++ b/libmproxy/proxy.py @@ -85,7 +85,7 @@ class ServerConnection(tcp.TCPClient): if scheme == "https": clientcert = None if self.config.clientcerts: - path = os.path.join(self.config.clientcerts, self.host) + ".pem" + path = os.path.join(self.config.clientcerts, self.host.encode("idna")) + ".pem" if os.path.exists(path): clientcert = path try: diff --git a/test/data/clientcert/127.0.0.1.pem b/test/data/clientcert/127.0.0.1.pem new file mode 100644 index 000000000..af8d9d8f6 --- /dev/null +++ b/test/data/clientcert/127.0.0.1.pem @@ -0,0 +1,32 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQC+6rG6A/BGD0dI+mh2FZIqQZn82z/pGs4f3pyxbHb+ROxjjQOr +fDCw2jc11XDxK7CXpDQAnkO6au/sQ5t50vSZ+PGhFD+t558VV2ausB5OYZsR7RRx +gl1jsxWdde3EHGjxSK+aXRgFpVrZzPLSy6dl8tMoqUMWIBi0u1WTbmyYjwIDAQAB +AoGBAKyqhmK9/Sjf2JDgKGnjyHX/Ls3JXVvtqk6Yfw7YEiaVH1ZJyu/lOgQ414YQ +rDzyTpxXHdERUh/fZ24/FvZvHFgy5gWEQjQPpprIxvqCLKJhX73L2+TnXmfYDApb +J7V/JfnTeOaK9LTpHsofB98A1s9DWX/ccOgKTtZIYMjYpdoBAkEA9hLvtixbO2A2 +ZgDcA9ftVX2WwdpRH+mYXl1G60Fem5nlO3Rl3FDoafRvSQNZiqyOlObvKbbYh/S2 +L7ihEMMNYQJBAMaeLnAc9jO/z4ApTqSBGUpM9b7ul16aSgq56saUI0VULIZcXeo3 +3BwdL2fEOOnzjNy6NpH2BW63h/+2t7lV++8CQQDK+S+1Sr0uKtx0Iv1YRkHEJMW3 +vQbxldNS8wnOf6s0GisVcZubsTkkPLWWuiaf1ln9xMc9106gRmAI2PgyRVHBAkA6 +iI+C9uYP5i1Oxd2pWWqMnRWnSUVO2gWMF7J7B1lFq0Lb7gi3Z/L0Th2UZR2oxN/0 +hORkK676LBhmYgDPG+n9AkAJOnPIFQVAEBAO9bAxFrje8z6GRt332IlgxuiTeDE3 +EAlH9tmZma4Tri4sWnhJwCsxl+5hWamI8NL4EIeXRvPw +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICsDCCAhmgAwIBAgIJAI7G7a/d5YwEMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMTAwMjAyMDM0MTExWhcNMTEwMjAyMDM0MTExWjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQC+6rG6A/BGD0dI+mh2FZIqQZn82z/pGs4f3pyxbHb+ROxjjQOrfDCw2jc11XDx +K7CXpDQAnkO6au/sQ5t50vSZ+PGhFD+t558VV2ausB5OYZsR7RRxgl1jsxWdde3E +HGjxSK+aXRgFpVrZzPLSy6dl8tMoqUMWIBi0u1WTbmyYjwIDAQABo4GnMIGkMB0G +A1UdDgQWBBS+MFJTsriCPNYsj8/4f+PympPEkzB1BgNVHSMEbjBsgBS+MFJTsriC +PNYsj8/4f+PympPEk6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt +U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAI7G7a/d +5YwEMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAlpan/QX2fpXVRihV +lQic2DktF4xd5unrZnFC8X8ScNX1ClU+AO79ejaobt4YGjeVYs0iQQsUL2E0G43c +mOXfsq1b970Ep6xRS76EmZ+tTdFBd86tFTIhZJrOi67gs+twj5V2elyp3tQpg2ze +G/jwDQS8V1X9CbfqBQriL7x5Tk4= +-----END CERTIFICATE----- diff --git a/test/test_server.py b/test/test_server.py index 558e7ccac..746476011 100644 --- a/test/test_server.py +++ b/test/test_server.py @@ -71,6 +71,9 @@ class TestHTTP(tutils.HTTPProxTest, SanityMixin): class TestHTTPS(tutils.HTTPProxTest, SanityMixin): ssl = True + # FIXME: Instrument pathod to actually test that client cert is being sent + # correctly. + clientcerts = True class TestReverse(tutils.ReverseProxTest, SanityMixin): diff --git a/test/tutils.py b/test/tutils.py index 9b5ac0f16..2dc4c090f 100644 --- a/test/tutils.py +++ b/test/tutils.py @@ -123,9 +123,13 @@ class ProxTestBase: class HTTPProxTest(ProxTestBase): ssl = None + clientcerts = False @classmethod def get_proxy_config(cls): - return dict() + d = dict() + if cls.clientcerts: + d["clientcerts"] = test_data.path("data/clientcert") + return d def pathoc(self, connect_to = None): p = libpathod.pathoc.Pathoc("localhost", self.proxy.port)