Merge pull request #3382 from abhigyank/org

Change variable o to organization for generated certficates.
This commit is contained in:
Thomas Kriechbaumer 2018-11-12 09:34:16 +01:00 committed by GitHub
commit 6f893a83c0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 21 deletions

View File

@ -36,14 +36,14 @@ rD693XKIHUCWOjMh1if6omGXKHH40QuME2gNa50+YPn1iYDl88uDbbMCAQI=
"""
def create_ca(o, cn, exp):
def create_ca(organization, cn, exp):
key = OpenSSL.crypto.PKey()
key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
cert = OpenSSL.crypto.X509()
cert.set_serial_number(int(time.time() * 10000))
cert.set_version(2)
cert.get_subject().CN = cn
cert.get_subject().O = o
cert.get_subject().O = organization
cert.gmtime_adj_notBefore(-3600 * 48)
cert.gmtime_adj_notAfter(exp)
cert.set_issuer(cert.get_subject())
@ -80,7 +80,7 @@ def create_ca(o, cn, exp):
return key, cert
def dummy_cert(privkey, cacert, commonname, sans, o):
def dummy_cert(privkey, cacert, commonname, sans, organization):
"""
Generates a dummy certificate.
@ -88,7 +88,7 @@ def dummy_cert(privkey, cacert, commonname, sans, o):
cacert: CA certificate
commonname: Common name for the generated certificate.
sans: A list of Subject Alternate Names.
o: Organization name for the generated certificate.
organization: Organization name for the generated certificate.
Returns cert if operation succeeded, None if not.
"""
@ -108,8 +108,8 @@ def dummy_cert(privkey, cacert, commonname, sans, o):
cert.set_issuer(cacert.get_subject())
if commonname is not None and len(commonname) < 64:
cert.get_subject().CN = commonname
if o is not None:
cert.get_subject().O = o
if organization is not None:
cert.get_subject().O = organization
cert.set_serial_number(int(time.time() * 10000))
if ss:
cert.set_version(2)
@ -215,14 +215,14 @@ class CertStore:
os.umask(original_umask)
@staticmethod
def create_store(path, basename, o=None, cn=None, expiry=DEFAULT_EXP):
def create_store(path, basename, organization=None, cn=None, expiry=DEFAULT_EXP):
if not os.path.exists(path):
os.makedirs(path)
o = o or basename
organization = organization or basename
cn = cn or basename
key, ca = create_ca(o=o, cn=cn, exp=expiry)
key, ca = create_ca(organization=organization, cn=cn, exp=expiry)
# Dump the CA plus private key
with CertStore.umask_secret(), open(os.path.join(path, basename + "-ca.pem"), "wb") as f:
f.write(
@ -308,7 +308,7 @@ class CertStore:
ret.append(b"*." + b".".join(parts[i:]))
return ret
def get_cert(self, commonname: typing.Optional[bytes], sans: typing.List[bytes], o: typing.Optional[bytes] = None):
def get_cert(self, commonname: typing.Optional[bytes], sans: typing.List[bytes], organization: typing.Optional[bytes] = None):
"""
Returns an (cert, privkey, cert_chain) tuple.
@ -317,7 +317,7 @@ class CertStore:
sans: A list of Subject Alternate Names.
o: Organization name for the generated certificate.
organization: Organization name for the generated certificate.
"""
potential_keys: typing.List[TCertId] = []
@ -341,7 +341,7 @@ class CertStore:
self.default_ca,
commonname,
sans,
o),
organization),
privatekey=self.default_privatekey,
chain_file=self.default_chain_file)
self.certs[(commonname, tuple(sans))] = entry
@ -454,7 +454,7 @@ class Cert(serializable.Serializable):
return c
@property
def o(self):
def organization(self):
c = None
for i in self.subject:
if i[0] == b"O":

View File

@ -464,12 +464,12 @@ class TlsLayer(base.Layer):
def _find_cert(self):
"""
This function determines the Common Name (CN) and Subject Alternative Names (SANs)
This function determines the Common Name (CN), Subject Alternative Names (SANs) and Organization Name
our certificate should have and then fetches a matching cert from the certstore.
"""
host = None
sans = set()
o = None
organization = None
# In normal operation, the server address should always be known at this point.
# However, we may just want to establish TLS so that we can send an error message to the client,
@ -489,8 +489,8 @@ class TlsLayer(base.Layer):
if upstream_cert.cn:
sans.add(host)
host = upstream_cert.cn.decode("utf8").encode("idna")
if upstream_cert.o:
o = upstream_cert.o
if upstream_cert.organization:
organization = upstream_cert.organization
# Also add SNI values.
if self._client_hello.sni:
sans.add(self._client_hello.sni.encode("idna"))
@ -501,4 +501,4 @@ class TlsLayer(base.Layer):
# In other words, the Common Name is irrelevant then.
if host:
sans.add(host)
return self.config.certstore.get_cert(host, list(sans), o)
return self.config.certstore.get_cert(host, list(sans), organization)

View File

@ -134,7 +134,7 @@ class TestDummyCert:
)
assert r.cn == b"foo.com"
assert r.altnames == [b'one.com', b'two.com', b'*.three.com']
assert r.o == b"Foo Ltd."
assert r.organization == b"Foo Ltd."
r = certs.dummy_cert(
ca.default_privatekey,
@ -144,7 +144,7 @@ class TestDummyCert:
None
)
assert r.cn is None
assert r.o is None
assert r.organization is None
assert r.altnames == []
@ -156,7 +156,7 @@ class TestCert:
c1 = certs.Cert.from_pem(d)
assert c1.cn == b"google.com"
assert len(c1.altnames) == 436
assert c1.o == b"Google Inc"
assert c1.organization == b"Google Inc"
with open(tdata.path("mitmproxy/net/data/text_cert_2"), "rb") as f:
d = f.read()