11019Szelenkov@nginx.comimport ssl 21019Szelenkov@nginx.comimport subprocess 31019Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto 41019Szelenkov@nginx.com 51019Szelenkov@nginx.com 61019Szelenkov@nginx.comclass TestApplicationTLS(TestApplicationProto): 71019Szelenkov@nginx.com def __init__(self, test): 81019Szelenkov@nginx.com super().__init__(test) 91019Szelenkov@nginx.com 101019Szelenkov@nginx.com self.context = ssl.create_default_context() 111019Szelenkov@nginx.com self.context.check_hostname = False 121019Szelenkov@nginx.com self.context.verify_mode = ssl.CERT_NONE 131019Szelenkov@nginx.com 141019Szelenkov@nginx.com def certificate(self, name='default', load=True): 151019Szelenkov@nginx.com subprocess.call( 161019Szelenkov@nginx.com [ 171019Szelenkov@nginx.com 'openssl', 181019Szelenkov@nginx.com 'req', 191019Szelenkov@nginx.com '-x509', 201019Szelenkov@nginx.com '-new', 211019Szelenkov@nginx.com '-subj', '/CN=' + name + '/', 221019Szelenkov@nginx.com '-config', self.testdir + '/openssl.conf', 231019Szelenkov@nginx.com '-out', self.testdir + '/' + name + '.crt', 241019Szelenkov@nginx.com '-keyout', self.testdir + '/' + name + '.key', 251019Szelenkov@nginx.com ] 261019Szelenkov@nginx.com ) 271019Szelenkov@nginx.com 281019Szelenkov@nginx.com if load: 291019Szelenkov@nginx.com self.certificate_load(name) 301019Szelenkov@nginx.com 311019Szelenkov@nginx.com def certificate_load(self, crt, key=None): 321019Szelenkov@nginx.com if key is None: 331019Szelenkov@nginx.com key = crt 341019Szelenkov@nginx.com 351019Szelenkov@nginx.com key_path = self.testdir + '/' + key + '.key' 361019Szelenkov@nginx.com crt_path = self.testdir + '/' + crt + '.crt' 371019Szelenkov@nginx.com 381019Szelenkov@nginx.com with open(key_path, 'rb') as k, open(crt_path, 'rb') as c: 391019Szelenkov@nginx.com return self.conf(k.read() + c.read(), '/certificates/' + crt) 401019Szelenkov@nginx.com 411019Szelenkov@nginx.com def get_ssl(self, **kwargs): 421019Szelenkov@nginx.com return self.get(wrapper=self.context.wrap_socket, **kwargs) 431019Szelenkov@nginx.com 441019Szelenkov@nginx.com def post_ssl(self, **kwargs): 451019Szelenkov@nginx.com return self.post(wrapper=self.context.wrap_socket, **kwargs) 461019Szelenkov@nginx.com 471019Szelenkov@nginx.com def get_server_certificate(self, addr=('127.0.0.1', 7080)): 481019Szelenkov@nginx.com 491019Szelenkov@nginx.com ssl_list = dir(ssl) 501019Szelenkov@nginx.com 511019Szelenkov@nginx.com if 'PROTOCOL_TLS' in ssl_list: 521019Szelenkov@nginx.com ssl_version = ssl.PROTOCOL_TLS 531019Szelenkov@nginx.com 541019Szelenkov@nginx.com elif 'PROTOCOL_TLSv1_2' in ssl_list: 551019Szelenkov@nginx.com ssl_version = ssl.PROTOCOL_TLSv1_2 561019Szelenkov@nginx.com 571019Szelenkov@nginx.com else: 581019Szelenkov@nginx.com ssl_version = ssl.PROTOCOL_TLSv1_1 591019Szelenkov@nginx.com 601019Szelenkov@nginx.com return ssl.get_server_certificate(addr, ssl_version=ssl_version) 611019Szelenkov@nginx.com 621019Szelenkov@nginx.com def load(self, script, name=None): 631019Szelenkov@nginx.com if name is None: 641019Szelenkov@nginx.com name = script 651019Szelenkov@nginx.com 661019Szelenkov@nginx.com # create default openssl configuration 671019Szelenkov@nginx.com 681019Szelenkov@nginx.com with open(self.testdir + '/openssl.conf', 'w') as f: 691019Szelenkov@nginx.com f.write( 701019Szelenkov@nginx.com """[ req ] 711019Szelenkov@nginx.comdefault_bits = 1024 721019Szelenkov@nginx.comencrypt_key = no 731019Szelenkov@nginx.comdistinguished_name = req_distinguished_name 741019Szelenkov@nginx.com[ req_distinguished_name ]""" 751019Szelenkov@nginx.com ) 761019Szelenkov@nginx.com 771019Szelenkov@nginx.com script_path = self.current_dir + '/python/' + script 781019Szelenkov@nginx.com 791019Szelenkov@nginx.com self.conf( 801019Szelenkov@nginx.com { 81*1041Svbart@nginx.com "listeners": {"*:7080": {"pass": "applications/" + name}}, 821019Szelenkov@nginx.com "applications": { 831019Szelenkov@nginx.com name: { 841019Szelenkov@nginx.com "type": "python", 851019Szelenkov@nginx.com "processes": {"spare": 0}, 861019Szelenkov@nginx.com "path": script_path, 871019Szelenkov@nginx.com "working_directory": script_path, 881019Szelenkov@nginx.com "module": "wsgi", 891019Szelenkov@nginx.com } 901019Szelenkov@nginx.com }, 911019Szelenkov@nginx.com } 921019Szelenkov@nginx.com ) 93