xref: /unit/test/unit/applications/tls.py (revision 2066:242192963d93)
11100Szelenkov@nginx.comimport os
21019Szelenkov@nginx.comimport ssl
31019Szelenkov@nginx.comimport subprocess
41477Szelenkov@nginx.com
51019Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto
61730Szelenkov@nginx.comfrom unit.option import option
71019Szelenkov@nginx.com
81019Szelenkov@nginx.com
91019Szelenkov@nginx.comclass TestApplicationTLS(TestApplicationProto):
101596Szelenkov@nginx.com    def setup_method(self):
111019Szelenkov@nginx.com        self.context = ssl.create_default_context()
121019Szelenkov@nginx.com        self.context.check_hostname = False
131019Szelenkov@nginx.com        self.context.verify_mode = ssl.CERT_NONE
141019Szelenkov@nginx.com
151019Szelenkov@nginx.com    def certificate(self, name='default', load=True):
161100Szelenkov@nginx.com        self.openssl_conf()
171100Szelenkov@nginx.com
18*2004Szelenkov@nginx.com        subprocess.check_output(
191019Szelenkov@nginx.com            [
201019Szelenkov@nginx.com                'openssl',
211019Szelenkov@nginx.com                'req',
221019Szelenkov@nginx.com                '-x509',
231019Szelenkov@nginx.com                '-new',
241848Szelenkov@nginx.com                '-subj',
251848Szelenkov@nginx.com                '/CN=' + name + '/',
261848Szelenkov@nginx.com                '-config',
271848Szelenkov@nginx.com                option.temp_dir + '/openssl.conf',
281848Szelenkov@nginx.com                '-out',
291848Szelenkov@nginx.com                option.temp_dir + '/' + name + '.crt',
301848Szelenkov@nginx.com                '-keyout',
311848Szelenkov@nginx.com                option.temp_dir + '/' + name + '.key',
321388Szelenkov@nginx.com            ],
331388Szelenkov@nginx.com            stderr=subprocess.STDOUT,
341019Szelenkov@nginx.com        )
351019Szelenkov@nginx.com
361019Szelenkov@nginx.com        if load:
371019Szelenkov@nginx.com            self.certificate_load(name)
381019Szelenkov@nginx.com
391019Szelenkov@nginx.com    def certificate_load(self, crt, key=None):
401019Szelenkov@nginx.com        if key is None:
411019Szelenkov@nginx.com            key = crt
421019Szelenkov@nginx.com
431654Szelenkov@nginx.com        key_path = option.temp_dir + '/' + key + '.key'
441654Szelenkov@nginx.com        crt_path = option.temp_dir + '/' + crt + '.crt'
451019Szelenkov@nginx.com
461019Szelenkov@nginx.com        with open(key_path, 'rb') as k, open(crt_path, 'rb') as c:
471019Szelenkov@nginx.com            return self.conf(k.read() + c.read(), '/certificates/' + crt)
481019Szelenkov@nginx.com
491019Szelenkov@nginx.com    def get_ssl(self, **kwargs):
501019Szelenkov@nginx.com        return self.get(wrapper=self.context.wrap_socket, **kwargs)
511019Szelenkov@nginx.com
521019Szelenkov@nginx.com    def post_ssl(self, **kwargs):
531019Szelenkov@nginx.com        return self.post(wrapper=self.context.wrap_socket, **kwargs)
541019Szelenkov@nginx.com
551843Szelenkov@nginx.com    def openssl_conf(self, rewrite=False, alt_names=[]):
561654Szelenkov@nginx.com        conf_path = option.temp_dir + '/openssl.conf'
571019Szelenkov@nginx.com
581843Szelenkov@nginx.com        if not rewrite and os.path.exists(conf_path):
591100Szelenkov@nginx.com            return
601019Szelenkov@nginx.com
611843Szelenkov@nginx.com        # Generates alt_names section with dns names
621843Szelenkov@nginx.com        a_names = "[alt_names]\n"
631843Szelenkov@nginx.com        for i, k in enumerate(alt_names, 1):
641866Szelenkov@nginx.com            k = k.split('|')
651843Szelenkov@nginx.com
661866Szelenkov@nginx.com            if k[0] == 'IP':
671866Szelenkov@nginx.com                a_names += "IP.%d = %s\n" % (i, k[1])
681866Szelenkov@nginx.com            else:
691866Szelenkov@nginx.com                a_names += "DNS.%d = %s\n" % (i, k[0])
701866Szelenkov@nginx.com
711866Szelenkov@nginx.com        # Generates section for sign request extension
721848Szelenkov@nginx.com        a_sec = """req_extensions = myca_req_extensions
731843Szelenkov@nginx.com
741843Szelenkov@nginx.com[ myca_req_extensions ]
751843Szelenkov@nginx.comsubjectAltName = @alt_names
761843Szelenkov@nginx.com
771848Szelenkov@nginx.com{a_names}""".format(
781848Szelenkov@nginx.com            a_names=a_names
791848Szelenkov@nginx.com        )
801843Szelenkov@nginx.com
811100Szelenkov@nginx.com        with open(conf_path, 'w') as f:
821019Szelenkov@nginx.com            f.write(
831019Szelenkov@nginx.com                """[ req ]
841093Szelenkov@nginx.comdefault_bits = 2048
851019Szelenkov@nginx.comencrypt_key = no
861019Szelenkov@nginx.comdistinguished_name = req_distinguished_name
871843Szelenkov@nginx.com
881843Szelenkov@nginx.com{a_sec}
891848Szelenkov@nginx.com[ req_distinguished_name ]""".format(
901848Szelenkov@nginx.com                    a_sec=a_sec if alt_names else ""
911848Szelenkov@nginx.com                )
921019Szelenkov@nginx.com            )
931019Szelenkov@nginx.com
941100Szelenkov@nginx.com    def load(self, script, name=None):
951100Szelenkov@nginx.com        if name is None:
961100Szelenkov@nginx.com            name = script
971100Szelenkov@nginx.com
981596Szelenkov@nginx.com        script_path = option.test_dir + '/python/' + script
991019Szelenkov@nginx.com
1001099Szelenkov@nginx.com        self._load_conf(
1011019Szelenkov@nginx.com            {
1021041Svbart@nginx.com                "listeners": {"*:7080": {"pass": "applications/" + name}},
1031019Szelenkov@nginx.com                "applications": {
1041019Szelenkov@nginx.com                    name: {
1051019Szelenkov@nginx.com                        "type": "python",
1061019Szelenkov@nginx.com                        "processes": {"spare": 0},
1071019Szelenkov@nginx.com                        "path": script_path,
1081019Szelenkov@nginx.com                        "working_directory": script_path,
1091019Szelenkov@nginx.com                        "module": "wsgi",
1101019Szelenkov@nginx.com                    }
1111019Szelenkov@nginx.com                },
1121019Szelenkov@nginx.com            }
1131019Szelenkov@nginx.com        )
114