11100Szelenkov@nginx.comimport os 21019Szelenkov@nginx.comimport ssl 31019Szelenkov@nginx.comimport subprocess 41477Szelenkov@nginx.com 51019Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto 61730Szelenkov@nginx.comfrom unit.option import option 71019Szelenkov@nginx.com 81019Szelenkov@nginx.com 91019Szelenkov@nginx.comclass TestApplicationTLS(TestApplicationProto): 101596Szelenkov@nginx.com def setup_method(self): 111019Szelenkov@nginx.com self.context = ssl.create_default_context() 121019Szelenkov@nginx.com self.context.check_hostname = False 131019Szelenkov@nginx.com self.context.verify_mode = ssl.CERT_NONE 141019Szelenkov@nginx.com 151019Szelenkov@nginx.com def certificate(self, name='default', load=True): 161100Szelenkov@nginx.com self.openssl_conf() 171100Szelenkov@nginx.com 18*2004Szelenkov@nginx.com subprocess.check_output( 191019Szelenkov@nginx.com [ 201019Szelenkov@nginx.com 'openssl', 211019Szelenkov@nginx.com 'req', 221019Szelenkov@nginx.com '-x509', 231019Szelenkov@nginx.com '-new', 241848Szelenkov@nginx.com '-subj', 251848Szelenkov@nginx.com '/CN=' + name + '/', 261848Szelenkov@nginx.com '-config', 271848Szelenkov@nginx.com option.temp_dir + '/openssl.conf', 281848Szelenkov@nginx.com '-out', 291848Szelenkov@nginx.com option.temp_dir + '/' + name + '.crt', 301848Szelenkov@nginx.com '-keyout', 311848Szelenkov@nginx.com option.temp_dir + '/' + name + '.key', 321388Szelenkov@nginx.com ], 331388Szelenkov@nginx.com stderr=subprocess.STDOUT, 341019Szelenkov@nginx.com ) 351019Szelenkov@nginx.com 361019Szelenkov@nginx.com if load: 371019Szelenkov@nginx.com self.certificate_load(name) 381019Szelenkov@nginx.com 391019Szelenkov@nginx.com def certificate_load(self, crt, key=None): 401019Szelenkov@nginx.com if key is None: 411019Szelenkov@nginx.com key = crt 421019Szelenkov@nginx.com 431654Szelenkov@nginx.com key_path = option.temp_dir + '/' + key + '.key' 441654Szelenkov@nginx.com crt_path = option.temp_dir + '/' + crt + '.crt' 451019Szelenkov@nginx.com 461019Szelenkov@nginx.com with open(key_path, 'rb') as k, open(crt_path, 'rb') as c: 471019Szelenkov@nginx.com return self.conf(k.read() + c.read(), '/certificates/' + crt) 481019Szelenkov@nginx.com 491019Szelenkov@nginx.com def get_ssl(self, **kwargs): 501019Szelenkov@nginx.com return self.get(wrapper=self.context.wrap_socket, **kwargs) 511019Szelenkov@nginx.com 521019Szelenkov@nginx.com def post_ssl(self, **kwargs): 531019Szelenkov@nginx.com return self.post(wrapper=self.context.wrap_socket, **kwargs) 541019Szelenkov@nginx.com 551843Szelenkov@nginx.com def openssl_conf(self, rewrite=False, alt_names=[]): 561654Szelenkov@nginx.com conf_path = option.temp_dir + '/openssl.conf' 571019Szelenkov@nginx.com 581843Szelenkov@nginx.com if not rewrite and os.path.exists(conf_path): 591100Szelenkov@nginx.com return 601019Szelenkov@nginx.com 611843Szelenkov@nginx.com # Generates alt_names section with dns names 621843Szelenkov@nginx.com a_names = "[alt_names]\n" 631843Szelenkov@nginx.com for i, k in enumerate(alt_names, 1): 641866Szelenkov@nginx.com k = k.split('|') 651843Szelenkov@nginx.com 661866Szelenkov@nginx.com if k[0] == 'IP': 671866Szelenkov@nginx.com a_names += "IP.%d = %s\n" % (i, k[1]) 681866Szelenkov@nginx.com else: 691866Szelenkov@nginx.com a_names += "DNS.%d = %s\n" % (i, k[0]) 701866Szelenkov@nginx.com 711866Szelenkov@nginx.com # Generates section for sign request extension 721848Szelenkov@nginx.com a_sec = """req_extensions = myca_req_extensions 731843Szelenkov@nginx.com 741843Szelenkov@nginx.com[ myca_req_extensions ] 751843Szelenkov@nginx.comsubjectAltName = @alt_names 761843Szelenkov@nginx.com 771848Szelenkov@nginx.com{a_names}""".format( 781848Szelenkov@nginx.com a_names=a_names 791848Szelenkov@nginx.com ) 801843Szelenkov@nginx.com 811100Szelenkov@nginx.com with open(conf_path, 'w') as f: 821019Szelenkov@nginx.com f.write( 831019Szelenkov@nginx.com """[ req ] 841093Szelenkov@nginx.comdefault_bits = 2048 851019Szelenkov@nginx.comencrypt_key = no 861019Szelenkov@nginx.comdistinguished_name = req_distinguished_name 871843Szelenkov@nginx.com 881843Szelenkov@nginx.com{a_sec} 891848Szelenkov@nginx.com[ req_distinguished_name ]""".format( 901848Szelenkov@nginx.com a_sec=a_sec if alt_names else "" 911848Szelenkov@nginx.com ) 921019Szelenkov@nginx.com ) 931019Szelenkov@nginx.com 941100Szelenkov@nginx.com def load(self, script, name=None): 951100Szelenkov@nginx.com if name is None: 961100Szelenkov@nginx.com name = script 971100Szelenkov@nginx.com 981596Szelenkov@nginx.com script_path = option.test_dir + '/python/' + script 991019Szelenkov@nginx.com 1001099Szelenkov@nginx.com self._load_conf( 1011019Szelenkov@nginx.com { 1021041Svbart@nginx.com "listeners": {"*:7080": {"pass": "applications/" + name}}, 1031019Szelenkov@nginx.com "applications": { 1041019Szelenkov@nginx.com name: { 1051019Szelenkov@nginx.com "type": "python", 1061019Szelenkov@nginx.com "processes": {"spare": 0}, 1071019Szelenkov@nginx.com "path": script_path, 1081019Szelenkov@nginx.com "working_directory": script_path, 1091019Szelenkov@nginx.com "module": "wsgi", 1101019Szelenkov@nginx.com } 1111019Szelenkov@nginx.com }, 1121019Szelenkov@nginx.com } 1131019Szelenkov@nginx.com ) 114