xref: /unit/test/unit/applications/tls.py (revision 1093)
11019Szelenkov@nginx.comimport ssl
21019Szelenkov@nginx.comimport subprocess
31019Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto
41019Szelenkov@nginx.com
51019Szelenkov@nginx.com
61019Szelenkov@nginx.comclass TestApplicationTLS(TestApplicationProto):
71019Szelenkov@nginx.com    def __init__(self, test):
81019Szelenkov@nginx.com        super().__init__(test)
91019Szelenkov@nginx.com
101019Szelenkov@nginx.com        self.context = ssl.create_default_context()
111019Szelenkov@nginx.com        self.context.check_hostname = False
121019Szelenkov@nginx.com        self.context.verify_mode = ssl.CERT_NONE
131019Szelenkov@nginx.com
141019Szelenkov@nginx.com    def certificate(self, name='default', load=True):
151019Szelenkov@nginx.com        subprocess.call(
161019Szelenkov@nginx.com            [
171019Szelenkov@nginx.com                'openssl',
181019Szelenkov@nginx.com                'req',
191019Szelenkov@nginx.com                '-x509',
201019Szelenkov@nginx.com                '-new',
211019Szelenkov@nginx.com                '-subj',    '/CN=' + name + '/',
221019Szelenkov@nginx.com                '-config',  self.testdir + '/openssl.conf',
231019Szelenkov@nginx.com                '-out',     self.testdir + '/' + name + '.crt',
241019Szelenkov@nginx.com                '-keyout',  self.testdir + '/' + name + '.key',
251019Szelenkov@nginx.com            ]
261019Szelenkov@nginx.com        )
271019Szelenkov@nginx.com
281019Szelenkov@nginx.com        if load:
291019Szelenkov@nginx.com            self.certificate_load(name)
301019Szelenkov@nginx.com
311019Szelenkov@nginx.com    def certificate_load(self, crt, key=None):
321019Szelenkov@nginx.com        if key is None:
331019Szelenkov@nginx.com            key = crt
341019Szelenkov@nginx.com
351019Szelenkov@nginx.com        key_path = self.testdir + '/' + key + '.key'
361019Szelenkov@nginx.com        crt_path = self.testdir + '/' + crt + '.crt'
371019Szelenkov@nginx.com
381019Szelenkov@nginx.com        with open(key_path, 'rb') as k, open(crt_path, 'rb') as c:
391019Szelenkov@nginx.com            return self.conf(k.read() + c.read(), '/certificates/' + crt)
401019Szelenkov@nginx.com
411019Szelenkov@nginx.com    def get_ssl(self, **kwargs):
421019Szelenkov@nginx.com        return self.get(wrapper=self.context.wrap_socket, **kwargs)
431019Szelenkov@nginx.com
441019Szelenkov@nginx.com    def post_ssl(self, **kwargs):
451019Szelenkov@nginx.com        return self.post(wrapper=self.context.wrap_socket, **kwargs)
461019Szelenkov@nginx.com
471019Szelenkov@nginx.com    def get_server_certificate(self, addr=('127.0.0.1', 7080)):
481019Szelenkov@nginx.com
491019Szelenkov@nginx.com        ssl_list = dir(ssl)
501019Szelenkov@nginx.com
511019Szelenkov@nginx.com        if 'PROTOCOL_TLS' in ssl_list:
521019Szelenkov@nginx.com            ssl_version = ssl.PROTOCOL_TLS
531019Szelenkov@nginx.com
541019Szelenkov@nginx.com        elif 'PROTOCOL_TLSv1_2' in ssl_list:
551019Szelenkov@nginx.com            ssl_version = ssl.PROTOCOL_TLSv1_2
561019Szelenkov@nginx.com
571019Szelenkov@nginx.com        else:
581019Szelenkov@nginx.com            ssl_version = ssl.PROTOCOL_TLSv1_1
591019Szelenkov@nginx.com
601019Szelenkov@nginx.com        return ssl.get_server_certificate(addr, ssl_version=ssl_version)
611019Szelenkov@nginx.com
621019Szelenkov@nginx.com    def load(self, script, name=None):
631019Szelenkov@nginx.com        if name is None:
641019Szelenkov@nginx.com            name = script
651019Szelenkov@nginx.com
661019Szelenkov@nginx.com        # create default openssl configuration
671019Szelenkov@nginx.com
681019Szelenkov@nginx.com        with open(self.testdir + '/openssl.conf', 'w') as f:
691019Szelenkov@nginx.com            f.write(
701019Szelenkov@nginx.com                """[ req ]
71*1093Szelenkov@nginx.comdefault_bits = 2048
721019Szelenkov@nginx.comencrypt_key = no
731019Szelenkov@nginx.comdistinguished_name = req_distinguished_name
741019Szelenkov@nginx.com[ req_distinguished_name ]"""
751019Szelenkov@nginx.com            )
761019Szelenkov@nginx.com
771019Szelenkov@nginx.com        script_path = self.current_dir + '/python/' + script
781019Szelenkov@nginx.com
791019Szelenkov@nginx.com        self.conf(
801019Szelenkov@nginx.com            {
811041Svbart@nginx.com                "listeners": {"*:7080": {"pass": "applications/" + name}},
821019Szelenkov@nginx.com                "applications": {
831019Szelenkov@nginx.com                    name: {
841019Szelenkov@nginx.com                        "type": "python",
851019Szelenkov@nginx.com                        "processes": {"spare": 0},
861019Szelenkov@nginx.com                        "path": script_path,
871019Szelenkov@nginx.com                        "working_directory": script_path,
881019Szelenkov@nginx.com                        "module": "wsgi",
891019Szelenkov@nginx.com                    }
901019Szelenkov@nginx.com                },
911019Szelenkov@nginx.com            }
921019Szelenkov@nginx.com        )
93