xref: /unit/test/unit/applications/tls.py (revision 1596)
11100Szelenkov@nginx.comimport os
21165Szelenkov@nginx.comimport re
31019Szelenkov@nginx.comimport ssl
41019Szelenkov@nginx.comimport subprocess
51477Szelenkov@nginx.com
61019Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto
7*1596Szelenkov@nginx.comfrom conftest import option
81019Szelenkov@nginx.com
91019Szelenkov@nginx.com
101019Szelenkov@nginx.comclass TestApplicationTLS(TestApplicationProto):
11*1596Szelenkov@nginx.com    def setup_method(self):
12*1596Szelenkov@nginx.com        super().setup_method()
131019Szelenkov@nginx.com
141019Szelenkov@nginx.com        self.context = ssl.create_default_context()
151019Szelenkov@nginx.com        self.context.check_hostname = False
161019Szelenkov@nginx.com        self.context.verify_mode = ssl.CERT_NONE
171019Szelenkov@nginx.com
181165Szelenkov@nginx.com    @classmethod
19*1596Szelenkov@nginx.com    def setup_class(cls, complete_check=True):
20*1596Szelenkov@nginx.com        unit = super().setup_class(complete_check=False)
211165Szelenkov@nginx.com
221165Szelenkov@nginx.com        # check tls module
231165Szelenkov@nginx.com
241165Szelenkov@nginx.com        try:
251165Szelenkov@nginx.com            subprocess.check_output(['which', 'openssl'])
261165Szelenkov@nginx.com
271165Szelenkov@nginx.com            output = subprocess.check_output(
281165Szelenkov@nginx.com                [unit.unitd, '--version'], stderr=subprocess.STDOUT
291165Szelenkov@nginx.com            )
301165Szelenkov@nginx.com
311165Szelenkov@nginx.com            if re.search('--openssl', output.decode()):
321165Szelenkov@nginx.com                cls.available['modules']['openssl'] = []
331165Szelenkov@nginx.com
341165Szelenkov@nginx.com        except:
351165Szelenkov@nginx.com            pass
361165Szelenkov@nginx.com
371165Szelenkov@nginx.com        return unit if not complete_check else unit.complete()
381165Szelenkov@nginx.com
391019Szelenkov@nginx.com    def certificate(self, name='default', load=True):
401100Szelenkov@nginx.com        self.openssl_conf()
411100Szelenkov@nginx.com
421019Szelenkov@nginx.com        subprocess.call(
431019Szelenkov@nginx.com            [
441019Szelenkov@nginx.com                'openssl',
451019Szelenkov@nginx.com                'req',
461019Szelenkov@nginx.com                '-x509',
471019Szelenkov@nginx.com                '-new',
481019Szelenkov@nginx.com                '-subj',    '/CN=' + name + '/',
49*1596Szelenkov@nginx.com                '-config',  self.temp_dir + '/openssl.conf',
50*1596Szelenkov@nginx.com                '-out',     self.temp_dir + '/' + name + '.crt',
51*1596Szelenkov@nginx.com                '-keyout',  self.temp_dir + '/' + name + '.key',
521388Szelenkov@nginx.com            ],
531388Szelenkov@nginx.com            stderr=subprocess.STDOUT,
541019Szelenkov@nginx.com        )
551019Szelenkov@nginx.com
561019Szelenkov@nginx.com        if load:
571019Szelenkov@nginx.com            self.certificate_load(name)
581019Szelenkov@nginx.com
591019Szelenkov@nginx.com    def certificate_load(self, crt, key=None):
601019Szelenkov@nginx.com        if key is None:
611019Szelenkov@nginx.com            key = crt
621019Szelenkov@nginx.com
63*1596Szelenkov@nginx.com        key_path = self.temp_dir + '/' + key + '.key'
64*1596Szelenkov@nginx.com        crt_path = self.temp_dir + '/' + crt + '.crt'
651019Szelenkov@nginx.com
661019Szelenkov@nginx.com        with open(key_path, 'rb') as k, open(crt_path, 'rb') as c:
671019Szelenkov@nginx.com            return self.conf(k.read() + c.read(), '/certificates/' + crt)
681019Szelenkov@nginx.com
691019Szelenkov@nginx.com    def get_ssl(self, **kwargs):
701019Szelenkov@nginx.com        return self.get(wrapper=self.context.wrap_socket, **kwargs)
711019Szelenkov@nginx.com
721019Szelenkov@nginx.com    def post_ssl(self, **kwargs):
731019Szelenkov@nginx.com        return self.post(wrapper=self.context.wrap_socket, **kwargs)
741019Szelenkov@nginx.com
751019Szelenkov@nginx.com    def get_server_certificate(self, addr=('127.0.0.1', 7080)):
761019Szelenkov@nginx.com
771019Szelenkov@nginx.com        ssl_list = dir(ssl)
781019Szelenkov@nginx.com
791019Szelenkov@nginx.com        if 'PROTOCOL_TLS' in ssl_list:
801019Szelenkov@nginx.com            ssl_version = ssl.PROTOCOL_TLS
811019Szelenkov@nginx.com
821019Szelenkov@nginx.com        elif 'PROTOCOL_TLSv1_2' in ssl_list:
831019Szelenkov@nginx.com            ssl_version = ssl.PROTOCOL_TLSv1_2
841019Szelenkov@nginx.com
851019Szelenkov@nginx.com        else:
861019Szelenkov@nginx.com            ssl_version = ssl.PROTOCOL_TLSv1_1
871019Szelenkov@nginx.com
881019Szelenkov@nginx.com        return ssl.get_server_certificate(addr, ssl_version=ssl_version)
891019Szelenkov@nginx.com
901100Szelenkov@nginx.com    def openssl_conf(self):
91*1596Szelenkov@nginx.com        conf_path = self.temp_dir + '/openssl.conf'
921019Szelenkov@nginx.com
931100Szelenkov@nginx.com        if os.path.exists(conf_path):
941100Szelenkov@nginx.com            return
951019Szelenkov@nginx.com
961100Szelenkov@nginx.com        with open(conf_path, 'w') as f:
971019Szelenkov@nginx.com            f.write(
981019Szelenkov@nginx.com                """[ req ]
991093Szelenkov@nginx.comdefault_bits = 2048
1001019Szelenkov@nginx.comencrypt_key = no
1011019Szelenkov@nginx.comdistinguished_name = req_distinguished_name
1021019Szelenkov@nginx.com[ req_distinguished_name ]"""
1031019Szelenkov@nginx.com            )
1041019Szelenkov@nginx.com
1051100Szelenkov@nginx.com    def load(self, script, name=None):
1061100Szelenkov@nginx.com        if name is None:
1071100Szelenkov@nginx.com            name = script
1081100Szelenkov@nginx.com
109*1596Szelenkov@nginx.com        script_path = option.test_dir + '/python/' + script
1101019Szelenkov@nginx.com
1111099Szelenkov@nginx.com        self._load_conf(
1121019Szelenkov@nginx.com            {
1131041Svbart@nginx.com                "listeners": {"*:7080": {"pass": "applications/" + name}},
1141019Szelenkov@nginx.com                "applications": {
1151019Szelenkov@nginx.com                    name: {
1161019Szelenkov@nginx.com                        "type": "python",
1171019Szelenkov@nginx.com                        "processes": {"spare": 0},
1181019Szelenkov@nginx.com                        "path": script_path,
1191019Szelenkov@nginx.com                        "working_directory": script_path,
1201019Szelenkov@nginx.com                        "module": "wsgi",
1211019Szelenkov@nginx.com                    }
1221019Szelenkov@nginx.com                },
1231019Szelenkov@nginx.com            }
1241019Szelenkov@nginx.com        )
125