11100Szelenkov@nginx.comimport os 21165Szelenkov@nginx.comimport re 31019Szelenkov@nginx.comimport ssl 41019Szelenkov@nginx.comimport subprocess 51477Szelenkov@nginx.com 61019Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto 7*1596Szelenkov@nginx.comfrom conftest import option 81019Szelenkov@nginx.com 91019Szelenkov@nginx.com 101019Szelenkov@nginx.comclass TestApplicationTLS(TestApplicationProto): 11*1596Szelenkov@nginx.com def setup_method(self): 12*1596Szelenkov@nginx.com super().setup_method() 131019Szelenkov@nginx.com 141019Szelenkov@nginx.com self.context = ssl.create_default_context() 151019Szelenkov@nginx.com self.context.check_hostname = False 161019Szelenkov@nginx.com self.context.verify_mode = ssl.CERT_NONE 171019Szelenkov@nginx.com 181165Szelenkov@nginx.com @classmethod 19*1596Szelenkov@nginx.com def setup_class(cls, complete_check=True): 20*1596Szelenkov@nginx.com unit = super().setup_class(complete_check=False) 211165Szelenkov@nginx.com 221165Szelenkov@nginx.com # check tls module 231165Szelenkov@nginx.com 241165Szelenkov@nginx.com try: 251165Szelenkov@nginx.com subprocess.check_output(['which', 'openssl']) 261165Szelenkov@nginx.com 271165Szelenkov@nginx.com output = subprocess.check_output( 281165Szelenkov@nginx.com [unit.unitd, '--version'], stderr=subprocess.STDOUT 291165Szelenkov@nginx.com ) 301165Szelenkov@nginx.com 311165Szelenkov@nginx.com if re.search('--openssl', output.decode()): 321165Szelenkov@nginx.com cls.available['modules']['openssl'] = [] 331165Szelenkov@nginx.com 341165Szelenkov@nginx.com except: 351165Szelenkov@nginx.com pass 361165Szelenkov@nginx.com 371165Szelenkov@nginx.com return unit if not complete_check else unit.complete() 381165Szelenkov@nginx.com 391019Szelenkov@nginx.com def certificate(self, name='default', load=True): 401100Szelenkov@nginx.com self.openssl_conf() 411100Szelenkov@nginx.com 421019Szelenkov@nginx.com subprocess.call( 431019Szelenkov@nginx.com [ 441019Szelenkov@nginx.com 'openssl', 451019Szelenkov@nginx.com 'req', 461019Szelenkov@nginx.com '-x509', 471019Szelenkov@nginx.com '-new', 481019Szelenkov@nginx.com '-subj', '/CN=' + name + '/', 49*1596Szelenkov@nginx.com '-config', self.temp_dir + '/openssl.conf', 50*1596Szelenkov@nginx.com '-out', self.temp_dir + '/' + name + '.crt', 51*1596Szelenkov@nginx.com '-keyout', self.temp_dir + '/' + name + '.key', 521388Szelenkov@nginx.com ], 531388Szelenkov@nginx.com stderr=subprocess.STDOUT, 541019Szelenkov@nginx.com ) 551019Szelenkov@nginx.com 561019Szelenkov@nginx.com if load: 571019Szelenkov@nginx.com self.certificate_load(name) 581019Szelenkov@nginx.com 591019Szelenkov@nginx.com def certificate_load(self, crt, key=None): 601019Szelenkov@nginx.com if key is None: 611019Szelenkov@nginx.com key = crt 621019Szelenkov@nginx.com 63*1596Szelenkov@nginx.com key_path = self.temp_dir + '/' + key + '.key' 64*1596Szelenkov@nginx.com crt_path = self.temp_dir + '/' + crt + '.crt' 651019Szelenkov@nginx.com 661019Szelenkov@nginx.com with open(key_path, 'rb') as k, open(crt_path, 'rb') as c: 671019Szelenkov@nginx.com return self.conf(k.read() + c.read(), '/certificates/' + crt) 681019Szelenkov@nginx.com 691019Szelenkov@nginx.com def get_ssl(self, **kwargs): 701019Szelenkov@nginx.com return self.get(wrapper=self.context.wrap_socket, **kwargs) 711019Szelenkov@nginx.com 721019Szelenkov@nginx.com def post_ssl(self, **kwargs): 731019Szelenkov@nginx.com return self.post(wrapper=self.context.wrap_socket, **kwargs) 741019Szelenkov@nginx.com 751019Szelenkov@nginx.com def get_server_certificate(self, addr=('127.0.0.1', 7080)): 761019Szelenkov@nginx.com 771019Szelenkov@nginx.com ssl_list = dir(ssl) 781019Szelenkov@nginx.com 791019Szelenkov@nginx.com if 'PROTOCOL_TLS' in ssl_list: 801019Szelenkov@nginx.com ssl_version = ssl.PROTOCOL_TLS 811019Szelenkov@nginx.com 821019Szelenkov@nginx.com elif 'PROTOCOL_TLSv1_2' in ssl_list: 831019Szelenkov@nginx.com ssl_version = ssl.PROTOCOL_TLSv1_2 841019Szelenkov@nginx.com 851019Szelenkov@nginx.com else: 861019Szelenkov@nginx.com ssl_version = ssl.PROTOCOL_TLSv1_1 871019Szelenkov@nginx.com 881019Szelenkov@nginx.com return ssl.get_server_certificate(addr, ssl_version=ssl_version) 891019Szelenkov@nginx.com 901100Szelenkov@nginx.com def openssl_conf(self): 91*1596Szelenkov@nginx.com conf_path = self.temp_dir + '/openssl.conf' 921019Szelenkov@nginx.com 931100Szelenkov@nginx.com if os.path.exists(conf_path): 941100Szelenkov@nginx.com return 951019Szelenkov@nginx.com 961100Szelenkov@nginx.com with open(conf_path, 'w') as f: 971019Szelenkov@nginx.com f.write( 981019Szelenkov@nginx.com """[ req ] 991093Szelenkov@nginx.comdefault_bits = 2048 1001019Szelenkov@nginx.comencrypt_key = no 1011019Szelenkov@nginx.comdistinguished_name = req_distinguished_name 1021019Szelenkov@nginx.com[ req_distinguished_name ]""" 1031019Szelenkov@nginx.com ) 1041019Szelenkov@nginx.com 1051100Szelenkov@nginx.com def load(self, script, name=None): 1061100Szelenkov@nginx.com if name is None: 1071100Szelenkov@nginx.com name = script 1081100Szelenkov@nginx.com 109*1596Szelenkov@nginx.com script_path = option.test_dir + '/python/' + script 1101019Szelenkov@nginx.com 1111099Szelenkov@nginx.com self._load_conf( 1121019Szelenkov@nginx.com { 1131041Svbart@nginx.com "listeners": {"*:7080": {"pass": "applications/" + name}}, 1141019Szelenkov@nginx.com "applications": { 1151019Szelenkov@nginx.com name: { 1161019Szelenkov@nginx.com "type": "python", 1171019Szelenkov@nginx.com "processes": {"spare": 0}, 1181019Szelenkov@nginx.com "path": script_path, 1191019Szelenkov@nginx.com "working_directory": script_path, 1201019Szelenkov@nginx.com "module": "wsgi", 1211019Szelenkov@nginx.com } 1221019Szelenkov@nginx.com }, 1231019Szelenkov@nginx.com } 1241019Szelenkov@nginx.com ) 125