11100Szelenkov@nginx.comimport os 21019Szelenkov@nginx.comimport ssl 31019Szelenkov@nginx.comimport subprocess 41477Szelenkov@nginx.com 51019Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto 61730Szelenkov@nginx.comfrom unit.option import option 71019Szelenkov@nginx.com 81019Szelenkov@nginx.com 91019Szelenkov@nginx.comclass TestApplicationTLS(TestApplicationProto): 101596Szelenkov@nginx.com def setup_method(self): 111019Szelenkov@nginx.com self.context = ssl.create_default_context() 121019Szelenkov@nginx.com self.context.check_hostname = False 131019Szelenkov@nginx.com self.context.verify_mode = ssl.CERT_NONE 141019Szelenkov@nginx.com 151019Szelenkov@nginx.com def certificate(self, name='default', load=True): 161100Szelenkov@nginx.com self.openssl_conf() 171100Szelenkov@nginx.com 181019Szelenkov@nginx.com subprocess.call( 191019Szelenkov@nginx.com [ 201019Szelenkov@nginx.com 'openssl', 211019Szelenkov@nginx.com 'req', 221019Szelenkov@nginx.com '-x509', 231019Szelenkov@nginx.com '-new', 241019Szelenkov@nginx.com '-subj', '/CN=' + name + '/', 251654Szelenkov@nginx.com '-config', option.temp_dir + '/openssl.conf', 261654Szelenkov@nginx.com '-out', option.temp_dir + '/' + name + '.crt', 271654Szelenkov@nginx.com '-keyout', option.temp_dir + '/' + name + '.key', 281388Szelenkov@nginx.com ], 291388Szelenkov@nginx.com stderr=subprocess.STDOUT, 301019Szelenkov@nginx.com ) 311019Szelenkov@nginx.com 321019Szelenkov@nginx.com if load: 331019Szelenkov@nginx.com self.certificate_load(name) 341019Szelenkov@nginx.com 351019Szelenkov@nginx.com def certificate_load(self, crt, key=None): 361019Szelenkov@nginx.com if key is None: 371019Szelenkov@nginx.com key = crt 381019Szelenkov@nginx.com 391654Szelenkov@nginx.com key_path = option.temp_dir + '/' + key + '.key' 401654Szelenkov@nginx.com crt_path = option.temp_dir + '/' + crt + '.crt' 411019Szelenkov@nginx.com 421019Szelenkov@nginx.com with open(key_path, 'rb') as k, open(crt_path, 'rb') as c: 431019Szelenkov@nginx.com return self.conf(k.read() + c.read(), '/certificates/' + crt) 441019Szelenkov@nginx.com 451019Szelenkov@nginx.com def get_ssl(self, **kwargs): 461019Szelenkov@nginx.com return self.get(wrapper=self.context.wrap_socket, **kwargs) 471019Szelenkov@nginx.com 481019Szelenkov@nginx.com def post_ssl(self, **kwargs): 491019Szelenkov@nginx.com return self.post(wrapper=self.context.wrap_socket, **kwargs) 501019Szelenkov@nginx.com 511019Szelenkov@nginx.com def get_server_certificate(self, addr=('127.0.0.1', 7080)): 521019Szelenkov@nginx.com 531019Szelenkov@nginx.com ssl_list = dir(ssl) 541019Szelenkov@nginx.com 551019Szelenkov@nginx.com if 'PROTOCOL_TLS' in ssl_list: 561019Szelenkov@nginx.com ssl_version = ssl.PROTOCOL_TLS 571019Szelenkov@nginx.com 581019Szelenkov@nginx.com elif 'PROTOCOL_TLSv1_2' in ssl_list: 591019Szelenkov@nginx.com ssl_version = ssl.PROTOCOL_TLSv1_2 601019Szelenkov@nginx.com 611019Szelenkov@nginx.com else: 621019Szelenkov@nginx.com ssl_version = ssl.PROTOCOL_TLSv1_1 631019Szelenkov@nginx.com 641019Szelenkov@nginx.com return ssl.get_server_certificate(addr, ssl_version=ssl_version) 651019Szelenkov@nginx.com 66*1843Szelenkov@nginx.com def openssl_conf(self, rewrite=False, alt_names=[]): 671654Szelenkov@nginx.com conf_path = option.temp_dir + '/openssl.conf' 681019Szelenkov@nginx.com 69*1843Szelenkov@nginx.com if not rewrite and os.path.exists(conf_path): 701100Szelenkov@nginx.com return 711019Szelenkov@nginx.com 72*1843Szelenkov@nginx.com # Generates alt_names section with dns names 73*1843Szelenkov@nginx.com a_names = "[alt_names]\n" 74*1843Szelenkov@nginx.com for i, k in enumerate(alt_names, 1): 75*1843Szelenkov@nginx.com a_names += "DNS.%d = %s\n" % (i, k) 76*1843Szelenkov@nginx.com 77*1843Szelenkov@nginx.com # Generates section for sign request extension 78*1843Szelenkov@nginx.com a_sec = """req_extensions = myca_req_extensions 79*1843Szelenkov@nginx.com 80*1843Szelenkov@nginx.com[ myca_req_extensions ] 81*1843Szelenkov@nginx.comsubjectAltName = @alt_names 82*1843Szelenkov@nginx.com 83*1843Szelenkov@nginx.com{a_names}""".format(a_names=a_names) 84*1843Szelenkov@nginx.com 851100Szelenkov@nginx.com with open(conf_path, 'w') as f: 861019Szelenkov@nginx.com f.write( 871019Szelenkov@nginx.com """[ req ] 881093Szelenkov@nginx.comdefault_bits = 2048 891019Szelenkov@nginx.comencrypt_key = no 901019Szelenkov@nginx.comdistinguished_name = req_distinguished_name 91*1843Szelenkov@nginx.com 92*1843Szelenkov@nginx.com{a_sec} 93*1843Szelenkov@nginx.com[ req_distinguished_name ]""".format(a_sec=a_sec if alt_names else "") 941019Szelenkov@nginx.com ) 951019Szelenkov@nginx.com 961100Szelenkov@nginx.com def load(self, script, name=None): 971100Szelenkov@nginx.com if name is None: 981100Szelenkov@nginx.com name = script 991100Szelenkov@nginx.com 1001596Szelenkov@nginx.com script_path = option.test_dir + '/python/' + script 1011019Szelenkov@nginx.com 1021099Szelenkov@nginx.com self._load_conf( 1031019Szelenkov@nginx.com { 1041041Svbart@nginx.com "listeners": {"*:7080": {"pass": "applications/" + name}}, 1051019Szelenkov@nginx.com "applications": { 1061019Szelenkov@nginx.com name: { 1071019Szelenkov@nginx.com "type": "python", 1081019Szelenkov@nginx.com "processes": {"spare": 0}, 1091019Szelenkov@nginx.com "path": script_path, 1101019Szelenkov@nginx.com "working_directory": script_path, 1111019Szelenkov@nginx.com "module": "wsgi", 1121019Szelenkov@nginx.com } 1131019Szelenkov@nginx.com }, 1141019Szelenkov@nginx.com } 1151019Szelenkov@nginx.com ) 116