11100Szelenkov@nginx.comimport os 21019Szelenkov@nginx.comimport ssl 31019Szelenkov@nginx.comimport subprocess 41477Szelenkov@nginx.com 51019Szelenkov@nginx.comfrom unit.applications.proto import TestApplicationProto 61730Szelenkov@nginx.comfrom unit.option import option 71019Szelenkov@nginx.com 81019Szelenkov@nginx.com 91019Szelenkov@nginx.comclass TestApplicationTLS(TestApplicationProto): 101596Szelenkov@nginx.com def setup_method(self): 111019Szelenkov@nginx.com self.context = ssl.create_default_context() 121019Szelenkov@nginx.com self.context.check_hostname = False 131019Szelenkov@nginx.com self.context.verify_mode = ssl.CERT_NONE 141019Szelenkov@nginx.com 151019Szelenkov@nginx.com def certificate(self, name='default', load=True): 161100Szelenkov@nginx.com self.openssl_conf() 171100Szelenkov@nginx.com 182004Szelenkov@nginx.com subprocess.check_output( 191019Szelenkov@nginx.com [ 201019Szelenkov@nginx.com 'openssl', 211019Szelenkov@nginx.com 'req', 221019Szelenkov@nginx.com '-x509', 231019Szelenkov@nginx.com '-new', 241848Szelenkov@nginx.com '-subj', 25*2330Szelenkov@nginx.com f'/CN={name}/', 261848Szelenkov@nginx.com '-config', 27*2330Szelenkov@nginx.com f'{option.temp_dir}/openssl.conf', 281848Szelenkov@nginx.com '-out', 29*2330Szelenkov@nginx.com f'{option.temp_dir}/{name}.crt', 301848Szelenkov@nginx.com '-keyout', 31*2330Szelenkov@nginx.com f'{option.temp_dir}/{name}.key', 321388Szelenkov@nginx.com ], 331388Szelenkov@nginx.com stderr=subprocess.STDOUT, 341019Szelenkov@nginx.com ) 351019Szelenkov@nginx.com 361019Szelenkov@nginx.com if load: 371019Szelenkov@nginx.com self.certificate_load(name) 381019Szelenkov@nginx.com 391019Szelenkov@nginx.com def certificate_load(self, crt, key=None): 401019Szelenkov@nginx.com if key is None: 411019Szelenkov@nginx.com key = crt 421019Szelenkov@nginx.com 43*2330Szelenkov@nginx.com key_path = f'{option.temp_dir}/{key}.key' 44*2330Szelenkov@nginx.com crt_path = f'{option.temp_dir}/{crt}.crt' 451019Szelenkov@nginx.com 461019Szelenkov@nginx.com with open(key_path, 'rb') as k, open(crt_path, 'rb') as c: 47*2330Szelenkov@nginx.com return self.conf(k.read() + c.read(), f'/certificates/{crt}') 481019Szelenkov@nginx.com 491019Szelenkov@nginx.com def get_ssl(self, **kwargs): 501019Szelenkov@nginx.com return self.get(wrapper=self.context.wrap_socket, **kwargs) 511019Szelenkov@nginx.com 521019Szelenkov@nginx.com def post_ssl(self, **kwargs): 531019Szelenkov@nginx.com return self.post(wrapper=self.context.wrap_socket, **kwargs) 541019Szelenkov@nginx.com 552328Szelenkov@nginx.com def openssl_conf(self, rewrite=False, alt_names=None): 562328Szelenkov@nginx.com alt_names = alt_names or [] 57*2330Szelenkov@nginx.com conf_path = f'{option.temp_dir}/openssl.conf' 581019Szelenkov@nginx.com 591843Szelenkov@nginx.com if not rewrite and os.path.exists(conf_path): 601100Szelenkov@nginx.com return 611019Szelenkov@nginx.com 621843Szelenkov@nginx.com # Generates alt_names section with dns names 63*2330Szelenkov@nginx.com a_names = '[alt_names]\n' 641843Szelenkov@nginx.com for i, k in enumerate(alt_names, 1): 651866Szelenkov@nginx.com k = k.split('|') 661843Szelenkov@nginx.com 671866Szelenkov@nginx.com if k[0] == 'IP': 68*2330Szelenkov@nginx.com a_names += f'IP.{i} = {k[1]}\n' 691866Szelenkov@nginx.com else: 70*2330Szelenkov@nginx.com a_names += f'DNS.{i} = {k[0]}\n' 711866Szelenkov@nginx.com 721866Szelenkov@nginx.com # Generates section for sign request extension 73*2330Szelenkov@nginx.com a_sec = f'''req_extensions = myca_req_extensions 741843Szelenkov@nginx.com 751843Szelenkov@nginx.com[ myca_req_extensions ] 761843Szelenkov@nginx.comsubjectAltName = @alt_names 771843Szelenkov@nginx.com 78*2330Szelenkov@nginx.com{a_names}''' 791843Szelenkov@nginx.com 801100Szelenkov@nginx.com with open(conf_path, 'w') as f: 811019Szelenkov@nginx.com f.write( 82*2330Szelenkov@nginx.com f'''[ req ] 831093Szelenkov@nginx.comdefault_bits = 2048 841019Szelenkov@nginx.comencrypt_key = no 851019Szelenkov@nginx.comdistinguished_name = req_distinguished_name 861843Szelenkov@nginx.com 87*2330Szelenkov@nginx.com{a_sec if alt_names else ""} 88*2330Szelenkov@nginx.com[ req_distinguished_name ]''' 891019Szelenkov@nginx.com ) 901019Szelenkov@nginx.com 911100Szelenkov@nginx.com def load(self, script, name=None): 921100Szelenkov@nginx.com if name is None: 931100Szelenkov@nginx.com name = script 941100Szelenkov@nginx.com 95*2330Szelenkov@nginx.com script_path = f'{option.test_dir}/python/{script}' 961099Szelenkov@nginx.com self._load_conf( 971019Szelenkov@nginx.com { 98*2330Szelenkov@nginx.com "listeners": {"*:7080": {"pass": f"applications/{name}"}}, 991019Szelenkov@nginx.com "applications": { 1001019Szelenkov@nginx.com name: { 1011019Szelenkov@nginx.com "type": "python", 1021019Szelenkov@nginx.com "processes": {"spare": 0}, 1031019Szelenkov@nginx.com "path": script_path, 1041019Szelenkov@nginx.com "working_directory": script_path, 1051019Szelenkov@nginx.com "module": "wsgi", 1061019Szelenkov@nginx.com } 1071019Szelenkov@nginx.com }, 1081019Szelenkov@nginx.com } 1091019Szelenkov@nginx.com ) 110