diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/data/text_cert | 48 | ||||
| -rw-r--r-- | test/data/text_cert_2 | 83 | ||||
| -rw-r--r-- | test/test_utils.py | 25 | ||||
| -rwxr-xr-x | test/tools/getcert | 24 | ||||
| -rwxr-xr-x | test/tools/getcn | 13 |
5 files changed, 190 insertions, 3 deletions
diff --git a/test/data/text_cert b/test/data/text_cert new file mode 100644 index 00000000..f52ad8ae --- /dev/null +++ b/test/data/text_cert @@ -0,0 +1,48 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 47:4f:4f:50:01:6d + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=Google Inc, CN=Google Internet Authority + Validity + Not Before: Jan 17 12:55:04 2012 GMT + Not After : Jan 17 12:55:04 2013 GMT + Subject: C=US, ST=California, O=Google Inc, CN=google.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ba:1f:73:14:76:7e:e7:79:73:21:48:7a:57:7d: + a6:3d:af:18:1e:46:1f:4c:bd:b6:60:18:6b:9b:77: + df:16:c9:82:e2:8a:5f:f7:a5:de:d5:c0:28:c3:62: + 4f:54:99:ce:ef:04:2c:9d:44:cb:41:9c:04:08:07: + 03:d8:d5:3d:07:74:2c:67:5b:12:d3:48:c6:36:e5: + 02:c5:80:0f:f1:59:95:2b:7c:5f:ce:e1:ec:2e:70: + d8:94:9e:7c:e6:a7:8b:4a:a0:42:a5:3a:b1:37:6c: + 68:25:06:67:e1:2e:ec:3d:25:05:f4:f9:fd:59:e5: + da:f5:7e:cc:8d:d8:98:39:69 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 2F:7F:89:78:2F:E8:2F:D8:D9:85:3A:77:17:9E:74:2D:AB:AD:CD:5F + X509v3 Authority Key Identifier: + keyid:BF:C0:30:EB:F5:43:11:3E:67:BA:9E:91:FB:FC:6A:DA:E3:6B:12:24 + + X509v3 CRL Distribution Points: + URI:http://www.gstatic.com/GoogleInternetAuthority/GoogleInternetAuthority.crl + + Authority Information Access: + CA Issuers - URI:http://www.gstatic.com/GoogleInternetAuthority/GoogleInternetAuthority.crt + + X509v3 Subject Alternative Name: + DNS:google.com, DNS:*.google.com, DNS:*.google.ac, DNS:*.google.ad, DNS:*.google.ae, DNS:*.google.af, DNS:*.google.ag, DNS:*.google.am, DNS:*.google.as, DNS:*.google.at, DNS:*.google.az, DNS:*.google.ba, DNS:*.google.be, DNS:*.google.bf, DNS:*.google.bg, DNS:*.google.bi, DNS:*.google.bj, DNS:*.google.bs, DNS:*.google.by, DNS:*.google.ca, DNS:*.google.cat, DNS:*.google.cc, DNS:*.google.cd, DNS:*.google.cf, DNS:*.google.cg, DNS:*.google.ch, DNS:*.google.ci, DNS:*.google.cl, DNS:*.google.cm, DNS:*.google.cn, DNS:*.google.co.ao, DNS:*.google.co.bw, DNS:*.google.co.ck, DNS:*.google.co.cr, DNS:*.google.co.hu, DNS:*.google.co.id, DNS:*.google.co.il, DNS:*.google.co.im, DNS:*.google.co.in, DNS:*.google.co.je, DNS:*.google.co.jp, DNS:*.google.co.ke, DNS:*.google.co.kr, DNS:*.google.co.ls, DNS:*.google.co.ma, DNS:*.google.co.mz, DNS:*.google.co.nz, DNS:*.google.co.th, DNS:*.google.co.tz, DNS:*.google.co.ug, DNS:*.google.co.uk, DNS:*.google.co.uz, DNS:*.google.co.ve, DNS:*.google.co.vi, DNS:*.google.co.za, DNS:*.google.co.zm, DNS:*.google.co.zw, DNS:*.google.com.af, DNS:*.google.com.ag, DNS:*.google.com.ai, DNS:*.google.com.ar, DNS:*.google.com.au, DNS:*.google.com.bd, DNS:*.google.com.bh, DNS:*.google.com.bn, DNS:*.google.com.bo, DNS:*.google.com.br, DNS:*.google.com.by, DNS:*.google.com.bz, DNS:*.google.com.cn, DNS:*.google.com.co, DNS:*.google.com.cu, DNS:*.google.com.cy, DNS:*.google.com.do, DNS:*.google.com.ec, DNS:*.google.com.eg, DNS:*.google.com.et, DNS:*.google.com.fj, DNS:*.google.com.ge, DNS:*.google.com.gh, DNS:*.google.com.gi, DNS:*.google.com.gr, DNS:*.google.com.gt, DNS:*.google.com.hk, DNS:*.google.com.iq, DNS:*.google.com.jm, DNS:*.google.com.jo, DNS:*.google.com.kh, DNS:*.google.com.kw, DNS:*.google.com.lb, DNS:*.google.com.ly, DNS:*.google.com.mt, DNS:*.google.com.mx, DNS:*.google.com.my, DNS:*.google.com.na, DNS:*.google.com.nf, DNS:*.google.com.ng, DNS:*.google.com.ni, DNS:*.google.com.np, DNS:*.google.com.nr, DNS:*.google.com.om, DNS:*.google.com.pa, DNS:*.google.com.pe, DNS:*.google.com.ph, DNS:*.google.com.pk, DNS:*.google.com.pl, DNS:*.google.com.pr, DNS:*.google.com.py, DNS:*.google.com.qa, DNS:*.google.com.ru, DNS:*.google.com.sa, DNS:*.google.com.sb, DNS:*.google.com.sg, DNS:*.google.com.sl, DNS:*.google.com.sv, DNS:*.google.com.tj, DNS:*.google.com.tn, DNS:*.google.com.tr, DNS:*.google.com.tw, DNS:*.google.com.ua, DNS:*.google.com.uy, DNS:*.google.com.vc, DNS:*.google.com.ve, DNS:*.google.com.vn, DNS:*.google.cv, DNS:*.google.cz, DNS:*.google.de, DNS:*.google.dj, DNS:*.google.dk, DNS:*.google.dm, DNS:*.google.dz, DNS:*.google.ee, DNS:*.google.es, DNS:*.google.fi, DNS:*.google.fm, DNS:*.google.fr, DNS:*.google.ga, DNS:*.google.ge, DNS:*.google.gg, DNS:*.google.gl, DNS:*.google.gm, DNS:*.google.gp, DNS:*.google.gr, DNS:*.google.gy, DNS:*.google.hk, DNS:*.google.hn, DNS:*.google.hr, DNS:*.google.ht, DNS:*.google.hu, DNS:*.google.ie, DNS:*.google.im, DNS:*.google.info, DNS:*.google.iq, DNS:*.google.is, DNS:*.google.it, DNS:*.google.it.ao, DNS:*.google.je, DNS:*.google.jo, DNS:*.google.jobs, DNS:*.google.jp, DNS:*.google.kg, DNS:*.google.ki, DNS:*.google.kz, DNS:*.google.la, DNS:*.google.li, DNS:*.google.lk, DNS:*.google.lt, DNS:*.google.lu, DNS:*.google.lv, DNS:*.google.md, DNS:*.google.me, DNS:*.google.mg, DNS:*.google.mk, DNS:*.google.ml, DNS:*.google.mn, DNS:*.google.ms, DNS:*.google.mu, DNS:*.google.mv, DNS:*.google.mw, DNS:*.google.ne, DNS:*.google.ne.jp, DNS:*.google.net, DNS:*.google.nl, DNS:*.google.no, DNS:*.google.nr, DNS:*.google.nu, DNS:*.google.off.ai, DNS:*.google.pk, DNS:*.google.pl, DNS:*.google.pn, DNS:*.google.ps, DNS:*.google.pt, DNS:*.google.ro, DNS:*.google.rs, DNS:*.google.ru, DNS:*.google.rw, DNS:*.google.sc, DNS:*.google.se, DNS:*.google.sh, DNS:*.google.si, DNS:*.google.sk, DNS:*.google.sm, DNS:*.google.sn, DNS:*.google.so, DNS:*.google.st, DNS:*.google.td, DNS:*.google.tg, DNS:*.google.tk, DNS:*.google.tl, DNS:*.google.tm, DNS:*.google.tn, DNS:*.google.to, DNS:*.google.tp, DNS:*.google.tt, DNS:*.google.us, DNS:*.google.uz, DNS:*.google.vg, DNS:*.google.vu, DNS:*.google.ws, DNS:google.ac, DNS:google.ad, DNS:google.ae, DNS:google.af, DNS:google.ag, DNS:google.am, DNS:google.as, DNS:google.at, DNS:google.az, DNS:google.ba, DNS:google.be, DNS:google.bf, DNS:google.bg, DNS:google.bi, DNS:google.bj, DNS:google.bs, DNS:google.by, DNS:google.ca, DNS:google.cat, DNS:google.cc, DNS:google.cd, DNS:google.cf, DNS:google.cg, DNS:google.ch, DNS:google.ci, DNS:google.cl, DNS:google.cm, DNS:google.cn, DNS:google.co.ao, DNS:google.co.bw, DNS:google.co.ck, DNS:google.co.cr, DNS:google.co.hu, DNS:google.co.id, DNS:google.co.il, DNS:google.co.im, DNS:google.co.in, DNS:google.co.je, DNS:google.co.jp, DNS:google.co.ke, DNS:google.co.kr, DNS:google.co.ls, DNS:google.co.ma, DNS:google.co.mz, DNS:google.co.nz, DNS:google.co.th, DNS:google.co.tz, DNS:google.co.ug, DNS:google.co.uk, DNS:google.co.uz, DNS:google.co.ve, DNS:google.co.vi, DNS:google.co.za, DNS:google.co.zm, DNS:google.co.zw, DNS:google.com.af, DNS:google.com.ag, DNS:google.com.ai, DNS:google.com.ar, DNS:google.com.au, DNS:google.com.bd, DNS:google.com.bh, DNS:google.com.bn, DNS:google.com.bo, DNS:google.com.br, DNS:google.com.by, DNS:google.com.bz, DNS:google.com.cn, DNS:google.com.co, DNS:google.com.cu, DNS:google.com.cy, DNS:google.com.do, DNS:google.com.ec, DNS:google.com.eg, DNS:google.com.et, DNS:google.com.fj, DNS:google.com.ge, DNS:google.com.gh, DNS:google.com.gi, DNS:google.com.gr, DNS:google.com.gt, DNS:google.com.hk, DNS:google.com.iq, DNS:google.com.jm, DNS:google.com.jo, DNS:google.com.kh, DNS:google.com.kw, DNS:google.com.lb, DNS:google.com.ly, DNS:google.com.mt, DNS:google.com.mx, DNS:google.com.my, DNS:google.com.na, DNS:google.com.nf, DNS:google.com.ng, DNS:google.com.ni, DNS:google.com.np, DNS:google.com.nr, DNS:google.com.om, DNS:google.com.pa, DNS:google.com.pe, DNS:google.com.ph, DNS:google.com.pk, DNS:google.com.pl, DNS:google.com.pr, DNS:google.com.py, DNS:google.com.qa, DNS:google.com.ru, DNS:google.com.sa, DNS:google.com.sb, DNS:google.com.sg, DNS:google.com.sl, DNS:google.com.sv, DNS:google.com.tj, DNS:google.com.tn, DNS:google.com.tr, DNS:google.com.tw, DNS:google.com.ua, DNS:google.com.uy, DNS:google.com.vc, DNS:google.com.ve, DNS:google.com.vn, DNS:google.cv, DNS:google.cz, DNS:google.de, DNS:google.dj, DNS:google.dk, DNS:google.dm, DNS:google.dz, DNS:google.ee, DNS:google.es, DNS:google.fi, DNS:google.fm, DNS:google.fr, DNS:google.ga, DNS:google.ge, DNS:google.gg, DNS:google.gl, DNS:google.gm, DNS:google.gp, DNS:google.gr, DNS:google.gy, DNS:google.hk, DNS:google.hn, DNS:google.hr, DNS:google.ht, DNS:google.hu, DNS:google.ie, DNS:google.im, DNS:google.info, DNS:google.iq, DNS:google.is, DNS:google.it, DNS:google.it.ao, DNS:google.je, DNS:google.jo, DNS:google.jobs, DNS:google.jp, DNS:google.kg, DNS:google.ki, DNS:google.kz, DNS:google.la, DNS:google.li, DNS:google.lk, DNS:google.lt, DNS:google.lu, DNS:google.lv, DNS:google.md, DNS:google.me, DNS:google.mg, DNS:google.mk, DNS:google.ml, DNS:google.mn, DNS:google.ms, DNS:google.mu, DNS:google.mv, DNS:google.mw, DNS:google.ne, DNS:google.ne.jp, DNS:google.net, DNS:google.nl, DNS:google.no, DNS:google.nr, DNS:google.nu, DNS:google.off.ai, DNS:google.pk, DNS:google.pl, DNS:google.pn, DNS:google.ps, DNS:google.pt, DNS:google.ro, DNS:google.rs, DNS:google.ru, DNS:google.rw, DNS:google.sc, DNS:google.se, DNS:google.sh, DNS:google.si, DNS:google.sk, DNS:google.sm, DNS:google.sn, DNS:google.so, DNS:google.st, DNS:google.td, DNS:google.tg, DNS:google.tk, DNS:google.tl, DNS:google.tm, DNS:google.tn, DNS:google.to, DNS:google.tp, DNS:google.tt, DNS:google.us, DNS:google.uz, DNS:google.vg, DNS:google.vu, DNS:google.ws + Signature Algorithm: sha1WithRSAEncryption + 99:99:f5:1c:aa:a5:4c:eb:3f:45:1c:26:71:d7:a0:bb:bf:02: + 32:04:b0:8b:d9:63:d8:6a:ff:d6:cb:af:2f:08:9d:f9:af:11: + 16:07:af:88:4d:7a:d9:0e:62:55:b4:15:e0:d9:b4:2a:56:c5: + d3:d4:80:98:e6:5a:02:80:2b:a8:f4:82:83:85:6a:f4:d5:1a: + 9b:64:2f:c8:21:6b:8a:75:41:4b:1d:2e:47:77:eb:f7:2f:05: + 77:81:61:29:5e:ef:ce:ef:7a:8e:3a:37:59:38:57:a5:2f:da: + 06:83:56:4a:de:ef:ce:82:36:c1:ef:43:a3:18:67:90:a5:43: + e9:12 diff --git a/test/data/text_cert_2 b/test/data/text_cert_2 new file mode 100644 index 00000000..e2b63750 --- /dev/null +++ b/test/data/text_cert_2 @@ -0,0 +1,83 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 67908 (0x10944) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Class 1 Primary Intermediate Server CA + Validity + Not Before: Jan 11 19:27:36 2010 GMT + Not After : Jan 12 09:14:55 2011 GMT + Subject: description=126832-MCxLsY6Tn1gm7o90, C=NZ, O=Persona Not Validated, OU=StartCom Free Certificate Member, CN=www.inode.co.nz/emailAddress=jim@inode.co.nz + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:be:a0:85:69:46:86:a8:3e:57:43:f9:f1:1d:d2: + bc:b4:62:3b:d3:ab:75:e9:03:c7:39:90:6c:ac:10: + 71:cd:39:7e:b9:c5:e5:9f:6f:4f:a8:1a:ed:83:ae: + 5d:57:97:c6:16:02:02:8d:27:af:a2:88:fb:2f:cb: + c7:e4:07:bc:fe:56:d2:72:9b:b3:eb:2f:cd:44:04: + ae:ad:99:64:5c:21:87:57:b5:2d:b5:5c:72:b3:70: + 90:75:33:28:ea:b4:4d:36:95:75:4e:24:f2:40:d0: + cf:36:05:f6:d4:d9:6f:e1:b9:1e:fd:41:26:3a:70: + 63:07:bc:3f:87:00:88:f2:4f:ac:51:4e:29:3c:92: + cc:7a:a2:62:c5:e5:c7:eb:d1:d6:5d:5e:df:32:9a: + be:17:7e:2d:54:a8:2d:65:97:6f:5d:f2:28:e0:ea: + ea:f9:ee:88:78:d4:25:79:7c:09:f5:65:06:1a:06: + a2:d5:d4:e0:94:79:71:bb:86:a1:6f:fc:fa:b9:30: + 11:d5:fe:62:80:af:54:2a:a0:77:1f:48:91:11:41: + ea:e5:9f:37:aa:1c:52:21:6f:84:0d:1e:92:73:be: + 7b:0b:95:7d:12:e2:21:a4:83:07:ca:4d:c9:45:95: + aa:ee:27:80:55:ad:58:ed:4e:61:98:34:23:fd:f6: + 06:47 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment, Key Agreement + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: + 1F:68:BD:91:8F:AA:FC:89:19:41:4E:0A:69:80:4E:D9:67:95:93:53 + X509v3 Authority Key Identifier: + keyid:EB:42:34:D0:98:B0:AB:9F:F4:1B:6B:08:F7:CC:64:2E:EF:0E:2C:45 + + X509v3 Subject Alternative Name: + DNS:www.inode.co.nz, DNS:inode.co.nz + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.23223.1.2.1 + CPS: http://www.startssl.com/policy.pdf + CPS: http://www.startssl.com/intermediate.pdf + User Notice: + Organization: StartCom Ltd. + Number: 1 + Explicit Text: Limited Liability, see section *Legal Limitations* of the StartCom Certification Authority Policy available at http://www.startssl.com/policy.pdf + + X509v3 CRL Distribution Points: + URI:http://www.startssl.com/crt1-crl.crl + URI:http://crl.startssl.com/crt1-crl.crl + + Authority Information Access: + OCSP - URI:http://ocsp.startssl.com/sub/class1/server/ca + CA Issuers - URI:http://www.startssl.com/certs/sub.class1.server.ca.crt + + X509v3 Issuer Alternative Name: + URI:http://www.startssl.com/ + Signature Algorithm: sha1WithRSAEncryption + 8a:f5:88:0f:42:93:f2:ad:44:cd:6c:f2:f8:17:9c:b0:5a:f2: + 85:08:6e:2c:57:c0:b0:f9:07:aa:93:5d:f4:e7:e4:45:2b:46: + 06:e2:65:2d:7f:bd:0d:0f:53:ce:3a:ae:b5:d6:36:6e:e3:41: + b8:39:fb:d5:bb:99:2b:e6:39:7e:68:eb:db:ca:c0:4f:af:96: + 31:df:8a:9c:29:79:58:b4:f9:20:e4:ba:67:db:37:71:e7:39: + 4c:54:1b:98:e1:a5:7a:94:92:f5:0e:93:b3:d2:ac:5c:e1:c7: + 42:f0:e4:41:e0:ea:39:5d:94:a9:d8:17:20:0c:85:9b:97:9f: + 48:bf:49:5c:f5:e7:b5:16:ae:b0:db:b6:b3:c1:76:07:6a:d1: + 25:ee:23:3d:f9:d4:cb:62:ef:63:c3:96:d5:8b:e3:50:0f:be: + be:97:56:45:d7:d4:6c:94:29:e7:99:91:7d:a6:0c:3d:19:f2: + 52:6d:f4:94:02:36:ed:06:b1:81:03:c5:3a:a0:de:65:49:b9: + 96:56:f9:78:51:bf:07:77:fc:ee:e8:60:f9:8d:68:13:29:1b: + 12:f6:6b:20:53:78:86:2b:61:8a:84:34:b5:bf:b9:ec:52:a4: + 90:6d:ac:5b:7b:9e:98:d8:90:c3:6a:ab:12:8f:c6:00:c6:f5: + 70:8e:74:46 + diff --git a/test/test_utils.py b/test/test_utils.py index c2f81a7b..79ddf53d 100644 --- a/test/test_utils.py +++ b/test/test_utils.py @@ -149,14 +149,17 @@ class udummy_cert(libpry.AutoTree): p = utils.dummy_cert( os.path.join(d, "foo"), cacert, - "foo.com" + "foo.com", + ["one.com", "two.com", "*.three.com"] ) assert os.path.exists(p) + # Short-circuit assert utils.dummy_cert( os.path.join(d, "foo"), cacert, - "foo.com" + "foo.com", + [] ) def test_no_ca(self): @@ -164,7 +167,8 @@ class udummy_cert(libpry.AutoTree): p = utils.dummy_cert( d, None, - "foo.com" + "foo.com", + [] ) assert os.path.exists(p) @@ -255,7 +259,22 @@ class u_parse_size(libpry.AutoTree): libpry.raises(ValueError, utils.parse_size, "ak") +class uparse_text_cert(libpry.AutoTree): + def test_simple(self): + c = file("data/text_cert", "r").read() + cn, san = utils.parse_text_cert(c) + assert cn == "google.com" + assert len(san) == 436 + + c = file("data/text_cert_2", "r").read() + cn, san = utils.parse_text_cert(c) + assert cn == "www.inode.co.nz" + assert len(san) == 2 + + + tests = [ + uparse_text_cert(), uformat_timestamp(), uisBin(), uisXML(), diff --git a/test/tools/getcert b/test/tools/getcert new file mode 100755 index 00000000..dc655958 --- /dev/null +++ b/test/tools/getcert @@ -0,0 +1,24 @@ +#!/usr/bin/env python +import sys +sys.path.insert(0, "../..") +import socket, tempfile, ssl, subprocess + +addr = socket.gethostbyname(sys.argv[1]) +s = ssl.get_server_certificate((addr, 443)) +f = tempfile.NamedTemporaryFile() +f.write(s) +f.flush() +p = subprocess.Popen( + [ + "openssl", + "x509", + "-in", f.name, + "-text", + "-noout" + ], + stdout = subprocess.PIPE +) +out, _ = p.communicate() +print out + + diff --git a/test/tools/getcn b/test/tools/getcn new file mode 100755 index 00000000..4cc028ca --- /dev/null +++ b/test/tools/getcn @@ -0,0 +1,13 @@ +#!/usr/bin/env python + +import sys +sys.path.insert(0, "../..") +from libmproxy import utils + +cn, san = utils.get_remote_cn(sys.argv[1], 443) +print cn +if san: + for i in san: + print "\t", i + + |