MCPcopy
hub / github.com/mitmproxy/mitmproxy / test_get_cert

Method test_get_cert

test/mitmproxy/addons/test_tlsconfig.py:165–209  ·  view source on GitHub ↗

Test that we generate a certificate matching the connection's context.

(self, tdata)

Source from the content-addressed store, hash-verified

163 ) in caplog.text
164
165 def test_get_cert(self, tdata):
166 """Test that we generate a certificate matching the connection's context."""
167 ta = tlsconfig.TlsConfig()
168 with taddons.context(ta) as tctx:
169 ta.configure(["confdir"])
170
171 ctx = _ctx(tctx.options)
172
173 # Edge case first: We don't have _any_ idea about the server nor is there a SNI,
174 # so we just return our local IP as subject.
175 entry = ta.get_cert(ctx)
176 assert entry.cert.cn == "127.0.0.1"
177
178 # Here we have an existing server connection...
179 ctx.server.address = ("server-address.example", 443)
180 with open(
181 tdata.path("mitmproxy/net/data/verificationcerts/trusted-leaf.crt"),
182 "rb",
183 ) as f:
184 ctx.server.certificate_list = [certs.Cert.from_pem(f.read())]
185 entry = ta.get_cert(ctx)
186 assert entry.cert.cn == "example.mitmproxy.org"
187 assert entry.cert.altnames == x509.GeneralNames(
188 [
189 x509.DNSName("example.mitmproxy.org"),
190 x509.IPAddress(ipaddress.ip_address("127.0.0.1")),
191 x509.DNSName("server-address.example"),
192 ]
193 )
194
195 # And now we also incorporate SNI.
196 ctx.client.sni = "🌈.sni.example"
197 entry = ta.get_cert(ctx)
198 assert entry.cert.altnames == x509.GeneralNames(
199 [
200 x509.DNSName("example.mitmproxy.org"),
201 x509.DNSName("xn--og8h.sni.example"),
202 x509.DNSName("server-address.example"),
203 ]
204 )
205
206 with open(tdata.path("mitmproxy/data/invalid-subject.pem"), "rb") as f:
207 ctx.server.certificate_list = [certs.Cert.from_pem(f.read())]
208 with pytest.warns(UserWarning):
209 assert ta.get_cert(ctx) # does not raise
210
211 def test_tls_clienthello(self):
212 # only really testing for coverage here, there's no point in mirroring the individual conditions

Callers

nothing calls this directly

Calls 8

configureMethod · 0.95
get_certMethod · 0.95
_ctxFunction · 0.85
contextMethod · 0.80
from_pemMethod · 0.80
ip_addressMethod · 0.80
pathMethod · 0.45
readMethod · 0.45

Tested by

no test coverage detected