summaryrefslogtreecommitdiffstats
path: root/test/modules/tls/test_17_proxy_machine_cert.py
diff options
context:
space:
mode:
Diffstat (limited to 'test/modules/tls/test_17_proxy_machine_cert.py')
-rw-r--r--test/modules/tls/test_17_proxy_machine_cert.py69
1 files changed, 69 insertions, 0 deletions
diff --git a/test/modules/tls/test_17_proxy_machine_cert.py b/test/modules/tls/test_17_proxy_machine_cert.py
new file mode 100644
index 0000000..7b5ef44
--- /dev/null
+++ b/test/modules/tls/test_17_proxy_machine_cert.py
@@ -0,0 +1,69 @@
+import os
+
+import pytest
+
+from .conf import TlsTestConf
+
+
+class TestProxyMachineCert:
+
+ @pytest.fixture(autouse=True, scope='class')
+ def clients_x(cls, env):
+ return env.ca.get_first("clientsX")
+
+ @pytest.fixture(autouse=True, scope='class')
+ def clients_y(cls, env):
+ return env.ca.get_first("clientsY")
+
+ @pytest.fixture(autouse=True, scope='class')
+ def cax_file(cls, clients_x):
+ return os.path.join(os.path.dirname(clients_x.cert_file), "clientsX-ca.pem")
+
+ @pytest.fixture(autouse=True, scope='class')
+ def _class_scope(cls, env, cax_file, clients_x):
+ # add vhosts a(tls)+b(ssl, port2) and a ssl proxy from a to b with a machine cert
+ # host b requires a client certificate
+ conf = TlsTestConf(env=env, extras={
+ 'base': [
+ "LogLevel proxy:trace1 proxy_http:trace1 ssl:trace4 proxy_http2:trace1",
+ "ProxyPreserveHost on",
+ f"Listen {env.proxy_port}",
+ ],
+ })
+ conf.start_tls_vhost(domains=[env.domain_a], port=env.https_port)
+ conf.add([
+ "Protocols h2 http/1.1",
+ "TLSProxyEngine on",
+ f"TLSProxyCA {env.ca.cert_file}",
+ f"TLSProxyMachineCertificate {clients_x.get_first('user1').cert_file}",
+ "<Location /proxy-tls/>",
+ f" ProxyPass https://127.0.0.1:{env.proxy_port}/",
+ "</Location>",
+ ])
+ conf.end_tls_vhost()
+ conf.start_vhost(domains=[env.domain_a], port=env.proxy_port,
+ doc_root=f"htdocs/{env.domain_a}", with_ssl=True)
+ conf.add([
+ "SSLVerifyClient require",
+ "SSLVerifyDepth 2",
+ "SSLOptions +StdEnvVars +ExportCertData",
+ f"SSLCACertificateFile {cax_file}",
+ "SSLUserName SSL_CLIENT_S_DN_CN"
+ ])
+ conf.end_vhost()
+ conf.install()
+ assert env.apache_restart() == 0
+
+ def test_tls_17_proxy_machine_cert_get_a(self, env):
+ data = env.tls_get_json(env.domain_a, "/proxy-tls/index.json")
+ assert data == {'domain': env.domain_a}
+
+ @pytest.mark.parametrize("name, value", [
+ ("SERVER_NAME", "a.mod-tls.test"),
+ ("SSL_CLIENT_VERIFY", "SUCCESS"),
+ ("REMOTE_USER", "user1"),
+ ])
+ def test_tls_17_proxy_machine_cert_vars(self, env, name: str, value: str):
+ r = env.tls_get(env.domain_a, f"/proxy-tls/vars.py?name={name}")
+ assert r.exit_code == 0, r.stderr
+ assert r.json == {name: value}, r.stdout