diff options
Diffstat (limited to 'examples/tests/test_04_clientcert.py')
-rw-r--r-- | examples/tests/test_04_clientcert.py | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/examples/tests/test_04_clientcert.py b/examples/tests/test_04_clientcert.py new file mode 100644 index 0000000..bde1b18 --- /dev/null +++ b/examples/tests/test_04_clientcert.py @@ -0,0 +1,57 @@ +import pytest + +from .ngtcp2test import ExampleClient +from .ngtcp2test import ExampleServer +from .ngtcp2test import Env + + +@pytest.mark.skipif(condition=len(Env.get_crypto_libs()) == 0, + reason="no crypto lib examples configured") +class TestClientCert: + + @pytest.fixture(scope='class', params=Env.get_crypto_libs()) + def server(self, env, request) -> ExampleServer: + s = ExampleServer(env=env, crypto_lib=request.param, + verify_client=True) + assert s.exists(), f'server not found: {s.path}' + assert s.start() + yield s + s.stop() + + @pytest.fixture(scope='function', params=Env.get_crypto_libs()) + def client(self, env, request) -> ExampleClient: + client = ExampleClient(env=env, crypto_lib=request.param) + assert client.exists() + yield client + + def test_04_01(self, env: Env, server, client): + # run GET with a server requesting a cert, client has none to offer + cr = client.http_get(server, url=f'https://{env.example_domain}/') + assert cr.returncode == 0 + cr.assert_verify_null_handshake() + creqs = [r for r in cr.handshake if r.hsid == 13] # CertificateRequest + assert len(creqs) == 1 + creq = creqs[0].to_json() + certs = [r for r in cr.server.handshake if r.hsid == 11] # Certificate + assert len(certs) == 1 + crec = certs[0].to_json() + assert len(crec['certificate_list']) == 0 + assert creq['context'] == crec['context'] + # TODO: check that GET had no answer + + def test_04_02(self, env: Env, server, client): + # run GET with a server requesting a cert, client has cert to offer + credentials = env.ca.get_first("clientsX") + cr = client.http_get(server, url=f'https://{env.example_domain}/', + credentials=credentials) + assert cr.returncode == 0 + cr.assert_verify_cert_handshake() + creqs = [r for r in cr.handshake if r.hsid == 13] # CertificateRequest + assert len(creqs) == 1 + creq = creqs[0].to_json() + certs = [r for r in cr.server.handshake if r.hsid == 11] # Certificate + assert len(certs) == 1 + crec = certs[0].to_json() + assert len(crec['certificate_list']) == 1 + assert creq['context'] == crec['context'] + # TODO: check that GET indeed gave a response |