summaryrefslogtreecommitdiffstats
path: root/examples/tests/test_04_clientcert.py
diff options
context:
space:
mode:
Diffstat (limited to 'examples/tests/test_04_clientcert.py')
-rw-r--r--examples/tests/test_04_clientcert.py57
1 files changed, 57 insertions, 0 deletions
diff --git a/examples/tests/test_04_clientcert.py b/examples/tests/test_04_clientcert.py
new file mode 100644
index 0000000..bde1b18
--- /dev/null
+++ b/examples/tests/test_04_clientcert.py
@@ -0,0 +1,57 @@
+import pytest
+
+from .ngtcp2test import ExampleClient
+from .ngtcp2test import ExampleServer
+from .ngtcp2test import Env
+
+
+@pytest.mark.skipif(condition=len(Env.get_crypto_libs()) == 0,
+ reason="no crypto lib examples configured")
+class TestClientCert:
+
+ @pytest.fixture(scope='class', params=Env.get_crypto_libs())
+ def server(self, env, request) -> ExampleServer:
+ s = ExampleServer(env=env, crypto_lib=request.param,
+ verify_client=True)
+ assert s.exists(), f'server not found: {s.path}'
+ assert s.start()
+ yield s
+ s.stop()
+
+ @pytest.fixture(scope='function', params=Env.get_crypto_libs())
+ def client(self, env, request) -> ExampleClient:
+ client = ExampleClient(env=env, crypto_lib=request.param)
+ assert client.exists()
+ yield client
+
+ def test_04_01(self, env: Env, server, client):
+ # run GET with a server requesting a cert, client has none to offer
+ cr = client.http_get(server, url=f'https://{env.example_domain}/')
+ assert cr.returncode == 0
+ cr.assert_verify_null_handshake()
+ creqs = [r for r in cr.handshake if r.hsid == 13] # CertificateRequest
+ assert len(creqs) == 1
+ creq = creqs[0].to_json()
+ certs = [r for r in cr.server.handshake if r.hsid == 11] # Certificate
+ assert len(certs) == 1
+ crec = certs[0].to_json()
+ assert len(crec['certificate_list']) == 0
+ assert creq['context'] == crec['context']
+ # TODO: check that GET had no answer
+
+ def test_04_02(self, env: Env, server, client):
+ # run GET with a server requesting a cert, client has cert to offer
+ credentials = env.ca.get_first("clientsX")
+ cr = client.http_get(server, url=f'https://{env.example_domain}/',
+ credentials=credentials)
+ assert cr.returncode == 0
+ cr.assert_verify_cert_handshake()
+ creqs = [r for r in cr.handshake if r.hsid == 13] # CertificateRequest
+ assert len(creqs) == 1
+ creq = creqs[0].to_json()
+ certs = [r for r in cr.server.handshake if r.hsid == 11] # Certificate
+ assert len(certs) == 1
+ crec = certs[0].to_json()
+ assert len(crec['certificate_list']) == 1
+ assert creq['context'] == crec['context']
+ # TODO: check that GET indeed gave a response