examples/tests/test_04_clientcert.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

import pytest

from .ngtcp2test import ExampleClient
from .ngtcp2test import ExampleServer
from .ngtcp2test import Env


@pytest.mark.skipif(condition=len(Env.get_crypto_libs()) == 0,
                    reason="no crypto lib examples configured")
class TestClientCert:

    @pytest.fixture(scope='class', params=Env.get_crypto_libs())
    def server(self, env, request) -> ExampleServer:
        s = ExampleServer(env=env, crypto_lib=request.param,
                          verify_client=True)
        assert s.exists(), f'server not found: {s.path}'
        assert s.start()
        yield s
        s.stop()

    @pytest.fixture(scope='function', params=Env.get_crypto_libs())
    def client(self, env, request) -> ExampleClient:
        client = ExampleClient(env=env, crypto_lib=request.param)
        assert client.exists()
        yield client

    def test_04_01(self, env: Env, server, client):
        # run GET with a server requesting a cert, client has none to offer
        cr = client.http_get(server, url=f'https://{env.example_domain}/')
        assert cr.returncode == 0
        cr.assert_verify_null_handshake()
        creqs = [r for r in cr.handshake if r.hsid == 13]  # CertificateRequest
        assert len(creqs) == 1
        creq = creqs[0].to_json()
        certs = [r for r in cr.server.handshake if r.hsid == 11]  # Certificate
        assert len(certs) == 1
        crec = certs[0].to_json()
        assert len(crec['certificate_list']) == 0
        assert creq['context'] == crec['context']
        # TODO: check that GET had no answer

    def test_04_02(self, env: Env, server, client):
        # run GET with a server requesting a cert, client has cert to offer
        credentials = env.ca.get_first("clientsX")
        cr = client.http_get(server, url=f'https://{env.example_domain}/',
                             credentials=credentials)
        assert cr.returncode == 0
        cr.assert_verify_cert_handshake()
        creqs = [r for r in cr.handshake if r.hsid == 13]  # CertificateRequest
        assert len(creqs) == 1
        creq = creqs[0].to_json()
        certs = [r for r in cr.server.handshake if r.hsid == 11]  # Certificate
        assert len(certs) == 1
        crec = certs[0].to_json()
        assert len(crec['certificate_list']) == 1
        assert creq['context'] == crec['context']
        # TODO: check that GET indeed gave a response