1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
import pytest
from .ngtcp2test import ExampleClient
from .ngtcp2test import ExampleServer
from .ngtcp2test import Env
@pytest.mark.skipif(condition=len(Env.get_crypto_libs()) == 0,
reason="no crypto lib examples configured")
class TestClientCert:
@pytest.fixture(scope='class', params=Env.get_crypto_libs())
def server(self, env, request) -> ExampleServer:
s = ExampleServer(env=env, crypto_lib=request.param,
verify_client=True)
assert s.exists(), f'server not found: {s.path}'
assert s.start()
yield s
s.stop()
@pytest.fixture(scope='function', params=Env.get_crypto_libs())
def client(self, env, request) -> ExampleClient:
client = ExampleClient(env=env, crypto_lib=request.param)
assert client.exists()
yield client
def test_04_01(self, env: Env, server, client):
# run GET with a server requesting a cert, client has none to offer
cr = client.http_get(server, url=f'https://{env.example_domain}/')
assert cr.returncode == 0
cr.assert_verify_null_handshake()
creqs = [r for r in cr.handshake if r.hsid == 13] # CertificateRequest
assert len(creqs) == 1
creq = creqs[0].to_json()
certs = [r for r in cr.server.handshake if r.hsid == 11] # Certificate
assert len(certs) == 1
crec = certs[0].to_json()
assert len(crec['certificate_list']) == 0
assert creq['context'] == crec['context']
# TODO: check that GET had no answer
def test_04_02(self, env: Env, server, client):
# run GET with a server requesting a cert, client has cert to offer
credentials = env.ca.get_first("clientsX")
cr = client.http_get(server, url=f'https://{env.example_domain}/',
credentials=credentials)
assert cr.returncode == 0
cr.assert_verify_cert_handshake()
creqs = [r for r in cr.handshake if r.hsid == 13] # CertificateRequest
assert len(creqs) == 1
creq = creqs[0].to_json()
certs = [r for r in cr.server.handshake if r.hsid == 11] # Certificate
assert len(certs) == 1
crec = certs[0].to_json()
assert len(crec['certificate_list']) == 1
assert creq['context'] == crec['context']
# TODO: check that GET indeed gave a response
|