From 1cd82c1bc4f76a7ef7f73d9e4d21e8cc85fd6086 Mon Sep 17 00:00:00 2001 From: Ilya Kreymer Date: Wed, 6 Aug 2014 12:39:06 -0700 Subject: [PATCH] proxy: move test to seperate file cert: create seperate get_wildcard_cert for clarity --- pywb/framework/certauth.py | 14 ++++++- pywb/framework/proxy.py | 9 +---- tests/test_integration.py | 59 ---------------------------- tests/test_proxy.py | 79 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 92 insertions(+), 69 deletions(-) create mode 100644 tests/test_proxy.py diff --git a/pywb/framework/certauth.py b/pywb/framework/certauth.py index 260f5bdc..3037e2d2 100644 --- a/pywb/framework/certauth.py +++ b/pywb/framework/certauth.py @@ -56,6 +56,16 @@ class CertificateAuthority(object): return True, host_filename + def get_wildcard_cert(self, cert_host): + host_parts = cert_host.split('.', 1) + if len(host_parts) == 2 and '.' in host_parts[1]: + cert_host = host_parts[1] + + created, certfile = self.get_cert_for_host(cert_host, + wildcard=True) + + return certfile + def get_root_PKCS12(self): p12 = crypto.PKCS12() p12.set_certificate(self.cert) @@ -221,8 +231,8 @@ def main(): if created: print 'Created new root cert: "' + result.output_pem_file + '"' else: - print ('Root cert "' + result.output_pem_file + '" already exists,' + - ' use -f to overwrite') + print ('Root cert "' + result.output_pem_file + + '" already exists,' + ' use -f to overwrite') if __name__ == "__main__": main() diff --git a/pywb/framework/proxy.py b/pywb/framework/proxy.py index 57dd5088..61a9a2d3 100644 --- a/pywb/framework/proxy.py +++ b/pywb/framework/proxy.py @@ -246,14 +246,8 @@ class ProxyRouter(object): sock.send('\r\n') hostname, port = env['REL_REQUEST_URI'].split(':') - cert_host = hostname - host_parts = hostname.split('.', 1) - if len(host_parts) == 2 and '.' in host_parts[1]: - cert_host = host_parts[1] - - created, certfile = self.ca.get_cert_for_host(cert_host, - wildcard=True) + certfile = self.ca.get_wildcard_cert(hostname) try: ssl_sock = ssl.wrap_socket(sock, @@ -261,7 +255,6 @@ class ProxyRouter(object): certfile=certfile, ciphers="ALL", suppress_ragged_eofs=False, - #ssl_version=ssl.PROTOCOL_TLSv1) ssl_version=ssl.PROTOCOL_SSLv23) env['pywb.proxy_ssl_sock'] = ssl_sock diff --git a/tests/test_integration.py b/tests/test_integration.py index 67bf698b..a5890fa0 100644 --- a/tests/test_integration.py +++ b/tests/test_integration.py @@ -335,65 +335,6 @@ class TestWb: resp = self.testapp.get('/static/test/route/notfound.css', status = 404) assert resp.status_int == 404 - # 'Simulating' proxy by settings REQUEST_URI explicitly to http:// url and no SCRIPT_NAME - # would be nice to be able to test proxy more - def test_proxy_replay(self): - resp = self.testapp.get('/x-ignore-this-x', extra_environ = dict(REQUEST_URI = 'http://www.iana.org/domains/idn-tables', SCRIPT_NAME = '')) - self._assert_basic_html(resp) - - assert '"20140126201127"' in resp.body - assert 'wb.js' in resp.body - - def test_proxy_replay_auth_filtered(self): - headers = [('Proxy-Authorization', 'Basic ' + base64.b64encode('pywb-filt-2:'))] - resp = self.testapp.get('/x-ignore-this-x', headers = headers, - extra_environ = dict(REQUEST_URI = 'http://www.iana.org/', SCRIPT_NAME = '')) - - self._assert_basic_html(resp) - - assert '"20140126200624"' in resp.body - assert 'wb.js' in resp.body - - def test_proxy_replay_auth(self): - headers = [('Proxy-Authorization', 'Basic ' + base64.b64encode('pywb'))] - resp = self.testapp.get('/x-ignore-this-x', headers = headers, - extra_environ = dict(REQUEST_URI = 'http://www.iana.org/', SCRIPT_NAME = '')) - - self._assert_basic_html(resp) - - assert '"20140127171238"' in resp.body - assert 'wb.js' in resp.body - - def test_proxy_replay_auth_no_coll(self): - headers = [('Proxy-Authorization', 'Basic ' + base64.b64encode('no-such-coll'))] - resp = self.testapp.get('/x-ignore-this-x', headers = headers, - extra_environ = dict(REQUEST_URI = 'http://www.iana.org/', SCRIPT_NAME = ''), - status=407) - - assert resp.status_int == 407 - - def test_proxy_replay_auth_invalid_1(self): - headers = [('Proxy-Authorization', 'abc' + base64.b64encode('no-such-coll'))] - resp = self.testapp.get('/x-ignore-this-x', headers = headers, - extra_environ = dict(REQUEST_URI = 'http://www.iana.org/', SCRIPT_NAME = ''), - status=407) - - assert resp.status_int == 407 - - def test_proxy_replay_auth_invalid_2(self): - headers = [('Proxy-Authorization', 'basic')] - resp = self.testapp.get('/x-ignore-this-x', headers = headers, - extra_environ = dict(REQUEST_URI = 'http://www.iana.org/', SCRIPT_NAME = ''), - status=407) - - assert resp.status_int == 407 - - def test_proxy_pac(self): - resp = self.testapp.get('/proxy.pac', headers = [('Host', 'pywb-proxy:8080')]) - assert resp.content_type == 'application/x-ns-proxy-autoconfig' - assert '"PROXY pywb-proxy:8080"' in resp.body - assert '"localhost"' in resp.body - def test_cdx_server_filters(self): resp = self.testapp.get('/pywb-cdx?url=http://www.iana.org/_css/2013.1/screen.css&filter=mimetype:warc/revisit&filter=filename:dupes.warc.gz') self._assert_basic_text(resp) diff --git a/tests/test_proxy.py b/tests/test_proxy.py new file mode 100644 index 00000000..124b6b1e --- /dev/null +++ b/tests/test_proxy.py @@ -0,0 +1,79 @@ +from pytest import raises +import webtest +import base64 + +from pywb.webapp.pywb_init import create_wb_router +from pywb.framework.wsgi_wrappers import init_app +from pywb.cdx.cdxobject import CDXObject + + +class TestProxyWb: + TEST_CONFIG = 'tests/test_config.yaml' + + def setup(self): + self.app = init_app(create_wb_router, + load_yaml=True, + config_file=self.TEST_CONFIG) + + self.testapp = webtest.TestApp(self.app) + + def _assert_basic_html(self, resp): + assert resp.status_int == 200 + assert resp.content_type == 'text/html' + assert resp.content_length > 0 + + def _assert_basic_text(self, resp): + assert resp.status_int == 200 + assert resp.content_type == 'text/plain' + assert resp.content_length > 0 + + # 'Simulating' proxy by settings REQUEST_URI explicitly to http:// url and no SCRIPT_NAME + # would be nice to be able to test proxy more + def test_proxy_replay(self): + resp = self.testapp.get('/x-ignore-this-x', extra_environ = dict(REQUEST_URI = 'http://www.iana.org/domains/idn-tables', SCRIPT_NAME = '')) + self._assert_basic_html(resp) + + assert '"20140126201127"' in resp.body + assert 'wb.js' in resp.body + + def test_proxy_replay_auth_filtered(self): + headers = [('Proxy-Authorization', 'Basic ' + base64.b64encode('pywb-filt-2:'))] + resp = self.testapp.get('/x-ignore-this-x', headers = headers, + extra_environ = dict(REQUEST_URI = 'http://www.iana.org/', SCRIPT_NAME = '')) + + self._assert_basic_html(resp) + + assert '"20140126200624"' in resp.body + assert 'wb.js' in resp.body + + def test_proxy_replay_auth(self): + headers = [('Proxy-Authorization', 'Basic ' + base64.b64encode('pywb'))] + resp = self.testapp.get('/x-ignore-this-x', headers = headers, + extra_environ = dict(REQUEST_URI = 'http://www.iana.org/', SCRIPT_NAME = '')) + + self._assert_basic_html(resp) + + assert '"20140127171238"' in resp.body + assert 'wb.js' in resp.body + + def test_proxy_replay_auth_no_coll(self): + headers = [('Proxy-Authorization', 'Basic ' + base64.b64encode('no-such-coll'))] + resp = self.testapp.get('/x-ignore-this-x', headers = headers, + extra_environ = dict(REQUEST_URI = 'http://www.iana.org/', SCRIPT_NAME = ''), + status=407) + + assert resp.status_int == 407 + + def test_proxy_replay_auth_invalid_1(self): + headers = [('Proxy-Authorization', 'abc' + base64.b64encode('no-such-coll'))] + resp = self.testapp.get('/x-ignore-this-x', headers = headers, + extra_environ = dict(REQUEST_URI = 'http://www.iana.org/', SCRIPT_NAME = ''), + status=407) + + assert resp.status_int == 407 + + def test_proxy_replay_auth_invalid_2(self): + headers = [('Proxy-Authorization', 'basic')] + resp = self.testapp.get('/x-ignore-this-x', headers = headers, + extra_environ = dict(REQUEST_URI = 'http://www.iana.org/', SCRIPT_NAME = ''), + status=407)