proxy tests: verify ssl, add a no-wildcard option (issues with requests and wildcard cert)

2025-03-15 00:03:28 +01:00 · 2014-08-18 20:57:21 -07:00 · 2014-08-18 20:57:21 -07:00 · 822a1c03e4
commit 822a1c03e4
parent bfaad224fa
4 changed files with 17 additions and 8 deletions
--- a/pywb/framework/proxy.py
+++ b/pywb/framework/proxy.py
@ -109,6 +109,8 @@ class ProxyRouter(object):
        self.ca = CertificateAuthority(ca_file=ca_file,
                                       certs_dir=certs_dir)

+        self.use_wildcard = proxy_options.get('use_wildcard_certs', True)
+
        self.proxy_cert_dl_view = proxy_options.get('proxy_cert_download_view')

    def __call__(self, env):
@ -247,7 +249,10 @@ class ProxyRouter(object):

        hostname, port = env['REL_REQUEST_URI'].split(':')

-        certfile = self.ca.get_wildcard_cert(hostname)
+        if not self.use_wildcard:
+            _, certfile = self.ca.get_cert_for_host(hostname)
+        else:
+            certfile = self.ca.get_wildcard_cert(hostname)

        try:
            ssl_sock = ssl.wrap_socket(sock,
--- a/pywb/framework/proxy_resolvers.py
+++ b/pywb/framework/proxy_resolvers.py
@ -122,6 +122,9 @@ class ProxyAuthResolver(BaseCollResolver):
 #=================================================================
 # Experimental CookieResolver
 class CookieResolver(BaseCollResolver):  # pragma: no cover
+    
+    SESH_COOKIE_NAME = '__pywb_proxy_sesh'
+
    def __init__(self, routes, config):
        config['pre_connect'] = False
        super(CookieResolver, self).__init__(routes, config)
@ -129,7 +132,7 @@ class CookieResolver(BaseCollResolver):  # pragma: no cover
        self.sethost_prefix = '-sethost.' + self.magic_name + '.'
        self.set_prefix = '-set.' + self.magic_name

-        self.cookie_name = config.get('cookie_name', '__pywb_coll')
+        self.cookie_name = config.get('cookie_name', self.SESH_COOKIE_NAME)
        self.proxy_select_view = config.get('proxy_select_view')

        self.extra_headers = config.get('extra_headers')
--- a/tests/test_config_proxy.yaml
+++ b/tests/test_config_proxy.yaml
@ -19,6 +19,7 @@ proxy_options:

    cookie_resolver: true
    use_default_coll: false
+    use_wildcard_certs: false

    root_ca_file: ./tests/pywb_test_ca.pem
    root_ca_name: pywb Test Cert
--- a/tests/test_proxy_https.py
+++ b/tests/test_proxy_https.py
@ -3,13 +3,14 @@ from pywb.framework.wsgi_wrappers import init_app

 from wsgiref.simple_server import make_server

+from pywb.framework.proxy_resolvers import CookieResolver
+
 import threading
 import requests
 import shutil
 import os

 TEST_CONFIG = 'tests/test_config_proxy.yaml'
-CA_BUNDLE = 'pywb-ca.pem'

 TEST_CA_DIR = './tests/pywb_test_certs'
 TEST_CA_ROOT = './tests/pywb_test_ca.pem'
@ -55,19 +56,18 @@ class ServeThread(threading.Thread):


 def test_replay():
+    #cookie_val = CookieResolver.SESH_COOKIE_NAME + '=
    resp = requests.get('https://iana.org/',
                        proxies=server.proxy_dict,
-                        verify=False)
-#                        verify=CA_BUNDLE)
+    #                    headers={'Cookie': cookie_val},
+                        verify=TEST_CA_ROOT)
    assert resp.status_code == 200


 def test_replay_static():
    resp = requests.get('https://pywb.proxy/static/default/wb.js',
                        proxies=server.proxy_dict,
-                        headers={'Connection': 'close'},
-                        verify=False)
-#                        verify=CA_BUNDLE)
+                        verify=TEST_CA_ROOT)
    assert resp.status_code == 200
    found = u'function init_banner' in resp.text
    assert found, resp.text