proxy tests: verify ssl, add a no-wildcard option (issues with requests and wildcard cert)

pywb/framework/proxy.py

@@ -109,6 +109,8 @@ class ProxyRouter(object):
         self.ca = CertificateAuthority(ca_file=ca_file,
                                        certs_dir=certs_dir)
 
+        self.use_wildcard = proxy_options.get('use_wildcard_certs', True)
+
         self.proxy_cert_dl_view = proxy_options.get('proxy_cert_download_view')
 
     def __call__(self, env):
@@ -247,7 +249,10 @@ class ProxyRouter(object):
 
         hostname, port = env['REL_REQUEST_URI'].split(':')
 
-        certfile = self.ca.get_wildcard_cert(hostname)
+        if not self.use_wildcard:
+            _, certfile = self.ca.get_cert_for_host(hostname)
+        else:
+            certfile = self.ca.get_wildcard_cert(hostname)
 
         try:
             ssl_sock = ssl.wrap_socket(sock,

pywb/framework/proxy_resolvers.py

@@ -122,6 +122,9 @@ class ProxyAuthResolver(BaseCollResolver):
 #=================================================================
 # Experimental CookieResolver
 class CookieResolver(BaseCollResolver):  # pragma: no cover
+    
+    SESH_COOKIE_NAME = '__pywb_proxy_sesh'
+
     def __init__(self, routes, config):
         config['pre_connect'] = False
         super(CookieResolver, self).__init__(routes, config)
@@ -129,7 +132,7 @@ class CookieResolver(BaseCollResolver):  # pragma: no cover
         self.sethost_prefix = '-sethost.' + self.magic_name + '.'
         self.set_prefix = '-set.' + self.magic_name
 
-        self.cookie_name = config.get('cookie_name', '__pywb_coll')
+        self.cookie_name = config.get('cookie_name', self.SESH_COOKIE_NAME)
         self.proxy_select_view = config.get('proxy_select_view')
 
         self.extra_headers = config.get('extra_headers')

tests/test_config_proxy.yaml

@@ -19,6 +19,7 @@ proxy_options:
 
     cookie_resolver: true
     use_default_coll: false
+    use_wildcard_certs: false
 
     root_ca_file: ./tests/pywb_test_ca.pem
     root_ca_name: pywb Test Cert

tests/test_proxy_https.py

@@ -3,13 +3,14 @@ from pywb.framework.wsgi_wrappers import init_app
 
 from wsgiref.simple_server import make_server
 
+from pywb.framework.proxy_resolvers import CookieResolver
+
 import threading
 import requests
 import shutil
 import os
 
 TEST_CONFIG = 'tests/test_config_proxy.yaml'
-CA_BUNDLE = 'pywb-ca.pem'
 
 TEST_CA_DIR = './tests/pywb_test_certs'
 TEST_CA_ROOT = './tests/pywb_test_ca.pem'
@@ -55,19 +56,18 @@ class ServeThread(threading.Thread):
 
 
 def test_replay():
+    #cookie_val = CookieResolver.SESH_COOKIE_NAME + '=
     resp = requests.get('https://iana.org/',
                         proxies=server.proxy_dict,
-                        verify=False)
+    #                    headers={'Cookie': cookie_val},
-#                        verify=CA_BUNDLE)
+                        verify=TEST_CA_ROOT)
     assert resp.status_code == 200
 
 
 def test_replay_static():
     resp = requests.get('https://pywb.proxy/static/default/wb.js',
                         proxies=server.proxy_dict,
-                        headers={'Connection': 'close'},
+                        verify=TEST_CA_ROOT)
-                        verify=False)
-#                        verify=CA_BUNDLE)
     assert resp.status_code == 200
     found = u'function init_banner' in resp.text
     assert found, resp.text