Skip to content

Commit

Permalink
ClientTlsContext tests and rename-o-rama (#68)
Browse files Browse the repository at this point in the history
The arguments to these functions confused me so I renamed them.
  • Loading branch information
graebm authored Sep 19, 2019
1 parent 0902a35 commit e01be7e
Show file tree
Hide file tree
Showing 8 changed files with 131 additions and 61 deletions.
55 changes: 27 additions & 28 deletions awscrt/io.py
Original file line number Diff line number Diff line change
Expand Up @@ -129,9 +129,9 @@ class TlsVersion(IntEnum):

class TlsContextOptions(object):
__slots__ = (
'min_tls_ver', 'ca_path', 'ca_buffer', 'alpn_list',
'min_tls_ver', 'ca_dirpath', 'ca_buffer', 'alpn_list',
'certificate_buffer', 'private_key_buffer',
'pkcs12_path', 'pkcs12_password', 'verify_peer')
'pkcs12_filepath', 'pkcs12_password', 'verify_peer')

def __init__(self):

Expand All @@ -141,31 +141,30 @@ def __init__(self):
self.min_tls_ver = TlsVersion.DEFAULT
self.verify_peer = True

def override_default_trust_store_from_path(self, ca_path, ca_file):
def override_default_trust_store_from_path(self, ca_dirpath, ca_filepath):

assert isinstance_str(ca_path) or ca_path is None
assert isinstance_str(ca_file) or ca_file is None
assert isinstance_str(ca_dirpath) or ca_dirpath is None
assert isinstance_str(ca_filepath) or ca_filepath is None

ca_buffer = None
if ca_file:
ca_buffer = _read_binary_file(ca_file)
if ca_filepath:
ca_buffer = _read_binary_file(ca_filepath)
self.override_default_trust_store(ca_buffer)

self.ca_path = ca_path
self.override_default_trust_store(ca_buffer)
self.ca_dirpath = ca_dirpath

def override_default_trust_store(self, rootca_buffer):
assert isinstance(rootca_buffer, bytes)

self.ca_buffer = rootca_buffer

@staticmethod
def create_client_with_mtls_from_path(cert_path, pk_path):
def create_client_with_mtls_from_path(cert_filepath, pk_filepath):

assert isinstance_str(cert_path)
assert isinstance_str(pk_path)
assert isinstance_str(cert_filepath)
assert isinstance_str(pk_filepath)

cert_buffer = _read_binary_file(cert_path)
key_buffer = _read_binary_file(pk_path)
cert_buffer = _read_binary_file(cert_filepath)
key_buffer = _read_binary_file(pk_filepath)

return TlsContextOptions.create_client_with_mtls(cert_buffer, key_buffer)

Expand All @@ -182,25 +181,25 @@ def create_client_with_mtls(cert_buffer, key_buffer):
return opt

@staticmethod
def create_client_with_mtls_pkcs12(pkcs12_path, pkcs12_password):
def create_client_with_mtls_pkcs12(pkcs12_filepath, pkcs12_password):

assert isinstance_str(pkcs12_path)
assert isinstance_str(pkcs12_filepath)
assert isinstance_str(pkcs12_password)

opt = TlsContextOptions()
opt.pkcs12_path = pkcs12_path
opt.pkcs12_filepath = pkcs12_filepath
opt.pkcs12_password = pkcs12_password
opt.verify_peer = True
return opt

@staticmethod
def create_server_from_path(cert_path, pk_path):
def create_server_from_path(cert_filepath, pk_filepath):

assert isinstance_str(cert_path)
assert isinstance_str(pk_path)
assert isinstance_str(cert_filepath)
assert isinstance_str(pk_filepath)

cert_buffer = _read_binary_file(cert_path)
key_buffer = _read_binary_file(pk_path)
cert_buffer = _read_binary_file(cert_filepath)
key_buffer = _read_binary_file(pk_filepath)

return TlsContextOptions.create_server(cert_buffer, key_buffer)

Expand All @@ -216,13 +215,13 @@ def create_server(cert_buffer, key_buffer):
return opt

@staticmethod
def create_server_pkcs12(pkcs12_path, pkcs12_password):
def create_server_pkcs12(pkcs12_filepath, pkcs12_password):

assert isinstance_str(pkcs12_path)
assert isinstance_str(pkcs12_filepath)
assert isinstance_str(pkcs12_password)

opt = TlsContextOptions()
opt.pkcs12_path = pkcs12_path
opt.pkcs12_filepath = pkcs12_filepath
opt.pkcs12_password = pkcs12_password
opt.verify_peer = False
return opt
Expand All @@ -237,12 +236,12 @@ def __init__(self, options):
super(ClientTlsContext, self).__init__()
self._binding = _awscrt.client_tls_ctx_new(
options.min_tls_ver.value,
options.ca_path,
options.ca_dirpath,
options.ca_buffer,
options.alpn_list,
options.certificate_buffer,
options.private_key_buffer,
options.pkcs12_path,
options.pkcs12_filepath,
options.pkcs12_password,
options.verify_peer
)
Expand Down
17 changes: 9 additions & 8 deletions source/io.c
Original file line number Diff line number Diff line change
Expand Up @@ -369,30 +369,30 @@ PyObject *aws_py_client_tls_ctx_new(PyObject *self, PyObject *args) {
struct aws_allocator *allocator = aws_py_get_allocator();

int min_tls_version;
const char *ca_path;
const char *ca_dirpath;
const char *ca_buffer;
Py_ssize_t ca_buffer_len;
const char *alpn_list;
const char *certificate_buffer;
Py_ssize_t certificate_buffer_len;
const char *private_key_buffer;
Py_ssize_t private_key_buffer_len;
const char *pkcs12_path;
const char *pkcs12_filepath;
const char *pkcs12_password;
uint8_t verify_peer;
if (!PyArg_ParseTuple(
args,
"bzz#zz#z#zzb",
&min_tls_version,
&ca_path,
&ca_dirpath,
&ca_buffer,
&ca_buffer_len,
&alpn_list,
&certificate_buffer,
&certificate_buffer_len,
&private_key_buffer,
&private_key_buffer_len,
&pkcs12_path,
&pkcs12_filepath,
&pkcs12_password,
&verify_peer)) {
return NULL;
Expand All @@ -415,8 +415,8 @@ PyObject *aws_py_client_tls_ctx_new(PyObject *self, PyObject *args) {

ctx_options.minimum_tls_version = min_tls_version;

if (ca_path) {
if (aws_tls_ctx_options_override_default_trust_store_from_path(&ctx_options, ca_path, NULL)) {
if (ca_dirpath) {
if (aws_tls_ctx_options_override_default_trust_store_from_path(&ctx_options, ca_dirpath, NULL)) {
PyErr_SetAwsLastError();
goto ctx_options_failure;
}
Expand All @@ -438,9 +438,10 @@ PyObject *aws_py_client_tls_ctx_new(PyObject *self, PyObject *args) {
}

#ifdef __APPLE__
if (pkcs12_path && pkcs12_password) {
if (pkcs12_filepath && pkcs12_password) {
struct aws_byte_cursor password = aws_byte_cursor_from_c_str(pkcs12_password);
if (aws_tls_ctx_options_init_client_mtls_pkcs12_from_path(&ctx_options, allocator, pkcs12_path, &password)) {
if (aws_tls_ctx_options_init_client_mtls_pkcs12_from_path(
&ctx_options, allocator, pkcs12_filepath, &password)) {
PyErr_SetAwsLastError();
goto ctx_options_failure;
}
Expand Down
24 changes: 0 additions & 24 deletions test/files/short.txt

This file was deleted.

23 changes: 23 additions & 0 deletions test/resources/unittests.crt
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDzjCCArYCCQCoztOER4pOkzANBgkqhkiG9w0BAQsFADCBqDELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxIDAeBgNV
BAoMF0FtYXpvbiBXZWIgU2VydmljZXMgSW5jMRswGQYDVQQLDBJBV1MgU0RLcyBh
bmQgVG9vbHMxEjAQBgNVBAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaGVu
c29AYW1hem9uLmNvbTAeFw0xNzA5MDEwMjE2MThaFw00NTAxMTcwMjE2MThaMIGo
MQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2Vh
dHRsZTEgMB4GA1UECgwXQW1hem9uIFdlYiBTZXJ2aWNlcyBJbmMxGzAZBgNVBAsM
EkFXUyBTREtzIGFuZCBUb29sczESMBAGA1UEAwwJbG9jYWxob3N0MR8wHQYJKoZI
hvcNAQkBFhBoZW5zb0BhbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA12pXSPgORAMlQtYRbxuz/Ocaoran3C2Fjyjhu0vucSEZSwxDJp75
TBQEMafSpSEKAQLeDt7xuDRDYn52V4UE6cF+xTWhtzsf7mhN/lHaDPcvR2ASPAEk
zkil8KCLY4e6tTxSwQ97splNuEZ099HoJYTTLFaReIfd1D3zZ1EYcSw8w+GZ2SxE
UfYUSL2CFmIYSkQjnlsJCIpCoGgDiBAPbIUJO3KWBDX0JgGDbx3Wf3jXG/Y6T63L
PsO+AS20RCvcEF0F/rlDINzI5EAHO1TOEd9fKOu+JAK06Pw1m77BgOrE7FtvIG7k
YNVuOEPeInOHkOuqryDisB1PwiyPNIbqdQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
AQDL3vA0QeYb+XE8pUm3lxwso4zf0lwYi8Fni23ThqlvTNrP0glaWNu28aa03F5r
Jc80acRjySG8q/gqwMMLOE+xqLgTzAHLYDnX2BZdaeIJWdgQP/YrWACrnYlVJ4kZ
fi3QiBU0b5OgQdwX0csr6NQ7fv5i9EiNdPf+Ll1gxQj0Q0AaJzb4+TUL4dHZV3L6
RRRK5KpTI3I+5A3vLSYSgwlVT+qB4J6+Z7O9SZX8s0xnm569tECbRnDDYv3E90SU
QMN6Rzsr2crUzQSMq2hQTnrpFvRX52Yw7Dkz4SgkP3Q4xzvITPgA8REgHd4eDgrz
36J362qmeHxjl/+KLxv/Vr4b
-----END CERTIFICATE-----
18 changes: 18 additions & 0 deletions test/resources/unittests.csr
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIC7jCCAdYCAQAwgagxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9u
MRAwDgYDVQQHDAdTZWF0dGxlMSAwHgYDVQQKDBdBbWF6b24gV2ViIFNlcnZpY2Vz
IEluYzEbMBkGA1UECwwSQVdTIFNES3MgYW5kIFRvb2xzMRIwEAYDVQQDDAlsb2Nh
bGhvc3QxHzAdBgkqhkiG9w0BCQEWEGhlbnNvQGFtYXpvbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXaldI+A5EAyVC1hFvG7P85xqitqfcLYWP
KOG7S+5xIRlLDEMmnvlMFAQxp9KlIQoBAt4O3vG4NENifnZXhQTpwX7FNaG3Ox/u
aE3+UdoM9y9HYBI8ASTOSKXwoItjh7q1PFLBD3uymU24RnT30eglhNMsVpF4h93U
PfNnURhxLDzD4ZnZLERR9hRIvYIWYhhKRCOeWwkIikKgaAOIEA9shQk7cpYENfQm
AYNvHdZ/eNcb9jpPrcs+w74BLbREK9wQXQX+uUMg3MjkQAc7VM4R318o674kArTo
/DWbvsGA6sTsW28gbuRg1W44Q94ic4eQ66qvIOKwHU/CLI80hup1AgMBAAGgADAN
BgkqhkiG9w0BAQsFAAOCAQEASvXJuyYUTu58xtT2kAE9J8OQdyfYvAiTskN7JNHq
Y3Dcj1IsHfpsthbop5sgoXFYnPDBHQjd5c8KD8SgzSwjReeGQFUUsdG8uB6w2dhM
Kbqiz/Ny0AD+HyuVN3PqavbGJqcIetabskAxX5TP943WYveaJcz8D7+6B97S2Vk5
5o8oiOeNOPqn2UC8erHjkw1kf1Rl4wa2jbmcrUjvsM9DiekYdbpAr+3xgoRDj03J
bvTv4p2RQyO8hHaRX0zlpidXyfOEAjMz6ZqhItE++pxSbZ0aNfzm/c12CsTqB4ZA
nGgVk67n/vmEPtobZGhIZoDGBsh1HJyApNX+JEP/av56gg==
-----END CERTIFICATE REQUEST-----
27 changes: 27 additions & 0 deletions test/resources/unittests.key
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA12pXSPgORAMlQtYRbxuz/Ocaoran3C2Fjyjhu0vucSEZSwxD
Jp75TBQEMafSpSEKAQLeDt7xuDRDYn52V4UE6cF+xTWhtzsf7mhN/lHaDPcvR2AS
PAEkzkil8KCLY4e6tTxSwQ97splNuEZ099HoJYTTLFaReIfd1D3zZ1EYcSw8w+GZ
2SxEUfYUSL2CFmIYSkQjnlsJCIpCoGgDiBAPbIUJO3KWBDX0JgGDbx3Wf3jXG/Y6
T63LPsO+AS20RCvcEF0F/rlDINzI5EAHO1TOEd9fKOu+JAK06Pw1m77BgOrE7Ftv
IG7kYNVuOEPeInOHkOuqryDisB1PwiyPNIbqdQIDAQABAoIBAESQuI+lRQUo6ydG
8+2lp7iL5tJ7yRov8x8KKC9xj8e6fU6B7K3SVA9/H4aeoFGnHoQL4ZpiJBY5rGkh
T5Gz6UhuKmejFoI384Xy9UBJ1VnjI81YKvWmd4yhWxAoSbW4chlVxhFlWD4UxcQt
yPVIftfSW1T1iQAQXu87eMod6eW7VWlyMKicYkBGB2ohI0hW8chx361z96QcpxhA
yBAfnhxuTgKFYSRVfwYSOjHYPOvozmU7Wj0iURT+1MM4iO8YlBDuZEJArs3WAdIe
pmCq6snzOAJ6Y9iE0EGti9QGiAo6na/nWAfVlRSMyS/C1GC0oM0MnpRKSLW0tvLV
vtJG81ECgYEA7lzGpdlAKwWNKPc2YIbtUNomD/eOr7TzYedYxJ88SG52THjgE3Pu
poF3wZFjdtlwx1u4nsxlVe50FBTCN5s2FV4/8YP980zis+HtUC5pWCO3Oy6+DjSj
K9st+mGyzYjl3opVqcQZkHj1LPqNxBmvFpDgAtVZfdKSdyuzZpj8s5sCgYEA51rj
EFa/ijILp1P5vKn8b3pIfQFSsUsX5NXTy31f/2UwVV491djMyNyhtaRcrXP9CYpq
38o1xvUaxe2hlND/jiBjBHfsC13oUOVz8TrAzxDKAzbGLcOT2trgxMFbR8Ez+jur
1yQbPnoKZrB7SopAkcVqZv4ks0LLu+BLfEFXYy8CgYEApN8xXDgoRVnCqQpN53iM
n/c0iqjOXkTIb/jIksAdv3AAjaayP2JaOXul7RL2fJeshYiw684vbb/RNK6jJDlM
sH0Pt6t3tZmB2bC1KFfh7+BMdjg/p63LC6PAasa3GanObh67YADPOfoghCsOcgzd
6brt56fRDdHgE2P75ER/zm8CgYEArAxx6bepT3syIWiYww3itYBJofS26zP9++Zs
T9rX5hT5IbMo5vwIJqO0+mDVrwQfu9Wc7vnwjhm+pEy4qfPW6Hn7SNppxnY6itZo
J4/azOIeaM92B5h3Pv0gxBFK8YyjO8beXurx+79ENuOtfFxd8knOe/Mplcnpurjt
SeVJuG8CgYBxEYouOM9UuZlblXQXfudTWWf+x5CEWxyJgKaktHEh3iees1gB7ZPb
OewLa8AYVjqbNgS/r/aUFjpBbCov8ICxcy86SuGda10LDFX83sbyMm8XhktfyC3L
54irVW5mNUDcA8s9+DloeTlUlJIr8J/RADC9rpqHLaZzcdvpIMhVsw==
-----END RSA PRIVATE KEY-----
Binary file added test/resources/unittests.p12
Binary file not shown.
28 changes: 27 additions & 1 deletion test/test_io.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# permissions and limitations under the License.

from __future__ import absolute_import
from awscrt.io import ClientBootstrap, DefaultHostResolver, EventLoopGroup
from awscrt.io import ClientBootstrap, ClientTlsContext, DefaultHostResolver, EventLoopGroup, TlsContextOptions
from test import NativeResourceTest
import unittest

Expand Down Expand Up @@ -42,5 +42,31 @@ def test_init(self):
bootstrap = ClientBootstrap(event_loop_group, host_resolver)


class ClientTlsContextTest(NativeResourceTest):
def test_init_defaults(self):
opt = TlsContextOptions()
ctx = ClientTlsContext(opt)

def test_with_mtls_from_path(self):
opt = TlsContextOptions.create_client_with_mtls_from_path(
'test/resources/unittests.crt', 'test/resources/unittests.key')
ctx = ClientTlsContext(opt)

def test_with_mtls_pkcs12(self):
opt = TlsContextOptions.create_client_with_mtls_pkcs12(
'test/resources/unittests.p12', '1234')
ctx = ClientTlsContext(opt)

def test_override_default_trust_store_dir(self):
opt = TlsContextOptions()
opt.override_default_trust_store_from_path('test/resources', None)
ctx = ClientTlsContext(opt)

def test_override_default_trust_store_file(self):
opt = TlsContextOptions()
opt.override_default_trust_store_from_path(None, 'test/resources/unittests.crt')
ctx = ClientTlsContext(opt)


if __name__ == '__main__':
unittest.main()

0 comments on commit e01be7e

Please sign in to comment.