From 8df162ae8daedfa09971f7b59420212df505a2b7 Mon Sep 17 00:00:00 2001
From: "davidben@chromium.org"
 <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Sat, 7 Aug 2010 01:10:02 +0000
Subject: Add rudimentary support for client auth in testserver.py and unit
 tests

Nothing fancy for now. Just some tests that ERR_SSL_CLIENT_AUTH_CERT_NEEDED is
returned from the socket layer, and that URLRequest requests a certificate.

R=wtc
BUG=51132,51127
TEST=SSLClientSocketTest.ConnectClientAuthNoCert,HTTPRequestTest.ClientAuthTest

Review URL: http://codereview.chromium.org/3014055

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55318 0039d316-1c4b-4281-b951-d872f2087c98
---
 net/tools/testserver/testserver.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'net/tools/testserver')

diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py
index e950ff8..0ad5d28 100644
--- a/net/tools/testserver/testserver.py
+++ b/net/tools/testserver/testserver.py
@@ -57,13 +57,15 @@ class StoppableHTTPServer(BaseHTTPServer.HTTPServer):
 class HTTPSServer(tlslite.api.TLSSocketServerMixIn, StoppableHTTPServer):
   """This is a specialization of StoppableHTTPerver that add https support."""
 
-  def __init__(self, server_address, request_hander_class, cert_path):
+  def __init__(self, server_address, request_hander_class, cert_path,
+               ssl_client_auth):
     s = open(cert_path).read()
     x509 = tlslite.api.X509()
     x509.parse(s)
     self.cert_chain = tlslite.api.X509CertChain([x509])
     s = open(cert_path).read()
     self.private_key = tlslite.api.parsePEMKey(s, private=True)
+    self.ssl_client_auth = ssl_client_auth
 
     self.session_cache = tlslite.api.SessionCache()
     StoppableHTTPServer.__init__(self, server_address, request_hander_class)
@@ -73,7 +75,8 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn, StoppableHTTPServer):
     try:
       tlsConnection.handshakeServer(certChain=self.cert_chain,
                                     privateKey=self.private_key,
-                                    sessionCache=self.session_cache)
+                                    sessionCache=self.session_cache,
+                                    reqCert=self.ssl_client_auth)
       tlsConnection.ignoreAbruptClose = True
       return True
     except tlslite.api.TLSError, error:
@@ -1190,7 +1193,8 @@ def main(options, args):
       if not os.path.isfile(options.cert):
         print 'specified cert file not found: ' + options.cert + ' exiting...'
         return
-      server = HTTPSServer(('127.0.0.1', port), TestPageHandler, options.cert)
+      server = HTTPSServer(('127.0.0.1', port), TestPageHandler, options.cert,
+                           options.ssl_client_auth)
       print 'HTTPS server started on port %d...' % port
     else:
       server = StoppableHTTPServer(('127.0.0.1', port), TestPageHandler)
@@ -1255,6 +1259,8 @@ if __name__ == '__main__':
                            help='Specify that https should be used, specify '
                            'the path to the cert containing the private key '
                            'the server should use.')
+  option_parser.add_option('', '--ssl-client-auth', action='store_true',
+                           help='Require SSL client auth on every connection.')
   option_parser.add_option('', '--file-root-url', default='/files/',
                            help='Specify a root URL for files served.')
   option_parser.add_option('', '--never-die', default=False,
-- 
cgit v1.1