[CalendarServer-changes] [15446] CalDAVTester/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Tue Feb 2 08:56:23 PST 2016
Revision: 15446
http://trac.calendarserver.org//changeset/15446
Author: cdaboo at apple.com
Date: 2016-02-02 08:56:22 -0800 (Tue, 02 Feb 2016)
Log Message:
-----------
Add support for TLS client cert authentication.
Modified Paths:
--------------
CalDAVTester/trunk/README.txt
CalDAVTester/trunk/scripts/server/serverinfo.dtd
CalDAVTester/trunk/scripts/tests/CalDAV/caldavtest.dtd
CalDAVTester/trunk/scripts/tests/CardDAV/caldavtest.dtd
CalDAVTester/trunk/scripts/tests-pod/CalDAV/caldavtest.dtd
CalDAVTester/trunk/scripts/tests-pod-v5_v8/CalDAV-v5_v8/caldavtest.dtd
CalDAVTester/trunk/src/caldavtest.py
CalDAVTester/trunk/src/httpshandler.py
CalDAVTester/trunk/src/manager.py
CalDAVTester/trunk/src/request.py
CalDAVTester/trunk/src/serverinfo.py
CalDAVTester/trunk/src/xmlDefs.py
Modified: CalDAVTester/trunk/README.txt
===================================================================
--- CalDAVTester/trunk/README.txt 2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/README.txt 2016-02-02 16:56:22 UTC (rev 15446)
@@ -110,6 +110,9 @@
ELEMENT <authtype>
HTTP authentication method to use.
+ ELEMENT <certdir>
+ Base directory for TLS client certs.
+
ELEMENT <waitcount>
For requests that wait, defines how many iterations to wait for
[Default: 120].
@@ -267,6 +270,9 @@
if provided this value is used as the password for HTTP
Basic authentication instead of the one in the serverinfo
file.
+ ATTRIBUTE cert
+ if provided this value is used as the file name for a TLS
+ client certificate to be used with the request.
ATTRIBUTE end-delete
if set to 'yes', then the resource targeted by the request
is deleted after testing is complete, but before the
Modified: CalDAVTester/trunk/scripts/server/serverinfo.dtd
===================================================================
--- CalDAVTester/trunk/scripts/server/serverinfo.dtd 2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/scripts/server/serverinfo.dtd 2016-02-02 16:56:22 UTC (rev 15446)
@@ -15,31 +15,32 @@
-->
<!ELEMENT serverinfo (host, nonsslport, sslport, unix?,
- host2?, nonsslport2?, sslport2?, unix2?,
- authtype?, waitcount?, waitdelay?, waitsuccess?,
- features?, substitutions,
- calendardatafilter*, addressdatafilter*)? >
+ host2?, nonsslport2?, sslport2?, unix2?,
+ authtype?, certdir?,
+ waitcount?, waitdelay?, waitsuccess?,
+ features?, substitutions,
+ calendardatafilter*, addressdatafilter*)? >
- <!ELEMENT host (#PCDATA)>
- <!ELEMENT nonsslport (#PCDATA)>
- <!ELEMENT sslport (#PCDATA)>
- <!ELEMENT unix (#PCDATA)>
- <!ELEMENT host2 (#PCDATA)>
- <!ELEMENT nonsslport2 (#PCDATA)>
- <!ELEMENT sslport2 (#PCDATA)>
- <!ELEMENT unix2 (#PCDATA)>
- <!ELEMENT authtype (#PCDATA)>
- <!ELEMENT waitdelay (#PCDATA)>
- <!ELEMENT waitcount (#PCDATA)>
- <!ELEMENT waitsuccess (#PCDATA)>
- <!ELEMENT features (feature*)>
- <!ELEMENT feature (#PCDATA)>
- <!ELEMENT substitutions (substitution|repeat)*>
- <!ELEMENT repeat (substitution+)>
- <!ATTLIST repeat count CDATA "1">
- <!ELEMENT substitution (key, value)>
+ <!ELEMENT host (#PCDATA)>
+ <!ELEMENT nonsslport (#PCDATA)>
+ <!ELEMENT sslport (#PCDATA)>
+ <!ELEMENT unix (#PCDATA)>
+ <!ELEMENT host2 (#PCDATA)>
+ <!ELEMENT nonsslport2 (#PCDATA)>
+ <!ELEMENT sslport2 (#PCDATA)>
+ <!ELEMENT unix2 (#PCDATA)>
+ <!ELEMENT authtype (#PCDATA)>
+ <!ELEMENT certdir (#PCDATA)>
+ <!ELEMENT waitdelay (#PCDATA)>
+ <!ELEMENT waitcount (#PCDATA)>
+ <!ELEMENT waitsuccess (#PCDATA)>
+ <!ELEMENT features (feature*)>
+ <!ELEMENT feature (#PCDATA)>
+ <!ELEMENT substitutions (substitution|repeat)*>
+ <!ELEMENT repeat (substitution+)>
+ <!ATTLIST repeat count CDATA "1">
+ <!ELEMENT substitution (key, value)>
<!ELEMENT key (#PCDATA)>
<!ELEMENT value (#PCDATA)>
- <!ELEMENT calendardatafilter (#PCDATA)>
- <!ELEMENT addressdatafilter (#PCDATA)>
-
+ <!ELEMENT calendardatafilter (#PCDATA)>
+ <!ELEMENT addressdatafilter (#PCDATA)>
Modified: CalDAVTester/trunk/scripts/tests/CalDAV/caldavtest.dtd
===================================================================
--- CalDAVTester/trunk/scripts/tests/CalDAV/caldavtest.dtd 2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/scripts/tests/CalDAV/caldavtest.dtd 2016-02-02 16:56:22 UTC (rev 15446)
@@ -35,6 +35,7 @@
auth (yes|no) "yes"
user CDATA ""
pswd CDATA ""
+ cert CDATA ""
end-delete (yes|no) "no"
print-response (yes|no) "no"
iterate-data (yes|no) "no"
@@ -48,7 +49,7 @@
<!ELEMENT value (#PCDATA)>
<!ELEMENT data (content-type, (filepath | generator), substitute*)>
<!ATTLIST data substitutions (yes|no) "yes"
- generate (yes|no) "no">
+ generate (yes|no) "no">
<!ELEMENT content-type (#PCDATA)>
<!ELEMENT filepath (#PCDATA)>
<!ELEMENT generator (callback, arg*)>
Modified: CalDAVTester/trunk/scripts/tests/CardDAV/caldavtest.dtd
===================================================================
--- CalDAVTester/trunk/scripts/tests/CardDAV/caldavtest.dtd 2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/scripts/tests/CardDAV/caldavtest.dtd 2016-02-02 16:56:22 UTC (rev 15446)
@@ -35,6 +35,7 @@
auth (yes|no) "yes"
user CDATA ""
pswd CDATA ""
+ cert CDATA ""
end-delete (yes|no) "no"
print-response (yes|no) "no"
iterate-data (yes|no) "no"
@@ -48,7 +49,7 @@
<!ELEMENT value (#PCDATA)>
<!ELEMENT data (content-type, (filepath | generator), substitute*)>
<!ATTLIST data substitutions (yes|no) "yes"
- generate (yes|no) "no">
+ generate (yes|no) "no">
<!ELEMENT content-type (#PCDATA)>
<!ELEMENT filepath (#PCDATA)>
<!ELEMENT generator (callback, arg*)>
Modified: CalDAVTester/trunk/scripts/tests-pod/CalDAV/caldavtest.dtd
===================================================================
--- CalDAVTester/trunk/scripts/tests-pod/CalDAV/caldavtest.dtd 2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/scripts/tests-pod/CalDAV/caldavtest.dtd 2016-02-02 16:56:22 UTC (rev 15446)
@@ -35,6 +35,7 @@
auth (yes|no) "yes"
user CDATA ""
pswd CDATA ""
+ cert CDATA ""
end-delete (yes|no) "no"
print-response (yes|no) "no"
iterate-data (yes|no) "no"
@@ -48,7 +49,7 @@
<!ELEMENT value (#PCDATA)>
<!ELEMENT data (content-type, (filepath | generator), substitute*)>
<!ATTLIST data substitutions (yes|no) "yes"
- generate (yes|no) "no">
+ generate (yes|no) "no">
<!ELEMENT content-type (#PCDATA)>
<!ELEMENT filepath (#PCDATA)>
<!ELEMENT generator (callback, arg*)>
Modified: CalDAVTester/trunk/scripts/tests-pod-v5_v8/CalDAV-v5_v8/caldavtest.dtd
===================================================================
--- CalDAVTester/trunk/scripts/tests-pod-v5_v8/CalDAV-v5_v8/caldavtest.dtd 2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/scripts/tests-pod-v5_v8/CalDAV-v5_v8/caldavtest.dtd 2016-02-02 16:56:22 UTC (rev 15446)
@@ -35,6 +35,7 @@
auth (yes|no) "yes"
user CDATA ""
pswd CDATA ""
+ cert CDATA ""
end-delete (yes|no) "no"
print-response (yes|no) "no"
iterate-data (yes|no) "no"
@@ -48,7 +49,7 @@
<!ELEMENT value (#PCDATA)>
<!ELEMENT data (content-type, (filepath | generator), substitute*)>
<!ATTLIST data substitutions (yes|no) "yes"
- generate (yes|no) "no">
+ generate (yes|no) "no">
<!ELEMENT content-type (#PCDATA)>
<!ELEMENT filepath (#PCDATA)>
<!ELEMENT generator (callback, arg*)>
Modified: CalDAVTester/trunk/src/caldavtest.py
===================================================================
--- CalDAVTester/trunk/src/caldavtest.py 2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/src/caldavtest.py 2016-02-02 16:56:22 UTC (rev 15446)
@@ -585,17 +585,16 @@
if len(self.end_deletes) == 0:
return True
self.manager.message("trace", "Start: " + description)
- for deleter in self.end_deletes:
+ for uri, delete_request in self.end_deletes:
req = request(self.manager)
req.method = "DELETE"
- req.host = deleter[3]
- req.port = deleter[4]
- req.ruris.append(deleter[0])
- req.ruri = deleter[0]
- if len(deleter[1]):
- req.user = deleter[1]
- if len(deleter[2]):
- req.pswd = deleter[2]
+ req.host = delete_request.host
+ req.port = delete_request.port
+ req.ruris.append(uri)
+ req.ruri = uri
+ req.user = delete_request.user
+ req.pswd = delete_request.pswd
+ req.cert = delete_request.cert
self.dorequest(req, False, False, label=label)
self.manager.message("trace", "{name:<60}{value:>10}".format(name="End: " + description, value="[DONE]"))
@@ -710,7 +709,7 @@
# Cache delayed delete
if req.end_delete:
- self.end_deletes.append((uri, req.user, req.pswd, req.host, req.port,))
+ self.end_deletes.append((uri, req,))
if details:
resulttxt += " %s: %s\n" % (method, uri)
@@ -730,7 +729,13 @@
stats.startTimer()
# Do the http request
- http = SmartHTTPConnection(req.host, req.port, self.manager.server_info.ssl, afunix=req.afunix)
+ http = SmartHTTPConnection(
+ req.host,
+ req.port,
+ self.manager.server_info.ssl,
+ afunix=req.afunix,
+ cert=os.path.join(self.manager.server_info.certdir, req.cert) if req.cert else None
+ )
if 'User-Agent' not in headers and label is not None:
headers['User-Agent'] = label.encode("utf-8")
Modified: CalDAVTester/trunk/src/httpshandler.py
===================================================================
--- CalDAVTester/trunk/src/httpshandler.py 2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/src/httpshandler.py 2016-02-02 16:56:22 UTC (rev 15446)
@@ -38,8 +38,9 @@
An L{httplib.HTTPSConnection} class that allows the TLS protocol version to be set.
"""
- def __init__(self, host, port, ssl_version=cached_types[0][1]):
- httplib.HTTPSConnection.__init__(self, host, port)
+ def __init__(self, host, port, ssl_version=cached_types[0][1], cert_file=None):
+
+ httplib.HTTPSConnection.__init__(self, host, port, cert_file=cert_file)
self._ssl_version = ssl_version
@@ -70,7 +71,7 @@
-def SmartHTTPConnection(host, port, ssl, afunix):
+def SmartHTTPConnection(host, port, ssl, afunix, cert=None):
"""
Create the appropriate L{httplib.HTTPConnection} derived class for the supplied arguments.
This attempts to connect to a server using the available SSL protocol types (as per
@@ -85,10 +86,12 @@
@type ssl: L{bool}
@param afunix: unix socket to use or L{None}
@type afunix: L{str}
+ @param cert: SSL client cert path to use or L{None}
+ @type cert: L{str}
"""
- def trySSL(version):
- connect = HTTPSVersionConnection(host, port, ssl_version=version)
+ def trySSL(version, cert=None):
+ connect = HTTPSVersionConnection(host, port, ssl_version=version, cert_file=cert)
connect.connect()
return connect
@@ -99,14 +102,14 @@
for cached, connection_type in cached_types:
if (host, port) in cached:
try:
- return trySSL(connection_type)
+ return trySSL(connection_type, cert)
except:
cached.remove((host, port))
for cached, connection_type in cached_types:
try:
cached.add((host, port))
- return trySSL(connection_type)
+ return trySSL(connection_type, cert)
except:
cached.remove((host, port))
Modified: CalDAVTester/trunk/src/manager.py
===================================================================
--- CalDAVTester/trunk/src/manager.py 2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/src/manager.py 2016-02-02 16:56:22 UTC (rev 15446)
@@ -160,6 +160,7 @@
self.server_info.ssl = ssl
self.server_info.port = self.server_info.sslport if ssl else self.server_info.nonsslport
self.server_info.port2 = self.server_info.sslport2 if ssl else self.server_info.nonsslport2
+ self.server_info.certdir = os.path.join(self.base_dir, self.server_info.certdir) if self.server_info.certdir else ""
moresubs["$host:"] = "%s://%s" % (
"https" if ssl else "http", self.server_info.host,
Modified: CalDAVTester/trunk/src/request.py
===================================================================
--- CalDAVTester/trunk/src/request.py 2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/src/request.py 2016-02-02 16:56:22 UTC (rev 15446)
@@ -152,6 +152,7 @@
self.auth = True
self.user = ""
self.pswd = ""
+ self.cert = ""
self.end_delete = False
self.print_request = False
self.print_response = False
@@ -211,10 +212,10 @@
# Auth
if self.auth:
- if si.authtype.lower() == "digest":
+ if si.authtype.lower() == "basic":
+ hdrs["Authorization"] = self.gethttpbasicauth(si)
+ elif si.authtype.lower() == "digest":
hdrs["Authorization"] = self.gethttpdigestauth(si)
- else:
- hdrs["Authorization"] = self.gethttpbasicauth(si)
return hdrs
@@ -380,6 +381,7 @@
self.auth = node.get(src.xmlDefs.ATTR_AUTH, src.xmlDefs.ATTR_VALUE_YES) == src.xmlDefs.ATTR_VALUE_YES
self.user = self.manager.server_info.subs(node.get(src.xmlDefs.ATTR_USER, "").encode("utf-8"))
self.pswd = self.manager.server_info.subs(node.get(src.xmlDefs.ATTR_PSWD, "").encode("utf-8"))
+ self.cert = self.manager.server_info.subs(node.get(src.xmlDefs.ATTR_CERT, "").encode("utf-8"))
self.end_delete = getYesNoAttributeValue(node, src.xmlDefs.ATTR_END_DELETE)
self.print_request = self.manager.print_request or getYesNoAttributeValue(node, src.xmlDefs.ATTR_PRINT_REQUEST)
self.print_response = self.manager.print_response or getYesNoAttributeValue(node, src.xmlDefs.ATTR_PRINT_RESPONSE)
Modified: CalDAVTester/trunk/src/serverinfo.py
===================================================================
--- CalDAVTester/trunk/src/serverinfo.py 2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/src/serverinfo.py 2016-02-02 16:56:22 UTC (rev 15446)
@@ -43,6 +43,7 @@
self.sslport2 = 443
self.afunix2 = None
self.authtype = "basic"
+ self.certdir = ""
self.features = set()
self.user = ""
self.pswd = ""
@@ -192,6 +193,8 @@
self.afunix2 = child.text
elif child.tag == src.xmlDefs.ELEMENT_AUTHTYPE:
self.authtype = child.text.encode("utf-8")
+ elif child.tag == src.xmlDefs.ELEMENT_CERTDIR:
+ self.certdir = child.text.encode("utf-8")
elif child.tag == src.xmlDefs.ELEMENT_WAITCOUNT:
self.waitcount = int(child.text.encode("utf-8"))
elif child.tag == src.xmlDefs.ELEMENT_WAITDELAY:
Modified: CalDAVTester/trunk/src/xmlDefs.py
===================================================================
--- CalDAVTester/trunk/src/xmlDefs.py 2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/src/xmlDefs.py 2016-02-02 16:56:22 UTC (rev 15446)
@@ -23,6 +23,7 @@
ELEMENT_CALDAVTEST = "caldavtest"
ELEMENT_CALENDARDATAFILTER = "calendardatafilter"
ELEMENT_CALLBACK = "callback"
+ELEMENT_CERTDIR = "certdir"
ELEMENT_CLIENTS = "clients"
ELEMENT_CONTENTTYPE = "content-type"
ELEMENT_DATA = "data"
@@ -90,6 +91,7 @@
ATTR_HOST2 = "host2"
ATTR_AUTH = "auth"
+ATTR_CERT = "cert"
ATTR_CHANGE_UID = "change-uid"
ATTR_COUNT = "count"
ATTR_DETAILS = "details"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20160202/27cb1ad2/attachment-0001.html>
More information about the calendarserver-changes
mailing list