[CalendarServer-changes] [15446] CalDAVTester/trunk

source_changes at macosforge.org source_changes at macosforge.org
Tue Feb 2 08:56:23 PST 2016


Revision: 15446
          http://trac.calendarserver.org//changeset/15446
Author:   cdaboo at apple.com
Date:     2016-02-02 08:56:22 -0800 (Tue, 02 Feb 2016)
Log Message:
-----------
Add support for TLS client cert authentication.

Modified Paths:
--------------
    CalDAVTester/trunk/README.txt
    CalDAVTester/trunk/scripts/server/serverinfo.dtd
    CalDAVTester/trunk/scripts/tests/CalDAV/caldavtest.dtd
    CalDAVTester/trunk/scripts/tests/CardDAV/caldavtest.dtd
    CalDAVTester/trunk/scripts/tests-pod/CalDAV/caldavtest.dtd
    CalDAVTester/trunk/scripts/tests-pod-v5_v8/CalDAV-v5_v8/caldavtest.dtd
    CalDAVTester/trunk/src/caldavtest.py
    CalDAVTester/trunk/src/httpshandler.py
    CalDAVTester/trunk/src/manager.py
    CalDAVTester/trunk/src/request.py
    CalDAVTester/trunk/src/serverinfo.py
    CalDAVTester/trunk/src/xmlDefs.py

Modified: CalDAVTester/trunk/README.txt
===================================================================
--- CalDAVTester/trunk/README.txt	2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/README.txt	2016-02-02 16:56:22 UTC (rev 15446)
@@ -110,6 +110,9 @@
 	ELEMENT <authtype>
 		HTTP authentication method to use.
 
+	ELEMENT <certdir>
+		Base directory for TLS client certs.
+
 	ELEMENT <waitcount>
 		For requests that wait, defines how many iterations to wait for
 		[Default: 120].
@@ -267,6 +270,9 @@
 			if provided this value is used as the password for HTTP
 			Basic authentication instead of the one in the serverinfo
 			file.
+		ATTRIBUTE cert
+			if provided this value is used as the file name for a TLS
+			client certificate to be used with the request.
 		ATTRIBUTE end-delete
 			if set to 'yes', then the resource targeted by the request
 			is deleted after testing is complete, but before the

Modified: CalDAVTester/trunk/scripts/server/serverinfo.dtd
===================================================================
--- CalDAVTester/trunk/scripts/server/serverinfo.dtd	2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/scripts/server/serverinfo.dtd	2016-02-02 16:56:22 UTC (rev 15446)
@@ -15,31 +15,32 @@
  -->
 
 <!ELEMENT serverinfo (host, nonsslport, sslport, unix?,
-						host2?, nonsslport2?, sslport2?, unix2?,
-						authtype?, waitcount?, waitdelay?, waitsuccess?,
-						features?, substitutions,
-						calendardatafilter*, addressdatafilter*)? >
+					  host2?, nonsslport2?, sslport2?, unix2?,
+					  authtype?, certdir?,
+					  waitcount?, waitdelay?, waitsuccess?,
+					  features?, substitutions,
+					  calendardatafilter*, addressdatafilter*)? >
 
-	<!ELEMENT host			(#PCDATA)>
-	<!ELEMENT nonsslport	(#PCDATA)>
-	<!ELEMENT sslport		(#PCDATA)>
-	<!ELEMENT unix			(#PCDATA)>
-	<!ELEMENT host2			(#PCDATA)>
-	<!ELEMENT nonsslport2	(#PCDATA)>
-	<!ELEMENT sslport2		(#PCDATA)>
-	<!ELEMENT unix2			(#PCDATA)>
-	<!ELEMENT authtype		(#PCDATA)>
-	<!ELEMENT waitdelay     (#PCDATA)>
-	<!ELEMENT waitcount     (#PCDATA)>
-	<!ELEMENT waitsuccess   (#PCDATA)>
-	<!ELEMENT features      (feature*)>
-		<!ELEMENT feature   (#PCDATA)>
-	<!ELEMENT substitutions	(substitution|repeat)*>
-		<!ELEMENT repeat	(substitution+)>
-    		<!ATTLIST repeat count CDATA "1">
-		<!ELEMENT substitution	(key, value)>
+	<!ELEMENT host					(#PCDATA)>
+	<!ELEMENT nonsslport			(#PCDATA)>
+	<!ELEMENT sslport				(#PCDATA)>
+	<!ELEMENT unix					(#PCDATA)>
+	<!ELEMENT host2					(#PCDATA)>
+	<!ELEMENT nonsslport2			(#PCDATA)>
+	<!ELEMENT sslport2				(#PCDATA)>
+	<!ELEMENT unix2					(#PCDATA)>
+	<!ELEMENT authtype				(#PCDATA)>
+	<!ELEMENT certdir				(#PCDATA)>
+	<!ELEMENT waitdelay				(#PCDATA)>
+	<!ELEMENT waitcount				(#PCDATA)>
+	<!ELEMENT waitsuccess			(#PCDATA)>
+	<!ELEMENT features				(feature*)>
+		<!ELEMENT feature			(#PCDATA)>
+	<!ELEMENT substitutions			(substitution|repeat)*>
+		<!ELEMENT repeat			(substitution+)>
+			<!ATTLIST repeat count CDATA "1">
+		<!ELEMENT substitution		(key, value)>
 			<!ELEMENT key			(#PCDATA)>
 			<!ELEMENT value			(#PCDATA)>
-	<!ELEMENT calendardatafilter   (#PCDATA)>
-	<!ELEMENT addressdatafilter   (#PCDATA)>
-	
+	<!ELEMENT calendardatafilter	(#PCDATA)>
+	<!ELEMENT addressdatafilter		(#PCDATA)>

Modified: CalDAVTester/trunk/scripts/tests/CalDAV/caldavtest.dtd
===================================================================
--- CalDAVTester/trunk/scripts/tests/CalDAV/caldavtest.dtd	2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/scripts/tests/CalDAV/caldavtest.dtd	2016-02-02 16:56:22 UTC (rev 15446)
@@ -35,6 +35,7 @@
 						 auth (yes|no) "yes"
 						 user CDATA ""
 						 pswd CDATA ""
+						 cert CDATA ""
 						 end-delete (yes|no) "no"
 						 print-response (yes|no) "no"
 						 iterate-data (yes|no) "no"
@@ -48,7 +49,7 @@
 			<!ELEMENT value (#PCDATA)>
 		<!ELEMENT data (content-type, (filepath | generator), substitute*)>
 			<!ATTLIST data substitutions (yes|no) "yes"
-			               generate      (yes|no) "no">
+						   generate      (yes|no) "no">
 			<!ELEMENT content-type (#PCDATA)>
 			<!ELEMENT filepath (#PCDATA)>
 			<!ELEMENT generator (callback, arg*)>

Modified: CalDAVTester/trunk/scripts/tests/CardDAV/caldavtest.dtd
===================================================================
--- CalDAVTester/trunk/scripts/tests/CardDAV/caldavtest.dtd	2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/scripts/tests/CardDAV/caldavtest.dtd	2016-02-02 16:56:22 UTC (rev 15446)
@@ -35,6 +35,7 @@
 						 auth (yes|no) "yes"
 						 user CDATA ""
 						 pswd CDATA ""
+						 cert CDATA ""
 						 end-delete (yes|no) "no"
 						 print-response (yes|no) "no"
 						 iterate-data (yes|no) "no"
@@ -48,7 +49,7 @@
 			<!ELEMENT value (#PCDATA)>
 		<!ELEMENT data (content-type, (filepath | generator), substitute*)>
 			<!ATTLIST data substitutions (yes|no) "yes"
-			               generate      (yes|no) "no">
+						   generate      (yes|no) "no">
 			<!ELEMENT content-type (#PCDATA)>
 			<!ELEMENT filepath (#PCDATA)>
 			<!ELEMENT generator (callback, arg*)>

Modified: CalDAVTester/trunk/scripts/tests-pod/CalDAV/caldavtest.dtd
===================================================================
--- CalDAVTester/trunk/scripts/tests-pod/CalDAV/caldavtest.dtd	2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/scripts/tests-pod/CalDAV/caldavtest.dtd	2016-02-02 16:56:22 UTC (rev 15446)
@@ -35,6 +35,7 @@
 						 auth (yes|no) "yes"
 						 user CDATA ""
 						 pswd CDATA ""
+						 cert CDATA ""
 						 end-delete (yes|no) "no"
 						 print-response (yes|no) "no"
 						 iterate-data (yes|no) "no"
@@ -48,7 +49,7 @@
 			<!ELEMENT value (#PCDATA)>
 		<!ELEMENT data (content-type, (filepath | generator), substitute*)>
 			<!ATTLIST data substitutions (yes|no) "yes"
-			               generate      (yes|no) "no">
+						   generate      (yes|no) "no">
 			<!ELEMENT content-type (#PCDATA)>
 			<!ELEMENT filepath (#PCDATA)>
 			<!ELEMENT generator (callback, arg*)>

Modified: CalDAVTester/trunk/scripts/tests-pod-v5_v8/CalDAV-v5_v8/caldavtest.dtd
===================================================================
--- CalDAVTester/trunk/scripts/tests-pod-v5_v8/CalDAV-v5_v8/caldavtest.dtd	2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/scripts/tests-pod-v5_v8/CalDAV-v5_v8/caldavtest.dtd	2016-02-02 16:56:22 UTC (rev 15446)
@@ -35,6 +35,7 @@
 						 auth (yes|no) "yes"
 						 user CDATA ""
 						 pswd CDATA ""
+						 cert CDATA ""
 						 end-delete (yes|no) "no"
 						 print-response (yes|no) "no"
 						 iterate-data (yes|no) "no"
@@ -48,7 +49,7 @@
 			<!ELEMENT value (#PCDATA)>
 		<!ELEMENT data (content-type, (filepath | generator), substitute*)>
 			<!ATTLIST data substitutions (yes|no) "yes"
-			               generate      (yes|no) "no">
+						   generate      (yes|no) "no">
 			<!ELEMENT content-type (#PCDATA)>
 			<!ELEMENT filepath (#PCDATA)>
 			<!ELEMENT generator (callback, arg*)>

Modified: CalDAVTester/trunk/src/caldavtest.py
===================================================================
--- CalDAVTester/trunk/src/caldavtest.py	2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/src/caldavtest.py	2016-02-02 16:56:22 UTC (rev 15446)
@@ -585,17 +585,16 @@
         if len(self.end_deletes) == 0:
             return True
         self.manager.message("trace", "Start: " + description)
-        for deleter in self.end_deletes:
+        for uri, delete_request in self.end_deletes:
             req = request(self.manager)
             req.method = "DELETE"
-            req.host = deleter[3]
-            req.port = deleter[4]
-            req.ruris.append(deleter[0])
-            req.ruri = deleter[0]
-            if len(deleter[1]):
-                req.user = deleter[1]
-            if len(deleter[2]):
-                req.pswd = deleter[2]
+            req.host = delete_request.host
+            req.port = delete_request.port
+            req.ruris.append(uri)
+            req.ruri = uri
+            req.user = delete_request.user
+            req.pswd = delete_request.pswd
+            req.cert = delete_request.cert
             self.dorequest(req, False, False, label=label)
         self.manager.message("trace", "{name:<60}{value:>10}".format(name="End: " + description, value="[DONE]"))
 
@@ -710,7 +709,7 @@
 
         # Cache delayed delete
         if req.end_delete:
-            self.end_deletes.append((uri, req.user, req.pswd, req.host, req.port,))
+            self.end_deletes.append((uri, req,))
 
         if details:
             resulttxt += "        %s: %s\n" % (method, uri)
@@ -730,7 +729,13 @@
             stats.startTimer()
 
         # Do the http request
-        http = SmartHTTPConnection(req.host, req.port, self.manager.server_info.ssl, afunix=req.afunix)
+        http = SmartHTTPConnection(
+            req.host,
+            req.port,
+            self.manager.server_info.ssl,
+            afunix=req.afunix,
+            cert=os.path.join(self.manager.server_info.certdir, req.cert) if req.cert else None
+        )
 
         if 'User-Agent' not in headers and label is not None:
             headers['User-Agent'] = label.encode("utf-8")

Modified: CalDAVTester/trunk/src/httpshandler.py
===================================================================
--- CalDAVTester/trunk/src/httpshandler.py	2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/src/httpshandler.py	2016-02-02 16:56:22 UTC (rev 15446)
@@ -38,8 +38,9 @@
     An L{httplib.HTTPSConnection} class that allows the TLS protocol version to be set.
     """
 
-    def __init__(self, host, port, ssl_version=cached_types[0][1]):
-        httplib.HTTPSConnection.__init__(self, host, port)
+    def __init__(self, host, port, ssl_version=cached_types[0][1], cert_file=None):
+
+        httplib.HTTPSConnection.__init__(self, host, port, cert_file=cert_file)
         self._ssl_version = ssl_version
 
 
@@ -70,7 +71,7 @@
 
 
 
-def SmartHTTPConnection(host, port, ssl, afunix):
+def SmartHTTPConnection(host, port, ssl, afunix, cert=None):
     """
     Create the appropriate L{httplib.HTTPConnection} derived class for the supplied arguments.
     This attempts to connect to a server using the available SSL protocol types (as per
@@ -85,10 +86,12 @@
     @type ssl: L{bool}
     @param afunix: unix socket to use or L{None}
     @type afunix: L{str}
+    @param cert: SSL client cert path to use or L{None}
+    @type cert: L{str}
     """
 
-    def trySSL(version):
-        connect = HTTPSVersionConnection(host, port, ssl_version=version)
+    def trySSL(version, cert=None):
+        connect = HTTPSVersionConnection(host, port, ssl_version=version, cert_file=cert)
         connect.connect()
         return connect
 
@@ -99,14 +102,14 @@
         for cached, connection_type in cached_types:
             if (host, port) in cached:
                 try:
-                    return trySSL(connection_type)
+                    return trySSL(connection_type, cert)
                 except:
                     cached.remove((host, port))
 
         for cached, connection_type in cached_types:
             try:
                 cached.add((host, port))
-                return trySSL(connection_type)
+                return trySSL(connection_type, cert)
             except:
                 cached.remove((host, port))
 

Modified: CalDAVTester/trunk/src/manager.py
===================================================================
--- CalDAVTester/trunk/src/manager.py	2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/src/manager.py	2016-02-02 16:56:22 UTC (rev 15446)
@@ -160,6 +160,7 @@
         self.server_info.ssl = ssl
         self.server_info.port = self.server_info.sslport if ssl else self.server_info.nonsslport
         self.server_info.port2 = self.server_info.sslport2 if ssl else self.server_info.nonsslport2
+        self.server_info.certdir = os.path.join(self.base_dir, self.server_info.certdir) if self.server_info.certdir else ""
 
         moresubs["$host:"] = "%s://%s" % (
             "https" if ssl else "http", self.server_info.host,

Modified: CalDAVTester/trunk/src/request.py
===================================================================
--- CalDAVTester/trunk/src/request.py	2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/src/request.py	2016-02-02 16:56:22 UTC (rev 15446)
@@ -152,6 +152,7 @@
         self.auth = True
         self.user = ""
         self.pswd = ""
+        self.cert = ""
         self.end_delete = False
         self.print_request = False
         self.print_response = False
@@ -211,10 +212,10 @@
 
         # Auth
         if self.auth:
-            if si.authtype.lower() == "digest":
+            if si.authtype.lower() == "basic":
+                hdrs["Authorization"] = self.gethttpbasicauth(si)
+            elif si.authtype.lower() == "digest":
                 hdrs["Authorization"] = self.gethttpdigestauth(si)
-            else:
-                hdrs["Authorization"] = self.gethttpbasicauth(si)
 
         return hdrs
 
@@ -380,6 +381,7 @@
         self.auth = node.get(src.xmlDefs.ATTR_AUTH, src.xmlDefs.ATTR_VALUE_YES) == src.xmlDefs.ATTR_VALUE_YES
         self.user = self.manager.server_info.subs(node.get(src.xmlDefs.ATTR_USER, "").encode("utf-8"))
         self.pswd = self.manager.server_info.subs(node.get(src.xmlDefs.ATTR_PSWD, "").encode("utf-8"))
+        self.cert = self.manager.server_info.subs(node.get(src.xmlDefs.ATTR_CERT, "").encode("utf-8"))
         self.end_delete = getYesNoAttributeValue(node, src.xmlDefs.ATTR_END_DELETE)
         self.print_request = self.manager.print_request or getYesNoAttributeValue(node, src.xmlDefs.ATTR_PRINT_REQUEST)
         self.print_response = self.manager.print_response or getYesNoAttributeValue(node, src.xmlDefs.ATTR_PRINT_RESPONSE)

Modified: CalDAVTester/trunk/src/serverinfo.py
===================================================================
--- CalDAVTester/trunk/src/serverinfo.py	2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/src/serverinfo.py	2016-02-02 16:56:22 UTC (rev 15446)
@@ -43,6 +43,7 @@
         self.sslport2 = 443
         self.afunix2 = None
         self.authtype = "basic"
+        self.certdir = ""
         self.features = set()
         self.user = ""
         self.pswd = ""
@@ -192,6 +193,8 @@
                 self.afunix2 = child.text
             elif child.tag == src.xmlDefs.ELEMENT_AUTHTYPE:
                 self.authtype = child.text.encode("utf-8")
+            elif child.tag == src.xmlDefs.ELEMENT_CERTDIR:
+                self.certdir = child.text.encode("utf-8")
             elif child.tag == src.xmlDefs.ELEMENT_WAITCOUNT:
                 self.waitcount = int(child.text.encode("utf-8"))
             elif child.tag == src.xmlDefs.ELEMENT_WAITDELAY:

Modified: CalDAVTester/trunk/src/xmlDefs.py
===================================================================
--- CalDAVTester/trunk/src/xmlDefs.py	2016-01-29 19:49:30 UTC (rev 15445)
+++ CalDAVTester/trunk/src/xmlDefs.py	2016-02-02 16:56:22 UTC (rev 15446)
@@ -23,6 +23,7 @@
 ELEMENT_CALDAVTEST = "caldavtest"
 ELEMENT_CALENDARDATAFILTER = "calendardatafilter"
 ELEMENT_CALLBACK = "callback"
+ELEMENT_CERTDIR = "certdir"
 ELEMENT_CLIENTS = "clients"
 ELEMENT_CONTENTTYPE = "content-type"
 ELEMENT_DATA = "data"
@@ -90,6 +91,7 @@
 
 ATTR_HOST2 = "host2"
 ATTR_AUTH = "auth"
+ATTR_CERT = "cert"
 ATTR_CHANGE_UID = "change-uid"
 ATTR_COUNT = "count"
 ATTR_DETAILS = "details"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20160202/27cb1ad2/attachment-0001.html>


More information about the calendarserver-changes mailing list