source: mod_gnutls/test/tests/36_OCSP_server_nonce/hooks.py @ ebbfb2b

asyncioproxy-ticket
Last change on this file since ebbfb2b was ebbfb2b, checked in by Krista Karppinen <krista.celestia@…>, 17 months ago

OCSP nonce test (36): verify nonce match

Verify that the nonce got in the stapled OCSP response actually
matches the one sent in the request. Create a new module 'ocsp'
in mgstools to help with testing.

  • Property mode set to 100644
File size: 2.1 KB
Line 
1import base64
2import os
3import re
4from mgstest import require_match, TestExpectationFailed
5from mgstest.ocsp import OCSPRequest, OCSPResponse
6from pathlib import Path
7from unittest import SkipTest
8
9
10LOGFILE = Path('logs/36_OCSP_server_nonce.ocsp.error.log')
11LOGFILE_POSITION = 0
12
13
14def prepare_env():
15    if 'OCSP_PORT' not in os.environ:
16        raise SkipTest('OCSP_PORT is not set, check if openssl is available.')
17
18    # Seek to the end of server log
19    if LOGFILE.exists():
20        global LOGFILE_POSITION
21        LOGFILE_POSITION = LOGFILE.stat().st_size
22
23
24def post_check(conn_log, response_log):
25    print('Checking if the client actually got a stapled response:')
26    print(require_match(re.compile(r'^- Options: .*OCSP status request,'),
27                        conn_log).group(0))
28
29    print('Checking for outputs/36-ocsp.der:')
30    ocsp_response = OCSPResponse.parse_file('outputs/36-ocsp.der')
31    print(ocsp_response)
32
33    print('Checking if the client got a nonce in the stapled response:')
34    resp_nonce = ocsp_response.get_field('nonce').get_value()
35    print(resp_nonce)
36
37    print('Checking if the server log contains an OCSP request')
38    with LOGFILE.open() as log:
39        print(f'Seeking to position {LOGFILE_POSITION}')
40        log.seek(LOGFILE_POSITION)
41        ocsp_request = None
42
43        while ocsp_request is None:
44            log_match = require_match(
45                    re.compile(r"Received OCSP request: '([^']*)'"),
46                    log
47                )
48            test_request = OCSPRequest.parse_str(
49                            base64.b64decode(log_match.group(1)))
50            print(repr(test_request))
51            if ocsp_response.matches_request(test_request):
52                print("Request matches response")
53                ocsp_request = test_request
54            else:
55                print("Request doesn't match response")
56
57    print('Checking if the OCSP request has a nonce')
58    req_nonce = ocsp_request.get_field('nonce').get_value()
59    print(req_nonce)
60
61    print('Checking if the request and response nonces match')
62    if resp_nonce != req_nonce:
63        raise TestExpectationFailed('Nonce mismatch!')
Note: See TracBrowser for help on using the repository browser.