klemek/stapler
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 10 Wiki Activity

fix: better host detection and cerbot only on valid hosts

Browse Source
This commit is contained in:
Klemek
2026-05-06 14:00:06 +02:00
parent e7abe7924f
commit 74ceb0f677
7 changed files with 112 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test_cert_manager.py
+51 -49
View File
@@ -44,32 +44,32 @@ class TestRegistry(BaseTestCase):
self.patch("shutil.which", count=0),
self.patch("subprocess.check_output", count=0),
):
self._make_self_signed("localhost")
self.cert_manager.init(["localhost"])
self._make_self_signed("example.com")
self.cert_manager.init(["example.com"])
def test_exists_self_signed(self) -> None:
self._make_self_signed("localhost")
assert self.cert_manager.exists("localhost")
self._make_self_signed("example.com")
assert self.cert_manager.exists("example.com")
def test_exists_certbot(self) -> None:
self._make_certbot("localhost")
assert self.cert_manager.exists("localhost")
self._make_certbot("example.com")
assert self.cert_manager.exists("example.com")
def test_exists_fail(self) -> None:
assert not self.cert_manager.exists("localhost")
assert not self.cert_manager.exists("example.com")
def test_exists_fail_without_certbot(self) -> None:
self.cert_manager.with_certbot = False
self._make_certbot("localhost")
assert not self.cert_manager.exists("localhost")
self._make_certbot("example.com")
assert not self.cert_manager.exists("example.com")
def test_init_cert_existing(self) -> None:
with (
self.patch("shutil.which", count=0),
self.patch("subprocess.check_output", count=0),
):
self._make_self_signed("localhost")
assert not self.cert_manager.init_cert("localhost")
self._make_self_signed("example.com")
assert not self.cert_manager.init_cert("example.com")
def test_init_cert_fail(self) -> None:
with (
@@ -77,7 +77,7 @@ class TestRegistry(BaseTestCase):
self.patch("subprocess.check_output") as process_mock,
):
process_mock.side_effect = subprocess.CalledProcessError(1, "", output=b"")
assert not self.cert_manager.init_cert("localhost")
assert not self.cert_manager.init_cert("example.com")
def test_init_cert_new(self) -> None:
with (
@@ -85,135 +85,137 @@ class TestRegistry(BaseTestCase):
self.patch("subprocess.check_output") as process_mock,
):
process_mock.side_effect = lambda *_, **__: self._make_self_signed(
"localhost"
"example.com"
)
assert self.cert_manager.init_cert("localhost")
assert self.cert_manager.init_cert("example.com")
def test_create_or_update_existing_no_certbot(self) -> None:
self._make_self_signed("localhost")
self._make_self_signed("example.com")
self.cert_manager.with_certbot = False
with (
self.patch("shutil.which", return_value=""),
self.patch("subprocess.check_output") as process_mock,
):
process_mock.side_effect = lambda *_, **__: self._make_self_signed(
"localhost"
"example.com"
)
assert self.cert_manager.create_or_update("localhost")
assert self.cert_manager.create_or_update("example.com")
def test_create_or_update_existing_certbot(self) -> None:
self._make_certbot("localhost")
self._make_certbot("example.com")
with (
self.patch("shutil.which", return_value=""),
self.patch("subprocess.check_output") as process_mock,
):
process_mock.side_effect = lambda *_, **__: self._make_certbot("localhost")
assert self.cert_manager.create_or_update("localhost")
process_mock.side_effect = lambda *_, **__: self._make_certbot(
"example.com"
)
assert self.cert_manager.create_or_update("example.com")
def test_create_or_update_existing_fail_both(self) -> None:
self._make_certbot("localhost")
self._make_certbot("example.com")
with (
self.patch("shutil.which", return_value="", count=2),
self.patch("subprocess.check_output", count=2) as process_mock,
):
process_mock.side_effect = subprocess.CalledProcessError(1, "", output=b"")
assert not self.cert_manager.create_or_update("localhost")
assert not self.cert_manager.create_or_update("example.com")
def test_create_or_update_existing_fail_both_binary(self) -> None:
self._make_certbot("localhost")
self._make_certbot("example.com")
with (
self.patch("shutil.which", count=2),
self.patch("subprocess.check_output", count=0),
):
assert not self.cert_manager.create_or_update("localhost")
assert not self.cert_manager.create_or_update("example.com")
def test_get_cert_certbot(self) -> None:
self._make_certbot("localhost")
self._make_certbot("example.com")
self.assertEqual(
self.cert_manager.get_cert("localhost"),
self.certbot_conf / "live" / "localhost" / CertManager.CRT_FILE,
self.cert_manager.get_cert("example.com"),
self.certbot_conf / "live" / "example.com" / CertManager.CRT_FILE,
)
def test_get_cert_self_signed(self) -> None:
self._make_self_signed("localhost")
self._make_self_signed("example.com")
self.assertEqual(
self.cert_manager.get_cert("localhost"),
self.self_signed_path / "localhost" / CertManager.CRT_FILE,
self.cert_manager.get_cert("example.com"),
self.self_signed_path / "example.com" / CertManager.CRT_FILE,
)
def test_get_cert_fail(self) -> None:
self.assertRaises(
CertManagerError,
lambda: self.cert_manager.get_cert("localhost"),
lambda: self.cert_manager.get_cert("example.com"),
)
def test_get_key_certbot(self) -> None:
self._make_certbot("localhost")
self._make_certbot("example.com")
self.assertEqual(
self.cert_manager.get_key("localhost"),
self.certbot_conf / "live" / "localhost" / CertManager.KEY_FILE,
self.cert_manager.get_key("example.com"),
self.certbot_conf / "live" / "example.com" / CertManager.KEY_FILE,
)
def test_get_key_self_signed(self) -> None:
self._make_self_signed("localhost")
self._make_self_signed("example.com")
self.assertEqual(
self.cert_manager.get_key("localhost"),
self.self_signed_path / "localhost" / CertManager.KEY_FILE,
self.cert_manager.get_key("example.com"),
self.self_signed_path / "example.com" / CertManager.KEY_FILE,
)
def test_get_key_fail(self) -> None:
self.assertRaises(
CertManagerError,
lambda: self.cert_manager.get_key("localhost"),
lambda: self.cert_manager.get_key("example.com"),
)
def test_sni_callback_no_host(self) -> None:
self._make_self_signed("localhost")
self._make_self_signed("example.com")
with (
self.patch("ssl.create_default_context", count=0),
):
self.cert_manager.sni_callback(self.socket_mock, None, self.context_mock)
def test_sni_callback_fail(self) -> None:
self._make_self_signed("localhost")
self._make_self_signed("example.com")
with (
self.patch("shutil.which", count=3),
self.patch("ssl.create_default_context", count=0),
):
self.cert_manager.sni_callback(
self.socket_mock, "new_host", self.context_mock
self.socket_mock, "example.fr", self.context_mock
)
def test_sni_callback_create_context(self) -> None:
self._make_self_signed("localhost")
self._make_self_signed("example.com")
with (
self.patch("ssl.create_default_context", return_value=self.context_mock),
self.mock_call(
self.context_mock.load_cert_chain,
[
self.self_signed_path / "localhost" / CertManager.CRT_FILE,
self.self_signed_path / "localhost" / CertManager.KEY_FILE,
self.self_signed_path / "example.com" / CertManager.CRT_FILE,
self.self_signed_path / "example.com" / CertManager.KEY_FILE,
],
),
self.patch("shutil.which", count=0),
):
self.cert_manager.sni_callback(
self.socket_mock, "localhost", self.context_mock
self.socket_mock, "example.com", self.context_mock
)
def test_sni_callback_create_context_fail(self) -> None:
self._make_self_signed("localhost")
self._make_self_signed("example.com")
with (
self.patch("ssl.create_default_context", return_value=self.context_mock),
self.patch("shutil.which", count=0),
):
self.context_mock.load_cert_chain.side_effect = Exception
self.cert_manager.sni_callback(
self.socket_mock, "localhost", self.context_mock
self.socket_mock, "example.com", self.context_mock
)
self.context_mock.load_cert_chain.assert_called_once_with(
self.self_signed_path / "localhost" / CertManager.CRT_FILE,
self.self_signed_path / "localhost" / CertManager.KEY_FILE,
self.self_signed_path / "example.com" / CertManager.CRT_FILE,
self.self_signed_path / "example.com" / CertManager.KEY_FILE,
)
def _make_self_signed(self, host: str) -> None:
tests/test_strings.py
+22
View File
@@ -0,0 +1,22 @@
import parameterized
from stapler.strings import sanitize_string, valid_host
from . import BaseTestCase
class TestStrings(BaseTestCase):
def test_sanitize(self) -> None:
self.assertEqual("??A??", sanitize_string("\n\tA\x00\x99"))
@parameterized.parameterized.expand(
[("example.com"), ("test-test.com"), ("subdomain.example.com")]
)
def test_valid_host(self, host: str) -> None:
self.assertTrue(valid_host(host), host)
@parameterized.parameterized.expand(
[("example.c"), ("localhost"), ("127.0.0.1"), ("test..com"), ("www-.test.com")]
)
def test_invalid_host(self, host: str) -> None:
self.assertFalse(valid_host(host), host)