1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
|
# Tests for the HTTP server
# Copyright (C) 2025 Nguyễn Gia Phong
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
from asyncio import open_connection, start_server
from base64 import (urlsafe_b64decode as from_base64,
urlsafe_b64encode as base64)
from contextlib import asynccontextmanager, contextmanager
from functools import partial
from pathlib import Path
from tempfile import mkstemp
from urllib.parse import urljoin, urlsplit
from xml.etree.ElementTree import tostring as str_from_xml
from xml.sax.saxutils import escape
from hypothesis import given
from hypothesis.strategies import (builds, composite, datetimes,
integers, lists, text)
from hypothesis.provisional import domains, urls
from scadere.listen import body, entry, handle, path, xml
def ports():
"""Return a Hypothesis strategy for TCP ports."""
return integers(1, 65535)
def serials():
"""Return a Hypothesis strategy for TLS serial number."""
return builds(lambda n: hex(n).removeprefix('0x'), integers(0, 256**20-1))
def ca_names():
"""Return a Hypothesis strategy for CA names."""
return text().map(lambda name: base64(name.encode()).decode())
@given(domains(), ports(), ca_names(), serials())
def test_path(hostname, port, issuer, serial):
r = path(hostname, port, issuer, serial).split('/')
assert r[0] == hostname
assert int(r[1]) == port
assert r[2] == issuer
assert r[3] == serial
@given(domains(), ports(), ca_names(), serials(), datetimes(), datetimes())
def test_body(hostname, port, issuer, serial, not_before, not_after):
r = body(not_before, not_after, hostname, port, serial, issuer)
assert r[-1][0] == 'dl'
d = dict(zip((v for k, v in r[-1][1:] if k == 'dt'),
(v for k, v in r[-1][1:] if k == 'dd')))
assert d['Domain'] == hostname
assert d['Port'] == port
assert d['Issuer'] == from_base64(issuer.encode()).decode()
assert d['Serial number'] == serial
assert d['Valid from'] == not_before
assert d['Valid until'] == not_after
@given(urls(), domains(), ports(),
ca_names(), serials(), datetimes(), datetimes())
def test_atom_entry(base_url, hostname, port,
issuer, serial, not_before, not_after):
cert = not_before, not_after, hostname, port, serial, issuer
r = str_from_xml(xml(entry(base_url, cert)),
'unicode', short_empty_elements=False)
issuer_str = from_base64(issuer.encode()).decode()
url = urljoin(base_url, path(hostname, port, issuer, serial))
assert r == f'''<entry>
<author>
<name>{escape(issuer_str)}</name>
</author>
<content type="xhtml">
<div xmlns="http://www.w3.org/1999/xhtml">
<h1>TLS certificate information</h1>
<dl>
<dt>Domain</dt>
<dd>{hostname}</dd>
<dt>Port</dt>
<dd>{port}</dd>
<dt>Issuer</dt>
<dd>{escape(issuer_str)}</dd>
<dt>Serial number</dt>
<dd>{serial}</dd>
<dt>Valid from</dt>
<dd>{not_before.isoformat()}</dd>
<dt>Valid until</dt>
<dd>{not_after.isoformat()}</dd>
</dl>
</div>
</content>
<id>{url}</id>
<link rel="alternate" type="application/xhtml+xml" href="{url}"></link>
<title>TLS cert for {hostname} will expire at {not_after}</title>
<updated>{not_before.isoformat()}</updated>
</entry>'''
@composite
def certificates(draw):
"""Return a Hypothesis strategy for certificate summaries."""
not_before = draw(datetimes()).isoformat()
not_after = draw(datetimes()).isoformat()
hostname = draw(domains())
port = draw(ports())
serial = draw(serials())
issuer = draw(ca_names())
return f'{not_before} {not_after} {hostname} {port} {serial} {issuer}'
@contextmanager
def tmp_cert_file(lines):
cert_file = Path(mkstemp(text=True)[1])
cert_file.write_text('\n'.join(lines))
try:
yield cert_file
finally:
cert_file.unlink()
def has_usual_path(url):
"""Check if the given URL path tends to mess with urljoin."""
url_path = urlsplit(url).path
return not (url_path.startswith('//') or url_path.endswith('/.'))
@asynccontextmanager
async def connect(*args, **kwargs):
"""Return a read-write stream for an asyncio TCP connection."""
reader, writer = await open_connection(*args, **kwargs)
try:
yield reader, writer
finally:
writer.close()
@given(urls().filter(has_usual_path), lists(certificates(), min_size=1))
async def test_http_200(base_url, certs):
base_path = urlsplit(base_url).path
with tmp_cert_file(certs) as cert_file:
handler = partial(handle, cert_file, base_url)
server = await start_server(handler, 'localhost')
async with server:
socket, = server.sockets
async with connect(*socket.getsockname()) as (reader, writer):
writer.write(f'GET {base_path}\r\n'.encode())
await writer.drain()
response = await reader.readuntil(b'\r\n')
assert response == b'HTTP/1.1 200 OK\r\n'
@composite
def two_urls(draw, constraint):
"""Return a Hypothesis strategy for 2 URLs."""
first = draw(urls())
second = draw(urls().filter(partial(constraint, first)))
return first, second
@given(two_urls(lambda a, b: urlsplit(a).path != urlsplit(b).path))
async def test_http_404(url_and_url):
base_url, url = url_and_url
with tmp_cert_file(()) as cert_file:
handler = partial(handle, cert_file, base_url)
server = await start_server(handler, 'localhost')
async with server:
socket, = server.sockets
async with connect(*socket.getsockname()) as (reader, writer):
writer.write(f'GET {urlsplit(url).path}\r\n'.encode())
await writer.drain()
response = await reader.read()
assert response == b'HTTP/1.1 404 Not Found\r\n'
@given(urls(), text().filter(lambda method: not method.startswith('GET ')))
async def test_http_405(base_url, request):
with tmp_cert_file(()) as cert_file:
handler = partial(handle, cert_file, base_url)
server = await start_server(handler, 'localhost')
async with server:
socket, = server.sockets
async with connect(*socket.getsockname()) as (reader, writer):
writer.write(f'{request}\r\n'.encode())
await writer.drain()
response = await reader.read()
assert response == b'HTTP/1.1 405 Method Not Allowed\r\n'
|
