from typing
import Dict, Any
from pyhttpd.env
import HttpdTestEnv
class HttpdConf(object):
def __init__(self, env: HttpdTestEnv, extras: Dict[str, Any] =
None):
""" Create a new httpd configuration.
:param env: then environment this operates
in
:param extras: extra configuration directive
with ServerName
as key
and
'base' as special key
for global configuration additions.
"""
self.env = env
self._indents = 0
self._lines = []
self._extras = extras.copy()
if extras
else {}
if 'base' in self._extras:
self.add(self._extras[
'base'])
self._tls_engine_ports = set()
def __repr__(self):
s =
'\n'.join(self._lines)
return f
"HttpdConf[{s}]"
def install(self):
self.env.install_test_conf(self._lines)
def replacetlsstr(self, line):
l = line.replace(
"TLS_",
"")
l = l.replace(
"\n",
" ")
l = l.replace(
"\\",
" ")
l =
" ".join(l.split())
l = l.replace(
" ",
":")
l = l.replace(
"_",
"-")
l = l.replace(
"-WITH",
"")
l = l.replace(
"AES-",
"AES")
l = l.replace(
"POLY1305-SHA256",
"POLY1305")
return l
def replaceinstr(self, line):
if line.startswith(
"TLSCiphersPrefer"):
# the "TLS_" are changed into "".
l = self.replacetlsstr(line)
l = l.replace(
"TLSCiphersPrefer:",
"SSLCipherSuite ")
elif line.startswith(
"TLSCiphersSuppress"):
# like SSLCipherSuite but with :!
l = self.replacetlsstr(line)
l = l.replace(
"TLSCiphersSuppress:",
"SSLCipherSuite !")
l = l.replace(
":",
":!")
elif line.startswith(
"TLSCertificate"):
l = line.replace(
"TLSCertificate",
"SSLCertificateFile")
elif line.startswith(
"TLSProtocol"):
# mod_ssl is different (+ no supported and 0x code have to be translated)
l = line.replace(
"TLSProtocol",
"SSLProtocol")
l = l.replace(
"+",
"")
l = l.replace(
"default",
"all")
l = l.replace(
"0x0303",
"1.2")
# need to check 1.3 and 1.1
elif line.startswith(
"SSLProtocol"):
l = line
# we have that in test/modules/tls/test_05_proto.py
elif line.startswith(
"TLSHonorClientOrder"):
# mod_ssl has SSLHonorCipherOrder on = use server off = use client.
l = line.lower()
if "on" in l:
l =
"SSLHonorCipherOrder off"
else:
l =
"SSLHonorCipherOrder on"
elif line.startswith(
"TLSEngine"):
# In fact it should go in the corresponding VirtualHost... Not sure how to do that.
l =
"SSLEngine On"
else:
if line !=
"":
l = line.replace(
"TLS",
"SSL")
else:
l = line
return l
def add(self, line: Any):
# make we transform the TLS to SSL if we are using mod_ssl
if isinstance(line, str):
if not HttpdTestEnv.has_shared_module(
"tls"):
line = self.replaceinstr(line)
if self._indents > 0:
line = f
"{' ' * self._indents}{line}"
self._lines.append(line)
else:
if not HttpdTestEnv.has_shared_module(
"tls"):
new = []
previous =
""
for l
in line:
if previous.startswith(
"SSLCipherSuite"):
if l.startswith(
"TLSCiphersPrefer")
or l.startswith(
"TLSCiphersSuppress"):
# we need to merge it
l = self.replaceinstr(l)
l = l.replace(
"SSLCipherSuite ",
":")
previous = previous + l
continue
else:
if self._indents > 0:
previous = f
"{' ' * self._indents}{previous}"
new.append(previous)
previous =
""
l = self.replaceinstr(l)
if l.startswith(
"SSLCipherSuite"):
previous = l
continue
if self._indents > 0:
l = f
"{' ' * self._indents}{l}"
new.append(l)
if previous !=
"":
if self._indents > 0:
previous = f
"{' ' * self._indents}{previous}"
new.append(previous)
self._lines.extend(new)
else:
if self._indents > 0:
line = [f
"{' ' * self._indents}{l}" for l
in line]
self._lines.extend(line)
return self
def add_certificate(self, cert_file, key_file, ssl_module=
None):
if ssl_module
is None:
ssl_module = self.env.ssl_module
if ssl_module ==
'mod_ssl':
self.add([
f
"SSLCertificateFile {cert_file}",
f
"SSLCertificateKeyFile {key_file if key_file else cert_file}",
])
elif ssl_module ==
'mod_tls':
self.add(f
"TLSCertificate {cert_file} {key_file if key_file else ''}")
elif ssl_module ==
'mod_gnutls':
self.add([
f
"GnuTLSCertificateFile {cert_file}",
f
"GnuTLSKeyFile {key_file if key_file else cert_file}",
])
else:
raise Exception(f
"unsupported ssl module: {ssl_module}")
def add_vhost(self, domains, port=
None, doc_root=
"htdocs", with_ssl=
None,
with_certificates=
None, ssl_module=
None):
self.start_vhost(domains=domains, port=port, doc_root=doc_root,
with_ssl=with_ssl, with_certificates=with_certificates,
ssl_module=ssl_module)
self.end_vhost()
return self
def start_vhost(self, domains, port=
None, doc_root=
"htdocs", with_ssl=
None,
ssl_module=
None, with_certificates=
None):
if not isinstance(domains, list):
domains = [domains]
if port
is None:
port = self.env.https_port
if ssl_module
is None:
ssl_module = self.env.ssl_module
if with_ssl
is None:
with_ssl = self.env.https_port == port
if with_ssl
and ssl_module ==
'mod_tls' and port
not in self._tls_engine_ports:
self.add(f
"TLSEngine {port}")
self._tls_engine_ports.add(port)
self.add(
"")
self.add(f
"")
self._indents += 1
self.add(f
"ServerName {domains[0]}")
for alias
in domains[1:]:
self.add(f
"ServerAlias {alias}")
self.add(f
"DocumentRoot {doc_root}")
if with_ssl:
if ssl_module ==
'mod_ssl':
self.add(
"SSLEngine on")
elif ssl_module ==
'mod_gnutls':
self.add(
"GnuTLSEnable on")
if with_certificates
is not False:
for cred
in self.env.get_credentials_for_name(domains[0]):
self.add_certificate(cred.cert_file, cred.pkey_file, ssl_module=ssl_module)
if domains[0]
in self._extras:
self.add(self._extras[domains[0]])
return self
def end_vhost(self):
self._indents -= 1
self.add(
"")
self.add(
"")
return self
def add_proxies(self, host, proxy_self=
False, h2proxy_self=
False):
if proxy_self
or h2proxy_self:
self.add(
"ProxyPreserveHost on")
if proxy_self:
self.add([
f
"ProxyPass /proxy/ http://127.0.0.1:{self.env.http_port}/",
f
"ProxyPassReverse /proxy/ http://{host}.{self.env.http_tld}:{self.env.http_port}/",
])
if h2proxy_self:
self.add([
f
"ProxyPass /h2proxy/ h2://127.0.0.1:{self.env.https_port}/",
f
"ProxyPassReverse /h2proxy/ https://{host}.{self.env.http_tld}:self.env.https_port/",
])
return self
def add_vhost_test1(self, proxy_self=
False, h2proxy_self=
False):
domain = f
"test1.{self.env.http_tld}"
self.start_vhost(domains=[domain, f
"www1.{self.env.http_tld}"],
port=self.env.http_port, doc_root=
"htdocs/test1")
self.end_vhost()
self.start_vhost(domains=[domain, f
"www1.{self.env.http_tld}"],
port=self.env.https_port, doc_root=
"htdocs/test1")
self.add([
"",
" Options +Indexes",
"",
])
self.add_proxies(
"test1", proxy_self, h2proxy_self)
self.end_vhost()
return self
def add_vhost_test2(self):
domain = f
"test2.{self.env.http_tld}"
self.start_vhost(domains=[domain, f
"www2.{self.env.http_tld}"],
port=self.env.http_port, doc_root=
"htdocs/test2")
self.end_vhost()
self.start_vhost(domains=[domain, f
"www2.{self.env.http_tld}"],
port=self.env.https_port, doc_root=
"htdocs/test2")
self.add([
"",
" Options +Indexes",
"",
])
self.end_vhost()
return self
def add_vhost_cgi(self, proxy_self=
False, h2proxy_self=
False):
domain = f
"cgi.{self.env.http_tld}"
if proxy_self:
self.add([
"ProxyStatus on",
"ProxyTimeout 5",
"SSLProxyEngine on",
"SSLProxyVerify none"])
if h2proxy_self:
self.add([
"SSLProxyEngine on",
"SSLProxyCheckPeerName off"])
self.start_vhost(domains=[domain, f
"cgi-alias.{self.env.http_tld}"],
port=self.env.https_port, doc_root=
"htdocs/cgi")
self.add_proxies(
"cgi", proxy_self=proxy_self, h2proxy_self=h2proxy_self)
self.end_vhost()
self.start_vhost(domains=[domain, f
"cgi-alias.{self.env.http_tld}"],
port=self.env.http_port, doc_root=
"htdocs/cgi")
self.add(
"AddHandler cgi-script .py")
self.add_proxies(
"cgi", proxy_self=proxy_self, h2proxy_self=h2proxy_self)
self.end_vhost()
return self
@staticmethod
def merge_extras(e1: Dict[str, Any], e2: Dict[str, Any]) -> Dict[str, Any]:
def _concat(v1, v2):
if isinstance(v1, str):
v1 = [v1]
if isinstance(v2, str):
v2 = [v2]
v1.extend(v2)
return v1
if e1
is None:
return e2.copy()
if e2
else None
if e2
is None:
return e1.copy()
e3 = e1.copy()
for name, val
in e2.items():
if name
in e3:
e3[name] = _concat(e3[name], val)
else:
e3[name] = val
return e3
