Added test routine for clientcertificate option

2025-01-30 22:59:48 +00:00 · 2021-07-19 16:32:12 +01:00 · 2021-07-19 16:32:12 +01:00 · 8f2341c531
commit 8f2341c531
parent a67dafe3aa
4 changed files with 84 additions and 0 deletions
--- a/test/test_clientcert.py
+++ b/test/test_clientcert.py
@ -0,0 +1,48 @@
 #!/usr/bin/env python
 # coding: utf-8
 from __future__ import unicode_literals
 # Allow direct execution
 import os
 import sys
 import unittest
 sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
 from test.helper import http_server_port
 from youtube_dl import YoutubeDL
 from youtube_dl.compat import compat_http_server
 import ssl
 import threading
 from test.test_http import HTTPTestRequestHandler, FakeLogger
 # See https://gist.github.com/dergachev/7028596
 # and http://www.piware.de/2011/01/creating-an-https-server-in-python/
 # and https://blog.devolutions.net/2020/07/tutorial-how-to-generate-secure-self-signed-server-and-client-certificates-with-openssl
 TEST_DIR = os.path.dirname(os.path.abspath(__file__))
 class TestClientCert(unittest.TestCase):
    def setUp(self):
        certfn = os.path.join(TEST_DIR, 'testcert.pem')
        cacertfn = os.path.join(TEST_DIR, 'testdata', 'clientcert', 'ca.crt')
        self.httpd = compat_http_server.HTTPServer(('127.0.0.1', 0), HTTPTestRequestHandler)
        self.httpd.socket = ssl.wrap_socket(
            self.httpd.socket, cert_reqs=ssl.CERT_REQUIRED, ca_certs=cacertfn, certfile=certfn, server_side=True)
        self.port = http_server_port(self.httpd)
        self.server_thread = threading.Thread(target=self.httpd.serve_forever)
        self.server_thread.daemon = True
        self.server_thread.start()
    def test_check_clientcertificate(self):
        clientcertfn = os.path.join(TEST_DIR, 'testdata', 'clientcert', 'client.crt')
        ydl = YoutubeDL({'logger': FakeLogger(), 'clientcertificate': clientcertfn})
        r = ydl.extract_info('https://127.0.0.1:%d/video.html' % self.port)
        self.assertEqual(r['entries'][0]['url'], 'https://127.0.0.1:%d/vid.mp4' % self.port)
 if __name__ == '__main__':
    unittest.main()
--- a/test/testdata/clientcert/ca.crt
+++ b/test/testdata/clientcert/ca.crt
@ -0,0 +1,11 @@
 -----BEGIN CERTIFICATE-----
 MIIBnTCCAUOgAwIBAgIUN4jSR5qgSLKJs4lWdBUQPiOyUPEwCgYIKoZIzj0EAwIw
 JDETMBEGA1UECgwKWW91dHViZS1ETDENMAsGA1UEAwwEVGVzdDAeFw0yMTA3MTkx
 NTE1MzJaFw0zODAxMTgxNTE1MzJaMCQxEzARBgNVBAoMCllvdXR1YmUtREwxDTAL
 BgNVBAMMBFRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ8DNZrIDTIQ4mN
 IofBxPIDF2nZUKKAUPAMyn6ntXh99WhLRO5caGKTPWip+LspF5j2uyd2DAcAKMZ5
 170qIbSCo1MwUTAdBgNVHQ4EFgQUj+rfMTfIDHufM94pYwjvI8pZKlYwHwYDVR0j
 BBgwFoAUj+rfMTfIDHufM94pYwjvI8pZKlYwDwYDVR0TAQH/BAUwAwEB/zAKBggq
 hkjOPQQDAgNIADBFAiAwhl8mpPiZoAXWfPHSZaxiLPjy2m4pZK70O0BHnxmSJQIh
 AOeQgZh0j0SkZW0kXHBPWguCgvVm5tqQPQJCevgNDKWP
 -----END CERTIFICATE-----
--- a/test/testdata/clientcert/client.crt
+++ b/test/testdata/clientcert/client.crt
@ -0,0 +1,14 @@
 -----BEGIN CERTIFICATE-----
 MIIBSTCB8AIUE2DY1KuqtYWIi0KYeSYvta9sV+swCgYIKoZIzj0EAwIwJDETMBEG
 A1UECgwKWW91dHViZS1ETDENMAsGA1UEAwwEVGVzdDAeFw0yMTA3MTkxNTE2MjZa
 Fw0zODAxMTgxNTE2MjZaMCsxEzARBgNVBAoMCllvdXR1YmUtREwxFDASBgNVBAMM
 C1Rlc3QgQ2xpZW50MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEc0ldxFETUFCS
 CsMq01OUEYp9zkPbXZ9IkTUu1RQhliuPYCsc4Q+UZ8z+Ttcyqa76jAMcmQWh+n2P
 4i7uCDvZ8zAKBggqhkjOPQQDAgNIADBFAiEAiuQWNv6F7EO+bZGhDDxhUkGdhWOy
 36YbZa+BZ8CYae0CIBVfdEnrG5M9tc6PZjXiXgoUMUrnPnRXs76ihQ55hHPW
 -----END CERTIFICATE-----
 -----BEGIN EC PRIVATE KEY-----
 MHcCAQEEIBVDCR/z/PuVFzGKFCOt9GYGpwQ8vJTXAj59jPwP4OFVoAoGCCqGSM49
 AwEHoUQDQgAEc0ldxFETUFCSCsMq01OUEYp9zkPbXZ9IkTUu1RQhliuPYCsc4Q+U
 Z8z+Ttcyqa76jAMcmQWh+n2P4i7uCDvZ8w==
 -----END EC PRIVATE KEY-----
--- a/test/testdata/clientcert/instructions.txt
+++ b/test/testdata/clientcert/instructions.txt
@ -0,0 +1,11 @@
 #https://blog.devolutions.net/2020/07/tutorial-how-to-generate-secure-self-signed-server-and-client-certificates-with-openssl
 # Adapt the commands below
 # 6027 days from the time of signing to the day before Y2038
 # Recalculate or use -preserve_dates if re-signing, until
 # 32-bit time_t is not an issue 
 #openssl ecparam -name prime256v1 -genkey -noout -out ca.key
 #openssl req -new -x509 -sha256 -days 6027 -key ca.key -out ca.crt
 #openssl ecparam -name prime256v1 -genkey -noout -out client.key
 #openssl req -new -sha256 -key client.key -out client.csr
 #openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 6027 -sha256
 #cat client.key >> client.crt