Skip to content

Commit fe4e468

Browse files
DarsstarDos Moonen
Darsstar
and
Dos Moonen
authored
Strip the CRL server from the certificates again (#67)
Co-authored-by: Dos Moonen <[email protected]>
1 parent 65440a3 commit fe4e468

12 files changed

+79
-62
lines changed

.ci/certs/ca.p12

2.86 KB
Binary file not shown.

.ci/certs/client_localhost.p12

171 Bytes
Binary file not shown.

.ci/certs/client_localhost_certificate.pem

+20-20
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,22 @@
11
-----BEGIN CERTIFICATE-----
2-
MIIDvDCCAqSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH
3-
ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMDItMjdUMTU6NDQ6NTguODgwNTMwMQ0w
4-
CwYDVQQHDAQkJCQkMB4XDTI1MDIyNzE0NDQ1OVoXDTM1MDIyNTE0NDQ1OVowJTES
5-
MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZjbGllbnQwggEiMA0GCSqGSIb3
6-
DQEBAQUAA4IBDwAwggEKAoIBAQC7L/xjD4iHTCf2IfXd/fayxkX0+dI+Z2y+latM
7-
UFvn4GpDIz0Acfqjp3/NhShbWoHqOhR/w5l20J9Ljt2RmecpybK717Flst8Q0g0C
8-
xm3GaN7fVLAxoWAIbzU7cAZMv0SRuu2RIo2HTt5i2xBljA5Bf6wMZqMFxvnNWNGt
9-
TIWVUzCjeqWqPUi84XdHu0GWyQ11rIjCnw5zY3D8EFc+HoTgI33y81EABps7ybmH
10-
BdUtMsAFEXgk3lJplaLeIvlM/HzBk+ffkqpcwC6kTnoR7Nww8a2aE6wHq91Hj+R7
11-
mmAo8Hpx0grott/pmwWOd2Ld1w3gxC3I7D6yqjfT4Rjc6FyxAgMBAAGjgdAwgc0w
12-
CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwKwYD
13-
VR0RBCQwIoIJbG9jYWxob3N0ggpGMjNOMDQ5MlhUgglsb2NhbGhvc3QwMQYDVR0f
14-
BCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2ZXI6ODAwMC9iYXNpYy5jcmwwHQYD
15-
VR0OBBYEFLmThoy0pKufr0QWZRwg1FJGdcFRMB8GA1UdIwQYMBaAFDJd0t924S/4
16-
0cxm/LgBIUfoEhlaMA0GCSqGSIb3DQEBCwUAA4IBAQCk4Ytqqtymc8h0M2HiIyhK
17-
p2Dkf7GZRjBPvC6ULIxMEixslcDCkVTkLaYKRJL7xv37RNfc6kgi9K1IjPfDUtEm
18-
IDm56hRhIvLkH/BsUbhhJsZnYBN1GbqmFNtNP7Zj2Yt6uAwFkFB6gnK7RflSwVaG
19-
EYZhs8QEmZ1VhGymJorp5HGI6EcVkOhG3pScp5yaAqM2cKy7CLnZJfpCzQ12LZ7/
20-
2UEKRtfILvN8kWaWOaGCM7t3Z2i6bfEh/1WZBmZnyK+zDBxv/YDp2iave/i7r/dY
21-
tOZA1KB2OMWZY4pHmiEior05yf0o7xNctPdwy3+IvRYAH6FJhMA29XoizPW8Cvtk
2+
MIIDnDCCAoSgAwIBAgIUXHwqQoZiZnMEBExZooUBletJc5AwDQYJKoZIhvcNAQEL
3+
BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTAyLTI3
4+
VDE1OjQ0OjU4Ljg4MDUzMDENMAsGA1UEBwwEJCQkJDAeFw0yNTAzMzEwODIwMTRa
5+
Fw0yNjAzMzEwODIwMTRaMCUxEjAQBgNVBAMMCWxvY2FsaG9zdDEPMA0GA1UECgwG
6+
Y2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuy/8Yw+Ih0wn
7+
9iH13f32ssZF9PnSPmdsvpWrTFBb5+BqQyM9AHH6o6d/zYUoW1qB6joUf8OZdtCf
8+
S47dkZnnKcmyu9exZbLfENINAsZtxmje31SwMaFgCG81O3AGTL9EkbrtkSKNh07e
9+
YtsQZYwOQX+sDGajBcb5zVjRrUyFlVMwo3qlqj1IvOF3R7tBlskNdayIwp8Oc2Nw
10+
/BBXPh6E4CN98vNRAAabO8m5hwXVLTLABRF4JN5SaZWi3iL5TPx8wZPn35KqXMAu
11+
pE56EezcMPGtmhOsB6vdR4/ke5pgKPB6cdIK6Lbf6ZsFjndi3dcN4MQtyOw+sqo3
12+
0+EY3OhcsQIDAQABo4GdMIGaMCsGA1UdEQQkMCKCCWxvY2FsaG9zdIIKRjIzTjA0
13+
OTJYVIIJbG9jYWxob3N0MAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUMl3S33bhL/jR
14+
zGb8uAEhR+gSGVowHQYDVR0OBBYEFLmThoy0pKufr0QWZRwg1FJGdcFRMAsGA1Ud
15+
DwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEA
16+
rHwYFdoRGosO25hLiqS3Llb9idmqr7gLwZ7Xpvb9WkkoQczZyHIzld8aNVf5Jih2
17+
6axkl7PBegW/+2og7pdJ3pknfoHGik0NVgJVxZZ6ZK8Gp0fUvgVWM6OXilF6Vb99
18+
wEzyavM00Vz0P/Mts60BPmvUnH8rRIWh3qsE+CPAdqu5QJTC4toblrGw/HkXpfoq
19+
yqFfegYexxUE0eIH5ZraxhGdnkfWXu2uMdILmqHyetW5BKKJphK8ft5lRwBEgqcR
20+
btmHBxRnZDxUgK3Y9sln9XwTWmxk19MMjGvCZw/g5Iq3QNNmJToyb+9EOICVEgXj
21+
VY3SdWp32ADzuqOMEBNkrg==
2222
-----END CERTIFICATE-----

.ci/certs/server_localhost.p12

171 Bytes
Binary file not shown.

.ci/certs/server_localhost_certificate.pem

+20-20
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,22 @@
11
-----BEGIN CERTIFICATE-----
2-
MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH
3-
ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMDItMjdUMTU6NDQ6NTguODgwNTMwMQ0w
4-
CwYDVQQHDAQkJCQkMB4XDTI1MDIyNzE0NDQ1OVoXDTM1MDIyNTE0NDQ1OVowJTES
5-
MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3
6-
DQEBAQUAA4IBDwAwggEKAoIBAQCn1MRZTV3ATEvS8jFXhci/HGup4acSa1AduNak
7-
8fpGHSFFmrywY6cl00rmPa95nfGloqbkRydqOwMn1Pv3XfHc3UeaiBgU+FNRj9u6
8-
NOwJ0zR3QkqLxvQqbjrvxMN/IaZ2WL0Zem+j8YIY9yHytjkLEX2AH9AZLwHpdBLI
9-
vSVeS3BNF/gKpXYExGNNfG47/Lo0fIgwboN069pHY/Ff80SAzUkzRcOxDplJoMWp
10-
wym15ssmAnGzAzTrMhKIJ7rUyaE0ZNAIcid7KQ1VzB+yMpeYz5pdbx0G4U/DuVXf
11-
j8FnwlGwGAw05CckDjZcgrWNgLz1kqEcMV/UEFlbQuEzl5kTAgMBAAGjgdAwgc0w
12-
CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwKwYD
13-
VR0RBCQwIoIJbG9jYWxob3N0ggpGMjNOMDQ5MlhUgglsb2NhbGhvc3QwHQYDVR0O
14-
BBYEFGv69aUODEtJA5QWU4KalMtGvuGYMB8GA1UdIwQYMBaAFDJd0t924S/40cxm
15-
/LgBIUfoEhlaMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwtc2VydmVyOjgw
16-
MDAvYmFzaWMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBQxX+IwLmt9emhC/of3riN
17-
wQaLXGYKKMHcsimGkBsQbitWlwWtBZwR2F9aOlvcOAlFbQ2Enldbdpkens1YwR4k
18-
Fsx2VdOnumSYbq6DKZg0mMrg3AqufYLBGVPSGNksQ6qERZVD5NGATLh0kA9R3q0h
19-
eGKJbHyrdI6fkSELkmBGbuetjmGIfmYh+OjYZhqvU5mutjdOfY9k1t08eRvdNiIB
20-
4HxFVEk/S0opA98LkjY0wjPSAMZAWPNxHD5vHoaI6VwYnxLadD1NcasfEpae6uLW
21-
t7CT+v6rtfBXvczfdd9rmhCmcHR5ckrL/wbpnvgkloQqxclw5IpDt/JkPyGghWx3
2+
MIIDnDCCAoSgAwIBAgIUTaKkqSIB0UooOSRvfT8BletD6xswDQYJKoZIhvcNAQEL
3+
BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTAyLTI3
4+
VDE1OjQ0OjU4Ljg4MDUzMDENMAsGA1UEBwwEJCQkJDAeFw0yNTAzMzEwODE0MTFa
5+
Fw0yNjAzMzEwODE0MTFaMCUxEjAQBgNVBAMMCWxvY2FsaG9zdDEPMA0GA1UECgwG
6+
c2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9TEWU1dwExL
7+
0vIxV4XIvxxrqeGnEmtQHbjWpPH6Rh0hRZq8sGOnJdNK5j2veZ3xpaKm5EcnajsD
8+
J9T7913x3N1HmogYFPhTUY/bujTsCdM0d0JKi8b0Km4678TDfyGmdli9GXpvo/GC
9+
GPch8rY5CxF9gB/QGS8B6XQSyL0lXktwTRf4CqV2BMRjTXxuO/y6NHyIMG6DdOva
10+
R2PxX/NEgM1JM0XDsQ6ZSaDFqcMptebLJgJxswM06zISiCe61MmhNGTQCHIneykN
11+
VcwfsjKXmM+aXW8dBuFPw7lV34/BZ8JRsBgMNOQnJA42XIK1jYC89ZKhHDFf1BBZ
12+
W0LhM5eZEwIDAQABo4GdMIGaMCsGA1UdEQQkMCKCCWxvY2FsaG9zdIIKRjIzTjA0
13+
OTJYVIIJbG9jYWxob3N0MAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUMl3S33bhL/jR
14+
zGb8uAEhR+gSGVowHQYDVR0OBBYEFGv69aUODEtJA5QWU4KalMtGvuGYMAsGA1Ud
15+
DwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEA
16+
BiEO0HkTJV7EmFaieTrmygwhd5oPLjNQNSEZERQpdnFiE3cwCSEsMX+/NlGG0k/R
17+
7I0hzEZahPVpAa5U4iBrLDFdH59bfG519MhwK0sOGq83qMIIOuG/D4y6AfYppBJS
18+
z9/CriQ3mk4m6hSkk25Pf3c2gRsDQH/dMReCIFBrAshGhNwGQEPCXGWDz4k7cRwp
19+
ZCDt+Bxw3ukWv3sZJhMBXs/G9LTfRbSHlE5ejHAMSszx0CiW7GRwVFmYyHx8kyFo
20+
ejr2/PtCuamDzkGjQEYxCuY/b67oVTyV8R9b3zmxo893IO5udja7V+ep9q7SeD9V
21+
9WiyRZIfZDjieDX7FvhziQ==
2222
-----END CERTIFICATE-----

.ci/ubuntu/gha-setup.sh

+3-3
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,9 @@ readonly rabbitmq_image=rabbitmq:4.1.0-management
1313
readonly docker_name_prefix='rabbitmq-amqp-python-client'
1414
readonly docker_network_name="$docker_name_prefix-network"
1515

16+
readonly rabbitmq_docker_name="$docker_name_prefix-rabbitmq"
17+
readonly toxiproxy_docker_name="$docker_name_prefix-toxiproxy"
18+
1619
if [[ ! -v GITHUB_ACTIONS ]]
1720
then
1821
GITHUB_ACTIONS='false'
@@ -49,9 +52,6 @@ fi
4952

5053
set -o nounset
5154

52-
declare -r rabbitmq_docker_name="$docker_name_prefix-rabbitmq"
53-
declare -r toxiproxy_docker_name="$docker_name_prefix-toxiproxy"
54-
5555
function start_toxiproxy
5656
{
5757
if [[ $run_toxiproxy == 'true' ]]

Makefile

+2-2
Original file line numberDiff line numberDiff line change
@@ -8,10 +8,10 @@ rabbitmq-server-stop:
88
./.ci/ubuntu/gha-setup.sh stop
99

1010
format:
11-
poetry run isort --skip rabbitmq_amqp_python_client/qpid .
11+
poetry run isort --skip rabbitmq_amqp_python_client/qpid --skip .venv .
1212
poetry run black rabbitmq_amqp_python_client/
1313
poetry run black tests/
14-
poetry run flake8 --exclude=venv,local_tests,docs/examples,rabbitmq_amqp_python_client/qpid --max-line-length=120 --ignore=E203,W503
14+
poetry run flake8 --exclude=venv,.venv,local_tests,docs/examples,rabbitmq_amqp_python_client/qpid --max-line-length=120 --ignore=E203,W503
1515

1616
test: format
1717
poetry run pytest .

rabbitmq_amqp_python_client/qpid/proton/_message.py

+1-4
Original file line numberDiff line numberDiff line change
@@ -84,10 +84,7 @@
8484
from ._common import millis2secs, secs2millis
8585
from ._data import AnnotationDict, Data, char, symbol, ulong
8686
from ._endpoints import Link
87-
from ._exceptions import (
88-
EXCEPTIONS,
89-
MessageException,
90-
)
87+
from ._exceptions import EXCEPTIONS, MessageException
9188

9289
if TYPE_CHECKING:
9390
from proton._data import PythonAMQPData

rabbitmq_amqp_python_client/qpid/proton/_transport.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -820,7 +820,7 @@ class SSLDomain(object):
820820

821821
def __init__(self, mode: int) -> None:
822822
self._domain = pn_ssl_domain(mode)
823-
if self._domain is None:
823+
if isnull(self._domain):
824824
raise SSLUnavailable()
825825

826826
def _check(self, err: int) -> int:

rabbitmq_amqp_python_client/ssl_configuration.py

+2-2
Original file line numberDiff line numberDiff line change
@@ -48,10 +48,10 @@ class WinClientCert:
4848
@dataclass
4949
class PosixSslConfigurationContext:
5050
ca_cert: str
51-
client_cert: Union[PosixClientCert, WinClientCert, None] = None
51+
client_cert: Union[PosixClientCert, None] = None
5252

5353

5454
@dataclass
5555
class WinSslConfigurationContext:
5656
ca_store: Union[LocalMachineStore, CurrentUserStore, PKCS12Store]
57-
client_cert: Union[PosixClientCert, WinClientCert, None] = None
57+
client_cert: Union[WinClientCert, None] = None

tests/conftest.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ def connection_with_reconnect(pytestconfig):
8484
def ssl_context(pytestconfig):
8585
if sys.platform == "win32":
8686
return WinSslConfigurationContext(
87-
ca_store=PKCS12Store(path=".ci/certs/server_localhost.p12"),
87+
ca_store=PKCS12Store(path=".ci/certs/ca.p12"),
8888
client_cert=WinClientCert(
8989
store=PKCS12Store(path=".ci/certs/client_localhost.p12"),
9090
disambiguation_method=FriendlyName(name="1"),

tests/test_connection.py

+29-9
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,18 @@
22
from datetime import datetime, timedelta
33
from pathlib import Path
44

5+
import pytest
6+
57
from rabbitmq_amqp_python_client import (
68
ConnectionClosed,
79
Environment,
10+
PKCS12Store,
11+
PosixSslConfigurationContext,
812
QuorumQueueSpecification,
913
RecoveryConfiguration,
1014
StreamSpecification,
1115
ValidationCodeException,
16+
WinSslConfigurationContext,
1217
)
1318

1419
from .http_requests import delete_all_connections
@@ -39,15 +44,30 @@ def test_connection_ssl(ssl_context) -> None:
3944
"amqps://guest:guest@localhost:5671/",
4045
ssl_context=ssl_context,
4146
)
42-
path = Path(ssl_context.ca_cert)
43-
assert path.is_file() is True
44-
assert path.exists() is True
45-
46-
path = Path(ssl_context.client_cert.client_cert)
47-
assert path.is_file() is True
48-
49-
path = Path(ssl_context.client_cert.client_key)
50-
assert path.is_file() is True
47+
if isinstance(ssl_context, PosixSslConfigurationContext):
48+
path = Path(ssl_context.ca_cert)
49+
assert path.is_file() is True
50+
assert path.exists() is True
51+
52+
path = Path(ssl_context.client_cert.client_cert)
53+
assert path.is_file() is True
54+
assert path.exists() is True
55+
56+
path = Path(ssl_context.client_cert.client_key)
57+
assert path.is_file() is True
58+
assert path.exists() is True
59+
elif isinstance(ssl_context, WinSslConfigurationContext):
60+
assert isinstance(ssl_context.ca_store, PKCS12Store)
61+
path = Path(ssl_context.ca_store.path)
62+
assert path.is_file() is True
63+
assert path.exists() is True
64+
65+
assert isinstance(ssl_context.client_cert.store, PKCS12Store)
66+
path = Path(ssl_context.client_cert.store.path)
67+
assert path.is_file() is True
68+
assert path.exists() is True
69+
else:
70+
pytest.fail("Unsupported ssl context")
5171

5272
connection = environment.connection()
5373
connection.dial()

0 commit comments

Comments
 (0)