net/testserver.py: Add handler to reply with client auth status.

net/tools/testserver/testserver.py

 #!/usr/bin/env python
 # Copyright 2013 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for
 testing Chrome.
 
 It supports several test URLs, as specified by the handlers in TestPageHandler.
 By default, it listens on an ephemeral port and sends the port number back to
@@ skipping 318 matching lines @@
       self.AuthDigestHandler,
       self.SlowServerHandler,
       self.ChunkedServerHandler,
       self.NoContentHandler,
       self.ServerRedirectHandler,
       self.CrossSiteRedirectHandler,
       self.ClientRedirectHandler,
       self.GetSSLSessionCacheHandler,
       self.SSLManySmallRecords,
       self.GetChannelID,
+      self.GetClientCert,
       self.ClientCipherListHandler,
       self.CloseSocketHandler,
       self.RangeResetHandler,
       self.DefaultResponseHandler]
     post_handlers = [
       self.EchoTitleHandler,
       self.EchoHandler,
       self.PostOnlyFileHandler,
       self.EchoMultipartPostHandler] + get_handlers
     put_handlers = [
@@ skipping 1156 matching lines @@
     if not self._ShouldHandleRequest('/channel-id'):
       return False
 
     self.send_response(200)
     self.send_header('Content-Type', 'text/plain')
     self.end_headers()
     channel_id = bytes(self.server.tlsConnection.channel_id)
     self.wfile.write(hashlib.sha256(channel_id).digest().encode('base64'))
     return True
 
+  def GetClientCert(self):
+    """Send a reply whether a client certificate was provided."""
+
+    if not self._ShouldHandleRequest('/client-cert'):
+      return False
+
+    self.send_response(200)
+    self.send_header('Content-Type', 'text/plain')
+    self.end_headers()
+
+    cert_present = self.server.tlsConnection.session.clientCertChain != None
+    if cert_present:
+      self.wfile.write('got a client cert')
+    else:
+      self.wfile.write('got no client cert')

[Ryan Sleevi, 2015/08/06 23:48:52]

nit: Would it make more sense to write the SHA-256 hash of the certificate
chain, as received? That way you can make sure you're getting the _right_ client
cert, consistently :)

[pneubeck (no reviews), 2015/08/07 11:47:42]

Done.

+    return True
+
   def ClientCipherListHandler(self):
     """Send a reply containing the cipher suite list that the client
     provided. Each cipher suite value is serialized in decimal, followed by a
     newline."""
 
     if not self._ShouldHandleRequest('/client-cipher-list'):
       return False
 
     self.send_response(200)
     self.send_header('Content-Type', 'text/plain')
@@ skipping 756 matching lines @@
                                   'alert immediately after the handshake.')
     self.option_parser.add_option('--no-anonymous-ftp-user',
                                   dest='no_anonymous_ftp_user',
                                   default=False, action='store_true',
                                   help='If set, the FTP server will not create '
                                   'an anonymous user.')
 
 
 if __name__ == '__main__':
   sys.exit(ServerRunner().main())