Copy root CA information to the generated certificate

julien-duponchelle · julien-duponchelle · commit cc78b33ebbdb · 2025-09-11T18:39:25.000+02:00
diff --git a/src/asyncio_https_proxy/tls_store.py b/src/asyncio_https_proxy/tls_store.py
@@ -113,12 +113,16 @@ def _generate_cert(
         self, domain
     ) -> tuple[ec.EllipticCurvePrivateKey, x509.Certificate]:
         ee_key = ec.generate_private_key(ec.SECP256R1())
+        
+        ca_subject = self._ca[1].subject
+        ca_attrs = {attr.oid: attr.value for attr in ca_subject}
+        
         subject = x509.Name(
             [
-                x509.NameAttribute(NameOID.COUNTRY_NAME, "FR"),
-                x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Ile-de-France"),
-                x509.NameAttribute(NameOID.LOCALITY_NAME, "Paris"),
-                x509.NameAttribute(NameOID.ORGANIZATION_NAME, "Asyncio HTTPS Proxy"),
+                x509.NameAttribute(NameOID.COUNTRY_NAME, ca_attrs.get(NameOID.COUNTRY_NAME, "US")),
+                x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, ca_attrs.get(NameOID.STATE_OR_PROVINCE_NAME, "Unknown")),
+                x509.NameAttribute(NameOID.LOCALITY_NAME, ca_attrs.get(NameOID.LOCALITY_NAME, "Unknown")),
+                x509.NameAttribute(NameOID.ORGANIZATION_NAME, ca_attrs.get(NameOID.ORGANIZATION_NAME, "Unknown")),
             ]
         )
         ee_cert = (
diff --git a/tests/test_tls_store.py b/tests/test_tls_store.py
@@ -124,6 +124,27 @@ def test_generate_cert_creates_valid_certificate(tls_store):
     assert cert.issuer == tls_store._ca[1].subject
 
 
+def test_generate_cert_copies_ca_certificate_information(tls_store):
+    """Test that _generate_cert copies certificate information from the root CA"""
+    domain = "example.com"
+    _, cert = tls_store._generate_cert(domain)
+
+    # Get CA certificate attributes
+    ca_cert = tls_store._ca[1]
+    ca_subject_attrs = {attr.oid: attr.value for attr in ca_cert.subject}
+    
+    # Get generated certificate attributes
+    cert_subject_attrs = {attr.oid: attr.value for attr in cert.subject}
+
+    # Verify that the generated certificate copies information from the CA
+    assert cert_subject_attrs[x509.NameOID.COUNTRY_NAME] == ca_subject_attrs[x509.NameOID.COUNTRY_NAME]
+    assert cert_subject_attrs[x509.NameOID.STATE_OR_PROVINCE_NAME] == ca_subject_attrs[x509.NameOID.STATE_OR_PROVINCE_NAME] 
+    assert cert_subject_attrs[x509.NameOID.LOCALITY_NAME] == ca_subject_attrs[x509.NameOID.LOCALITY_NAME]
+    assert cert_subject_attrs[x509.NameOID.ORGANIZATION_NAME] == ca_subject_attrs[x509.NameOID.ORGANIZATION_NAME]
+
+    assert cert_subject_attrs[x509.NameOID.ORGANIZATION_NAME] == "Asyncio HTTPS Proxy"
+
+
 def test_get_ssl_context_returns_valid_context(tls_store):
     """Test that get_ssl_context returns a valid SSL context"""
     domain = "test.example.com"
