Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

5

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

8

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

9

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

10

from sys import platform, version_info, getfilesystemencoding

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

11

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

12

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

13

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

14

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

15

from weakref import ref

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

16

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

17

from six import PY3, text_type, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

18

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

19

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

20

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

21

from OpenSSL.crypto import dump_privatekey, load_privatekey

22

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

23

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

24

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

25

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

26

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

27

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

28

from OpenSSL.SSL import (

29

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

30

TLSv1_1_METHOD, TLSv1_2_METHOD)

31

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

32

from OpenSSL.SSL import (

33

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

34

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

35

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

36

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

37

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

38

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

39

40

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

41

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

42

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

43

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

44

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

45

from OpenSSL.test.util import NON_ASCII, TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

46

from OpenSSL.test.test_crypto import (

47

cleartextCertificatePEM, cleartextPrivateKeyPEM)

48

from OpenSSL.test.test_crypto import (

49

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

50

root_cert_pem)

51

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

52

try:

53

from OpenSSL.SSL import OP_NO_QUERY_MTU

54

except ImportError:

55

OP_NO_QUERY_MTU = None

56

try:

57

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

58

except ImportError:

59

OP_COOKIE_EXCHANGE = None

60

try:

61

from OpenSSL.SSL import OP_NO_TICKET

62

except ImportError:

63

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

64

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

65

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

66

from OpenSSL.SSL import OP_NO_COMPRESSION

67

except ImportError:

68

OP_NO_COMPRESSION = None

69

70

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

71

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

72

except ImportError:

73

MODE_RELEASE_BUFFERS = None

74

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

75

try:

76

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

77

except ImportError:

78

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

79

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

80

from OpenSSL.SSL import (

81

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

82

SSL_ST_OK, SSL_ST_RENEGOTIATE,

83

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

84

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

85

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

86

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

87

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

88

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

89

# to use)

90

dhparam = """\

91

-----BEGIN DH PARAMETERS-----

92

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

93

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2015-04-12 11:38:49 -0400

[diff] [blame]

97

def join_bytes_or_unicode(prefix, suffix):

98

"""

99

Join two path components of either ``bytes`` or ``unicode``.

100

101

The return type is the same as the type of ``prefix``.

102

"""

103

# If the types are the same, nothing special is necessary.

104

if type(prefix) == type(suffix):

105

return join(prefix, suffix)

106

107

# Otherwise, coerce suffix to the type of prefix.

108

if isinstance(prefix, text_type):

109

return join(prefix, suffix.decode(getfilesystemencoding()))

110

else:

111

return join(prefix, suffix.encode(getfilesystemencoding()))

112

113

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

114

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

115

return ok

116

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

117

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

118

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

119

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

120

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

121

"""

122

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

128

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

129

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

130

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

131

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

132

# Let's pass some unencrypted data to make sure our socket connection is

133

# fine. Just one byte, so we don't have to worry about buffers getting

134

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

135

server.send(b("x"))

136

assert client.recv(1024) == b("x")

137

client.send(b("y"))

138

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

139

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

140

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

141

server.setblocking(False)

142

client.setblocking(False)

143

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

144

return (server, client)

145

146

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

147

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

148

def handshake(client, server):

149

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

160

def _create_certificate_chain():

161

"""

162

Construct and return a chain of certificates.

163

164

1. A new self-signed certificate authority certificate (cacert)

165

2. A new intermediate certificate signed by cacert (icert)

166

3. A new server certificate signed by icert (scert)

167

"""

168

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

173

cacert = X509()

174

cacert.get_subject().commonName = "Authority Certificate"

175

cacert.set_issuer(cacert.get_subject())

176

cacert.set_pubkey(cakey)

177

cacert.set_notBefore(b("20000101000000Z"))

178

cacert.set_notAfter(b("20200101000000Z"))

179

cacert.add_extensions([caext])

180

cacert.set_serial_number(0)

181

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

186

icert = X509()

187

icert.get_subject().commonName = "Intermediate Certificate"

188

icert.set_issuer(cacert.get_subject())

189

icert.set_pubkey(ikey)

190

icert.set_notBefore(b("20000101000000Z"))

191

icert.set_notAfter(b("20200101000000Z"))

192

icert.add_extensions([caext])

193

icert.set_serial_number(0)

194

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

199

scert = X509()

200

scert.get_subject().commonName = "Server Certificate"

201

scert.set_issuer(icert.get_subject())

202

scert.set_pubkey(skey)

203

scert.set_notBefore(b("20000101000000Z"))

204

scert.set_notAfter(b("20200101000000Z"))

205

scert.add_extensions([

206

X509Extension(b('basicConstraints'), True, b('CA:false'))])

207

scert.set_serial_number(0)

208

scert.sign(ikey, "sha1")

209

210

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

214

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

215

"""

216

Helper mixin which defines methods for creating a connected socket pair and

217

for forcing two connected SSL sockets to talk to each other via memory BIOs.

218

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

219

def _loopbackClientFactory(self, socket):

220

client = Connection(Context(TLSv1_METHOD), socket)

221

client.set_connect_state()

222

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

223

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

224

225

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

226

ctx = Context(TLSv1_METHOD)

227

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

228

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

229

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

230

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

235

if serverFactory is None:

236

serverFactory = self._loopbackServerFactory

237

if clientFactory is None:

238

clientFactory = self._loopbackClientFactory

239

240

(server, client) = socket_pair()

241

server = serverFactory(server)

242

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

243

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

244

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

245

246

server.setblocking(True)

247

client.setblocking(True)

248

return server, client

249

250

251

def _interactInMemory(self, client_conn, server_conn):

252

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

253

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

254

objects. Copy bytes back and forth between their send/receive buffers

255

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

256

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

257

some application bytes, return a two-tuple of the connection from which

258

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

263

wrote = False

264

265

# Copy stuff from each side's send buffer to the other side's

266

# receive buffer.

267

for (read, write) in [(client_conn, server_conn),

268

(server_conn, client_conn)]:

269

270

# Give the side a chance to generate some more bytes, or

271

# succeed.

272

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

273

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

274

except WantReadError:

275

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

280

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

281

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

282

283

while True:

284

# Keep copying as long as there's more stuff there.

285

try:

286

dirty = read.bio_read(4096)

287

except WantReadError:

288

# Okay, nothing more waiting to be sent. Stop

289

# processing this send buffer.

290

break

291

else:

292

# Keep track of the fact that someone generated some

293

# output.

294

wrote = True

295

write.bio_write(dirty)

296

297

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

298

def _handshakeInMemory(self, client_conn, server_conn):

Jean-Paul Calderone

b2b4078

2014-05-06 08:47:40 -0400

[diff] [blame]

299

"""

300

Perform the TLS handshake between two :py:class:`Connection` instances

301

connected to each other via memory BIOs.

302

"""

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

303

client_conn.set_connect_state()

304

server_conn.set_accept_state()

305

306

for conn in [client_conn, server_conn]:

307

try:

308

conn.do_handshake()

309

except WantReadError:

310

pass

311

312

self._interactInMemory(client_conn, server_conn)

313

314

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

315

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

316

class VersionTests(TestCase):

317

"""

318

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

319

:py:obj:`OpenSSL.SSL.SSLeay_version` and

320

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

321

"""

322

def test_OPENSSL_VERSION_NUMBER(self):

323

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

324

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

325

byte and the patch, fix, minor, and major versions in the

326

nibbles above that.

327

"""

328

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

329

330

331

def test_SSLeay_version(self):

332

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

333

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

334

one of a number of version strings based on that indicator.

335

"""

336

versions = {}

337

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

338

SSLEAY_PLATFORM, SSLEAY_DIR]:

339

version = SSLeay_version(t)

340

versions[version] = t

341

self.assertTrue(isinstance(version, bytes))

342

self.assertEqual(len(versions), 5)

343

344

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

345

346

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

347

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

348

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

349

"""

350

def test_method(self):

351

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

352

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

353

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

354

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

355

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

356

methods = [

357

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

358

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

359

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

360

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

361

362

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

367

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

368

# don't. Difficult to say in advance.

369

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

370

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

371

self.assertRaises(TypeError, Context, "")

372

self.assertRaises(ValueError, Context, 10)

373

374

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

375

if not PY3:

376

def test_method_long(self):

377

"""

378

On Python 2 :py:class:`Context` accepts values of type

379

:py:obj:`long` as well as :py:obj:`int`.

380

"""

381

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

385

def test_type(self):

386

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

387

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

388

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

389

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

390

self.assertIdentical(Context, ContextType)

391

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

392

393

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

394

def test_use_privatekey(self):

395

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

396

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

397

"""

398

key = PKey()

399

key.generate_key(TYPE_RSA, 128)

400

ctx = Context(TLSv1_METHOD)

401

ctx.use_privatekey(key)

402

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

403

404

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

405

def test_use_privatekey_file_missing(self):

406

"""

407

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

408

when passed the name of a file which does not exist.

409

"""

410

ctx = Context(TLSv1_METHOD)

411

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

412

413

Jean-Paul Calderone

69a4e5b

2015-04-12 10:04:28 -0400

[diff] [blame]

414

def _use_privatekey_file_test(self, pemfile, filetype):

415

"""

416

Verify that calling ``Context.use_privatekey_file`` with the given

417

arguments does not raise an exception.

418

"""

419

key = PKey()

420

key.generate_key(TYPE_RSA, 128)

421

422

with open(pemfile, "wt") as pem:

423

pem.write(

424

dump_privatekey(FILETYPE_PEM, key).decode("ascii")

425

)

426

427

ctx = Context(TLSv1_METHOD)

428

ctx.use_privatekey_file(pemfile, filetype)

429

430

431

def test_use_privatekey_file_bytes(self):

432

"""

433

A private key can be specified from a file by passing a ``bytes``

434

instance giving the file name to ``Context.use_privatekey_file``.

435

"""

436

self._use_privatekey_file_test(

437

self.mktemp() + NON_ASCII.encode(getfilesystemencoding()),

FILETYPE_PEM,

)

def test_use_privatekey_file_unicode(self):

443

"""

444

A private key can be specified from a file by passing a ``unicode``

445

instance giving the file name to ``Context.use_privatekey_file``.

446

"""

447

self._use_privatekey_file_test(

448

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII,

FILETYPE_PEM,

)

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

453

if not PY3:

454

def test_use_privatekey_file_long(self):

455

"""

456

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

457

filetype of type :py:obj:`long` as well as :py:obj:`int`.

458

"""

Jean-Paul Calderone

69a4e5b

2015-04-12 10:04:28 -0400

[diff] [blame]

459

self._use_privatekey_file_test(self.mktemp(), long(FILETYPE_PEM))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

460

461

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

462

def test_use_certificate_wrong_args(self):

463

"""

464

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

465

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

466

argument.

467

"""

468

ctx = Context(TLSv1_METHOD)

469

self.assertRaises(TypeError, ctx.use_certificate)

470

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

471

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

472

473

474

def test_use_certificate_uninitialized(self):

475

"""

476

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

477

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

478

initialized (ie, which does not actually have any certificate data).

479

"""

480

ctx = Context(TLSv1_METHOD)

481

self.assertRaises(Error, ctx.use_certificate, X509())

482

483

484

def test_use_certificate(self):

485

"""

486

:py:obj:`Context.use_certificate` sets the certificate which will be

487

used to identify connections created using the context.

488

"""

489

# TODO

490

# Hard to assert anything. But we could set a privatekey then ask

491

# OpenSSL if the cert and key agree using check_privatekey. Then as

492

# long as check_privatekey works right we're good...

493

ctx = Context(TLSv1_METHOD)

494

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

495

496

497

def test_use_certificate_file_wrong_args(self):

498

"""

499

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

500

called with zero arguments or more than two arguments, or if the first

501

argument is not a byte string or the second argumnent is not an integer.

502

"""

503

ctx = Context(TLSv1_METHOD)

504

self.assertRaises(TypeError, ctx.use_certificate_file)

505

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

506

self.assertRaises(

507

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

508

self.assertRaises(

509

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

510

self.assertRaises(

511

TypeError, ctx.use_certificate_file, b"somefile", object())

512

513

514

def test_use_certificate_file_missing(self):

515

"""

516

:py:obj:`Context.use_certificate_file` raises

517

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

518

exist.

519

"""

520

ctx = Context(TLSv1_METHOD)

521

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

522

523

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

524

def _use_certificate_file_test(self, certificate_file):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

525

"""

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

526

Verify that calling ``Context.use_certificate_file`` with the given

527

filename doesn't raise an exception.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

528

"""

529

# TODO

530

# Hard to assert anything. But we could set a privatekey then ask

531

# OpenSSL if the cert and key agree using check_privatekey. Then as

532

# long as check_privatekey works right we're good...

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

533

with open(certificate_file, "wb") as pem_file:

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

534

pem_file.write(cleartextCertificatePEM)

535

536

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

537

ctx.use_certificate_file(certificate_file)

538

539

540

def test_use_certificate_file_bytes(self):

541

"""

542

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

543

``bytes`` filename) which will be used to identify connections created

544

using the context.

545

"""

546

filename = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

547

self._use_certificate_file_test(filename)

548

549

550

def test_use_certificate_file_unicode(self):

551

"""

552

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

553

``bytes`` filename) which will be used to identify connections created

554

using the context.

555

"""

556

filename = self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

557

self._use_certificate_file_test(filename)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

558

559

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

560

if not PY3:

561

def test_use_certificate_file_long(self):

562

"""

563

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

564

filetype of type :py:obj:`long` as well as :py:obj:`int`.

565

"""

566

pem_filename = self.mktemp()

567

with open(pem_filename, "wb") as pem_file:

568

pem_file.write(cleartextCertificatePEM)

569

570

ctx = Context(TLSv1_METHOD)

571

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

572

573

Jean-Paul Calderone

932f5cc

2014-12-11 13:58:00 -0500

[diff] [blame]

574

def test_check_privatekey_valid(self):

575

"""

576

:py:obj:`Context.check_privatekey` returns :py:obj:`None` if the

577

:py:obj:`Context` instance has been configured to use a matched key and

578

certificate pair.

579

"""

580

key = load_privatekey(FILETYPE_PEM, client_key_pem)

581

cert = load_certificate(FILETYPE_PEM, client_cert_pem)

582

context = Context(TLSv1_METHOD)

583

context.use_privatekey(key)

584

context.use_certificate(cert)

585

self.assertIs(None, context.check_privatekey())

586

587

588

def test_check_privatekey_invalid(self):

589

"""

590

:py:obj:`Context.check_privatekey` raises :py:obj:`Error` if the

591

:py:obj:`Context` instance has been configured to use a key and

592

certificate pair which don't relate to each other.

593

"""

594

key = load_privatekey(FILETYPE_PEM, client_key_pem)

595

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

596

context = Context(TLSv1_METHOD)

597

context.use_privatekey(key)

598

context.use_certificate(cert)

599

self.assertRaises(Error, context.check_privatekey)

600

601

602

def test_check_privatekey_wrong_args(self):

603

"""

604

:py:obj:`Context.check_privatekey` raises :py:obj:`TypeError` if called

605

with other than no arguments.

606

"""

607

context = Context(TLSv1_METHOD)

608

self.assertRaises(TypeError, context.check_privatekey, object())

609

610

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

611

def test_set_app_data_wrong_args(self):

612

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

613

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

614

one argument.

615

"""

616

context = Context(TLSv1_METHOD)

617

self.assertRaises(TypeError, context.set_app_data)

618

self.assertRaises(TypeError, context.set_app_data, None, None)

619

620

621

def test_get_app_data_wrong_args(self):

622

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

623

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

624

arguments.

625

"""

626

context = Context(TLSv1_METHOD)

627

self.assertRaises(TypeError, context.get_app_data, None)

628

629

630

def test_app_data(self):

631

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

632

:py:obj:`Context.set_app_data` stores an object for later retrieval using

633

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

634

"""

635

app_data = object()

636

context = Context(TLSv1_METHOD)

637

context.set_app_data(app_data)

638

self.assertIdentical(context.get_app_data(), app_data)

639

640

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

641

def test_set_options_wrong_args(self):

642

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

643

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

644

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

645

"""

646

context = Context(TLSv1_METHOD)

647

self.assertRaises(TypeError, context.set_options)

648

self.assertRaises(TypeError, context.set_options, None)

649

self.assertRaises(TypeError, context.set_options, 1, None)

650

651

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

652

def test_set_options(self):

653

"""

654

:py:obj:`Context.set_options` returns the new options value.

655

"""

656

context = Context(TLSv1_METHOD)

657

options = context.set_options(OP_NO_SSLv2)

658

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

663

"""

664

On Python 2 :py:obj:`Context.set_options` accepts values of type

665

:py:obj:`long` as well as :py:obj:`int`.

666

"""

667

context = Context(TLSv1_METHOD)

668

options = context.set_options(long(OP_NO_SSLv2))

669

self.assertTrue(OP_NO_SSLv2 & options)

670

671

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

672

def test_set_mode_wrong_args(self):

673

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

674

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

675

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

676

"""

677

context = Context(TLSv1_METHOD)

678

self.assertRaises(TypeError, context.set_mode)

679

self.assertRaises(TypeError, context.set_mode, None)

680

self.assertRaises(TypeError, context.set_mode, 1, None)

681

682

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

683

if MODE_RELEASE_BUFFERS is not None:

684

def test_set_mode(self):

685

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

686

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

687

set mode.

688

"""

689

context = Context(TLSv1_METHOD)

690

self.assertTrue(

691

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

692

693

if not PY3:

694

def test_set_mode_long(self):

695

"""

696

On Python 2 :py:obj:`Context.set_mode` accepts values of type

697

:py:obj:`long` as well as :py:obj:`int`.

698

"""

699

context = Context(TLSv1_METHOD)

700

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

701

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

702

else:

703

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

704

705

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

706

def test_set_timeout_wrong_args(self):

707

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

708

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

709

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

710

"""

711

context = Context(TLSv1_METHOD)

712

self.assertRaises(TypeError, context.set_timeout)

713

self.assertRaises(TypeError, context.set_timeout, None)

714

self.assertRaises(TypeError, context.set_timeout, 1, None)

715

716

717

def test_get_timeout_wrong_args(self):

718

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

719

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

720

"""

721

context = Context(TLSv1_METHOD)

722

self.assertRaises(TypeError, context.get_timeout, None)

723

724

725

def test_timeout(self):

726

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

727

:py:obj:`Context.set_timeout` sets the session timeout for all connections

728

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

729

value.

730

"""

731

context = Context(TLSv1_METHOD)

732

context.set_timeout(1234)

733

self.assertEquals(context.get_timeout(), 1234)

734

735

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

736

if not PY3:

737

def test_timeout_long(self):

738

"""

739

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

740

`long` as well as int.

741

"""

742

context = Context(TLSv1_METHOD)

743

context.set_timeout(long(1234))

744

self.assertEquals(context.get_timeout(), 1234)

745

746

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

747

def test_set_verify_depth_wrong_args(self):

748

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

749

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

750

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

751

"""

752

context = Context(TLSv1_METHOD)

753

self.assertRaises(TypeError, context.set_verify_depth)

754

self.assertRaises(TypeError, context.set_verify_depth, None)

755

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

756

757

758

def test_get_verify_depth_wrong_args(self):

759

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

760

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

761

"""

762

context = Context(TLSv1_METHOD)

763

self.assertRaises(TypeError, context.get_verify_depth, None)

764

765

766

def test_verify_depth(self):

767

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

768

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

769

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

770

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

771

"""

772

context = Context(TLSv1_METHOD)

773

context.set_verify_depth(11)

774

self.assertEquals(context.get_verify_depth(), 11)

775

776

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

777

if not PY3:

778

def test_verify_depth_long(self):

779

"""

780

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

781

type `long` as well as int.

782

"""

783

context = Context(TLSv1_METHOD)

784

context.set_verify_depth(long(11))

785

self.assertEquals(context.get_verify_depth(), 11)

786

787

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

788

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

789

"""

790

Write a new private key out to a new file, encrypted using the given

791

passphrase. Return the path to the new file.

792

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

793

key = PKey()

794

key.generate_key(TYPE_RSA, 128)

795

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

796

fObj = open(pemFile, 'w')

797

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

798

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

803

def test_set_passwd_cb_wrong_args(self):

804

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

805

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

806

wrong arguments or with a non-callable first argument.

807

"""

808

context = Context(TLSv1_METHOD)

809

self.assertRaises(TypeError, context.set_passwd_cb)

810

self.assertRaises(TypeError, context.set_passwd_cb, None)

811

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

812

813

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

814

def test_set_passwd_cb(self):

815

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

816

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

817

a private key is loaded from an encrypted PEM.

818

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

819

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

820

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

821

calledWith = []

822

def passphraseCallback(maxlen, verify, extra):

823

calledWith.append((maxlen, verify, extra))

824

return passphrase

825

context = Context(TLSv1_METHOD)

826

context.set_passwd_cb(passphraseCallback)

827

context.use_privatekey_file(pemFile)

828

self.assertTrue(len(calledWith), 1)

829

self.assertTrue(isinstance(calledWith[0][0], int))

830

self.assertTrue(isinstance(calledWith[0][1], int))

831

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

832

833

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

834

def test_passwd_callback_exception(self):

835

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

836

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

837

passphrase callback.

838

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

839

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

840

def passphraseCallback(maxlen, verify, extra):

841

raise RuntimeError("Sorry, I am a fail.")

842

843

context = Context(TLSv1_METHOD)

844

context.set_passwd_cb(passphraseCallback)

845

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

846

847

848

def test_passwd_callback_false(self):

849

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

850

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

851

passphrase callback returns a false value.

852

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

853

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

854

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

855

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

856

857

context = Context(TLSv1_METHOD)

858

context.set_passwd_cb(passphraseCallback)

859

self.assertRaises(Error, context.use_privatekey_file, pemFile)

860

861

862

def test_passwd_callback_non_string(self):

863

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

864

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

865

passphrase callback returns a true non-string value.

866

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

867

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

868

def passphraseCallback(maxlen, verify, extra):

869

return 10

870

871

context = Context(TLSv1_METHOD)

872

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

873

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

874

875

876

def test_passwd_callback_too_long(self):

877

"""

878

If the passphrase returned by the passphrase callback returns a string

879

longer than the indicated maximum length, it is truncated.

880

"""

881

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

882

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

883

pemFile = self._write_encrypted_pem(passphrase)

884

def passphraseCallback(maxlen, verify, extra):

885

assert maxlen == 1024

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

886

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

887

888

context = Context(TLSv1_METHOD)

889

context.set_passwd_cb(passphraseCallback)

890

# This shall succeed because the truncated result is the correct

891

# passphrase.

892

context.use_privatekey_file(pemFile)

893

894

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

895

def test_set_info_callback(self):

896

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

897

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

898

when certain information about an SSL connection is available.

899

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

900

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

901

902

clientSSL = Connection(Context(TLSv1_METHOD), client)

903

clientSSL.set_connect_state()

904

905

called = []

906

def info(conn, where, ret):

907

called.append((conn, where, ret))

908

context = Context(TLSv1_METHOD)

909

context.set_info_callback(info)

910

context.use_certificate(

911

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

912

context.use_privatekey(

913

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

914

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

915

serverSSL = Connection(context, server)

916

serverSSL.set_accept_state()

917

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

918

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

919

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

920

# The callback must always be called with a Connection instance as the

921

# first argument. It would probably be better to split this into

922

# separate tests for client and server side info callbacks so we could

923

# assert it is called with the right Connection instance. It would

924

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

925

notConnections = [

926

conn for (conn, where, ret) in called

927

if not isinstance(conn, Connection)]

928

self.assertEqual(

929

[], notConnections,

930

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

931

932

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

933

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

934

"""

935

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

936

its :py:obj:`load_verify_locations` method with the given arguments.

937

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

938

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

939

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

940

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

941

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

942

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

943

# Require that the server certificate verify properly or the

944

# connection will fail.

945

clientContext.set_verify(

946

VERIFY_PEER,

947

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

948

949

clientSSL = Connection(clientContext, client)

950

clientSSL.set_connect_state()

951

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

952

serverContext = Context(TLSv1_METHOD)

953

serverContext.use_certificate(

954

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

955

serverContext.use_privatekey(

956

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

957

958

serverSSL = Connection(serverContext, server)

959

serverSSL.set_accept_state()

960

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

961

# Without load_verify_locations above, the handshake

962

# will fail:

963

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

964

# 'certificate verify failed')]

965

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

966

967

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

968

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

969

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

970

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

971

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

972

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

973

Verify that if path to a file containing a certificate is passed to

974

``Context.load_verify_locations`` for the ``cafile`` parameter, that

975

certificate is used as a trust root for the purposes of verifying

976

connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

977

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

978

fObj = open(cafile, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

979

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

980

fObj.close()

981

982

self._load_verify_locations_test(cafile)

983

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

984

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

985

def test_load_verify_bytes_cafile(self):

986

"""

987

:py:obj:`Context.load_verify_locations` accepts a file name as a

988

``bytes`` instance and uses the certificates within for verification

989

purposes.

990

"""

991

cafile = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

992

self._load_verify_cafile(cafile)

993

994

995

def test_load_verify_unicode_cafile(self):

996

"""

997

:py:obj:`Context.load_verify_locations` accepts a file name as a

998

``unicode`` instance and uses the certificates within for verification

999

purposes.

1000

"""

Jean-Paul Calderone

4f70c80

2015-04-12 11:26:47 -0400

[diff] [blame]

1001

self._load_verify_cafile(

1002

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

1003

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1004

1005

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

1006

def test_load_verify_invalid_file(self):

1007

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1008

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

1009

non-existent cafile.

1010

"""

1011

clientContext = Context(TLSv1_METHOD)

1012

self.assertRaises(

1013

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1014

1015

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1016

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1017

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1018

Verify that if path to a directory containing certificate files is

1019

passed to ``Context.load_verify_locations`` for the ``capath``

1020

parameter, those certificates are used as trust roots for the purposes

1021

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1022

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1023

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

1024

# Hash values computed manually with c_rehash to avoid depending on

1025

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

1026

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1027

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1028

cafile = join_bytes_or_unicode(capath, name)

1029

with open(cafile, 'w') as fObj:

1030

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1031

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1032

self._load_verify_locations_test(None, capath)

1033

1034

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1035

def test_load_verify_directory_bytes_capath(self):

1036

"""

1037

:py:obj:`Context.load_verify_locations` accepts a directory name as a

1038

``bytes`` instance and uses the certificates within for verification

1039

purposes.

1040

"""

1041

self._load_verify_directory_locations_capath(

1042

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_load_verify_directory_unicode_capath(self):

1047

"""

1048

:py:obj:`Context.load_verify_locations` accepts a directory name as a

1049

``unicode`` instance and uses the certificates within for verification

1050

purposes.

1051

"""

Jean-Paul Calderone

4f70c80

2015-04-12 11:26:47 -0400

[diff] [blame]

1052

self._load_verify_directory_locations_capath(

1053

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

1054

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1055

1056

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1057

def test_load_verify_locations_wrong_args(self):

1058

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1059

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

1060

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1061

"""

1062

context = Context(TLSv1_METHOD)

1063

self.assertRaises(TypeError, context.load_verify_locations)

1064

self.assertRaises(TypeError, context.load_verify_locations, object())

1065

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

1066

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

1067

1068

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

1069

if platform == "win32":

1070

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1071

"See LP#404343 and LP#404344."

1072

else:

1073

def test_set_default_verify_paths(self):

1074

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1075

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1076

certificate locations to be used for verification purposes.

1077

"""

1078

# Testing this requires a server with a certificate signed by one of

1079

# the CAs in the platform CA location. Getting one of those costs

1080

# money. Fortunately (or unfortunately, depending on your

1081

# perspective), it's easy to think of a public server on the

1082

# internet which has such a certificate. Connecting to the network

1083

# in a unit test is bad, but it's the only way I can think of to

1084

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1085

Alex Gaynor

b586da3

2014-11-15 09:22:21 -0800

[diff] [blame]

1086

# Arg, verisign.com doesn't speak anything newer than TLS 1.0

1087

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1088

context.set_default_verify_paths()

1089

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

1090

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1091

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1092

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1093

client = socket()

1094

client.connect(('verisign.com', 443))

1095

clientSSL = Connection(context, client)

1096

clientSSL.set_connect_state()

1097

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1098

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1099

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1100

1101

1102

def test_set_default_verify_paths_signature(self):

1103

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1104

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

1105

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1106

"""

1107

context = Context(TLSv1_METHOD)

1108

self.assertRaises(TypeError, context.set_default_verify_paths, None)

1109

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

1110

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1111

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1112

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1113

def test_add_extra_chain_cert_invalid_cert(self):

1114

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1115

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1116

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1117

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1118

"""

1119

context = Context(TLSv1_METHOD)

1120

self.assertRaises(TypeError, context.add_extra_chain_cert)

1121

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

1122

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

1123

1124

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1125

def _handshake_test(self, serverContext, clientContext):

1126

"""

1127

Verify that a client and server created with the given contexts can

1128

successfully handshake and communicate.

1129

"""

1130

serverSocket, clientSocket = socket_pair()

1131

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1132

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1133

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1134

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1135

client = Connection(clientContext, clientSocket)

1136

client.set_connect_state()

1137

1138

# Make them talk to each other.

1139

# self._interactInMemory(client, server)

1140

for i in range(3):

1141

for s in [client, server]:

1142

try:

1143

s.do_handshake()

1144

except WantReadError:

pass

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1148

def test_set_verify_callback_connection_argument(self):

1149

"""

1150

The first argument passed to the verify callback is the

1151

:py:class:`Connection` instance for which verification is taking place.

1152

"""

1153

serverContext = Context(TLSv1_METHOD)

1154

serverContext.use_privatekey(

1155

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1156

serverContext.use_certificate(

1157

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1158

serverConnection = Connection(serverContext, None)

1159

1160

class VerifyCallback(object):

1161

def callback(self, connection, *args):

1162

self.connection = connection

1163

return 1

1164

1165

verify = VerifyCallback()

1166

clientContext = Context(TLSv1_METHOD)

1167

clientContext.set_verify(VERIFY_PEER, verify.callback)

1168

clientConnection = Connection(clientContext, None)

1169

clientConnection.set_connect_state()

1170

1171

self._handshakeInMemory(clientConnection, serverConnection)

1172

1173

self.assertIdentical(verify.connection, clientConnection)

1174

1175

Jean-Paul Calderone

7e166fe

2013-03-06 20:54:38 -0800

[diff] [blame]

1176

def test_set_verify_callback_exception(self):

1177

"""

1178

If the verify callback passed to :py:obj:`Context.set_verify` raises an

1179

exception, verification fails and the exception is propagated to the

1180

caller of :py:obj:`Connection.do_handshake`.

1181

"""

1182

serverContext = Context(TLSv1_METHOD)

1183

serverContext.use_privatekey(

1184

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1185

serverContext.use_certificate(

1186

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1187

1188

clientContext = Context(TLSv1_METHOD)

1189

def verify_callback(*args):

1190

raise Exception("silly verify failure")

1191

clientContext.set_verify(VERIFY_PEER, verify_callback)

1192

1193

exc = self.assertRaises(

1194

Exception, self._handshake_test, serverContext, clientContext)

1195

self.assertEqual("silly verify failure", str(exc))

1196

1197

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1198

def test_add_extra_chain_cert(self):

1199

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1200

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509` instance to add to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1201

the certificate chain.

1202

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1203

See :py:obj:`_create_certificate_chain` for the details of the certificate

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1204

chain tested.

1205

1206

The chain is tested by starting a server with scert and connecting

1207

to it with a client which trusts cacert and requires verification to

1208

succeed.

1209

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1210

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1211

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1212

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1213

# Dump the CA certificate to a file because that's the only way to load

1214

# it as a trusted CA in the client context.

1215

for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1216

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1217

fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1218

fObj.close()

1219

1220

for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1221

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1222

fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1223

fObj.close()

1224

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1225

# Create the server context

1226

serverContext = Context(TLSv1_METHOD)

1227

serverContext.use_privatekey(skey)

1228

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1229

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1230

serverContext.add_extra_chain_cert(icert)

1231

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1232

# Create the client

1233

clientContext = Context(TLSv1_METHOD)

1234

clientContext.set_verify(

1235

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1236

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1237

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1238

# Try it out.

1239

self._handshake_test(serverContext, clientContext)

1240

1241

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1242

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1243

"""

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1244

Verify that :py:obj:`Context.use_certificate_chain_file` reads a

1245

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1246

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1247

The chain is tested by starting a server with scert and connecting to

1248

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1249

succeed.

1250

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1251

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1252

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1253

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1254

makedirs(certdir)

1255

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1256

chainFile = join_bytes_or_unicode(certdir, "chain.pem")

1257

caFile = join_bytes_or_unicode(certdir, "ca.pem")

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1258

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1259

# Write out the chain file.

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1260

with open(chainFile, 'wb') as fObj:

1261

# Most specific to least general.

1262

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1263

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1264

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1265

1266

with open(caFile, 'w') as fObj:

1267

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1268

1269

serverContext = Context(TLSv1_METHOD)

1270

serverContext.use_certificate_chain_file(chainFile)

1271

serverContext.use_privatekey(skey)

1272

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1273

clientContext = Context(TLSv1_METHOD)

1274

clientContext.set_verify(

1275

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1276

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1277

1278

self._handshake_test(serverContext, clientContext)

1279

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1280

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1281

def test_use_certificate_chain_file_bytes(self):

1282

"""

1283

``Context.use_certificate_chain_file`` accepts the name of a file (as

1284

an instance of ``bytes``) to specify additional certificates to use to

1285

construct and verify a trust chain.

1286

"""

1287

self._use_certificate_chain_file_test(

1288

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_use_certificate_chain_file_unicode(self):

1293

"""

1294

``Context.use_certificate_chain_file`` accepts the name of a file (as

1295

an instance of ``unicode``) to specify additional certificates to use

1296

to construct and verify a trust chain.

1297

"""

1298

self._use_certificate_chain_file_test(

1299

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

)

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1303

def test_use_certificate_chain_file_wrong_args(self):

1304

"""

1305

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1306

if passed zero or more than one argument or when passed a non-byte

1307

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1308

passed a bad chain file name (for example, the name of a file which does

1309

not exist).

1310

"""

1311

context = Context(TLSv1_METHOD)

1312

self.assertRaises(TypeError, context.use_certificate_chain_file)

1313

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1314

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1315

1316

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1317

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1318

# XXX load_client_ca

1319

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1320

1321

def test_get_verify_mode_wrong_args(self):

1322

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1323

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1324

arguments.

1325

"""

1326

context = Context(TLSv1_METHOD)

1327

self.assertRaises(TypeError, context.get_verify_mode, None)

1328

1329

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1330

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1331

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1332

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1333

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1334

"""

1335

context = Context(TLSv1_METHOD)

1336

self.assertEquals(context.get_verify_mode(), 0)

1337

context.set_verify(

1338

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1339

self.assertEquals(

1340

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1341

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1342

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1343

if not PY3:

1344

def test_set_verify_mode_long(self):

1345

"""

1346

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1347

type :py:obj:`long` as well as :py:obj:`int`.

1348

"""

1349

context = Context(TLSv1_METHOD)

1350

self.assertEquals(context.get_verify_mode(), 0)

1351

context.set_verify(

1352

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1353

self.assertEquals(

1354

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1355

1356

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1357

def test_load_tmp_dh_wrong_args(self):

1358

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1359

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1360

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1361

"""

1362

context = Context(TLSv1_METHOD)

1363

self.assertRaises(TypeError, context.load_tmp_dh)

1364

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1365

self.assertRaises(TypeError, context.load_tmp_dh, object())

1366

1367

1368

def test_load_tmp_dh_missing_file(self):

1369

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1370

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1371

does not exist.

1372

"""

1373

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1374

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1375

1376

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1377

def _load_tmp_dh_test(self, dhfilename):

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

1378

"""

1379

Verify that calling ``Context.load_tmp_dh`` with the given filename

1380

does not raise an exception.

1381

"""

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1382

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1383

with open(dhfilename, "w") as dhfile:

1384

dhfile.write(dhparam)

1385

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1386

context.load_tmp_dh(dhfilename)

1387

# XXX What should I assert here? -exarkun

1388

1389

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1390

def test_load_tmp_dh_bytes(self):

1391

"""

1392

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

1393

specified file (given as ``bytes``).

1394

"""

1395

self._load_tmp_dh_test(

1396

self.mktemp() + NON_ASCII.encode(getfilesystemencoding()),

)

def test_load_tmp_dh_unicode(self):

1401

"""

1402

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

1403

specified file (given as ``unicode``).

1404

"""

1405

self._load_tmp_dh_test(

1406

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII,

)

Jean-Paul Calderone

2014-04-19 09:28:28 -0400

[diff] [blame]

1410

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1411

"""

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1412

:py:obj:`Context.set_tmp_ecdh` sets the elliptic curve for

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1413

Diffie-Hellman to the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1414

"""

1415

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1416

for curve in get_elliptic_curves():

1417

# The only easily "assertable" thing is that it does not raise an

1418

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1419

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1420

1421

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1422

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1423

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1424

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1425

ciphers which connections created with the context object will be able

1426

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1427

"""

1428

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1429

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1430

conn = Connection(context, None)

1431

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1432

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1433

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1434

def test_set_cipher_list_text(self):

1435

"""

1436

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1437

the ciphers which connections created with the context object will be

1438

able to choose from.

1439

"""

1440

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1441

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1442

conn = Connection(context, None)

1443

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1444

1445

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1446

def test_set_cipher_list_wrong_args(self):

1447

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1448

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1449

passed zero arguments or more than one argument or when passed a

1450

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1451

passed an incorrect cipher list string.

1452

"""

1453

context = Context(TLSv1_METHOD)

1454

self.assertRaises(TypeError, context.set_cipher_list)

1455

self.assertRaises(TypeError, context.set_cipher_list, object())

1456

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1457

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1458

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1459

1460

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1461

def test_set_session_cache_mode_wrong_args(self):

1462

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1463

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1464

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1465

"""

1466

context = Context(TLSv1_METHOD)

1467

self.assertRaises(TypeError, context.set_session_cache_mode)

1468

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1469

1470

1471

def test_get_session_cache_mode_wrong_args(self):

1472

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1473

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1474

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1475

"""

1476

context = Context(TLSv1_METHOD)

1477

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1478

1479

1480

def test_session_cache_mode(self):

1481

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1482

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1483

cached. The setting can be retrieved via

1484

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1485

"""

1486

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1487

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1488

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1489

self.assertEqual(SESS_CACHE_OFF, off)

1490

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1491

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1492

if not PY3:

1493

def test_session_cache_mode_long(self):

1494

"""

1495

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1496

of type :py:obj:`long` as well as :py:obj:`int`.

1497

"""

1498

context = Context(TLSv1_METHOD)

1499

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1500

self.assertEqual(

1501

SESS_CACHE_BOTH, context.get_session_cache_mode())

1502

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1503

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1504

def test_get_cert_store(self):

1505

"""

1506

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1507

"""

1508

context = Context(TLSv1_METHOD)

1509

store = context.get_cert_store()

1510

self.assertIsInstance(store, X509Store)

1511

1512

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1513

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1514

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1515

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1516

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1517

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1518

"""

1519

def test_wrong_args(self):

1520

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1521

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1522

with other than one argument.

1523

"""

1524

context = Context(TLSv1_METHOD)

1525

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1526

self.assertRaises(

1527

TypeError, context.set_tlsext_servername_callback, 1, 2)

1528

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1529

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1530

def test_old_callback_forgotten(self):

1531

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1532

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1533

callback, the one it replaces is dereferenced.

1534

"""

1535

def callback(connection):

1536

pass

1537

1538

def replacement(connection):

1539

pass

1540

1541

context = Context(TLSv1_METHOD)

1542

context.set_tlsext_servername_callback(callback)

1543

1544

tracker = ref(callback)

1545

del callback

1546

1547

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1548

1549

# One run of the garbage collector happens to work on CPython. PyPy

1550

# doesn't collect the underlying object until a second run for whatever

1551

# reason. That's fine, it still demonstrates our code has properly

1552

# dropped the reference.

1553

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1554

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1555

1556

callback = tracker()

1557

if callback is not None:

1558

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1559

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1560

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1561

1562

1563

def test_no_servername(self):

1564

"""

1565

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1566

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1567

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1568

"""

1569

args = []

1570

def servername(conn):

1571

args.append((conn, conn.get_servername()))

1572

context = Context(TLSv1_METHOD)

1573

context.set_tlsext_servername_callback(servername)

1574

1575

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1581

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1582

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1583

1584

# Do a little connection to trigger the logic

1585

server = Connection(context, None)

1586

server.set_accept_state()

1587

1588

client = Connection(Context(TLSv1_METHOD), None)

1589

client.set_connect_state()

1590

1591

self._interactInMemory(server, client)

1592

1593

self.assertEqual([(server, None)], args)

1594

1595

1596

def test_servername(self):

1597

"""

1598

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1599

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1600

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1601

"""

1602

args = []

1603

def servername(conn):

1604

args.append((conn, conn.get_servername()))

1605

context = Context(TLSv1_METHOD)

1606

context.set_tlsext_servername_callback(servername)

1607

1608

# Necessary to actually accept the connection

1609

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1610

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1611

1612

# Do a little connection to trigger the logic

1613

server = Connection(context, None)

1614

server.set_accept_state()

1615

1616

client = Connection(Context(TLSv1_METHOD), None)

1617

client.set_connect_state()

1618

client.set_tlsext_host_name(b("foo1.example.com"))

1619

1620

self._interactInMemory(server, client)

1621

1622

self.assertEqual([(server, b("foo1.example.com"))], args)

1623

1624

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1625

class NextProtoNegotiationTests(TestCase, _LoopbackMixin):

1626

"""

1627

Test for Next Protocol Negotiation in PyOpenSSL.

1628

"""

1629

def test_npn_success(self):

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1630

"""

1631

Tests that clients and servers that agree on the negotiated next

1632

protocol can correct establish a connection, and that the agreed

1633

protocol is reported by the connections.

1634

"""

1635

advertise_args = []

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1636

select_args = []

1637

def advertise(conn):

1638

advertise_args.append((conn,))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1639

return [b'http/1.1', b'spdy/2']

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1640

def select(conn, options):

1641

select_args.append((conn, options))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1642

return b'spdy/2'

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1643

1644

server_context = Context(TLSv1_METHOD)

1645

server_context.set_npn_advertise_callback(advertise)

1646

1647

client_context = Context(TLSv1_METHOD)

1648

client_context.set_npn_select_callback(select)

1649

1650

# Necessary to actually accept the connection

1651

server_context.use_privatekey(

1652

load_privatekey(FILETYPE_PEM, server_key_pem))

1653

server_context.use_certificate(

1654

load_certificate(FILETYPE_PEM, server_cert_pem))

1655

1656

# Do a little connection to trigger the logic

1657

server = Connection(server_context, None)

1658

server.set_accept_state()

1659

1660

client = Connection(client_context, None)

1661

client.set_connect_state()

1662

1663

self._interactInMemory(server, client)

1664

1665

self.assertEqual([(server,)], advertise_args)

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1666

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1667

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1668

self.assertEqual(server.get_next_proto_negotiated(), b'spdy/2')

1669

self.assertEqual(client.get_next_proto_negotiated(), b'spdy/2')

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1670

1671

1672

def test_npn_client_fail(self):

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1673

"""

1674

Tests that when clients and servers cannot agree on what protocol to

1675

use next that the TLS connection does not get established.

1676

"""

1677

advertise_args = []

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1678

select_args = []

1679

def advertise(conn):

1680

advertise_args.append((conn,))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1681

return [b'http/1.1', b'spdy/2']

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1682

def select(conn, options):

1683

select_args.append((conn, options))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1684

return b''

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1685

1686

server_context = Context(TLSv1_METHOD)

1687

server_context.set_npn_advertise_callback(advertise)

1688

1689

client_context = Context(TLSv1_METHOD)

1690

client_context.set_npn_select_callback(select)

1691

1692

# Necessary to actually accept the connection

1693

server_context.use_privatekey(

1694

load_privatekey(FILETYPE_PEM, server_key_pem))

1695

server_context.use_certificate(

1696

load_certificate(FILETYPE_PEM, server_cert_pem))

1697

1698

# Do a little connection to trigger the logic

1699

server = Connection(server_context, None)

1700

server.set_accept_state()

1701

1702

client = Connection(client_context, None)

1703

client.set_connect_state()

1704

1705

# If the client doesn't return anything, the connection will fail.

1706

self.assertRaises(Error, self._interactInMemory, server, client)

1707

1708

self.assertEqual([(server,)], advertise_args)

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1709

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1710

1711

Cory Benfield

0ea76e7

2015-03-22 09:05:28 +0000

[diff] [blame]

1712

def test_npn_select_error(self):

1713

"""

1714

Test that we can handle exceptions in the select callback. If select

1715

fails it should be fatal to the connection.

"""

advertise_args = []

def advertise(conn):

advertise_args.append((conn,))

1720

return [b'http/1.1', b'spdy/2']

1721

def select(conn, options):

1722

raise TypeError

1723

1724

server_context = Context(TLSv1_METHOD)

1725

server_context.set_npn_advertise_callback(advertise)

1726

1727

client_context = Context(TLSv1_METHOD)

1728

client_context.set_npn_select_callback(select)

1729

1730

# Necessary to actually accept the connection

1731

server_context.use_privatekey(

1732

load_privatekey(FILETYPE_PEM, server_key_pem))

1733

server_context.use_certificate(

1734

load_certificate(FILETYPE_PEM, server_cert_pem))

1735

1736

# Do a little connection to trigger the logic

1737

server = Connection(server_context, None)

1738

server.set_accept_state()

1739

1740

client = Connection(client_context, None)

1741

client.set_connect_state()

1742

1743

# If the callback throws an exception it should be raised here.

1744

self.assertRaises(TypeError, self._interactInMemory, server, client)

1745

self.assertEqual([(server,)], advertise_args)

1746

1747

1748

def test_npn_advertise_error(self):

1749

"""

1750

Test that we can handle exceptions in the advertise callback. If

1751

advertise fails no NPN is advertised to the client.

"""

select_args = []

def advertise(conn):

raise TypeError

def select(conn, options):

1757

select_args.append((conn, options))

1758

return b''

1759

1760

server_context = Context(TLSv1_METHOD)

1761

server_context.set_npn_advertise_callback(advertise)

1762

1763

client_context = Context(TLSv1_METHOD)

1764

client_context.set_npn_select_callback(select)

1765

1766

# Necessary to actually accept the connection

1767

server_context.use_privatekey(

1768

load_privatekey(FILETYPE_PEM, server_key_pem))

1769

server_context.use_certificate(

1770

load_certificate(FILETYPE_PEM, server_cert_pem))

1771

1772

# Do a little connection to trigger the logic

1773

server = Connection(server_context, None)

1774

server.set_accept_state()

1775

1776

client = Connection(client_context, None)

1777

client.set_connect_state()

1778

1779

# If the client doesn't return anything, the connection will fail.

1780

self.assertRaises(TypeError, self._interactInMemory, server, client)

1781

self.assertEqual([], select_args)

1782

1783

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1784

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

1785

class SessionTests(TestCase):

1786

"""

1787

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1788

"""

1789

def test_construction(self):

1790

"""

1791

:py:class:`Session` can be constructed with no arguments, creating a new

1792

instance of that type.

1793

"""

1794

new_session = Session()

1795

self.assertTrue(isinstance(new_session, Session))

1796

1797

1798

def test_construction_wrong_args(self):

1799

"""

1800

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

1801

is raised.

1802

"""

1803

self.assertRaises(TypeError, Session, 123)

1804

self.assertRaises(TypeError, Session, "hello")

1805

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1809

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1810

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1811

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1812

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1813

# XXX get_peer_certificate -> None

1814

# XXX sock_shutdown

1815

# XXX master_key -> TypeError

1816

# XXX server_random -> TypeError

1817

# XXX state_string

1818

# XXX connect -> TypeError

1819

# XXX connect_ex -> TypeError

1820

# XXX set_connect_state -> TypeError

1821

# XXX set_accept_state -> TypeError

1822

# XXX renegotiate_pending

1823

# XXX do_handshake -> TypeError

1824

# XXX bio_read -> TypeError

1825

# XXX recv -> TypeError

1826

# XXX send -> TypeError

1827

# XXX bio_write -> TypeError

1828

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1829

def test_type(self):

1830

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1831

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1832

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1833

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1834

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1835

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1836

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1837

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1838

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1839

def test_get_context(self):

1840

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1841

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

1842

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1843

"""

1844

context = Context(TLSv1_METHOD)

1845

connection = Connection(context, None)

1846

self.assertIdentical(connection.get_context(), context)

1847

1848

1849

def test_get_context_wrong_args(self):

1850

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1851

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1852

arguments.

1853

"""

1854

connection = Connection(Context(TLSv1_METHOD), None)

1855

self.assertRaises(TypeError, connection.get_context, None)

1856

1857

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1858

def test_set_context_wrong_args(self):

1859

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1860

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

1861

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1862

than 1.

1863

"""

1864

ctx = Context(TLSv1_METHOD)

1865

connection = Connection(ctx, None)

1866

self.assertRaises(TypeError, connection.set_context)

1867

self.assertRaises(TypeError, connection.set_context, object())

1868

self.assertRaises(TypeError, connection.set_context, "hello")

1869

self.assertRaises(TypeError, connection.set_context, 1)

1870

self.assertRaises(TypeError, connection.set_context, 1, 2)

1871

self.assertRaises(

1872

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

1873

self.assertIdentical(ctx, connection.get_context())

1874

1875

1876

def test_set_context(self):

1877

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1878

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1879

for the connection.

1880

"""

1881

original = Context(SSLv23_METHOD)

1882

replacement = Context(TLSv1_METHOD)

1883

connection = Connection(original, None)

1884

connection.set_context(replacement)

1885

self.assertIdentical(replacement, connection.get_context())

1886

# Lose our references to the contexts, just in case the Connection isn't

1887

# properly managing its own contributions to their reference counts.

1888

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

1893

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1894

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1895

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1896

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1897

"""

1898

conn = Connection(Context(TLSv1_METHOD), None)

1899

self.assertRaises(TypeError, conn.set_tlsext_host_name)

1900

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

1901

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

1902

self.assertRaises(

1903

TypeError, conn.set_tlsext_host_name, b("with\0null"))

1904

1905

if version_info >= (3,):

1906

# On Python 3.x, don't accidentally implicitly convert from text.

1907

self.assertRaises(

1908

TypeError,

1909

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1910

1911

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1912

def test_get_servername_wrong_args(self):

1913

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1914

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1915

arguments.

1916

"""

1917

connection = Connection(Context(TLSv1_METHOD), None)

1918

self.assertRaises(TypeError, connection.get_servername, object())

1919

self.assertRaises(TypeError, connection.get_servername, 1)

1920

self.assertRaises(TypeError, connection.get_servername, "hello")

1921

1922

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1923

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1924

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1925

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1926

immediate read.

1927

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1928

connection = Connection(Context(TLSv1_METHOD), None)

1929

self.assertEquals(connection.pending(), 0)

1930

1931

1932

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1933

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1934

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1935

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1936

connection = Connection(Context(TLSv1_METHOD), None)

1937

self.assertRaises(TypeError, connection.pending, None)

1938

1939

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1940

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1941

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1942

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1943

argument or with the wrong number of arguments.

1944

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1945

connection = Connection(Context(TLSv1_METHOD), socket())

1946

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1947

self.assertRaises(TypeError, connection.connect)

1948

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1949

1950

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1951

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1952

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1953

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1954

connect method raises it.

1955

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1956

client = socket()

1957

context = Context(TLSv1_METHOD)

1958

clientSSL = Connection(context, client)

1959

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

1960

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1961

1962

1963

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1964

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1965

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1966

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1972

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

1973

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1974

1975

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1976

if platform == "darwin":

1977

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

1978

else:

1979

def test_connect_ex(self):

1980

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1981

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1982

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1987

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1988

clientSSL = Connection(Context(TLSv1_METHOD), socket())

1989

clientSSL.setblocking(False)

1990

result = clientSSL.connect_ex(port.getsockname())

1991

expected = (EINPROGRESS, EWOULDBLOCK)

1992

self.assertTrue(

1993

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1994

1995

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1996

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1997

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1998

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1999

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2000

connection = Connection(Context(TLSv1_METHOD), socket())

2001

self.assertRaises(TypeError, connection.accept, None)

2002

2003

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2004

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2005

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2006

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

2007

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2008

connection originated from.

2009

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2010

ctx = Context(TLSv1_METHOD)

2011

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2012

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2013

port = socket()

2014

portSSL = Connection(ctx, port)

2015

portSSL.bind(('', 0))

2016

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2017

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2018

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2019

2020

# Calling portSSL.getsockname() here to get the server IP address sounds

2021

# great, but frequently fails on Windows.

2022

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2023

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2024

serverSSL, address = portSSL.accept()

2025

2026

self.assertTrue(isinstance(serverSSL, Connection))

2027

self.assertIdentical(serverSSL.get_context(), ctx)

2028

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2029

2030

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2031

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2032

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2033

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2034

number of arguments or with arguments other than integers.

2035

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2036

connection = Connection(Context(TLSv1_METHOD), None)

2037

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

2038

self.assertRaises(TypeError, connection.get_shutdown, None)

2039

self.assertRaises(TypeError, connection.set_shutdown)

2040

self.assertRaises(TypeError, connection.set_shutdown, None)

2041

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2042

2043

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2044

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2045

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2046

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2047

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2048

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2049

self.assertFalse(server.shutdown())

2050

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2051

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2052

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

2053

client.shutdown()

2054

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

2055

self.assertRaises(ZeroReturnError, server.recv, 1024)

2056

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2057

2058

Paul Aurich

c85e086

2015-01-08 08:34:33 -0800

[diff] [blame]

2059

def test_shutdown_closed(self):

2060

"""

2061

If the underlying socket is closed, :py:obj:`Connection.shutdown` propagates the

2062

write error from the low level write call.

2063

"""

2064

server, client = self._loopback()

2065

server.sock_shutdown(2)

2066

exc = self.assertRaises(SysCallError, server.shutdown)

2067

if platform == "win32":

2068

self.assertEqual(exc.args[0], ESHUTDOWN)

2069

else:

2070

self.assertEqual(exc.args[0], EPIPE)

2071

2072

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2073

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2074

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2075

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2076

process.

2077

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2078

connection = Connection(Context(TLSv1_METHOD), socket())

2079

connection.set_shutdown(RECEIVED_SHUTDOWN)

2080

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

2081

2082

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

2083

if not PY3:

2084

def test_set_shutdown_long(self):

2085

"""

2086

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

2087

of type :py:obj:`long` as well as :py:obj:`int`.

2088

"""

2089

connection = Connection(Context(TLSv1_METHOD), socket())

2090

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

2091

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

2092

2093

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2094

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2095

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2096

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

2097

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2098

with any arguments.

2099

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2100

conn = Connection(Context(TLSv1_METHOD), None)

2101

self.assertRaises(TypeError, conn.get_app_data, None)

2102

self.assertRaises(TypeError, conn.set_app_data)

2103

self.assertRaises(TypeError, conn.set_app_data, None, None)

2104

2105

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2106

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2107

"""

2108

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2109

:py:obj:`Connection.set_app_data` and later retrieved with

2110

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2111

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2112

conn = Connection(Context(TLSv1_METHOD), None)

2113

app_data = object()

2114

conn.set_app_data(app_data)

2115

self.assertIdentical(conn.get_app_data(), app_data)

2116

2117

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2118

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2119

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2120

:py:obj:`Connection.makefile` is not implemented and calling that method raises

2121

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2122

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2123

conn = Connection(Context(TLSv1_METHOD), None)

2124

self.assertRaises(NotImplementedError, conn.makefile)

2125

2126

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2127

def test_get_peer_cert_chain_wrong_args(self):

2128

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2129

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2130

arguments.

2131

"""

2132

conn = Connection(Context(TLSv1_METHOD), None)

2133

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

2134

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

2135

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

2136

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

2137

2138

2139

def test_get_peer_cert_chain(self):

2140

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2141

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2142

the connected server returned for the certification verification.

2143

"""

2144

chain = _create_certificate_chain()

2145

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2146

2147

serverContext = Context(TLSv1_METHOD)

2148

serverContext.use_privatekey(skey)

2149

serverContext.use_certificate(scert)

2150

serverContext.add_extra_chain_cert(icert)

2151

serverContext.add_extra_chain_cert(cacert)

2152

server = Connection(serverContext, None)

2153

server.set_accept_state()

2154

2155

# Create the client

2156

clientContext = Context(TLSv1_METHOD)

2157

clientContext.set_verify(VERIFY_NONE, verify_cb)

2158

client = Connection(clientContext, None)

2159

client.set_connect_state()

2160

2161

self._interactInMemory(client, server)

2162

2163

chain = client.get_peer_cert_chain()

2164

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2165

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2166

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2167

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2168

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2169

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2170

"Authority Certificate", chain[2].get_subject().CN)

2171

2172

2173

def test_get_peer_cert_chain_none(self):

2174

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2175

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2176

certificate chain.

2177

"""

2178

ctx = Context(TLSv1_METHOD)

2179

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2180

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2181

server = Connection(ctx, None)

2182

server.set_accept_state()

2183

client = Connection(Context(TLSv1_METHOD), None)

2184

client.set_connect_state()

2185

self._interactInMemory(client, server)

2186

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2187

2188

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2189

def test_get_session_wrong_args(self):

2190

"""

2191

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

2192

with any arguments.

2193

"""

2194

ctx = Context(TLSv1_METHOD)

2195

server = Connection(ctx, None)

2196

self.assertRaises(TypeError, server.get_session, 123)

2197

self.assertRaises(TypeError, server.get_session, "hello")

2198

self.assertRaises(TypeError, server.get_session, object())

2199

2200

2201

def test_get_session_unconnected(self):

2202

"""

2203

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

2204

an object which has not been connected.

2205

"""

2206

ctx = Context(TLSv1_METHOD)

2207

server = Connection(ctx, None)

2208

session = server.get_session()

2209

self.assertIdentical(None, session)

2210

2211

2212

def test_server_get_session(self):

2213

"""

2214

On the server side of a connection, :py:obj:`Connection.get_session`

2215

returns a :py:class:`Session` instance representing the SSL session for

2216

that connection.

2217

"""

2218

server, client = self._loopback()

2219

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

2220

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2221

2222

2223

def test_client_get_session(self):

2224

"""

2225

On the client side of a connection, :py:obj:`Connection.get_session`

2226

returns a :py:class:`Session` instance representing the SSL session for

2227

that connection.

2228

"""

2229

server, client = self._loopback()

2230

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

2231

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2232

2233

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2234

def test_set_session_wrong_args(self):

2235

"""

2236

If called with an object that is not an instance of :py:class:`Session`,

2237

or with other than one argument, :py:obj:`Connection.set_session` raises

2238

:py:obj:`TypeError`.

2239

"""

2240

ctx = Context(TLSv1_METHOD)

2241

connection = Connection(ctx, None)

2242

self.assertRaises(TypeError, connection.set_session)

2243

self.assertRaises(TypeError, connection.set_session, 123)

2244

self.assertRaises(TypeError, connection.set_session, "hello")

2245

self.assertRaises(TypeError, connection.set_session, object())

2246

self.assertRaises(

2247

TypeError, connection.set_session, Session(), Session())

2248

2249

2250

def test_client_set_session(self):

2251

"""

2252

:py:obj:`Connection.set_session`, when used prior to a connection being

2253

established, accepts a :py:class:`Session` instance and causes an

2254

attempt to re-use the session it represents when the SSL handshake is

2255

performed.

2256

"""

2257

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2258

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2259

ctx = Context(TLSv1_METHOD)

2260

ctx.use_privatekey(key)

2261

ctx.use_certificate(cert)

2262

ctx.set_session_id("unity-test")

2263

2264

def makeServer(socket):

2265

server = Connection(ctx, socket)

2266

server.set_accept_state()

2267

return server

2268

2269

originalServer, originalClient = self._loopback(

2270

serverFactory=makeServer)

2271

originalSession = originalClient.get_session()

2272

2273

def makeClient(socket):

2274

client = self._loopbackClientFactory(socket)

2275

client.set_session(originalSession)

2276

return client

2277

resumedServer, resumedClient = self._loopback(

2278

serverFactory=makeServer,

2279

clientFactory=makeClient)

2280

2281

# This is a proxy: in general, we have no access to any unique

2282

# identifier for the session (new enough versions of OpenSSL expose a

2283

# hash which could be usable, but "new enough" is very, very new).

2284

# Instead, exploit the fact that the master key is re-used if the

2285

# session is re-used. As long as the master key for the two connections

2286

# is the same, the session was re-used!

2287

self.assertEqual(

2288

originalServer.master_key(), resumedServer.master_key())

2289

2290

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2291

def test_set_session_wrong_method(self):

2292

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

2293

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

2294

instance associated with a context using a different SSL method than the

2295

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

2296

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2297

"""

2298

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2299

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2300

ctx = Context(TLSv1_METHOD)

2301

ctx.use_privatekey(key)

2302

ctx.use_certificate(cert)

2303

ctx.set_session_id("unity-test")

2304

2305

def makeServer(socket):

2306

server = Connection(ctx, socket)

2307

server.set_accept_state()

2308

return server

2309

2310

originalServer, originalClient = self._loopback(

2311

serverFactory=makeServer)

2312

originalSession = originalClient.get_session()

2313

2314

def makeClient(socket):

2315

# Intentionally use a different, incompatible method here.

2316

client = Connection(Context(SSLv3_METHOD), socket)

2317

client.set_connect_state()

2318

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

2324

2325

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2326

def test_wantWriteError(self):

2327

"""

2328

:py:obj:`Connection` methods which generate output raise

2329

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

2330

fail indicating a should-write state.

2331

"""

2332

client_socket, server_socket = socket_pair()

2333

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2334

# anything. Only write a single byte at a time so we can be sure we

2335

# completely fill the buffer. Even though the socket API is allowed to

2336

# signal a short write via its return value it seems this doesn't

2337

# always happen on all platforms (FreeBSD and OS X particular) for the

2338

# very last bit of available buffer space.

2339

msg = b"x"

2340

for i in range(1024 * 1024 * 4):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2341

try:

2342

client_socket.send(msg)

2343

except error as e:

2344

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

2350

2351

ctx = Context(TLSv1_METHOD)

2352

conn = Connection(ctx, client_socket)

2353

# Client's speak first, so make it an SSL client

2354

conn.set_connect_state()

2355

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2359

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2360

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2361

:py:obj:`Connection.get_finished` returns :py:obj:`None` before TLS

2362

handshake is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2363

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2364

ctx = Context(TLSv1_METHOD)

2365

connection = Connection(ctx, None)

2366

self.assertEqual(connection.get_finished(), None)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2367

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2368

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2369

def test_get_peer_finished_before_connect(self):

2370

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2371

:py:obj:`Connection.get_peer_finished` returns :py:obj:`None` before

2372

TLS handshake is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2373

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2374

ctx = Context(TLSv1_METHOD)

2375

connection = Connection(ctx, None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2376

self.assertEqual(connection.get_peer_finished(), None)

2377

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2378

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2379

def test_get_finished(self):

2380

"""

2381

:py:obj:`Connection.get_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2382

message send from client, or server. Finished messages are send during

2383

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2384

"""

2385

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2386

server, client = self._loopback()

2387

2388

self.assertNotEqual(server.get_finished(), None)

2389

self.assertTrue(len(server.get_finished()) > 0)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2390

Jean-Paul Calderone

d979f23

2014-03-30 11:58:00 -0400

[diff] [blame]

2391

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2392

def test_get_peer_finished(self):

2393

"""

2394

:py:obj:`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2395

message received from client, or server. Finished messages are send

2396

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2397

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2398

server, client = self._loopback()

2399

2400

self.assertNotEqual(server.get_peer_finished(), None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2401

self.assertTrue(len(server.get_peer_finished()) > 0)

2402

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2403

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2404

def test_tls_finished_message_symmetry(self):

2405

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2406

The TLS Finished message send by server must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2407

received by client.

2408

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2409

The TLS Finished message send by client must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2410

received by server.

2411

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2412

server, client = self._loopback()

2413

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2414

self.assertEqual(server.get_finished(), client.get_peer_finished())

2415

self.assertEqual(client.get_finished(), server.get_peer_finished())

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2416

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2417

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2418

def test_get_cipher_name_before_connect(self):

2419

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2420

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None` if no

2421

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2422

"""

2423

ctx = Context(TLSv1_METHOD)

2424

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2425

self.assertIdentical(conn.get_cipher_name(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2426

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2427

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2428

def test_get_cipher_name(self):

2429

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2430

:py:obj:`Connection.get_cipher_name` returns a :py:class:`unicode`

2431

string giving the name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2432

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2433

server, client = self._loopback()

2434

server_cipher_name, client_cipher_name = \

2435

server.get_cipher_name(), client.get_cipher_name()

2436

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2437

self.assertIsInstance(server_cipher_name, text_type)

2438

self.assertIsInstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2439

2440

self.assertEqual(server_cipher_name, client_cipher_name)

2441

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2442

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2443

def test_get_cipher_version_before_connect(self):

2444

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2445

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None` if no

2446

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2447

"""

2448

ctx = Context(TLSv1_METHOD)

2449

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2450

self.assertIdentical(conn.get_cipher_version(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2451

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2452

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2453

def test_get_cipher_version(self):

2454

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2455

:py:obj:`Connection.get_cipher_version` returns a :py:class:`unicode`

2456

string giving the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2457

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2458

server, client = self._loopback()

2459

server_cipher_version, client_cipher_version = \

2460

server.get_cipher_version(), client.get_cipher_version()

2461

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2462

self.assertIsInstance(server_cipher_version, text_type)

2463

self.assertIsInstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2464

2465

self.assertEqual(server_cipher_version, client_cipher_version)

2466

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2467

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2468

def test_get_cipher_bits_before_connect(self):

2469

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2470

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None` if no

2471

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2472

"""

2473

ctx = Context(TLSv1_METHOD)

2474

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2475

self.assertIdentical(conn.get_cipher_bits(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2476

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2477

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2478

def test_get_cipher_bits(self):

2479

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2480

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits

2481

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2482

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2483

server, client = self._loopback()

2484

server_cipher_bits, client_cipher_bits = \

2485

server.get_cipher_bits(), client.get_cipher_bits()

2486

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2487

self.assertIsInstance(server_cipher_bits, int)

2488

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2489

2490

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2491

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2492

2493

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2494

class ConnectionGetCipherListTests(TestCase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2495

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2496

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2497

"""

Jean-Paul Calderone

54a2bc0

2010-09-09 17:52:38 -0400

[diff] [blame]

2498

def test_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2499

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2500

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2501

arguments.

2502

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2503

connection = Connection(Context(TLSv1_METHOD), None)

2504

self.assertRaises(TypeError, connection.get_cipher_list, None)

2505

2506

2507

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2508

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2509

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2510

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2511

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2512

connection = Connection(Context(TLSv1_METHOD), None)

2513

ciphers = connection.get_cipher_list()

2514

self.assertTrue(isinstance(ciphers, list))

2515

for cipher in ciphers:

2516

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2520

class ConnectionSendTests(TestCase, _LoopbackMixin):

2521

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2522

Tests for :py:obj:`Connection.send`

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2523

"""

2524

def test_wrong_args(self):

2525

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2526

When called with arguments other than string argument for its first

2527

parameter or more than two arguments, :py:obj:`Connection.send` raises

2528

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2529

"""

2530

connection = Connection(Context(TLSv1_METHOD), None)

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2531

self.assertRaises(TypeError, connection.send)

2532

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2533

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2534

2535

2536

def test_short_bytes(self):

2537

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2538

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2539

and returns the number of bytes sent.

2540

"""

2541

server, client = self._loopback()

2542

count = server.send(b('xy'))

2543

self.assertEquals(count, 2)

2544

self.assertEquals(client.recv(2), b('xy'))

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2550

else:

2551

def test_short_memoryview(self):

2552

"""

2553

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2554

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2555

bytes sent.

2556

"""

2557

server, client = self._loopback()

2558

count = server.send(memoryview(b('xy')))

2559

self.assertEquals(count, 2)

2560

self.assertEquals(client.recv(2), b('xy'))

2561

2562

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffer without buffer"

2567

else:

2568

def test_short_buffer(self):

2569

"""

2570

When passed a buffer containing a small number of bytes,

2571

:py:obj:`Connection.send` transmits all of them and returns the number of

2572

bytes sent.

2573

"""

2574

server, client = self._loopback()

2575

count = server.send(buffer(b('xy')))

2576

self.assertEquals(count, 2)

2577

self.assertEquals(client.recv(2), b('xy'))

2578

2579

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2580

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2581

def _make_memoryview(size):

2582

"""

2583

Create a new ``memoryview`` wrapped around a ``bytearray`` of the given

2584

size.

2585

"""

2586

return memoryview(bytearray(size))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2590

class ConnectionRecvIntoTests(TestCase, _LoopbackMixin):

2591

"""

2592

Tests for :py:obj:`Connection.recv_into`

2593

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2594

def _no_length_test(self, factory):

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2595

"""

2596

Assert that when the given buffer is passed to

2597

``Connection.recv_into``, whatever bytes are available to be received

2598

that fit into that buffer are written into that buffer.

2599

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2600

output_buffer = factory(5)

2601

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2602

server, client = self._loopback()

2603

server.send(b('xy'))

2604

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2605

self.assertEqual(client.recv_into(output_buffer), 2)

2606

self.assertEqual(output_buffer, bytearray(b('xy\x00\x00\x00')))

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2607

2608

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2609

def test_bytearray_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2610

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2611

:py:obj:`Connection.recv_into` can be passed a ``bytearray`` instance

2612

and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2613

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2614

self._no_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2615

2616

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2617

def _respects_length_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2618

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2619

Assert that when the given buffer is passed to ``Connection.recv_into``

2620

along with a value for ``nbytes`` that is less than the size of that

2621

buffer, only ``nbytes`` bytes are written into the buffer.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2622

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2623

output_buffer = factory(10)

2624

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2625

server, client = self._loopback()

2626

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2627

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2628

self.assertEqual(client.recv_into(output_buffer, 5), 5)

2629

self.assertEqual(

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2630

output_buffer, bytearray(b('abcde\x00\x00\x00\x00\x00'))

)

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2634

def test_bytearray_respects_length(self):

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2635

"""

2636

When called with a ``bytearray`` instance,

2637

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter and

2638

doesn't copy in more than that number of bytes.

2639

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2640

self._respects_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2641

2642

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2643

def _doesnt_overfill_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2644

"""

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2645

Assert that if there are more bytes available to be read from the

2646

receive buffer than would fit into the buffer passed to

2647

:py:obj:`Connection.recv_into`, only as many as fit are written into

2648

it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2649

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2650

output_buffer = factory(5)

2651

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2652

server, client = self._loopback()

2653

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2654

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2655

self.assertEqual(client.recv_into(output_buffer), 5)

2656

self.assertEqual(output_buffer, bytearray(b('abcde')))

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2657

rest = client.recv(5)

2658

self.assertEqual(b('fghij'), rest)

2659

2660

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2661

def test_bytearray_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2662

"""

2663

When called with a ``bytearray`` instance,

2664

:py:obj:`Connection.recv_into` respects the size of the array and

2665

doesn't write more bytes into it than will fit.

2666

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2667

self._doesnt_overfill_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2668

2669

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2670

def _really_doesnt_overfill_test(self, factory):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2671

"""

2672

Assert that if the value given by ``nbytes`` is greater than the actual

2673

size of the output buffer passed to :py:obj:`Connection.recv_into`, the

2674

behavior is as if no value was given for ``nbytes`` at all.

2675

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2676

output_buffer = factory(5)

2677

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2678

server, client = self._loopback()

2679

server.send(b('abcdefghij'))

2680

2681

self.assertEqual(client.recv_into(output_buffer, 50), 5)

2682

self.assertEqual(output_buffer, bytearray(b('abcde')))

2683

rest = client.recv(5)

2684

self.assertEqual(b('fghij'), rest)

2685

2686

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2687

def test_bytearray_really_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2688

"""

2689

When called with a ``bytearray`` instance and an ``nbytes`` value that

2690

is too large, :py:obj:`Connection.recv_into` respects the size of the

2691

array and not the ``nbytes`` value and doesn't write more bytes into

2692

the buffer than will fit.

2693

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2694

self._doesnt_overfill_test(bytearray)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2695

2696

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

try:

memoryview

except NameError:

"cannot test recv_into memoryview without memoryview"

2701

else:

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2702

def test_memoryview_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2703

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2704

:py:obj:`Connection.recv_into` can be passed a ``memoryview``

2705

instance and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2706

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2707

self._no_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2708

2709

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2710

def test_memoryview_respects_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2711

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2712

When called with a ``memoryview`` instance,

2713

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter

2714

and doesn't copy more than that number of bytes in.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2715

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2716

self._respects_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2717

2718

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2719

def test_memoryview_doesnt_overfill(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2720

"""

Jean-Paul Calderone

8fd8255

2015-03-15 17:21:07 -0400

[diff] [blame]

2721

When called with a ``memoryview`` instance,

2722

:py:obj:`Connection.recv_into` respects the size of the array and

2723

doesn't write more bytes into it than will fit.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2724

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2725

self._doesnt_overfill_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2726

2727

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2728

def test_memoryview_really_doesnt_overfill(self):

2729

"""

2730

When called with a ``memoryview`` instance and an ``nbytes`` value

2731

that is too large, :py:obj:`Connection.recv_into` respects the size

2732

of the array and not the ``nbytes`` value and doesn't write more

2733

bytes into the buffer than will fit.

2734

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2735

self._doesnt_overfill_test(_make_memoryview)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2736

2737

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2738

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2739

class ConnectionSendallTests(TestCase, _LoopbackMixin):

2740

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2741

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2742

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2743

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2744

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2745

When called with arguments other than a string argument for its first

2746

parameter or with more than two arguments, :py:obj:`Connection.sendall`

2747

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2748

"""

2749

connection = Connection(Context(TLSv1_METHOD), None)

2750

self.assertRaises(TypeError, connection.sendall)

2751

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2752

self.assertRaises(

2753

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2754

2755

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2756

def test_short(self):

2757

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2758

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2759

it.

2760

"""

2761

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

2762

server.sendall(b('x'))

2763

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2764

2765

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2770

else:

2771

def test_short_memoryview(self):

2772

"""

2773

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2774

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2775

"""

2776

server, client = self._loopback()

2777

server.sendall(memoryview(b('x')))

2778

self.assertEquals(client.recv(1), b('x'))

2779

2780

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffers without buffers"

2785

else:

2786

def test_short_buffers(self):

2787

"""

2788

When passed a buffer containing a small number of bytes,

2789

:py:obj:`Connection.sendall` transmits all of them.

2790

"""

2791

server, client = self._loopback()

2792

server.sendall(buffer(b('x')))

2793

self.assertEquals(client.recv(1), b('x'))

2794

2795

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2796

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2797

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2798

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2799

it even if this requires multiple calls of an underlying write function.

2800

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2801

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

2802

# Should be enough, underlying SSL_write should only do 16k at a time.

2803

# On Windows, after 32k of bytes the write will block (forever - because

2804

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

2805

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2806

server.sendall(message)

2807

accum = []

2808

received = 0

2809

while received < len(message):

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

2810

data = client.recv(1024)

2811

accum.append(data)

2812

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

2813

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2814

2815

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2816

def test_closed(self):

2817

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2818

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2819

write error from the low level write call.

2820

"""

2821

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

2822

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2823

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2824

if platform == "win32":

2825

self.assertEqual(exc.args[0], ESHUTDOWN)

2826

else:

2827

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2828

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2829

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2830

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2831

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

2832

"""

2833

Tests for SSL renegotiation APIs.

2834

"""

2835

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2836

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2837

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2838

arguments.

2839

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2840

connection = Connection(Context(TLSv1_METHOD), None)

2841

self.assertRaises(TypeError, connection.renegotiate, None)

2842

2843

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2844

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2845

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2846

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2847

any arguments.

2848

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2849

connection = Connection(Context(TLSv1_METHOD), None)

2850

self.assertRaises(TypeError, connection.total_renegotiations, None)

2851

2852

2853

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2854

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2855

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2856

renegotiations have happened.

2857

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2858

connection = Connection(Context(TLSv1_METHOD), None)

2859

self.assertEquals(connection.total_renegotiations(), 0)

2860

2861

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2862

# def test_renegotiate(self):

2863

# """

2864

# """

2865

# server, client = self._loopback()

2866

2867

# server.send("hello world")

2868

# self.assertEquals(client.recv(len("hello world")), "hello world")

2869

2870

# self.assertEquals(server.total_renegotiations(), 0)

2871

# self.assertTrue(server.renegotiate())

2872

2873

# server.setblocking(False)

2874

# client.setblocking(False)

2875

# while server.renegotiate_pending():

2876

# client.do_handshake()

2877

# server.do_handshake()

2878

2879

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2884

class ErrorTests(TestCase):

2885

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2886

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2887

"""

2888

def test_type(self):

2889

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2890

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2891

"""

2892

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2893

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2897

class ConstantsTests(TestCase):

2898

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2899

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2900

2901

These are values defined by OpenSSL intended only to be used as flags to

2902

OpenSSL APIs. The only assertions it seems can be made about them is

2903

their values.

2904

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2905

# unittest.TestCase has no skip mechanism

2906

if OP_NO_QUERY_MTU is not None:

2907

def test_op_no_query_mtu(self):

2908

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2909

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2910

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2911

"""

2912

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

2913

else:

2914

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2915

2916

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2917

if OP_COOKIE_EXCHANGE is not None:

2918

def test_op_cookie_exchange(self):

2919

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2920

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2921

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2922

"""

2923

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

2924

else:

2925

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2926

2927

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2928

if OP_NO_TICKET is not None:

2929

def test_op_no_ticket(self):

2930

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2931

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2932

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2933

"""

2934

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

2935

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2936

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

2937

2938

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2939

if OP_NO_COMPRESSION is not None:

2940

def test_op_no_compression(self):

2941

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2942

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

2943

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2944

"""

2945

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

2946

else:

2947

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

2948

2949

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2950

def test_sess_cache_off(self):

2951

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2952

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

2953

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2954

"""

2955

self.assertEqual(0x0, SESS_CACHE_OFF)

2956

2957

2958

def test_sess_cache_client(self):

2959

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2960

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

2961

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2962

"""

2963

self.assertEqual(0x1, SESS_CACHE_CLIENT)

2964

2965

2966

def test_sess_cache_server(self):

2967

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2968

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

2969

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2970

"""

2971

self.assertEqual(0x2, SESS_CACHE_SERVER)

2972

2973

2974

def test_sess_cache_both(self):

2975

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2976

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

2977

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2978

"""

2979

self.assertEqual(0x3, SESS_CACHE_BOTH)

2980

2981

2982

def test_sess_cache_no_auto_clear(self):

2983

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2984

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

2985

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

2986

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2987

"""

2988

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

2989

2990

2991

def test_sess_cache_no_internal_lookup(self):

2992

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2993

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

2994

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

2995

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2996

"""

2997

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

2998

2999

3000

def test_sess_cache_no_internal_store(self):

3001

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3002

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

3003

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

3004

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3005

"""

3006

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

3007

3008

3009

def test_sess_cache_no_internal(self):

3010

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3011

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

3012

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

3013

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3014

"""

3015

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

3016

3017

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

3018

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3019

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3020

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3021

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3022

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3023

def _server(self, sock):

3024

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3025

Create a new server-side SSL :py:obj:`Connection` object wrapped around

3026

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3027

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3028

# Create the server side Connection. This is mostly setup boilerplate

3029

# - use TLSv1, use a particular certificate, etc.

3030

server_ctx = Context(TLSv1_METHOD)

3031

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

3032

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

3033

server_store = server_ctx.get_cert_store()

3034

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

3035

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

3036

server_ctx.check_privatekey()

3037

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3038

# Here the Connection is actually created. If None is passed as the 2nd

3039

# parameter, it indicates a memory BIO should be created.

3040

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3041

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3045

def _client(self, sock):

3046

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3047

Create a new client-side SSL :py:obj:`Connection` object wrapped around

3048

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3049

"""

3050

# Now create the client side Connection. Similar boilerplate to the

3051

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3052

client_ctx = Context(TLSv1_METHOD)

3053

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

3054

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

3055

client_store = client_ctx.get_cert_store()

3056

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

3057

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

3058

client_ctx.check_privatekey()

3059

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3060

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3061

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3065

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3066

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3067

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3068

reading from the output of each and writing those bytes to the input of

3069

the other and in this way establish a connection and exchange

3070

application-level bytes with each other.

3071

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3072

server_conn = self._server(None)

3073

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3074

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3075

# There should be no key or nonces yet.

3076

self.assertIdentical(server_conn.master_key(), None)

3077

self.assertIdentical(server_conn.client_random(), None)

3078

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3079

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3080

# First, the handshake needs to happen. We'll deliver bytes back and

3081

# forth between the client and server until neither of them feels like

3082

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3083

self.assertIdentical(

3084

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3085

3086

# Now that the handshake is done, there should be a key and nonces.

3087

self.assertNotIdentical(server_conn.master_key(), None)

3088

self.assertNotIdentical(server_conn.client_random(), None)

3089

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

3090

self.assertEquals(server_conn.client_random(), client_conn.client_random())

3091

self.assertEquals(server_conn.server_random(), client_conn.server_random())

3092

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

3093

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3094

3095

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

3096

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3097

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3098

server_conn.write(important_message)

3099

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3100

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3101

(client_conn, important_message))

3102

3103

client_conn.write(important_message[::-1])

3104

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3105

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3106

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3107

3108

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3109

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3110

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3111

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3112

3113

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3114

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3115

this test fails, there must be a problem outside the memory BIO

3116

code, as no memory BIO is involved here). Even though this isn't a

3117

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3118

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

3119

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3120

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

3121

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3122

client_conn.send(important_message)

3123

msg = server_conn.recv(1024)

3124

self.assertEqual(msg, important_message)

3125

3126

# Again in the other direction, just for fun.

3127

important_message = important_message[::-1]

3128

server_conn.send(important_message)

3129

msg = client_conn.recv(1024)

3130

self.assertEqual(msg, important_message)

3131

3132

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

3133

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3134

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3135

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

3136

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3137

"""

3138

context = Context(SSLv3_METHOD)

3139

client = socket()

3140

clientSSL = Connection(context, client)

3141

self.assertRaises( TypeError, clientSSL.bio_read, 100)

3142

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

3143

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3144

3145

3146

def test_outgoingOverflow(self):

3147

"""

3148

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3149

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3150

returned and that many bytes from the beginning of the input can be

3151

read from the other end of the connection.

3152

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3153

server = self._server(None)

3154

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3155

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3156

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3157

3158

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

3159

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3160

# Sanity check. We're trying to test what happens when the entire

3161

# input can't be sent. If the entire input was sent, this test is

3162

# meaningless.

3163

self.assertTrue(sent < size)

3164

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3165

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3166

self.assertIdentical(receiver, server)

3167

3168

# We can rely on all of these bytes being received at once because

3169

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

3170

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3171

3172

3173

def test_shutdown(self):

3174

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3175

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

3176

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3177

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3178

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3179

server.bio_shutdown()

3180

e = self.assertRaises(Error, server.recv, 1024)

3181

# We don't want WantReadError or ZeroReturnError or anything - it's a

3182

# handshake failure.

3183

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3184

3185

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3186

def test_unexpectedEndOfFile(self):

3187

"""

3188

If the connection is lost before an orderly SSL shutdown occurs,

3189

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

3190

"Unexpected EOF".

3191

"""

3192

server_conn, client_conn = self._loopback()

3193

client_conn.sock_shutdown(SHUT_RDWR)

3194

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

3195

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

3196

3197

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3198

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3199

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3200

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3201

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

3202

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3203

before the client and server are connected to each other. This

3204

function should specify a list of CAs for the server to send to the

3205

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3206

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3207

times.

3208

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3209

server = self._server(None)

3210

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3211

self.assertEqual(client.get_client_ca_list(), [])

3212

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3213

ctx = server.get_context()

3214

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3215

self.assertEqual(client.get_client_ca_list(), [])

3216

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3217

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3218

self.assertEqual(client.get_client_ca_list(), expected)

3219

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3220

3221

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3222

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3223

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3224

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3225

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3226

"""

3227

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3228

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

3229

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

3230

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3231

3232

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3233

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3234

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3235

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3236

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3237

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3238

after the connection is set up.

3239

"""

3240

def no_ca(ctx):

3241

ctx.set_client_ca_list([])

3242

return []

3243

self._check_client_ca_list(no_ca)

3244

3245

3246

def test_set_one_ca_list(self):

3247

"""

3248

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3249

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3250

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3251

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3252

X509Name after the connection is set up.

3253

"""

3254

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3255

cadesc = cacert.get_subject()

3256

def single_ca(ctx):

3257

ctx.set_client_ca_list([cadesc])

3258

return [cadesc]

3259

self._check_client_ca_list(single_ca)

3260

3261

3262

def test_set_multiple_ca_list(self):

3263

"""

3264

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3265

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3266

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3267

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3268

X509Names after the connection is set up.

3269

"""

3270

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3271

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3272

3273

sedesc = secert.get_subject()

3274

cldesc = clcert.get_subject()

3275

3276

def multiple_ca(ctx):

3277

L = [sedesc, cldesc]

3278

ctx.set_client_ca_list(L)

3279

return L

3280

self._check_client_ca_list(multiple_ca)

3281

3282

3283

def test_reset_ca_list(self):

3284

"""

3285

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3286

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3287

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3288

"""

3289

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3290

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3291

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3292

3293

cadesc = cacert.get_subject()

3294

sedesc = secert.get_subject()

3295

cldesc = clcert.get_subject()

3296

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3297

def changed_ca(ctx):

3298

ctx.set_client_ca_list([sedesc, cldesc])

3299

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3300

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3301

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3302

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3303

3304

def test_mutated_ca_list(self):

3305

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3306

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3307

afterwards, this does not affect the list of CA names sent to the

3308

client.

3309

"""

3310

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3311

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3312

3313

cadesc = cacert.get_subject()

3314

sedesc = secert.get_subject()

3315

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3316

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3317

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3318

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3319

L.append(sedesc)

3320

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3321

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3322

3323

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3324

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3325

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3326

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3327

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3328

"""

3329

ctx = Context(TLSv1_METHOD)

3330

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3331

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3332

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3333

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3334

3335

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3336

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3337

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3338

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3339

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3340

"""

3341

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3342

cadesc = cacert.get_subject()

3343

def single_ca(ctx):

3344

ctx.add_client_ca(cacert)

3345

return [cadesc]

3346

self._check_client_ca_list(single_ca)

3347

3348

3349

def test_multiple_add_client_ca(self):

3350

"""

3351

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3352

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3353

"""

3354

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3355

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3356

3357

cadesc = cacert.get_subject()

3358

sedesc = secert.get_subject()

3359

3360

def multiple_ca(ctx):

3361

ctx.add_client_ca(cacert)

3362

ctx.add_client_ca(secert)

3363

return [cadesc, sedesc]

3364

self._check_client_ca_list(multiple_ca)

3365

3366

3367

def test_set_and_add_client_ca(self):

3368

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3369

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

3370

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3371

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3372

"""

3373

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3374

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3375

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3376

3377

cadesc = cacert.get_subject()

3378

sedesc = secert.get_subject()

3379

cldesc = clcert.get_subject()

3380

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3381

def mixed_set_add_ca(ctx):

3382

ctx.set_client_ca_list([cadesc, sedesc])

3383

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3384

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3385

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3386

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3387

3388

def test_set_after_add_client_ca(self):

3389

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3390

A call to :py:obj:`Context.set_client_ca_list` after a call to

3391

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3392

call with the names specified by the latter cal.

3393

"""

3394

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3395

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3396

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3397

3398

cadesc = cacert.get_subject()

3399

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3400

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3401

def set_replaces_add_ca(ctx):

3402

ctx.add_client_ca(clcert)

3403

ctx.set_client_ca_list([cadesc])

3404

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3405

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3406

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3407

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3408

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3409

3410

class ConnectionBIOTests(TestCase):

3411

"""

3412

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

3413

"""

3414

def test_wantReadError(self):

3415

"""

3416

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

3417

if there are no bytes available to be read from the BIO.

3418

"""

3419

ctx = Context(TLSv1_METHOD)

3420

conn = Connection(ctx, None)

3421

self.assertRaises(WantReadError, conn.bio_read, 1024)

3422

3423

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3424

def test_buffer_size(self):

3425

"""

3426

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

3427

number of bytes to read and return.

3428

"""

3429

ctx = Context(TLSv1_METHOD)

3430

conn = Connection(ctx, None)

3431

conn.set_connect_state()

3432

try:

3433

conn.do_handshake()

3434

except WantReadError:

3435

pass

3436

data = conn.bio_read(2)

3437

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

3442

"""

3443

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

3444

:py:obj:`long` as well as :py:obj:`int`.

3445

"""

3446

ctx = Context(TLSv1_METHOD)

3447

conn = Connection(ctx, None)

3448

conn.set_connect_state()

3449

try:

3450

conn.do_handshake()

3451

except WantReadError:

3452

pass

3453

data = conn.bio_read(long(2))

3454

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3458

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

3459

class InfoConstantTests(TestCase):

3460

"""

3461

Tests for assorted constants exposed for use in info callbacks.

3462

"""

3463

def test_integers(self):

3464

"""

3465

All of the info constants are integers.

3466

3467

This is a very weak test. It would be nice to have one that actually

3468

verifies that as certain info events happen, the value passed to the

3469

info callback matches up with the constant exposed by OpenSSL.SSL.

3470

"""

3471

for const in [

3472

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

3473

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

3474

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

3475

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

3476

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

3477

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

3478

3479

self.assertTrue(isinstance(const, int))

3480

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3481

Jean-Paul Calderone