Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2015-03-29 07:03:11 -0400

[diff] [blame]

1

2

Jean-Paul Calderone

8671c85

2011-03-02 19:26:20 -0500

[diff] [blame]

3

# Copyright (C) Jean-Paul Calderone

4

# See LICENSE for details.

Jean-Paul Calderone

8b63d45

2008-03-21 18:31:12 -0400

[diff] [blame]

5

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

7

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

8

"""

9

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

10

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

11

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

12

from sys import platform, version_info, getfilesystemencoding

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

13

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

14

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

15

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

16

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

17

from weakref import ref

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

18

from warnings import catch_warnings, simplefilter

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

19

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

20

from six import PY3, text_type, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

21

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

22

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

23

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

24

from OpenSSL.crypto import dump_privatekey, load_privatekey

25

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

26

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

27

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

28

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

29

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

30

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

31

from OpenSSL.SSL import (

32

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

33

TLSv1_1_METHOD, TLSv1_2_METHOD)

34

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

35

from OpenSSL.SSL import (

36

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

37

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

38

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

39

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

40

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

41

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

42

43

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

44

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

45

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

46

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

47

Jean-Paul Calderone

17eca48

2015-04-13 20:31:07 -0400

[diff] [blame^]

48

from OpenSSL.test.util import WARNING_TYPE_EXPECTED, NON_ASCII, TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

49

from OpenSSL.test.test_crypto import (

50

cleartextCertificatePEM, cleartextPrivateKeyPEM)

51

from OpenSSL.test.test_crypto import (

52

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

53

root_cert_pem)

54

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

55

try:

56

from OpenSSL.SSL import OP_NO_QUERY_MTU

57

except ImportError:

58

OP_NO_QUERY_MTU = None

59

try:

60

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

61

except ImportError:

62

OP_COOKIE_EXCHANGE = None

63

try:

64

from OpenSSL.SSL import OP_NO_TICKET

65

except ImportError:

66

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

67

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

68

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

69

from OpenSSL.SSL import OP_NO_COMPRESSION

70

except ImportError:

71

OP_NO_COMPRESSION = None

72

73

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

74

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

75

except ImportError:

76

MODE_RELEASE_BUFFERS = None

77

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

78

try:

79

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

80

except ImportError:

81

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

82

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

83

from OpenSSL.SSL import (

84

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

85

SSL_ST_OK, SSL_ST_RENEGOTIATE,

86

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

87

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

88

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

89

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

90

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

91

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

92

# to use)

93

dhparam = """\

94

-----BEGIN DH PARAMETERS-----

95

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

96

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2015-04-12 11:38:49 -0400

[diff] [blame]

100

def join_bytes_or_unicode(prefix, suffix):

101

"""

102

Join two path components of either ``bytes`` or ``unicode``.

103

104

The return type is the same as the type of ``prefix``.

105

"""

106

# If the types are the same, nothing special is necessary.

107

if type(prefix) == type(suffix):

108

return join(prefix, suffix)

109

110

# Otherwise, coerce suffix to the type of prefix.

111

if isinstance(prefix, text_type):

112

return join(prefix, suffix.decode(getfilesystemencoding()))

113

else:

114

return join(prefix, suffix.encode(getfilesystemencoding()))

115

116

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

117

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

118

return ok

119

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

120

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

121

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

122

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

123

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

124

"""

125

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

131

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

132

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

133

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

134

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

135

# Let's pass some unencrypted data to make sure our socket connection is

136

# fine. Just one byte, so we don't have to worry about buffers getting

137

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

138

server.send(b("x"))

139

assert client.recv(1024) == b("x")

140

client.send(b("y"))

141

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

142

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

143

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

144

server.setblocking(False)

145

client.setblocking(False)

146

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

147

return (server, client)

148

149

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

150

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

151

def handshake(client, server):

152

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

163

def _create_certificate_chain():

164

"""

165

Construct and return a chain of certificates.

166

167

1. A new self-signed certificate authority certificate (cacert)

168

2. A new intermediate certificate signed by cacert (icert)

169

3. A new server certificate signed by icert (scert)

170

"""

171

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

176

cacert = X509()

177

cacert.get_subject().commonName = "Authority Certificate"

178

cacert.set_issuer(cacert.get_subject())

179

cacert.set_pubkey(cakey)

180

cacert.set_notBefore(b("20000101000000Z"))

181

cacert.set_notAfter(b("20200101000000Z"))

182

cacert.add_extensions([caext])

183

cacert.set_serial_number(0)

184

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

189

icert = X509()

190

icert.get_subject().commonName = "Intermediate Certificate"

191

icert.set_issuer(cacert.get_subject())

192

icert.set_pubkey(ikey)

193

icert.set_notBefore(b("20000101000000Z"))

194

icert.set_notAfter(b("20200101000000Z"))

195

icert.add_extensions([caext])

196

icert.set_serial_number(0)

197

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

202

scert = X509()

203

scert.get_subject().commonName = "Server Certificate"

204

scert.set_issuer(icert.get_subject())

205

scert.set_pubkey(skey)

206

scert.set_notBefore(b("20000101000000Z"))

207

scert.set_notAfter(b("20200101000000Z"))

208

scert.add_extensions([

209

X509Extension(b('basicConstraints'), True, b('CA:false'))])

210

scert.set_serial_number(0)

211

scert.sign(ikey, "sha1")

212

213

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

217

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

218

"""

219

Helper mixin which defines methods for creating a connected socket pair and

220

for forcing two connected SSL sockets to talk to each other via memory BIOs.

221

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

222

def _loopbackClientFactory(self, socket):

223

client = Connection(Context(TLSv1_METHOD), socket)

224

client.set_connect_state()

225

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

226

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

227

228

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

229

ctx = Context(TLSv1_METHOD)

230

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

231

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

232

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

233

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

238

if serverFactory is None:

239

serverFactory = self._loopbackServerFactory

240

if clientFactory is None:

241

clientFactory = self._loopbackClientFactory

242

243

(server, client) = socket_pair()

244

server = serverFactory(server)

245

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

246

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

247

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

248

249

server.setblocking(True)

250

client.setblocking(True)

251

return server, client

252

253

254

def _interactInMemory(self, client_conn, server_conn):

255

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

256

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

257

objects. Copy bytes back and forth between their send/receive buffers

258

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

259

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

260

some application bytes, return a two-tuple of the connection from which

261

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

266

wrote = False

267

268

# Copy stuff from each side's send buffer to the other side's

269

# receive buffer.

270

for (read, write) in [(client_conn, server_conn),

271

(server_conn, client_conn)]:

272

273

# Give the side a chance to generate some more bytes, or

274

# succeed.

275

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

276

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

277

except WantReadError:

278

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

283

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

284

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

285

286

while True:

287

# Keep copying as long as there's more stuff there.

288

try:

289

dirty = read.bio_read(4096)

290

except WantReadError:

291

# Okay, nothing more waiting to be sent. Stop

292

# processing this send buffer.

293

break

294

else:

295

# Keep track of the fact that someone generated some

296

# output.

297

wrote = True

298

write.bio_write(dirty)

299

300

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

301

def _handshakeInMemory(self, client_conn, server_conn):

Jean-Paul Calderone

b2b4078

2014-05-06 08:47:40 -0400

[diff] [blame]

302

"""

303

Perform the TLS handshake between two :py:class:`Connection` instances

304

connected to each other via memory BIOs.

305

"""

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

306

client_conn.set_connect_state()

307

server_conn.set_accept_state()

308

309

for conn in [client_conn, server_conn]:

310

try:

311

conn.do_handshake()

312

except WantReadError:

313

pass

314

315

self._interactInMemory(client_conn, server_conn)

316

317

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

318

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

319

class VersionTests(TestCase):

320

"""

321

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

322

:py:obj:`OpenSSL.SSL.SSLeay_version` and

323

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

324

"""

325

def test_OPENSSL_VERSION_NUMBER(self):

326

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

327

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

328

byte and the patch, fix, minor, and major versions in the

329

nibbles above that.

330

"""

331

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

332

333

334

def test_SSLeay_version(self):

335

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

336

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

337

one of a number of version strings based on that indicator.

338

"""

339

versions = {}

340

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

341

SSLEAY_PLATFORM, SSLEAY_DIR]:

342

version = SSLeay_version(t)

343

versions[version] = t

344

self.assertTrue(isinstance(version, bytes))

345

self.assertEqual(len(versions), 5)

346

347

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

348

349

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

350

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

351

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

352

"""

353

def test_method(self):

354

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

355

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

356

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

357

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

358

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

359

methods = [

360

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

361

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

362

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

363

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

364

365

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

370

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

371

# don't. Difficult to say in advance.

372

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

373

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

374

self.assertRaises(TypeError, Context, "")

375

self.assertRaises(ValueError, Context, 10)

376

377

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

378

if not PY3:

379

def test_method_long(self):

380

"""

381

On Python 2 :py:class:`Context` accepts values of type

382

:py:obj:`long` as well as :py:obj:`int`.

383

"""

384

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

388

def test_type(self):

389

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

390

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

391

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

392

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

393

self.assertIdentical(Context, ContextType)

394

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

395

396

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

397

def test_use_privatekey(self):

398

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

399

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

400

"""

401

key = PKey()

402

key.generate_key(TYPE_RSA, 128)

403

ctx = Context(TLSv1_METHOD)

404

ctx.use_privatekey(key)

405

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

406

407

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

408

def test_use_privatekey_file_missing(self):

409

"""

410

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

411

when passed the name of a file which does not exist.

412

"""

413

ctx = Context(TLSv1_METHOD)

414

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

415

416

Jean-Paul Calderone

69a4e5b

2015-04-12 10:04:28 -0400

[diff] [blame]

417

def _use_privatekey_file_test(self, pemfile, filetype):

418

"""

419

Verify that calling ``Context.use_privatekey_file`` with the given

420

arguments does not raise an exception.

421

"""

422

key = PKey()

423

key.generate_key(TYPE_RSA, 128)

424

425

with open(pemfile, "wt") as pem:

426

pem.write(

427

dump_privatekey(FILETYPE_PEM, key).decode("ascii")

428

)

429

430

ctx = Context(TLSv1_METHOD)

431

ctx.use_privatekey_file(pemfile, filetype)

432

433

434

def test_use_privatekey_file_bytes(self):

435

"""

436

A private key can be specified from a file by passing a ``bytes``

437

instance giving the file name to ``Context.use_privatekey_file``.

438

"""

439

self._use_privatekey_file_test(

440

self.mktemp() + NON_ASCII.encode(getfilesystemencoding()),

FILETYPE_PEM,

)

def test_use_privatekey_file_unicode(self):

446

"""

447

A private key can be specified from a file by passing a ``unicode``

448

instance giving the file name to ``Context.use_privatekey_file``.

449

"""

450

self._use_privatekey_file_test(

451

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII,

FILETYPE_PEM,

)

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

456

if not PY3:

457

def test_use_privatekey_file_long(self):

458

"""

459

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

460

filetype of type :py:obj:`long` as well as :py:obj:`int`.

461

"""

Jean-Paul Calderone

69a4e5b

2015-04-12 10:04:28 -0400

[diff] [blame]

462

self._use_privatekey_file_test(self.mktemp(), long(FILETYPE_PEM))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

463

464

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

465

def test_use_certificate_wrong_args(self):

466

"""

467

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

468

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

469

argument.

470

"""

471

ctx = Context(TLSv1_METHOD)

472

self.assertRaises(TypeError, ctx.use_certificate)

473

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

474

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

475

476

477

def test_use_certificate_uninitialized(self):

478

"""

479

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

480

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

481

initialized (ie, which does not actually have any certificate data).

482

"""

483

ctx = Context(TLSv1_METHOD)

484

self.assertRaises(Error, ctx.use_certificate, X509())

485

486

487

def test_use_certificate(self):

488

"""

489

:py:obj:`Context.use_certificate` sets the certificate which will be

490

used to identify connections created using the context.

491

"""

492

# TODO

493

# Hard to assert anything. But we could set a privatekey then ask

494

# OpenSSL if the cert and key agree using check_privatekey. Then as

495

# long as check_privatekey works right we're good...

496

ctx = Context(TLSv1_METHOD)

497

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

498

499

500

def test_use_certificate_file_wrong_args(self):

501

"""

502

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

503

called with zero arguments or more than two arguments, or if the first

504

argument is not a byte string or the second argumnent is not an integer.

505

"""

506

ctx = Context(TLSv1_METHOD)

507

self.assertRaises(TypeError, ctx.use_certificate_file)

508

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

509

self.assertRaises(

510

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

511

self.assertRaises(

512

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

513

self.assertRaises(

514

TypeError, ctx.use_certificate_file, b"somefile", object())

515

516

517

def test_use_certificate_file_missing(self):

518

"""

519

:py:obj:`Context.use_certificate_file` raises

520

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

521

exist.

522

"""

523

ctx = Context(TLSv1_METHOD)

524

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

525

526

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

527

def _use_certificate_file_test(self, certificate_file):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

528

"""

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

529

Verify that calling ``Context.use_certificate_file`` with the given

530

filename doesn't raise an exception.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

531

"""

532

# TODO

533

# Hard to assert anything. But we could set a privatekey then ask

534

# OpenSSL if the cert and key agree using check_privatekey. Then as

535

# long as check_privatekey works right we're good...

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

536

with open(certificate_file, "wb") as pem_file:

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

537

pem_file.write(cleartextCertificatePEM)

538

539

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

540

ctx.use_certificate_file(certificate_file)

541

542

543

def test_use_certificate_file_bytes(self):

544

"""

545

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

546

``bytes`` filename) which will be used to identify connections created

547

using the context.

548

"""

549

filename = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

550

self._use_certificate_file_test(filename)

551

552

553

def test_use_certificate_file_unicode(self):

554

"""

555

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

556

``bytes`` filename) which will be used to identify connections created

557

using the context.

558

"""

559

filename = self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

560

self._use_certificate_file_test(filename)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

561

562

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

563

if not PY3:

564

def test_use_certificate_file_long(self):

565

"""

566

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

567

filetype of type :py:obj:`long` as well as :py:obj:`int`.

568

"""

569

pem_filename = self.mktemp()

570

with open(pem_filename, "wb") as pem_file:

571

pem_file.write(cleartextCertificatePEM)

572

573

ctx = Context(TLSv1_METHOD)

574

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

575

576

Jean-Paul Calderone

932f5cc

2014-12-11 13:58:00 -0500

[diff] [blame]

577

def test_check_privatekey_valid(self):

578

"""

579

:py:obj:`Context.check_privatekey` returns :py:obj:`None` if the

580

:py:obj:`Context` instance has been configured to use a matched key and

581

certificate pair.

582

"""

583

key = load_privatekey(FILETYPE_PEM, client_key_pem)

584

cert = load_certificate(FILETYPE_PEM, client_cert_pem)

585

context = Context(TLSv1_METHOD)

586

context.use_privatekey(key)

587

context.use_certificate(cert)

588

self.assertIs(None, context.check_privatekey())

589

590

591

def test_check_privatekey_invalid(self):

592

"""

593

:py:obj:`Context.check_privatekey` raises :py:obj:`Error` if the

594

:py:obj:`Context` instance has been configured to use a key and

595

certificate pair which don't relate to each other.

596

"""

597

key = load_privatekey(FILETYPE_PEM, client_key_pem)

598

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

599

context = Context(TLSv1_METHOD)

600

context.use_privatekey(key)

601

context.use_certificate(cert)

602

self.assertRaises(Error, context.check_privatekey)

603

604

605

def test_check_privatekey_wrong_args(self):

606

"""

607

:py:obj:`Context.check_privatekey` raises :py:obj:`TypeError` if called

608

with other than no arguments.

609

"""

610

context = Context(TLSv1_METHOD)

611

self.assertRaises(TypeError, context.check_privatekey, object())

612

613

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

614

def test_set_app_data_wrong_args(self):

615

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

616

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

617

one argument.

618

"""

619

context = Context(TLSv1_METHOD)

620

self.assertRaises(TypeError, context.set_app_data)

621

self.assertRaises(TypeError, context.set_app_data, None, None)

622

623

624

def test_get_app_data_wrong_args(self):

625

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

626

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

627

arguments.

628

"""

629

context = Context(TLSv1_METHOD)

630

self.assertRaises(TypeError, context.get_app_data, None)

631

632

633

def test_app_data(self):

634

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

635

:py:obj:`Context.set_app_data` stores an object for later retrieval using

636

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

637

"""

638

app_data = object()

639

context = Context(TLSv1_METHOD)

640

context.set_app_data(app_data)

641

self.assertIdentical(context.get_app_data(), app_data)

642

643

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

644

def test_set_options_wrong_args(self):

645

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

646

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

647

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

648

"""

649

context = Context(TLSv1_METHOD)

650

self.assertRaises(TypeError, context.set_options)

651

self.assertRaises(TypeError, context.set_options, None)

652

self.assertRaises(TypeError, context.set_options, 1, None)

653

654

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

655

def test_set_options(self):

656

"""

657

:py:obj:`Context.set_options` returns the new options value.

658

"""

659

context = Context(TLSv1_METHOD)

660

options = context.set_options(OP_NO_SSLv2)

661

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

666

"""

667

On Python 2 :py:obj:`Context.set_options` accepts values of type

668

:py:obj:`long` as well as :py:obj:`int`.

669

"""

670

context = Context(TLSv1_METHOD)

671

options = context.set_options(long(OP_NO_SSLv2))

672

self.assertTrue(OP_NO_SSLv2 & options)

673

674

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

675

def test_set_mode_wrong_args(self):

676

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

677

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

678

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

679

"""

680

context = Context(TLSv1_METHOD)

681

self.assertRaises(TypeError, context.set_mode)

682

self.assertRaises(TypeError, context.set_mode, None)

683

self.assertRaises(TypeError, context.set_mode, 1, None)

684

685

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

686

if MODE_RELEASE_BUFFERS is not None:

687

def test_set_mode(self):

688

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

689

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

690

set mode.

691

"""

692

context = Context(TLSv1_METHOD)

693

self.assertTrue(

694

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

695

696

if not PY3:

697

def test_set_mode_long(self):

698

"""

699

On Python 2 :py:obj:`Context.set_mode` accepts values of type

700

:py:obj:`long` as well as :py:obj:`int`.

701

"""

702

context = Context(TLSv1_METHOD)

703

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

704

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

705

else:

706

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

707

708

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

709

def test_set_timeout_wrong_args(self):

710

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

711

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

712

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

713

"""

714

context = Context(TLSv1_METHOD)

715

self.assertRaises(TypeError, context.set_timeout)

716

self.assertRaises(TypeError, context.set_timeout, None)

717

self.assertRaises(TypeError, context.set_timeout, 1, None)

718

719

720

def test_get_timeout_wrong_args(self):

721

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

722

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

723

"""

724

context = Context(TLSv1_METHOD)

725

self.assertRaises(TypeError, context.get_timeout, None)

726

727

728

def test_timeout(self):

729

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

730

:py:obj:`Context.set_timeout` sets the session timeout for all connections

731

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

732

value.

733

"""

734

context = Context(TLSv1_METHOD)

735

context.set_timeout(1234)

736

self.assertEquals(context.get_timeout(), 1234)

737

738

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

739

if not PY3:

740

def test_timeout_long(self):

741

"""

742

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

743

`long` as well as int.

744

"""

745

context = Context(TLSv1_METHOD)

746

context.set_timeout(long(1234))

747

self.assertEquals(context.get_timeout(), 1234)

748

749

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

750

def test_set_verify_depth_wrong_args(self):

751

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

752

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

753

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

754

"""

755

context = Context(TLSv1_METHOD)

756

self.assertRaises(TypeError, context.set_verify_depth)

757

self.assertRaises(TypeError, context.set_verify_depth, None)

758

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

759

760

761

def test_get_verify_depth_wrong_args(self):

762

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

763

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

764

"""

765

context = Context(TLSv1_METHOD)

766

self.assertRaises(TypeError, context.get_verify_depth, None)

767

768

769

def test_verify_depth(self):

770

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

771

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

772

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

773

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

774

"""

775

context = Context(TLSv1_METHOD)

776

context.set_verify_depth(11)

777

self.assertEquals(context.get_verify_depth(), 11)

778

779

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

780

if not PY3:

781

def test_verify_depth_long(self):

782

"""

783

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

784

type `long` as well as int.

785

"""

786

context = Context(TLSv1_METHOD)

787

context.set_verify_depth(long(11))

788

self.assertEquals(context.get_verify_depth(), 11)

789

790

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

791

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

792

"""

793

Write a new private key out to a new file, encrypted using the given

794

passphrase. Return the path to the new file.

795

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

796

key = PKey()

797

key.generate_key(TYPE_RSA, 128)

798

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

799

fObj = open(pemFile, 'w')

800

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

801

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

806

def test_set_passwd_cb_wrong_args(self):

807

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

808

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

809

wrong arguments or with a non-callable first argument.

810

"""

811

context = Context(TLSv1_METHOD)

812

self.assertRaises(TypeError, context.set_passwd_cb)

813

self.assertRaises(TypeError, context.set_passwd_cb, None)

814

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

815

816

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

817

def test_set_passwd_cb(self):

818

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

819

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

820

a private key is loaded from an encrypted PEM.

821

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

822

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

823

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

824

calledWith = []

825

def passphraseCallback(maxlen, verify, extra):

826

calledWith.append((maxlen, verify, extra))

827

return passphrase

828

context = Context(TLSv1_METHOD)

829

context.set_passwd_cb(passphraseCallback)

830

context.use_privatekey_file(pemFile)

831

self.assertTrue(len(calledWith), 1)

832

self.assertTrue(isinstance(calledWith[0][0], int))

833

self.assertTrue(isinstance(calledWith[0][1], int))

834

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

835

836

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

837

def test_passwd_callback_exception(self):

838

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

839

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

840

passphrase callback.

841

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

842

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

843

def passphraseCallback(maxlen, verify, extra):

844

raise RuntimeError("Sorry, I am a fail.")

845

846

context = Context(TLSv1_METHOD)

847

context.set_passwd_cb(passphraseCallback)

848

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

849

850

851

def test_passwd_callback_false(self):

852

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

853

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

854

passphrase callback returns a false value.

855

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

856

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

857

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

858

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

859

860

context = Context(TLSv1_METHOD)

861

context.set_passwd_cb(passphraseCallback)

862

self.assertRaises(Error, context.use_privatekey_file, pemFile)

863

864

865

def test_passwd_callback_non_string(self):

866

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

867

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

868

passphrase callback returns a true non-string value.

869

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

870

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

871

def passphraseCallback(maxlen, verify, extra):

872

return 10

873

874

context = Context(TLSv1_METHOD)

875

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

876

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

877

878

879

def test_passwd_callback_too_long(self):

880

"""

881

If the passphrase returned by the passphrase callback returns a string

882

longer than the indicated maximum length, it is truncated.

883

"""

884

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

885

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

886

pemFile = self._write_encrypted_pem(passphrase)

887

def passphraseCallback(maxlen, verify, extra):

888

assert maxlen == 1024

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

889

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

890

891

context = Context(TLSv1_METHOD)

892

context.set_passwd_cb(passphraseCallback)

893

# This shall succeed because the truncated result is the correct

894

# passphrase.

895

context.use_privatekey_file(pemFile)

896

897

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

898

def test_set_info_callback(self):

899

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

900

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

901

when certain information about an SSL connection is available.

902

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

903

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

904

905

clientSSL = Connection(Context(TLSv1_METHOD), client)

906

clientSSL.set_connect_state()

907

908

called = []

909

def info(conn, where, ret):

910

called.append((conn, where, ret))

911

context = Context(TLSv1_METHOD)

912

context.set_info_callback(info)

913

context.use_certificate(

914

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

915

context.use_privatekey(

916

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

917

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

918

serverSSL = Connection(context, server)

919

serverSSL.set_accept_state()

920

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

921

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

922

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

923

# The callback must always be called with a Connection instance as the

924

# first argument. It would probably be better to split this into

925

# separate tests for client and server side info callbacks so we could

926

# assert it is called with the right Connection instance. It would

927

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

928

notConnections = [

929

conn for (conn, where, ret) in called

930

if not isinstance(conn, Connection)]

931

self.assertEqual(

932

[], notConnections,

933

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

934

935

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

936

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

937

"""

938

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

939

its :py:obj:`load_verify_locations` method with the given arguments.

940

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

941

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

942

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

943

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

944

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

945

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

946

# Require that the server certificate verify properly or the

947

# connection will fail.

948

clientContext.set_verify(

949

VERIFY_PEER,

950

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

951

952

clientSSL = Connection(clientContext, client)

953

clientSSL.set_connect_state()

954

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

955

serverContext = Context(TLSv1_METHOD)

956

serverContext.use_certificate(

957

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

958

serverContext.use_privatekey(

959

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

960

961

serverSSL = Connection(serverContext, server)

962

serverSSL.set_accept_state()

963

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

964

# Without load_verify_locations above, the handshake

965

# will fail:

966

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

967

# 'certificate verify failed')]

968

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

969

970

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

971

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

972

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

973

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

974

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

975

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

976

Verify that if path to a file containing a certificate is passed to

977

``Context.load_verify_locations`` for the ``cafile`` parameter, that

978

certificate is used as a trust root for the purposes of verifying

979

connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

980

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

981

fObj = open(cafile, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

982

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

983

fObj.close()

984

985

self._load_verify_locations_test(cafile)

986

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

987

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

988

def test_load_verify_bytes_cafile(self):

989

"""

990

:py:obj:`Context.load_verify_locations` accepts a file name as a

991

``bytes`` instance and uses the certificates within for verification

992

purposes.

993

"""

994

cafile = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

995

self._load_verify_cafile(cafile)

996

997

998

def test_load_verify_unicode_cafile(self):

999

"""

1000

:py:obj:`Context.load_verify_locations` accepts a file name as a

1001

``unicode`` instance and uses the certificates within for verification

1002

purposes.

1003

"""

Jean-Paul Calderone

4f70c80

2015-04-12 11:26:47 -0400

[diff] [blame]

1004

self._load_verify_cafile(

1005

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

1006

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1007

1008

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

1009

def test_load_verify_invalid_file(self):

1010

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1011

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

1012

non-existent cafile.

1013

"""

1014

clientContext = Context(TLSv1_METHOD)

1015

self.assertRaises(

1016

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1017

1018

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1019

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1020

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1021

Verify that if path to a directory containing certificate files is

1022

passed to ``Context.load_verify_locations`` for the ``capath``

1023

parameter, those certificates are used as trust roots for the purposes

1024

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1025

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1026

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

1027

# Hash values computed manually with c_rehash to avoid depending on

1028

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

1029

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1030

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1031

cafile = join_bytes_or_unicode(capath, name)

1032

with open(cafile, 'w') as fObj:

1033

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1034

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1035

self._load_verify_locations_test(None, capath)

1036

1037

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1038

def test_load_verify_directory_bytes_capath(self):

1039

"""

1040

:py:obj:`Context.load_verify_locations` accepts a directory name as a

1041

``bytes`` instance and uses the certificates within for verification

1042

purposes.

1043

"""

1044

self._load_verify_directory_locations_capath(

1045

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_load_verify_directory_unicode_capath(self):

1050

"""

1051

:py:obj:`Context.load_verify_locations` accepts a directory name as a

1052

``unicode`` instance and uses the certificates within for verification

1053

purposes.

1054

"""

Jean-Paul Calderone

4f70c80

2015-04-12 11:26:47 -0400

[diff] [blame]

1055

self._load_verify_directory_locations_capath(

1056

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

1057

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1058

1059

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1060

def test_load_verify_locations_wrong_args(self):

1061

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1062

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

1063

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1064

"""

1065

context = Context(TLSv1_METHOD)

1066

self.assertRaises(TypeError, context.load_verify_locations)

1067

self.assertRaises(TypeError, context.load_verify_locations, object())

1068

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

1069

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

1070

1071

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

1072

if platform == "win32":

1073

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1074

"See LP#404343 and LP#404344."

1075

else:

1076

def test_set_default_verify_paths(self):

1077

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1078

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1079

certificate locations to be used for verification purposes.

1080

"""

1081

# Testing this requires a server with a certificate signed by one of

1082

# the CAs in the platform CA location. Getting one of those costs

1083

# money. Fortunately (or unfortunately, depending on your

1084

# perspective), it's easy to think of a public server on the

1085

# internet which has such a certificate. Connecting to the network

1086

# in a unit test is bad, but it's the only way I can think of to

1087

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1088

Alex Gaynor

b586da3

2014-11-15 09:22:21 -0800

[diff] [blame]

1089

# Arg, verisign.com doesn't speak anything newer than TLS 1.0

1090

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1091

context.set_default_verify_paths()

1092

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

1093

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1094

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1095

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1096

client = socket()

1097

client.connect(('verisign.com', 443))

1098

clientSSL = Connection(context, client)

1099

clientSSL.set_connect_state()

1100

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1101

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1102

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1103

1104

1105

def test_set_default_verify_paths_signature(self):

1106

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1107

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

1108

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1109

"""

1110

context = Context(TLSv1_METHOD)

1111

self.assertRaises(TypeError, context.set_default_verify_paths, None)

1112

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

1113

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1114

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1115

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1116

def test_add_extra_chain_cert_invalid_cert(self):

1117

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1118

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1119

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1120

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1121

"""

1122

context = Context(TLSv1_METHOD)

1123

self.assertRaises(TypeError, context.add_extra_chain_cert)

1124

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

1125

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

1126

1127

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1128

def _handshake_test(self, serverContext, clientContext):

1129

"""

1130

Verify that a client and server created with the given contexts can

1131

successfully handshake and communicate.

1132

"""

1133

serverSocket, clientSocket = socket_pair()

1134

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1135

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1136

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1137

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1138

client = Connection(clientContext, clientSocket)

1139

client.set_connect_state()

1140

1141

# Make them talk to each other.

1142

# self._interactInMemory(client, server)

1143

for i in range(3):

1144

for s in [client, server]:

1145

try:

1146

s.do_handshake()

1147

except WantReadError:

pass

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1151

def test_set_verify_callback_connection_argument(self):

1152

"""

1153

The first argument passed to the verify callback is the

1154

:py:class:`Connection` instance for which verification is taking place.

1155

"""

1156

serverContext = Context(TLSv1_METHOD)

1157

serverContext.use_privatekey(

1158

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1159

serverContext.use_certificate(

1160

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1161

serverConnection = Connection(serverContext, None)

1162

1163

class VerifyCallback(object):

1164

def callback(self, connection, *args):

1165

self.connection = connection

1166

return 1

1167

1168

verify = VerifyCallback()

1169

clientContext = Context(TLSv1_METHOD)

1170

clientContext.set_verify(VERIFY_PEER, verify.callback)

1171

clientConnection = Connection(clientContext, None)

1172

clientConnection.set_connect_state()

1173

1174

self._handshakeInMemory(clientConnection, serverConnection)

1175

1176

self.assertIdentical(verify.connection, clientConnection)

1177

1178

Jean-Paul Calderone

7e166fe

2013-03-06 20:54:38 -0800

[diff] [blame]

1179

def test_set_verify_callback_exception(self):

1180

"""

1181

If the verify callback passed to :py:obj:`Context.set_verify` raises an

1182

exception, verification fails and the exception is propagated to the

1183

caller of :py:obj:`Connection.do_handshake`.

1184

"""

1185

serverContext = Context(TLSv1_METHOD)

1186

serverContext.use_privatekey(

1187

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1188

serverContext.use_certificate(

1189

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1190

1191

clientContext = Context(TLSv1_METHOD)

1192

def verify_callback(*args):

1193

raise Exception("silly verify failure")

1194

clientContext.set_verify(VERIFY_PEER, verify_callback)

1195

1196

exc = self.assertRaises(

1197

Exception, self._handshake_test, serverContext, clientContext)

1198

self.assertEqual("silly verify failure", str(exc))

1199

1200

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1201

def test_add_extra_chain_cert(self):

1202

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1203

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509` instance to add to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1204

the certificate chain.

1205

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1206

See :py:obj:`_create_certificate_chain` for the details of the certificate

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1207

chain tested.

1208

1209

The chain is tested by starting a server with scert and connecting

1210

to it with a client which trusts cacert and requires verification to

1211

succeed.

1212

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1213

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1214

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1215

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1216

# Dump the CA certificate to a file because that's the only way to load

1217

# it as a trusted CA in the client context.

1218

for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1219

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1220

fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1221

fObj.close()

1222

1223

for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1224

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1225

fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1226

fObj.close()

1227

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1228

# Create the server context

1229

serverContext = Context(TLSv1_METHOD)

1230

serverContext.use_privatekey(skey)

1231

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1232

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1233

serverContext.add_extra_chain_cert(icert)

1234

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1235

# Create the client

1236

clientContext = Context(TLSv1_METHOD)

1237

clientContext.set_verify(

1238

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1239

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1240

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1241

# Try it out.

1242

self._handshake_test(serverContext, clientContext)

1243

1244

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1245

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1246

"""

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1247

Verify that :py:obj:`Context.use_certificate_chain_file` reads a

1248

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1249

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1250

The chain is tested by starting a server with scert and connecting to

1251

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1252

succeed.

1253

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1254

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1255

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1256

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1257

makedirs(certdir)

1258

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1259

chainFile = join_bytes_or_unicode(certdir, "chain.pem")

1260

caFile = join_bytes_or_unicode(certdir, "ca.pem")

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1261

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1262

# Write out the chain file.

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1263

with open(chainFile, 'wb') as fObj:

1264

# Most specific to least general.

1265

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1266

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1267

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1268

1269

with open(caFile, 'w') as fObj:

1270

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1271

1272

serverContext = Context(TLSv1_METHOD)

1273

serverContext.use_certificate_chain_file(chainFile)

1274

serverContext.use_privatekey(skey)

1275

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1276

clientContext = Context(TLSv1_METHOD)

1277

clientContext.set_verify(

1278

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1279

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1280

1281

self._handshake_test(serverContext, clientContext)

1282

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1283

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1284

def test_use_certificate_chain_file_bytes(self):

1285

"""

1286

``Context.use_certificate_chain_file`` accepts the name of a file (as

1287

an instance of ``bytes``) to specify additional certificates to use to

1288

construct and verify a trust chain.

1289

"""

1290

self._use_certificate_chain_file_test(

1291

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_use_certificate_chain_file_unicode(self):

1296

"""

1297

``Context.use_certificate_chain_file`` accepts the name of a file (as

1298

an instance of ``unicode``) to specify additional certificates to use

1299

to construct and verify a trust chain.

1300

"""

1301

self._use_certificate_chain_file_test(

1302

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

)

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1306

def test_use_certificate_chain_file_wrong_args(self):

1307

"""

1308

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1309

if passed zero or more than one argument or when passed a non-byte

1310

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1311

passed a bad chain file name (for example, the name of a file which does

1312

not exist).

1313

"""

1314

context = Context(TLSv1_METHOD)

1315

self.assertRaises(TypeError, context.use_certificate_chain_file)

1316

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1317

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1318

1319

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1320

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1321

# XXX load_client_ca

1322

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1323

1324

def test_get_verify_mode_wrong_args(self):

1325

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1326

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1327

arguments.

1328

"""

1329

context = Context(TLSv1_METHOD)

1330

self.assertRaises(TypeError, context.get_verify_mode, None)

1331

1332

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1333

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1334

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1335

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1336

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1337

"""

1338

context = Context(TLSv1_METHOD)

1339

self.assertEquals(context.get_verify_mode(), 0)

1340

context.set_verify(

1341

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1342

self.assertEquals(

1343

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1344

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1345

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1346

if not PY3:

1347

def test_set_verify_mode_long(self):

1348

"""

1349

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1350

type :py:obj:`long` as well as :py:obj:`int`.

1351

"""

1352

context = Context(TLSv1_METHOD)

1353

self.assertEquals(context.get_verify_mode(), 0)

1354

context.set_verify(

1355

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1356

self.assertEquals(

1357

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1358

1359

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1360

def test_load_tmp_dh_wrong_args(self):

1361

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1362

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1363

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1364

"""

1365

context = Context(TLSv1_METHOD)

1366

self.assertRaises(TypeError, context.load_tmp_dh)

1367

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1368

self.assertRaises(TypeError, context.load_tmp_dh, object())

1369

1370

1371

def test_load_tmp_dh_missing_file(self):

1372

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1373

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1374

does not exist.

1375

"""

1376

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1377

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1378

1379

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1380

def _load_tmp_dh_test(self, dhfilename):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1381

"""

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

1382

Verify that calling ``Context.load_tmp_dh`` with the given filename

1383

does not raise an exception.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1384

"""

1385

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1386

with open(dhfilename, "w") as dhfile:

1387

dhfile.write(dhparam)

1388

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1389

context.load_tmp_dh(dhfilename)

1390

# XXX What should I assert here? -exarkun

1391

1392

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1393

def test_load_tmp_dh_bytes(self):

1394

"""

1395

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

1396

specified file (given as ``bytes``).

1397

"""

1398

self._load_tmp_dh_test(

1399

self.mktemp() + NON_ASCII.encode(getfilesystemencoding()),

)

def test_load_tmp_dh_unicode(self):

1404

"""

1405

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

1406

specified file (given as ``unicode``).

1407

"""

1408

self._load_tmp_dh_test(

1409

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII,

)

Jean-Paul Calderone

2014-04-19 09:28:28 -0400

[diff] [blame]

1413

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1414

"""

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1415

:py:obj:`Context.set_tmp_ecdh` sets the elliptic curve for

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1416

Diffie-Hellman to the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1417

"""

1418

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1419

for curve in get_elliptic_curves():

1420

# The only easily "assertable" thing is that it does not raise an

1421

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1422

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1423

1424

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1425

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1426

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1427

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1428

ciphers which connections created with the context object will be able

1429

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1430

"""

1431

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1432

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1433

conn = Connection(context, None)

1434

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1435

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1436

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1437

def test_set_cipher_list_text(self):

1438

"""

1439

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1440

the ciphers which connections created with the context object will be

1441

able to choose from.

1442

"""

1443

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1444

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1445

conn = Connection(context, None)

1446

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1447

1448

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1449

def test_set_cipher_list_wrong_args(self):

1450

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1451

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1452

passed zero arguments or more than one argument or when passed a

1453

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1454

passed an incorrect cipher list string.

1455

"""

1456

context = Context(TLSv1_METHOD)

1457

self.assertRaises(TypeError, context.set_cipher_list)

1458

self.assertRaises(TypeError, context.set_cipher_list, object())

1459

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1460

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1461

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1462

1463

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1464

def test_set_session_cache_mode_wrong_args(self):

1465

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1466

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1467

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1468

"""

1469

context = Context(TLSv1_METHOD)

1470

self.assertRaises(TypeError, context.set_session_cache_mode)

1471

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1472

1473

1474

def test_get_session_cache_mode_wrong_args(self):

1475

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1476

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1477

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1478

"""

1479

context = Context(TLSv1_METHOD)

1480

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1481

1482

1483

def test_session_cache_mode(self):

1484

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1485

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1486

cached. The setting can be retrieved via

1487

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1488

"""

1489

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1490

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1491

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1492

self.assertEqual(SESS_CACHE_OFF, off)

1493

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1494

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1495

if not PY3:

1496

def test_session_cache_mode_long(self):

1497

"""

1498

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1499

of type :py:obj:`long` as well as :py:obj:`int`.

1500

"""

1501

context = Context(TLSv1_METHOD)

1502

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1503

self.assertEqual(

1504

SESS_CACHE_BOTH, context.get_session_cache_mode())

1505

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1506

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1507

def test_get_cert_store(self):

1508

"""

1509

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1510

"""

1511

context = Context(TLSv1_METHOD)

1512

store = context.get_cert_store()

1513

self.assertIsInstance(store, X509Store)

1514

1515

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1516

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1517

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1518

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1519

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1520

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1521

"""

1522

def test_wrong_args(self):

1523

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1524

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1525

with other than one argument.

1526

"""

1527

context = Context(TLSv1_METHOD)

1528

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1529

self.assertRaises(

1530

TypeError, context.set_tlsext_servername_callback, 1, 2)

1531

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1532

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1533

def test_old_callback_forgotten(self):

1534

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1535

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1536

callback, the one it replaces is dereferenced.

1537

"""

1538

def callback(connection):

1539

pass

1540

1541

def replacement(connection):

1542

pass

1543

1544

context = Context(TLSv1_METHOD)

1545

context.set_tlsext_servername_callback(callback)

1546

1547

tracker = ref(callback)

1548

del callback

1549

1550

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1551

1552

# One run of the garbage collector happens to work on CPython. PyPy

1553

# doesn't collect the underlying object until a second run for whatever

1554

# reason. That's fine, it still demonstrates our code has properly

1555

# dropped the reference.

1556

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1557

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1558

1559

callback = tracker()

1560

if callback is not None:

1561

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1562

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1563

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1564

1565

1566

def test_no_servername(self):

1567

"""

1568

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1569

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1570

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1571

"""

1572

args = []

1573

def servername(conn):

1574

args.append((conn, conn.get_servername()))

1575

context = Context(TLSv1_METHOD)

1576

context.set_tlsext_servername_callback(servername)

1577

1578

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1584

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1585

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1586

1587

# Do a little connection to trigger the logic

1588

server = Connection(context, None)

1589

server.set_accept_state()

1590

1591

client = Connection(Context(TLSv1_METHOD), None)

1592

client.set_connect_state()

1593

1594

self._interactInMemory(server, client)

1595

1596

self.assertEqual([(server, None)], args)

1597

1598

1599

def test_servername(self):

1600

"""

1601

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1602

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1603

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1604

"""

1605

args = []

1606

def servername(conn):

1607

args.append((conn, conn.get_servername()))

1608

context = Context(TLSv1_METHOD)

1609

context.set_tlsext_servername_callback(servername)

1610

1611

# Necessary to actually accept the connection

1612

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1613

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1614

1615

# Do a little connection to trigger the logic

1616

server = Connection(context, None)

1617

server.set_accept_state()

1618

1619

client = Connection(Context(TLSv1_METHOD), None)

1620

client.set_connect_state()

1621

client.set_tlsext_host_name(b("foo1.example.com"))

1622

1623

self._interactInMemory(server, client)

1624

1625

self.assertEqual([(server, b("foo1.example.com"))], args)

1626

1627

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1628

class NextProtoNegotiationTests(TestCase, _LoopbackMixin):

1629

"""

1630

Test for Next Protocol Negotiation in PyOpenSSL.

1631

"""

1632

def test_npn_success(self):

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1633

"""

1634

Tests that clients and servers that agree on the negotiated next

1635

protocol can correct establish a connection, and that the agreed

1636

protocol is reported by the connections.

1637

"""

1638

advertise_args = []

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1639

select_args = []

1640

def advertise(conn):

1641

advertise_args.append((conn,))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1642

return [b'http/1.1', b'spdy/2']

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1643

def select(conn, options):

1644

select_args.append((conn, options))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1645

return b'spdy/2'

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1646

1647

server_context = Context(TLSv1_METHOD)

1648

server_context.set_npn_advertise_callback(advertise)

1649

1650

client_context = Context(TLSv1_METHOD)

1651

client_context.set_npn_select_callback(select)

1652

1653

# Necessary to actually accept the connection

1654

server_context.use_privatekey(

1655

load_privatekey(FILETYPE_PEM, server_key_pem))

1656

server_context.use_certificate(

1657

load_certificate(FILETYPE_PEM, server_cert_pem))

1658

1659

# Do a little connection to trigger the logic

1660

server = Connection(server_context, None)

1661

server.set_accept_state()

1662

1663

client = Connection(client_context, None)

1664

client.set_connect_state()

1665

1666

self._interactInMemory(server, client)

1667

1668

self.assertEqual([(server,)], advertise_args)

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1669

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1670

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1671

self.assertEqual(server.get_next_proto_negotiated(), b'spdy/2')

1672

self.assertEqual(client.get_next_proto_negotiated(), b'spdy/2')

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1673

1674

1675

def test_npn_client_fail(self):

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1676

"""

1677

Tests that when clients and servers cannot agree on what protocol to

1678

use next that the TLS connection does not get established.

1679

"""

1680

advertise_args = []

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1681

select_args = []

1682

def advertise(conn):

1683

advertise_args.append((conn,))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1684

return [b'http/1.1', b'spdy/2']

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1685

def select(conn, options):

1686

select_args.append((conn, options))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1687

return b''

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1688

1689

server_context = Context(TLSv1_METHOD)

1690

server_context.set_npn_advertise_callback(advertise)

1691

1692

client_context = Context(TLSv1_METHOD)

1693

client_context.set_npn_select_callback(select)

1694

1695

# Necessary to actually accept the connection

1696

server_context.use_privatekey(

1697

load_privatekey(FILETYPE_PEM, server_key_pem))

1698

server_context.use_certificate(

1699

load_certificate(FILETYPE_PEM, server_cert_pem))

1700

1701

# Do a little connection to trigger the logic

1702

server = Connection(server_context, None)

1703

server.set_accept_state()

1704

1705

client = Connection(client_context, None)

1706

client.set_connect_state()

1707

1708

# If the client doesn't return anything, the connection will fail.

1709

self.assertRaises(Error, self._interactInMemory, server, client)

1710

1711

self.assertEqual([(server,)], advertise_args)

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1712

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1713

1714

Cory Benfield

0ea76e7

2015-03-22 09:05:28 +0000

[diff] [blame]

1715

def test_npn_select_error(self):

1716

"""

1717

Test that we can handle exceptions in the select callback. If select

1718

fails it should be fatal to the connection.

"""

advertise_args = []

def advertise(conn):

advertise_args.append((conn,))

1723

return [b'http/1.1', b'spdy/2']

1724

def select(conn, options):

1725

raise TypeError

1726

1727

server_context = Context(TLSv1_METHOD)

1728

server_context.set_npn_advertise_callback(advertise)

1729

1730

client_context = Context(TLSv1_METHOD)

1731

client_context.set_npn_select_callback(select)

1732

1733

# Necessary to actually accept the connection

1734

server_context.use_privatekey(

1735

load_privatekey(FILETYPE_PEM, server_key_pem))

1736

server_context.use_certificate(

1737

load_certificate(FILETYPE_PEM, server_cert_pem))

1738

1739

# Do a little connection to trigger the logic

1740

server = Connection(server_context, None)

1741

server.set_accept_state()

1742

1743

client = Connection(client_context, None)

1744

client.set_connect_state()

1745

1746

# If the callback throws an exception it should be raised here.

1747

self.assertRaises(TypeError, self._interactInMemory, server, client)

1748

self.assertEqual([(server,)], advertise_args)

1749

1750

1751

def test_npn_advertise_error(self):

1752

"""

1753

Test that we can handle exceptions in the advertise callback. If

1754

advertise fails no NPN is advertised to the client.

"""

select_args = []

def advertise(conn):

raise TypeError

def select(conn, options):

1760

select_args.append((conn, options))

1761

return b''

1762

1763

server_context = Context(TLSv1_METHOD)

1764

server_context.set_npn_advertise_callback(advertise)

1765

1766

client_context = Context(TLSv1_METHOD)

1767

client_context.set_npn_select_callback(select)

1768

1769

# Necessary to actually accept the connection

1770

server_context.use_privatekey(

1771

load_privatekey(FILETYPE_PEM, server_key_pem))

1772

server_context.use_certificate(

1773

load_certificate(FILETYPE_PEM, server_cert_pem))

1774

1775

# Do a little connection to trigger the logic

1776

server = Connection(server_context, None)

1777

server.set_accept_state()

1778

1779

client = Connection(client_context, None)

1780

client.set_connect_state()

1781

1782

# If the client doesn't return anything, the connection will fail.

1783

self.assertRaises(TypeError, self._interactInMemory, server, client)

1784

self.assertEqual([], select_args)

1785

1786

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1787

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

1788

class SessionTests(TestCase):

1789

"""

1790

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1791

"""

1792

def test_construction(self):

1793

"""

1794

:py:class:`Session` can be constructed with no arguments, creating a new

1795

instance of that type.

1796

"""

1797

new_session = Session()

1798

self.assertTrue(isinstance(new_session, Session))

1799

1800

1801

def test_construction_wrong_args(self):

1802

"""

1803

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

1804

is raised.

1805

"""

1806

self.assertRaises(TypeError, Session, 123)

1807

self.assertRaises(TypeError, Session, "hello")

1808

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1812

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1813

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1814

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1815

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1816

# XXX get_peer_certificate -> None

1817

# XXX sock_shutdown

1818

# XXX master_key -> TypeError

1819

# XXX server_random -> TypeError

1820

# XXX state_string

1821

# XXX connect -> TypeError

1822

# XXX connect_ex -> TypeError

1823

# XXX set_connect_state -> TypeError

1824

# XXX set_accept_state -> TypeError

1825

# XXX renegotiate_pending

1826

# XXX do_handshake -> TypeError

1827

# XXX bio_read -> TypeError

1828

# XXX recv -> TypeError

1829

# XXX send -> TypeError

1830

# XXX bio_write -> TypeError

1831

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1832

def test_type(self):

1833

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1834

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1835

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1836

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1837

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1838

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1839

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1840

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1841

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1842

def test_get_context(self):

1843

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1844

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

1845

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1846

"""

1847

context = Context(TLSv1_METHOD)

1848

connection = Connection(context, None)

1849

self.assertIdentical(connection.get_context(), context)

1850

1851

1852

def test_get_context_wrong_args(self):

1853

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1854

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1855

arguments.

1856

"""

1857

connection = Connection(Context(TLSv1_METHOD), None)

1858

self.assertRaises(TypeError, connection.get_context, None)

1859

1860

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1861

def test_set_context_wrong_args(self):

1862

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1863

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

1864

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1865

than 1.

1866

"""

1867

ctx = Context(TLSv1_METHOD)

1868

connection = Connection(ctx, None)

1869

self.assertRaises(TypeError, connection.set_context)

1870

self.assertRaises(TypeError, connection.set_context, object())

1871

self.assertRaises(TypeError, connection.set_context, "hello")

1872

self.assertRaises(TypeError, connection.set_context, 1)

1873

self.assertRaises(TypeError, connection.set_context, 1, 2)

1874

self.assertRaises(

1875

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

1876

self.assertIdentical(ctx, connection.get_context())

1877

1878

1879

def test_set_context(self):

1880

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1881

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1882

for the connection.

1883

"""

1884

original = Context(SSLv23_METHOD)

1885

replacement = Context(TLSv1_METHOD)

1886

connection = Connection(original, None)

1887

connection.set_context(replacement)

1888

self.assertIdentical(replacement, connection.get_context())

1889

# Lose our references to the contexts, just in case the Connection isn't

1890

# properly managing its own contributions to their reference counts.

1891

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

1896

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1897

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1898

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1899

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1900

"""

1901

conn = Connection(Context(TLSv1_METHOD), None)

1902

self.assertRaises(TypeError, conn.set_tlsext_host_name)

1903

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

1904

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

1905

self.assertRaises(

1906

TypeError, conn.set_tlsext_host_name, b("with\0null"))

1907

Abraham Martin

c5484ba

2015-03-25 15:33:05 +0000

[diff] [blame]

1908

if PY3:

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1909

# On Python 3.x, don't accidentally implicitly convert from text.

1910

self.assertRaises(

1911

TypeError,

1912

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1913

1914

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1915

def test_get_servername_wrong_args(self):

1916

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1917

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1918

arguments.

1919

"""

1920

connection = Connection(Context(TLSv1_METHOD), None)

1921

self.assertRaises(TypeError, connection.get_servername, object())

1922

self.assertRaises(TypeError, connection.get_servername, 1)

1923

self.assertRaises(TypeError, connection.get_servername, "hello")

1924

1925

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1926

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1927

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1928

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1929

immediate read.

1930

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1931

connection = Connection(Context(TLSv1_METHOD), None)

1932

self.assertEquals(connection.pending(), 0)

1933

1934

1935

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1936

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1937

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1938

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1939

connection = Connection(Context(TLSv1_METHOD), None)

1940

self.assertRaises(TypeError, connection.pending, None)

1941

1942

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1943

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1944

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1945

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1946

argument or with the wrong number of arguments.

1947

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1948

connection = Connection(Context(TLSv1_METHOD), socket())

1949

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1950

self.assertRaises(TypeError, connection.connect)

1951

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1952

1953

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1954

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1955

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1956

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1957

connect method raises it.

1958

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1959

client = socket()

1960

context = Context(TLSv1_METHOD)

1961

clientSSL = Connection(context, client)

1962

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

1963

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1964

1965

1966

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1967

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1968

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1969

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1975

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

1976

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1977

1978

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1979

if platform == "darwin":

1980

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

1981

else:

1982

def test_connect_ex(self):

1983

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1984

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1985

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1990

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1991

clientSSL = Connection(Context(TLSv1_METHOD), socket())

1992

clientSSL.setblocking(False)

1993

result = clientSSL.connect_ex(port.getsockname())

1994

expected = (EINPROGRESS, EWOULDBLOCK)

1995

self.assertTrue(

1996

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1997

1998

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1999

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2000

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2001

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2002

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2003

connection = Connection(Context(TLSv1_METHOD), socket())

2004

self.assertRaises(TypeError, connection.accept, None)

2005

2006

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2007

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2008

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2009

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

2010

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2011

connection originated from.

2012

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2013

ctx = Context(TLSv1_METHOD)

2014

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2015

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2016

port = socket()

2017

portSSL = Connection(ctx, port)

2018

portSSL.bind(('', 0))

2019

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2020

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2021

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2022

2023

# Calling portSSL.getsockname() here to get the server IP address sounds

2024

# great, but frequently fails on Windows.

2025

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2026

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2027

serverSSL, address = portSSL.accept()

2028

2029

self.assertTrue(isinstance(serverSSL, Connection))

2030

self.assertIdentical(serverSSL.get_context(), ctx)

2031

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2032

2033

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2034

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2035

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2036

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2037

number of arguments or with arguments other than integers.

2038

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2039

connection = Connection(Context(TLSv1_METHOD), None)

2040

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

2041

self.assertRaises(TypeError, connection.get_shutdown, None)

2042

self.assertRaises(TypeError, connection.set_shutdown)

2043

self.assertRaises(TypeError, connection.set_shutdown, None)

2044

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2045

2046

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2047

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2048

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2049

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2050

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2051

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2052

self.assertFalse(server.shutdown())

2053

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2054

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2055

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

2056

client.shutdown()

2057

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

2058

self.assertRaises(ZeroReturnError, server.recv, 1024)

2059

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2060

2061

Paul Aurich

c85e086

2015-01-08 08:34:33 -0800

[diff] [blame]

2062

def test_shutdown_closed(self):

2063

"""

2064

If the underlying socket is closed, :py:obj:`Connection.shutdown` propagates the

2065

write error from the low level write call.

2066

"""

2067

server, client = self._loopback()

2068

server.sock_shutdown(2)

2069

exc = self.assertRaises(SysCallError, server.shutdown)

2070

if platform == "win32":

2071

self.assertEqual(exc.args[0], ESHUTDOWN)

2072

else:

2073

self.assertEqual(exc.args[0], EPIPE)

2074

2075

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2076

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2077

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2078

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2079

process.

2080

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2081

connection = Connection(Context(TLSv1_METHOD), socket())

2082

connection.set_shutdown(RECEIVED_SHUTDOWN)

2083

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

2084

2085

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

2086

if not PY3:

2087

def test_set_shutdown_long(self):

2088

"""

2089

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

2090

of type :py:obj:`long` as well as :py:obj:`int`.

2091

"""

2092

connection = Connection(Context(TLSv1_METHOD), socket())

2093

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

2094

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

2095

2096

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2097

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2098

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2099

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

2100

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2101

with any arguments.

2102

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2103

conn = Connection(Context(TLSv1_METHOD), None)

2104

self.assertRaises(TypeError, conn.get_app_data, None)

2105

self.assertRaises(TypeError, conn.set_app_data)

2106

self.assertRaises(TypeError, conn.set_app_data, None, None)

2107

2108

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2109

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2110

"""

2111

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2112

:py:obj:`Connection.set_app_data` and later retrieved with

2113

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2114

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2115

conn = Connection(Context(TLSv1_METHOD), None)

2116

app_data = object()

2117

conn.set_app_data(app_data)

2118

self.assertIdentical(conn.get_app_data(), app_data)

2119

2120

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2121

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2122

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2123

:py:obj:`Connection.makefile` is not implemented and calling that method raises

2124

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2125

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2126

conn = Connection(Context(TLSv1_METHOD), None)

2127

self.assertRaises(NotImplementedError, conn.makefile)

2128

2129

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2130

def test_get_peer_cert_chain_wrong_args(self):

2131

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2132

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2133

arguments.

2134

"""

2135

conn = Connection(Context(TLSv1_METHOD), None)

2136

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

2137

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

2138

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

2139

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

2140

2141

2142

def test_get_peer_cert_chain(self):

2143

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2144

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2145

the connected server returned for the certification verification.

2146

"""

2147

chain = _create_certificate_chain()

2148

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2149

2150

serverContext = Context(TLSv1_METHOD)

2151

serverContext.use_privatekey(skey)

2152

serverContext.use_certificate(scert)

2153

serverContext.add_extra_chain_cert(icert)

2154

serverContext.add_extra_chain_cert(cacert)

2155

server = Connection(serverContext, None)

2156

server.set_accept_state()

2157

2158

# Create the client

2159

clientContext = Context(TLSv1_METHOD)

2160

clientContext.set_verify(VERIFY_NONE, verify_cb)

2161

client = Connection(clientContext, None)

2162

client.set_connect_state()

2163

2164

self._interactInMemory(client, server)

2165

2166

chain = client.get_peer_cert_chain()

2167

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2168

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2169

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2170

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2171

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2172

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2173

"Authority Certificate", chain[2].get_subject().CN)

2174

2175

2176

def test_get_peer_cert_chain_none(self):

2177

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2178

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2179

certificate chain.

2180

"""

2181

ctx = Context(TLSv1_METHOD)

2182

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2183

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2184

server = Connection(ctx, None)

2185

server.set_accept_state()

2186

client = Connection(Context(TLSv1_METHOD), None)

2187

client.set_connect_state()

2188

self._interactInMemory(client, server)

2189

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2190

2191

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2192

def test_get_session_wrong_args(self):

2193

"""

2194

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

2195

with any arguments.

2196

"""

2197

ctx = Context(TLSv1_METHOD)

2198

server = Connection(ctx, None)

2199

self.assertRaises(TypeError, server.get_session, 123)

2200

self.assertRaises(TypeError, server.get_session, "hello")

2201

self.assertRaises(TypeError, server.get_session, object())

2202

2203

2204

def test_get_session_unconnected(self):

2205

"""

2206

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

2207

an object which has not been connected.

2208

"""

2209

ctx = Context(TLSv1_METHOD)

2210

server = Connection(ctx, None)

2211

session = server.get_session()

2212

self.assertIdentical(None, session)

2213

2214

2215

def test_server_get_session(self):

2216

"""

2217

On the server side of a connection, :py:obj:`Connection.get_session`

2218

returns a :py:class:`Session` instance representing the SSL session for

2219

that connection.

2220

"""

2221

server, client = self._loopback()

2222

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

2223

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2224

2225

2226

def test_client_get_session(self):

2227

"""

2228

On the client side of a connection, :py:obj:`Connection.get_session`

2229

returns a :py:class:`Session` instance representing the SSL session for

2230

that connection.

2231

"""

2232

server, client = self._loopback()

2233

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

2234

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2235

2236

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2237

def test_set_session_wrong_args(self):

2238

"""

2239

If called with an object that is not an instance of :py:class:`Session`,

2240

or with other than one argument, :py:obj:`Connection.set_session` raises

2241

:py:obj:`TypeError`.

2242

"""

2243

ctx = Context(TLSv1_METHOD)

2244

connection = Connection(ctx, None)

2245

self.assertRaises(TypeError, connection.set_session)

2246

self.assertRaises(TypeError, connection.set_session, 123)

2247

self.assertRaises(TypeError, connection.set_session, "hello")

2248

self.assertRaises(TypeError, connection.set_session, object())

2249

self.assertRaises(

2250

TypeError, connection.set_session, Session(), Session())

2251

2252

2253

def test_client_set_session(self):

2254

"""

2255

:py:obj:`Connection.set_session`, when used prior to a connection being

2256

established, accepts a :py:class:`Session` instance and causes an

2257

attempt to re-use the session it represents when the SSL handshake is

2258

performed.

2259

"""

2260

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2261

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2262

ctx = Context(TLSv1_METHOD)

2263

ctx.use_privatekey(key)

2264

ctx.use_certificate(cert)

2265

ctx.set_session_id("unity-test")

2266

2267

def makeServer(socket):

2268

server = Connection(ctx, socket)

2269

server.set_accept_state()

2270

return server

2271

2272

originalServer, originalClient = self._loopback(

2273

serverFactory=makeServer)

2274

originalSession = originalClient.get_session()

2275

2276

def makeClient(socket):

2277

client = self._loopbackClientFactory(socket)

2278

client.set_session(originalSession)

2279

return client

2280

resumedServer, resumedClient = self._loopback(

2281

serverFactory=makeServer,

2282

clientFactory=makeClient)

2283

2284

# This is a proxy: in general, we have no access to any unique

2285

# identifier for the session (new enough versions of OpenSSL expose a

2286

# hash which could be usable, but "new enough" is very, very new).

2287

# Instead, exploit the fact that the master key is re-used if the

2288

# session is re-used. As long as the master key for the two connections

2289

# is the same, the session was re-used!

2290

self.assertEqual(

2291

originalServer.master_key(), resumedServer.master_key())

2292

2293

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2294

def test_set_session_wrong_method(self):

2295

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

2296

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

2297

instance associated with a context using a different SSL method than the

2298

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

2299

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2300

"""

2301

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2302

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2303

ctx = Context(TLSv1_METHOD)

2304

ctx.use_privatekey(key)

2305

ctx.use_certificate(cert)

2306

ctx.set_session_id("unity-test")

2307

2308

def makeServer(socket):

2309

server = Connection(ctx, socket)

2310

server.set_accept_state()

2311

return server

2312

2313

originalServer, originalClient = self._loopback(

2314

serverFactory=makeServer)

2315

originalSession = originalClient.get_session()

2316

2317

def makeClient(socket):

2318

# Intentionally use a different, incompatible method here.

2319

client = Connection(Context(SSLv3_METHOD), socket)

2320

client.set_connect_state()

2321

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

2327

2328

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2329

def test_wantWriteError(self):

2330

"""

2331

:py:obj:`Connection` methods which generate output raise

2332

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

2333

fail indicating a should-write state.

2334

"""

2335

client_socket, server_socket = socket_pair()

2336

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2337

# anything. Only write a single byte at a time so we can be sure we

2338

# completely fill the buffer. Even though the socket API is allowed to

2339

# signal a short write via its return value it seems this doesn't

2340

# always happen on all platforms (FreeBSD and OS X particular) for the

2341

# very last bit of available buffer space.

2342

msg = b"x"

2343

for i in range(1024 * 1024 * 4):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2344

try:

2345

client_socket.send(msg)

2346

except error as e:

2347

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

2353

2354

ctx = Context(TLSv1_METHOD)

2355

conn = Connection(ctx, client_socket)

2356

# Client's speak first, so make it an SSL client

2357

conn.set_connect_state()

2358

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2362

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2363

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2364

:py:obj:`Connection.get_finished` returns :py:obj:`None` before TLS

2365

handshake is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2366

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2367

ctx = Context(TLSv1_METHOD)

2368

connection = Connection(ctx, None)

2369

self.assertEqual(connection.get_finished(), None)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2370

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2371

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2372

def test_get_peer_finished_before_connect(self):

2373

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2374

:py:obj:`Connection.get_peer_finished` returns :py:obj:`None` before

2375

TLS handshake is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2376

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2377

ctx = Context(TLSv1_METHOD)

2378

connection = Connection(ctx, None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2379

self.assertEqual(connection.get_peer_finished(), None)

2380

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2381

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2382

def test_get_finished(self):

2383

"""

2384

:py:obj:`Connection.get_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2385

message send from client, or server. Finished messages are send during

2386

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2387

"""

2388

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2389

server, client = self._loopback()

2390

2391

self.assertNotEqual(server.get_finished(), None)

2392

self.assertTrue(len(server.get_finished()) > 0)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2393

Jean-Paul Calderone

d979f23

2014-03-30 11:58:00 -0400

[diff] [blame]

2394

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2395

def test_get_peer_finished(self):

2396

"""

2397

:py:obj:`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2398

message received from client, or server. Finished messages are send

2399

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2400

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2401

server, client = self._loopback()

2402

2403

self.assertNotEqual(server.get_peer_finished(), None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2404

self.assertTrue(len(server.get_peer_finished()) > 0)

2405

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2406

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2407

def test_tls_finished_message_symmetry(self):

2408

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2409

The TLS Finished message send by server must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2410

received by client.

2411

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2412

The TLS Finished message send by client must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2413

received by server.

2414

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2415

server, client = self._loopback()

2416

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2417

self.assertEqual(server.get_finished(), client.get_peer_finished())

2418

self.assertEqual(client.get_finished(), server.get_peer_finished())

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2419

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2420

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2421

def test_get_cipher_name_before_connect(self):

2422

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2423

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None` if no

2424

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2425

"""

2426

ctx = Context(TLSv1_METHOD)

2427

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2428

self.assertIdentical(conn.get_cipher_name(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2429

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2430

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2431

def test_get_cipher_name(self):

2432

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2433

:py:obj:`Connection.get_cipher_name` returns a :py:class:`unicode`

2434

string giving the name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2435

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2436

server, client = self._loopback()

2437

server_cipher_name, client_cipher_name = \

2438

server.get_cipher_name(), client.get_cipher_name()

2439

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2440

self.assertIsInstance(server_cipher_name, text_type)

2441

self.assertIsInstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2442

2443

self.assertEqual(server_cipher_name, client_cipher_name)

2444

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2445

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2446

def test_get_cipher_version_before_connect(self):

2447

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2448

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None` if no

2449

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2450

"""

2451

ctx = Context(TLSv1_METHOD)

2452

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2453

self.assertIdentical(conn.get_cipher_version(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2454

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2455

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2456

def test_get_cipher_version(self):

2457

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2458

:py:obj:`Connection.get_cipher_version` returns a :py:class:`unicode`

2459

string giving the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2460

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2461

server, client = self._loopback()

2462

server_cipher_version, client_cipher_version = \

2463

server.get_cipher_version(), client.get_cipher_version()

2464

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2465

self.assertIsInstance(server_cipher_version, text_type)

2466

self.assertIsInstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2467

2468

self.assertEqual(server_cipher_version, client_cipher_version)

2469

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2470

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2471

def test_get_cipher_bits_before_connect(self):

2472

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2473

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None` if no

2474

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2475

"""

2476

ctx = Context(TLSv1_METHOD)

2477

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2478

self.assertIdentical(conn.get_cipher_bits(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2479

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2480

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2481

def test_get_cipher_bits(self):

2482

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2483

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits

2484

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2485

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2486

server, client = self._loopback()

2487

server_cipher_bits, client_cipher_bits = \

2488

server.get_cipher_bits(), client.get_cipher_bits()

2489

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2490

self.assertIsInstance(server_cipher_bits, int)

2491

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2492

2493

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2494

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2495

2496

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2497

class ConnectionGetCipherListTests(TestCase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2498

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2499

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2500

"""

Jean-Paul Calderone

54a2bc0

2010-09-09 17:52:38 -0400

[diff] [blame]

2501

def test_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2502

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2503

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2504

arguments.

2505

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2506

connection = Connection(Context(TLSv1_METHOD), None)

2507

self.assertRaises(TypeError, connection.get_cipher_list, None)

2508

2509

2510

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2511

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2512

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2513

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2514

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2515

connection = Connection(Context(TLSv1_METHOD), None)

2516

ciphers = connection.get_cipher_list()

2517

self.assertTrue(isinstance(ciphers, list))

2518

for cipher in ciphers:

2519

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2523

class ConnectionSendTests(TestCase, _LoopbackMixin):

2524

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2525

Tests for :py:obj:`Connection.send`

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2526

"""

2527

def test_wrong_args(self):

2528

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2529

When called with arguments other than string argument for its first

2530

parameter or more than two arguments, :py:obj:`Connection.send` raises

2531

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2532

"""

2533

connection = Connection(Context(TLSv1_METHOD), None)

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2534

self.assertRaises(TypeError, connection.send)

2535

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2536

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2537

2538

2539

def test_short_bytes(self):

2540

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2541

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2542

and returns the number of bytes sent.

2543

"""

2544

server, client = self._loopback()

2545

count = server.send(b('xy'))

2546

self.assertEquals(count, 2)

2547

self.assertEquals(client.recv(2), b('xy'))

2548

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2549

2550

def test_text(self):

2551

"""

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

2552

When passed a text, :py:obj:`Connection.send` transmits all of it and

2553

returns the number of bytes sent. It also raises a DeprecationWarning.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2554

"""

2555

server, client = self._loopback()

2556

with catch_warnings(record=True) as w:

2557

simplefilter("always")

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

2558

count = server.send(b"xy".decode("ascii"))

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

2559

self.assertEqual(

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

2560

"{0} for buf is no longer accepted, use bytes".format(

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

2561

WARNING_TYPE_EXPECTED

),

str(w[-1].message)

)

self.assertIs(w[-1].category, DeprecationWarning)

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2566

self.assertEquals(count, 2)

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

2567

self.assertEquals(client.recv(2), b"xy")

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2568

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2573

else:

2574

def test_short_memoryview(self):

2575

"""

2576

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2577

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2578

bytes sent.

2579

"""

2580

server, client = self._loopback()

2581

count = server.send(memoryview(b('xy')))

2582

self.assertEquals(count, 2)

2583

self.assertEquals(client.recv(2), b('xy'))

2584

2585

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffer without buffer"

2590

else:

2591

def test_short_buffer(self):

2592

"""

2593

When passed a buffer containing a small number of bytes,

2594

:py:obj:`Connection.send` transmits all of them and returns the number of

2595

bytes sent.

2596

"""

2597

server, client = self._loopback()

2598

count = server.send(buffer(b('xy')))

2599

self.assertEquals(count, 2)

2600

self.assertEquals(client.recv(2), b('xy'))

2601

2602

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2603

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2604

def _make_memoryview(size):

2605

"""

2606

Create a new ``memoryview`` wrapped around a ``bytearray`` of the given

2607

size.

2608

"""

2609

return memoryview(bytearray(size))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2613

class ConnectionRecvIntoTests(TestCase, _LoopbackMixin):

2614

"""

2615

Tests for :py:obj:`Connection.recv_into`

2616

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2617

def _no_length_test(self, factory):

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2618

"""

2619

Assert that when the given buffer is passed to

2620

``Connection.recv_into``, whatever bytes are available to be received

2621

that fit into that buffer are written into that buffer.

2622

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2623

output_buffer = factory(5)

2624

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2625

server, client = self._loopback()

2626

server.send(b('xy'))

2627

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2628

self.assertEqual(client.recv_into(output_buffer), 2)

2629

self.assertEqual(output_buffer, bytearray(b('xy\x00\x00\x00')))

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2630

2631

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2632

def test_bytearray_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2633

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2634

:py:obj:`Connection.recv_into` can be passed a ``bytearray`` instance

2635

and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2636

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2637

self._no_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2638

2639

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2640

def _respects_length_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2641

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2642

Assert that when the given buffer is passed to ``Connection.recv_into``

2643

along with a value for ``nbytes`` that is less than the size of that

2644

buffer, only ``nbytes`` bytes are written into the buffer.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2645

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2646

output_buffer = factory(10)

2647

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2648

server, client = self._loopback()

2649

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2650

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2651

self.assertEqual(client.recv_into(output_buffer, 5), 5)

2652

self.assertEqual(

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2653

output_buffer, bytearray(b('abcde\x00\x00\x00\x00\x00'))

)

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2657

def test_bytearray_respects_length(self):

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2658

"""

2659

When called with a ``bytearray`` instance,

2660

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter and

2661

doesn't copy in more than that number of bytes.

2662

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2663

self._respects_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2664

2665

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2666

def _doesnt_overfill_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2667

"""

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2668

Assert that if there are more bytes available to be read from the

2669

receive buffer than would fit into the buffer passed to

2670

:py:obj:`Connection.recv_into`, only as many as fit are written into

2671

it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2672

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2673

output_buffer = factory(5)

2674

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2675

server, client = self._loopback()

2676

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2677

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2678

self.assertEqual(client.recv_into(output_buffer), 5)

2679

self.assertEqual(output_buffer, bytearray(b('abcde')))

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2680

rest = client.recv(5)

2681

self.assertEqual(b('fghij'), rest)

2682

2683

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2684

def test_bytearray_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2685

"""

2686

When called with a ``bytearray`` instance,

2687

:py:obj:`Connection.recv_into` respects the size of the array and

2688

doesn't write more bytes into it than will fit.

2689

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2690

self._doesnt_overfill_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2691

2692

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2693

def _really_doesnt_overfill_test(self, factory):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2694

"""

2695

Assert that if the value given by ``nbytes`` is greater than the actual

2696

size of the output buffer passed to :py:obj:`Connection.recv_into`, the

2697

behavior is as if no value was given for ``nbytes`` at all.

2698

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2699

output_buffer = factory(5)

2700

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2701

server, client = self._loopback()

2702

server.send(b('abcdefghij'))

2703

2704

self.assertEqual(client.recv_into(output_buffer, 50), 5)

2705

self.assertEqual(output_buffer, bytearray(b('abcde')))

2706

rest = client.recv(5)

2707

self.assertEqual(b('fghij'), rest)

2708

2709

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2710

def test_bytearray_really_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2711

"""

2712

When called with a ``bytearray`` instance and an ``nbytes`` value that

2713

is too large, :py:obj:`Connection.recv_into` respects the size of the

2714

array and not the ``nbytes`` value and doesn't write more bytes into

2715

the buffer than will fit.

2716

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2717

self._doesnt_overfill_test(bytearray)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2718

2719

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

try:

memoryview

except NameError:

"cannot test recv_into memoryview without memoryview"

2724

else:

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2725

def test_memoryview_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2726

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2727

:py:obj:`Connection.recv_into` can be passed a ``memoryview``

2728

instance and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2729

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2730

self._no_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2731

2732

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2733

def test_memoryview_respects_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2734

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2735

When called with a ``memoryview`` instance,

2736

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter

2737

and doesn't copy more than that number of bytes in.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2738

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2739

self._respects_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2740

2741

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2742

def test_memoryview_doesnt_overfill(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2743

"""

Jean-Paul Calderone

8fd8255

2015-03-15 17:21:07 -0400

[diff] [blame]

2744

When called with a ``memoryview`` instance,

2745

:py:obj:`Connection.recv_into` respects the size of the array and

2746

doesn't write more bytes into it than will fit.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2747

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2748

self._doesnt_overfill_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2749

2750

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2751

def test_memoryview_really_doesnt_overfill(self):

2752

"""

2753

When called with a ``memoryview`` instance and an ``nbytes`` value

2754

that is too large, :py:obj:`Connection.recv_into` respects the size

2755

of the array and not the ``nbytes`` value and doesn't write more

2756

bytes into the buffer than will fit.

2757

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2758

self._doesnt_overfill_test(_make_memoryview)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2759

2760

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2761

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2762

class ConnectionSendallTests(TestCase, _LoopbackMixin):

2763

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2764

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2765

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2766

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2767

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2768

When called with arguments other than a string argument for its first

2769

parameter or with more than two arguments, :py:obj:`Connection.sendall`

2770

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2771

"""

2772

connection = Connection(Context(TLSv1_METHOD), None)

2773

self.assertRaises(TypeError, connection.sendall)

2774

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2775

self.assertRaises(

2776

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2777

2778

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2779

def test_short(self):

2780

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2781

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2782

it.

2783

"""

2784

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

2785

server.sendall(b('x'))

2786

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2787

2788

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2789

def test_text(self):

2790

"""

2791

:py:obj:`Connection.sendall` transmits all the content in the string passed to

2792

it raising a DepreactionWarning in case of this being a text.

2793

"""

2794

server, client = self._loopback()

2795

with catch_warnings(record=True) as w:

2796

simplefilter("always")

Jean-Paul Calderone

8dc37a1

2015-03-29 08:16:52 -0400

[diff] [blame]

2797

server.sendall(b"x".decode("ascii"))

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

2798

self.assertEqual(

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

2799

"{0} for buf is no longer accepted, use bytes".format(

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

2800

WARNING_TYPE_EXPECTED

),

str(w[-1].message)

)

self.assertIs(w[-1].category, DeprecationWarning)

2805

self.assertEquals(client.recv(1), b"x")

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2806

2807

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2812

else:

2813

def test_short_memoryview(self):

2814

"""

2815

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2816

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2817

"""

2818

server, client = self._loopback()

2819

server.sendall(memoryview(b('x')))

2820

self.assertEquals(client.recv(1), b('x'))

2821

2822

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffers without buffers"

2827

else:

2828

def test_short_buffers(self):

2829

"""

2830

When passed a buffer containing a small number of bytes,

2831

:py:obj:`Connection.sendall` transmits all of them.

2832

"""

2833

server, client = self._loopback()

2834

server.sendall(buffer(b('x')))

2835

self.assertEquals(client.recv(1), b('x'))

2836

2837

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2838

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2839

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2840

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2841

it even if this requires multiple calls of an underlying write function.

2842

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2843

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

2844

# Should be enough, underlying SSL_write should only do 16k at a time.

2845

# On Windows, after 32k of bytes the write will block (forever - because

2846

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

2847

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2848

server.sendall(message)

2849

accum = []

2850

received = 0

2851

while received < len(message):

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

2852

data = client.recv(1024)

2853

accum.append(data)

2854

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

2855

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2856

2857

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2858

def test_closed(self):

2859

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2860

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2861

write error from the low level write call.

2862

"""

2863

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

2864

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2865

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2866

if platform == "win32":

2867

self.assertEqual(exc.args[0], ESHUTDOWN)

2868

else:

2869

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2870

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2871

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2872

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2873

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

2874

"""

2875

Tests for SSL renegotiation APIs.

2876

"""

2877

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2878

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2879

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2880

arguments.

2881

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2882

connection = Connection(Context(TLSv1_METHOD), None)

2883

self.assertRaises(TypeError, connection.renegotiate, None)

2884

2885

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2886

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2887

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2888

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2889

any arguments.

2890

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2891

connection = Connection(Context(TLSv1_METHOD), None)

2892

self.assertRaises(TypeError, connection.total_renegotiations, None)

2893

2894

2895

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2896

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2897

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2898

renegotiations have happened.

2899

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2900

connection = Connection(Context(TLSv1_METHOD), None)

2901

self.assertEquals(connection.total_renegotiations(), 0)

2902

2903

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2904

# def test_renegotiate(self):

2905

# """

2906

# """

2907

# server, client = self._loopback()

2908

2909

# server.send("hello world")

2910

# self.assertEquals(client.recv(len("hello world")), "hello world")

2911

2912

# self.assertEquals(server.total_renegotiations(), 0)

2913

# self.assertTrue(server.renegotiate())

2914

2915

# server.setblocking(False)

2916

# client.setblocking(False)

2917

# while server.renegotiate_pending():

2918

# client.do_handshake()

2919

# server.do_handshake()

2920

2921

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2926

class ErrorTests(TestCase):

2927

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2928

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2929

"""

2930

def test_type(self):

2931

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2932

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2933

"""

2934

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2935

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2939

class ConstantsTests(TestCase):

2940

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2941

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2942

2943

These are values defined by OpenSSL intended only to be used as flags to

2944

OpenSSL APIs. The only assertions it seems can be made about them is

2945

their values.

2946

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2947

# unittest.TestCase has no skip mechanism

2948

if OP_NO_QUERY_MTU is not None:

2949

def test_op_no_query_mtu(self):

2950

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2951

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2952

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2953

"""

2954

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

2955

else:

2956

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2957

2958

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2959

if OP_COOKIE_EXCHANGE is not None:

2960

def test_op_cookie_exchange(self):

2961

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2962

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2963

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2964

"""

2965

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

2966

else:

2967

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2968

2969

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2970

if OP_NO_TICKET is not None:

2971

def test_op_no_ticket(self):

2972

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2973

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2974

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2975

"""

2976

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

2977

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2978

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

2979

2980

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2981

if OP_NO_COMPRESSION is not None:

2982

def test_op_no_compression(self):

2983

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2984

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

2985

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2986

"""

2987

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

2988

else:

2989

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

2990

2991

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2992

def test_sess_cache_off(self):

2993

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2994

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

2995

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2996

"""

2997

self.assertEqual(0x0, SESS_CACHE_OFF)

2998

2999

3000

def test_sess_cache_client(self):

3001

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3002

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

3003

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3004

"""

3005

self.assertEqual(0x1, SESS_CACHE_CLIENT)

3006

3007

3008

def test_sess_cache_server(self):

3009

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3010

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

3011

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3012

"""

3013

self.assertEqual(0x2, SESS_CACHE_SERVER)

3014

3015

3016

def test_sess_cache_both(self):

3017

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3018

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

3019

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3020

"""

3021

self.assertEqual(0x3, SESS_CACHE_BOTH)

3022

3023

3024

def test_sess_cache_no_auto_clear(self):

3025

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3026

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

3027

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

3028

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3029

"""

3030

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

3031

3032

3033

def test_sess_cache_no_internal_lookup(self):

3034

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3035

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

3036

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

3037

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3038

"""

3039

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

3040

3041

3042

def test_sess_cache_no_internal_store(self):

3043

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3044

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

3045

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

3046

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3047

"""

3048

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

3049

3050

3051

def test_sess_cache_no_internal(self):

3052

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3053

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

3054

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

3055

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3056

"""

3057

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

3058

3059

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

3060

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3061

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3062

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3063

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3064

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3065

def _server(self, sock):

3066

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3067

Create a new server-side SSL :py:obj:`Connection` object wrapped around

3068

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3069

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3070

# Create the server side Connection. This is mostly setup boilerplate

3071

# - use TLSv1, use a particular certificate, etc.

3072

server_ctx = Context(TLSv1_METHOD)

3073

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

3074

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

3075

server_store = server_ctx.get_cert_store()

3076

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

3077

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

3078

server_ctx.check_privatekey()

3079

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3080

# Here the Connection is actually created. If None is passed as the 2nd

3081

# parameter, it indicates a memory BIO should be created.

3082

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3083

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3087

def _client(self, sock):

3088

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3089

Create a new client-side SSL :py:obj:`Connection` object wrapped around

3090

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3091

"""

3092

# Now create the client side Connection. Similar boilerplate to the

3093

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3094

client_ctx = Context(TLSv1_METHOD)

3095

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

3096

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

3097

client_store = client_ctx.get_cert_store()

3098

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

3099

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

3100

client_ctx.check_privatekey()

3101

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3102

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3103

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3107

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3108

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3109

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3110

reading from the output of each and writing those bytes to the input of

3111

the other and in this way establish a connection and exchange

3112

application-level bytes with each other.

3113

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3114

server_conn = self._server(None)

3115

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3116

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3117

# There should be no key or nonces yet.

3118

self.assertIdentical(server_conn.master_key(), None)

3119

self.assertIdentical(server_conn.client_random(), None)

3120

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3121

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3122

# First, the handshake needs to happen. We'll deliver bytes back and

3123

# forth between the client and server until neither of them feels like

3124

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3125

self.assertIdentical(

3126

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3127

3128

# Now that the handshake is done, there should be a key and nonces.

3129

self.assertNotIdentical(server_conn.master_key(), None)

3130

self.assertNotIdentical(server_conn.client_random(), None)

3131

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

3132

self.assertEquals(server_conn.client_random(), client_conn.client_random())

3133

self.assertEquals(server_conn.server_random(), client_conn.server_random())

3134

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

3135

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3136

3137

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

3138

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3139

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3140

server_conn.write(important_message)

3141

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3142

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3143

(client_conn, important_message))

3144

3145

client_conn.write(important_message[::-1])

3146

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3147

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3148

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3149

3150

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3151

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3152

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3153

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3154

3155

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3156

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3157

this test fails, there must be a problem outside the memory BIO

3158

code, as no memory BIO is involved here). Even though this isn't a

3159

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3160

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

3161

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3162

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

3163

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3164

client_conn.send(important_message)

3165

msg = server_conn.recv(1024)

3166

self.assertEqual(msg, important_message)

3167

3168

# Again in the other direction, just for fun.

3169

important_message = important_message[::-1]

3170

server_conn.send(important_message)

3171

msg = client_conn.recv(1024)

3172

self.assertEqual(msg, important_message)

3173

3174

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

3175

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3176

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3177

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

3178

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3179

"""

3180

context = Context(SSLv3_METHOD)

3181

client = socket()

3182

clientSSL = Connection(context, client)

3183

self.assertRaises( TypeError, clientSSL.bio_read, 100)

3184

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

3185

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3186

3187

3188

def test_outgoingOverflow(self):

3189

"""

3190

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3191

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3192

returned and that many bytes from the beginning of the input can be

3193

read from the other end of the connection.

3194

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3195

server = self._server(None)

3196

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3197

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3198

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3199

3200

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

3201

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3202

# Sanity check. We're trying to test what happens when the entire

3203

# input can't be sent. If the entire input was sent, this test is

3204

# meaningless.

3205

self.assertTrue(sent < size)

3206

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3207

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3208

self.assertIdentical(receiver, server)

3209

3210

# We can rely on all of these bytes being received at once because

3211

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

3212

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3213

3214

3215

def test_shutdown(self):

3216

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3217

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

3218

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3219

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3220

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3221

server.bio_shutdown()

3222

e = self.assertRaises(Error, server.recv, 1024)

3223

# We don't want WantReadError or ZeroReturnError or anything - it's a

3224

# handshake failure.

3225

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3226

3227

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3228

def test_unexpectedEndOfFile(self):

3229

"""

3230

If the connection is lost before an orderly SSL shutdown occurs,

3231

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

3232

"Unexpected EOF".

3233

"""

3234

server_conn, client_conn = self._loopback()

3235

client_conn.sock_shutdown(SHUT_RDWR)

3236

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

3237

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

3238

3239

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3240

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3241

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3242

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3243

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

3244

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3245

before the client and server are connected to each other. This

3246

function should specify a list of CAs for the server to send to the

3247

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3248

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3249

times.

3250

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3251

server = self._server(None)

3252

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3253

self.assertEqual(client.get_client_ca_list(), [])

3254

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3255

ctx = server.get_context()

3256

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3257

self.assertEqual(client.get_client_ca_list(), [])

3258

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3259

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3260

self.assertEqual(client.get_client_ca_list(), expected)

3261

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3262

3263

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3264

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3265

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3266

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3267

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3268

"""

3269

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3270

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

3271

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

3272

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3273

3274

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3275

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3276

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3277

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3278

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3279

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3280

after the connection is set up.

3281

"""

3282

def no_ca(ctx):

3283

ctx.set_client_ca_list([])

3284

return []

3285

self._check_client_ca_list(no_ca)

3286

3287

3288

def test_set_one_ca_list(self):

3289

"""

3290

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3291

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3292

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3293

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3294

X509Name after the connection is set up.

3295

"""

3296

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3297

cadesc = cacert.get_subject()

3298

def single_ca(ctx):

3299

ctx.set_client_ca_list([cadesc])

3300

return [cadesc]

3301

self._check_client_ca_list(single_ca)

3302

3303

3304

def test_set_multiple_ca_list(self):

3305

"""

3306

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3307

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3308

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3309

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3310

X509Names after the connection is set up.

3311

"""

3312

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3313

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3314

3315

sedesc = secert.get_subject()

3316

cldesc = clcert.get_subject()

3317

3318

def multiple_ca(ctx):

3319

L = [sedesc, cldesc]

3320

ctx.set_client_ca_list(L)

3321

return L

3322

self._check_client_ca_list(multiple_ca)

3323

3324

3325

def test_reset_ca_list(self):

3326

"""

3327

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3328

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3329

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3330

"""

3331

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3332

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3333

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3334

3335

cadesc = cacert.get_subject()

3336

sedesc = secert.get_subject()

3337

cldesc = clcert.get_subject()

3338

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3339

def changed_ca(ctx):

3340

ctx.set_client_ca_list([sedesc, cldesc])

3341

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3342

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3343

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3344

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3345

3346

def test_mutated_ca_list(self):

3347

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3348

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3349

afterwards, this does not affect the list of CA names sent to the

3350

client.

3351

"""

3352

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3353

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3354

3355

cadesc = cacert.get_subject()

3356

sedesc = secert.get_subject()

3357

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3358

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3359

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3360

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3361

L.append(sedesc)

3362

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3363

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3364

3365

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3366

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3367

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3368

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3369

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3370

"""

3371

ctx = Context(TLSv1_METHOD)

3372

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3373

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3374

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3375

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3376

3377

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3378

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3379

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3380

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3381

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3382

"""

3383

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3384

cadesc = cacert.get_subject()

3385

def single_ca(ctx):

3386

ctx.add_client_ca(cacert)

3387

return [cadesc]

3388

self._check_client_ca_list(single_ca)

3389

3390

3391

def test_multiple_add_client_ca(self):

3392

"""

3393

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3394

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3395

"""

3396

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3397

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3398

3399

cadesc = cacert.get_subject()

3400

sedesc = secert.get_subject()

3401

3402

def multiple_ca(ctx):

3403

ctx.add_client_ca(cacert)

3404

ctx.add_client_ca(secert)

3405

return [cadesc, sedesc]

3406

self._check_client_ca_list(multiple_ca)

3407

3408

3409

def test_set_and_add_client_ca(self):

3410

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3411

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

3412

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3413

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3414

"""

3415

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3416

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3417

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3418

3419

cadesc = cacert.get_subject()

3420

sedesc = secert.get_subject()

3421

cldesc = clcert.get_subject()

3422

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3423

def mixed_set_add_ca(ctx):

3424

ctx.set_client_ca_list([cadesc, sedesc])

3425

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3426

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3427

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3428

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3429

3430

def test_set_after_add_client_ca(self):

3431

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3432

A call to :py:obj:`Context.set_client_ca_list` after a call to

3433

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3434

call with the names specified by the latter cal.

3435

"""

3436

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3437

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3438

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3439

3440

cadesc = cacert.get_subject()

3441

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3442

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3443

def set_replaces_add_ca(ctx):

3444

ctx.add_client_ca(clcert)

3445

ctx.set_client_ca_list([cadesc])

3446

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3447

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3448

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3449

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3450

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3451

3452

class ConnectionBIOTests(TestCase):

3453

"""

3454

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

3455

"""

3456

def test_wantReadError(self):

3457

"""

3458

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

3459

if there are no bytes available to be read from the BIO.

3460

"""

3461

ctx = Context(TLSv1_METHOD)

3462

conn = Connection(ctx, None)

3463

self.assertRaises(WantReadError, conn.bio_read, 1024)

3464

3465

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3466

def test_buffer_size(self):

3467

"""

3468

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

3469

number of bytes to read and return.

3470

"""

3471

ctx = Context(TLSv1_METHOD)

3472

conn = Connection(ctx, None)

3473

conn.set_connect_state()

3474

try:

3475

conn.do_handshake()

3476

except WantReadError:

3477

pass

3478

data = conn.bio_read(2)

3479

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

3484

"""

3485

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

3486

:py:obj:`long` as well as :py:obj:`int`.

3487

"""

3488

ctx = Context(TLSv1_METHOD)

3489

conn = Connection(ctx, None)

3490

conn.set_connect_state()

3491

try:

3492

conn.do_handshake()

3493

except WantReadError:

3494

pass

3495

data = conn.bio_read(long(2))

3496

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3500

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

3501

class InfoConstantTests(TestCase):

3502

"""

3503

Tests for assorted constants exposed for use in info callbacks.

3504

"""

3505

def test_integers(self):

3506

"""

3507

All of the info constants are integers.

3508

3509

This is a very weak test. It would be nice to have one that actually

3510

verifies that as certain info events happen, the value passed to the

3511

info callback matches up with the constant exposed by OpenSSL.SSL.

3512

"""

3513

for const in [

3514

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

3515

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

3516

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

3517

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

3518

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

3519

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

3520

3521

self.assertTrue(isinstance(const, int))

3522

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3523

Jean-Paul Calderone