Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

5

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

8

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

9

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

10

from sys import platform, version_info, getfilesystemencoding

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

11

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

12

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

13

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

14

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

15

from weakref import ref

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

16

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

17

from six import PY3, text_type, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

18

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

19

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

20

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

21

from OpenSSL.crypto import dump_privatekey, load_privatekey

22

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

23

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

24

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

25

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

26

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

27

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

28

from OpenSSL.SSL import (

29

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

30

TLSv1_1_METHOD, TLSv1_2_METHOD)

31

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

32

from OpenSSL.SSL import (

33

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

34

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

35

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

36

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

37

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

38

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

39

40

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

41

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

42

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

43

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

44

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

45

from OpenSSL._util import lib as _lib

46

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

47

from OpenSSL.test.util import NON_ASCII, TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

48

from OpenSSL.test.test_crypto import (

49

cleartextCertificatePEM, cleartextPrivateKeyPEM)

50

from OpenSSL.test.test_crypto import (

51

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

52

root_cert_pem)

53

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

54

try:

55

from OpenSSL.SSL import OP_NO_QUERY_MTU

56

except ImportError:

57

OP_NO_QUERY_MTU = None

58

try:

59

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

60

except ImportError:

61

OP_COOKIE_EXCHANGE = None

62

try:

63

from OpenSSL.SSL import OP_NO_TICKET

64

except ImportError:

65

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

66

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

67

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

68

from OpenSSL.SSL import OP_NO_COMPRESSION

69

except ImportError:

70

OP_NO_COMPRESSION = None

71

72

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

73

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

74

except ImportError:

75

MODE_RELEASE_BUFFERS = None

76

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

77

try:

78

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

79

except ImportError:

80

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

81

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

82

from OpenSSL.SSL import (

83

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

84

SSL_ST_OK, SSL_ST_RENEGOTIATE,

85

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

86

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

87

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

88

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

89

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

90

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

91

# to use)

92

dhparam = """\

93

-----BEGIN DH PARAMETERS-----

94

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

95

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2015-04-12 11:38:49 -0400

[diff] [blame]

99

def join_bytes_or_unicode(prefix, suffix):

100

"""

101

Join two path components of either ``bytes`` or ``unicode``.

102

103

The return type is the same as the type of ``prefix``.

104

"""

105

# If the types are the same, nothing special is necessary.

106

if type(prefix) == type(suffix):

107

return join(prefix, suffix)

108

109

# Otherwise, coerce suffix to the type of prefix.

110

if isinstance(prefix, text_type):

111

return join(prefix, suffix.decode(getfilesystemencoding()))

112

else:

113

return join(prefix, suffix.encode(getfilesystemencoding()))

114

115

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

116

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

117

return ok

118

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

119

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

120

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

121

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

122

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

123

"""

124

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

130

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

131

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

132

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

133

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

134

# Let's pass some unencrypted data to make sure our socket connection is

135

# fine. Just one byte, so we don't have to worry about buffers getting

136

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

137

server.send(b("x"))

138

assert client.recv(1024) == b("x")

139

client.send(b("y"))

140

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

141

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

142

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

143

server.setblocking(False)

144

client.setblocking(False)

145

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

146

return (server, client)

147

148

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

149

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

150

def handshake(client, server):

151

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

162

def _create_certificate_chain():

163

"""

164

Construct and return a chain of certificates.

165

166

1. A new self-signed certificate authority certificate (cacert)

167

2. A new intermediate certificate signed by cacert (icert)

168

3. A new server certificate signed by icert (scert)

169

"""

170

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

175

cacert = X509()

176

cacert.get_subject().commonName = "Authority Certificate"

177

cacert.set_issuer(cacert.get_subject())

178

cacert.set_pubkey(cakey)

179

cacert.set_notBefore(b("20000101000000Z"))

180

cacert.set_notAfter(b("20200101000000Z"))

181

cacert.add_extensions([caext])

182

cacert.set_serial_number(0)

183

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

188

icert = X509()

189

icert.get_subject().commonName = "Intermediate Certificate"

190

icert.set_issuer(cacert.get_subject())

191

icert.set_pubkey(ikey)

192

icert.set_notBefore(b("20000101000000Z"))

193

icert.set_notAfter(b("20200101000000Z"))

194

icert.add_extensions([caext])

195

icert.set_serial_number(0)

196

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

201

scert = X509()

202

scert.get_subject().commonName = "Server Certificate"

203

scert.set_issuer(icert.get_subject())

204

scert.set_pubkey(skey)

205

scert.set_notBefore(b("20000101000000Z"))

206

scert.set_notAfter(b("20200101000000Z"))

207

scert.add_extensions([

208

X509Extension(b('basicConstraints'), True, b('CA:false'))])

209

scert.set_serial_number(0)

210

scert.sign(ikey, "sha1")

211

212

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

216

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

217

"""

218

Helper mixin which defines methods for creating a connected socket pair and

219

for forcing two connected SSL sockets to talk to each other via memory BIOs.

220

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

221

def _loopbackClientFactory(self, socket):

222

client = Connection(Context(TLSv1_METHOD), socket)

223

client.set_connect_state()

224

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

225

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

226

227

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

228

ctx = Context(TLSv1_METHOD)

229

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

230

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

231

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

232

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

237

if serverFactory is None:

238

serverFactory = self._loopbackServerFactory

239

if clientFactory is None:

240

clientFactory = self._loopbackClientFactory

241

242

(server, client) = socket_pair()

243

server = serverFactory(server)

244

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

245

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

246

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

247

248

server.setblocking(True)

249

client.setblocking(True)

250

return server, client

251

252

253

def _interactInMemory(self, client_conn, server_conn):

254

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

255

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

256

objects. Copy bytes back and forth between their send/receive buffers

257

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

258

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

259

some application bytes, return a two-tuple of the connection from which

260

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

265

wrote = False

266

267

# Copy stuff from each side's send buffer to the other side's

268

# receive buffer.

269

for (read, write) in [(client_conn, server_conn),

270

(server_conn, client_conn)]:

271

272

# Give the side a chance to generate some more bytes, or

273

# succeed.

274

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

275

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

276

except WantReadError:

277

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

282

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

283

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

284

285

while True:

286

# Keep copying as long as there's more stuff there.

287

try:

288

dirty = read.bio_read(4096)

289

except WantReadError:

290

# Okay, nothing more waiting to be sent. Stop

291

# processing this send buffer.

292

break

293

else:

294

# Keep track of the fact that someone generated some

295

# output.

296

wrote = True

297

write.bio_write(dirty)

298

299

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

300

def _handshakeInMemory(self, client_conn, server_conn):

Jean-Paul Calderone

b2b4078

2014-05-06 08:47:40 -0400

[diff] [blame]

301

"""

302

Perform the TLS handshake between two :py:class:`Connection` instances

303

connected to each other via memory BIOs.

304

"""

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

305

client_conn.set_connect_state()

306

server_conn.set_accept_state()

307

308

for conn in [client_conn, server_conn]:

309

try:

310

conn.do_handshake()

311

except WantReadError:

312

pass

313

314

self._interactInMemory(client_conn, server_conn)

315

316

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

317

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

318

class VersionTests(TestCase):

319

"""

320

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

321

:py:obj:`OpenSSL.SSL.SSLeay_version` and

322

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

323

"""

324

def test_OPENSSL_VERSION_NUMBER(self):

325

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

326

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

327

byte and the patch, fix, minor, and major versions in the

328

nibbles above that.

329

"""

330

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

331

332

333

def test_SSLeay_version(self):

334

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

335

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

336

one of a number of version strings based on that indicator.

337

"""

338

versions = {}

339

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

340

SSLEAY_PLATFORM, SSLEAY_DIR]:

341

version = SSLeay_version(t)

342

versions[version] = t

343

self.assertTrue(isinstance(version, bytes))

344

self.assertEqual(len(versions), 5)

345

346

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

347

348

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

349

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

350

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

351

"""

352

def test_method(self):

353

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

354

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

355

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

356

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

357

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

358

methods = [

359

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

360

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

361

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

362

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

363

364

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

369

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

370

# don't. Difficult to say in advance.

371

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

372

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

373

self.assertRaises(TypeError, Context, "")

374

self.assertRaises(ValueError, Context, 10)

375

376

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

377

if not PY3:

378

def test_method_long(self):

379

"""

380

On Python 2 :py:class:`Context` accepts values of type

381

:py:obj:`long` as well as :py:obj:`int`.

382

"""

383

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

387

def test_type(self):

388

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

389

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

390

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

391

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

392

self.assertIdentical(Context, ContextType)

393

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

394

395

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

396

def test_use_privatekey(self):

397

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

398

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

399

"""

400

key = PKey()

401

key.generate_key(TYPE_RSA, 128)

402

ctx = Context(TLSv1_METHOD)

403

ctx.use_privatekey(key)

404

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

405

406

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

407

def test_use_privatekey_file_missing(self):

408

"""

409

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

410

when passed the name of a file which does not exist.

411

"""

412

ctx = Context(TLSv1_METHOD)

413

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

414

415

Jean-Paul Calderone

69a4e5b

2015-04-12 10:04:28 -0400

[diff] [blame]

416

def _use_privatekey_file_test(self, pemfile, filetype):

417

"""

418

Verify that calling ``Context.use_privatekey_file`` with the given

419

arguments does not raise an exception.

420

"""

421

key = PKey()

422

key.generate_key(TYPE_RSA, 128)

423

424

with open(pemfile, "wt") as pem:

425

pem.write(

426

dump_privatekey(FILETYPE_PEM, key).decode("ascii")

427

)

428

429

ctx = Context(TLSv1_METHOD)

430

ctx.use_privatekey_file(pemfile, filetype)

431

432

433

def test_use_privatekey_file_bytes(self):

434

"""

435

A private key can be specified from a file by passing a ``bytes``

436

instance giving the file name to ``Context.use_privatekey_file``.

437

"""

438

self._use_privatekey_file_test(

439

self.mktemp() + NON_ASCII.encode(getfilesystemencoding()),

FILETYPE_PEM,

)

def test_use_privatekey_file_unicode(self):

445

"""

446

A private key can be specified from a file by passing a ``unicode``

447

instance giving the file name to ``Context.use_privatekey_file``.

448

"""

449

self._use_privatekey_file_test(

450

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII,

FILETYPE_PEM,

)

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

455

if not PY3:

456

def test_use_privatekey_file_long(self):

457

"""

458

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

459

filetype of type :py:obj:`long` as well as :py:obj:`int`.

460

"""

Jean-Paul Calderone

69a4e5b

2015-04-12 10:04:28 -0400

[diff] [blame]

461

self._use_privatekey_file_test(self.mktemp(), long(FILETYPE_PEM))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

462

463

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

464

def test_use_certificate_wrong_args(self):

465

"""

466

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

467

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

468

argument.

469

"""

470

ctx = Context(TLSv1_METHOD)

471

self.assertRaises(TypeError, ctx.use_certificate)

472

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

473

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

474

475

476

def test_use_certificate_uninitialized(self):

477

"""

478

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

479

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

480

initialized (ie, which does not actually have any certificate data).

481

"""

482

ctx = Context(TLSv1_METHOD)

483

self.assertRaises(Error, ctx.use_certificate, X509())

484

485

486

def test_use_certificate(self):

487

"""

488

:py:obj:`Context.use_certificate` sets the certificate which will be

489

used to identify connections created using the context.

490

"""

491

# TODO

492

# Hard to assert anything. But we could set a privatekey then ask

493

# OpenSSL if the cert and key agree using check_privatekey. Then as

494

# long as check_privatekey works right we're good...

495

ctx = Context(TLSv1_METHOD)

496

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

497

498

499

def test_use_certificate_file_wrong_args(self):

500

"""

501

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

502

called with zero arguments or more than two arguments, or if the first

503

argument is not a byte string or the second argumnent is not an integer.

504

"""

505

ctx = Context(TLSv1_METHOD)

506

self.assertRaises(TypeError, ctx.use_certificate_file)

507

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

508

self.assertRaises(

509

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

510

self.assertRaises(

511

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

512

self.assertRaises(

513

TypeError, ctx.use_certificate_file, b"somefile", object())

514

515

516

def test_use_certificate_file_missing(self):

517

"""

518

:py:obj:`Context.use_certificate_file` raises

519

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

520

exist.

521

"""

522

ctx = Context(TLSv1_METHOD)

523

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

524

525

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

526

def _use_certificate_file_test(self, certificate_file):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

527

"""

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

528

Verify that calling ``Context.use_certificate_file`` with the given

529

filename doesn't raise an exception.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

530

"""

531

# TODO

532

# Hard to assert anything. But we could set a privatekey then ask

533

# OpenSSL if the cert and key agree using check_privatekey. Then as

534

# long as check_privatekey works right we're good...

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

535

with open(certificate_file, "wb") as pem_file:

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

536

pem_file.write(cleartextCertificatePEM)

537

538

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

539

ctx.use_certificate_file(certificate_file)

540

541

542

def test_use_certificate_file_bytes(self):

543

"""

544

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

545

``bytes`` filename) which will be used to identify connections created

546

using the context.

547

"""

548

filename = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

549

self._use_certificate_file_test(filename)

550

551

552

def test_use_certificate_file_unicode(self):

553

"""

554

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

555

``bytes`` filename) which will be used to identify connections created

556

using the context.

557

"""

558

filename = self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

559

self._use_certificate_file_test(filename)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

560

561

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

562

if not PY3:

563

def test_use_certificate_file_long(self):

564

"""

565

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

566

filetype of type :py:obj:`long` as well as :py:obj:`int`.

567

"""

568

pem_filename = self.mktemp()

569

with open(pem_filename, "wb") as pem_file:

570

pem_file.write(cleartextCertificatePEM)

571

572

ctx = Context(TLSv1_METHOD)

573

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

574

575

Jean-Paul Calderone

932f5cc

2014-12-11 13:58:00 -0500

[diff] [blame]

576

def test_check_privatekey_valid(self):

577

"""

578

:py:obj:`Context.check_privatekey` returns :py:obj:`None` if the

579

:py:obj:`Context` instance has been configured to use a matched key and

580

certificate pair.

581

"""

582

key = load_privatekey(FILETYPE_PEM, client_key_pem)

583

cert = load_certificate(FILETYPE_PEM, client_cert_pem)

584

context = Context(TLSv1_METHOD)

585

context.use_privatekey(key)

586

context.use_certificate(cert)

587

self.assertIs(None, context.check_privatekey())

588

589

590

def test_check_privatekey_invalid(self):

591

"""

592

:py:obj:`Context.check_privatekey` raises :py:obj:`Error` if the

593

:py:obj:`Context` instance has been configured to use a key and

594

certificate pair which don't relate to each other.

595

"""

596

key = load_privatekey(FILETYPE_PEM, client_key_pem)

597

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

598

context = Context(TLSv1_METHOD)

599

context.use_privatekey(key)

600

context.use_certificate(cert)

601

self.assertRaises(Error, context.check_privatekey)

602

603

604

def test_check_privatekey_wrong_args(self):

605

"""

606

:py:obj:`Context.check_privatekey` raises :py:obj:`TypeError` if called

607

with other than no arguments.

608

"""

609

context = Context(TLSv1_METHOD)

610

self.assertRaises(TypeError, context.check_privatekey, object())

611

612

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

613

def test_set_app_data_wrong_args(self):

614

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

615

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

616

one argument.

617

"""

618

context = Context(TLSv1_METHOD)

619

self.assertRaises(TypeError, context.set_app_data)

620

self.assertRaises(TypeError, context.set_app_data, None, None)

621

622

623

def test_get_app_data_wrong_args(self):

624

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

625

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

626

arguments.

627

"""

628

context = Context(TLSv1_METHOD)

629

self.assertRaises(TypeError, context.get_app_data, None)

630

631

632

def test_app_data(self):

633

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

634

:py:obj:`Context.set_app_data` stores an object for later retrieval using

635

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

636

"""

637

app_data = object()

638

context = Context(TLSv1_METHOD)

639

context.set_app_data(app_data)

640

self.assertIdentical(context.get_app_data(), app_data)

641

642

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

643

def test_set_options_wrong_args(self):

644

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

645

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

646

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

647

"""

648

context = Context(TLSv1_METHOD)

649

self.assertRaises(TypeError, context.set_options)

650

self.assertRaises(TypeError, context.set_options, None)

651

self.assertRaises(TypeError, context.set_options, 1, None)

652

653

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

654

def test_set_options(self):

655

"""

656

:py:obj:`Context.set_options` returns the new options value.

657

"""

658

context = Context(TLSv1_METHOD)

659

options = context.set_options(OP_NO_SSLv2)

660

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

665

"""

666

On Python 2 :py:obj:`Context.set_options` accepts values of type

667

:py:obj:`long` as well as :py:obj:`int`.

668

"""

669

context = Context(TLSv1_METHOD)

670

options = context.set_options(long(OP_NO_SSLv2))

671

self.assertTrue(OP_NO_SSLv2 & options)

672

673

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

674

def test_set_mode_wrong_args(self):

675

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

676

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

677

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

678

"""

679

context = Context(TLSv1_METHOD)

680

self.assertRaises(TypeError, context.set_mode)

681

self.assertRaises(TypeError, context.set_mode, None)

682

self.assertRaises(TypeError, context.set_mode, 1, None)

683

684

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

685

if MODE_RELEASE_BUFFERS is not None:

686

def test_set_mode(self):

687

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

688

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

689

set mode.

690

"""

691

context = Context(TLSv1_METHOD)

692

self.assertTrue(

693

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

694

695

if not PY3:

696

def test_set_mode_long(self):

697

"""

698

On Python 2 :py:obj:`Context.set_mode` accepts values of type

699

:py:obj:`long` as well as :py:obj:`int`.

700

"""

701

context = Context(TLSv1_METHOD)

702

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

703

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

704

else:

705

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

706

707

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

708

def test_set_timeout_wrong_args(self):

709

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

710

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

711

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

712

"""

713

context = Context(TLSv1_METHOD)

714

self.assertRaises(TypeError, context.set_timeout)

715

self.assertRaises(TypeError, context.set_timeout, None)

716

self.assertRaises(TypeError, context.set_timeout, 1, None)

717

718

719

def test_get_timeout_wrong_args(self):

720

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

721

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

722

"""

723

context = Context(TLSv1_METHOD)

724

self.assertRaises(TypeError, context.get_timeout, None)

725

726

727

def test_timeout(self):

728

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

729

:py:obj:`Context.set_timeout` sets the session timeout for all connections

730

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

731

value.

732

"""

733

context = Context(TLSv1_METHOD)

734

context.set_timeout(1234)

735

self.assertEquals(context.get_timeout(), 1234)

736

737

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

738

if not PY3:

739

def test_timeout_long(self):

740

"""

741

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

742

`long` as well as int.

743

"""

744

context = Context(TLSv1_METHOD)

745

context.set_timeout(long(1234))

746

self.assertEquals(context.get_timeout(), 1234)

747

748

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

749

def test_set_verify_depth_wrong_args(self):

750

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

751

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

752

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

753

"""

754

context = Context(TLSv1_METHOD)

755

self.assertRaises(TypeError, context.set_verify_depth)

756

self.assertRaises(TypeError, context.set_verify_depth, None)

757

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

758

759

760

def test_get_verify_depth_wrong_args(self):

761

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

762

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

763

"""

764

context = Context(TLSv1_METHOD)

765

self.assertRaises(TypeError, context.get_verify_depth, None)

766

767

768

def test_verify_depth(self):

769

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

770

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

771

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

772

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

773

"""

774

context = Context(TLSv1_METHOD)

775

context.set_verify_depth(11)

776

self.assertEquals(context.get_verify_depth(), 11)

777

778

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

779

if not PY3:

780

def test_verify_depth_long(self):

781

"""

782

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

783

type `long` as well as int.

784

"""

785

context = Context(TLSv1_METHOD)

786

context.set_verify_depth(long(11))

787

self.assertEquals(context.get_verify_depth(), 11)

788

789

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

790

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

791

"""

792

Write a new private key out to a new file, encrypted using the given

793

passphrase. Return the path to the new file.

794

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

795

key = PKey()

796

key.generate_key(TYPE_RSA, 128)

797

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

798

fObj = open(pemFile, 'w')

799

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

800

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

805

def test_set_passwd_cb_wrong_args(self):

806

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

807

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

808

wrong arguments or with a non-callable first argument.

809

"""

810

context = Context(TLSv1_METHOD)

811

self.assertRaises(TypeError, context.set_passwd_cb)

812

self.assertRaises(TypeError, context.set_passwd_cb, None)

813

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

814

815

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

816

def test_set_passwd_cb(self):

817

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

818

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

819

a private key is loaded from an encrypted PEM.

820

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

821

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

822

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

823

calledWith = []

824

def passphraseCallback(maxlen, verify, extra):

825

calledWith.append((maxlen, verify, extra))

826

return passphrase

827

context = Context(TLSv1_METHOD)

828

context.set_passwd_cb(passphraseCallback)

829

context.use_privatekey_file(pemFile)

830

self.assertTrue(len(calledWith), 1)

831

self.assertTrue(isinstance(calledWith[0][0], int))

832

self.assertTrue(isinstance(calledWith[0][1], int))

833

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

834

835

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

836

def test_passwd_callback_exception(self):

837

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

838

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

839

passphrase callback.

840

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

841

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

842

def passphraseCallback(maxlen, verify, extra):

843

raise RuntimeError("Sorry, I am a fail.")

844

845

context = Context(TLSv1_METHOD)

846

context.set_passwd_cb(passphraseCallback)

847

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

848

849

850

def test_passwd_callback_false(self):

851

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

852

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

853

passphrase callback returns a false value.

854

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

855

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

856

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

857

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

858

859

context = Context(TLSv1_METHOD)

860

context.set_passwd_cb(passphraseCallback)

861

self.assertRaises(Error, context.use_privatekey_file, pemFile)

862

863

864

def test_passwd_callback_non_string(self):

865

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

866

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

867

passphrase callback returns a true non-string value.

868

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

869

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

870

def passphraseCallback(maxlen, verify, extra):

871

return 10

872

873

context = Context(TLSv1_METHOD)

874

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

875

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

876

877

878

def test_passwd_callback_too_long(self):

879

"""

880

If the passphrase returned by the passphrase callback returns a string

881

longer than the indicated maximum length, it is truncated.

882

"""

883

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

884

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

885

pemFile = self._write_encrypted_pem(passphrase)

886

def passphraseCallback(maxlen, verify, extra):

887

assert maxlen == 1024

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

888

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

889

890

context = Context(TLSv1_METHOD)

891

context.set_passwd_cb(passphraseCallback)

892

# This shall succeed because the truncated result is the correct

893

# passphrase.

894

context.use_privatekey_file(pemFile)

895

896

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

897

def test_set_info_callback(self):

898

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

899

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

900

when certain information about an SSL connection is available.

901

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

902

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

903

904

clientSSL = Connection(Context(TLSv1_METHOD), client)

905

clientSSL.set_connect_state()

906

907

called = []

908

def info(conn, where, ret):

909

called.append((conn, where, ret))

910

context = Context(TLSv1_METHOD)

911

context.set_info_callback(info)

912

context.use_certificate(

913

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

914

context.use_privatekey(

915

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

916

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

917

serverSSL = Connection(context, server)

918

serverSSL.set_accept_state()

919

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

920

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

921

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

922

# The callback must always be called with a Connection instance as the

923

# first argument. It would probably be better to split this into

924

# separate tests for client and server side info callbacks so we could

925

# assert it is called with the right Connection instance. It would

926

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

927

notConnections = [

928

conn for (conn, where, ret) in called

929

if not isinstance(conn, Connection)]

930

self.assertEqual(

931

[], notConnections,

932

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

933

934

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

935

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

936

"""

937

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

938

its :py:obj:`load_verify_locations` method with the given arguments.

939

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

940

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

941

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

942

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

943

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

944

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

945

# Require that the server certificate verify properly or the

946

# connection will fail.

947

clientContext.set_verify(

948

VERIFY_PEER,

949

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

950

951

clientSSL = Connection(clientContext, client)

952

clientSSL.set_connect_state()

953

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

954

serverContext = Context(TLSv1_METHOD)

955

serverContext.use_certificate(

956

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

957

serverContext.use_privatekey(

958

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

959

960

serverSSL = Connection(serverContext, server)

961

serverSSL.set_accept_state()

962

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

963

# Without load_verify_locations above, the handshake

964

# will fail:

965

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

966

# 'certificate verify failed')]

967

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

968

969

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

970

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

971

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

972

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

973

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

974

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

975

Verify that if path to a file containing a certificate is passed to

976

``Context.load_verify_locations`` for the ``cafile`` parameter, that

977

certificate is used as a trust root for the purposes of verifying

978

connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

979

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

980

fObj = open(cafile, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

981

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

982

fObj.close()

983

984

self._load_verify_locations_test(cafile)

985

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

986

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

987

def test_load_verify_bytes_cafile(self):

988

"""

989

:py:obj:`Context.load_verify_locations` accepts a file name as a

990

``bytes`` instance and uses the certificates within for verification

991

purposes.

992

"""

993

cafile = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

994

self._load_verify_cafile(cafile)

995

996

997

def test_load_verify_unicode_cafile(self):

998

"""

999

:py:obj:`Context.load_verify_locations` accepts a file name as a

1000

``unicode`` instance and uses the certificates within for verification

1001

purposes.

1002

"""

Jean-Paul Calderone

4f70c80

2015-04-12 11:26:47 -0400

[diff] [blame]

1003

self._load_verify_cafile(

1004

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

1005

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1006

1007

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

1008

def test_load_verify_invalid_file(self):

1009

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1010

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

1011

non-existent cafile.

1012

"""

1013

clientContext = Context(TLSv1_METHOD)

1014

self.assertRaises(

1015

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1016

1017

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1018

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1019

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1020

Verify that if path to a directory containing certificate files is

1021

passed to ``Context.load_verify_locations`` for the ``capath``

1022

parameter, those certificates are used as trust roots for the purposes

1023

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1024

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1025

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

1026

# Hash values computed manually with c_rehash to avoid depending on

1027

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

1028

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1029

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1030

cafile = join_bytes_or_unicode(capath, name)

1031

with open(cafile, 'w') as fObj:

1032

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1033

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1034

self._load_verify_locations_test(None, capath)

1035

1036

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1037

def test_load_verify_directory_bytes_capath(self):

1038

"""

1039

:py:obj:`Context.load_verify_locations` accepts a directory name as a

1040

``bytes`` instance and uses the certificates within for verification

1041

purposes.

1042

"""

1043

self._load_verify_directory_locations_capath(

1044

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_load_verify_directory_unicode_capath(self):

1049

"""

1050

:py:obj:`Context.load_verify_locations` accepts a directory name as a

1051

``unicode`` instance and uses the certificates within for verification

1052

purposes.

1053

"""

Jean-Paul Calderone

4f70c80

2015-04-12 11:26:47 -0400

[diff] [blame]

1054

self._load_verify_directory_locations_capath(

1055

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

1056

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1057

1058

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1059

def test_load_verify_locations_wrong_args(self):

1060

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1061

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

1062

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1063

"""

1064

context = Context(TLSv1_METHOD)

1065

self.assertRaises(TypeError, context.load_verify_locations)

1066

self.assertRaises(TypeError, context.load_verify_locations, object())

1067

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

1068

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

1069

1070

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

1071

if platform == "win32":

1072

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1073

"See LP#404343 and LP#404344."

1074

else:

1075

def test_set_default_verify_paths(self):

1076

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1077

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1078

certificate locations to be used for verification purposes.

1079

"""

1080

# Testing this requires a server with a certificate signed by one of

1081

# the CAs in the platform CA location. Getting one of those costs

1082

# money. Fortunately (or unfortunately, depending on your

1083

# perspective), it's easy to think of a public server on the

1084

# internet which has such a certificate. Connecting to the network

1085

# in a unit test is bad, but it's the only way I can think of to

1086

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1087

Alex Gaynor

b586da3

2014-11-15 09:22:21 -0800

[diff] [blame]

1088

# Arg, verisign.com doesn't speak anything newer than TLS 1.0

1089

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1090

context.set_default_verify_paths()

1091

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

1092

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1093

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1094

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1095

client = socket()

1096

client.connect(('verisign.com', 443))

1097

clientSSL = Connection(context, client)

1098

clientSSL.set_connect_state()

1099

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1100

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1101

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1102

1103

1104

def test_set_default_verify_paths_signature(self):

1105

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1106

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

1107

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1108

"""

1109

context = Context(TLSv1_METHOD)

1110

self.assertRaises(TypeError, context.set_default_verify_paths, None)

1111

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

1112

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1113

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1114

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1115

def test_add_extra_chain_cert_invalid_cert(self):

1116

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1117

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1118

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1119

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1120

"""

1121

context = Context(TLSv1_METHOD)

1122

self.assertRaises(TypeError, context.add_extra_chain_cert)

1123

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

1124

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

1125

1126

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1127

def _handshake_test(self, serverContext, clientContext):

1128

"""

1129

Verify that a client and server created with the given contexts can

1130

successfully handshake and communicate.

1131

"""

1132

serverSocket, clientSocket = socket_pair()

1133

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1134

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1135

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1136

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1137

client = Connection(clientContext, clientSocket)

1138

client.set_connect_state()

1139

1140

# Make them talk to each other.

1141

# self._interactInMemory(client, server)

1142

for i in range(3):

1143

for s in [client, server]:

1144

try:

1145

s.do_handshake()

1146

except WantReadError:

pass

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1150

def test_set_verify_callback_connection_argument(self):

1151

"""

1152

The first argument passed to the verify callback is the

1153

:py:class:`Connection` instance for which verification is taking place.

1154

"""

1155

serverContext = Context(TLSv1_METHOD)

1156

serverContext.use_privatekey(

1157

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1158

serverContext.use_certificate(

1159

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1160

serverConnection = Connection(serverContext, None)

1161

1162

class VerifyCallback(object):

1163

def callback(self, connection, *args):

1164

self.connection = connection

1165

return 1

1166

1167

verify = VerifyCallback()

1168

clientContext = Context(TLSv1_METHOD)

1169

clientContext.set_verify(VERIFY_PEER, verify.callback)

1170

clientConnection = Connection(clientContext, None)

1171

clientConnection.set_connect_state()

1172

1173

self._handshakeInMemory(clientConnection, serverConnection)

1174

1175

self.assertIdentical(verify.connection, clientConnection)

1176

1177

Jean-Paul Calderone

7e166fe

2013-03-06 20:54:38 -0800

[diff] [blame]

1178

def test_set_verify_callback_exception(self):

1179

"""

1180

If the verify callback passed to :py:obj:`Context.set_verify` raises an

1181

exception, verification fails and the exception is propagated to the

1182

caller of :py:obj:`Connection.do_handshake`.

1183

"""

1184

serverContext = Context(TLSv1_METHOD)

1185

serverContext.use_privatekey(

1186

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1187

serverContext.use_certificate(

1188

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1189

1190

clientContext = Context(TLSv1_METHOD)

1191

def verify_callback(*args):

1192

raise Exception("silly verify failure")

1193

clientContext.set_verify(VERIFY_PEER, verify_callback)

1194

1195

exc = self.assertRaises(

1196

Exception, self._handshake_test, serverContext, clientContext)

1197

self.assertEqual("silly verify failure", str(exc))

1198

1199

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1200

def test_add_extra_chain_cert(self):

1201

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1202

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509` instance to add to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1203

the certificate chain.

1204

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1205

See :py:obj:`_create_certificate_chain` for the details of the certificate

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1206

chain tested.

1207

1208

The chain is tested by starting a server with scert and connecting

1209

to it with a client which trusts cacert and requires verification to

1210

succeed.

1211

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1212

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1213

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1214

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1215

# Dump the CA certificate to a file because that's the only way to load

1216

# it as a trusted CA in the client context.

1217

for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1218

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1219

fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1220

fObj.close()

1221

1222

for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1223

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1224

fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1225

fObj.close()

1226

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1227

# Create the server context

1228

serverContext = Context(TLSv1_METHOD)

1229

serverContext.use_privatekey(skey)

1230

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1231

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1232

serverContext.add_extra_chain_cert(icert)

1233

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1234

# Create the client

1235

clientContext = Context(TLSv1_METHOD)

1236

clientContext.set_verify(

1237

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1238

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1239

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1240

# Try it out.

1241

self._handshake_test(serverContext, clientContext)

1242

1243

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1244

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1245

"""

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1246

Verify that :py:obj:`Context.use_certificate_chain_file` reads a

1247

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1248

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1249

The chain is tested by starting a server with scert and connecting to

1250

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1251

succeed.

1252

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1253

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1254

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1255

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1256

makedirs(certdir)

1257

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1258

chainFile = join_bytes_or_unicode(certdir, "chain.pem")

1259

caFile = join_bytes_or_unicode(certdir, "ca.pem")

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1260

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1261

# Write out the chain file.

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1262

with open(chainFile, 'wb') as fObj:

1263

# Most specific to least general.

1264

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1265

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1266

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1267

1268

with open(caFile, 'w') as fObj:

1269

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1270

1271

serverContext = Context(TLSv1_METHOD)

1272

serverContext.use_certificate_chain_file(chainFile)

1273

serverContext.use_privatekey(skey)

1274

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1275

clientContext = Context(TLSv1_METHOD)

1276

clientContext.set_verify(

1277

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1278

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1279

1280

self._handshake_test(serverContext, clientContext)

1281

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1282

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1283

def test_use_certificate_chain_file_bytes(self):

1284

"""

1285

``Context.use_certificate_chain_file`` accepts the name of a file (as

1286

an instance of ``bytes``) to specify additional certificates to use to

1287

construct and verify a trust chain.

1288

"""

1289

self._use_certificate_chain_file_test(

1290

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_use_certificate_chain_file_unicode(self):

1295

"""

1296

``Context.use_certificate_chain_file`` accepts the name of a file (as

1297

an instance of ``unicode``) to specify additional certificates to use

1298

to construct and verify a trust chain.

1299

"""

1300

self._use_certificate_chain_file_test(

1301

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

)

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1305

def test_use_certificate_chain_file_wrong_args(self):

1306

"""

1307

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1308

if passed zero or more than one argument or when passed a non-byte

1309

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1310

passed a bad chain file name (for example, the name of a file which does

1311

not exist).

1312

"""

1313

context = Context(TLSv1_METHOD)

1314

self.assertRaises(TypeError, context.use_certificate_chain_file)

1315

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1316

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1317

1318

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1319

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1320

# XXX load_client_ca

1321

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1322

1323

def test_get_verify_mode_wrong_args(self):

1324

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1325

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1326

arguments.

1327

"""

1328

context = Context(TLSv1_METHOD)

1329

self.assertRaises(TypeError, context.get_verify_mode, None)

1330

1331

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1332

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1333

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1334

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1335

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1336

"""

1337

context = Context(TLSv1_METHOD)

1338

self.assertEquals(context.get_verify_mode(), 0)

1339

context.set_verify(

1340

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1341

self.assertEquals(

1342

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1343

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1344

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1345

if not PY3:

1346

def test_set_verify_mode_long(self):

1347

"""

1348

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1349

type :py:obj:`long` as well as :py:obj:`int`.

1350

"""

1351

context = Context(TLSv1_METHOD)

1352

self.assertEquals(context.get_verify_mode(), 0)

1353

context.set_verify(

1354

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1355

self.assertEquals(

1356

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1357

1358

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1359

def test_load_tmp_dh_wrong_args(self):

1360

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1361

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1362

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1363

"""

1364

context = Context(TLSv1_METHOD)

1365

self.assertRaises(TypeError, context.load_tmp_dh)

1366

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1367

self.assertRaises(TypeError, context.load_tmp_dh, object())

1368

1369

1370

def test_load_tmp_dh_missing_file(self):

1371

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1372

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1373

does not exist.

1374

"""

1375

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1376

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1377

1378

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1379

def _load_tmp_dh_test(self, dhfilename):

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

1380

"""

1381

Verify that calling ``Context.load_tmp_dh`` with the given filename

1382

does not raise an exception.

1383

"""

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1384

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1385

with open(dhfilename, "w") as dhfile:

1386

dhfile.write(dhparam)

1387

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1388

context.load_tmp_dh(dhfilename)

1389

# XXX What should I assert here? -exarkun

1390

1391

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1392

def test_load_tmp_dh_bytes(self):

1393

"""

1394

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

1395

specified file (given as ``bytes``).

1396

"""

1397

self._load_tmp_dh_test(

1398

self.mktemp() + NON_ASCII.encode(getfilesystemencoding()),

)

def test_load_tmp_dh_unicode(self):

1403

"""

1404

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

1405

specified file (given as ``unicode``).

1406

"""

1407

self._load_tmp_dh_test(

1408

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII,

)

Jean-Paul Calderone

2014-04-19 09:28:28 -0400

[diff] [blame]

1412

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1413

"""

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1414

:py:obj:`Context.set_tmp_ecdh` sets the elliptic curve for

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1415

Diffie-Hellman to the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1416

"""

1417

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1418

for curve in get_elliptic_curves():

1419

# The only easily "assertable" thing is that it does not raise an

1420

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1421

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1422

1423

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1424

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1425

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1426

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1427

ciphers which connections created with the context object will be able

1428

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1429

"""

1430

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1431

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1432

conn = Connection(context, None)

1433

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1434

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1435

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1436

def test_set_cipher_list_text(self):

1437

"""

1438

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1439

the ciphers which connections created with the context object will be

1440

able to choose from.

1441

"""

1442

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1443

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1444

conn = Connection(context, None)

1445

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1446

1447

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1448

def test_set_cipher_list_wrong_args(self):

1449

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1450

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1451

passed zero arguments or more than one argument or when passed a

1452

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1453

passed an incorrect cipher list string.

1454

"""

1455

context = Context(TLSv1_METHOD)

1456

self.assertRaises(TypeError, context.set_cipher_list)

1457

self.assertRaises(TypeError, context.set_cipher_list, object())

1458

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1459

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1460

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1461

1462

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1463

def test_set_session_cache_mode_wrong_args(self):

1464

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1465

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1466

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1467

"""

1468

context = Context(TLSv1_METHOD)

1469

self.assertRaises(TypeError, context.set_session_cache_mode)

1470

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1471

1472

1473

def test_get_session_cache_mode_wrong_args(self):

1474

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1475

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1476

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1477

"""

1478

context = Context(TLSv1_METHOD)

1479

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1480

1481

1482

def test_session_cache_mode(self):

1483

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1484

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1485

cached. The setting can be retrieved via

1486

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1487

"""

1488

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1489

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1490

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1491

self.assertEqual(SESS_CACHE_OFF, off)

1492

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1493

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1494

if not PY3:

1495

def test_session_cache_mode_long(self):

1496

"""

1497

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1498

of type :py:obj:`long` as well as :py:obj:`int`.

1499

"""

1500

context = Context(TLSv1_METHOD)

1501

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1502

self.assertEqual(

1503

SESS_CACHE_BOTH, context.get_session_cache_mode())

1504

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1505

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1506

def test_get_cert_store(self):

1507

"""

1508

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1509

"""

1510

context = Context(TLSv1_METHOD)

1511

store = context.get_cert_store()

1512

self.assertIsInstance(store, X509Store)

1513

1514

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1515

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1516

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1517

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1518

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1519

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1520

"""

1521

def test_wrong_args(self):

1522

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1523

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1524

with other than one argument.

1525

"""

1526

context = Context(TLSv1_METHOD)

1527

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1528

self.assertRaises(

1529

TypeError, context.set_tlsext_servername_callback, 1, 2)

1530

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1531

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1532

def test_old_callback_forgotten(self):

1533

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1534

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1535

callback, the one it replaces is dereferenced.

1536

"""

1537

def callback(connection):

1538

pass

1539

1540

def replacement(connection):

1541

pass

1542

1543

context = Context(TLSv1_METHOD)

1544

context.set_tlsext_servername_callback(callback)

1545

1546

tracker = ref(callback)

1547

del callback

1548

1549

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1550

1551

# One run of the garbage collector happens to work on CPython. PyPy

1552

# doesn't collect the underlying object until a second run for whatever

1553

# reason. That's fine, it still demonstrates our code has properly

1554

# dropped the reference.

1555

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1556

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1557

1558

callback = tracker()

1559

if callback is not None:

1560

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1561

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1562

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1563

1564

1565

def test_no_servername(self):

1566

"""

1567

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1568

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1569

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1570

"""

1571

args = []

1572

def servername(conn):

1573

args.append((conn, conn.get_servername()))

1574

context = Context(TLSv1_METHOD)

1575

context.set_tlsext_servername_callback(servername)

1576

1577

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1583

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1584

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1585

1586

# Do a little connection to trigger the logic

1587

server = Connection(context, None)

1588

server.set_accept_state()

1589

1590

client = Connection(Context(TLSv1_METHOD), None)

1591

client.set_connect_state()

1592

1593

self._interactInMemory(server, client)

1594

1595

self.assertEqual([(server, None)], args)

1596

1597

1598

def test_servername(self):

1599

"""

1600

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1601

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1602

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1603

"""

1604

args = []

1605

def servername(conn):

1606

args.append((conn, conn.get_servername()))

1607

context = Context(TLSv1_METHOD)

1608

context.set_tlsext_servername_callback(servername)

1609

1610

# Necessary to actually accept the connection

1611

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1612

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1613

1614

# Do a little connection to trigger the logic

1615

server = Connection(context, None)

1616

server.set_accept_state()

1617

1618

client = Connection(Context(TLSv1_METHOD), None)

1619

client.set_connect_state()

1620

client.set_tlsext_host_name(b("foo1.example.com"))

1621

1622

self._interactInMemory(server, client)

1623

1624

self.assertEqual([(server, b("foo1.example.com"))], args)

1625

1626

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1627

class NextProtoNegotiationTests(TestCase, _LoopbackMixin):

1628

"""

1629

Test for Next Protocol Negotiation in PyOpenSSL.

1630

"""

1631

def test_npn_success(self):

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1632

"""

1633

Tests that clients and servers that agree on the negotiated next

1634

protocol can correct establish a connection, and that the agreed

1635

protocol is reported by the connections.

1636

"""

1637

advertise_args = []

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1638

select_args = []

1639

def advertise(conn):

1640

advertise_args.append((conn,))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1641

return [b'http/1.1', b'spdy/2']

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1642

def select(conn, options):

1643

select_args.append((conn, options))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1644

return b'spdy/2'

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1645

1646

server_context = Context(TLSv1_METHOD)

1647

server_context.set_npn_advertise_callback(advertise)

1648

1649

client_context = Context(TLSv1_METHOD)

1650

client_context.set_npn_select_callback(select)

1651

1652

# Necessary to actually accept the connection

1653

server_context.use_privatekey(

1654

load_privatekey(FILETYPE_PEM, server_key_pem))

1655

server_context.use_certificate(

1656

load_certificate(FILETYPE_PEM, server_cert_pem))

1657

1658

# Do a little connection to trigger the logic

1659

server = Connection(server_context, None)

1660

server.set_accept_state()

1661

1662

client = Connection(client_context, None)

1663

client.set_connect_state()

1664

1665

self._interactInMemory(server, client)

1666

1667

self.assertEqual([(server,)], advertise_args)

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1668

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1669

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1670

self.assertEqual(server.get_next_proto_negotiated(), b'spdy/2')

1671

self.assertEqual(client.get_next_proto_negotiated(), b'spdy/2')

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1672

1673

1674

def test_npn_client_fail(self):

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1675

"""

1676

Tests that when clients and servers cannot agree on what protocol to

1677

use next that the TLS connection does not get established.

1678

"""

1679

advertise_args = []

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1680

select_args = []

1681

def advertise(conn):

1682

advertise_args.append((conn,))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1683

return [b'http/1.1', b'spdy/2']

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1684

def select(conn, options):

1685

select_args.append((conn, options))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1686

return b''

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1687

1688

server_context = Context(TLSv1_METHOD)

1689

server_context.set_npn_advertise_callback(advertise)

1690

1691

client_context = Context(TLSv1_METHOD)

1692

client_context.set_npn_select_callback(select)

1693

1694

# Necessary to actually accept the connection

1695

server_context.use_privatekey(

1696

load_privatekey(FILETYPE_PEM, server_key_pem))

1697

server_context.use_certificate(

1698

load_certificate(FILETYPE_PEM, server_cert_pem))

1699

1700

# Do a little connection to trigger the logic

1701

server = Connection(server_context, None)

1702

server.set_accept_state()

1703

1704

client = Connection(client_context, None)

1705

client.set_connect_state()

1706

1707

# If the client doesn't return anything, the connection will fail.

1708

self.assertRaises(Error, self._interactInMemory, server, client)

1709

1710

self.assertEqual([(server,)], advertise_args)

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1711

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1712

1713

Cory Benfield

0ea76e7

2015-03-22 09:05:28 +0000

[diff] [blame]

1714

def test_npn_select_error(self):

1715

"""

1716

Test that we can handle exceptions in the select callback. If select

1717

fails it should be fatal to the connection.

"""

advertise_args = []

def advertise(conn):

advertise_args.append((conn,))

1722

return [b'http/1.1', b'spdy/2']

1723

def select(conn, options):

1724

raise TypeError

1725

1726

server_context = Context(TLSv1_METHOD)

1727

server_context.set_npn_advertise_callback(advertise)

1728

1729

client_context = Context(TLSv1_METHOD)

1730

client_context.set_npn_select_callback(select)

1731

1732

# Necessary to actually accept the connection

1733

server_context.use_privatekey(

1734

load_privatekey(FILETYPE_PEM, server_key_pem))

1735

server_context.use_certificate(

1736

load_certificate(FILETYPE_PEM, server_cert_pem))

1737

1738

# Do a little connection to trigger the logic

1739

server = Connection(server_context, None)

1740

server.set_accept_state()

1741

1742

client = Connection(client_context, None)

1743

client.set_connect_state()

1744

1745

# If the callback throws an exception it should be raised here.

1746

self.assertRaises(TypeError, self._interactInMemory, server, client)

1747

self.assertEqual([(server,)], advertise_args)

1748

1749

1750

def test_npn_advertise_error(self):

1751

"""

1752

Test that we can handle exceptions in the advertise callback. If

1753

advertise fails no NPN is advertised to the client.

"""

select_args = []

def advertise(conn):

raise TypeError

def select(conn, options):

1759

select_args.append((conn, options))

1760

return b''

1761

1762

server_context = Context(TLSv1_METHOD)

1763

server_context.set_npn_advertise_callback(advertise)

1764

1765

client_context = Context(TLSv1_METHOD)

1766

client_context.set_npn_select_callback(select)

1767

1768

# Necessary to actually accept the connection

1769

server_context.use_privatekey(

1770

load_privatekey(FILETYPE_PEM, server_key_pem))

1771

server_context.use_certificate(

1772

load_certificate(FILETYPE_PEM, server_cert_pem))

1773

1774

# Do a little connection to trigger the logic

1775

server = Connection(server_context, None)

1776

server.set_accept_state()

1777

1778

client = Connection(client_context, None)

1779

client.set_connect_state()

1780

1781

# If the client doesn't return anything, the connection will fail.

1782

self.assertRaises(TypeError, self._interactInMemory, server, client)

1783

self.assertEqual([], select_args)

1784

1785

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1786

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1787

class ApplicationLayerProtoNegotiationTests(TestCase, _LoopbackMixin):

1788

"""

1789

Tests for ALPN in PyOpenSSL.

1790

"""

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1791

# Skip tests on versions that don't support ALPN.

1792

if _lib.Cryptography_HAS_ALPN:

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1793

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1794

def test_alpn_success(self):

1795

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1796

Clients and servers that agree on the negotiated ALPN protocol can

1797

correct establish a connection, and the agreed protocol is reported

1798

by the connections.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1799

"""

1800

select_args = []

1801

def select(conn, options):

1802

select_args.append((conn, options))

1803

return b'spdy/2'

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1804

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1805

client_context = Context(TLSv1_METHOD)

1806

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1807

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1808

server_context = Context(TLSv1_METHOD)

1809

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1810

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1811

# Necessary to actually accept the connection

1812

server_context.use_privatekey(

1813

load_privatekey(FILETYPE_PEM, server_key_pem))

1814

server_context.use_certificate(

1815

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1816

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1817

# Do a little connection to trigger the logic

1818

server = Connection(server_context, None)

1819

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1820

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1821

client = Connection(client_context, None)

1822

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1823

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1824

self._interactInMemory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1825

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1826

self.assertEqual([(server, [b'http/1.1', b'spdy/2'])], select_args)

1827

1828

self.assertEqual(server.get_alpn_proto_negotiated(), b'spdy/2')

1829

self.assertEqual(client.get_alpn_proto_negotiated(), b'spdy/2')

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1830

1831

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1832

def test_alpn_set_on_connection(self):

1833

"""

1834

The same as test_alpn_success, but setting the ALPN protocols on

1835

the connection rather than the context.

1836

"""

1837

select_args = []

1838

def select(conn, options):

1839

select_args.append((conn, options))

1840

return b'spdy/2'

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1841

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1842

# Setup the client context but don't set any ALPN protocols.

1843

client_context = Context(TLSv1_METHOD)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1844

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1845

server_context = Context(TLSv1_METHOD)

1846

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1847

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1848

# Necessary to actually accept the connection

1849

server_context.use_privatekey(

1850

load_privatekey(FILETYPE_PEM, server_key_pem))

1851

server_context.use_certificate(

1852

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1853

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1854

# Do a little connection to trigger the logic

1855

server = Connection(server_context, None)

1856

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1857

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1858

# Set the ALPN protocols on the client connection.

1859

client = Connection(client_context, None)

1860

client.set_alpn_protos([b'http/1.1', b'spdy/2'])

1861

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1862

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1863

self._interactInMemory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1864

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1865

self.assertEqual([(server, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1866

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1867

self.assertEqual(server.get_alpn_proto_negotiated(), b'spdy/2')

1868

self.assertEqual(client.get_alpn_proto_negotiated(), b'spdy/2')

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1869

1870

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1871

def test_alpn_server_fail(self):

1872

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1873

When clients and servers cannot agree on what protocol to use next

1874

the TLS connection does not get established.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1875

"""

1876

select_args = []

1877

def select(conn, options):

1878

select_args.append((conn, options))

1879

return b''

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1880

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1881

client_context = Context(TLSv1_METHOD)

1882

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1883

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1884

server_context = Context(TLSv1_METHOD)

1885

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1886

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1887

# Necessary to actually accept the connection

1888

server_context.use_privatekey(

1889

load_privatekey(FILETYPE_PEM, server_key_pem))

1890

server_context.use_certificate(

1891

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1892

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1893

# Do a little connection to trigger the logic

1894

server = Connection(server_context, None)

1895

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1896

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1897

client = Connection(client_context, None)

1898

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1899

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1900

# If the client doesn't return anything, the connection will fail.

1901

self.assertRaises(Error, self._interactInMemory, server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1902

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1903

self.assertEqual([(server, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1904

1905

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1906

def test_alpn_no_server(self):

1907

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1908

When clients and servers cannot agree on what protocol to use next

1909

because the server doesn't offer ALPN, no protocol is negotiated.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1910

"""

1911

client_context = Context(TLSv1_METHOD)

1912

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1913

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1914

server_context = Context(TLSv1_METHOD)

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1915

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1916

# Necessary to actually accept the connection

1917

server_context.use_privatekey(

1918

load_privatekey(FILETYPE_PEM, server_key_pem))

1919

server_context.use_certificate(

1920

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1921

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1922

# Do a little connection to trigger the logic

1923

server = Connection(server_context, None)

1924

server.set_accept_state()

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1925

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1926

client = Connection(client_context, None)

1927

client.set_connect_state()

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1928

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1929

# Do the dance.

1930

self._interactInMemory(server, client)

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1931

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1932

self.assertEqual(client.get_alpn_proto_negotiated(), b'')

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1933

1934

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1935

def test_alpn_callback_exception(self):

1936

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1937

We can handle exceptions in the ALPN select callback.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1938

"""

1939

select_args = []

1940

def select(conn, options):

1941

select_args.append((conn, options))

Cory Benfield

ef40145

2015-04-13 18:17:36 -0400

[diff] [blame]

1942

raise TypeError()

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1943

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1944

client_context = Context(TLSv1_METHOD)

1945

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1946

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1947

server_context = Context(TLSv1_METHOD)

1948

server_context.set_alpn_select_callback(select)

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1949

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1950

# Necessary to actually accept the connection

1951

server_context.use_privatekey(

1952

load_privatekey(FILETYPE_PEM, server_key_pem))

1953

server_context.use_certificate(

1954

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1955

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1956

# Do a little connection to trigger the logic

1957

server = Connection(server_context, None)

1958

server.set_accept_state()

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1959

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1960

client = Connection(client_context, None)

1961

client.set_connect_state()

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1962

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1963

self.assertRaises(

1964

TypeError, self._interactInMemory, server, client

1965

)

1966

self.assertEqual([(server, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1967

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

1968

else:

1969

# No ALPN.

1970

def test_alpn_not_implemented(self):

Cory Benfield

ef40145

2015-04-13 18:17:36 -0400

[diff] [blame]

1971

"""

1972

If ALPN is not in OpenSSL, we should raise NotImplementedError.

1973

"""

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

1974

# Test the context methods first.

1975

context = Context(TLSv1_METHOD)

Cory Benfield

307e9e6

2015-04-13 18:21:12 -0400

[diff] [blame^]

1976

self.assertRaises(

1977

NotImplementedError, context.set_alpn_protos, None

1978

)

1979

self.assertRaises(

1980

NotImplementedError, context.set_alpn_select_callback, None

1981

)

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

1982

1983

# Now test a connection.

1984

conn = Connection(context)

Cory Benfield

307e9e6

2015-04-13 18:21:12 -0400

[diff] [blame^]

1985

self.assertRaises(

1986

NotImplementedError, context.set_alpn_protos, None

1987

)

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

1988

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1989

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1990

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

1991

class SessionTests(TestCase):

1992

"""

1993

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1994

"""

1995

def test_construction(self):

1996

"""

1997

:py:class:`Session` can be constructed with no arguments, creating a new

1998

instance of that type.

1999

"""

2000

new_session = Session()

2001

self.assertTrue(isinstance(new_session, Session))

2002

2003

2004

def test_construction_wrong_args(self):

2005

"""

2006

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

2007

is raised.

2008

"""

2009

self.assertRaises(TypeError, Session, 123)

2010

self.assertRaises(TypeError, Session, "hello")

2011

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2015

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2016

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2017

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2018

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2019

# XXX get_peer_certificate -> None

2020

# XXX sock_shutdown

2021

# XXX master_key -> TypeError

2022

# XXX server_random -> TypeError

2023

# XXX state_string

2024

# XXX connect -> TypeError

2025

# XXX connect_ex -> TypeError

2026

# XXX set_connect_state -> TypeError

2027

# XXX set_accept_state -> TypeError

2028

# XXX renegotiate_pending

2029

# XXX do_handshake -> TypeError

2030

# XXX bio_read -> TypeError

2031

# XXX recv -> TypeError

2032

# XXX send -> TypeError

2033

# XXX bio_write -> TypeError

2034

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2035

def test_type(self):

2036

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2037

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2038

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2039

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2040

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2041

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2042

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2043

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2044

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2045

def test_get_context(self):

2046

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2047

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

2048

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2049

"""

2050

context = Context(TLSv1_METHOD)

2051

connection = Connection(context, None)

2052

self.assertIdentical(connection.get_context(), context)

2053

2054

2055

def test_get_context_wrong_args(self):

2056

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2057

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2058

arguments.

2059

"""

2060

connection = Connection(Context(TLSv1_METHOD), None)

2061

self.assertRaises(TypeError, connection.get_context, None)

2062

2063

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2064

def test_set_context_wrong_args(self):

2065

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2066

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

2067

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2068

than 1.

2069

"""

2070

ctx = Context(TLSv1_METHOD)

2071

connection = Connection(ctx, None)

2072

self.assertRaises(TypeError, connection.set_context)

2073

self.assertRaises(TypeError, connection.set_context, object())

2074

self.assertRaises(TypeError, connection.set_context, "hello")

2075

self.assertRaises(TypeError, connection.set_context, 1)

2076

self.assertRaises(TypeError, connection.set_context, 1, 2)

2077

self.assertRaises(

2078

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

2079

self.assertIdentical(ctx, connection.get_context())

2080

2081

2082

def test_set_context(self):

2083

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2084

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2085

for the connection.

2086

"""

2087

original = Context(SSLv23_METHOD)

2088

replacement = Context(TLSv1_METHOD)

2089

connection = Connection(original, None)

2090

connection.set_context(replacement)

2091

self.assertIdentical(replacement, connection.get_context())

2092

# Lose our references to the contexts, just in case the Connection isn't

2093

# properly managing its own contributions to their reference counts.

2094

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

2099

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2100

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2101

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2102

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2103

"""

2104

conn = Connection(Context(TLSv1_METHOD), None)

2105

self.assertRaises(TypeError, conn.set_tlsext_host_name)

2106

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

2107

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

2108

self.assertRaises(

2109

TypeError, conn.set_tlsext_host_name, b("with\0null"))

2110

2111

if version_info >= (3,):

2112

# On Python 3.x, don't accidentally implicitly convert from text.

2113

self.assertRaises(

2114

TypeError,

2115

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2116

2117

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

2118

def test_get_servername_wrong_args(self):

2119

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2120

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

2121

arguments.

2122

"""

2123

connection = Connection(Context(TLSv1_METHOD), None)

2124

self.assertRaises(TypeError, connection.get_servername, object())

2125

self.assertRaises(TypeError, connection.get_servername, 1)

2126

self.assertRaises(TypeError, connection.get_servername, "hello")

2127

2128

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2129

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2130

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2131

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2132

immediate read.

2133

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2134

connection = Connection(Context(TLSv1_METHOD), None)

2135

self.assertEquals(connection.pending(), 0)

2136

2137

2138

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2139

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2140

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2141

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2142

connection = Connection(Context(TLSv1_METHOD), None)

2143

self.assertRaises(TypeError, connection.pending, None)

2144

2145

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2146

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2147

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2148

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2149

argument or with the wrong number of arguments.

2150

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2151

connection = Connection(Context(TLSv1_METHOD), socket())

2152

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2153

self.assertRaises(TypeError, connection.connect)

2154

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2155

2156

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2157

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2158

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2159

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2160

connect method raises it.

2161

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2162

client = socket()

2163

context = Context(TLSv1_METHOD)

2164

clientSSL = Connection(context, client)

2165

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

2166

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2167

2168

2169

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2170

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2171

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2172

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2178

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

2179

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2180

2181

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

2182

if platform == "darwin":

2183

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

2184

else:

2185

def test_connect_ex(self):

2186

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2187

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

2188

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

2193

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

2194

clientSSL = Connection(Context(TLSv1_METHOD), socket())

2195

clientSSL.setblocking(False)

2196

result = clientSSL.connect_ex(port.getsockname())

2197

expected = (EINPROGRESS, EWOULDBLOCK)

2198

self.assertTrue(

2199

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

2200

2201

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2202

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2203

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2204

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2205

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2206

connection = Connection(Context(TLSv1_METHOD), socket())

2207

self.assertRaises(TypeError, connection.accept, None)

2208

2209

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2210

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2211

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2212

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

2213

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2214

connection originated from.

2215

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2216

ctx = Context(TLSv1_METHOD)

2217

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2218

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2219

port = socket()

2220

portSSL = Connection(ctx, port)

2221

portSSL.bind(('', 0))

2222

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2223

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2224

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2225

2226

# Calling portSSL.getsockname() here to get the server IP address sounds

2227

# great, but frequently fails on Windows.

2228

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2229

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2230

serverSSL, address = portSSL.accept()

2231

2232

self.assertTrue(isinstance(serverSSL, Connection))

2233

self.assertIdentical(serverSSL.get_context(), ctx)

2234

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2235

2236

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2237

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2238

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2239

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2240

number of arguments or with arguments other than integers.

2241

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2242

connection = Connection(Context(TLSv1_METHOD), None)

2243

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

2244

self.assertRaises(TypeError, connection.get_shutdown, None)

2245

self.assertRaises(TypeError, connection.set_shutdown)

2246

self.assertRaises(TypeError, connection.set_shutdown, None)

2247

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2248

2249

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2250

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2251

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2252

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2253

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2254

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2255

self.assertFalse(server.shutdown())

2256

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2257

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2258

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

2259

client.shutdown()

2260

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

2261

self.assertRaises(ZeroReturnError, server.recv, 1024)

2262

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2263

2264

Paul Aurich

c85e086

2015-01-08 08:34:33 -0800

[diff] [blame]

2265

def test_shutdown_closed(self):

2266

"""

2267

If the underlying socket is closed, :py:obj:`Connection.shutdown` propagates the

2268

write error from the low level write call.

2269

"""

2270

server, client = self._loopback()

2271

server.sock_shutdown(2)

2272

exc = self.assertRaises(SysCallError, server.shutdown)

2273

if platform == "win32":

2274

self.assertEqual(exc.args[0], ESHUTDOWN)

2275

else:

2276

self.assertEqual(exc.args[0], EPIPE)

2277

2278

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2279

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2280

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2281

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2282

process.

2283

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2284

connection = Connection(Context(TLSv1_METHOD), socket())

2285

connection.set_shutdown(RECEIVED_SHUTDOWN)

2286

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

2287

2288

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

2289

if not PY3:

2290

def test_set_shutdown_long(self):

2291

"""

2292

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

2293

of type :py:obj:`long` as well as :py:obj:`int`.

2294

"""

2295

connection = Connection(Context(TLSv1_METHOD), socket())

2296

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

2297

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

2298

2299

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2300

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2301

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2302

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

2303

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2304

with any arguments.

2305

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2306

conn = Connection(Context(TLSv1_METHOD), None)

2307

self.assertRaises(TypeError, conn.get_app_data, None)

2308

self.assertRaises(TypeError, conn.set_app_data)

2309

self.assertRaises(TypeError, conn.set_app_data, None, None)

2310

2311

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2312

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2313

"""

2314

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2315

:py:obj:`Connection.set_app_data` and later retrieved with

2316

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2317

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2318

conn = Connection(Context(TLSv1_METHOD), None)

2319

app_data = object()

2320

conn.set_app_data(app_data)

2321

self.assertIdentical(conn.get_app_data(), app_data)

2322

2323

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2324

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2325

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2326

:py:obj:`Connection.makefile` is not implemented and calling that method raises

2327

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2328

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2329

conn = Connection(Context(TLSv1_METHOD), None)

2330

self.assertRaises(NotImplementedError, conn.makefile)

2331

2332

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2333

def test_get_peer_cert_chain_wrong_args(self):

2334

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2335

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2336

arguments.

2337

"""

2338

conn = Connection(Context(TLSv1_METHOD), None)

2339

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

2340

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

2341

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

2342

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

2343

2344

2345

def test_get_peer_cert_chain(self):

2346

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2347

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2348

the connected server returned for the certification verification.

2349

"""

2350

chain = _create_certificate_chain()

2351

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2352

2353

serverContext = Context(TLSv1_METHOD)

2354

serverContext.use_privatekey(skey)

2355

serverContext.use_certificate(scert)

2356

serverContext.add_extra_chain_cert(icert)

2357

serverContext.add_extra_chain_cert(cacert)

2358

server = Connection(serverContext, None)

2359

server.set_accept_state()

2360

2361

# Create the client

2362

clientContext = Context(TLSv1_METHOD)

2363

clientContext.set_verify(VERIFY_NONE, verify_cb)

2364

client = Connection(clientContext, None)

2365

client.set_connect_state()

2366

2367

self._interactInMemory(client, server)

2368

2369

chain = client.get_peer_cert_chain()

2370

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2371

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2372

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2373

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2374

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2375

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2376

"Authority Certificate", chain[2].get_subject().CN)

2377

2378

2379

def test_get_peer_cert_chain_none(self):

2380

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2381

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2382

certificate chain.

2383

"""

2384

ctx = Context(TLSv1_METHOD)

2385

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2386

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2387

server = Connection(ctx, None)

2388

server.set_accept_state()

2389

client = Connection(Context(TLSv1_METHOD), None)

2390

client.set_connect_state()

2391

self._interactInMemory(client, server)

2392

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2393

2394

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2395

def test_get_session_wrong_args(self):

2396

"""

2397

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

2398

with any arguments.

2399

"""

2400

ctx = Context(TLSv1_METHOD)

2401

server = Connection(ctx, None)

2402

self.assertRaises(TypeError, server.get_session, 123)

2403

self.assertRaises(TypeError, server.get_session, "hello")

2404

self.assertRaises(TypeError, server.get_session, object())

2405

2406

2407

def test_get_session_unconnected(self):

2408

"""

2409

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

2410

an object which has not been connected.

2411

"""

2412

ctx = Context(TLSv1_METHOD)

2413

server = Connection(ctx, None)

2414

session = server.get_session()

2415

self.assertIdentical(None, session)

2416

2417

2418

def test_server_get_session(self):

2419

"""

2420

On the server side of a connection, :py:obj:`Connection.get_session`

2421

returns a :py:class:`Session` instance representing the SSL session for

2422

that connection.

2423

"""

2424

server, client = self._loopback()

2425

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

2426

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2427

2428

2429

def test_client_get_session(self):

2430

"""

2431

On the client side of a connection, :py:obj:`Connection.get_session`

2432

returns a :py:class:`Session` instance representing the SSL session for

2433

that connection.

2434

"""

2435

server, client = self._loopback()

2436

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

2437

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2438

2439

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2440

def test_set_session_wrong_args(self):

2441

"""

2442

If called with an object that is not an instance of :py:class:`Session`,

2443

or with other than one argument, :py:obj:`Connection.set_session` raises

2444

:py:obj:`TypeError`.

2445

"""

2446

ctx = Context(TLSv1_METHOD)

2447

connection = Connection(ctx, None)

2448

self.assertRaises(TypeError, connection.set_session)

2449

self.assertRaises(TypeError, connection.set_session, 123)

2450

self.assertRaises(TypeError, connection.set_session, "hello")

2451

self.assertRaises(TypeError, connection.set_session, object())

2452

self.assertRaises(

2453

TypeError, connection.set_session, Session(), Session())

2454

2455

2456

def test_client_set_session(self):

2457

"""

2458

:py:obj:`Connection.set_session`, when used prior to a connection being

2459

established, accepts a :py:class:`Session` instance and causes an

2460

attempt to re-use the session it represents when the SSL handshake is

2461

performed.

2462

"""

2463

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2464

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2465

ctx = Context(TLSv1_METHOD)

2466

ctx.use_privatekey(key)

2467

ctx.use_certificate(cert)

2468

ctx.set_session_id("unity-test")

2469

2470

def makeServer(socket):

2471

server = Connection(ctx, socket)

2472

server.set_accept_state()

2473

return server

2474

2475

originalServer, originalClient = self._loopback(

2476

serverFactory=makeServer)

2477

originalSession = originalClient.get_session()

2478

2479

def makeClient(socket):

2480

client = self._loopbackClientFactory(socket)

2481

client.set_session(originalSession)

2482

return client

2483

resumedServer, resumedClient = self._loopback(

2484

serverFactory=makeServer,

2485

clientFactory=makeClient)

2486

2487

# This is a proxy: in general, we have no access to any unique

2488

# identifier for the session (new enough versions of OpenSSL expose a

2489

# hash which could be usable, but "new enough" is very, very new).

2490

# Instead, exploit the fact that the master key is re-used if the

2491

# session is re-used. As long as the master key for the two connections

2492

# is the same, the session was re-used!

2493

self.assertEqual(

2494

originalServer.master_key(), resumedServer.master_key())

2495

2496

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2497

def test_set_session_wrong_method(self):

2498

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

2499

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

2500

instance associated with a context using a different SSL method than the

2501

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

2502

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2503

"""

2504

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2505

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2506

ctx = Context(TLSv1_METHOD)

2507

ctx.use_privatekey(key)

2508

ctx.use_certificate(cert)

2509

ctx.set_session_id("unity-test")

2510

2511

def makeServer(socket):

2512

server = Connection(ctx, socket)

2513

server.set_accept_state()

2514

return server

2515

2516

originalServer, originalClient = self._loopback(

2517

serverFactory=makeServer)

2518

originalSession = originalClient.get_session()

2519

2520

def makeClient(socket):

2521

# Intentionally use a different, incompatible method here.

2522

client = Connection(Context(SSLv3_METHOD), socket)

2523

client.set_connect_state()

2524

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

2530

2531

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2532

def test_wantWriteError(self):

2533

"""

2534

:py:obj:`Connection` methods which generate output raise

2535

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

2536

fail indicating a should-write state.

2537

"""

2538

client_socket, server_socket = socket_pair()

2539

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2540

# anything. Only write a single byte at a time so we can be sure we

2541

# completely fill the buffer. Even though the socket API is allowed to

2542

# signal a short write via its return value it seems this doesn't

2543

# always happen on all platforms (FreeBSD and OS X particular) for the

2544

# very last bit of available buffer space.

2545

msg = b"x"

2546

for i in range(1024 * 1024 * 4):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2547

try:

2548

client_socket.send(msg)

2549

except error as e:

2550

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

2556

2557

ctx = Context(TLSv1_METHOD)

2558

conn = Connection(ctx, client_socket)

2559

# Client's speak first, so make it an SSL client

2560

conn.set_connect_state()

2561

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2565

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2566

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2567

:py:obj:`Connection.get_finished` returns :py:obj:`None` before TLS

2568

handshake is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2569

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2570

ctx = Context(TLSv1_METHOD)

2571

connection = Connection(ctx, None)

2572

self.assertEqual(connection.get_finished(), None)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2573

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2574

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2575

def test_get_peer_finished_before_connect(self):

2576

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2577

:py:obj:`Connection.get_peer_finished` returns :py:obj:`None` before

2578

TLS handshake is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2579

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2580

ctx = Context(TLSv1_METHOD)

2581

connection = Connection(ctx, None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2582

self.assertEqual(connection.get_peer_finished(), None)

2583

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2584

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2585

def test_get_finished(self):

2586

"""

2587

:py:obj:`Connection.get_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2588

message send from client, or server. Finished messages are send during

2589

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2590

"""

2591

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2592

server, client = self._loopback()

2593

2594

self.assertNotEqual(server.get_finished(), None)

2595

self.assertTrue(len(server.get_finished()) > 0)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2596

Jean-Paul Calderone

d979f23

2014-03-30 11:58:00 -0400

[diff] [blame]

2597

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2598

def test_get_peer_finished(self):

2599

"""

2600

:py:obj:`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2601

message received from client, or server. Finished messages are send

2602

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2603

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2604

server, client = self._loopback()

2605

2606

self.assertNotEqual(server.get_peer_finished(), None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2607

self.assertTrue(len(server.get_peer_finished()) > 0)

2608

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2609

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2610

def test_tls_finished_message_symmetry(self):

2611

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2612

The TLS Finished message send by server must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2613

received by client.

2614

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2615

The TLS Finished message send by client must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2616

received by server.

2617

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2618

server, client = self._loopback()

2619

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2620

self.assertEqual(server.get_finished(), client.get_peer_finished())

2621

self.assertEqual(client.get_finished(), server.get_peer_finished())

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2622

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2623

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2624

def test_get_cipher_name_before_connect(self):

2625

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2626

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None` if no

2627

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2628

"""

2629

ctx = Context(TLSv1_METHOD)

2630

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2631

self.assertIdentical(conn.get_cipher_name(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2632

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2633

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2634

def test_get_cipher_name(self):

2635

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2636

:py:obj:`Connection.get_cipher_name` returns a :py:class:`unicode`

2637

string giving the name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2638

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2639

server, client = self._loopback()

2640

server_cipher_name, client_cipher_name = \

2641

server.get_cipher_name(), client.get_cipher_name()

2642

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2643

self.assertIsInstance(server_cipher_name, text_type)

2644

self.assertIsInstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2645

2646

self.assertEqual(server_cipher_name, client_cipher_name)

2647

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2648

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2649

def test_get_cipher_version_before_connect(self):

2650

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2651

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None` if no

2652

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2653

"""

2654

ctx = Context(TLSv1_METHOD)

2655

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2656

self.assertIdentical(conn.get_cipher_version(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2657

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2658

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2659

def test_get_cipher_version(self):

2660

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2661

:py:obj:`Connection.get_cipher_version` returns a :py:class:`unicode`

2662

string giving the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2663

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2664

server, client = self._loopback()

2665

server_cipher_version, client_cipher_version = \

2666

server.get_cipher_version(), client.get_cipher_version()

2667

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2668

self.assertIsInstance(server_cipher_version, text_type)

2669

self.assertIsInstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2670

2671

self.assertEqual(server_cipher_version, client_cipher_version)

2672

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2673

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2674

def test_get_cipher_bits_before_connect(self):

2675

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2676

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None` if no

2677

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2678

"""

2679

ctx = Context(TLSv1_METHOD)

2680

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2681

self.assertIdentical(conn.get_cipher_bits(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2682

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2683

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2684

def test_get_cipher_bits(self):

2685

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2686

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits

2687

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2688

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2689

server, client = self._loopback()

2690

server_cipher_bits, client_cipher_bits = \

2691

server.get_cipher_bits(), client.get_cipher_bits()

2692

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2693

self.assertIsInstance(server_cipher_bits, int)

2694

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2695

2696

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2697

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2698

2699

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2700

class ConnectionGetCipherListTests(TestCase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2701

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2702

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2703

"""

Jean-Paul Calderone

54a2bc0

2010-09-09 17:52:38 -0400

[diff] [blame]

2704

def test_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2705

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2706

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2707

arguments.

2708

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2709

connection = Connection(Context(TLSv1_METHOD), None)

2710

self.assertRaises(TypeError, connection.get_cipher_list, None)

2711

2712

2713

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2714

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2715

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2716

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2717

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2718

connection = Connection(Context(TLSv1_METHOD), None)

2719

ciphers = connection.get_cipher_list()

2720

self.assertTrue(isinstance(ciphers, list))

2721

for cipher in ciphers:

2722

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2726

class ConnectionSendTests(TestCase, _LoopbackMixin):

2727

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2728

Tests for :py:obj:`Connection.send`

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2729

"""

2730

def test_wrong_args(self):

2731

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2732

When called with arguments other than string argument for its first

2733

parameter or more than two arguments, :py:obj:`Connection.send` raises

2734

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2735

"""

2736

connection = Connection(Context(TLSv1_METHOD), None)

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2737

self.assertRaises(TypeError, connection.send)

2738

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2739

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2740

2741

2742

def test_short_bytes(self):

2743

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2744

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2745

and returns the number of bytes sent.

2746

"""

2747

server, client = self._loopback()

2748

count = server.send(b('xy'))

2749

self.assertEquals(count, 2)

2750

self.assertEquals(client.recv(2), b('xy'))

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2756

else:

2757

def test_short_memoryview(self):

2758

"""

2759

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2760

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2761

bytes sent.

2762

"""

2763

server, client = self._loopback()

2764

count = server.send(memoryview(b('xy')))

2765

self.assertEquals(count, 2)

2766

self.assertEquals(client.recv(2), b('xy'))

2767

2768

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffer without buffer"

2773

else:

2774

def test_short_buffer(self):

2775

"""

2776

When passed a buffer containing a small number of bytes,

2777

:py:obj:`Connection.send` transmits all of them and returns the number of

2778

bytes sent.

2779

"""

2780

server, client = self._loopback()

2781

count = server.send(buffer(b('xy')))

2782

self.assertEquals(count, 2)

2783

self.assertEquals(client.recv(2), b('xy'))

2784

2785

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2786

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2787

def _make_memoryview(size):

2788

"""

2789

Create a new ``memoryview`` wrapped around a ``bytearray`` of the given

2790

size.

2791

"""

2792

return memoryview(bytearray(size))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2796

class ConnectionRecvIntoTests(TestCase, _LoopbackMixin):

2797

"""

2798

Tests for :py:obj:`Connection.recv_into`

2799

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2800

def _no_length_test(self, factory):

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2801

"""

2802

Assert that when the given buffer is passed to

2803

``Connection.recv_into``, whatever bytes are available to be received

2804

that fit into that buffer are written into that buffer.

2805

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2806

output_buffer = factory(5)

2807

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2808

server, client = self._loopback()

2809

server.send(b('xy'))

2810

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2811

self.assertEqual(client.recv_into(output_buffer), 2)

2812

self.assertEqual(output_buffer, bytearray(b('xy\x00\x00\x00')))

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2813

2814

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2815

def test_bytearray_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2816

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2817

:py:obj:`Connection.recv_into` can be passed a ``bytearray`` instance

2818

and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2819

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2820

self._no_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2821

2822

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2823

def _respects_length_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2824

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2825

Assert that when the given buffer is passed to ``Connection.recv_into``

2826

along with a value for ``nbytes`` that is less than the size of that

2827

buffer, only ``nbytes`` bytes are written into the buffer.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2828

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2829

output_buffer = factory(10)

2830

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2831

server, client = self._loopback()

2832

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2833

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2834

self.assertEqual(client.recv_into(output_buffer, 5), 5)

2835

self.assertEqual(

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2836

output_buffer, bytearray(b('abcde\x00\x00\x00\x00\x00'))

)

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2840

def test_bytearray_respects_length(self):

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2841

"""

2842

When called with a ``bytearray`` instance,

2843

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter and

2844

doesn't copy in more than that number of bytes.

2845

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2846

self._respects_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2847

2848

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2849

def _doesnt_overfill_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2850

"""

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2851

Assert that if there are more bytes available to be read from the

2852

receive buffer than would fit into the buffer passed to

2853

:py:obj:`Connection.recv_into`, only as many as fit are written into

2854

it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2855

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2856

output_buffer = factory(5)

2857

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2858

server, client = self._loopback()

2859

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2860

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2861

self.assertEqual(client.recv_into(output_buffer), 5)

2862

self.assertEqual(output_buffer, bytearray(b('abcde')))

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2863

rest = client.recv(5)

2864

self.assertEqual(b('fghij'), rest)

2865

2866

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2867

def test_bytearray_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2868

"""

2869

When called with a ``bytearray`` instance,

2870

:py:obj:`Connection.recv_into` respects the size of the array and

2871

doesn't write more bytes into it than will fit.

2872

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2873

self._doesnt_overfill_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2874

2875

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2876

def _really_doesnt_overfill_test(self, factory):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2877

"""

2878

Assert that if the value given by ``nbytes`` is greater than the actual

2879

size of the output buffer passed to :py:obj:`Connection.recv_into`, the

2880

behavior is as if no value was given for ``nbytes`` at all.

2881

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2882

output_buffer = factory(5)

2883

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2884

server, client = self._loopback()

2885

server.send(b('abcdefghij'))

2886

2887

self.assertEqual(client.recv_into(output_buffer, 50), 5)

2888

self.assertEqual(output_buffer, bytearray(b('abcde')))

2889

rest = client.recv(5)

2890

self.assertEqual(b('fghij'), rest)

2891

2892

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2893

def test_bytearray_really_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2894

"""

2895

When called with a ``bytearray`` instance and an ``nbytes`` value that

2896

is too large, :py:obj:`Connection.recv_into` respects the size of the

2897

array and not the ``nbytes`` value and doesn't write more bytes into

2898

the buffer than will fit.

2899

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2900

self._doesnt_overfill_test(bytearray)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2901

2902

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

try:

memoryview

except NameError:

"cannot test recv_into memoryview without memoryview"

2907

else:

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2908

def test_memoryview_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2909

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2910

:py:obj:`Connection.recv_into` can be passed a ``memoryview``

2911

instance and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2912

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2913

self._no_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2914

2915

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2916

def test_memoryview_respects_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2917

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2918

When called with a ``memoryview`` instance,

2919

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter

2920

and doesn't copy more than that number of bytes in.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2921

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2922

self._respects_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2923

2924

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2925

def test_memoryview_doesnt_overfill(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2926

"""

Jean-Paul Calderone

8fd8255

2015-03-15 17:21:07 -0400

[diff] [blame]

2927

When called with a ``memoryview`` instance,

2928

:py:obj:`Connection.recv_into` respects the size of the array and

2929

doesn't write more bytes into it than will fit.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2930

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2931

self._doesnt_overfill_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2932

2933

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2934

def test_memoryview_really_doesnt_overfill(self):

2935

"""

2936

When called with a ``memoryview`` instance and an ``nbytes`` value

2937

that is too large, :py:obj:`Connection.recv_into` respects the size

2938

of the array and not the ``nbytes`` value and doesn't write more

2939

bytes into the buffer than will fit.

2940

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2941

self._doesnt_overfill_test(_make_memoryview)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2942

2943

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2944

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2945

class ConnectionSendallTests(TestCase, _LoopbackMixin):

2946

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2947

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2948

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2949

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2950

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2951

When called with arguments other than a string argument for its first

2952

parameter or with more than two arguments, :py:obj:`Connection.sendall`

2953

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2954

"""

2955

connection = Connection(Context(TLSv1_METHOD), None)

2956

self.assertRaises(TypeError, connection.sendall)

2957

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2958

self.assertRaises(

2959

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2960

2961

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2962

def test_short(self):

2963

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2964

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2965

it.

2966

"""

2967

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

2968

server.sendall(b('x'))

2969

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2970

2971

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2976

else:

2977

def test_short_memoryview(self):

2978

"""

2979

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2980

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2981

"""

2982

server, client = self._loopback()

2983

server.sendall(memoryview(b('x')))

2984

self.assertEquals(client.recv(1), b('x'))

2985

2986

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffers without buffers"

2991

else:

2992

def test_short_buffers(self):

2993

"""

2994

When passed a buffer containing a small number of bytes,

2995

:py:obj:`Connection.sendall` transmits all of them.

2996

"""

2997

server, client = self._loopback()

2998

server.sendall(buffer(b('x')))

2999

self.assertEquals(client.recv(1), b('x'))

3000

3001

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3002

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3003

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3004

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3005

it even if this requires multiple calls of an underlying write function.

3006

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3007

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

3008

# Should be enough, underlying SSL_write should only do 16k at a time.

3009

# On Windows, after 32k of bytes the write will block (forever - because

3010

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

3011

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3012

server.sendall(message)

3013

accum = []

3014

received = 0

3015

while received < len(message):

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

3016

data = client.recv(1024)

3017

accum.append(data)

3018

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

3019

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3020

3021

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3022

def test_closed(self):

3023

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3024

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3025

write error from the low level write call.

3026

"""

3027

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

3028

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

3029

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

3030

if platform == "win32":

3031

self.assertEqual(exc.args[0], ESHUTDOWN)

3032

else:

3033

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3034

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3035

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

3036

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3037

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

3038

"""

3039

Tests for SSL renegotiation APIs.

3040

"""

3041

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3042

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3043

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3044

arguments.

3045

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3046

connection = Connection(Context(TLSv1_METHOD), None)

3047

self.assertRaises(TypeError, connection.renegotiate, None)

3048

3049

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3050

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3051

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3052

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3053

any arguments.

3054

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3055

connection = Connection(Context(TLSv1_METHOD), None)

3056

self.assertRaises(TypeError, connection.total_renegotiations, None)

3057

3058

3059

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3060

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3061

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3062

renegotiations have happened.

3063

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3064

connection = Connection(Context(TLSv1_METHOD), None)

3065

self.assertEquals(connection.total_renegotiations(), 0)

3066

3067

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3068

# def test_renegotiate(self):

3069

# """

3070

# """

3071

# server, client = self._loopback()

3072

3073

# server.send("hello world")

3074

# self.assertEquals(client.recv(len("hello world")), "hello world")

3075

3076

# self.assertEquals(server.total_renegotiations(), 0)

3077

# self.assertTrue(server.renegotiate())

3078

3079

# server.setblocking(False)

3080

# client.setblocking(False)

3081

# while server.renegotiate_pending():

3082

# client.do_handshake()

3083

# server.do_handshake()

3084

3085

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3090

class ErrorTests(TestCase):

3091

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3092

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3093

"""

3094

def test_type(self):

3095

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3096

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3097

"""

3098

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

3099

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3103

class ConstantsTests(TestCase):

3104

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3105

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3106

3107

These are values defined by OpenSSL intended only to be used as flags to

3108

OpenSSL APIs. The only assertions it seems can be made about them is

3109

their values.

3110

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3111

# unittest.TestCase has no skip mechanism

3112

if OP_NO_QUERY_MTU is not None:

3113

def test_op_no_query_mtu(self):

3114

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3115

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

3116

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3117

"""

3118

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

3119

else:

3120

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3121

3122

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3123

if OP_COOKIE_EXCHANGE is not None:

3124

def test_op_cookie_exchange(self):

3125

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3126

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

3127

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3128

"""

3129

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

3130

else:

3131

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3132

3133

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3134

if OP_NO_TICKET is not None:

3135

def test_op_no_ticket(self):

3136

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3137

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

3138

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3139

"""

3140

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

3141

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3142

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

3143

3144

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

3145

if OP_NO_COMPRESSION is not None:

3146

def test_op_no_compression(self):

3147

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

3148

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

3149

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

3150

"""

3151

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

3152

else:

3153

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

3154

3155

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3156

def test_sess_cache_off(self):

3157

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3158

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

3159

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3160

"""

3161

self.assertEqual(0x0, SESS_CACHE_OFF)

3162

3163

3164

def test_sess_cache_client(self):

3165

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3166

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

3167

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3168

"""

3169

self.assertEqual(0x1, SESS_CACHE_CLIENT)

3170

3171

3172

def test_sess_cache_server(self):

3173

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3174

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

3175

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3176

"""

3177

self.assertEqual(0x2, SESS_CACHE_SERVER)

3178

3179

3180

def test_sess_cache_both(self):

3181

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3182

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

3183

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3184

"""

3185

self.assertEqual(0x3, SESS_CACHE_BOTH)

3186

3187

3188

def test_sess_cache_no_auto_clear(self):

3189

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3190

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

3191

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

3192

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3193

"""

3194

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

3195

3196

3197

def test_sess_cache_no_internal_lookup(self):

3198

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3199

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

3200

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

3201

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3202

"""

3203

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

3204

3205

3206

def test_sess_cache_no_internal_store(self):

3207

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3208

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

3209

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

3210

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3211

"""

3212

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

3213

3214

3215

def test_sess_cache_no_internal(self):

3216

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3217

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

3218

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

3219

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3220

"""

3221

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

3222

3223

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

3224

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3225

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3226

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3227

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3228

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3229

def _server(self, sock):

3230

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3231

Create a new server-side SSL :py:obj:`Connection` object wrapped around

3232

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3233

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3234

# Create the server side Connection. This is mostly setup boilerplate

3235

# - use TLSv1, use a particular certificate, etc.

3236

server_ctx = Context(TLSv1_METHOD)

3237

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

3238

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

3239

server_store = server_ctx.get_cert_store()

3240

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

3241

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

3242

server_ctx.check_privatekey()

3243

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3244

# Here the Connection is actually created. If None is passed as the 2nd

3245

# parameter, it indicates a memory BIO should be created.

3246

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3247

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3251

def _client(self, sock):

3252

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3253

Create a new client-side SSL :py:obj:`Connection` object wrapped around

3254

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3255

"""

3256

# Now create the client side Connection. Similar boilerplate to the

3257

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3258

client_ctx = Context(TLSv1_METHOD)

3259

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

3260

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

3261

client_store = client_ctx.get_cert_store()

3262

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

3263

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

3264

client_ctx.check_privatekey()

3265

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3266

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3267

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3271

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3272

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3273

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3274

reading from the output of each and writing those bytes to the input of

3275

the other and in this way establish a connection and exchange

3276

application-level bytes with each other.

3277

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3278

server_conn = self._server(None)

3279

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3280

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3281

# There should be no key or nonces yet.

3282

self.assertIdentical(server_conn.master_key(), None)

3283

self.assertIdentical(server_conn.client_random(), None)

3284

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3285

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3286

# First, the handshake needs to happen. We'll deliver bytes back and

3287

# forth between the client and server until neither of them feels like

3288

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3289

self.assertIdentical(

3290

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3291

3292

# Now that the handshake is done, there should be a key and nonces.

3293

self.assertNotIdentical(server_conn.master_key(), None)

3294

self.assertNotIdentical(server_conn.client_random(), None)

3295

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

3296

self.assertEquals(server_conn.client_random(), client_conn.client_random())

3297

self.assertEquals(server_conn.server_random(), client_conn.server_random())

3298

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

3299

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3300

3301

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

3302

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3303

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3304

server_conn.write(important_message)

3305

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3306

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3307

(client_conn, important_message))

3308

3309

client_conn.write(important_message[::-1])

3310

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3311

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3312

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3313

3314

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3315

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3316

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3317

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3318

3319

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3320

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3321

this test fails, there must be a problem outside the memory BIO

3322

code, as no memory BIO is involved here). Even though this isn't a

3323

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3324

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

3325

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3326

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

3327

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3328

client_conn.send(important_message)

3329

msg = server_conn.recv(1024)

3330

self.assertEqual(msg, important_message)

3331

3332

# Again in the other direction, just for fun.

3333

important_message = important_message[::-1]

3334

server_conn.send(important_message)

3335

msg = client_conn.recv(1024)

3336

self.assertEqual(msg, important_message)

3337

3338

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

3339

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3340

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3341

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

3342

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3343

"""

3344

context = Context(SSLv3_METHOD)

3345

client = socket()

3346

clientSSL = Connection(context, client)

3347

self.assertRaises( TypeError, clientSSL.bio_read, 100)

3348

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

3349

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3350

3351

3352

def test_outgoingOverflow(self):

3353

"""

3354

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3355

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3356

returned and that many bytes from the beginning of the input can be

3357

read from the other end of the connection.

3358

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3359

server = self._server(None)

3360

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3361

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3362

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3363

3364

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

3365

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3366

# Sanity check. We're trying to test what happens when the entire

3367

# input can't be sent. If the entire input was sent, this test is

3368

# meaningless.

3369

self.assertTrue(sent < size)

3370

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3371

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3372

self.assertIdentical(receiver, server)

3373

3374

# We can rely on all of these bytes being received at once because

3375

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

3376

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3377

3378

3379

def test_shutdown(self):

3380

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3381

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

3382

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3383

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3384

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3385

server.bio_shutdown()

3386

e = self.assertRaises(Error, server.recv, 1024)

3387

# We don't want WantReadError or ZeroReturnError or anything - it's a

3388

# handshake failure.

3389

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3390

3391

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3392

def test_unexpectedEndOfFile(self):

3393

"""

3394

If the connection is lost before an orderly SSL shutdown occurs,

3395

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

3396

"Unexpected EOF".

3397

"""

3398

server_conn, client_conn = self._loopback()

3399

client_conn.sock_shutdown(SHUT_RDWR)

3400

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

3401

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

3402

3403

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3404

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3405

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3406

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3407

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

3408

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3409

before the client and server are connected to each other. This

3410

function should specify a list of CAs for the server to send to the

3411

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3412

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3413

times.

3414

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3415

server = self._server(None)

3416

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3417

self.assertEqual(client.get_client_ca_list(), [])

3418

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3419

ctx = server.get_context()

3420

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3421

self.assertEqual(client.get_client_ca_list(), [])

3422

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3423

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3424

self.assertEqual(client.get_client_ca_list(), expected)

3425

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3426

3427

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3428

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3429

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3430

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3431

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3432

"""

3433

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3434

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

3435

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

3436

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3437

3438

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3439

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3440

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3441

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3442

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3443

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3444

after the connection is set up.

3445

"""

3446

def no_ca(ctx):

3447

ctx.set_client_ca_list([])

3448

return []

3449

self._check_client_ca_list(no_ca)

3450

3451

3452

def test_set_one_ca_list(self):

3453

"""

3454

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3455

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3456

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3457

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3458

X509Name after the connection is set up.

3459

"""

3460

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3461

cadesc = cacert.get_subject()

3462

def single_ca(ctx):

3463

ctx.set_client_ca_list([cadesc])

3464

return [cadesc]

3465

self._check_client_ca_list(single_ca)

3466

3467

3468

def test_set_multiple_ca_list(self):

3469

"""

3470

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3471

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3472

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3473

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3474

X509Names after the connection is set up.

3475

"""

3476

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3477

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3478

3479

sedesc = secert.get_subject()

3480

cldesc = clcert.get_subject()

3481

3482

def multiple_ca(ctx):

3483

L = [sedesc, cldesc]

3484

ctx.set_client_ca_list(L)

3485

return L

3486

self._check_client_ca_list(multiple_ca)

3487

3488

3489

def test_reset_ca_list(self):

3490

"""

3491

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3492

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3493

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3494

"""

3495

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3496

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3497

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3498

3499

cadesc = cacert.get_subject()

3500

sedesc = secert.get_subject()

3501

cldesc = clcert.get_subject()

3502

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3503

def changed_ca(ctx):

3504

ctx.set_client_ca_list([sedesc, cldesc])

3505

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3506

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3507

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3508

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3509

3510

def test_mutated_ca_list(self):

3511

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3512

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3513

afterwards, this does not affect the list of CA names sent to the

3514

client.

3515

"""

3516

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3517

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3518

3519

cadesc = cacert.get_subject()

3520

sedesc = secert.get_subject()

3521

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3522

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3523

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3524

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3525

L.append(sedesc)

3526

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3527

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3528

3529

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3530

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3531

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3532

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3533

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3534

"""

3535

ctx = Context(TLSv1_METHOD)

3536

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3537

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3538

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3539

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3540

3541

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3542

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3543

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3544

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3545

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3546

"""

3547

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3548

cadesc = cacert.get_subject()

3549

def single_ca(ctx):

3550

ctx.add_client_ca(cacert)

3551

return [cadesc]

3552

self._check_client_ca_list(single_ca)

3553

3554

3555

def test_multiple_add_client_ca(self):

3556

"""

3557

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3558

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3559

"""

3560

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3561

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3562

3563

cadesc = cacert.get_subject()

3564

sedesc = secert.get_subject()

3565

3566

def multiple_ca(ctx):

3567

ctx.add_client_ca(cacert)

3568

ctx.add_client_ca(secert)

3569

return [cadesc, sedesc]

3570

self._check_client_ca_list(multiple_ca)

3571

3572

3573

def test_set_and_add_client_ca(self):

3574

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3575

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

3576

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3577

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3578

"""

3579

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3580

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3581

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3582

3583

cadesc = cacert.get_subject()

3584

sedesc = secert.get_subject()

3585

cldesc = clcert.get_subject()

3586

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3587

def mixed_set_add_ca(ctx):

3588

ctx.set_client_ca_list([cadesc, sedesc])

3589

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3590

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3591

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3592

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3593

3594

def test_set_after_add_client_ca(self):

3595

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3596

A call to :py:obj:`Context.set_client_ca_list` after a call to

3597

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3598

call with the names specified by the latter cal.

3599

"""

3600

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3601

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3602

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3603

3604

cadesc = cacert.get_subject()

3605

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3606

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3607

def set_replaces_add_ca(ctx):

3608

ctx.add_client_ca(clcert)

3609

ctx.set_client_ca_list([cadesc])

3610

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3611

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3612

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3613

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3614

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3615

3616

class ConnectionBIOTests(TestCase):

3617

"""

3618

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

3619

"""

3620

def test_wantReadError(self):

3621

"""

3622

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

3623

if there are no bytes available to be read from the BIO.

3624

"""

3625

ctx = Context(TLSv1_METHOD)

3626

conn = Connection(ctx, None)

3627

self.assertRaises(WantReadError, conn.bio_read, 1024)

3628

3629

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3630

def test_buffer_size(self):

3631

"""

3632

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

3633

number of bytes to read and return.

3634

"""

3635

ctx = Context(TLSv1_METHOD)

3636

conn = Connection(ctx, None)

3637

conn.set_connect_state()

3638

try:

3639

conn.do_handshake()

3640

except WantReadError:

3641

pass

3642

data = conn.bio_read(2)

3643

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

3648

"""

3649

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

3650

:py:obj:`long` as well as :py:obj:`int`.

3651

"""

3652

ctx = Context(TLSv1_METHOD)

3653

conn = Connection(ctx, None)

3654

conn.set_connect_state()

3655

try:

3656

conn.do_handshake()

3657

except WantReadError:

3658

pass

3659

data = conn.bio_read(long(2))

3660

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3664

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

3665

class InfoConstantTests(TestCase):

3666

"""

3667

Tests for assorted constants exposed for use in info callbacks.

3668

"""

3669

def test_integers(self):

3670

"""

3671

All of the info constants are integers.

3672

3673

This is a very weak test. It would be nice to have one that actually

3674

verifies that as certain info events happen, the value passed to the

3675

info callback matches up with the constant exposed by OpenSSL.SSL.

3676

"""

3677

for const in [

3678

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

3679

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

3680

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

3681

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

3682

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

3683

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

3684

3685

self.assertTrue(isinstance(const, int))

3686

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3687

Jean-Paul Calderone