Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

5

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

8

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

9

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

516c12c

2015-04-13 20:34:57 -0400

[diff] [blame]

10

from sys import platform, getfilesystemencoding

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

11

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

12

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

13

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

14

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

15

from weakref import ref

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

16

from warnings import catch_warnings, simplefilter

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

17

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

18

from six import PY3, text_type, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

19

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

20

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

21

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

22

from OpenSSL.crypto import dump_privatekey, load_privatekey

23

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

24

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

25

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

26

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

27

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

28

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

29

from OpenSSL.SSL import (

30

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

31

TLSv1_1_METHOD, TLSv1_2_METHOD)

32

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

33

from OpenSSL.SSL import (

34

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

35

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

36

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

37

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

38

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

39

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

40

41

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

42

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

43

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

44

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

45

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

46

from OpenSSL._util import lib as _lib

47

Jean-Paul Calderone

17eca48

2015-04-13 20:31:07 -0400

[diff] [blame]

48

from OpenSSL.test.util import WARNING_TYPE_EXPECTED, NON_ASCII, TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

49

from OpenSSL.test.test_crypto import (

Jean-Paul Calderone

da6399a

2015-04-13 20:52:29 -0400

[diff] [blame]

50

cleartextCertificatePEM, cleartextPrivateKeyPEM,

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

51

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

52

root_cert_pem)

53

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

54

try:

55

from OpenSSL.SSL import OP_NO_QUERY_MTU

56

except ImportError:

57

OP_NO_QUERY_MTU = None

58

try:

59

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

60

except ImportError:

61

OP_COOKIE_EXCHANGE = None

62

try:

63

from OpenSSL.SSL import OP_NO_TICKET

64

except ImportError:

65

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

66

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

67

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

68

from OpenSSL.SSL import OP_NO_COMPRESSION

69

except ImportError:

70

OP_NO_COMPRESSION = None

71

72

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

73

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

74

except ImportError:

75

MODE_RELEASE_BUFFERS = None

76

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

77

try:

78

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

79

except ImportError:

80

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

81

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

82

from OpenSSL.SSL import (

83

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

84

SSL_ST_OK, SSL_ST_RENEGOTIATE,

85

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

86

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

87

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

88

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

89

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

90

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

91

# to use)

92

dhparam = """\

93

-----BEGIN DH PARAMETERS-----

94

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

95

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2015-04-12 11:38:49 -0400

[diff] [blame]

99

def join_bytes_or_unicode(prefix, suffix):

100

"""

101

Join two path components of either ``bytes`` or ``unicode``.

102

103

The return type is the same as the type of ``prefix``.

104

"""

105

# If the types are the same, nothing special is necessary.

106

if type(prefix) == type(suffix):

107

return join(prefix, suffix)

108

109

# Otherwise, coerce suffix to the type of prefix.

110

if isinstance(prefix, text_type):

111

return join(prefix, suffix.decode(getfilesystemencoding()))

112

else:

113

return join(prefix, suffix.encode(getfilesystemencoding()))

114

115

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

116

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

117

return ok

118

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

119

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

120

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

121

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

122

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

123

"""

124

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

130

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

131

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

132

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

133

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

134

# Let's pass some unencrypted data to make sure our socket connection is

135

# fine. Just one byte, so we don't have to worry about buffers getting

136

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

137

server.send(b("x"))

138

assert client.recv(1024) == b("x")

139

client.send(b("y"))

140

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

141

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

142

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

143

server.setblocking(False)

144

client.setblocking(False)

145

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

146

return (server, client)

147

148

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

149

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

150

def handshake(client, server):

151

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

162

def _create_certificate_chain():

163

"""

164

Construct and return a chain of certificates.

165

166

1. A new self-signed certificate authority certificate (cacert)

167

2. A new intermediate certificate signed by cacert (icert)

168

3. A new server certificate signed by icert (scert)

169

"""

170

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

175

cacert = X509()

176

cacert.get_subject().commonName = "Authority Certificate"

177

cacert.set_issuer(cacert.get_subject())

178

cacert.set_pubkey(cakey)

179

cacert.set_notBefore(b("20000101000000Z"))

180

cacert.set_notAfter(b("20200101000000Z"))

181

cacert.add_extensions([caext])

182

cacert.set_serial_number(0)

183

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

188

icert = X509()

189

icert.get_subject().commonName = "Intermediate Certificate"

190

icert.set_issuer(cacert.get_subject())

191

icert.set_pubkey(ikey)

192

icert.set_notBefore(b("20000101000000Z"))

193

icert.set_notAfter(b("20200101000000Z"))

194

icert.add_extensions([caext])

195

icert.set_serial_number(0)

196

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

201

scert = X509()

202

scert.get_subject().commonName = "Server Certificate"

203

scert.set_issuer(icert.get_subject())

204

scert.set_pubkey(skey)

205

scert.set_notBefore(b("20000101000000Z"))

206

scert.set_notAfter(b("20200101000000Z"))

207

scert.add_extensions([

208

X509Extension(b('basicConstraints'), True, b('CA:false'))])

209

scert.set_serial_number(0)

210

scert.sign(ikey, "sha1")

211

212

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

216

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

217

"""

218

Helper mixin which defines methods for creating a connected socket pair and

219

for forcing two connected SSL sockets to talk to each other via memory BIOs.

220

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

221

def _loopbackClientFactory(self, socket):

222

client = Connection(Context(TLSv1_METHOD), socket)

223

client.set_connect_state()

224

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

225

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

226

227

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

228

ctx = Context(TLSv1_METHOD)

229

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

230

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

231

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

232

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

237

if serverFactory is None:

238

serverFactory = self._loopbackServerFactory

239

if clientFactory is None:

240

clientFactory = self._loopbackClientFactory

241

242

(server, client) = socket_pair()

243

server = serverFactory(server)

244

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

245

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

246

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

247

248

server.setblocking(True)

249

client.setblocking(True)

250

return server, client

251

252

253

def _interactInMemory(self, client_conn, server_conn):

254

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

255

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

256

objects. Copy bytes back and forth between their send/receive buffers

257

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

258

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

259

some application bytes, return a two-tuple of the connection from which

260

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

265

wrote = False

266

267

# Copy stuff from each side's send buffer to the other side's

268

# receive buffer.

269

for (read, write) in [(client_conn, server_conn),

270

(server_conn, client_conn)]:

271

272

# Give the side a chance to generate some more bytes, or

273

# succeed.

274

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

275

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

276

except WantReadError:

277

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

282

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

283

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

284

285

while True:

286

# Keep copying as long as there's more stuff there.

287

try:

288

dirty = read.bio_read(4096)

289

except WantReadError:

290

# Okay, nothing more waiting to be sent. Stop

291

# processing this send buffer.

292

break

293

else:

294

# Keep track of the fact that someone generated some

295

# output.

296

wrote = True

297

write.bio_write(dirty)

298

299

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

300

def _handshakeInMemory(self, client_conn, server_conn):

Jean-Paul Calderone

b2b4078

2014-05-06 08:47:40 -0400

[diff] [blame]

301

"""

302

Perform the TLS handshake between two :py:class:`Connection` instances

303

connected to each other via memory BIOs.

304

"""

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

305

client_conn.set_connect_state()

306

server_conn.set_accept_state()

307

308

for conn in [client_conn, server_conn]:

309

try:

310

conn.do_handshake()

311

except WantReadError:

312

pass

313

314

self._interactInMemory(client_conn, server_conn)

315

316

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

317

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

318

class VersionTests(TestCase):

319

"""

320

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

321

:py:obj:`OpenSSL.SSL.SSLeay_version` and

322

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

323

"""

324

def test_OPENSSL_VERSION_NUMBER(self):

325

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

326

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

327

byte and the patch, fix, minor, and major versions in the

328

nibbles above that.

329

"""

330

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

331

332

333

def test_SSLeay_version(self):

334

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

335

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

336

one of a number of version strings based on that indicator.

337

"""

338

versions = {}

339

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

340

SSLEAY_PLATFORM, SSLEAY_DIR]:

341

version = SSLeay_version(t)

342

versions[version] = t

343

self.assertTrue(isinstance(version, bytes))

344

self.assertEqual(len(versions), 5)

345

346

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

347

348

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

349

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

350

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

351

"""

352

def test_method(self):

353

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

354

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

355

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

356

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

357

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

358

methods = [

359

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

360

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

361

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

362

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

363

364

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

369

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

370

# don't. Difficult to say in advance.

371

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

372

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

373

self.assertRaises(TypeError, Context, "")

374

self.assertRaises(ValueError, Context, 10)

375

376

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

377

if not PY3:

378

def test_method_long(self):

379

"""

380

On Python 2 :py:class:`Context` accepts values of type

381

:py:obj:`long` as well as :py:obj:`int`.

382

"""

383

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

387

def test_type(self):

388

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

389

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

390

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

391

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

392

self.assertIdentical(Context, ContextType)

393

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

394

395

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

396

def test_use_privatekey(self):

397

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

398

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

399

"""

400

key = PKey()

401

key.generate_key(TYPE_RSA, 128)

402

ctx = Context(TLSv1_METHOD)

403

ctx.use_privatekey(key)

404

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

405

406

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

407

def test_use_privatekey_file_missing(self):

408

"""

409

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

410

when passed the name of a file which does not exist.

411

"""

412

ctx = Context(TLSv1_METHOD)

413

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

414

415

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

416

def _use_privatekey_file_test(self, pemfile, filetype):

417

"""

418

Verify that calling ``Context.use_privatekey_file`` with the given

419

arguments does not raise an exception.

420

"""

421

key = PKey()

422

key.generate_key(TYPE_RSA, 128)

423

424

with open(pemfile, "wt") as pem:

425

pem.write(

426

dump_privatekey(FILETYPE_PEM, key).decode("ascii")

427

)

428

429

ctx = Context(TLSv1_METHOD)

430

ctx.use_privatekey_file(pemfile, filetype)

431

432

433

def test_use_privatekey_file_bytes(self):

434

"""

435

A private key can be specified from a file by passing a ``bytes``

436

instance giving the file name to ``Context.use_privatekey_file``.

437

"""

438

self._use_privatekey_file_test(

Hynek Schlawack

2015-04-16 13:38:01 -0400

[diff] [blame]

439

self.mktemp() + NON_ASCII.encode(getfilesystemencoding()),

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

FILETYPE_PEM,

)

def test_use_privatekey_file_unicode(self):

445

"""

446

A private key can be specified from a file by passing a ``unicode``

447

instance giving the file name to ``Context.use_privatekey_file``.

448

"""

449

self._use_privatekey_file_test(

Hynek Schlawack

2015-04-16 13:38:01 -0400

[diff] [blame]

450

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII,

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

FILETYPE_PEM,

)

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

455

if not PY3:

456

def test_use_privatekey_file_long(self):

457

"""

458

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

459

filetype of type :py:obj:`long` as well as :py:obj:`int`.

460

"""

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

461

self._use_privatekey_file_test(self.mktemp(), long(FILETYPE_PEM))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

462

463

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

464

def test_use_certificate_wrong_args(self):

465

"""

466

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

467

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

468

argument.

469

"""

470

ctx = Context(TLSv1_METHOD)

471

self.assertRaises(TypeError, ctx.use_certificate)

472

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

473

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

474

475

476

def test_use_certificate_uninitialized(self):

477

"""

478

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

479

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

480

initialized (ie, which does not actually have any certificate data).

481

"""

482

ctx = Context(TLSv1_METHOD)

483

self.assertRaises(Error, ctx.use_certificate, X509())

484

485

486

def test_use_certificate(self):

487

"""

488

:py:obj:`Context.use_certificate` sets the certificate which will be

489

used to identify connections created using the context.

490

"""

491

# TODO

492

# Hard to assert anything. But we could set a privatekey then ask

493

# OpenSSL if the cert and key agree using check_privatekey. Then as

494

# long as check_privatekey works right we're good...

495

ctx = Context(TLSv1_METHOD)

496

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

497

498

499

def test_use_certificate_file_wrong_args(self):

500

"""

501

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

502

called with zero arguments or more than two arguments, or if the first

503

argument is not a byte string or the second argumnent is not an integer.

504

"""

505

ctx = Context(TLSv1_METHOD)

506

self.assertRaises(TypeError, ctx.use_certificate_file)

507

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

508

self.assertRaises(

509

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

510

self.assertRaises(

511

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

512

self.assertRaises(

513

TypeError, ctx.use_certificate_file, b"somefile", object())

514

515

516

def test_use_certificate_file_missing(self):

517

"""

518

:py:obj:`Context.use_certificate_file` raises

519

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

520

exist.

521

"""

522

ctx = Context(TLSv1_METHOD)

523

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

524

525

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

526

def _use_certificate_file_test(self, certificate_file):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

527

"""

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

528

Verify that calling ``Context.use_certificate_file`` with the given

529

filename doesn't raise an exception.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

530

"""

531

# TODO

532

# Hard to assert anything. But we could set a privatekey then ask

533

# OpenSSL if the cert and key agree using check_privatekey. Then as

534

# long as check_privatekey works right we're good...

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

535

with open(certificate_file, "wb") as pem_file:

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

536

pem_file.write(cleartextCertificatePEM)

537

538

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

539

ctx.use_certificate_file(certificate_file)

540

541

542

def test_use_certificate_file_bytes(self):

543

"""

544

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

545

``bytes`` filename) which will be used to identify connections created

546

using the context.

547

"""

Hynek Schlawack

2015-04-16 13:38:01 -0400

[diff] [blame]

548

filename = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

549

self._use_certificate_file_test(filename)

550

551

552

def test_use_certificate_file_unicode(self):

553

"""

554

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

555

``bytes`` filename) which will be used to identify connections created

556

using the context.

557

"""

Hynek Schlawack

2015-04-16 13:38:01 -0400

[diff] [blame]

558

filename = self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

559

self._use_certificate_file_test(filename)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

560

561

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

562

if not PY3:

563

def test_use_certificate_file_long(self):

564

"""

565

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

566

filetype of type :py:obj:`long` as well as :py:obj:`int`.

567

"""

568

pem_filename = self.mktemp()

569

with open(pem_filename, "wb") as pem_file:

570

pem_file.write(cleartextCertificatePEM)

571

572

ctx = Context(TLSv1_METHOD)

573

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

574

575

Jean-Paul Calderone

932f5cc

2014-12-11 13:58:00 -0500

[diff] [blame]

576

def test_check_privatekey_valid(self):

577

"""

578

:py:obj:`Context.check_privatekey` returns :py:obj:`None` if the

579

:py:obj:`Context` instance has been configured to use a matched key and

580

certificate pair.

581

"""

582

key = load_privatekey(FILETYPE_PEM, client_key_pem)

583

cert = load_certificate(FILETYPE_PEM, client_cert_pem)

584

context = Context(TLSv1_METHOD)

585

context.use_privatekey(key)

586

context.use_certificate(cert)

587

self.assertIs(None, context.check_privatekey())

588

589

590

def test_check_privatekey_invalid(self):

591

"""

592

:py:obj:`Context.check_privatekey` raises :py:obj:`Error` if the

593

:py:obj:`Context` instance has been configured to use a key and

594

certificate pair which don't relate to each other.

595

"""

596

key = load_privatekey(FILETYPE_PEM, client_key_pem)

597

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

598

context = Context(TLSv1_METHOD)

599

context.use_privatekey(key)

600

context.use_certificate(cert)

601

self.assertRaises(Error, context.check_privatekey)

602

603

604

def test_check_privatekey_wrong_args(self):

605

"""

606

:py:obj:`Context.check_privatekey` raises :py:obj:`TypeError` if called

607

with other than no arguments.

608

"""

609

context = Context(TLSv1_METHOD)

610

self.assertRaises(TypeError, context.check_privatekey, object())

611

612

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

613

def test_set_app_data_wrong_args(self):

614

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

615

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

616

one argument.

617

"""

618

context = Context(TLSv1_METHOD)

619

self.assertRaises(TypeError, context.set_app_data)

620

self.assertRaises(TypeError, context.set_app_data, None, None)

621

622

623

def test_get_app_data_wrong_args(self):

624

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

625

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

626

arguments.

627

"""

628

context = Context(TLSv1_METHOD)

629

self.assertRaises(TypeError, context.get_app_data, None)

630

631

632

def test_app_data(self):

633

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

634

:py:obj:`Context.set_app_data` stores an object for later retrieval using

635

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

636

"""

637

app_data = object()

638

context = Context(TLSv1_METHOD)

639

context.set_app_data(app_data)

640

self.assertIdentical(context.get_app_data(), app_data)

641

642

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

643

def test_set_options_wrong_args(self):

644

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

645

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

646

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

647

"""

648

context = Context(TLSv1_METHOD)

649

self.assertRaises(TypeError, context.set_options)

650

self.assertRaises(TypeError, context.set_options, None)

651

self.assertRaises(TypeError, context.set_options, 1, None)

652

653

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

654

def test_set_options(self):

655

"""

656

:py:obj:`Context.set_options` returns the new options value.

657

"""

658

context = Context(TLSv1_METHOD)

659

options = context.set_options(OP_NO_SSLv2)

660

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

665

"""

666

On Python 2 :py:obj:`Context.set_options` accepts values of type

667

:py:obj:`long` as well as :py:obj:`int`.

668

"""

669

context = Context(TLSv1_METHOD)

670

options = context.set_options(long(OP_NO_SSLv2))

671

self.assertTrue(OP_NO_SSLv2 & options)

672

673

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

674

def test_set_mode_wrong_args(self):

675

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

676

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

677

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

678

"""

679

context = Context(TLSv1_METHOD)

680

self.assertRaises(TypeError, context.set_mode)

681

self.assertRaises(TypeError, context.set_mode, None)

682

self.assertRaises(TypeError, context.set_mode, 1, None)

683

684

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

685

if MODE_RELEASE_BUFFERS is not None:

686

def test_set_mode(self):

687

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

688

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

689

set mode.

690

"""

691

context = Context(TLSv1_METHOD)

692

self.assertTrue(

693

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

694

695

if not PY3:

696

def test_set_mode_long(self):

697

"""

698

On Python 2 :py:obj:`Context.set_mode` accepts values of type

699

:py:obj:`long` as well as :py:obj:`int`.

700

"""

701

context = Context(TLSv1_METHOD)

702

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

703

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

704

else:

705

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

706

707

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

708

def test_set_timeout_wrong_args(self):

709

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

710

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

711

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

712

"""

713

context = Context(TLSv1_METHOD)

714

self.assertRaises(TypeError, context.set_timeout)

715

self.assertRaises(TypeError, context.set_timeout, None)

716

self.assertRaises(TypeError, context.set_timeout, 1, None)

717

718

719

def test_get_timeout_wrong_args(self):

720

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

721

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

722

"""

723

context = Context(TLSv1_METHOD)

724

self.assertRaises(TypeError, context.get_timeout, None)

725

726

727

def test_timeout(self):

728

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

729

:py:obj:`Context.set_timeout` sets the session timeout for all connections

730

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

731

value.

732

"""

733

context = Context(TLSv1_METHOD)

734

context.set_timeout(1234)

735

self.assertEquals(context.get_timeout(), 1234)

736

737

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

738

if not PY3:

739

def test_timeout_long(self):

740

"""

741

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

742

`long` as well as int.

743

"""

744

context = Context(TLSv1_METHOD)

745

context.set_timeout(long(1234))

746

self.assertEquals(context.get_timeout(), 1234)

747

748

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

749

def test_set_verify_depth_wrong_args(self):

750

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

751

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

752

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

753

"""

754

context = Context(TLSv1_METHOD)

755

self.assertRaises(TypeError, context.set_verify_depth)

756

self.assertRaises(TypeError, context.set_verify_depth, None)

757

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

758

759

760

def test_get_verify_depth_wrong_args(self):

761

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

762

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

763

"""

764

context = Context(TLSv1_METHOD)

765

self.assertRaises(TypeError, context.get_verify_depth, None)

766

767

768

def test_verify_depth(self):

769

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

770

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

771

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

772

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

773

"""

774

context = Context(TLSv1_METHOD)

775

context.set_verify_depth(11)

776

self.assertEquals(context.get_verify_depth(), 11)

777

778

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

779

if not PY3:

780

def test_verify_depth_long(self):

781

"""

782

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

783

type `long` as well as int.

784

"""

785

context = Context(TLSv1_METHOD)

786

context.set_verify_depth(long(11))

787

self.assertEquals(context.get_verify_depth(), 11)

788

789

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

790

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

791

"""

792

Write a new private key out to a new file, encrypted using the given

793

passphrase. Return the path to the new file.

794

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

795

key = PKey()

796

key.generate_key(TYPE_RSA, 128)

797

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

798

fObj = open(pemFile, 'w')

799

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

800

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

805

def test_set_passwd_cb_wrong_args(self):

806

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

807

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

808

wrong arguments or with a non-callable first argument.

809

"""

810

context = Context(TLSv1_METHOD)

811

self.assertRaises(TypeError, context.set_passwd_cb)

812

self.assertRaises(TypeError, context.set_passwd_cb, None)

813

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

814

815

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

816

def test_set_passwd_cb(self):

817

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

818

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

819

a private key is loaded from an encrypted PEM.

820

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

821

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

822

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

823

calledWith = []

824

def passphraseCallback(maxlen, verify, extra):

825

calledWith.append((maxlen, verify, extra))

826

return passphrase

827

context = Context(TLSv1_METHOD)

828

context.set_passwd_cb(passphraseCallback)

829

context.use_privatekey_file(pemFile)

830

self.assertTrue(len(calledWith), 1)

831

self.assertTrue(isinstance(calledWith[0][0], int))

832

self.assertTrue(isinstance(calledWith[0][1], int))

833

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

834

835

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

836

def test_passwd_callback_exception(self):

837

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

838

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

839

passphrase callback.

840

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

841

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

842

def passphraseCallback(maxlen, verify, extra):

843

raise RuntimeError("Sorry, I am a fail.")

844

845

context = Context(TLSv1_METHOD)

846

context.set_passwd_cb(passphraseCallback)

847

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

848

849

850

def test_passwd_callback_false(self):

851

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

852

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

853

passphrase callback returns a false value.

854

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

855

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

856

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

857

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

858

859

context = Context(TLSv1_METHOD)

860

context.set_passwd_cb(passphraseCallback)

861

self.assertRaises(Error, context.use_privatekey_file, pemFile)

862

863

864

def test_passwd_callback_non_string(self):

865

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

866

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

867

passphrase callback returns a true non-string value.

868

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

869

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

870

def passphraseCallback(maxlen, verify, extra):

871

return 10

872

873

context = Context(TLSv1_METHOD)

874

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

875

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

876

877

878

def test_passwd_callback_too_long(self):

879

"""

880

If the passphrase returned by the passphrase callback returns a string

881

longer than the indicated maximum length, it is truncated.

882

"""

883

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

884

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

885

pemFile = self._write_encrypted_pem(passphrase)

886

def passphraseCallback(maxlen, verify, extra):

887

assert maxlen == 1024

Jean-Paul Calderone

b1f7f5f

2010-08-22 21:40:52 -0400

[diff] [blame]

888

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

889

890

context = Context(TLSv1_METHOD)

891

context.set_passwd_cb(passphraseCallback)

892

# This shall succeed because the truncated result is the correct

893

# passphrase.

894

context.use_privatekey_file(pemFile)

895

896

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

897

def test_set_info_callback(self):

898

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

899

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

900

when certain information about an SSL connection is available.

901

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

902

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

903

904

clientSSL = Connection(Context(TLSv1_METHOD), client)

905

clientSSL.set_connect_state()

906

907

called = []

908

def info(conn, where, ret):

909

called.append((conn, where, ret))

910

context = Context(TLSv1_METHOD)

911

context.set_info_callback(info)

912

context.use_certificate(

913

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

914

context.use_privatekey(

915

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

916

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

917

serverSSL = Connection(context, server)

918

serverSSL.set_accept_state()

919

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

920

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

921

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

922

# The callback must always be called with a Connection instance as the

923

# first argument. It would probably be better to split this into

924

# separate tests for client and server side info callbacks so we could

925

# assert it is called with the right Connection instance. It would

926

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

927

notConnections = [

928

conn for (conn, where, ret) in called

929

if not isinstance(conn, Connection)]

930

self.assertEqual(

931

[], notConnections,

932

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

933

934

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

935

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

936

"""

937

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

938

its :py:obj:`load_verify_locations` method with the given arguments.

939

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

940

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

941

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

942

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

943

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

944

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

945

# Require that the server certificate verify properly or the

946

# connection will fail.

947

clientContext.set_verify(

948

VERIFY_PEER,

949

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

950

951

clientSSL = Connection(clientContext, client)

952

clientSSL.set_connect_state()

953

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

954

serverContext = Context(TLSv1_METHOD)

955

serverContext.use_certificate(

956

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

957

serverContext.use_privatekey(

958

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

959

960

serverSSL = Connection(serverContext, server)

961

serverSSL.set_accept_state()

962

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

963

# Without load_verify_locations above, the handshake

964

# will fail:

965

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

966

# 'certificate verify failed')]

967

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

968

969

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

970

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

971

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

972

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

973

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

974

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

975

Verify that if path to a file containing a certificate is passed to

976

``Context.load_verify_locations`` for the ``cafile`` parameter, that

977

certificate is used as a trust root for the purposes of verifying

978

connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

979

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

980

fObj = open(cafile, 'w')

Jean-Paul Calderone

b1f7f5f

2010-08-22 21:40:52 -0400

[diff] [blame]

981

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

982

fObj.close()

983

984

self._load_verify_locations_test(cafile)

985

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

986

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

987

def test_load_verify_bytes_cafile(self):

988

"""

989

:py:obj:`Context.load_verify_locations` accepts a file name as a

990

``bytes`` instance and uses the certificates within for verification

991

purposes.

992

"""

Hynek Schlawack

2015-04-16 13:38:01 -0400

[diff] [blame]

993

cafile = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

994

self._load_verify_cafile(cafile)

995

996

997

def test_load_verify_unicode_cafile(self):

998

"""

999

:py:obj:`Context.load_verify_locations` accepts a file name as a

1000

``unicode`` instance and uses the certificates within for verification

1001

purposes.

1002

"""

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1003

self._load_verify_cafile(

Hynek Schlawack

2015-04-16 13:38:01 -0400

[diff] [blame]

1004

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1005

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1006

1007

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

1008

def test_load_verify_invalid_file(self):

1009

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1010

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

1011

non-existent cafile.

1012

"""

1013

clientContext = Context(TLSv1_METHOD)

1014

self.assertRaises(

1015

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1016

1017

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1018

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1019

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1020

Verify that if path to a directory containing certificate files is

1021

passed to ``Context.load_verify_locations`` for the ``capath``

1022

parameter, those certificates are used as trust roots for the purposes

1023

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1024

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1025

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

1026

# Hash values computed manually with c_rehash to avoid depending on

1027

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

1028

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1029

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1030

cafile = join_bytes_or_unicode(capath, name)

1031

with open(cafile, 'w') as fObj:

1032

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1033

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1034

self._load_verify_locations_test(None, capath)

1035

1036

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1037

def test_load_verify_directory_bytes_capath(self):

1038

"""

1039

:py:obj:`Context.load_verify_locations` accepts a directory name as a

1040

``bytes`` instance and uses the certificates within for verification

1041

purposes.

1042

"""

1043

self._load_verify_directory_locations_capath(

Hynek Schlawack

2015-04-16 13:38:01 -0400

[diff] [blame]

1044

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

)

def test_load_verify_directory_unicode_capath(self):

1049

"""

1050

:py:obj:`Context.load_verify_locations` accepts a directory name as a

1051

``unicode`` instance and uses the certificates within for verification

1052

purposes.

1053

"""

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1054

self._load_verify_directory_locations_capath(

Hynek Schlawack

2015-04-16 13:38:01 -0400

[diff] [blame]

1055

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1056

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1057

1058

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1059

def test_load_verify_locations_wrong_args(self):

1060

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1061

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

1062

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1063

"""

1064

context = Context(TLSv1_METHOD)

1065

self.assertRaises(TypeError, context.load_verify_locations)

1066

self.assertRaises(TypeError, context.load_verify_locations, object())

1067

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

1068

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

1069

1070

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

1071

if platform == "win32":

1072

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1073

"See LP#404343 and LP#404344."

1074

else:

1075

def test_set_default_verify_paths(self):

1076

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1077

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1078

certificate locations to be used for verification purposes.

1079

"""

1080

# Testing this requires a server with a certificate signed by one of

1081

# the CAs in the platform CA location. Getting one of those costs

1082

# money. Fortunately (or unfortunately, depending on your

1083

# perspective), it's easy to think of a public server on the

1084

# internet which has such a certificate. Connecting to the network

1085

# in a unit test is bad, but it's the only way I can think of to

1086

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1087

Alex Gaynor

b586da3

2014-11-15 09:22:21 -0800

[diff] [blame]

1088

# Arg, verisign.com doesn't speak anything newer than TLS 1.0

1089

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1090

context.set_default_verify_paths()

1091

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

1092

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1093

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1094

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1095

client = socket()

1096

client.connect(('verisign.com', 443))

1097

clientSSL = Connection(context, client)

1098

clientSSL.set_connect_state()

1099

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1100

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1101

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1102

1103

1104

def test_set_default_verify_paths_signature(self):

1105

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1106

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

1107

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1108

"""

1109

context = Context(TLSv1_METHOD)

1110

self.assertRaises(TypeError, context.set_default_verify_paths, None)

1111

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

1112

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1113

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1114

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1115

def test_add_extra_chain_cert_invalid_cert(self):

1116

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1117

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1118

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1119

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1120

"""

1121

context = Context(TLSv1_METHOD)

1122

self.assertRaises(TypeError, context.add_extra_chain_cert)

1123

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

1124

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

1125

1126

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1127

def _handshake_test(self, serverContext, clientContext):

1128

"""

1129

Verify that a client and server created with the given contexts can

1130

successfully handshake and communicate.

1131

"""

1132

serverSocket, clientSocket = socket_pair()

1133

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1134

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1135

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1136

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1137

client = Connection(clientContext, clientSocket)

1138

client.set_connect_state()

1139

1140

# Make them talk to each other.

1141

# self._interactInMemory(client, server)

1142

for i in range(3):

1143

for s in [client, server]:

1144

try:

1145

s.do_handshake()

1146

except WantReadError:

pass

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1150

def test_set_verify_callback_connection_argument(self):

1151

"""

1152

The first argument passed to the verify callback is the

1153

:py:class:`Connection` instance for which verification is taking place.

1154

"""

1155

serverContext = Context(TLSv1_METHOD)

1156

serverContext.use_privatekey(

1157

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1158

serverContext.use_certificate(

1159

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1160

serverConnection = Connection(serverContext, None)

1161

1162

class VerifyCallback(object):

1163

def callback(self, connection, *args):

1164

self.connection = connection

1165

return 1

1166

1167

verify = VerifyCallback()

1168

clientContext = Context(TLSv1_METHOD)

1169

clientContext.set_verify(VERIFY_PEER, verify.callback)

1170

clientConnection = Connection(clientContext, None)

1171

clientConnection.set_connect_state()

1172

1173

self._handshakeInMemory(clientConnection, serverConnection)

1174

1175

self.assertIdentical(verify.connection, clientConnection)

1176

1177

Jean-Paul Calderone

7e166fe

2013-03-06 20:54:38 -0800

[diff] [blame]

1178

def test_set_verify_callback_exception(self):

1179

"""

1180

If the verify callback passed to :py:obj:`Context.set_verify` raises an

1181

exception, verification fails and the exception is propagated to the

1182

caller of :py:obj:`Connection.do_handshake`.

1183

"""

1184

serverContext = Context(TLSv1_METHOD)

1185

serverContext.use_privatekey(

1186

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1187

serverContext.use_certificate(

1188

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1189

1190

clientContext = Context(TLSv1_METHOD)

1191

def verify_callback(*args):

1192

raise Exception("silly verify failure")

1193

clientContext.set_verify(VERIFY_PEER, verify_callback)

1194

1195

exc = self.assertRaises(

1196

Exception, self._handshake_test, serverContext, clientContext)

1197

self.assertEqual("silly verify failure", str(exc))

1198

1199

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1200

def test_add_extra_chain_cert(self):

1201

"""

Hynek Schlawack

2015-04-16 13:38:01 -0400

[diff] [blame]

1202

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509`

1203

instance to add to the certificate chain.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1204

Hynek Schlawack

2015-04-16 13:38:01 -0400

[diff] [blame]

1205

See :py:obj:`_create_certificate_chain` for the details of the

1206

certificate chain tested.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1207

1208

The chain is tested by starting a server with scert and connecting

1209

to it with a client which trusts cacert and requires verification to

1210

succeed.

1211

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1212

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1213

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1214

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1215

# Dump the CA certificate to a file because that's the only way to load

1216

# it as a trusted CA in the client context.

Hynek Schlawack

2015-04-16 13:38:01 -0400

[diff] [blame]

1217

for cert, name in [(cacert, 'ca.pem'),

1218

(icert, 'i.pem'),

1219

(scert, 's.pem')]:

Hynek Schlawack

e90680f

2015-04-16 15:09:27 -0400

[diff] [blame]

1220

with open(join(self.tmpdir, name), 'w') as f:

1221

f.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1222

Hynek Schlawack

1902c01

2015-04-16 15:06:41 -0400

[diff] [blame]

1223

for key, name in [(cakey, 'ca.key'),

1224

(ikey, 'i.key'),

1225

(skey, 's.key')]:

Hynek Schlawack

e90680f

2015-04-16 15:09:27 -0400

[diff] [blame]

1226

with open(join(self.tmpdir, name), 'w') as f:

1227

f.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1228

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1229

# Create the server context

1230

serverContext = Context(TLSv1_METHOD)

1231

serverContext.use_privatekey(skey)

1232

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1233

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1234

serverContext.add_extra_chain_cert(icert)

1235

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1236

# Create the client

1237

clientContext = Context(TLSv1_METHOD)

1238

clientContext.set_verify(

1239

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Hynek Schlawack

2015-04-16 13:38:01 -0400

[diff] [blame]

1240

clientContext.load_verify_locations(join(self.tmpdir, "ca.pem"))

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1241

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1242

# Try it out.

1243

self._handshake_test(serverContext, clientContext)

1244

1245

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1246

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1247

"""

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1248

Verify that :py:obj:`Context.use_certificate_chain_file` reads a

1249

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1250

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1251

The chain is tested by starting a server with scert and connecting to

1252

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1253

succeed.

1254

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1255

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1256

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1257

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1258

makedirs(certdir)

1259

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1260

chainFile = join_bytes_or_unicode(certdir, "chain.pem")

1261

caFile = join_bytes_or_unicode(certdir, "ca.pem")

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1262

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1263

# Write out the chain file.

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1264

with open(chainFile, 'wb') as fObj:

1265

# Most specific to least general.

1266

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1267

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1268

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1269

1270

with open(caFile, 'w') as fObj:

1271

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1272

1273

serverContext = Context(TLSv1_METHOD)

1274

serverContext.use_certificate_chain_file(chainFile)

1275

serverContext.use_privatekey(skey)

1276

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1277

clientContext = Context(TLSv1_METHOD)

1278

clientContext.set_verify(

1279

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1280

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1281

1282

self._handshake_test(serverContext, clientContext)

1283

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1284

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1285

def test_use_certificate_chain_file_bytes(self):

1286

"""

1287

``Context.use_certificate_chain_file`` accepts the name of a file (as

1288

an instance of ``bytes``) to specify additional certificates to use to

1289

construct and verify a trust chain.

1290

"""

1291

self._use_certificate_chain_file_test(

Hynek Schlawack

2015-04-16 13:38:01 -0400

[diff] [blame]

1292

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

)

def test_use_certificate_chain_file_unicode(self):

1297

"""

1298

``Context.use_certificate_chain_file`` accepts the name of a file (as

1299

an instance of ``unicode``) to specify additional certificates to use

1300

to construct and verify a trust chain.

1301

"""

1302

self._use_certificate_chain_file_test(

Hynek Schlawack

2015-04-16 13:38:01 -0400

[diff] [blame]

1303

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

)

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1307

def test_use_certificate_chain_file_wrong_args(self):

1308

"""

1309

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1310

if passed zero or more than one argument or when passed a non-byte

1311

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1312

passed a bad chain file name (for example, the name of a file which does

1313

not exist).

1314

"""

1315

context = Context(TLSv1_METHOD)

1316

self.assertRaises(TypeError, context.use_certificate_chain_file)

1317

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1318

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1319

1320

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1321

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1322

# XXX load_client_ca

1323

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1324

1325

def test_get_verify_mode_wrong_args(self):

1326

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1327

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1328

arguments.

1329

"""

1330

context = Context(TLSv1_METHOD)

1331

self.assertRaises(TypeError, context.get_verify_mode, None)

1332

1333

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1334

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1335

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1336

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1337

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1338

"""

1339

context = Context(TLSv1_METHOD)

1340

self.assertEquals(context.get_verify_mode(), 0)

1341

context.set_verify(

1342

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1343

self.assertEquals(

1344

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1345

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1346

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1347

if not PY3:

1348

def test_set_verify_mode_long(self):

1349

"""

1350

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1351

type :py:obj:`long` as well as :py:obj:`int`.

1352

"""

1353

context = Context(TLSv1_METHOD)

1354

self.assertEquals(context.get_verify_mode(), 0)

1355

context.set_verify(

1356

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1357

self.assertEquals(

1358

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1359

1360

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1361

def test_load_tmp_dh_wrong_args(self):

1362

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1363

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1364

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1365

"""

1366

context = Context(TLSv1_METHOD)

1367

self.assertRaises(TypeError, context.load_tmp_dh)

1368

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1369

self.assertRaises(TypeError, context.load_tmp_dh, object())

1370

1371

1372

def test_load_tmp_dh_missing_file(self):

1373

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1374

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1375

does not exist.

1376

"""

1377

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1378

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1379

1380

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1381

def _load_tmp_dh_test(self, dhfilename):

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

1382

"""

1383

Verify that calling ``Context.load_tmp_dh`` with the given filename

1384

does not raise an exception.

1385

"""

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1386

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1387

with open(dhfilename, "w") as dhfile:

1388

dhfile.write(dhparam)

1389

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1390

context.load_tmp_dh(dhfilename)

1391

# XXX What should I assert here? -exarkun

1392

1393

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1394

def test_load_tmp_dh_bytes(self):

1395

"""

1396

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

1397

specified file (given as ``bytes``).

1398

"""

1399

self._load_tmp_dh_test(

Hynek Schlawack

2015-04-16 13:38:01 -0400

[diff] [blame]

1400

self.mktemp() + NON_ASCII.encode(getfilesystemencoding()),

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

)

def test_load_tmp_dh_unicode(self):

1405

"""

1406

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

1407

specified file (given as ``unicode``).

1408

"""

1409

self._load_tmp_dh_test(

Hynek Schlawack

2015-04-16 13:38:01 -0400

[diff] [blame]

1410

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII,

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

)

Jean-Paul Calderone

2014-04-19 09:28:28 -0400

[diff] [blame]

1414

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1415

"""

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1416

:py:obj:`Context.set_tmp_ecdh` sets the elliptic curve for

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1417

Diffie-Hellman to the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1418

"""

1419

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1420

for curve in get_elliptic_curves():

1421

# The only easily "assertable" thing is that it does not raise an

1422

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1423

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1424

1425

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1426

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1427

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1428

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1429

ciphers which connections created with the context object will be able

1430

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1431

"""

1432

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1433

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1434

conn = Connection(context, None)

1435

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1436

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1437

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1438

def test_set_cipher_list_text(self):

1439

"""

1440

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1441

the ciphers which connections created with the context object will be

1442

able to choose from.

1443

"""

1444

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1445

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1446

conn = Connection(context, None)

1447

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1448

1449

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1450

def test_set_cipher_list_wrong_args(self):

1451

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1452

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1453

passed zero arguments or more than one argument or when passed a

1454

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1455

passed an incorrect cipher list string.

1456

"""

1457

context = Context(TLSv1_METHOD)

1458

self.assertRaises(TypeError, context.set_cipher_list)

1459

self.assertRaises(TypeError, context.set_cipher_list, object())

1460

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1461

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1462

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1463

1464

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1465

def test_set_session_cache_mode_wrong_args(self):

1466

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1467

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1468

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1469

"""

1470

context = Context(TLSv1_METHOD)

1471

self.assertRaises(TypeError, context.set_session_cache_mode)

1472

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1473

1474

1475

def test_get_session_cache_mode_wrong_args(self):

1476

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1477

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1478

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1479

"""

1480

context = Context(TLSv1_METHOD)

1481

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1482

1483

1484

def test_session_cache_mode(self):

1485

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1486

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1487

cached. The setting can be retrieved via

1488

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1489

"""

1490

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1491

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1492

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1493

self.assertEqual(SESS_CACHE_OFF, off)

1494

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1495

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1496

if not PY3:

1497

def test_session_cache_mode_long(self):

1498

"""

1499

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1500

of type :py:obj:`long` as well as :py:obj:`int`.

1501

"""

1502

context = Context(TLSv1_METHOD)

1503

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1504

self.assertEqual(

1505

SESS_CACHE_BOTH, context.get_session_cache_mode())

1506

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1507

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1508

def test_get_cert_store(self):

1509

"""

1510

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1511

"""

1512

context = Context(TLSv1_METHOD)

1513

store = context.get_cert_store()

1514

self.assertIsInstance(store, X509Store)

1515

1516

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1517

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1518

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1519

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1520

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1521

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1522

"""

1523

def test_wrong_args(self):

1524

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1525

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1526

with other than one argument.

1527

"""

1528

context = Context(TLSv1_METHOD)

1529

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1530

self.assertRaises(

1531

TypeError, context.set_tlsext_servername_callback, 1, 2)

1532

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1533

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1534

def test_old_callback_forgotten(self):

1535

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1536

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1537

callback, the one it replaces is dereferenced.

1538

"""

1539

def callback(connection):

1540

pass

1541

1542

def replacement(connection):

1543

pass

1544

1545

context = Context(TLSv1_METHOD)

1546

context.set_tlsext_servername_callback(callback)

1547

1548

tracker = ref(callback)

1549

del callback

1550

1551

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1552

1553

# One run of the garbage collector happens to work on CPython. PyPy

1554

# doesn't collect the underlying object until a second run for whatever

1555

# reason. That's fine, it still demonstrates our code has properly

1556

# dropped the reference.

1557

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1558

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1559

1560

callback = tracker()

1561

if callback is not None:

1562

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1563

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1564

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1565

1566

1567

def test_no_servername(self):

1568

"""

1569

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1570

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1571

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1572

"""

1573

args = []

1574

def servername(conn):

1575

args.append((conn, conn.get_servername()))

1576

context = Context(TLSv1_METHOD)

1577

context.set_tlsext_servername_callback(servername)

1578

1579

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1585

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1586

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1587

1588

# Do a little connection to trigger the logic

1589

server = Connection(context, None)

1590

server.set_accept_state()

1591

1592

client = Connection(Context(TLSv1_METHOD), None)

1593

client.set_connect_state()

1594

1595

self._interactInMemory(server, client)

1596

1597

self.assertEqual([(server, None)], args)

1598

1599

1600

def test_servername(self):

1601

"""

1602

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1603

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1604

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1605

"""

1606

args = []

1607

def servername(conn):

1608

args.append((conn, conn.get_servername()))

1609

context = Context(TLSv1_METHOD)

1610

context.set_tlsext_servername_callback(servername)

1611

1612

# Necessary to actually accept the connection

1613

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1614

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1615

1616

# Do a little connection to trigger the logic

1617

server = Connection(context, None)

1618

server.set_accept_state()

1619

1620

client = Connection(Context(TLSv1_METHOD), None)

1621

client.set_connect_state()

1622

client.set_tlsext_host_name(b("foo1.example.com"))

1623

1624

self._interactInMemory(server, client)

1625

1626

self.assertEqual([(server, b("foo1.example.com"))], args)

1627

1628

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1629

class NextProtoNegotiationTests(TestCase, _LoopbackMixin):

1630

"""

1631

Test for Next Protocol Negotiation in PyOpenSSL.

1632

"""

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1633

if _lib.Cryptography_HAS_NEXTPROTONEG:

1634

def test_npn_success(self):

1635

"""

1636

Tests that clients and servers that agree on the negotiated next

1637

protocol can correct establish a connection, and that the agreed

1638

protocol is reported by the connections.

"""

advertise_args = []

select_args = []

def advertise(conn):

advertise_args.append((conn,))

1644

return [b'http/1.1', b'spdy/2']

1645

def select(conn, options):

1646

select_args.append((conn, options))

1647

return b'spdy/2'

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1648

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1649

server_context = Context(TLSv1_METHOD)

1650

server_context.set_npn_advertise_callback(advertise)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1651

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1652

client_context = Context(TLSv1_METHOD)

1653

client_context.set_npn_select_callback(select)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1654

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1655

# Necessary to actually accept the connection

1656

server_context.use_privatekey(

1657

load_privatekey(FILETYPE_PEM, server_key_pem))

1658

server_context.use_certificate(

1659

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1660

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1661

# Do a little connection to trigger the logic

1662

server = Connection(server_context, None)

1663

server.set_accept_state()

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1664

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1665

client = Connection(client_context, None)

1666

client.set_connect_state()

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1667

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1668

self._interactInMemory(server, client)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1669

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1670

self.assertEqual([(server,)], advertise_args)

1671

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1672

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1673

self.assertEqual(server.get_next_proto_negotiated(), b'spdy/2')

1674

self.assertEqual(client.get_next_proto_negotiated(), b'spdy/2')

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1675

1676

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1677

def test_npn_client_fail(self):

1678

"""

1679

Tests that when clients and servers cannot agree on what protocol

1680

to use next that the TLS connection does not get established.

"""

advertise_args = []

select_args = []

def advertise(conn):

advertise_args.append((conn,))

1686

return [b'http/1.1', b'spdy/2']

1687

def select(conn, options):

1688

select_args.append((conn, options))

1689

return b''

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1690

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1691

server_context = Context(TLSv1_METHOD)

1692

server_context.set_npn_advertise_callback(advertise)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1693

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1694

client_context = Context(TLSv1_METHOD)

1695

client_context.set_npn_select_callback(select)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1696

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1697

# Necessary to actually accept the connection

1698

server_context.use_privatekey(

1699

load_privatekey(FILETYPE_PEM, server_key_pem))

1700

server_context.use_certificate(

1701

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1702

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1703

# Do a little connection to trigger the logic

1704

server = Connection(server_context, None)

1705

server.set_accept_state()

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1706

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1707

client = Connection(client_context, None)

1708

client.set_connect_state()

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1709

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1710

# If the client doesn't return anything, the connection will fail.

1711

self.assertRaises(Error, self._interactInMemory, server, client)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1712

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1713

self.assertEqual([(server,)], advertise_args)

1714

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1715

1716

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1717

def test_npn_select_error(self):

1718

"""

1719

Test that we can handle exceptions in the select callback. If

1720

select fails it should be fatal to the connection.

"""

advertise_args = []

def advertise(conn):

advertise_args.append((conn,))

1725

return [b'http/1.1', b'spdy/2']

1726

def select(conn, options):

1727

raise TypeError

Cory Benfield

2015-03-22 09:05:28 +0000

[diff] [blame]

1728

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1729

server_context = Context(TLSv1_METHOD)

1730

server_context.set_npn_advertise_callback(advertise)

Cory Benfield

2015-03-22 09:05:28 +0000

[diff] [blame]

1731

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1732

client_context = Context(TLSv1_METHOD)

1733

client_context.set_npn_select_callback(select)

Cory Benfield

2015-03-22 09:05:28 +0000

[diff] [blame]

1734

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1735

# Necessary to actually accept the connection

1736

server_context.use_privatekey(

1737

load_privatekey(FILETYPE_PEM, server_key_pem))

1738

server_context.use_certificate(

1739

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2015-03-22 09:05:28 +0000

[diff] [blame]

1740

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1741

# Do a little connection to trigger the logic

1742

server = Connection(server_context, None)

1743

server.set_accept_state()

Cory Benfield

2015-03-22 09:05:28 +0000

[diff] [blame]

1744

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1745

client = Connection(client_context, None)

1746

client.set_connect_state()

Cory Benfield

2015-03-22 09:05:28 +0000

[diff] [blame]

1747

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1748

# If the callback throws an exception it should be raised here.

1749

self.assertRaises(

1750

TypeError, self._interactInMemory, server, client

1751

)

1752

self.assertEqual([(server,)], advertise_args)

Cory Benfield

2015-03-22 09:05:28 +0000

[diff] [blame]

1753

1754

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1755

def test_npn_advertise_error(self):

1756

"""

1757

Test that we can handle exceptions in the advertise callback. If

1758

advertise fails no NPN is advertised to the client.

"""

select_args = []

def advertise(conn):

raise TypeError

def select(conn, options):

1764

select_args.append((conn, options))

1765

return b''

Cory Benfield

2015-03-22 09:05:28 +0000

[diff] [blame]

1766

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1767

server_context = Context(TLSv1_METHOD)

1768

server_context.set_npn_advertise_callback(advertise)

Cory Benfield

2015-03-22 09:05:28 +0000

[diff] [blame]

1769

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1770

client_context = Context(TLSv1_METHOD)

1771

client_context.set_npn_select_callback(select)

Cory Benfield

2015-03-22 09:05:28 +0000

[diff] [blame]

1772

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1773

# Necessary to actually accept the connection

1774

server_context.use_privatekey(

1775

load_privatekey(FILETYPE_PEM, server_key_pem))

1776

server_context.use_certificate(

1777

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2015-03-22 09:05:28 +0000

[diff] [blame]

1778

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1779

# Do a little connection to trigger the logic

1780

server = Connection(server_context, None)

1781

server.set_accept_state()

Cory Benfield

2015-03-22 09:05:28 +0000

[diff] [blame]

1782

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1783

client = Connection(client_context, None)

1784

client.set_connect_state()

Cory Benfield

2015-03-22 09:05:28 +0000

[diff] [blame]

1785

Cory Benfield

2015-04-13 17:39:12 -0400

[diff] [blame]

1786

# If the client doesn't return anything, the connection will fail.

1787

self.assertRaises(

1788

TypeError, self._interactInMemory, server, client

1789

)

1790

self.assertEqual([], select_args)

else:

# No NPN.

def test_npn_not_implemented(self):

1795

# Test the context methods first.

1796

context = Context(TLSv1_METHOD)

1797

fail_methods = [

1798

context.set_npn_advertise_callback,

1799

context.set_npn_select_callback,

1800

]

1801

for method in fail_methods:

1802

self.assertRaises(

1803

NotImplementedError, method, None

1804

)

1805

1806

# Now test a connection.

1807

conn = Connection(context)

1808

fail_methods = [

1809

conn.get_next_proto_negotiated,

1810

]

1811

for method in fail_methods:

1812

self.assertRaises(NotImplementedError, method)

Cory Benfield

2015-03-22 09:05:28 +0000

[diff] [blame]

1813

1814

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1815

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1816

class ApplicationLayerProtoNegotiationTests(TestCase, _LoopbackMixin):

1817

"""

1818

Tests for ALPN in PyOpenSSL.

1819

"""

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1820

# Skip tests on versions that don't support ALPN.

1821

if _lib.Cryptography_HAS_ALPN:

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1822

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1823

def test_alpn_success(self):

1824

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1825

Clients and servers that agree on the negotiated ALPN protocol can

1826

correct establish a connection, and the agreed protocol is reported

1827

by the connections.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1828

"""

1829

select_args = []

1830

def select(conn, options):

1831

select_args.append((conn, options))

1832

return b'spdy/2'

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1833

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1834

client_context = Context(TLSv1_METHOD)

1835

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1836

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1837

server_context = Context(TLSv1_METHOD)

1838

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1839

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1840

# Necessary to actually accept the connection

1841

server_context.use_privatekey(

1842

load_privatekey(FILETYPE_PEM, server_key_pem))

1843

server_context.use_certificate(

1844

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1845

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1846

# Do a little connection to trigger the logic

1847

server = Connection(server_context, None)

1848

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1849

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1850

client = Connection(client_context, None)

1851

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1852

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1853

self._interactInMemory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1854

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1855

self.assertEqual([(server, [b'http/1.1', b'spdy/2'])], select_args)

1856

1857

self.assertEqual(server.get_alpn_proto_negotiated(), b'spdy/2')

1858

self.assertEqual(client.get_alpn_proto_negotiated(), b'spdy/2')

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1859

1860

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1861

def test_alpn_set_on_connection(self):

1862

"""

1863

The same as test_alpn_success, but setting the ALPN protocols on

1864

the connection rather than the context.

1865

"""

1866

select_args = []

1867

def select(conn, options):

1868

select_args.append((conn, options))

1869

return b'spdy/2'

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1870

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1871

# Setup the client context but don't set any ALPN protocols.

1872

client_context = Context(TLSv1_METHOD)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1873

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1874

server_context = Context(TLSv1_METHOD)

1875

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1876

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1877

# Necessary to actually accept the connection

1878

server_context.use_privatekey(

1879

load_privatekey(FILETYPE_PEM, server_key_pem))

1880

server_context.use_certificate(

1881

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1882

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1883

# Do a little connection to trigger the logic

1884

server = Connection(server_context, None)

1885

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1886

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1887

# Set the ALPN protocols on the client connection.

1888

client = Connection(client_context, None)

1889

client.set_alpn_protos([b'http/1.1', b'spdy/2'])

1890

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1891

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1892

self._interactInMemory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1893

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1894

self.assertEqual([(server, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1895

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1896

self.assertEqual(server.get_alpn_proto_negotiated(), b'spdy/2')

1897

self.assertEqual(client.get_alpn_proto_negotiated(), b'spdy/2')

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1898

1899

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1900

def test_alpn_server_fail(self):

1901

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1902

When clients and servers cannot agree on what protocol to use next

1903

the TLS connection does not get established.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1904

"""

1905

select_args = []

1906

def select(conn, options):

1907

select_args.append((conn, options))

1908

return b''

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1909

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1910

client_context = Context(TLSv1_METHOD)

1911

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1912

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1913

server_context = Context(TLSv1_METHOD)

1914

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1915

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1916

# Necessary to actually accept the connection

1917

server_context.use_privatekey(

1918

load_privatekey(FILETYPE_PEM, server_key_pem))

1919

server_context.use_certificate(

1920

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1921

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1922

# Do a little connection to trigger the logic

1923

server = Connection(server_context, None)

1924

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1925

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1926

client = Connection(client_context, None)

1927

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1928

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1929

# If the client doesn't return anything, the connection will fail.

1930

self.assertRaises(Error, self._interactInMemory, server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1931

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1932

self.assertEqual([(server, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1933

1934

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1935

def test_alpn_no_server(self):

1936

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1937

When clients and servers cannot agree on what protocol to use next

1938

because the server doesn't offer ALPN, no protocol is negotiated.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1939

"""

1940

client_context = Context(TLSv1_METHOD)

1941

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1942

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1943

server_context = Context(TLSv1_METHOD)

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1944

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1945

# Necessary to actually accept the connection

1946

server_context.use_privatekey(

1947

load_privatekey(FILETYPE_PEM, server_key_pem))

1948

server_context.use_certificate(

1949

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1950

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1951

# Do a little connection to trigger the logic

1952

server = Connection(server_context, None)

1953

server.set_accept_state()

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1954

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1955

client = Connection(client_context, None)

1956

client.set_connect_state()

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1957

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1958

# Do the dance.

1959

self._interactInMemory(server, client)

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1960

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1961

self.assertEqual(client.get_alpn_proto_negotiated(), b'')

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1962

1963

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1964

def test_alpn_callback_exception(self):

1965

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1966

We can handle exceptions in the ALPN select callback.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1967

"""

1968

select_args = []

1969

def select(conn, options):

1970

select_args.append((conn, options))

Cory Benfield

ef40145

2015-04-13 18:17:36 -0400

[diff] [blame]

1971

raise TypeError()

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1972

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1973

client_context = Context(TLSv1_METHOD)

1974

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1975

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1976

server_context = Context(TLSv1_METHOD)

1977

server_context.set_alpn_select_callback(select)

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1978

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1979

# Necessary to actually accept the connection

1980

server_context.use_privatekey(

1981

load_privatekey(FILETYPE_PEM, server_key_pem))

1982

server_context.use_certificate(

1983

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1984

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1985

# Do a little connection to trigger the logic

1986

server = Connection(server_context, None)

1987

server.set_accept_state()

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1988

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1989

client = Connection(client_context, None)

1990

client.set_connect_state()

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1991

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1992

self.assertRaises(

1993

TypeError, self._interactInMemory, server, client

1994

)

1995

self.assertEqual([(server, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1996

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

1997

else:

1998

# No ALPN.

1999

def test_alpn_not_implemented(self):

Cory Benfield

ef40145

2015-04-13 18:17:36 -0400

[diff] [blame]

2000

"""

2001

If ALPN is not in OpenSSL, we should raise NotImplementedError.

2002

"""

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

2003

# Test the context methods first.

2004

context = Context(TLSv1_METHOD)

Cory Benfield

307e9e6

2015-04-13 18:21:12 -0400

[diff] [blame]

2005

self.assertRaises(

2006

NotImplementedError, context.set_alpn_protos, None

2007

)

2008

self.assertRaises(

2009

NotImplementedError, context.set_alpn_select_callback, None

2010

)

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

2011

2012

# Now test a connection.

2013

conn = Connection(context)

Cory Benfield

307e9e6

2015-04-13 18:21:12 -0400

[diff] [blame]

2014

self.assertRaises(

2015

NotImplementedError, context.set_alpn_protos, None

2016

)

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

2017

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

2018

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2019

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

2020

class SessionTests(TestCase):

2021

"""

2022

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

2023

"""

2024

def test_construction(self):

2025

"""

2026

:py:class:`Session` can be constructed with no arguments, creating a new

2027

instance of that type.

2028

"""

2029

new_session = Session()

2030

self.assertTrue(isinstance(new_session, Session))

2031

2032

2033

def test_construction_wrong_args(self):

2034

"""

2035

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

2036

is raised.

2037

"""

2038

self.assertRaises(TypeError, Session, 123)

2039

self.assertRaises(TypeError, Session, "hello")

2040

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2044

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2045

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2046

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2047

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2048

# XXX get_peer_certificate -> None

2049

# XXX sock_shutdown

2050

# XXX master_key -> TypeError

2051

# XXX server_random -> TypeError

2052

# XXX state_string

2053

# XXX connect -> TypeError

2054

# XXX connect_ex -> TypeError

2055

# XXX set_connect_state -> TypeError

2056

# XXX set_accept_state -> TypeError

2057

# XXX renegotiate_pending

2058

# XXX do_handshake -> TypeError

2059

# XXX bio_read -> TypeError

2060

# XXX recv -> TypeError

2061

# XXX send -> TypeError

2062

# XXX bio_write -> TypeError

2063

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2064

def test_type(self):

2065

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2066

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2067

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2068

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2069

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2070

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2071

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2072

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2073

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2074

def test_get_context(self):

2075

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2076

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

2077

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2078

"""

2079

context = Context(TLSv1_METHOD)

2080

connection = Connection(context, None)

2081

self.assertIdentical(connection.get_context(), context)

2082

2083

2084

def test_get_context_wrong_args(self):

2085

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2086

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2087

arguments.

2088

"""

2089

connection = Connection(Context(TLSv1_METHOD), None)

2090

self.assertRaises(TypeError, connection.get_context, None)

2091

2092

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2093

def test_set_context_wrong_args(self):

2094

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2095

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

2096

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2097

than 1.

2098

"""

2099

ctx = Context(TLSv1_METHOD)

2100

connection = Connection(ctx, None)

2101

self.assertRaises(TypeError, connection.set_context)

2102

self.assertRaises(TypeError, connection.set_context, object())

2103

self.assertRaises(TypeError, connection.set_context, "hello")

2104

self.assertRaises(TypeError, connection.set_context, 1)

2105

self.assertRaises(TypeError, connection.set_context, 1, 2)

2106

self.assertRaises(

2107

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

2108

self.assertIdentical(ctx, connection.get_context())

2109

2110

2111

def test_set_context(self):

2112

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2113

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2114

for the connection.

2115

"""

2116

original = Context(SSLv23_METHOD)

2117

replacement = Context(TLSv1_METHOD)

2118

connection = Connection(original, None)

2119

connection.set_context(replacement)

2120

self.assertIdentical(replacement, connection.get_context())

2121

# Lose our references to the contexts, just in case the Connection isn't

2122

# properly managing its own contributions to their reference counts.

2123

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

2128

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2129

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2130

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2131

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2132

"""

2133

conn = Connection(Context(TLSv1_METHOD), None)

2134

self.assertRaises(TypeError, conn.set_tlsext_host_name)

2135

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

2136

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

2137

self.assertRaises(

2138

TypeError, conn.set_tlsext_host_name, b("with\0null"))

2139

Abraham Martin

c5484ba

2015-03-25 15:33:05 +0000

[diff] [blame]

2140

if PY3:

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2141

# On Python 3.x, don't accidentally implicitly convert from text.

2142

self.assertRaises(

2143

TypeError,

2144

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2145

2146

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

2147

def test_get_servername_wrong_args(self):

2148

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2149

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

2150

arguments.

2151

"""

2152

connection = Connection(Context(TLSv1_METHOD), None)

2153

self.assertRaises(TypeError, connection.get_servername, object())

2154

self.assertRaises(TypeError, connection.get_servername, 1)

2155

self.assertRaises(TypeError, connection.get_servername, "hello")

2156

2157

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2158

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2159

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2160

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2161

immediate read.

2162

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2163

connection = Connection(Context(TLSv1_METHOD), None)

2164

self.assertEquals(connection.pending(), 0)

2165

2166

2167

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2168

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2169

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2170

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2171

connection = Connection(Context(TLSv1_METHOD), None)

2172

self.assertRaises(TypeError, connection.pending, None)

2173

2174

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2175

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2176

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2177

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2178

argument or with the wrong number of arguments.

2179

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2180

connection = Connection(Context(TLSv1_METHOD), socket())

2181

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2182

self.assertRaises(TypeError, connection.connect)

2183

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2184

2185

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2186

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2187

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2188

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2189

connect method raises it.

2190

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2191

client = socket()

2192

context = Context(TLSv1_METHOD)

2193

clientSSL = Connection(context, client)

2194

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

2195

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2196

2197

2198

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2199

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2200

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2201

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2207

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

2208

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2209

2210

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

2211

if platform == "darwin":

2212

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

2213

else:

2214

def test_connect_ex(self):

2215

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2216

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

2217

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

2222

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

2223

clientSSL = Connection(Context(TLSv1_METHOD), socket())

2224

clientSSL.setblocking(False)

2225

result = clientSSL.connect_ex(port.getsockname())

2226

expected = (EINPROGRESS, EWOULDBLOCK)

2227

self.assertTrue(

2228

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

2229

2230

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2231

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2232

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2233

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2234

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2235

connection = Connection(Context(TLSv1_METHOD), socket())

2236

self.assertRaises(TypeError, connection.accept, None)

2237

2238

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2239

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2240

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2241

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

2242

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2243

connection originated from.

2244

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2245

ctx = Context(TLSv1_METHOD)

2246

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2247

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2248

port = socket()

2249

portSSL = Connection(ctx, port)

2250

portSSL.bind(('', 0))

2251

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2252

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2253

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2254

2255

# Calling portSSL.getsockname() here to get the server IP address sounds

2256

# great, but frequently fails on Windows.

2257

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2258

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2259

serverSSL, address = portSSL.accept()

2260

2261

self.assertTrue(isinstance(serverSSL, Connection))

2262

self.assertIdentical(serverSSL.get_context(), ctx)

2263

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2264

2265

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2266

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2267

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2268

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2269

number of arguments or with arguments other than integers.

2270

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2271

connection = Connection(Context(TLSv1_METHOD), None)

2272

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

2273

self.assertRaises(TypeError, connection.get_shutdown, None)

2274

self.assertRaises(TypeError, connection.set_shutdown)

2275

self.assertRaises(TypeError, connection.set_shutdown, None)

2276

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2277

2278

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2279

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2280

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2281

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2282

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2283

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2284

self.assertFalse(server.shutdown())

2285

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2286

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2287

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

2288

client.shutdown()

2289

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

2290

self.assertRaises(ZeroReturnError, server.recv, 1024)

2291

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2292

2293

Paul Aurich

c85e086

2015-01-08 08:34:33 -0800

[diff] [blame]

2294

def test_shutdown_closed(self):

2295

"""

2296

If the underlying socket is closed, :py:obj:`Connection.shutdown` propagates the

2297

write error from the low level write call.

2298

"""

2299

server, client = self._loopback()

2300

server.sock_shutdown(2)

2301

exc = self.assertRaises(SysCallError, server.shutdown)

2302

if platform == "win32":

2303

self.assertEqual(exc.args[0], ESHUTDOWN)

2304

else:

2305

self.assertEqual(exc.args[0], EPIPE)

2306

2307

Glyph

8938947

2015-04-14 17:29:26 -0400

[diff] [blame]

2308

def test_shutdown_truncated(self):

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2309

"""

Glyph

8938947

2015-04-14 17:29:26 -0400

[diff] [blame]

2310

If the underlying connection is truncated, :obj:`Connection.shutdown`

2311

raises an :obj:`Error`.

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2312

"""

Glyph

8938947

2015-04-14 17:29:26 -0400

[diff] [blame]

2313

server_ctx = Context(TLSv1_METHOD)

2314

client_ctx = Context(TLSv1_METHOD)

2315

server_ctx.use_privatekey(

2316

load_privatekey(FILETYPE_PEM, server_key_pem))

2317

server_ctx.use_certificate(

2318

load_certificate(FILETYPE_PEM, server_cert_pem))

2319

server = Connection(server_ctx, None)

2320

client = Connection(client_ctx, None)

2321

self._handshakeInMemory(client, server)

2322

self.assertEqual(server.shutdown(), False)

2323

self.assertRaises(WantReadError, server.shutdown)

2324

server.bio_shutdown()

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2325

self.assertRaises(Error, server.shutdown)

2326

2327

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2328

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2329

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2330

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2331

process.

2332

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2333

connection = Connection(Context(TLSv1_METHOD), socket())

2334

connection.set_shutdown(RECEIVED_SHUTDOWN)

2335

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

2336

2337

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

2338

if not PY3:

2339

def test_set_shutdown_long(self):

2340

"""

2341

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

2342

of type :py:obj:`long` as well as :py:obj:`int`.

2343

"""

2344

connection = Connection(Context(TLSv1_METHOD), socket())

2345

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

2346

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

2347

2348

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2349

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2350

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2351

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

2352

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2353

with any arguments.

2354

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2355

conn = Connection(Context(TLSv1_METHOD), None)

2356

self.assertRaises(TypeError, conn.get_app_data, None)

2357

self.assertRaises(TypeError, conn.set_app_data)

2358

self.assertRaises(TypeError, conn.set_app_data, None, None)

2359

2360

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2361

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2362

"""

2363

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2364

:py:obj:`Connection.set_app_data` and later retrieved with

2365

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2366

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2367

conn = Connection(Context(TLSv1_METHOD), None)

2368

app_data = object()

2369

conn.set_app_data(app_data)

2370

self.assertIdentical(conn.get_app_data(), app_data)

2371

2372

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2373

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2374

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2375

:py:obj:`Connection.makefile` is not implemented and calling that method raises

2376

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2377

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2378

conn = Connection(Context(TLSv1_METHOD), None)

2379

self.assertRaises(NotImplementedError, conn.makefile)

2380

2381

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2382

def test_get_peer_cert_chain_wrong_args(self):

2383

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2384

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2385

arguments.

2386

"""

2387

conn = Connection(Context(TLSv1_METHOD), None)

2388

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

2389

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

2390

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

2391

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

2392

2393

2394

def test_get_peer_cert_chain(self):

2395

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2396

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2397

the connected server returned for the certification verification.

2398

"""

2399

chain = _create_certificate_chain()

2400

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2401

2402

serverContext = Context(TLSv1_METHOD)

2403

serverContext.use_privatekey(skey)

2404

serverContext.use_certificate(scert)

2405

serverContext.add_extra_chain_cert(icert)

2406

serverContext.add_extra_chain_cert(cacert)

2407

server = Connection(serverContext, None)

2408

server.set_accept_state()

2409

2410

# Create the client

2411

clientContext = Context(TLSv1_METHOD)

2412

clientContext.set_verify(VERIFY_NONE, verify_cb)

2413

client = Connection(clientContext, None)

2414

client.set_connect_state()

2415

2416

self._interactInMemory(client, server)

2417

2418

chain = client.get_peer_cert_chain()

2419

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2420

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2421

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2422

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2423

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2424

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2425

"Authority Certificate", chain[2].get_subject().CN)

2426

2427

2428

def test_get_peer_cert_chain_none(self):

2429

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2430

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2431

certificate chain.

2432

"""

2433

ctx = Context(TLSv1_METHOD)

2434

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2435

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2436

server = Connection(ctx, None)

2437

server.set_accept_state()

2438

client = Connection(Context(TLSv1_METHOD), None)

2439

client.set_connect_state()

2440

self._interactInMemory(client, server)

2441

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2442

2443

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2444

def test_get_session_wrong_args(self):

2445

"""

2446

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

2447

with any arguments.

2448

"""

2449

ctx = Context(TLSv1_METHOD)

2450

server = Connection(ctx, None)

2451

self.assertRaises(TypeError, server.get_session, 123)

2452

self.assertRaises(TypeError, server.get_session, "hello")

2453

self.assertRaises(TypeError, server.get_session, object())

2454

2455

2456

def test_get_session_unconnected(self):

2457

"""

2458

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

2459

an object which has not been connected.

2460

"""

2461

ctx = Context(TLSv1_METHOD)

2462

server = Connection(ctx, None)

2463

session = server.get_session()

2464

self.assertIdentical(None, session)

2465

2466

2467

def test_server_get_session(self):

2468

"""

2469

On the server side of a connection, :py:obj:`Connection.get_session`

2470

returns a :py:class:`Session` instance representing the SSL session for

2471

that connection.

2472

"""

2473

server, client = self._loopback()

2474

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

2475

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2476

2477

2478

def test_client_get_session(self):

2479

"""

2480

On the client side of a connection, :py:obj:`Connection.get_session`

2481

returns a :py:class:`Session` instance representing the SSL session for

2482

that connection.

2483

"""

2484

server, client = self._loopback()

2485

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

2486

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2487

2488

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2489

def test_set_session_wrong_args(self):

2490

"""

2491

If called with an object that is not an instance of :py:class:`Session`,

2492

or with other than one argument, :py:obj:`Connection.set_session` raises

2493

:py:obj:`TypeError`.

2494

"""

2495

ctx = Context(TLSv1_METHOD)

2496

connection = Connection(ctx, None)

2497

self.assertRaises(TypeError, connection.set_session)

2498

self.assertRaises(TypeError, connection.set_session, 123)

2499

self.assertRaises(TypeError, connection.set_session, "hello")

2500

self.assertRaises(TypeError, connection.set_session, object())

2501

self.assertRaises(

2502

TypeError, connection.set_session, Session(), Session())

2503

2504

2505

def test_client_set_session(self):

2506

"""

2507

:py:obj:`Connection.set_session`, when used prior to a connection being

2508

established, accepts a :py:class:`Session` instance and causes an

2509

attempt to re-use the session it represents when the SSL handshake is

2510

performed.

2511

"""

2512

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2513

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2514

ctx = Context(TLSv1_METHOD)

2515

ctx.use_privatekey(key)

2516

ctx.use_certificate(cert)

2517

ctx.set_session_id("unity-test")

2518

2519

def makeServer(socket):

2520

server = Connection(ctx, socket)

2521

server.set_accept_state()

2522

return server

2523

2524

originalServer, originalClient = self._loopback(

2525

serverFactory=makeServer)

2526

originalSession = originalClient.get_session()

2527

2528

def makeClient(socket):

2529

client = self._loopbackClientFactory(socket)

2530

client.set_session(originalSession)

2531

return client

2532

resumedServer, resumedClient = self._loopback(

2533

serverFactory=makeServer,

2534

clientFactory=makeClient)

2535

2536

# This is a proxy: in general, we have no access to any unique

2537

# identifier for the session (new enough versions of OpenSSL expose a

2538

# hash which could be usable, but "new enough" is very, very new).

2539

# Instead, exploit the fact that the master key is re-used if the

2540

# session is re-used. As long as the master key for the two connections

2541

# is the same, the session was re-used!

2542

self.assertEqual(

2543

originalServer.master_key(), resumedServer.master_key())

2544

2545

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2546

def test_set_session_wrong_method(self):

2547

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

2548

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

2549

instance associated with a context using a different SSL method than the

2550

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

2551

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2552

"""

2553

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2554

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2555

ctx = Context(TLSv1_METHOD)

2556

ctx.use_privatekey(key)

2557

ctx.use_certificate(cert)

2558

ctx.set_session_id("unity-test")

2559

2560

def makeServer(socket):

2561

server = Connection(ctx, socket)

2562

server.set_accept_state()

2563

return server

2564

2565

originalServer, originalClient = self._loopback(

2566

serverFactory=makeServer)

2567

originalSession = originalClient.get_session()

2568

2569

def makeClient(socket):

2570

# Intentionally use a different, incompatible method here.

2571

client = Connection(Context(SSLv3_METHOD), socket)

2572

client.set_connect_state()

2573

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

2579

2580

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2581

def test_wantWriteError(self):

2582

"""

2583

:py:obj:`Connection` methods which generate output raise

2584

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

2585

fail indicating a should-write state.

2586

"""

2587

client_socket, server_socket = socket_pair()

2588

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2589

# anything. Only write a single byte at a time so we can be sure we

2590

# completely fill the buffer. Even though the socket API is allowed to

2591

# signal a short write via its return value it seems this doesn't

2592

# always happen on all platforms (FreeBSD and OS X particular) for the

2593

# very last bit of available buffer space.

2594

msg = b"x"

2595

for i in range(1024 * 1024 * 4):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2596

try:

2597

client_socket.send(msg)

2598

except error as e:

2599

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

2605

2606

ctx = Context(TLSv1_METHOD)

2607

conn = Connection(ctx, client_socket)

2608

# Client's speak first, so make it an SSL client

2609

conn.set_connect_state()

2610

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2614

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2615

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2616

:py:obj:`Connection.get_finished` returns :py:obj:`None` before TLS

2617

handshake is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2618

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2619

ctx = Context(TLSv1_METHOD)

2620

connection = Connection(ctx, None)

2621

self.assertEqual(connection.get_finished(), None)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2622

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2623

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2624

def test_get_peer_finished_before_connect(self):

2625

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2626

:py:obj:`Connection.get_peer_finished` returns :py:obj:`None` before

2627

TLS handshake is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2628

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2629

ctx = Context(TLSv1_METHOD)

2630

connection = Connection(ctx, None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2631

self.assertEqual(connection.get_peer_finished(), None)

2632

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2633

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2634

def test_get_finished(self):

2635

"""

2636

:py:obj:`Connection.get_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2637

message send from client, or server. Finished messages are send during

2638

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2639

"""

2640

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2641

server, client = self._loopback()

2642

2643

self.assertNotEqual(server.get_finished(), None)

2644

self.assertTrue(len(server.get_finished()) > 0)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2645

Jean-Paul Calderone

d979f23

2014-03-30 11:58:00 -0400

[diff] [blame]

2646

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2647

def test_get_peer_finished(self):

2648

"""

2649

:py:obj:`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2650

message received from client, or server. Finished messages are send

2651

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2652

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2653

server, client = self._loopback()

2654

2655

self.assertNotEqual(server.get_peer_finished(), None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2656

self.assertTrue(len(server.get_peer_finished()) > 0)

2657

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2658

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2659

def test_tls_finished_message_symmetry(self):

2660

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2661

The TLS Finished message send by server must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2662

received by client.

2663

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2664

The TLS Finished message send by client must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2665

received by server.

2666

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2667

server, client = self._loopback()

2668

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2669

self.assertEqual(server.get_finished(), client.get_peer_finished())

2670

self.assertEqual(client.get_finished(), server.get_peer_finished())

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2671

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2672

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2673

def test_get_cipher_name_before_connect(self):

2674

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2675

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None` if no

2676

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2677

"""

2678

ctx = Context(TLSv1_METHOD)

2679

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2680

self.assertIdentical(conn.get_cipher_name(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2681

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2682

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2683

def test_get_cipher_name(self):

2684

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2685

:py:obj:`Connection.get_cipher_name` returns a :py:class:`unicode`

2686

string giving the name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2687

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2688

server, client = self._loopback()

2689

server_cipher_name, client_cipher_name = \

2690

server.get_cipher_name(), client.get_cipher_name()

2691

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2692

self.assertIsInstance(server_cipher_name, text_type)

2693

self.assertIsInstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2694

2695

self.assertEqual(server_cipher_name, client_cipher_name)

2696

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2697

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2698

def test_get_cipher_version_before_connect(self):

2699

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2700

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None` if no

2701

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2702

"""

2703

ctx = Context(TLSv1_METHOD)

2704

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2705

self.assertIdentical(conn.get_cipher_version(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2706

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2707

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2708

def test_get_cipher_version(self):

2709

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2710

:py:obj:`Connection.get_cipher_version` returns a :py:class:`unicode`

2711

string giving the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2712

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2713

server, client = self._loopback()

2714

server_cipher_version, client_cipher_version = \

2715

server.get_cipher_version(), client.get_cipher_version()

2716

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2717

self.assertIsInstance(server_cipher_version, text_type)

2718

self.assertIsInstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2719

2720

self.assertEqual(server_cipher_version, client_cipher_version)

2721

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2722

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2723

def test_get_cipher_bits_before_connect(self):

2724

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2725

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None` if no

2726

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2727

"""

2728

ctx = Context(TLSv1_METHOD)

2729

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2730

self.assertIdentical(conn.get_cipher_bits(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2731

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2732

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2733

def test_get_cipher_bits(self):

2734

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2735

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits

2736

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2737

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2738

server, client = self._loopback()

2739

server_cipher_bits, client_cipher_bits = \

2740

server.get_cipher_bits(), client.get_cipher_bits()

2741

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2742

self.assertIsInstance(server_cipher_bits, int)

2743

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2744

2745

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2746

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2747

2748

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2749

class ConnectionGetCipherListTests(TestCase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2750

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2751

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2752

"""

Jean-Paul Calderone

54a2bc0

2010-09-09 17:52:38 -0400

[diff] [blame]

2753

def test_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2754

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2755

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2756

arguments.

2757

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2758

connection = Connection(Context(TLSv1_METHOD), None)

2759

self.assertRaises(TypeError, connection.get_cipher_list, None)

2760

2761

2762

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2763

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2764

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2765

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2766

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2767

connection = Connection(Context(TLSv1_METHOD), None)

2768

ciphers = connection.get_cipher_list()

2769

self.assertTrue(isinstance(ciphers, list))

2770

for cipher in ciphers:

2771

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2775

class ConnectionSendTests(TestCase, _LoopbackMixin):

2776

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2777

Tests for :py:obj:`Connection.send`

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2778

"""

2779

def test_wrong_args(self):

2780

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2781

When called with arguments other than string argument for its first

2782

parameter or more than two arguments, :py:obj:`Connection.send` raises

2783

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2784

"""

2785

connection = Connection(Context(TLSv1_METHOD), None)

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2786

self.assertRaises(TypeError, connection.send)

2787

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2788

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2789

2790

2791

def test_short_bytes(self):

2792

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2793

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2794

and returns the number of bytes sent.

2795

"""

2796

server, client = self._loopback()

2797

count = server.send(b('xy'))

2798

self.assertEquals(count, 2)

2799

self.assertEquals(client.recv(2), b('xy'))

2800

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2801

2802

def test_text(self):

2803

"""

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

2804

When passed a text, :py:obj:`Connection.send` transmits all of it and

2805

returns the number of bytes sent. It also raises a DeprecationWarning.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2806

"""

2807

server, client = self._loopback()

2808

with catch_warnings(record=True) as w:

2809

simplefilter("always")

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

2810

count = server.send(b"xy".decode("ascii"))

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

2811

self.assertEqual(

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

2812

"{0} for buf is no longer accepted, use bytes".format(

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

2813

WARNING_TYPE_EXPECTED

),

str(w[-1].message)

)

self.assertIs(w[-1].category, DeprecationWarning)

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2818

self.assertEquals(count, 2)

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

2819

self.assertEquals(client.recv(2), b"xy")

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2820

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2825

else:

2826

def test_short_memoryview(self):

2827

"""

2828

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2829

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2830

bytes sent.

2831

"""

2832

server, client = self._loopback()

2833

count = server.send(memoryview(b('xy')))

2834

self.assertEquals(count, 2)

2835

self.assertEquals(client.recv(2), b('xy'))

2836

2837

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffer without buffer"

2842

else:

2843

def test_short_buffer(self):

2844

"""

2845

When passed a buffer containing a small number of bytes,

2846

:py:obj:`Connection.send` transmits all of them and returns the number of

2847

bytes sent.

2848

"""

2849

server, client = self._loopback()

2850

count = server.send(buffer(b('xy')))

2851

self.assertEquals(count, 2)

2852

self.assertEquals(client.recv(2), b('xy'))

2853

2854

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2855

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2856

def _make_memoryview(size):

2857

"""

2858

Create a new ``memoryview`` wrapped around a ``bytearray`` of the given

2859

size.

2860

"""

2861

return memoryview(bytearray(size))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2865

class ConnectionRecvIntoTests(TestCase, _LoopbackMixin):

2866

"""

2867

Tests for :py:obj:`Connection.recv_into`

2868

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2869

def _no_length_test(self, factory):

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2870

"""

2871

Assert that when the given buffer is passed to

2872

``Connection.recv_into``, whatever bytes are available to be received

2873

that fit into that buffer are written into that buffer.

2874

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2875

output_buffer = factory(5)

2876

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2877

server, client = self._loopback()

2878

server.send(b('xy'))

2879

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2880

self.assertEqual(client.recv_into(output_buffer), 2)

2881

self.assertEqual(output_buffer, bytearray(b('xy\x00\x00\x00')))

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2882

2883

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2884

def test_bytearray_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2885

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2886

:py:obj:`Connection.recv_into` can be passed a ``bytearray`` instance

2887

and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2888

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2889

self._no_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2890

2891

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2892

def _respects_length_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2893

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2894

Assert that when the given buffer is passed to ``Connection.recv_into``

2895

along with a value for ``nbytes`` that is less than the size of that

2896

buffer, only ``nbytes`` bytes are written into the buffer.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2897

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2898

output_buffer = factory(10)

2899

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2900

server, client = self._loopback()

2901

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2902

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2903

self.assertEqual(client.recv_into(output_buffer, 5), 5)

2904

self.assertEqual(

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2905

output_buffer, bytearray(b('abcde\x00\x00\x00\x00\x00'))

)

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2909

def test_bytearray_respects_length(self):

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2910

"""

2911

When called with a ``bytearray`` instance,

2912

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter and

2913

doesn't copy in more than that number of bytes.

2914

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2915

self._respects_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2916

2917

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2918

def _doesnt_overfill_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2919

"""

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2920

Assert that if there are more bytes available to be read from the

2921

receive buffer than would fit into the buffer passed to

2922

:py:obj:`Connection.recv_into`, only as many as fit are written into

2923

it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2924

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2925

output_buffer = factory(5)

2926

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2927

server, client = self._loopback()

2928

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2929

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2930

self.assertEqual(client.recv_into(output_buffer), 5)

2931

self.assertEqual(output_buffer, bytearray(b('abcde')))

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2932

rest = client.recv(5)

2933

self.assertEqual(b('fghij'), rest)

2934

2935

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2936

def test_bytearray_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2937

"""

2938

When called with a ``bytearray`` instance,

2939

:py:obj:`Connection.recv_into` respects the size of the array and

2940

doesn't write more bytes into it than will fit.

2941

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2942

self._doesnt_overfill_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2943

2944

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2945

def _really_doesnt_overfill_test(self, factory):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2946

"""

2947

Assert that if the value given by ``nbytes`` is greater than the actual

2948

size of the output buffer passed to :py:obj:`Connection.recv_into`, the

2949

behavior is as if no value was given for ``nbytes`` at all.

2950

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2951

output_buffer = factory(5)

2952

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2953

server, client = self._loopback()

2954

server.send(b('abcdefghij'))

2955

2956

self.assertEqual(client.recv_into(output_buffer, 50), 5)

2957

self.assertEqual(output_buffer, bytearray(b('abcde')))

2958

rest = client.recv(5)

2959

self.assertEqual(b('fghij'), rest)

2960

2961

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2962

def test_bytearray_really_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2963

"""

2964

When called with a ``bytearray`` instance and an ``nbytes`` value that

2965

is too large, :py:obj:`Connection.recv_into` respects the size of the

2966

array and not the ``nbytes`` value and doesn't write more bytes into

2967

the buffer than will fit.

2968

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2969

self._doesnt_overfill_test(bytearray)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2970

2971

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

try:

memoryview

except NameError:

"cannot test recv_into memoryview without memoryview"

2976

else:

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2977

def test_memoryview_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2978

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2979

:py:obj:`Connection.recv_into` can be passed a ``memoryview``

2980

instance and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2981

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2982

self._no_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2983

2984

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2985

def test_memoryview_respects_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2986

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2987

When called with a ``memoryview`` instance,

2988

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter

2989

and doesn't copy more than that number of bytes in.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2990

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2991

self._respects_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2992

2993

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2994

def test_memoryview_doesnt_overfill(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2995

"""

Jean-Paul Calderone

8fd8255

2015-03-15 17:21:07 -0400

[diff] [blame]

2996

When called with a ``memoryview`` instance,

2997

:py:obj:`Connection.recv_into` respects the size of the array and

2998

doesn't write more bytes into it than will fit.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2999

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3000

self._doesnt_overfill_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3001

3002

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3003

def test_memoryview_really_doesnt_overfill(self):

3004

"""

3005

When called with a ``memoryview`` instance and an ``nbytes`` value

3006

that is too large, :py:obj:`Connection.recv_into` respects the size

3007

of the array and not the ``nbytes`` value and doesn't write more

3008

bytes into the buffer than will fit.

3009

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3010

self._doesnt_overfill_test(_make_memoryview)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3011

3012

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3013

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3014

class ConnectionSendallTests(TestCase, _LoopbackMixin):

3015

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3016

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3017

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3018

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3019

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3020

When called with arguments other than a string argument for its first

3021

parameter or with more than two arguments, :py:obj:`Connection.sendall`

3022

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3023

"""

3024

connection = Connection(Context(TLSv1_METHOD), None)

3025

self.assertRaises(TypeError, connection.sendall)

3026

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3027

self.assertRaises(

3028

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3029

3030

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3031

def test_short(self):

3032

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3033

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3034

it.

3035

"""

3036

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

3037

server.sendall(b('x'))

3038

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3039

3040

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3041

def test_text(self):

3042

"""

Jean-Paul Calderone

9347742

2015-04-13 20:38:57 -0400

[diff] [blame]

3043

:py:obj:`Connection.sendall` transmits all the content in the string

3044

passed to it raising a DeprecationWarning in case of this being a text.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3045

"""

3046

server, client = self._loopback()

3047

with catch_warnings(record=True) as w:

3048

simplefilter("always")

Jean-Paul Calderone

8dc37a1

2015-03-29 08:16:52 -0400

[diff] [blame]

3049

server.sendall(b"x".decode("ascii"))

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

3050

self.assertEqual(

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

3051

"{0} for buf is no longer accepted, use bytes".format(

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

3052

WARNING_TYPE_EXPECTED

),

str(w[-1].message)

)

self.assertIs(w[-1].category, DeprecationWarning)

3057

self.assertEquals(client.recv(1), b"x")

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3058

3059

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

3064

else:

3065

def test_short_memoryview(self):

3066

"""

3067

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3068

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

3069

"""

3070

server, client = self._loopback()

3071

server.sendall(memoryview(b('x')))

3072

self.assertEquals(client.recv(1), b('x'))

3073

3074

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffers without buffers"

3079

else:

3080

def test_short_buffers(self):

3081

"""

3082

When passed a buffer containing a small number of bytes,

3083

:py:obj:`Connection.sendall` transmits all of them.

3084

"""

3085

server, client = self._loopback()

3086

server.sendall(buffer(b('x')))

3087

self.assertEquals(client.recv(1), b('x'))

3088

3089

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3090

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3091

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3092

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3093

it even if this requires multiple calls of an underlying write function.

3094

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3095

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

3096

# Should be enough, underlying SSL_write should only do 16k at a time.

3097

# On Windows, after 32k of bytes the write will block (forever - because

3098

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

3099

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3100

server.sendall(message)

3101

accum = []

3102

received = 0

3103

while received < len(message):

Jean-Paul Calderone

b1f7f5f

2010-08-22 21:40:52 -0400

[diff] [blame]

3104

data = client.recv(1024)

3105

accum.append(data)

3106

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

3107

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3108

3109

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3110

def test_closed(self):

3111

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3112

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3113

write error from the low level write call.

3114

"""

3115

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

3116

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

3117

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

3118

if platform == "win32":

3119

self.assertEqual(exc.args[0], ESHUTDOWN)

3120

else:

3121

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3122

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3123

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

3124

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3125

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

3126

"""

3127

Tests for SSL renegotiation APIs.

3128

"""

3129

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3130

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3131

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3132

arguments.

3133

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3134

connection = Connection(Context(TLSv1_METHOD), None)

3135

self.assertRaises(TypeError, connection.renegotiate, None)

3136

3137

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3138

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3139

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3140

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3141

any arguments.

3142

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3143

connection = Connection(Context(TLSv1_METHOD), None)

3144

self.assertRaises(TypeError, connection.total_renegotiations, None)

3145

3146

3147

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3148

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3149

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3150

renegotiations have happened.

3151

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3152

connection = Connection(Context(TLSv1_METHOD), None)

3153

self.assertEquals(connection.total_renegotiations(), 0)

3154

3155

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3156

# def test_renegotiate(self):

3157

# """

3158

# """

3159

# server, client = self._loopback()

3160

3161

# server.send("hello world")

3162

# self.assertEquals(client.recv(len("hello world")), "hello world")

3163

3164

# self.assertEquals(server.total_renegotiations(), 0)

3165

# self.assertTrue(server.renegotiate())

3166

3167

# server.setblocking(False)

3168

# client.setblocking(False)

3169

# while server.renegotiate_pending():

3170

# client.do_handshake()

3171

# server.do_handshake()

3172

3173

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3178

class ErrorTests(TestCase):

3179

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3180

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3181

"""

3182

def test_type(self):

3183

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3184

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3185

"""

3186

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

3187

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3191

class ConstantsTests(TestCase):

3192

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3193

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3194

3195

These are values defined by OpenSSL intended only to be used as flags to

3196

OpenSSL APIs. The only assertions it seems can be made about them is

3197

their values.

3198

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3199

# unittest.TestCase has no skip mechanism

3200

if OP_NO_QUERY_MTU is not None:

3201

def test_op_no_query_mtu(self):

3202

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3203

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

3204

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3205

"""

3206

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

3207

else:

3208

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3209

3210

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3211

if OP_COOKIE_EXCHANGE is not None:

3212

def test_op_cookie_exchange(self):

3213

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3214

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

3215

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3216

"""

3217

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

3218

else:

3219

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3220

3221

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3222

if OP_NO_TICKET is not None:

3223

def test_op_no_ticket(self):

3224

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3225

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

3226

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3227

"""

3228

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

3229

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3230

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

3231

3232

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

3233

if OP_NO_COMPRESSION is not None:

3234

def test_op_no_compression(self):

3235

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

3236

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

3237

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

3238

"""

3239

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

3240

else:

3241

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

3242

3243

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3244

def test_sess_cache_off(self):

3245

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3246

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

3247

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3248

"""

3249

self.assertEqual(0x0, SESS_CACHE_OFF)

3250

3251

3252

def test_sess_cache_client(self):

3253

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3254

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

3255

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3256

"""

3257

self.assertEqual(0x1, SESS_CACHE_CLIENT)

3258

3259

3260

def test_sess_cache_server(self):

3261

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3262

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

3263

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3264

"""

3265

self.assertEqual(0x2, SESS_CACHE_SERVER)

3266

3267

3268

def test_sess_cache_both(self):

3269

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3270

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

3271

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3272

"""

3273

self.assertEqual(0x3, SESS_CACHE_BOTH)

3274

3275

3276

def test_sess_cache_no_auto_clear(self):

3277

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3278

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

3279

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

3280

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3281

"""

3282

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

3283

3284

3285

def test_sess_cache_no_internal_lookup(self):

3286

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3287

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

3288

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

3289

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3290

"""

3291

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

3292

3293

3294

def test_sess_cache_no_internal_store(self):

3295

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3296

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

3297

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

3298

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3299

"""

3300

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

3301

3302

3303

def test_sess_cache_no_internal(self):

3304

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3305

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

3306

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

3307

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3308

"""

3309

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

3310

3311

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

3312

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3313

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3314

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3315

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3316

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3317

def _server(self, sock):

3318

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3319

Create a new server-side SSL :py:obj:`Connection` object wrapped around

3320

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3321

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3322

# Create the server side Connection. This is mostly setup boilerplate

3323

# - use TLSv1, use a particular certificate, etc.

3324

server_ctx = Context(TLSv1_METHOD)

3325

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

3326

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

3327

server_store = server_ctx.get_cert_store()

3328

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

3329

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

3330

server_ctx.check_privatekey()

3331

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3332

# Here the Connection is actually created. If None is passed as the 2nd

3333

# parameter, it indicates a memory BIO should be created.

3334

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3335

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3339

def _client(self, sock):

3340

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3341

Create a new client-side SSL :py:obj:`Connection` object wrapped around

3342

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3343

"""

3344

# Now create the client side Connection. Similar boilerplate to the

3345

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3346

client_ctx = Context(TLSv1_METHOD)

3347

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

3348

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

3349

client_store = client_ctx.get_cert_store()

3350

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

3351

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

3352

client_ctx.check_privatekey()

3353

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3354

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3355

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3359

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3360

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3361

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3362

reading from the output of each and writing those bytes to the input of

3363

the other and in this way establish a connection and exchange

3364

application-level bytes with each other.

3365

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3366

server_conn = self._server(None)

3367

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3368

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3369

# There should be no key or nonces yet.

3370

self.assertIdentical(server_conn.master_key(), None)

3371

self.assertIdentical(server_conn.client_random(), None)

3372

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3373

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3374

# First, the handshake needs to happen. We'll deliver bytes back and

3375

# forth between the client and server until neither of them feels like

3376

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3377

self.assertIdentical(

3378

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3379

3380

# Now that the handshake is done, there should be a key and nonces.

3381

self.assertNotIdentical(server_conn.master_key(), None)

3382

self.assertNotIdentical(server_conn.client_random(), None)

3383

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

3384

self.assertEquals(server_conn.client_random(), client_conn.client_random())

3385

self.assertEquals(server_conn.server_random(), client_conn.server_random())

3386

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

3387

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3388

3389

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

3390

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3391

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3392

server_conn.write(important_message)

3393

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3394

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3395

(client_conn, important_message))

3396

3397

client_conn.write(important_message[::-1])

3398

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3399

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3400

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3401

3402

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3403

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3404

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3405

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3406

3407

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3408

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3409

this test fails, there must be a problem outside the memory BIO

3410

code, as no memory BIO is involved here). Even though this isn't a

3411

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3412

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

3413

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3414

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

3415

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3416

client_conn.send(important_message)

3417

msg = server_conn.recv(1024)

3418

self.assertEqual(msg, important_message)

3419

3420

# Again in the other direction, just for fun.

3421

important_message = important_message[::-1]

3422

server_conn.send(important_message)

3423

msg = client_conn.recv(1024)

3424

self.assertEqual(msg, important_message)

3425

3426

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

3427

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3428

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3429

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

3430

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3431

"""

3432

context = Context(SSLv3_METHOD)

3433

client = socket()

3434

clientSSL = Connection(context, client)

3435

self.assertRaises( TypeError, clientSSL.bio_read, 100)

3436

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

3437

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3438

3439

3440

def test_outgoingOverflow(self):

3441

"""

3442

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3443

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3444

returned and that many bytes from the beginning of the input can be

3445

read from the other end of the connection.

3446

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3447

server = self._server(None)

3448

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3449

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3450

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3451

3452

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

3453

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3454

# Sanity check. We're trying to test what happens when the entire

3455

# input can't be sent. If the entire input was sent, this test is

3456

# meaningless.

3457

self.assertTrue(sent < size)

3458

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3459

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3460

self.assertIdentical(receiver, server)

3461

3462

# We can rely on all of these bytes being received at once because

3463

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

3464

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3465

3466

3467

def test_shutdown(self):

3468

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3469

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

3470

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3471

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3472

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3473

server.bio_shutdown()

3474

e = self.assertRaises(Error, server.recv, 1024)

3475

# We don't want WantReadError or ZeroReturnError or anything - it's a

3476

# handshake failure.

3477

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3478

3479

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3480

def test_unexpectedEndOfFile(self):

3481

"""

3482

If the connection is lost before an orderly SSL shutdown occurs,

3483

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

3484

"Unexpected EOF".

3485

"""

3486

server_conn, client_conn = self._loopback()

3487

client_conn.sock_shutdown(SHUT_RDWR)

3488

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

3489

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

3490

3491

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3492

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3493

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3494

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3495

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

3496

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3497

before the client and server are connected to each other. This

3498

function should specify a list of CAs for the server to send to the

3499

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3500

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3501

times.

3502

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3503

server = self._server(None)

3504

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3505

self.assertEqual(client.get_client_ca_list(), [])

3506

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3507

ctx = server.get_context()

3508

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3509

self.assertEqual(client.get_client_ca_list(), [])

3510

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3511

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3512

self.assertEqual(client.get_client_ca_list(), expected)

3513

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3514

3515

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3516

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3517

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3518

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3519

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3520

"""

3521

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3522

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

3523

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

3524

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3525

3526

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3527

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3528

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3529

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3530

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3531

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3532

after the connection is set up.

3533

"""

3534

def no_ca(ctx):

3535

ctx.set_client_ca_list([])

3536

return []

3537

self._check_client_ca_list(no_ca)

3538

3539

3540

def test_set_one_ca_list(self):

3541

"""

3542

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3543

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3544

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3545

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3546

X509Name after the connection is set up.

3547

"""

3548

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3549

cadesc = cacert.get_subject()

3550

def single_ca(ctx):

3551

ctx.set_client_ca_list([cadesc])

3552

return [cadesc]

3553

self._check_client_ca_list(single_ca)

3554

3555

3556

def test_set_multiple_ca_list(self):

3557

"""

3558

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3559

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3560

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3561

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3562

X509Names after the connection is set up.

3563

"""

3564

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3565

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3566

3567

sedesc = secert.get_subject()

3568

cldesc = clcert.get_subject()

3569

3570

def multiple_ca(ctx):

3571

L = [sedesc, cldesc]

3572

ctx.set_client_ca_list(L)

3573

return L

3574

self._check_client_ca_list(multiple_ca)

3575

3576

3577

def test_reset_ca_list(self):

3578

"""

3579

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3580

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3581

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3582

"""

3583

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3584

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3585

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3586

3587

cadesc = cacert.get_subject()

3588

sedesc = secert.get_subject()

3589

cldesc = clcert.get_subject()

3590

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3591

def changed_ca(ctx):

3592

ctx.set_client_ca_list([sedesc, cldesc])

3593

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3594

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3595

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3596

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3597

3598

def test_mutated_ca_list(self):

3599

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3600

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3601

afterwards, this does not affect the list of CA names sent to the

3602

client.

3603

"""

3604

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3605

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3606

3607

cadesc = cacert.get_subject()

3608

sedesc = secert.get_subject()

3609

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3610

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3611

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3612

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3613

L.append(sedesc)

3614

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3615

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3616

3617

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3618

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3619

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3620

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3621

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3622

"""

3623

ctx = Context(TLSv1_METHOD)

3624

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3625

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3626

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3627

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3628

3629

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3630

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3631

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3632

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3633

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3634

"""

3635

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3636

cadesc = cacert.get_subject()

3637

def single_ca(ctx):

3638

ctx.add_client_ca(cacert)

3639

return [cadesc]

3640

self._check_client_ca_list(single_ca)

3641

3642

3643

def test_multiple_add_client_ca(self):

3644

"""

3645

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3646

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3647

"""

3648

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3649

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3650

3651

cadesc = cacert.get_subject()

3652

sedesc = secert.get_subject()

3653

3654

def multiple_ca(ctx):

3655

ctx.add_client_ca(cacert)

3656

ctx.add_client_ca(secert)

3657

return [cadesc, sedesc]

3658

self._check_client_ca_list(multiple_ca)

3659

3660

3661

def test_set_and_add_client_ca(self):

3662

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3663

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

3664

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3665

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3666

"""

3667

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3668

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3669

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3670

3671

cadesc = cacert.get_subject()

3672

sedesc = secert.get_subject()

3673

cldesc = clcert.get_subject()

3674

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3675

def mixed_set_add_ca(ctx):

3676

ctx.set_client_ca_list([cadesc, sedesc])

3677

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3678

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3679

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3680

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3681

3682

def test_set_after_add_client_ca(self):

3683

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3684

A call to :py:obj:`Context.set_client_ca_list` after a call to

3685

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3686

call with the names specified by the latter cal.

3687

"""

3688

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3689

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3690

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3691

3692

cadesc = cacert.get_subject()

3693

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3694

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3695

def set_replaces_add_ca(ctx):

3696

ctx.add_client_ca(clcert)

3697

ctx.set_client_ca_list([cadesc])

3698

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3699

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3700

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3701

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3702

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3703

3704

class ConnectionBIOTests(TestCase):

3705

"""

3706

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

3707

"""

3708

def test_wantReadError(self):

3709

"""

3710

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

3711

if there are no bytes available to be read from the BIO.

3712

"""

3713

ctx = Context(TLSv1_METHOD)

3714

conn = Connection(ctx, None)

3715

self.assertRaises(WantReadError, conn.bio_read, 1024)

3716

3717

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3718

def test_buffer_size(self):

3719

"""

3720

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

3721

number of bytes to read and return.

3722

"""

3723

ctx = Context(TLSv1_METHOD)

3724

conn = Connection(ctx, None)

3725

conn.set_connect_state()

3726

try:

3727

conn.do_handshake()

3728

except WantReadError:

3729

pass

3730

data = conn.bio_read(2)

3731

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

3736

"""

3737

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

3738

:py:obj:`long` as well as :py:obj:`int`.

3739

"""

3740

ctx = Context(TLSv1_METHOD)

3741

conn = Connection(ctx, None)

3742

conn.set_connect_state()

3743

try:

3744

conn.do_handshake()

3745

except WantReadError:

3746

pass

3747

data = conn.bio_read(long(2))

3748

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3752

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

3753

class InfoConstantTests(TestCase):

3754

"""

3755

Tests for assorted constants exposed for use in info callbacks.

3756

"""

3757

def test_integers(self):

3758

"""

3759

All of the info constants are integers.

3760

3761

This is a very weak test. It would be nice to have one that actually

3762

verifies that as certain info events happen, the value passed to the

3763

info callback matches up with the constant exposed by OpenSSL.SSL.

3764

"""

3765

for const in [

3766

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

3767

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

3768

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

3769

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

3770

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

3771

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

3772

3773

self.assertTrue(isinstance(const, int))

3774

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3775

Jean-Paul Calderone