Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

5

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

8

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

9

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

10

from sys import platform, version_info

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

11

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

12

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

13

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

14

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

15

from weakref import ref

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

16

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

17

from six import PY3, text_type, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

18

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

19

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

20

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

21

from OpenSSL.crypto import dump_privatekey, load_privatekey

22

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

23

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

24

Jean-Paul Calderone

b41d1f4

2014-04-17 16:02:04 -0400

[diff] [blame]

25

from OpenSSL.SSL import _lib

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

26

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

27

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

28

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

29

from OpenSSL.SSL import (

30

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

31

TLSv1_1_METHOD, TLSv1_2_METHOD)

32

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

33

from OpenSSL.SSL import (

34

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

35

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

36

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

37

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

38

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

39

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

40

41

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

42

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

43

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

44

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

45

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

46

from OpenSSL.test.util import TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

47

from OpenSSL.test.test_crypto import (

48

cleartextCertificatePEM, cleartextPrivateKeyPEM)

49

from OpenSSL.test.test_crypto import (

50

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

51

root_cert_pem)

52

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

53

try:

54

from OpenSSL.SSL import OP_NO_QUERY_MTU

55

except ImportError:

56

OP_NO_QUERY_MTU = None

57

try:

58

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

59

except ImportError:

60

OP_COOKIE_EXCHANGE = None

61

try:

62

from OpenSSL.SSL import OP_NO_TICKET

63

except ImportError:

64

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

65

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

66

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

67

from OpenSSL.SSL import OP_NO_COMPRESSION

68

except ImportError:

69

OP_NO_COMPRESSION = None

70

71

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

72

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

73

except ImportError:

74

MODE_RELEASE_BUFFERS = None

75

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

76

try:

77

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

78

except ImportError:

79

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

80

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

81

from OpenSSL.SSL import (

82

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

83

SSL_ST_OK, SSL_ST_RENEGOTIATE,

84

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

85

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

86

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

87

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

88

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

89

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

90

# to use)

91

dhparam = """\

92

-----BEGIN DH PARAMETERS-----

93

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

94

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

98

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

99

return ok

100

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

101

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

102

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

103

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

104

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

105

"""

106

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

112

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

113

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

114

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

115

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

116

# Let's pass some unencrypted data to make sure our socket connection is

117

# fine. Just one byte, so we don't have to worry about buffers getting

118

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

119

server.send(b("x"))

120

assert client.recv(1024) == b("x")

121

client.send(b("y"))

122

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

123

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

124

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

125

server.setblocking(False)

126

client.setblocking(False)

127

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

128

return (server, client)

129

130

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

131

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

132

def handshake(client, server):

133

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

144

def _create_certificate_chain():

145

"""

146

Construct and return a chain of certificates.

147

148

1. A new self-signed certificate authority certificate (cacert)

149

2. A new intermediate certificate signed by cacert (icert)

150

3. A new server certificate signed by icert (scert)

151

"""

152

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

157

cacert = X509()

158

cacert.get_subject().commonName = "Authority Certificate"

159

cacert.set_issuer(cacert.get_subject())

160

cacert.set_pubkey(cakey)

161

cacert.set_notBefore(b("20000101000000Z"))

162

cacert.set_notAfter(b("20200101000000Z"))

163

cacert.add_extensions([caext])

164

cacert.set_serial_number(0)

165

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

170

icert = X509()

171

icert.get_subject().commonName = "Intermediate Certificate"

172

icert.set_issuer(cacert.get_subject())

173

icert.set_pubkey(ikey)

174

icert.set_notBefore(b("20000101000000Z"))

175

icert.set_notAfter(b("20200101000000Z"))

176

icert.add_extensions([caext])

177

icert.set_serial_number(0)

178

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

183

scert = X509()

184

scert.get_subject().commonName = "Server Certificate"

185

scert.set_issuer(icert.get_subject())

186

scert.set_pubkey(skey)

187

scert.set_notBefore(b("20000101000000Z"))

188

scert.set_notAfter(b("20200101000000Z"))

189

scert.add_extensions([

190

X509Extension(b('basicConstraints'), True, b('CA:false'))])

191

scert.set_serial_number(0)

192

scert.sign(ikey, "sha1")

193

194

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

198

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

199

"""

200

Helper mixin which defines methods for creating a connected socket pair and

201

for forcing two connected SSL sockets to talk to each other via memory BIOs.

202

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

203

def _loopbackClientFactory(self, socket):

204

client = Connection(Context(TLSv1_METHOD), socket)

205

client.set_connect_state()

206

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

207

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

208

209

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

210

ctx = Context(TLSv1_METHOD)

211

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

212

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

213

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

214

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

219

if serverFactory is None:

220

serverFactory = self._loopbackServerFactory

221

if clientFactory is None:

222

clientFactory = self._loopbackClientFactory

223

224

(server, client) = socket_pair()

225

server = serverFactory(server)

226

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

227

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

228

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

229

230

server.setblocking(True)

231

client.setblocking(True)

232

return server, client

233

234

235

def _interactInMemory(self, client_conn, server_conn):

236

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

237

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

238

objects. Copy bytes back and forth between their send/receive buffers

239

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

240

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

241

some application bytes, return a two-tuple of the connection from which

242

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

247

wrote = False

248

249

# Copy stuff from each side's send buffer to the other side's

250

# receive buffer.

251

for (read, write) in [(client_conn, server_conn),

252

(server_conn, client_conn)]:

253

254

# Give the side a chance to generate some more bytes, or

255

# succeed.

256

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

257

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

258

except WantReadError:

259

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

264

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

265

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

266

267

while True:

268

# Keep copying as long as there's more stuff there.

269

try:

270

dirty = read.bio_read(4096)

271

except WantReadError:

272

# Okay, nothing more waiting to be sent. Stop

273

# processing this send buffer.

274

break

275

else:

276

# Keep track of the fact that someone generated some

277

# output.

278

wrote = True

279

write.bio_write(dirty)

280

281

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

282

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

283

class VersionTests(TestCase):

284

"""

285

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

286

:py:obj:`OpenSSL.SSL.SSLeay_version` and

287

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

288

"""

289

def test_OPENSSL_VERSION_NUMBER(self):

290

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

291

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

292

byte and the patch, fix, minor, and major versions in the

293

nibbles above that.

294

"""

295

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

296

297

298

def test_SSLeay_version(self):

299

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

300

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

301

one of a number of version strings based on that indicator.

302

"""

303

versions = {}

304

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

305

SSLEAY_PLATFORM, SSLEAY_DIR]:

306

version = SSLeay_version(t)

307

versions[version] = t

308

self.assertTrue(isinstance(version, bytes))

309

self.assertEqual(len(versions), 5)

310

311

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

312

313

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

314

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

315

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

316

"""

317

def test_method(self):

318

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

319

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

320

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

321

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

322

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

323

methods = [

324

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

325

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

326

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

327

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

328

329

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

334

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

335

# don't. Difficult to say in advance.

336

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

337

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

338

self.assertRaises(TypeError, Context, "")

339

self.assertRaises(ValueError, Context, 10)

340

341

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

342

if not PY3:

343

def test_method_long(self):

344

"""

345

On Python 2 :py:class:`Context` accepts values of type

346

:py:obj:`long` as well as :py:obj:`int`.

347

"""

348

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

352

def test_type(self):

353

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

354

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

355

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

356

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

357

self.assertIdentical(Context, ContextType)

358

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

359

360

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

361

def test_use_privatekey(self):

362

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

363

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

364

"""

365

key = PKey()

366

key.generate_key(TYPE_RSA, 128)

367

ctx = Context(TLSv1_METHOD)

368

ctx.use_privatekey(key)

369

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

370

371

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

372

def test_use_privatekey_file_missing(self):

373

"""

374

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

375

when passed the name of a file which does not exist.

376

"""

377

ctx = Context(TLSv1_METHOD)

378

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

379

380

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

381

if not PY3:

382

def test_use_privatekey_file_long(self):

383

"""

384

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

385

filetype of type :py:obj:`long` as well as :py:obj:`int`.

386

"""

387

pemfile = self.mktemp()

388

389

key = PKey()

390

key.generate_key(TYPE_RSA, 128)

391

392

with open(pemfile, "wt") as pem:

393

pem.write(

394

dump_privatekey(FILETYPE_PEM, key).decode("ascii"))

395

396

ctx = Context(TLSv1_METHOD)

397

ctx.use_privatekey_file(pemfile, long(FILETYPE_PEM))

398

399

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

400

def test_use_certificate_wrong_args(self):

401

"""

402

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

403

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

404

argument.

405

"""

406

ctx = Context(TLSv1_METHOD)

407

self.assertRaises(TypeError, ctx.use_certificate)

408

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

409

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

410

411

412

def test_use_certificate_uninitialized(self):

413

"""

414

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

415

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

416

initialized (ie, which does not actually have any certificate data).

417

"""

418

ctx = Context(TLSv1_METHOD)

419

self.assertRaises(Error, ctx.use_certificate, X509())

420

421

422

def test_use_certificate(self):

423

"""

424

:py:obj:`Context.use_certificate` sets the certificate which will be

425

used to identify connections created using the context.

426

"""

427

# TODO

428

# Hard to assert anything. But we could set a privatekey then ask

429

# OpenSSL if the cert and key agree using check_privatekey. Then as

430

# long as check_privatekey works right we're good...

431

ctx = Context(TLSv1_METHOD)

432

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

433

434

435

def test_use_certificate_file_wrong_args(self):

436

"""

437

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

438

called with zero arguments or more than two arguments, or if the first

439

argument is not a byte string or the second argumnent is not an integer.

440

"""

441

ctx = Context(TLSv1_METHOD)

442

self.assertRaises(TypeError, ctx.use_certificate_file)

443

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

444

self.assertRaises(

445

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

446

self.assertRaises(

447

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

448

self.assertRaises(

449

TypeError, ctx.use_certificate_file, b"somefile", object())

450

451

452

def test_use_certificate_file_missing(self):

453

"""

454

:py:obj:`Context.use_certificate_file` raises

455

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

456

exist.

457

"""

458

ctx = Context(TLSv1_METHOD)

459

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

460

461

462

def test_use_certificate_file(self):

463

"""

464

:py:obj:`Context.use_certificate` sets the certificate which will be

465

used to identify connections created using the context.

466

"""

467

# TODO

468

# Hard to assert anything. But we could set a privatekey then ask

469

# OpenSSL if the cert and key agree using check_privatekey. Then as

470

# long as check_privatekey works right we're good...

471

pem_filename = self.mktemp()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

472

with open(pem_filename, "wb") as pem_file:

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

473

pem_file.write(cleartextCertificatePEM)

474

475

ctx = Context(TLSv1_METHOD)

476

ctx.use_certificate_file(pem_filename)

477

478

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

479

if not PY3:

480

def test_use_certificate_file_long(self):

481

"""

482

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

483

filetype of type :py:obj:`long` as well as :py:obj:`int`.

484

"""

485

pem_filename = self.mktemp()

486

with open(pem_filename, "wb") as pem_file:

487

pem_file.write(cleartextCertificatePEM)

488

489

ctx = Context(TLSv1_METHOD)

490

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

491

492

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

493

def test_set_app_data_wrong_args(self):

494

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

495

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

496

one argument.

497

"""

498

context = Context(TLSv1_METHOD)

499

self.assertRaises(TypeError, context.set_app_data)

500

self.assertRaises(TypeError, context.set_app_data, None, None)

501

502

503

def test_get_app_data_wrong_args(self):

504

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

505

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

506

arguments.

507

"""

508

context = Context(TLSv1_METHOD)

509

self.assertRaises(TypeError, context.get_app_data, None)

510

511

512

def test_app_data(self):

513

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

514

:py:obj:`Context.set_app_data` stores an object for later retrieval using

515

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

516

"""

517

app_data = object()

518

context = Context(TLSv1_METHOD)

519

context.set_app_data(app_data)

520

self.assertIdentical(context.get_app_data(), app_data)

521

522

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

523

def test_set_options_wrong_args(self):

524

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

525

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

526

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

527

"""

528

context = Context(TLSv1_METHOD)

529

self.assertRaises(TypeError, context.set_options)

530

self.assertRaises(TypeError, context.set_options, None)

531

self.assertRaises(TypeError, context.set_options, 1, None)

532

533

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

534

def test_set_options(self):

535

"""

536

:py:obj:`Context.set_options` returns the new options value.

537

"""

538

context = Context(TLSv1_METHOD)

539

options = context.set_options(OP_NO_SSLv2)

540

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

545

"""

546

On Python 2 :py:obj:`Context.set_options` accepts values of type

547

:py:obj:`long` as well as :py:obj:`int`.

548

"""

549

context = Context(TLSv1_METHOD)

550

options = context.set_options(long(OP_NO_SSLv2))

551

self.assertTrue(OP_NO_SSLv2 & options)

552

553

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

554

def test_set_mode_wrong_args(self):

555

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

556

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

557

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

558

"""

559

context = Context(TLSv1_METHOD)

560

self.assertRaises(TypeError, context.set_mode)

561

self.assertRaises(TypeError, context.set_mode, None)

562

self.assertRaises(TypeError, context.set_mode, 1, None)

563

564

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

565

if MODE_RELEASE_BUFFERS is not None:

566

def test_set_mode(self):

567

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

568

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

569

set mode.

570

"""

571

context = Context(TLSv1_METHOD)

572

self.assertTrue(

573

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

574

575

if not PY3:

576

def test_set_mode_long(self):

577

"""

578

On Python 2 :py:obj:`Context.set_mode` accepts values of type

579

:py:obj:`long` as well as :py:obj:`int`.

580

"""

581

context = Context(TLSv1_METHOD)

582

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

583

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

584

else:

585

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

586

587

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

588

def test_set_timeout_wrong_args(self):

589

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

590

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

591

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

592

"""

593

context = Context(TLSv1_METHOD)

594

self.assertRaises(TypeError, context.set_timeout)

595

self.assertRaises(TypeError, context.set_timeout, None)

596

self.assertRaises(TypeError, context.set_timeout, 1, None)

597

598

599

def test_get_timeout_wrong_args(self):

600

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

601

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

602

"""

603

context = Context(TLSv1_METHOD)

604

self.assertRaises(TypeError, context.get_timeout, None)

605

606

607

def test_timeout(self):

608

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

609

:py:obj:`Context.set_timeout` sets the session timeout for all connections

610

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

611

value.

612

"""

613

context = Context(TLSv1_METHOD)

614

context.set_timeout(1234)

615

self.assertEquals(context.get_timeout(), 1234)

616

617

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

618

if not PY3:

619

def test_timeout_long(self):

620

"""

621

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

622

`long` as well as int.

623

"""

624

context = Context(TLSv1_METHOD)

625

context.set_timeout(long(1234))

626

self.assertEquals(context.get_timeout(), 1234)

627

628

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

629

def test_set_verify_depth_wrong_args(self):

630

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

631

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

632

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

633

"""

634

context = Context(TLSv1_METHOD)

635

self.assertRaises(TypeError, context.set_verify_depth)

636

self.assertRaises(TypeError, context.set_verify_depth, None)

637

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

638

639

640

def test_get_verify_depth_wrong_args(self):

641

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

642

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

643

"""

644

context = Context(TLSv1_METHOD)

645

self.assertRaises(TypeError, context.get_verify_depth, None)

646

647

648

def test_verify_depth(self):

649

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

650

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

651

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

652

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

653

"""

654

context = Context(TLSv1_METHOD)

655

context.set_verify_depth(11)

656

self.assertEquals(context.get_verify_depth(), 11)

657

658

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

659

if not PY3:

660

def test_verify_depth_long(self):

661

"""

662

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

663

type `long` as well as int.

664

"""

665

context = Context(TLSv1_METHOD)

666

context.set_verify_depth(long(11))

667

self.assertEquals(context.get_verify_depth(), 11)

668

669

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

670

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

671

"""

672

Write a new private key out to a new file, encrypted using the given

673

passphrase. Return the path to the new file.

674

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

675

key = PKey()

676

key.generate_key(TYPE_RSA, 128)

677

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

678

fObj = open(pemFile, 'w')

679

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

680

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

685

def test_set_passwd_cb_wrong_args(self):

686

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

687

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

688

wrong arguments or with a non-callable first argument.

689

"""

690

context = Context(TLSv1_METHOD)

691

self.assertRaises(TypeError, context.set_passwd_cb)

692

self.assertRaises(TypeError, context.set_passwd_cb, None)

693

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

694

695

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

696

def test_set_passwd_cb(self):

697

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

698

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

699

a private key is loaded from an encrypted PEM.

700

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

701

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

702

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

703

calledWith = []

704

def passphraseCallback(maxlen, verify, extra):

705

calledWith.append((maxlen, verify, extra))

706

return passphrase

707

context = Context(TLSv1_METHOD)

708

context.set_passwd_cb(passphraseCallback)

709

context.use_privatekey_file(pemFile)

710

self.assertTrue(len(calledWith), 1)

711

self.assertTrue(isinstance(calledWith[0][0], int))

712

self.assertTrue(isinstance(calledWith[0][1], int))

713

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

714

715

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

716

def test_passwd_callback_exception(self):

717

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

718

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

719

passphrase callback.

720

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

721

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

722

def passphraseCallback(maxlen, verify, extra):

723

raise RuntimeError("Sorry, I am a fail.")

724

725

context = Context(TLSv1_METHOD)

726

context.set_passwd_cb(passphraseCallback)

727

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

728

729

730

def test_passwd_callback_false(self):

731

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

732

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

733

passphrase callback returns a false value.

734

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

735

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

736

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

737

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

738

739

context = Context(TLSv1_METHOD)

740

context.set_passwd_cb(passphraseCallback)

741

self.assertRaises(Error, context.use_privatekey_file, pemFile)

742

743

744

def test_passwd_callback_non_string(self):

745

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

746

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

747

passphrase callback returns a true non-string value.

748

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

749

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

750

def passphraseCallback(maxlen, verify, extra):

751

return 10

752

753

context = Context(TLSv1_METHOD)

754

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

755

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

756

757

758

def test_passwd_callback_too_long(self):

759

"""

760

If the passphrase returned by the passphrase callback returns a string

761

longer than the indicated maximum length, it is truncated.

762

"""

763

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

764

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

765

pemFile = self._write_encrypted_pem(passphrase)

766

def passphraseCallback(maxlen, verify, extra):

767

assert maxlen == 1024

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

768

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

769

770

context = Context(TLSv1_METHOD)

771

context.set_passwd_cb(passphraseCallback)

772

# This shall succeed because the truncated result is the correct

773

# passphrase.

774

context.use_privatekey_file(pemFile)

775

776

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

777

def test_set_info_callback(self):

778

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

779

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

780

when certain information about an SSL connection is available.

781

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

782

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

783

784

clientSSL = Connection(Context(TLSv1_METHOD), client)

785

clientSSL.set_connect_state()

786

787

called = []

788

def info(conn, where, ret):

789

called.append((conn, where, ret))

790

context = Context(TLSv1_METHOD)

791

context.set_info_callback(info)

792

context.use_certificate(

793

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

794

context.use_privatekey(

795

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

796

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

797

serverSSL = Connection(context, server)

798

serverSSL.set_accept_state()

799

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

800

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

801

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

802

# The callback must always be called with a Connection instance as the

803

# first argument. It would probably be better to split this into

804

# separate tests for client and server side info callbacks so we could

805

# assert it is called with the right Connection instance. It would

806

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

807

notConnections = [

808

conn for (conn, where, ret) in called

809

if not isinstance(conn, Connection)]

810

self.assertEqual(

811

[], notConnections,

812

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

813

814

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

815

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

816

"""

817

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

818

its :py:obj:`load_verify_locations` method with the given arguments.

819

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

820

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

821

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

822

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

823

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

824

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

825

# Require that the server certificate verify properly or the

826

# connection will fail.

827

clientContext.set_verify(

828

VERIFY_PEER,

829

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

830

831

clientSSL = Connection(clientContext, client)

832

clientSSL.set_connect_state()

833

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

834

serverContext = Context(TLSv1_METHOD)

835

serverContext.use_certificate(

836

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

837

serverContext.use_privatekey(

838

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

839

840

serverSSL = Connection(serverContext, server)

841

serverSSL.set_accept_state()

842

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

843

# Without load_verify_locations above, the handshake

844

# will fail:

845

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

846

# 'certificate verify failed')]

847

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

848

849

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

850

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

851

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

852

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

853

def test_load_verify_file(self):

854

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

855

:py:obj:`Context.load_verify_locations` accepts a file name and uses the

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

856

certificates within for verification purposes.

857

"""

858

cafile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

859

fObj = open(cafile, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

860

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

861

fObj.close()

862

863

self._load_verify_locations_test(cafile)

864

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

865

866

def test_load_verify_invalid_file(self):

867

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

868

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

869

non-existent cafile.

870

"""

871

clientContext = Context(TLSv1_METHOD)

872

self.assertRaises(

873

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

874

875

876

def test_load_verify_directory(self):

877

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

878

:py:obj:`Context.load_verify_locations` accepts a directory name and uses

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

879

the certificates within for verification purposes.

880

"""

881

capath = self.mktemp()

882

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

883

# Hash values computed manually with c_rehash to avoid depending on

884

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

885

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

886

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

887

cafile = join(capath, name)

888

fObj = open(cafile, 'w')

889

fObj.write(cleartextCertificatePEM.decode('ascii'))

890

fObj.close()

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

891

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

892

self._load_verify_locations_test(None, capath)

893

894

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

895

def test_load_verify_locations_wrong_args(self):

896

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

897

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

898

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

899

"""

900

context = Context(TLSv1_METHOD)

901

self.assertRaises(TypeError, context.load_verify_locations)

902

self.assertRaises(TypeError, context.load_verify_locations, object())

903

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

904

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

905

906

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

907

if platform == "win32":

908

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

909

"See LP#404343 and LP#404344."

910

else:

911

def test_set_default_verify_paths(self):

912

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

913

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

914

certificate locations to be used for verification purposes.

915

"""

916

# Testing this requires a server with a certificate signed by one of

917

# the CAs in the platform CA location. Getting one of those costs

918

# money. Fortunately (or unfortunately, depending on your

919

# perspective), it's easy to think of a public server on the

920

# internet which has such a certificate. Connecting to the network

921

# in a unit test is bad, but it's the only way I can think of to

922

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

923

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

924

# Arg, verisign.com doesn't speak TLSv1

925

context = Context(SSLv3_METHOD)

926

context.set_default_verify_paths()

927

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

928

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

929

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

930

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

931

client = socket()

932

client.connect(('verisign.com', 443))

933

clientSSL = Connection(context, client)

934

clientSSL.set_connect_state()

935

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

936

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

937

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

938

939

940

def test_set_default_verify_paths_signature(self):

941

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

942

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

943

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

944

"""

945

context = Context(TLSv1_METHOD)

946

self.assertRaises(TypeError, context.set_default_verify_paths, None)

947

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

948

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

949

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

950

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

951

def test_add_extra_chain_cert_invalid_cert(self):

952

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

953

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

954

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

955

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

956

"""

957

context = Context(TLSv1_METHOD)

958

self.assertRaises(TypeError, context.add_extra_chain_cert)

959

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

960

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

961

962

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

963

def _handshake_test(self, serverContext, clientContext):

964

"""

965

Verify that a client and server created with the given contexts can

966

successfully handshake and communicate.

967

"""

968

serverSocket, clientSocket = socket_pair()

969

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

970

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

971

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

972

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

973

client = Connection(clientContext, clientSocket)

974

client.set_connect_state()

975

976

# Make them talk to each other.

977

# self._interactInMemory(client, server)

978

for i in range(3):

979

for s in [client, server]:

980

try:

981

s.do_handshake()

982

except WantReadError:

pass

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

986

def test_set_verify_callback_exception(self):

987

"""

988

If the verify callback passed to :py:obj:`Context.set_verify` raises an

989

exception, verification fails and the exception is propagated to the

990

caller of :py:obj:`Connection.do_handshake`.

991

"""

992

serverContext = Context(TLSv1_METHOD)

993

serverContext.use_privatekey(

994

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

995

serverContext.use_certificate(

996

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

997

998

clientContext = Context(TLSv1_METHOD)

999

def verify_callback(*args):

1000

raise Exception("silly verify failure")

1001

clientContext.set_verify(VERIFY_PEER, verify_callback)

1002

1003

exc = self.assertRaises(

1004

Exception, self._handshake_test, serverContext, clientContext)

1005

self.assertEqual("silly verify failure", str(exc))

1006

1007

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1008

def test_add_extra_chain_cert(self):

1009

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1010

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509` instance to add to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1011

the certificate chain.

1012

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1013

See :py:obj:`_create_certificate_chain` for the details of the certificate

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1014

chain tested.

1015

1016

The chain is tested by starting a server with scert and connecting

1017

to it with a client which trusts cacert and requires verification to

1018

succeed.

1019

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1020

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1021

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1022

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1023

# Dump the CA certificate to a file because that's the only way to load

1024

# it as a trusted CA in the client context.

1025

for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1026

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1027

fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1028

fObj.close()

1029

1030

for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1031

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1032

fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1033

fObj.close()

1034

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1035

# Create the server context

1036

serverContext = Context(TLSv1_METHOD)

1037

serverContext.use_privatekey(skey)

1038

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1039

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1040

serverContext.add_extra_chain_cert(icert)

1041

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1042

# Create the client

1043

clientContext = Context(TLSv1_METHOD)

1044

clientContext.set_verify(

1045

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1046

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1047

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1048

# Try it out.

1049

self._handshake_test(serverContext, clientContext)

1050

1051

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1052

def test_use_certificate_chain_file(self):

1053

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1054

:py:obj:`Context.use_certificate_chain_file` reads a certificate chain from

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1055

the specified file.

1056

1057

The chain is tested by starting a server with scert and connecting

1058

to it with a client which trusts cacert and requires verification to

1059

succeed.

1060

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1061

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1062

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1063

1064

# Write out the chain file.

1065

chainFile = self.mktemp()

Jean-Paul Calderone

d860798

2014-01-18 10:30:55 -0500

[diff] [blame]

1066

fObj = open(chainFile, 'wb')

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1067

# Most specific to least general.

Jean-Paul Calderone

d860798

2014-01-18 10:30:55 -0500

[diff] [blame]

1068

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1069

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1070

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1071

fObj.close()

1072

1073

serverContext = Context(TLSv1_METHOD)

1074

serverContext.use_certificate_chain_file(chainFile)

1075

serverContext.use_privatekey(skey)

1076

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1077

fObj = open('ca.pem', 'w')

1078

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1079

fObj.close()

1080

1081

clientContext = Context(TLSv1_METHOD)

1082

clientContext.set_verify(

1083

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1084

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1085

1086

self._handshake_test(serverContext, clientContext)

1087

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1088

1089

def test_use_certificate_chain_file_wrong_args(self):

1090

"""

1091

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1092

if passed zero or more than one argument or when passed a non-byte

1093

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1094

passed a bad chain file name (for example, the name of a file which does

1095

not exist).

1096

"""

1097

context = Context(TLSv1_METHOD)

1098

self.assertRaises(TypeError, context.use_certificate_chain_file)

1099

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1100

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1101

1102

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1103

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1104

# XXX load_client_ca

1105

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1106

1107

def test_get_verify_mode_wrong_args(self):

1108

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1109

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1110

arguments.

1111

"""

1112

context = Context(TLSv1_METHOD)

1113

self.assertRaises(TypeError, context.get_verify_mode, None)

1114

1115

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1116

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1117

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1118

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1119

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1120

"""

1121

context = Context(TLSv1_METHOD)

1122

self.assertEquals(context.get_verify_mode(), 0)

1123

context.set_verify(

1124

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1125

self.assertEquals(

1126

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1127

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1128

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1129

if not PY3:

1130

def test_set_verify_mode_long(self):

1131

"""

1132

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1133

type :py:obj:`long` as well as :py:obj:`int`.

1134

"""

1135

context = Context(TLSv1_METHOD)

1136

self.assertEquals(context.get_verify_mode(), 0)

1137

context.set_verify(

1138

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1139

self.assertEquals(

1140

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1141

1142

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1143

def test_load_tmp_dh_wrong_args(self):

1144

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1145

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1146

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1147

"""

1148

context = Context(TLSv1_METHOD)

1149

self.assertRaises(TypeError, context.load_tmp_dh)

1150

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1151

self.assertRaises(TypeError, context.load_tmp_dh, object())

1152

1153

1154

def test_load_tmp_dh_missing_file(self):

1155

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1156

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1157

does not exist.

1158

"""

1159

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1160

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1161

1162

1163

def test_load_tmp_dh(self):

1164

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1165

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1166

specified file.

1167

"""

1168

context = Context(TLSv1_METHOD)

1169

dhfilename = self.mktemp()

1170

dhfile = open(dhfilename, "w")

1171

dhfile.write(dhparam)

1172

dhfile.close()

1173

context.load_tmp_dh(dhfilename)

1174

# XXX What should I assert here? -exarkun

1175

1176

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1177

def test_set_tmp_ecdh_curve(self):

1178

"""

Jean-Paul Calderone

3dfd451

2014-04-17 16:02:19 -0400

[diff] [blame]

1179

:py:obj:`Context.set_tmp_ecdh_curve` sets the elliptic curve for

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1180

Diffie-Hellman to the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1181

"""

1182

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1183

for curve in get_elliptic_curves():

1184

# The only easily "assertable" thing is that it does not raise an

1185

# exception.

1186

context.set_tmp_ecdh_curve(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1187

1188

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1189

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1190

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1191

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1192

ciphers which connections created with the context object will be able

1193

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1194

"""

1195

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1196

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1197

conn = Connection(context, None)

1198

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1199

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1200

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1201

def test_set_cipher_list_text(self):

1202

"""

1203

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1204

the ciphers which connections created with the context object will be

1205

able to choose from.

1206

"""

1207

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1208

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1209

conn = Connection(context, None)

1210

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1211

1212

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1213

def test_set_cipher_list_wrong_args(self):

1214

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1215

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1216

passed zero arguments or more than one argument or when passed a

1217

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1218

passed an incorrect cipher list string.

1219

"""

1220

context = Context(TLSv1_METHOD)

1221

self.assertRaises(TypeError, context.set_cipher_list)

1222

self.assertRaises(TypeError, context.set_cipher_list, object())

1223

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1224

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1225

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1226

1227

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1228

def test_set_session_cache_mode_wrong_args(self):

1229

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1230

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1231

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1232

"""

1233

context = Context(TLSv1_METHOD)

1234

self.assertRaises(TypeError, context.set_session_cache_mode)

1235

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1236

1237

1238

def test_get_session_cache_mode_wrong_args(self):

1239

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1240

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1241

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1242

"""

1243

context = Context(TLSv1_METHOD)

1244

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1245

1246

1247

def test_session_cache_mode(self):

1248

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1249

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1250

cached. The setting can be retrieved via

1251

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1252

"""

1253

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1254

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1255

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1256

self.assertEqual(SESS_CACHE_OFF, off)

1257

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1258

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1259

if not PY3:

1260

def test_session_cache_mode_long(self):

1261

"""

1262

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1263

of type :py:obj:`long` as well as :py:obj:`int`.

1264

"""

1265

context = Context(TLSv1_METHOD)

1266

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1267

self.assertEqual(

1268

SESS_CACHE_BOTH, context.get_session_cache_mode())

1269

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1270

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1271

def test_get_cert_store(self):

1272

"""

1273

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1274

"""

1275

context = Context(TLSv1_METHOD)

1276

store = context.get_cert_store()

1277

self.assertIsInstance(store, X509Store)

1278

1279

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1280

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1281

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1282

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1283

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1284

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1285

"""

1286

def test_wrong_args(self):

1287

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1288

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1289

with other than one argument.

1290

"""

1291

context = Context(TLSv1_METHOD)

1292

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1293

self.assertRaises(

1294

TypeError, context.set_tlsext_servername_callback, 1, 2)

1295

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1296

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1297

def test_old_callback_forgotten(self):

1298

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1299

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1300

callback, the one it replaces is dereferenced.

1301

"""

1302

def callback(connection):

1303

pass

1304

1305

def replacement(connection):

1306

pass

1307

1308

context = Context(TLSv1_METHOD)

1309

context.set_tlsext_servername_callback(callback)

1310

1311

tracker = ref(callback)

1312

del callback

1313

1314

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1315

1316

# One run of the garbage collector happens to work on CPython. PyPy

1317

# doesn't collect the underlying object until a second run for whatever

1318

# reason. That's fine, it still demonstrates our code has properly

1319

# dropped the reference.

1320

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1321

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1322

1323

callback = tracker()

1324

if callback is not None:

1325

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1326

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1327

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1328

1329

1330

def test_no_servername(self):

1331

"""

1332

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1333

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1334

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1335

"""

1336

args = []

1337

def servername(conn):

1338

args.append((conn, conn.get_servername()))

1339

context = Context(TLSv1_METHOD)

1340

context.set_tlsext_servername_callback(servername)

1341

1342

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1348

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1349

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1350

1351

# Do a little connection to trigger the logic

1352

server = Connection(context, None)

1353

server.set_accept_state()

1354

1355

client = Connection(Context(TLSv1_METHOD), None)

1356

client.set_connect_state()

1357

1358

self._interactInMemory(server, client)

1359

1360

self.assertEqual([(server, None)], args)

1361

1362

1363

def test_servername(self):

1364

"""

1365

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1366

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1367

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1368

"""

1369

args = []

1370

def servername(conn):

1371

args.append((conn, conn.get_servername()))

1372

context = Context(TLSv1_METHOD)

1373

context.set_tlsext_servername_callback(servername)

1374

1375

# Necessary to actually accept the connection

1376

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1377

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1378

1379

# Do a little connection to trigger the logic

1380

server = Connection(context, None)

1381

server.set_accept_state()

1382

1383

client = Connection(Context(TLSv1_METHOD), None)

1384

client.set_connect_state()

1385

client.set_tlsext_host_name(b("foo1.example.com"))

1386

1387

self._interactInMemory(server, client)

1388

1389

self.assertEqual([(server, b("foo1.example.com"))], args)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

1393

class SessionTests(TestCase):

1394

"""

1395

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1396

"""

1397

def test_construction(self):

1398

"""

1399

:py:class:`Session` can be constructed with no arguments, creating a new

1400

instance of that type.

1401

"""

1402

new_session = Session()

1403

self.assertTrue(isinstance(new_session, Session))

1404

1405

1406

def test_construction_wrong_args(self):

1407

"""

1408

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

1409

is raised.

1410

"""

1411

self.assertRaises(TypeError, Session, 123)

1412

self.assertRaises(TypeError, Session, "hello")

1413

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1417

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1418

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1419

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1420

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1421

# XXX get_peer_certificate -> None

1422

# XXX sock_shutdown

1423

# XXX master_key -> TypeError

1424

# XXX server_random -> TypeError

1425

# XXX state_string

1426

# XXX connect -> TypeError

1427

# XXX connect_ex -> TypeError

1428

# XXX set_connect_state -> TypeError

1429

# XXX set_accept_state -> TypeError

1430

# XXX renegotiate_pending

1431

# XXX do_handshake -> TypeError

1432

# XXX bio_read -> TypeError

1433

# XXX recv -> TypeError

1434

# XXX send -> TypeError

1435

# XXX bio_write -> TypeError

1436

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1437

def test_type(self):

1438

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1439

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1440

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1441

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1442

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1443

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1444

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1445

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1446

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1447

def test_get_context(self):

1448

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1449

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

1450

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1451

"""

1452

context = Context(TLSv1_METHOD)

1453

connection = Connection(context, None)

1454

self.assertIdentical(connection.get_context(), context)

1455

1456

1457

def test_get_context_wrong_args(self):

1458

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1459

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1460

arguments.

1461

"""

1462

connection = Connection(Context(TLSv1_METHOD), None)

1463

self.assertRaises(TypeError, connection.get_context, None)

1464

1465

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1466

def test_set_context_wrong_args(self):

1467

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1468

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

1469

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1470

than 1.

1471

"""

1472

ctx = Context(TLSv1_METHOD)

1473

connection = Connection(ctx, None)

1474

self.assertRaises(TypeError, connection.set_context)

1475

self.assertRaises(TypeError, connection.set_context, object())

1476

self.assertRaises(TypeError, connection.set_context, "hello")

1477

self.assertRaises(TypeError, connection.set_context, 1)

1478

self.assertRaises(TypeError, connection.set_context, 1, 2)

1479

self.assertRaises(

1480

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

1481

self.assertIdentical(ctx, connection.get_context())

1482

1483

1484

def test_set_context(self):

1485

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1486

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1487

for the connection.

1488

"""

1489

original = Context(SSLv23_METHOD)

1490

replacement = Context(TLSv1_METHOD)

1491

connection = Connection(original, None)

1492

connection.set_context(replacement)

1493

self.assertIdentical(replacement, connection.get_context())

1494

# Lose our references to the contexts, just in case the Connection isn't

1495

# properly managing its own contributions to their reference counts.

1496

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

1501

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1502

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1503

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1504

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1505

"""

1506

conn = Connection(Context(TLSv1_METHOD), None)

1507

self.assertRaises(TypeError, conn.set_tlsext_host_name)

1508

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

1509

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

1510

self.assertRaises(

1511

TypeError, conn.set_tlsext_host_name, b("with\0null"))

1512

1513

if version_info >= (3,):

1514

# On Python 3.x, don't accidentally implicitly convert from text.

1515

self.assertRaises(

1516

TypeError,

1517

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1518

1519

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1520

def test_get_servername_wrong_args(self):

1521

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1522

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1523

arguments.

1524

"""

1525

connection = Connection(Context(TLSv1_METHOD), None)

1526

self.assertRaises(TypeError, connection.get_servername, object())

1527

self.assertRaises(TypeError, connection.get_servername, 1)

1528

self.assertRaises(TypeError, connection.get_servername, "hello")

1529

1530

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1531

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1532

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1533

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1534

immediate read.

1535

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1536

connection = Connection(Context(TLSv1_METHOD), None)

1537

self.assertEquals(connection.pending(), 0)

1538

1539

1540

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1541

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1542

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1543

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1544

connection = Connection(Context(TLSv1_METHOD), None)

1545

self.assertRaises(TypeError, connection.pending, None)

1546

1547

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1548

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1549

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1550

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1551

argument or with the wrong number of arguments.

1552

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1553

connection = Connection(Context(TLSv1_METHOD), socket())

1554

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1555

self.assertRaises(TypeError, connection.connect)

1556

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1557

1558

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1559

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1560

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1561

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1562

connect method raises it.

1563

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1564

client = socket()

1565

context = Context(TLSv1_METHOD)

1566

clientSSL = Connection(context, client)

1567

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

1568

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1569

1570

1571

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1572

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1573

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1574

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1580

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

1581

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1582

1583

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1584

if platform == "darwin":

1585

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

1586

else:

1587

def test_connect_ex(self):

1588

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1589

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1590

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1595

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1596

clientSSL = Connection(Context(TLSv1_METHOD), socket())

1597

clientSSL.setblocking(False)

1598

result = clientSSL.connect_ex(port.getsockname())

1599

expected = (EINPROGRESS, EWOULDBLOCK)

1600

self.assertTrue(

1601

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1602

1603

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1604

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1605

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1606

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1607

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1608

connection = Connection(Context(TLSv1_METHOD), socket())

1609

self.assertRaises(TypeError, connection.accept, None)

1610

1611

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1612

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1613

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1614

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

1615

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1616

connection originated from.

1617

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1618

ctx = Context(TLSv1_METHOD)

1619

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1620

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1621

port = socket()

1622

portSSL = Connection(ctx, port)

1623

portSSL.bind(('', 0))

1624

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1625

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1626

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1627

1628

# Calling portSSL.getsockname() here to get the server IP address sounds

1629

# great, but frequently fails on Windows.

1630

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1631

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1632

serverSSL, address = portSSL.accept()

1633

1634

self.assertTrue(isinstance(serverSSL, Connection))

1635

self.assertIdentical(serverSSL.get_context(), ctx)

1636

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1637

1638

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1639

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1640

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1641

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1642

number of arguments or with arguments other than integers.

1643

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1644

connection = Connection(Context(TLSv1_METHOD), None)

1645

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

1646

self.assertRaises(TypeError, connection.get_shutdown, None)

1647

self.assertRaises(TypeError, connection.set_shutdown)

1648

self.assertRaises(TypeError, connection.set_shutdown, None)

1649

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1650

1651

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1652

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1653

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1654

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1655

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1656

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1657

self.assertFalse(server.shutdown())

1658

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1659

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1660

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

1661

client.shutdown()

1662

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

1663

self.assertRaises(ZeroReturnError, server.recv, 1024)

1664

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1665

1666

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1667

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1668

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1669

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1670

process.

1671

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1672

connection = Connection(Context(TLSv1_METHOD), socket())

1673

connection.set_shutdown(RECEIVED_SHUTDOWN)

1674

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1675

1676

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

1677

if not PY3:

1678

def test_set_shutdown_long(self):

1679

"""

1680

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

1681

of type :py:obj:`long` as well as :py:obj:`int`.

1682

"""

1683

connection = Connection(Context(TLSv1_METHOD), socket())

1684

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

1685

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1686

1687

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1688

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1689

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1690

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

1691

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1692

with any arguments.

1693

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1694

conn = Connection(Context(TLSv1_METHOD), None)

1695

self.assertRaises(TypeError, conn.get_app_data, None)

1696

self.assertRaises(TypeError, conn.set_app_data)

1697

self.assertRaises(TypeError, conn.set_app_data, None, None)

1698

1699

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1700

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1701

"""

1702

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1703

:py:obj:`Connection.set_app_data` and later retrieved with

1704

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1705

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1706

conn = Connection(Context(TLSv1_METHOD), None)

1707

app_data = object()

1708

conn.set_app_data(app_data)

1709

self.assertIdentical(conn.get_app_data(), app_data)

1710

1711

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1712

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1713

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1714

:py:obj:`Connection.makefile` is not implemented and calling that method raises

1715

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1716

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1717

conn = Connection(Context(TLSv1_METHOD), None)

1718

self.assertRaises(NotImplementedError, conn.makefile)

1719

1720

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1721

def test_get_peer_cert_chain_wrong_args(self):

1722

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1723

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1724

arguments.

1725

"""

1726

conn = Connection(Context(TLSv1_METHOD), None)

1727

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

1728

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

1729

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

1730

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

1731

1732

1733

def test_get_peer_cert_chain(self):

1734

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1735

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1736

the connected server returned for the certification verification.

1737

"""

1738

chain = _create_certificate_chain()

1739

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1740

1741

serverContext = Context(TLSv1_METHOD)

1742

serverContext.use_privatekey(skey)

1743

serverContext.use_certificate(scert)

1744

serverContext.add_extra_chain_cert(icert)

1745

serverContext.add_extra_chain_cert(cacert)

1746

server = Connection(serverContext, None)

1747

server.set_accept_state()

1748

1749

# Create the client

1750

clientContext = Context(TLSv1_METHOD)

1751

clientContext.set_verify(VERIFY_NONE, verify_cb)

1752

client = Connection(clientContext, None)

1753

client.set_connect_state()

1754

1755

self._interactInMemory(client, server)

1756

1757

chain = client.get_peer_cert_chain()

1758

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1759

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1760

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1761

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1762

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1763

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1764

"Authority Certificate", chain[2].get_subject().CN)

1765

1766

1767

def test_get_peer_cert_chain_none(self):

1768

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1769

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1770

certificate chain.

1771

"""

1772

ctx = Context(TLSv1_METHOD)

1773

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1774

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1775

server = Connection(ctx, None)

1776

server.set_accept_state()

1777

client = Connection(Context(TLSv1_METHOD), None)

1778

client.set_connect_state()

1779

self._interactInMemory(client, server)

1780

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1781

1782

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1783

def test_get_session_wrong_args(self):

1784

"""

1785

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

1786

with any arguments.

1787

"""

1788

ctx = Context(TLSv1_METHOD)

1789

server = Connection(ctx, None)

1790

self.assertRaises(TypeError, server.get_session, 123)

1791

self.assertRaises(TypeError, server.get_session, "hello")

1792

self.assertRaises(TypeError, server.get_session, object())

1793

1794

1795

def test_get_session_unconnected(self):

1796

"""

1797

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

1798

an object which has not been connected.

1799

"""

1800

ctx = Context(TLSv1_METHOD)

1801

server = Connection(ctx, None)

1802

session = server.get_session()

1803

self.assertIdentical(None, session)

1804

1805

1806

def test_server_get_session(self):

1807

"""

1808

On the server side of a connection, :py:obj:`Connection.get_session`

1809

returns a :py:class:`Session` instance representing the SSL session for

1810

that connection.

1811

"""

1812

server, client = self._loopback()

1813

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1814

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1815

1816

1817

def test_client_get_session(self):

1818

"""

1819

On the client side of a connection, :py:obj:`Connection.get_session`

1820

returns a :py:class:`Session` instance representing the SSL session for

1821

that connection.

1822

"""

1823

server, client = self._loopback()

1824

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1825

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1826

1827

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

1828

def test_set_session_wrong_args(self):

1829

"""

1830

If called with an object that is not an instance of :py:class:`Session`,

1831

or with other than one argument, :py:obj:`Connection.set_session` raises

1832

:py:obj:`TypeError`.

1833

"""

1834

ctx = Context(TLSv1_METHOD)

1835

connection = Connection(ctx, None)

1836

self.assertRaises(TypeError, connection.set_session)

1837

self.assertRaises(TypeError, connection.set_session, 123)

1838

self.assertRaises(TypeError, connection.set_session, "hello")

1839

self.assertRaises(TypeError, connection.set_session, object())

1840

self.assertRaises(

1841

TypeError, connection.set_session, Session(), Session())

1842

1843

1844

def test_client_set_session(self):

1845

"""

1846

:py:obj:`Connection.set_session`, when used prior to a connection being

1847

established, accepts a :py:class:`Session` instance and causes an

1848

attempt to re-use the session it represents when the SSL handshake is

1849

performed.

1850

"""

1851

key = load_privatekey(FILETYPE_PEM, server_key_pem)

1852

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

1853

ctx = Context(TLSv1_METHOD)

1854

ctx.use_privatekey(key)

1855

ctx.use_certificate(cert)

1856

ctx.set_session_id("unity-test")

1857

1858

def makeServer(socket):

1859

server = Connection(ctx, socket)

1860

server.set_accept_state()

1861

return server

1862

1863

originalServer, originalClient = self._loopback(

1864

serverFactory=makeServer)

1865

originalSession = originalClient.get_session()

1866

1867

def makeClient(socket):

1868

client = self._loopbackClientFactory(socket)

1869

client.set_session(originalSession)

1870

return client

1871

resumedServer, resumedClient = self._loopback(

1872

serverFactory=makeServer,

1873

clientFactory=makeClient)

1874

1875

# This is a proxy: in general, we have no access to any unique

1876

# identifier for the session (new enough versions of OpenSSL expose a

1877

# hash which could be usable, but "new enough" is very, very new).

1878

# Instead, exploit the fact that the master key is re-used if the

1879

# session is re-used. As long as the master key for the two connections

1880

# is the same, the session was re-used!

1881

self.assertEqual(

1882

originalServer.master_key(), resumedServer.master_key())

1883

1884

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

1885

def test_set_session_wrong_method(self):

1886

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

1887

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

1888

instance associated with a context using a different SSL method than the

1889

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

1890

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

1891

"""

1892

key = load_privatekey(FILETYPE_PEM, server_key_pem)

1893

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

1894

ctx = Context(TLSv1_METHOD)

1895

ctx.use_privatekey(key)

1896

ctx.use_certificate(cert)

1897

ctx.set_session_id("unity-test")

1898

1899

def makeServer(socket):

1900

server = Connection(ctx, socket)

1901

server.set_accept_state()

1902

return server

1903

1904

originalServer, originalClient = self._loopback(

1905

serverFactory=makeServer)

1906

originalSession = originalClient.get_session()

1907

1908

def makeClient(socket):

1909

# Intentionally use a different, incompatible method here.

1910

client = Connection(Context(SSLv3_METHOD), socket)

1911

client.set_connect_state()

1912

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

1918

1919

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

1920

def test_wantWriteError(self):

1921

"""

1922

:py:obj:`Connection` methods which generate output raise

1923

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

1924

fail indicating a should-write state.

1925

"""

1926

client_socket, server_socket = socket_pair()

1927

# Fill up the client's send buffer so Connection won't be able to write

1928

# anything.

Jean-Paul Calderone

7d7c9c2

2014-02-18 16:38:26 -0500

[diff] [blame]

1929

msg = b"x" * 512

Jean-Paul Calderone

22c28b4

2014-02-18 16:40:34 -0500

[diff] [blame]

1930

for i in range(2048):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

1931

try:

1932

client_socket.send(msg)

1933

except error as e:

1934

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

1940

1941

ctx = Context(TLSv1_METHOD)

1942

conn = Connection(ctx, client_socket)

1943

# Client's speak first, so make it an SSL client

1944

conn.set_connect_state()

1945

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1949

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

1950

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

1951

:py:obj:`Connection.get_finished` returns :py:obj:`None` before TLS

1952

handshake is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

1953

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

1954

ctx = Context(TLSv1_METHOD)

1955

connection = Connection(ctx, None)

1956

self.assertEqual(connection.get_finished(), None)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1957

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

1958

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1959

def test_get_peer_finished_before_connect(self):

1960

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

1961

:py:obj:`Connection.get_peer_finished` returns :py:obj:`None` before

1962

TLS handshake is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1963

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1964

ctx = Context(TLSv1_METHOD)

1965

connection = Connection(ctx, None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

1966

self.assertEqual(connection.get_peer_finished(), None)

1967

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

1968

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1969

def test_get_finished(self):

1970

"""

1971

:py:obj:`Connection.get_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

1972

message send from client, or server. Finished messages are send during

1973

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1974

"""

1975

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

1976

server, client = self._loopback()

1977

1978

self.assertNotEqual(server.get_finished(), None)

1979

self.assertTrue(len(server.get_finished()) > 0)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1980

Jean-Paul Calderone

d979f23

2014-03-30 11:58:00 -0400

[diff] [blame]

1981

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1982

def test_get_peer_finished(self):

1983

"""

1984

:py:obj:`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

1985

message received from client, or server. Finished messages are send

1986

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1987

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1988

server, client = self._loopback()

1989

1990

self.assertNotEqual(server.get_peer_finished(), None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

1991

self.assertTrue(len(server.get_peer_finished()) > 0)

1992

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

1993

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1994

def test_tls_finished_message_symmetry(self):

1995

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

1996

The TLS Finished message send by server must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1997

received by client.

1998

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

1999

The TLS Finished message send by client must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2000

received by server.

2001

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2002

server, client = self._loopback()

2003

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2004

self.assertEqual(server.get_finished(), client.get_peer_finished())

2005

self.assertEqual(client.get_finished(), server.get_peer_finished())

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2006

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2007

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2008

def test_get_cipher_name_before_connect(self):

2009

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2010

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None` if no

2011

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2012

"""

2013

ctx = Context(TLSv1_METHOD)

2014

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2015

self.assertIdentical(conn.get_cipher_name(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2016

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2017

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2018

def test_get_cipher_name(self):

2019

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2020

:py:obj:`Connection.get_cipher_name` returns a :py:class:`unicode`

2021

string giving the name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2022

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2023

server, client = self._loopback()

2024

server_cipher_name, client_cipher_name = \

2025

server.get_cipher_name(), client.get_cipher_name()

2026

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2027

self.assertIsInstance(server_cipher_name, text_type)

2028

self.assertIsInstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2029

2030

self.assertEqual(server_cipher_name, client_cipher_name)

2031

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2032

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2033

def test_get_cipher_version_before_connect(self):

2034

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2035

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None` if no

2036

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2037

"""

2038

ctx = Context(TLSv1_METHOD)

2039

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2040

self.assertIdentical(conn.get_cipher_version(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2041

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2042

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2043

def test_get_cipher_version(self):

2044

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2045

:py:obj:`Connection.get_cipher_version` returns a :py:class:`unicode`

2046

string giving the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2047

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2048

server, client = self._loopback()

2049

server_cipher_version, client_cipher_version = \

2050

server.get_cipher_version(), client.get_cipher_version()

2051

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2052

self.assertIsInstance(server_cipher_version, text_type)

2053

self.assertIsInstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2054

2055

self.assertEqual(server_cipher_version, client_cipher_version)

2056

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2057

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2058

def test_get_cipher_bits_before_connect(self):

2059

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2060

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None` if no

2061

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2062

"""

2063

ctx = Context(TLSv1_METHOD)

2064

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2065

self.assertIdentical(conn.get_cipher_bits(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2066

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2067

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2068

def test_get_cipher_bits(self):

2069

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2070

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits

2071

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2072

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2073

server, client = self._loopback()

2074

server_cipher_bits, client_cipher_bits = \

2075

server.get_cipher_bits(), client.get_cipher_bits()

2076

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2077

self.assertIsInstance(server_cipher_bits, int)

2078

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2079

2080

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2081

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2082

2083

2084

class ConnectionGetCipherListTests(TestCase):

2085

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2086

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2087

"""

2088

def test_wrong_args(self):

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2089

"""

2090

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

2091

arguments.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2092

"""

2093

connection = Connection(Context(TLSv1_METHOD), None)

2094

self.assertRaises(TypeError, connection.get_cipher_list, None)

2095

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2096

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2097

def test_result(self):

2098

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2099

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2100

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2101

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2102

connection = Connection(Context(TLSv1_METHOD), None)

2103

ciphers = connection.get_cipher_list()

2104

self.assertTrue(isinstance(ciphers, list))

2105

for cipher in ciphers:

2106

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2110

class ConnectionSendTests(TestCase, _LoopbackMixin):

2111

"""

2112

Tests for :py:obj:`Connection.send`

2113

"""

2114

def test_wrong_args(self):

2115

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2116

When called with arguments other than string argument for its first

2117

parameter or more than two arguments, :py:obj:`Connection.send` raises

2118

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2119

"""

2120

connection = Connection(Context(TLSv1_METHOD), None)

2121

self.assertRaises(TypeError, connection.send)

2122

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2123

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2124

2125

2126

def test_short_bytes(self):

2127

"""

2128

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

2129

and returns the number of bytes sent.

2130

"""

2131

server, client = self._loopback()

2132

count = server.send(b('xy'))

2133

self.assertEquals(count, 2)

2134

self.assertEquals(client.recv(2), b('xy'))

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2140

else:

2141

def test_short_memoryview(self):

2142

"""

2143

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2144

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2145

bytes sent.

2146

"""

2147

server, client = self._loopback()

2148

count = server.send(memoryview(b('xy')))

2149

self.assertEquals(count, 2)

2150

self.assertEquals(client.recv(2), b('xy'))

2151

2152

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2153

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2154

class ConnectionSendallTests(TestCase, _LoopbackMixin):

2155

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2156

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2157

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2158

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2159

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2160

When called with arguments other than a string argument for its first

2161

parameter or with more than two arguments, :py:obj:`Connection.sendall`

2162

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2163

"""

2164

connection = Connection(Context(TLSv1_METHOD), None)

2165

self.assertRaises(TypeError, connection.sendall)

2166

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2167

self.assertRaises(

2168

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2169

2170

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2171

def test_short(self):

2172

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2173

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2174

it.

2175

"""

2176

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

2177

server.sendall(b('x'))

2178

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2179

2180

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2185

else:

2186

def test_short_memoryview(self):

2187

"""

2188

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2189

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2190

"""

2191

server, client = self._loopback()

2192

server.sendall(memoryview(b('x')))

2193

self.assertEquals(client.recv(1), b('x'))

2194

2195

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2196

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2197

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2198

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2199

it even if this requires multiple calls of an underlying write function.

2200

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2201

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

2202

# Should be enough, underlying SSL_write should only do 16k at a time.

2203

# On Windows, after 32k of bytes the write will block (forever - because

2204

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

2205

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2206

server.sendall(message)

2207

accum = []

2208

received = 0

2209

while received < len(message):

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

2210

data = client.recv(1024)

2211

accum.append(data)

2212

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

2213

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2214

2215

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2216

def test_closed(self):

2217

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2218

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2219

write error from the low level write call.

2220

"""

2221

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

2222

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2223

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2224

if platform == "win32":

2225

self.assertEqual(exc.args[0], ESHUTDOWN)

2226

else:

2227

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2228

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2229

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2230

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2231

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

2232

"""

2233

Tests for SSL renegotiation APIs.

2234

"""

2235

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2236

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2237

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2238

arguments.

2239

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2240

connection = Connection(Context(TLSv1_METHOD), None)

2241

self.assertRaises(TypeError, connection.renegotiate, None)

2242

2243

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2244

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2245

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2246

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2247

any arguments.

2248

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2249

connection = Connection(Context(TLSv1_METHOD), None)

2250

self.assertRaises(TypeError, connection.total_renegotiations, None)

2251

2252

2253

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2254

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2255

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2256

renegotiations have happened.

2257

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2258

connection = Connection(Context(TLSv1_METHOD), None)

2259

self.assertEquals(connection.total_renegotiations(), 0)

2260

2261

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2262

# def test_renegotiate(self):

2263

# """

2264

# """

2265

# server, client = self._loopback()

2266

2267

# server.send("hello world")

2268

# self.assertEquals(client.recv(len("hello world")), "hello world")

2269

2270

# self.assertEquals(server.total_renegotiations(), 0)

2271

# self.assertTrue(server.renegotiate())

2272

2273

# server.setblocking(False)

2274

# client.setblocking(False)

2275

# while server.renegotiate_pending():

2276

# client.do_handshake()

2277

# server.do_handshake()

2278

2279

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2284

class ErrorTests(TestCase):

2285

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2286

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2287

"""

2288

def test_type(self):

2289

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2290

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2291

"""

2292

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2293

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2297

class ConstantsTests(TestCase):

2298

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2299

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2300

2301

These are values defined by OpenSSL intended only to be used as flags to

2302

OpenSSL APIs. The only assertions it seems can be made about them is

2303

their values.

2304

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2305

# unittest.TestCase has no skip mechanism

2306

if OP_NO_QUERY_MTU is not None:

2307

def test_op_no_query_mtu(self):

2308

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2309

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2310

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2311

"""

2312

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

2313

else:

2314

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2315

2316

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2317

if OP_COOKIE_EXCHANGE is not None:

2318

def test_op_cookie_exchange(self):

2319

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2320

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2321

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2322

"""

2323

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

2324

else:

2325

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2326

2327

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2328

if OP_NO_TICKET is not None:

2329

def test_op_no_ticket(self):

2330

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2331

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2332

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2333

"""

2334

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

2335

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2336

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

2337

2338

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2339

if OP_NO_COMPRESSION is not None:

2340

def test_op_no_compression(self):

2341

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2342

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

2343

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2344

"""

2345

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

2346

else:

2347

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

2348

2349

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2350

def test_sess_cache_off(self):

2351

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2352

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

2353

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2354

"""

2355

self.assertEqual(0x0, SESS_CACHE_OFF)

2356

2357

2358

def test_sess_cache_client(self):

2359

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2360

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

2361

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2362

"""

2363

self.assertEqual(0x1, SESS_CACHE_CLIENT)

2364

2365

2366

def test_sess_cache_server(self):

2367

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2368

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

2369

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2370

"""

2371

self.assertEqual(0x2, SESS_CACHE_SERVER)

2372

2373

2374

def test_sess_cache_both(self):

2375

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2376

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

2377

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2378

"""

2379

self.assertEqual(0x3, SESS_CACHE_BOTH)

2380

2381

2382

def test_sess_cache_no_auto_clear(self):

2383

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2384

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

2385

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

2386

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2387

"""

2388

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

2389

2390

2391

def test_sess_cache_no_internal_lookup(self):

2392

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2393

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

2394

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

2395

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2396

"""

2397

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

2398

2399

2400

def test_sess_cache_no_internal_store(self):

2401

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2402

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

2403

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

2404

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2405

"""

2406

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

2407

2408

2409

def test_sess_cache_no_internal(self):

2410

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2411

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

2412

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

2413

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2414

"""

2415

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

2416

2417

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

2418

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2419

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2420

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2421

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2422

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2423

def _server(self, sock):

2424

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2425

Create a new server-side SSL :py:obj:`Connection` object wrapped around

2426

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2427

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2428

# Create the server side Connection. This is mostly setup boilerplate

2429

# - use TLSv1, use a particular certificate, etc.

2430

server_ctx = Context(TLSv1_METHOD)

2431

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2432

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2433

server_store = server_ctx.get_cert_store()

2434

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2435

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2436

server_ctx.check_privatekey()

2437

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2438

# Here the Connection is actually created. If None is passed as the 2nd

2439

# parameter, it indicates a memory BIO should be created.

2440

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2441

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2445

def _client(self, sock):

2446

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2447

Create a new client-side SSL :py:obj:`Connection` object wrapped around

2448

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2449

"""

2450

# Now create the client side Connection. Similar boilerplate to the

2451

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2452

client_ctx = Context(TLSv1_METHOD)

2453

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2454

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2455

client_store = client_ctx.get_cert_store()

2456

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

2457

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

2458

client_ctx.check_privatekey()

2459

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2460

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2461

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2465

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2466

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2467

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2468

reading from the output of each and writing those bytes to the input of

2469

the other and in this way establish a connection and exchange

2470

application-level bytes with each other.

2471

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2472

server_conn = self._server(None)

2473

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2474

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2475

# There should be no key or nonces yet.

2476

self.assertIdentical(server_conn.master_key(), None)

2477

self.assertIdentical(server_conn.client_random(), None)

2478

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2479

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2480

# First, the handshake needs to happen. We'll deliver bytes back and

2481

# forth between the client and server until neither of them feels like

2482

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2483

self.assertIdentical(

2484

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2485

2486

# Now that the handshake is done, there should be a key and nonces.

2487

self.assertNotIdentical(server_conn.master_key(), None)

2488

self.assertNotIdentical(server_conn.client_random(), None)

2489

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

2490

self.assertEquals(server_conn.client_random(), client_conn.client_random())

2491

self.assertEquals(server_conn.server_random(), client_conn.server_random())

2492

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

2493

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2494

2495

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2496

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2497

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2498

server_conn.write(important_message)

2499

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2500

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2501

(client_conn, important_message))

2502

2503

client_conn.write(important_message[::-1])

2504

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2505

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2506

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2507

2508

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2509

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2510

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2511

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2512

2513

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2514

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2515

this test fails, there must be a problem outside the memory BIO

2516

code, as no memory BIO is involved here). Even though this isn't a

2517

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2518

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

2519

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2520

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2521

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2522

client_conn.send(important_message)

2523

msg = server_conn.recv(1024)

2524

self.assertEqual(msg, important_message)

2525

2526

# Again in the other direction, just for fun.

2527

important_message = important_message[::-1]

2528

server_conn.send(important_message)

2529

msg = client_conn.recv(1024)

2530

self.assertEqual(msg, important_message)

2531

2532

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

2533

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2534

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2535

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

2536

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2537

"""

2538

context = Context(SSLv3_METHOD)

2539

client = socket()

2540

clientSSL = Connection(context, client)

2541

self.assertRaises( TypeError, clientSSL.bio_read, 100)

2542

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

2543

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2544

2545

2546

def test_outgoingOverflow(self):

2547

"""

2548

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2549

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2550

returned and that many bytes from the beginning of the input can be

2551

read from the other end of the connection.

2552

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2553

server = self._server(None)

2554

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2555

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2556

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2557

2558

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2559

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2560

# Sanity check. We're trying to test what happens when the entire

2561

# input can't be sent. If the entire input was sent, this test is

2562

# meaningless.

2563

self.assertTrue(sent < size)

2564

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2565

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2566

self.assertIdentical(receiver, server)

2567

2568

# We can rely on all of these bytes being received at once because

2569

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

2570

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2571

2572

2573

def test_shutdown(self):

2574

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2575

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

2576

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2577

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2578

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2579

server.bio_shutdown()

2580

e = self.assertRaises(Error, server.recv, 1024)

2581

# We don't want WantReadError or ZeroReturnError or anything - it's a

2582

# handshake failure.

2583

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2584

2585

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2586

def test_unexpectedEndOfFile(self):

2587

"""

2588

If the connection is lost before an orderly SSL shutdown occurs,

2589

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

2590

"Unexpected EOF".

2591

"""

2592

server_conn, client_conn = self._loopback()

2593

client_conn.sock_shutdown(SHUT_RDWR)

2594

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

2595

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

2596

2597

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2598

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2599

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2600

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2601

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

2602

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2603

before the client and server are connected to each other. This

2604

function should specify a list of CAs for the server to send to the

2605

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2606

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2607

times.

2608

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2609

server = self._server(None)

2610

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2611

self.assertEqual(client.get_client_ca_list(), [])

2612

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2613

ctx = server.get_context()

2614

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2615

self.assertEqual(client.get_client_ca_list(), [])

2616

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2617

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2618

self.assertEqual(client.get_client_ca_list(), expected)

2619

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2620

2621

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2622

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2623

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2624

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2625

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2626

"""

2627

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2628

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

2629

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

2630

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2631

2632

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2633

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2634

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2635

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2636

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2637

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2638

after the connection is set up.

2639

"""

2640

def no_ca(ctx):

2641

ctx.set_client_ca_list([])

2642

return []

2643

self._check_client_ca_list(no_ca)

2644

2645

2646

def test_set_one_ca_list(self):

2647

"""

2648

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2649

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2650

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2651

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2652

X509Name after the connection is set up.

2653

"""

2654

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2655

cadesc = cacert.get_subject()

2656

def single_ca(ctx):

2657

ctx.set_client_ca_list([cadesc])

2658

return [cadesc]

2659

self._check_client_ca_list(single_ca)

2660

2661

2662

def test_set_multiple_ca_list(self):

2663

"""

2664

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2665

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2666

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2667

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2668

X509Names after the connection is set up.

2669

"""

2670

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2671

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2672

2673

sedesc = secert.get_subject()

2674

cldesc = clcert.get_subject()

2675

2676

def multiple_ca(ctx):

2677

L = [sedesc, cldesc]

2678

ctx.set_client_ca_list(L)

2679

return L

2680

self._check_client_ca_list(multiple_ca)

2681

2682

2683

def test_reset_ca_list(self):

2684

"""

2685

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2686

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2687

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2688

"""

2689

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2690

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2691

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2692

2693

cadesc = cacert.get_subject()

2694

sedesc = secert.get_subject()

2695

cldesc = clcert.get_subject()

2696

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2697

def changed_ca(ctx):

2698

ctx.set_client_ca_list([sedesc, cldesc])

2699

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2700

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2701

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2702

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2703

2704

def test_mutated_ca_list(self):

2705

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2706

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2707

afterwards, this does not affect the list of CA names sent to the

2708

client.

2709

"""

2710

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2711

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2712

2713

cadesc = cacert.get_subject()

2714

sedesc = secert.get_subject()

2715

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2716

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2717

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2718

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2719

L.append(sedesc)

2720

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2721

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2722

2723

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2724

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2725

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2726

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2727

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2728

"""

2729

ctx = Context(TLSv1_METHOD)

2730

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2731

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2732

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2733

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2734

2735

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2736

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2737

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2738

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2739

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2740

"""

2741

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2742

cadesc = cacert.get_subject()

2743

def single_ca(ctx):

2744

ctx.add_client_ca(cacert)

2745

return [cadesc]

2746

self._check_client_ca_list(single_ca)

2747

2748

2749

def test_multiple_add_client_ca(self):

2750

"""

2751

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2752

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2753

"""

2754

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2755

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2756

2757

cadesc = cacert.get_subject()

2758

sedesc = secert.get_subject()

2759

2760

def multiple_ca(ctx):

2761

ctx.add_client_ca(cacert)

2762

ctx.add_client_ca(secert)

2763

return [cadesc, sedesc]

2764

self._check_client_ca_list(multiple_ca)

2765

2766

2767

def test_set_and_add_client_ca(self):

2768

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2769

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

2770

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2771

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2772

"""

2773

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2774

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2775

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2776

2777

cadesc = cacert.get_subject()

2778

sedesc = secert.get_subject()

2779

cldesc = clcert.get_subject()

2780

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2781

def mixed_set_add_ca(ctx):

2782

ctx.set_client_ca_list([cadesc, sedesc])

2783

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2784

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2785

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2786

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2787

2788

def test_set_after_add_client_ca(self):

2789

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2790

A call to :py:obj:`Context.set_client_ca_list` after a call to

2791

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2792

call with the names specified by the latter cal.

2793

"""

2794

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2795

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2796

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2797

2798

cadesc = cacert.get_subject()

2799

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2800

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2801

def set_replaces_add_ca(ctx):

2802

ctx.add_client_ca(clcert)

2803

ctx.set_client_ca_list([cadesc])

2804

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2805

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2806

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2807

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2808

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2809

2810

class ConnectionBIOTests(TestCase):

2811

"""

2812

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

2813

"""

2814

def test_wantReadError(self):

2815

"""

2816

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

2817

if there are no bytes available to be read from the BIO.

2818

"""

2819

ctx = Context(TLSv1_METHOD)

2820

conn = Connection(ctx, None)

2821

self.assertRaises(WantReadError, conn.bio_read, 1024)

2822

2823

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2824

def test_buffer_size(self):

2825

"""

2826

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

2827

number of bytes to read and return.

2828

"""

2829

ctx = Context(TLSv1_METHOD)

2830

conn = Connection(ctx, None)

2831

conn.set_connect_state()

2832

try:

2833

conn.do_handshake()

2834

except WantReadError:

2835

pass

2836

data = conn.bio_read(2)

2837

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

2842

"""

2843

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

2844

:py:obj:`long` as well as :py:obj:`int`.

2845

"""

2846

ctx = Context(TLSv1_METHOD)

2847

conn = Connection(ctx, None)

2848

conn.set_connect_state()

2849

try:

2850

conn.do_handshake()

2851

except WantReadError:

2852

pass

2853

data = conn.bio_read(long(2))

2854

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2858

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

2859

class InfoConstantTests(TestCase):

2860

"""

2861

Tests for assorted constants exposed for use in info callbacks.

2862

"""

2863

def test_integers(self):

2864

"""

2865

All of the info constants are integers.

2866

2867

This is a very weak test. It would be nice to have one that actually

2868

verifies that as certain info events happen, the value passed to the

2869

info callback matches up with the constant exposed by OpenSSL.SSL.

2870

"""

2871

for const in [

2872

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

2873

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

2874

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

2875

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

2876

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

2877

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

2878

2879

self.assertTrue(isinstance(const, int))

2880

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

2881

Jean-Paul Calderone