Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

5

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

8

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

9

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

10

from sys import platform, version_info

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

11

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

12

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

13

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

14

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

15

from weakref import ref

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

16

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

17

from six import PY3, text_type, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

18

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

19

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

20

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

21

from OpenSSL.crypto import dump_privatekey, load_privatekey

22

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

23

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

24

Jean-Paul Calderone

b41d1f4

2014-04-17 16:02:04 -0400

[diff] [blame]

25

from OpenSSL.SSL import _lib

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

26

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

27

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

28

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

29

from OpenSSL.SSL import (

30

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

31

TLSv1_1_METHOD, TLSv1_2_METHOD)

32

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

33

from OpenSSL.SSL import (

34

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

35

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

36

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

37

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

38

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

39

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

40

41

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

42

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

43

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

44

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

45

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

46

from OpenSSL.test.util import TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

47

from OpenSSL.test.test_crypto import (

48

cleartextCertificatePEM, cleartextPrivateKeyPEM)

49

from OpenSSL.test.test_crypto import (

50

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

51

root_cert_pem)

52

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

53

try:

54

from OpenSSL.SSL import OP_NO_QUERY_MTU

55

except ImportError:

56

OP_NO_QUERY_MTU = None

57

try:

58

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

59

except ImportError:

60

OP_COOKIE_EXCHANGE = None

61

try:

62

from OpenSSL.SSL import OP_NO_TICKET

63

except ImportError:

64

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

65

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

66

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

67

from OpenSSL.SSL import OP_NO_COMPRESSION

68

except ImportError:

69

OP_NO_COMPRESSION = None

70

71

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

72

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

73

except ImportError:

74

MODE_RELEASE_BUFFERS = None

75

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

76

try:

77

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

78

except ImportError:

79

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

80

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

81

from OpenSSL.SSL import (

82

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

83

SSL_ST_OK, SSL_ST_RENEGOTIATE,

84

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

85

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

86

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

87

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

88

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

89

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

90

# to use)

91

dhparam = """\

92

-----BEGIN DH PARAMETERS-----

93

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

94

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

98

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

99

return ok

100

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

101

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

102

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

103

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

104

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

105

"""

106

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

112

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

113

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

114

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

115

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

116

# Let's pass some unencrypted data to make sure our socket connection is

117

# fine. Just one byte, so we don't have to worry about buffers getting

118

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

119

server.send(b("x"))

120

assert client.recv(1024) == b("x")

121

client.send(b("y"))

122

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

123

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

124

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

125

server.setblocking(False)

126

client.setblocking(False)

127

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

128

return (server, client)

129

130

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

131

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

132

def handshake(client, server):

133

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

144

def _create_certificate_chain():

145

"""

146

Construct and return a chain of certificates.

147

148

1. A new self-signed certificate authority certificate (cacert)

149

2. A new intermediate certificate signed by cacert (icert)

150

3. A new server certificate signed by icert (scert)

151

"""

152

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

157

cacert = X509()

158

cacert.get_subject().commonName = "Authority Certificate"

159

cacert.set_issuer(cacert.get_subject())

160

cacert.set_pubkey(cakey)

161

cacert.set_notBefore(b("20000101000000Z"))

162

cacert.set_notAfter(b("20200101000000Z"))

163

cacert.add_extensions([caext])

164

cacert.set_serial_number(0)

165

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

170

icert = X509()

171

icert.get_subject().commonName = "Intermediate Certificate"

172

icert.set_issuer(cacert.get_subject())

173

icert.set_pubkey(ikey)

174

icert.set_notBefore(b("20000101000000Z"))

175

icert.set_notAfter(b("20200101000000Z"))

176

icert.add_extensions([caext])

177

icert.set_serial_number(0)

178

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

183

scert = X509()

184

scert.get_subject().commonName = "Server Certificate"

185

scert.set_issuer(icert.get_subject())

186

scert.set_pubkey(skey)

187

scert.set_notBefore(b("20000101000000Z"))

188

scert.set_notAfter(b("20200101000000Z"))

189

scert.add_extensions([

190

X509Extension(b('basicConstraints'), True, b('CA:false'))])

191

scert.set_serial_number(0)

192

scert.sign(ikey, "sha1")

193

194

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

198

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

199

"""

200

Helper mixin which defines methods for creating a connected socket pair and

201

for forcing two connected SSL sockets to talk to each other via memory BIOs.

202

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

203

def _loopbackClientFactory(self, socket):

204

client = Connection(Context(TLSv1_METHOD), socket)

205

client.set_connect_state()

206

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

207

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

208

209

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

210

ctx = Context(TLSv1_METHOD)

211

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

212

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

213

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

214

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

219

if serverFactory is None:

220

serverFactory = self._loopbackServerFactory

221

if clientFactory is None:

222

clientFactory = self._loopbackClientFactory

223

224

(server, client) = socket_pair()

225

server = serverFactory(server)

226

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

227

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

228

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

229

230

server.setblocking(True)

231

client.setblocking(True)

232

return server, client

233

234

235

def _interactInMemory(self, client_conn, server_conn):

236

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

237

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

238

objects. Copy bytes back and forth between their send/receive buffers

239

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

240

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

241

some application bytes, return a two-tuple of the connection from which

242

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

247

wrote = False

248

249

# Copy stuff from each side's send buffer to the other side's

250

# receive buffer.

251

for (read, write) in [(client_conn, server_conn),

252

(server_conn, client_conn)]:

253

254

# Give the side a chance to generate some more bytes, or

255

# succeed.

256

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

257

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

258

except WantReadError:

259

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

264

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

265

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

266

267

while True:

268

# Keep copying as long as there's more stuff there.

269

try:

270

dirty = read.bio_read(4096)

271

except WantReadError:

272

# Okay, nothing more waiting to be sent. Stop

273

# processing this send buffer.

274

break

275

else:

276

# Keep track of the fact that someone generated some

277

# output.

278

wrote = True

279

write.bio_write(dirty)

280

281

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

282

def _handshakeInMemory(self, client_conn, server_conn):

Jean-Paul Calderone

b2b4078

2014-05-06 08:47:40 -0400

[diff] [blame]

283

"""

284

Perform the TLS handshake between two :py:class:`Connection` instances

285

connected to each other via memory BIOs.

286

"""

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

287

client_conn.set_connect_state()

288

server_conn.set_accept_state()

289

290

for conn in [client_conn, server_conn]:

291

try:

292

conn.do_handshake()

293

except WantReadError:

294

pass

295

296

self._interactInMemory(client_conn, server_conn)

297

298

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

299

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

300

class VersionTests(TestCase):

301

"""

302

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

303

:py:obj:`OpenSSL.SSL.SSLeay_version` and

304

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

305

"""

306

def test_OPENSSL_VERSION_NUMBER(self):

307

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

308

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

309

byte and the patch, fix, minor, and major versions in the

310

nibbles above that.

311

"""

312

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

313

314

315

def test_SSLeay_version(self):

316

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

317

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

318

one of a number of version strings based on that indicator.

319

"""

320

versions = {}

321

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

322

SSLEAY_PLATFORM, SSLEAY_DIR]:

323

version = SSLeay_version(t)

324

versions[version] = t

325

self.assertTrue(isinstance(version, bytes))

326

self.assertEqual(len(versions), 5)

327

328

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

329

330

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

331

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

332

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

333

"""

334

def test_method(self):

335

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

336

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

337

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

338

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

339

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

340

methods = [

341

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

342

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

343

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

344

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

345

346

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

351

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

352

# don't. Difficult to say in advance.

353

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

354

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

355

self.assertRaises(TypeError, Context, "")

356

self.assertRaises(ValueError, Context, 10)

357

358

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

359

if not PY3:

360

def test_method_long(self):

361

"""

362

On Python 2 :py:class:`Context` accepts values of type

363

:py:obj:`long` as well as :py:obj:`int`.

364

"""

365

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

369

def test_type(self):

370

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

371

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

372

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

373

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

374

self.assertIdentical(Context, ContextType)

375

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

376

377

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

378

def test_use_privatekey(self):

379

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

380

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

381

"""

382

key = PKey()

383

key.generate_key(TYPE_RSA, 128)

384

ctx = Context(TLSv1_METHOD)

385

ctx.use_privatekey(key)

386

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

387

388

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

389

def test_use_privatekey_file_missing(self):

390

"""

391

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

392

when passed the name of a file which does not exist.

393

"""

394

ctx = Context(TLSv1_METHOD)

395

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

396

397

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

398

if not PY3:

399

def test_use_privatekey_file_long(self):

400

"""

401

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

402

filetype of type :py:obj:`long` as well as :py:obj:`int`.

403

"""

404

pemfile = self.mktemp()

405

406

key = PKey()

407

key.generate_key(TYPE_RSA, 128)

408

409

with open(pemfile, "wt") as pem:

410

pem.write(

411

dump_privatekey(FILETYPE_PEM, key).decode("ascii"))

412

413

ctx = Context(TLSv1_METHOD)

414

ctx.use_privatekey_file(pemfile, long(FILETYPE_PEM))

415

416

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

417

def test_use_certificate_wrong_args(self):

418

"""

419

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

420

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

421

argument.

422

"""

423

ctx = Context(TLSv1_METHOD)

424

self.assertRaises(TypeError, ctx.use_certificate)

425

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

426

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

427

428

429

def test_use_certificate_uninitialized(self):

430

"""

431

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

432

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

433

initialized (ie, which does not actually have any certificate data).

434

"""

435

ctx = Context(TLSv1_METHOD)

436

self.assertRaises(Error, ctx.use_certificate, X509())

437

438

439

def test_use_certificate(self):

440

"""

441

:py:obj:`Context.use_certificate` sets the certificate which will be

442

used to identify connections created using the context.

443

"""

444

# TODO

445

# Hard to assert anything. But we could set a privatekey then ask

446

# OpenSSL if the cert and key agree using check_privatekey. Then as

447

# long as check_privatekey works right we're good...

448

ctx = Context(TLSv1_METHOD)

449

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

450

451

452

def test_use_certificate_file_wrong_args(self):

453

"""

454

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

455

called with zero arguments or more than two arguments, or if the first

456

argument is not a byte string or the second argumnent is not an integer.

457

"""

458

ctx = Context(TLSv1_METHOD)

459

self.assertRaises(TypeError, ctx.use_certificate_file)

460

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

461

self.assertRaises(

462

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

463

self.assertRaises(

464

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

465

self.assertRaises(

466

TypeError, ctx.use_certificate_file, b"somefile", object())

467

468

469

def test_use_certificate_file_missing(self):

470

"""

471

:py:obj:`Context.use_certificate_file` raises

472

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

473

exist.

474

"""

475

ctx = Context(TLSv1_METHOD)

476

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

477

478

479

def test_use_certificate_file(self):

480

"""

481

:py:obj:`Context.use_certificate` sets the certificate which will be

482

used to identify connections created using the context.

483

"""

484

# TODO

485

# Hard to assert anything. But we could set a privatekey then ask

486

# OpenSSL if the cert and key agree using check_privatekey. Then as

487

# long as check_privatekey works right we're good...

488

pem_filename = self.mktemp()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

489

with open(pem_filename, "wb") as pem_file:

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

490

pem_file.write(cleartextCertificatePEM)

491

492

ctx = Context(TLSv1_METHOD)

493

ctx.use_certificate_file(pem_filename)

494

495

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

496

if not PY3:

497

def test_use_certificate_file_long(self):

498

"""

499

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

500

filetype of type :py:obj:`long` as well as :py:obj:`int`.

501

"""

502

pem_filename = self.mktemp()

503

with open(pem_filename, "wb") as pem_file:

504

pem_file.write(cleartextCertificatePEM)

505

506

ctx = Context(TLSv1_METHOD)

507

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

508

509

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

510

def test_set_app_data_wrong_args(self):

511

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

512

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

513

one argument.

514

"""

515

context = Context(TLSv1_METHOD)

516

self.assertRaises(TypeError, context.set_app_data)

517

self.assertRaises(TypeError, context.set_app_data, None, None)

518

519

520

def test_get_app_data_wrong_args(self):

521

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

522

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

523

arguments.

524

"""

525

context = Context(TLSv1_METHOD)

526

self.assertRaises(TypeError, context.get_app_data, None)

527

528

529

def test_app_data(self):

530

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

531

:py:obj:`Context.set_app_data` stores an object for later retrieval using

532

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

533

"""

534

app_data = object()

535

context = Context(TLSv1_METHOD)

536

context.set_app_data(app_data)

537

self.assertIdentical(context.get_app_data(), app_data)

538

539

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

540

def test_set_options_wrong_args(self):

541

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

542

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

543

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

544

"""

545

context = Context(TLSv1_METHOD)

546

self.assertRaises(TypeError, context.set_options)

547

self.assertRaises(TypeError, context.set_options, None)

548

self.assertRaises(TypeError, context.set_options, 1, None)

549

550

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

551

def test_set_options(self):

552

"""

553

:py:obj:`Context.set_options` returns the new options value.

554

"""

555

context = Context(TLSv1_METHOD)

556

options = context.set_options(OP_NO_SSLv2)

557

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

562

"""

563

On Python 2 :py:obj:`Context.set_options` accepts values of type

564

:py:obj:`long` as well as :py:obj:`int`.

565

"""

566

context = Context(TLSv1_METHOD)

567

options = context.set_options(long(OP_NO_SSLv2))

568

self.assertTrue(OP_NO_SSLv2 & options)

569

570

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

571

def test_set_mode_wrong_args(self):

572

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

573

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

574

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

575

"""

576

context = Context(TLSv1_METHOD)

577

self.assertRaises(TypeError, context.set_mode)

578

self.assertRaises(TypeError, context.set_mode, None)

579

self.assertRaises(TypeError, context.set_mode, 1, None)

580

581

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

582

if MODE_RELEASE_BUFFERS is not None:

583

def test_set_mode(self):

584

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

585

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

586

set mode.

587

"""

588

context = Context(TLSv1_METHOD)

589

self.assertTrue(

590

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

591

592

if not PY3:

593

def test_set_mode_long(self):

594

"""

595

On Python 2 :py:obj:`Context.set_mode` accepts values of type

596

:py:obj:`long` as well as :py:obj:`int`.

597

"""

598

context = Context(TLSv1_METHOD)

599

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

600

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

601

else:

602

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

603

604

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

605

def test_set_timeout_wrong_args(self):

606

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

607

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

608

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

609

"""

610

context = Context(TLSv1_METHOD)

611

self.assertRaises(TypeError, context.set_timeout)

612

self.assertRaises(TypeError, context.set_timeout, None)

613

self.assertRaises(TypeError, context.set_timeout, 1, None)

614

615

616

def test_get_timeout_wrong_args(self):

617

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

618

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

619

"""

620

context = Context(TLSv1_METHOD)

621

self.assertRaises(TypeError, context.get_timeout, None)

622

623

624

def test_timeout(self):

625

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

626

:py:obj:`Context.set_timeout` sets the session timeout for all connections

627

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

628

value.

629

"""

630

context = Context(TLSv1_METHOD)

631

context.set_timeout(1234)

632

self.assertEquals(context.get_timeout(), 1234)

633

634

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

635

if not PY3:

636

def test_timeout_long(self):

637

"""

638

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

639

`long` as well as int.

640

"""

641

context = Context(TLSv1_METHOD)

642

context.set_timeout(long(1234))

643

self.assertEquals(context.get_timeout(), 1234)

644

645

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

646

def test_set_verify_depth_wrong_args(self):

647

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

648

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

649

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

650

"""

651

context = Context(TLSv1_METHOD)

652

self.assertRaises(TypeError, context.set_verify_depth)

653

self.assertRaises(TypeError, context.set_verify_depth, None)

654

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

655

656

657

def test_get_verify_depth_wrong_args(self):

658

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

659

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

660

"""

661

context = Context(TLSv1_METHOD)

662

self.assertRaises(TypeError, context.get_verify_depth, None)

663

664

665

def test_verify_depth(self):

666

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

667

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

668

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

669

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

670

"""

671

context = Context(TLSv1_METHOD)

672

context.set_verify_depth(11)

673

self.assertEquals(context.get_verify_depth(), 11)

674

675

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

676

if not PY3:

677

def test_verify_depth_long(self):

678

"""

679

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

680

type `long` as well as int.

681

"""

682

context = Context(TLSv1_METHOD)

683

context.set_verify_depth(long(11))

684

self.assertEquals(context.get_verify_depth(), 11)

685

686

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

687

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

688

"""

689

Write a new private key out to a new file, encrypted using the given

690

passphrase. Return the path to the new file.

691

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

692

key = PKey()

693

key.generate_key(TYPE_RSA, 128)

694

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

695

fObj = open(pemFile, 'w')

696

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

697

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

702

def test_set_passwd_cb_wrong_args(self):

703

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

704

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

705

wrong arguments or with a non-callable first argument.

706

"""

707

context = Context(TLSv1_METHOD)

708

self.assertRaises(TypeError, context.set_passwd_cb)

709

self.assertRaises(TypeError, context.set_passwd_cb, None)

710

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

711

712

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

713

def test_set_passwd_cb(self):

714

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

715

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

716

a private key is loaded from an encrypted PEM.

717

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

718

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

719

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

720

calledWith = []

721

def passphraseCallback(maxlen, verify, extra):

722

calledWith.append((maxlen, verify, extra))

723

return passphrase

724

context = Context(TLSv1_METHOD)

725

context.set_passwd_cb(passphraseCallback)

726

context.use_privatekey_file(pemFile)

727

self.assertTrue(len(calledWith), 1)

728

self.assertTrue(isinstance(calledWith[0][0], int))

729

self.assertTrue(isinstance(calledWith[0][1], int))

730

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

731

732

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

733

def test_passwd_callback_exception(self):

734

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

735

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

736

passphrase callback.

737

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

738

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

739

def passphraseCallback(maxlen, verify, extra):

740

raise RuntimeError("Sorry, I am a fail.")

741

742

context = Context(TLSv1_METHOD)

743

context.set_passwd_cb(passphraseCallback)

744

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

745

746

747

def test_passwd_callback_false(self):

748

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

749

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

750

passphrase callback returns a false value.

751

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

752

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

753

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

754

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

755

756

context = Context(TLSv1_METHOD)

757

context.set_passwd_cb(passphraseCallback)

758

self.assertRaises(Error, context.use_privatekey_file, pemFile)

759

760

761

def test_passwd_callback_non_string(self):

762

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

763

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

764

passphrase callback returns a true non-string value.

765

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

766

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

767

def passphraseCallback(maxlen, verify, extra):

768

return 10

769

770

context = Context(TLSv1_METHOD)

771

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

772

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

773

774

775

def test_passwd_callback_too_long(self):

776

"""

777

If the passphrase returned by the passphrase callback returns a string

778

longer than the indicated maximum length, it is truncated.

779

"""

780

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

781

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

782

pemFile = self._write_encrypted_pem(passphrase)

783

def passphraseCallback(maxlen, verify, extra):

784

assert maxlen == 1024

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

785

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

786

787

context = Context(TLSv1_METHOD)

788

context.set_passwd_cb(passphraseCallback)

789

# This shall succeed because the truncated result is the correct

790

# passphrase.

791

context.use_privatekey_file(pemFile)

792

793

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

794

def test_set_info_callback(self):

795

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

796

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

797

when certain information about an SSL connection is available.

798

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

799

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

800

801

clientSSL = Connection(Context(TLSv1_METHOD), client)

802

clientSSL.set_connect_state()

803

804

called = []

805

def info(conn, where, ret):

806

called.append((conn, where, ret))

807

context = Context(TLSv1_METHOD)

808

context.set_info_callback(info)

809

context.use_certificate(

810

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

811

context.use_privatekey(

812

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

813

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

814

serverSSL = Connection(context, server)

815

serverSSL.set_accept_state()

816

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

817

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

818

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

819

# The callback must always be called with a Connection instance as the

820

# first argument. It would probably be better to split this into

821

# separate tests for client and server side info callbacks so we could

822

# assert it is called with the right Connection instance. It would

823

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

824

notConnections = [

825

conn for (conn, where, ret) in called

826

if not isinstance(conn, Connection)]

827

self.assertEqual(

828

[], notConnections,

829

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

830

831

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

832

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

833

"""

834

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

835

its :py:obj:`load_verify_locations` method with the given arguments.

836

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

837

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

838

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

839

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

840

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

841

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

842

# Require that the server certificate verify properly or the

843

# connection will fail.

844

clientContext.set_verify(

845

VERIFY_PEER,

846

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

847

848

clientSSL = Connection(clientContext, client)

849

clientSSL.set_connect_state()

850

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

851

serverContext = Context(TLSv1_METHOD)

852

serverContext.use_certificate(

853

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

854

serverContext.use_privatekey(

855

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

856

857

serverSSL = Connection(serverContext, server)

858

serverSSL.set_accept_state()

859

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

860

# Without load_verify_locations above, the handshake

861

# will fail:

862

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

863

# 'certificate verify failed')]

864

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

865

866

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

867

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

868

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

869

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

870

def test_load_verify_file(self):

871

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

872

:py:obj:`Context.load_verify_locations` accepts a file name and uses the

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

873

certificates within for verification purposes.

874

"""

875

cafile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

876

fObj = open(cafile, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

877

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

878

fObj.close()

879

880

self._load_verify_locations_test(cafile)

881

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

882

883

def test_load_verify_invalid_file(self):

884

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

885

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

886

non-existent cafile.

887

"""

888

clientContext = Context(TLSv1_METHOD)

889

self.assertRaises(

890

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

891

892

893

def test_load_verify_directory(self):

894

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

895

:py:obj:`Context.load_verify_locations` accepts a directory name and uses

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

896

the certificates within for verification purposes.

897

"""

898

capath = self.mktemp()

899

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

900

# Hash values computed manually with c_rehash to avoid depending on

901

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

902

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

903

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

904

cafile = join(capath, name)

905

fObj = open(cafile, 'w')

906

fObj.write(cleartextCertificatePEM.decode('ascii'))

907

fObj.close()

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

908

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

909

self._load_verify_locations_test(None, capath)

910

911

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

912

def test_load_verify_locations_wrong_args(self):

913

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

914

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

915

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

916

"""

917

context = Context(TLSv1_METHOD)

918

self.assertRaises(TypeError, context.load_verify_locations)

919

self.assertRaises(TypeError, context.load_verify_locations, object())

920

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

921

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

922

923

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

924

if platform == "win32":

925

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

926

"See LP#404343 and LP#404344."

927

else:

928

def test_set_default_verify_paths(self):

929

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

930

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

931

certificate locations to be used for verification purposes.

932

"""

933

# Testing this requires a server with a certificate signed by one of

934

# the CAs in the platform CA location. Getting one of those costs

935

# money. Fortunately (or unfortunately, depending on your

936

# perspective), it's easy to think of a public server on the

937

# internet which has such a certificate. Connecting to the network

938

# in a unit test is bad, but it's the only way I can think of to

939

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

940

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

941

# Arg, verisign.com doesn't speak TLSv1

942

context = Context(SSLv3_METHOD)

943

context.set_default_verify_paths()

944

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

945

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

946

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

947

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

948

client = socket()

949

client.connect(('verisign.com', 443))

950

clientSSL = Connection(context, client)

951

clientSSL.set_connect_state()

952

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

953

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

954

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

955

956

957

def test_set_default_verify_paths_signature(self):

958

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

959

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

960

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

961

"""

962

context = Context(TLSv1_METHOD)

963

self.assertRaises(TypeError, context.set_default_verify_paths, None)

964

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

965

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

966

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

967

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

968

def test_add_extra_chain_cert_invalid_cert(self):

969

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

970

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

971

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

972

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

973

"""

974

context = Context(TLSv1_METHOD)

975

self.assertRaises(TypeError, context.add_extra_chain_cert)

976

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

977

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

978

979

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

980

def _handshake_test(self, serverContext, clientContext):

981

"""

982

Verify that a client and server created with the given contexts can

983

successfully handshake and communicate.

984

"""

985

serverSocket, clientSocket = socket_pair()

986

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

987

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

988

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

989

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

990

client = Connection(clientContext, clientSocket)

991

client.set_connect_state()

992

993

# Make them talk to each other.

994

# self._interactInMemory(client, server)

995

for i in range(3):

996

for s in [client, server]:

997

try:

998

s.do_handshake()

999

except WantReadError:

pass

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1003

def test_set_verify_callback_connection_argument(self):

1004

"""

1005

The first argument passed to the verify callback is the

1006

:py:class:`Connection` instance for which verification is taking place.

1007

"""

1008

serverContext = Context(TLSv1_METHOD)

1009

serverContext.use_privatekey(

1010

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1011

serverContext.use_certificate(

1012

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1013

serverConnection = Connection(serverContext, None)

1014

1015

class VerifyCallback(object):

1016

def callback(self, connection, *args):

1017

self.connection = connection

1018

return 1

1019

1020

verify = VerifyCallback()

1021

clientContext = Context(TLSv1_METHOD)

1022

clientContext.set_verify(VERIFY_PEER, verify.callback)

1023

clientConnection = Connection(clientContext, None)

1024

clientConnection.set_connect_state()

1025

1026

self._handshakeInMemory(clientConnection, serverConnection)

1027

1028

self.assertIdentical(verify.connection, clientConnection)

1029

1030

Jean-Paul Calderone

7e166fe

2013-03-06 20:54:38 -0800

[diff] [blame]

1031

def test_set_verify_callback_exception(self):

1032

"""

1033

If the verify callback passed to :py:obj:`Context.set_verify` raises an

1034

exception, verification fails and the exception is propagated to the

1035

caller of :py:obj:`Connection.do_handshake`.

1036

"""

1037

serverContext = Context(TLSv1_METHOD)

1038

serverContext.use_privatekey(

1039

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1040

serverContext.use_certificate(

1041

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1042

1043

clientContext = Context(TLSv1_METHOD)

1044

def verify_callback(*args):

1045

raise Exception("silly verify failure")

1046

clientContext.set_verify(VERIFY_PEER, verify_callback)

1047

1048

exc = self.assertRaises(

1049

Exception, self._handshake_test, serverContext, clientContext)

1050

self.assertEqual("silly verify failure", str(exc))

1051

1052

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1053

def test_add_extra_chain_cert(self):

1054

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1055

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509` instance to add to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1056

the certificate chain.

1057

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1058

See :py:obj:`_create_certificate_chain` for the details of the certificate

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1059

chain tested.

1060

1061

The chain is tested by starting a server with scert and connecting

1062

to it with a client which trusts cacert and requires verification to

1063

succeed.

1064

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1065

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1066

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1067

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1068

# Dump the CA certificate to a file because that's the only way to load

1069

# it as a trusted CA in the client context.

1070

for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1071

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1072

fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1073

fObj.close()

1074

1075

for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1076

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1077

fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1078

fObj.close()

1079

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1080

# Create the server context

1081

serverContext = Context(TLSv1_METHOD)

1082

serverContext.use_privatekey(skey)

1083

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1084

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1085

serverContext.add_extra_chain_cert(icert)

1086

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1087

# Create the client

1088

clientContext = Context(TLSv1_METHOD)

1089

clientContext.set_verify(

1090

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1091

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1092

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1093

# Try it out.

1094

self._handshake_test(serverContext, clientContext)

1095

1096

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1097

def test_use_certificate_chain_file(self):

1098

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1099

:py:obj:`Context.use_certificate_chain_file` reads a certificate chain from

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1100

the specified file.

1101

1102

The chain is tested by starting a server with scert and connecting

1103

to it with a client which trusts cacert and requires verification to

1104

succeed.

1105

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1106

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1107

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1108

1109

# Write out the chain file.

1110

chainFile = self.mktemp()

Jean-Paul Calderone

d860798

2014-01-18 10:30:55 -0500

[diff] [blame]

1111

fObj = open(chainFile, 'wb')

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1112

# Most specific to least general.

Jean-Paul Calderone

d860798

2014-01-18 10:30:55 -0500

[diff] [blame]

1113

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1114

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1115

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1116

fObj.close()

1117

1118

serverContext = Context(TLSv1_METHOD)

1119

serverContext.use_certificate_chain_file(chainFile)

1120

serverContext.use_privatekey(skey)

1121

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1122

fObj = open('ca.pem', 'w')

1123

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1124

fObj.close()

1125

1126

clientContext = Context(TLSv1_METHOD)

1127

clientContext.set_verify(

1128

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1129

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1130

1131

self._handshake_test(serverContext, clientContext)

1132

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1133

1134

def test_use_certificate_chain_file_wrong_args(self):

1135

"""

1136

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1137

if passed zero or more than one argument or when passed a non-byte

1138

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1139

passed a bad chain file name (for example, the name of a file which does

1140

not exist).

1141

"""

1142

context = Context(TLSv1_METHOD)

1143

self.assertRaises(TypeError, context.use_certificate_chain_file)

1144

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1145

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1146

1147

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1148

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1149

# XXX load_client_ca

1150

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1151

1152

def test_get_verify_mode_wrong_args(self):

1153

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1154

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1155

arguments.

1156

"""

1157

context = Context(TLSv1_METHOD)

1158

self.assertRaises(TypeError, context.get_verify_mode, None)

1159

1160

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1161

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1162

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1163

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1164

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1165

"""

1166

context = Context(TLSv1_METHOD)

1167

self.assertEquals(context.get_verify_mode(), 0)

1168

context.set_verify(

1169

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1170

self.assertEquals(

1171

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1172

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1173

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1174

if not PY3:

1175

def test_set_verify_mode_long(self):

1176

"""

1177

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1178

type :py:obj:`long` as well as :py:obj:`int`.

1179

"""

1180

context = Context(TLSv1_METHOD)

1181

self.assertEquals(context.get_verify_mode(), 0)

1182

context.set_verify(

1183

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1184

self.assertEquals(

1185

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1186

1187

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1188

def test_load_tmp_dh_wrong_args(self):

1189

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1190

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1191

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1192

"""

1193

context = Context(TLSv1_METHOD)

1194

self.assertRaises(TypeError, context.load_tmp_dh)

1195

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1196

self.assertRaises(TypeError, context.load_tmp_dh, object())

1197

1198

1199

def test_load_tmp_dh_missing_file(self):

1200

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1201

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1202

does not exist.

1203

"""

1204

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1205

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1206

1207

1208

def test_load_tmp_dh(self):

1209

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1210

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1211

specified file.

1212

"""

1213

context = Context(TLSv1_METHOD)

1214

dhfilename = self.mktemp()

1215

dhfile = open(dhfilename, "w")

1216

dhfile.write(dhparam)

1217

dhfile.close()

1218

context.load_tmp_dh(dhfilename)

1219

# XXX What should I assert here? -exarkun

1220

1221

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1222

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1223

"""

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1224

:py:obj:`Context.set_tmp_ecdh` sets the elliptic curve for

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1225

Diffie-Hellman to the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1226

"""

1227

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1228

for curve in get_elliptic_curves():

1229

# The only easily "assertable" thing is that it does not raise an

1230

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1231

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1232

1233

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1234

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1235

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1236

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1237

ciphers which connections created with the context object will be able

1238

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1239

"""

1240

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1241

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1242

conn = Connection(context, None)

1243

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1244

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1245

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1246

def test_set_cipher_list_text(self):

1247

"""

1248

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1249

the ciphers which connections created with the context object will be

1250

able to choose from.

1251

"""

1252

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1253

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1254

conn = Connection(context, None)

1255

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1256

1257

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1258

def test_set_cipher_list_wrong_args(self):

1259

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1260

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1261

passed zero arguments or more than one argument or when passed a

1262

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1263

passed an incorrect cipher list string.

1264

"""

1265

context = Context(TLSv1_METHOD)

1266

self.assertRaises(TypeError, context.set_cipher_list)

1267

self.assertRaises(TypeError, context.set_cipher_list, object())

1268

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1269

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1270

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1271

1272

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1273

def test_set_session_cache_mode_wrong_args(self):

1274

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1275

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1276

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1277

"""

1278

context = Context(TLSv1_METHOD)

1279

self.assertRaises(TypeError, context.set_session_cache_mode)

1280

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1281

1282

1283

def test_get_session_cache_mode_wrong_args(self):

1284

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1285

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1286

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1287

"""

1288

context = Context(TLSv1_METHOD)

1289

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1290

1291

1292

def test_session_cache_mode(self):

1293

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1294

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1295

cached. The setting can be retrieved via

1296

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1297

"""

1298

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1299

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1300

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1301

self.assertEqual(SESS_CACHE_OFF, off)

1302

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1303

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1304

if not PY3:

1305

def test_session_cache_mode_long(self):

1306

"""

1307

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1308

of type :py:obj:`long` as well as :py:obj:`int`.

1309

"""

1310

context = Context(TLSv1_METHOD)

1311

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1312

self.assertEqual(

1313

SESS_CACHE_BOTH, context.get_session_cache_mode())

1314

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1315

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1316

def test_get_cert_store(self):

1317

"""

1318

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1319

"""

1320

context = Context(TLSv1_METHOD)

1321

store = context.get_cert_store()

1322

self.assertIsInstance(store, X509Store)

1323

1324

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1325

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1326

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1327

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1328

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1329

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1330

"""

1331

def test_wrong_args(self):

1332

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1333

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1334

with other than one argument.

1335

"""

1336

context = Context(TLSv1_METHOD)

1337

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1338

self.assertRaises(

1339

TypeError, context.set_tlsext_servername_callback, 1, 2)

1340

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1341

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1342

def test_old_callback_forgotten(self):

1343

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1344

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1345

callback, the one it replaces is dereferenced.

1346

"""

1347

def callback(connection):

1348

pass

1349

1350

def replacement(connection):

1351

pass

1352

1353

context = Context(TLSv1_METHOD)

1354

context.set_tlsext_servername_callback(callback)

1355

1356

tracker = ref(callback)

1357

del callback

1358

1359

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1360

1361

# One run of the garbage collector happens to work on CPython. PyPy

1362

# doesn't collect the underlying object until a second run for whatever

1363

# reason. That's fine, it still demonstrates our code has properly

1364

# dropped the reference.

1365

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1366

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1367

1368

callback = tracker()

1369

if callback is not None:

1370

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1371

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1372

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1373

1374

1375

def test_no_servername(self):

1376

"""

1377

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1378

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1379

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1380

"""

1381

args = []

1382

def servername(conn):

1383

args.append((conn, conn.get_servername()))

1384

context = Context(TLSv1_METHOD)

1385

context.set_tlsext_servername_callback(servername)

1386

1387

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1393

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1394

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1395

1396

# Do a little connection to trigger the logic

1397

server = Connection(context, None)

1398

server.set_accept_state()

1399

1400

client = Connection(Context(TLSv1_METHOD), None)

1401

client.set_connect_state()

1402

1403

self._interactInMemory(server, client)

1404

1405

self.assertEqual([(server, None)], args)

1406

1407

1408

def test_servername(self):

1409

"""

1410

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1411

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1412

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1413

"""

1414

args = []

1415

def servername(conn):

1416

args.append((conn, conn.get_servername()))

1417

context = Context(TLSv1_METHOD)

1418

context.set_tlsext_servername_callback(servername)

1419

1420

# Necessary to actually accept the connection

1421

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1422

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1423

1424

# Do a little connection to trigger the logic

1425

server = Connection(context, None)

1426

server.set_accept_state()

1427

1428

client = Connection(Context(TLSv1_METHOD), None)

1429

client.set_connect_state()

1430

client.set_tlsext_host_name(b("foo1.example.com"))

1431

1432

self._interactInMemory(server, client)

1433

1434

self.assertEqual([(server, b("foo1.example.com"))], args)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

1438

class SessionTests(TestCase):

1439

"""

1440

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1441

"""

1442

def test_construction(self):

1443

"""

1444

:py:class:`Session` can be constructed with no arguments, creating a new

1445

instance of that type.

1446

"""

1447

new_session = Session()

1448

self.assertTrue(isinstance(new_session, Session))

1449

1450

1451

def test_construction_wrong_args(self):

1452

"""

1453

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

1454

is raised.

1455

"""

1456

self.assertRaises(TypeError, Session, 123)

1457

self.assertRaises(TypeError, Session, "hello")

1458

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1462

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1463

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1464

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1465

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1466

# XXX get_peer_certificate -> None

1467

# XXX sock_shutdown

1468

# XXX master_key -> TypeError

1469

# XXX server_random -> TypeError

1470

# XXX state_string

1471

# XXX connect -> TypeError

1472

# XXX connect_ex -> TypeError

1473

# XXX set_connect_state -> TypeError

1474

# XXX set_accept_state -> TypeError

1475

# XXX renegotiate_pending

1476

# XXX do_handshake -> TypeError

1477

# XXX bio_read -> TypeError

1478

# XXX recv -> TypeError

1479

# XXX send -> TypeError

1480

# XXX bio_write -> TypeError

1481

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1482

def test_type(self):

1483

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1484

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1485

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1486

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1487

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1488

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1489

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1490

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1491

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1492

def test_get_context(self):

1493

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1494

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

1495

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1496

"""

1497

context = Context(TLSv1_METHOD)

1498

connection = Connection(context, None)

1499

self.assertIdentical(connection.get_context(), context)

1500

1501

1502

def test_get_context_wrong_args(self):

1503

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1504

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1505

arguments.

1506

"""

1507

connection = Connection(Context(TLSv1_METHOD), None)

1508

self.assertRaises(TypeError, connection.get_context, None)

1509

1510

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1511

def test_set_context_wrong_args(self):

1512

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1513

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

1514

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1515

than 1.

1516

"""

1517

ctx = Context(TLSv1_METHOD)

1518

connection = Connection(ctx, None)

1519

self.assertRaises(TypeError, connection.set_context)

1520

self.assertRaises(TypeError, connection.set_context, object())

1521

self.assertRaises(TypeError, connection.set_context, "hello")

1522

self.assertRaises(TypeError, connection.set_context, 1)

1523

self.assertRaises(TypeError, connection.set_context, 1, 2)

1524

self.assertRaises(

1525

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

1526

self.assertIdentical(ctx, connection.get_context())

1527

1528

1529

def test_set_context(self):

1530

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1531

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1532

for the connection.

1533

"""

1534

original = Context(SSLv23_METHOD)

1535

replacement = Context(TLSv1_METHOD)

1536

connection = Connection(original, None)

1537

connection.set_context(replacement)

1538

self.assertIdentical(replacement, connection.get_context())

1539

# Lose our references to the contexts, just in case the Connection isn't

1540

# properly managing its own contributions to their reference counts.

1541

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

1546

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1547

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1548

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1549

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1550

"""

1551

conn = Connection(Context(TLSv1_METHOD), None)

1552

self.assertRaises(TypeError, conn.set_tlsext_host_name)

1553

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

1554

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

1555

self.assertRaises(

1556

TypeError, conn.set_tlsext_host_name, b("with\0null"))

1557

1558

if version_info >= (3,):

1559

# On Python 3.x, don't accidentally implicitly convert from text.

1560

self.assertRaises(

1561

TypeError,

1562

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1563

1564

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1565

def test_get_servername_wrong_args(self):

1566

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1567

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1568

arguments.

1569

"""

1570

connection = Connection(Context(TLSv1_METHOD), None)

1571

self.assertRaises(TypeError, connection.get_servername, object())

1572

self.assertRaises(TypeError, connection.get_servername, 1)

1573

self.assertRaises(TypeError, connection.get_servername, "hello")

1574

1575

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1576

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1577

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1578

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1579

immediate read.

1580

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1581

connection = Connection(Context(TLSv1_METHOD), None)

1582

self.assertEquals(connection.pending(), 0)

1583

1584

1585

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1586

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1587

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1588

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1589

connection = Connection(Context(TLSv1_METHOD), None)

1590

self.assertRaises(TypeError, connection.pending, None)

1591

1592

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1593

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1594

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1595

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1596

argument or with the wrong number of arguments.

1597

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1598

connection = Connection(Context(TLSv1_METHOD), socket())

1599

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1600

self.assertRaises(TypeError, connection.connect)

1601

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1602

1603

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1604

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1605

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1606

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1607

connect method raises it.

1608

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1609

client = socket()

1610

context = Context(TLSv1_METHOD)

1611

clientSSL = Connection(context, client)

1612

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

1613

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1614

1615

1616

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1617

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1618

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1619

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1625

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

1626

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1627

1628

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1629

if platform == "darwin":

1630

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

1631

else:

1632

def test_connect_ex(self):

1633

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1634

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1635

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1640

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1641

clientSSL = Connection(Context(TLSv1_METHOD), socket())

1642

clientSSL.setblocking(False)

1643

result = clientSSL.connect_ex(port.getsockname())

1644

expected = (EINPROGRESS, EWOULDBLOCK)

1645

self.assertTrue(

1646

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1647

1648

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1649

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1650

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1651

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1652

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1653

connection = Connection(Context(TLSv1_METHOD), socket())

1654

self.assertRaises(TypeError, connection.accept, None)

1655

1656

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1657

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1658

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1659

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

1660

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1661

connection originated from.

1662

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1663

ctx = Context(TLSv1_METHOD)

1664

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1665

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1666

port = socket()

1667

portSSL = Connection(ctx, port)

1668

portSSL.bind(('', 0))

1669

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1670

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1671

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1672

1673

# Calling portSSL.getsockname() here to get the server IP address sounds

1674

# great, but frequently fails on Windows.

1675

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1676

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1677

serverSSL, address = portSSL.accept()

1678

1679

self.assertTrue(isinstance(serverSSL, Connection))

1680

self.assertIdentical(serverSSL.get_context(), ctx)

1681

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1682

1683

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1684

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1685

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1686

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1687

number of arguments or with arguments other than integers.

1688

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1689

connection = Connection(Context(TLSv1_METHOD), None)

1690

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

1691

self.assertRaises(TypeError, connection.get_shutdown, None)

1692

self.assertRaises(TypeError, connection.set_shutdown)

1693

self.assertRaises(TypeError, connection.set_shutdown, None)

1694

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1695

1696

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1697

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1698

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1699

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1700

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1701

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1702

self.assertFalse(server.shutdown())

1703

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1704

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1705

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

1706

client.shutdown()

1707

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

1708

self.assertRaises(ZeroReturnError, server.recv, 1024)

1709

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1710

1711

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1712

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1713

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1714

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1715

process.

1716

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1717

connection = Connection(Context(TLSv1_METHOD), socket())

1718

connection.set_shutdown(RECEIVED_SHUTDOWN)

1719

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1720

1721

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

1722

if not PY3:

1723

def test_set_shutdown_long(self):

1724

"""

1725

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

1726

of type :py:obj:`long` as well as :py:obj:`int`.

1727

"""

1728

connection = Connection(Context(TLSv1_METHOD), socket())

1729

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

1730

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1731

1732

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1733

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1734

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1735

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

1736

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1737

with any arguments.

1738

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1739

conn = Connection(Context(TLSv1_METHOD), None)

1740

self.assertRaises(TypeError, conn.get_app_data, None)

1741

self.assertRaises(TypeError, conn.set_app_data)

1742

self.assertRaises(TypeError, conn.set_app_data, None, None)

1743

1744

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1745

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1746

"""

1747

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1748

:py:obj:`Connection.set_app_data` and later retrieved with

1749

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1750

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1751

conn = Connection(Context(TLSv1_METHOD), None)

1752

app_data = object()

1753

conn.set_app_data(app_data)

1754

self.assertIdentical(conn.get_app_data(), app_data)

1755

1756

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1757

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1758

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1759

:py:obj:`Connection.makefile` is not implemented and calling that method raises

1760

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1761

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1762

conn = Connection(Context(TLSv1_METHOD), None)

1763

self.assertRaises(NotImplementedError, conn.makefile)

1764

1765

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1766

def test_get_peer_cert_chain_wrong_args(self):

1767

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1768

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1769

arguments.

1770

"""

1771

conn = Connection(Context(TLSv1_METHOD), None)

1772

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

1773

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

1774

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

1775

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

1776

1777

1778

def test_get_peer_cert_chain(self):

1779

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1780

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1781

the connected server returned for the certification verification.

1782

"""

1783

chain = _create_certificate_chain()

1784

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1785

1786

serverContext = Context(TLSv1_METHOD)

1787

serverContext.use_privatekey(skey)

1788

serverContext.use_certificate(scert)

1789

serverContext.add_extra_chain_cert(icert)

1790

serverContext.add_extra_chain_cert(cacert)

1791

server = Connection(serverContext, None)

1792

server.set_accept_state()

1793

1794

# Create the client

1795

clientContext = Context(TLSv1_METHOD)

1796

clientContext.set_verify(VERIFY_NONE, verify_cb)

1797

client = Connection(clientContext, None)

1798

client.set_connect_state()

1799

1800

self._interactInMemory(client, server)

1801

1802

chain = client.get_peer_cert_chain()

1803

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1804

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1805

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1806

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1807

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1808

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1809

"Authority Certificate", chain[2].get_subject().CN)

1810

1811

1812

def test_get_peer_cert_chain_none(self):

1813

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1814

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1815

certificate chain.

1816

"""

1817

ctx = Context(TLSv1_METHOD)

1818

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1819

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1820

server = Connection(ctx, None)

1821

server.set_accept_state()

1822

client = Connection(Context(TLSv1_METHOD), None)

1823

client.set_connect_state()

1824

self._interactInMemory(client, server)

1825

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1826

1827

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1828

def test_get_session_wrong_args(self):

1829

"""

1830

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

1831

with any arguments.

1832

"""

1833

ctx = Context(TLSv1_METHOD)

1834

server = Connection(ctx, None)

1835

self.assertRaises(TypeError, server.get_session, 123)

1836

self.assertRaises(TypeError, server.get_session, "hello")

1837

self.assertRaises(TypeError, server.get_session, object())

1838

1839

1840

def test_get_session_unconnected(self):

1841

"""

1842

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

1843

an object which has not been connected.

1844

"""

1845

ctx = Context(TLSv1_METHOD)

1846

server = Connection(ctx, None)

1847

session = server.get_session()

1848

self.assertIdentical(None, session)

1849

1850

1851

def test_server_get_session(self):

1852

"""

1853

On the server side of a connection, :py:obj:`Connection.get_session`

1854

returns a :py:class:`Session` instance representing the SSL session for

1855

that connection.

1856

"""

1857

server, client = self._loopback()

1858

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1859

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1860

1861

1862

def test_client_get_session(self):

1863

"""

1864

On the client side of a connection, :py:obj:`Connection.get_session`

1865

returns a :py:class:`Session` instance representing the SSL session for

1866

that connection.

1867

"""

1868

server, client = self._loopback()

1869

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1870

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1871

1872

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

1873

def test_set_session_wrong_args(self):

1874

"""

1875

If called with an object that is not an instance of :py:class:`Session`,

1876

or with other than one argument, :py:obj:`Connection.set_session` raises

1877

:py:obj:`TypeError`.

1878

"""

1879

ctx = Context(TLSv1_METHOD)

1880

connection = Connection(ctx, None)

1881

self.assertRaises(TypeError, connection.set_session)

1882

self.assertRaises(TypeError, connection.set_session, 123)

1883

self.assertRaises(TypeError, connection.set_session, "hello")

1884

self.assertRaises(TypeError, connection.set_session, object())

1885

self.assertRaises(

1886

TypeError, connection.set_session, Session(), Session())

1887

1888

1889

def test_client_set_session(self):

1890

"""

1891

:py:obj:`Connection.set_session`, when used prior to a connection being

1892

established, accepts a :py:class:`Session` instance and causes an

1893

attempt to re-use the session it represents when the SSL handshake is

1894

performed.

1895

"""

1896

key = load_privatekey(FILETYPE_PEM, server_key_pem)

1897

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

1898

ctx = Context(TLSv1_METHOD)

1899

ctx.use_privatekey(key)

1900

ctx.use_certificate(cert)

1901

ctx.set_session_id("unity-test")

1902

1903

def makeServer(socket):

1904

server = Connection(ctx, socket)

1905

server.set_accept_state()

1906

return server

1907

1908

originalServer, originalClient = self._loopback(

1909

serverFactory=makeServer)

1910

originalSession = originalClient.get_session()

1911

1912

def makeClient(socket):

1913

client = self._loopbackClientFactory(socket)

1914

client.set_session(originalSession)

1915

return client

1916

resumedServer, resumedClient = self._loopback(

1917

serverFactory=makeServer,

1918

clientFactory=makeClient)

1919

1920

# This is a proxy: in general, we have no access to any unique

1921

# identifier for the session (new enough versions of OpenSSL expose a

1922

# hash which could be usable, but "new enough" is very, very new).

1923

# Instead, exploit the fact that the master key is re-used if the

1924

# session is re-used. As long as the master key for the two connections

1925

# is the same, the session was re-used!

1926

self.assertEqual(

1927

originalServer.master_key(), resumedServer.master_key())

1928

1929

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

1930

def test_set_session_wrong_method(self):

1931

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

1932

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

1933

instance associated with a context using a different SSL method than the

1934

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

1935

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

1936

"""

1937

key = load_privatekey(FILETYPE_PEM, server_key_pem)

1938

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

1939

ctx = Context(TLSv1_METHOD)

1940

ctx.use_privatekey(key)

1941

ctx.use_certificate(cert)

1942

ctx.set_session_id("unity-test")

1943

1944

def makeServer(socket):

1945

server = Connection(ctx, socket)

1946

server.set_accept_state()

1947

return server

1948

1949

originalServer, originalClient = self._loopback(

1950

serverFactory=makeServer)

1951

originalSession = originalClient.get_session()

1952

1953

def makeClient(socket):

1954

# Intentionally use a different, incompatible method here.

1955

client = Connection(Context(SSLv3_METHOD), socket)

1956

client.set_connect_state()

1957

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

1963

1964

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

1965

def test_wantWriteError(self):

1966

"""

1967

:py:obj:`Connection` methods which generate output raise

1968

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

1969

fail indicating a should-write state.

1970

"""

1971

client_socket, server_socket = socket_pair()

1972

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

1973

# anything. Only write a single byte at a time so we can be sure we

1974

# completely fill the buffer. Even though the socket API is allowed to

1975

# signal a short write via its return value it seems this doesn't

1976

# always happen on all platforms (FreeBSD and OS X particular) for the

1977

# very last bit of available buffer space.

1978

msg = b"x"

1979

for i in range(1024 * 1024 * 4):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

1980

try:

1981

client_socket.send(msg)

1982

except error as e:

1983

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

1989

1990

ctx = Context(TLSv1_METHOD)

1991

conn = Connection(ctx, client_socket)

1992

# Client's speak first, so make it an SSL client

1993

conn.set_connect_state()

1994

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1998

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

1999

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2000

:py:obj:`Connection.get_finished` returns :py:obj:`None` before TLS

2001

handshake is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2002

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2003

ctx = Context(TLSv1_METHOD)

2004

connection = Connection(ctx, None)

2005

self.assertEqual(connection.get_finished(), None)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2006

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2007

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2008

def test_get_peer_finished_before_connect(self):

2009

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2010

:py:obj:`Connection.get_peer_finished` returns :py:obj:`None` before

2011

TLS handshake is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2012

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2013

ctx = Context(TLSv1_METHOD)

2014

connection = Connection(ctx, None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2015

self.assertEqual(connection.get_peer_finished(), None)

2016

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2017

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2018

def test_get_finished(self):

2019

"""

2020

:py:obj:`Connection.get_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2021

message send from client, or server. Finished messages are send during

2022

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2023

"""

2024

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2025

server, client = self._loopback()

2026

2027

self.assertNotEqual(server.get_finished(), None)

2028

self.assertTrue(len(server.get_finished()) > 0)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2029

Jean-Paul Calderone

d979f23

2014-03-30 11:58:00 -0400

[diff] [blame]

2030

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2031

def test_get_peer_finished(self):

2032

"""

2033

:py:obj:`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2034

message received from client, or server. Finished messages are send

2035

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2036

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2037

server, client = self._loopback()

2038

2039

self.assertNotEqual(server.get_peer_finished(), None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2040

self.assertTrue(len(server.get_peer_finished()) > 0)

2041

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2042

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2043

def test_tls_finished_message_symmetry(self):

2044

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2045

The TLS Finished message send by server must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2046

received by client.

2047

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2048

The TLS Finished message send by client must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2049

received by server.

2050

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2051

server, client = self._loopback()

2052

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2053

self.assertEqual(server.get_finished(), client.get_peer_finished())

2054

self.assertEqual(client.get_finished(), server.get_peer_finished())

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2055

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2056

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2057

def test_get_cipher_name_before_connect(self):

2058

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2059

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None` if no

2060

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2061

"""

2062

ctx = Context(TLSv1_METHOD)

2063

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2064

self.assertIdentical(conn.get_cipher_name(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2065

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2066

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2067

def test_get_cipher_name(self):

2068

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2069

:py:obj:`Connection.get_cipher_name` returns a :py:class:`unicode`

2070

string giving the name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2071

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2072

server, client = self._loopback()

2073

server_cipher_name, client_cipher_name = \

2074

server.get_cipher_name(), client.get_cipher_name()

2075

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2076

self.assertIsInstance(server_cipher_name, text_type)

2077

self.assertIsInstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2078

2079

self.assertEqual(server_cipher_name, client_cipher_name)

2080

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2081

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2082

def test_get_cipher_version_before_connect(self):

2083

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2084

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None` if no

2085

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2086

"""

2087

ctx = Context(TLSv1_METHOD)

2088

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2089

self.assertIdentical(conn.get_cipher_version(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2090

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2091

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2092

def test_get_cipher_version(self):

2093

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2094

:py:obj:`Connection.get_cipher_version` returns a :py:class:`unicode`

2095

string giving the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2096

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2097

server, client = self._loopback()

2098

server_cipher_version, client_cipher_version = \

2099

server.get_cipher_version(), client.get_cipher_version()

2100

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2101

self.assertIsInstance(server_cipher_version, text_type)

2102

self.assertIsInstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2103

2104

self.assertEqual(server_cipher_version, client_cipher_version)

2105

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2106

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2107

def test_get_cipher_bits_before_connect(self):

2108

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2109

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None` if no

2110

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2111

"""

2112

ctx = Context(TLSv1_METHOD)

2113

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2114

self.assertIdentical(conn.get_cipher_bits(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2115

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2116

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2117

def test_get_cipher_bits(self):

2118

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2119

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits

2120

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2121

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2122

server, client = self._loopback()

2123

server_cipher_bits, client_cipher_bits = \

2124

server.get_cipher_bits(), client.get_cipher_bits()

2125

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2126

self.assertIsInstance(server_cipher_bits, int)

2127

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2128

2129

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2130

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2131

2132

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2133

class ConnectionGetCipherListTests(TestCase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2134

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2135

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2136

"""

Jean-Paul Calderone

54a2bc0

2010-09-09 17:52:38 -0400

[diff] [blame]

2137

def test_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2138

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2139

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2140

arguments.

2141

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2142

connection = Connection(Context(TLSv1_METHOD), None)

2143

self.assertRaises(TypeError, connection.get_cipher_list, None)

2144

2145

2146

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2147

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2148

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2149

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2150

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2151

connection = Connection(Context(TLSv1_METHOD), None)

2152

ciphers = connection.get_cipher_list()

2153

self.assertTrue(isinstance(ciphers, list))

2154

for cipher in ciphers:

2155

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2159

class ConnectionSendTests(TestCase, _LoopbackMixin):

2160

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2161

Tests for :py:obj:`Connection.send`

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2162

"""

2163

def test_wrong_args(self):

2164

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2165

When called with arguments other than string argument for its first

2166

parameter or more than two arguments, :py:obj:`Connection.send` raises

2167

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2168

"""

2169

connection = Connection(Context(TLSv1_METHOD), None)

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2170

self.assertRaises(TypeError, connection.send)

2171

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2172

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2173

2174

2175

def test_short_bytes(self):

2176

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2177

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2178

and returns the number of bytes sent.

2179

"""

2180

server, client = self._loopback()

2181

count = server.send(b('xy'))

2182

self.assertEquals(count, 2)

2183

self.assertEquals(client.recv(2), b('xy'))

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2189

else:

2190

def test_short_memoryview(self):

2191

"""

2192

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2193

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2194

bytes sent.

2195

"""

2196

server, client = self._loopback()

2197

count = server.send(memoryview(b('xy')))

2198

self.assertEquals(count, 2)

2199

self.assertEquals(client.recv(2), b('xy'))

2200

2201

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffer without buffer"

2206

else:

2207

def test_short_buffer(self):

2208

"""

2209

When passed a buffer containing a small number of bytes,

2210

:py:obj:`Connection.send` transmits all of them and returns the number of

2211

bytes sent.

2212

"""

2213

server, client = self._loopback()

2214

count = server.send(buffer(b('xy')))

2215

self.assertEquals(count, 2)

2216

self.assertEquals(client.recv(2), b('xy'))

2217

2218

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2219

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2220

class ConnectionRecvIntoTests(TestCase, _LoopbackMixin):

2221

"""

2222

Tests for :py:obj:`Connection.recv_into`

2223

"""

Jean-Paul Calderone

2015-03-15 17:02:40 -0400

[diff] [blame]

2224

def _no_length_test(self, output_buffer):

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2225

"""

2226

Assert that when the given buffer is passed to

2227

``Connection.recv_into``, whatever bytes are available to be received

2228

that fit into that buffer are written into that buffer.

2229

"""

Jean-Paul Calderone

2015-03-15 17:02:40 -0400

[diff] [blame]

2230

server, client = self._loopback()

2231

server.send(b('xy'))

2232

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2233

self.assertEqual(client.recv_into(output_buffer), 2)

2234

self.assertEqual(output_buffer, bytearray(b('xy\x00\x00\x00')))

Jean-Paul Calderone

2015-03-15 17:02:40 -0400

[diff] [blame]

2235

2236

2237

def test_buffer_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2238

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2239

:py:obj:`Connection.recv_into` can be passed a ``bytearray`` instance

2240

and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2241

"""

Jean-Paul Calderone

2015-03-15 17:02:40 -0400

[diff] [blame]

2242

self._no_length_test(bytearray(5))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2243

2244

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2245

def _respects_length_test(self, output_buffer):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2246

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2247

Assert that when the given buffer is passed to ``Connection.recv_into``

2248

along with a value for ``nbytes`` that is less than the size of that

2249

buffer, only ``nbytes`` bytes are written into the buffer.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2250

"""

2251

server, client = self._loopback()

2252

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2253

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2254

self.assertEqual(client.recv_into(output_buffer, 5), 5)

2255

self.assertEqual(

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2256

output_buffer, bytearray(b('abcde\x00\x00\x00\x00\x00'))

)

def test_buffer_respects_length(self):

2261

"""

2262

When called with a ``bytearray`` instance,

2263

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter and

2264

doesn't copy in more than that number of bytes.

2265

"""

2266

self._respects_length_test(bytearray(10))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2267

2268

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2269

def _doesnt_overfill_test(self, output_buffer):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2270

"""

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2271

Assert that if there are more bytes available to be read from the

2272

receive buffer than would fit into the buffer passed to

2273

:py:obj:`Connection.recv_into`, only as many as fit are written into

2274

it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2275

"""

2276

server, client = self._loopback()

2277

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2278

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2279

self.assertEqual(client.recv_into(output_buffer), 5)

2280

self.assertEqual(output_buffer, bytearray(b('abcde')))

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2281

rest = client.recv(5)

2282

self.assertEqual(b('fghij'), rest)

2283

2284

2285

def test_buffer_doesnt_overfill(self):

2286

"""

2287

When called with a ``bytearray`` instance,

2288

:py:obj:`Connection.recv_into` respects the size of the array and

2289

doesn't write more bytes into it than will fit.

2290

"""

2291

self._doesnt_overfill_test(bytearray(5))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

try:

memoryview

except NameError:

"cannot test recv_into memoryview without memoryview"

2298

else:

Jean-Paul Calderone

2015-03-15 17:02:40 -0400

[diff] [blame]

2299

def test_memoryview_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2300

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2301

:py:obj:`Connection.recv_into` can be passed a ``memoryview``

2302

instance and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2303

"""

Jean-Paul Calderone

2015-03-15 17:02:40 -0400

[diff] [blame]

2304

self._no_length_test(memoryview(bytearray(5)))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2305

2306

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2307

def test_memoryview_respects_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2308

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2309

When called with a ``memoryview`` instance,

2310

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter

2311

and doesn't copy more than that number of bytes in.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2312

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2313

self._respects_length_test(memoryview(bytearray(10)))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2314

2315

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2316

def test_memoryview_doesnt_overfill(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2317

"""

Jean-Paul Calderone

8fd8255

2015-03-15 17:21:07 -0400

[diff] [blame^]

2318

When called with a ``memoryview`` instance,

2319

:py:obj:`Connection.recv_into` respects the size of the array and

2320

doesn't write more bytes into it than will fit.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2321

"""

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2322

self._doesnt_overfill_test(memoryview(bytearray(5)))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2326

class ConnectionSendallTests(TestCase, _LoopbackMixin):

2327

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2328

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2329

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2330

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2331

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2332

When called with arguments other than a string argument for its first

2333

parameter or with more than two arguments, :py:obj:`Connection.sendall`

2334

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2335

"""

2336

connection = Connection(Context(TLSv1_METHOD), None)

2337

self.assertRaises(TypeError, connection.sendall)

2338

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2339

self.assertRaises(

2340

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2341

2342

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2343

def test_short(self):

2344

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2345

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2346

it.

2347

"""

2348

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

2349

server.sendall(b('x'))

2350

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2351

2352

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2357

else:

2358

def test_short_memoryview(self):

2359

"""

2360

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2361

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2362

"""

2363

server, client = self._loopback()

2364

server.sendall(memoryview(b('x')))

2365

self.assertEquals(client.recv(1), b('x'))

2366

2367

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffers without buffers"

2372

else:

2373

def test_short_buffers(self):

2374

"""

2375

When passed a buffer containing a small number of bytes,

2376

:py:obj:`Connection.sendall` transmits all of them.

2377

"""

2378

server, client = self._loopback()

2379

server.sendall(buffer(b('x')))

2380

self.assertEquals(client.recv(1), b('x'))

2381

2382

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2383

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2384

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2385

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2386

it even if this requires multiple calls of an underlying write function.

2387

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2388

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

2389

# Should be enough, underlying SSL_write should only do 16k at a time.

2390

# On Windows, after 32k of bytes the write will block (forever - because

2391

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

2392

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2393

server.sendall(message)

2394

accum = []

2395

received = 0

2396

while received < len(message):

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

2397

data = client.recv(1024)

2398

accum.append(data)

2399

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

2400

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2401

2402

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2403

def test_closed(self):

2404

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2405

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2406

write error from the low level write call.

2407

"""

2408

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

2409

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2410

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2411

if platform == "win32":

2412

self.assertEqual(exc.args[0], ESHUTDOWN)

2413

else:

2414

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2415

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2416

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2417

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2418

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

2419

"""

2420

Tests for SSL renegotiation APIs.

2421

"""

2422

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2423

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2424

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2425

arguments.

2426

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2427

connection = Connection(Context(TLSv1_METHOD), None)

2428

self.assertRaises(TypeError, connection.renegotiate, None)

2429

2430

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2431

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2432

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2433

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2434

any arguments.

2435

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2436

connection = Connection(Context(TLSv1_METHOD), None)

2437

self.assertRaises(TypeError, connection.total_renegotiations, None)

2438

2439

2440

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2441

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2442

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2443

renegotiations have happened.

2444

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2445

connection = Connection(Context(TLSv1_METHOD), None)

2446

self.assertEquals(connection.total_renegotiations(), 0)

2447

2448

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2449

# def test_renegotiate(self):

2450

# """

2451

# """

2452

# server, client = self._loopback()

2453

2454

# server.send("hello world")

2455

# self.assertEquals(client.recv(len("hello world")), "hello world")

2456

2457

# self.assertEquals(server.total_renegotiations(), 0)

2458

# self.assertTrue(server.renegotiate())

2459

2460

# server.setblocking(False)

2461

# client.setblocking(False)

2462

# while server.renegotiate_pending():

2463

# client.do_handshake()

2464

# server.do_handshake()

2465

2466

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2471

class ErrorTests(TestCase):

2472

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2473

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2474

"""

2475

def test_type(self):

2476

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2477

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2478

"""

2479

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2480

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2484

class ConstantsTests(TestCase):

2485

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2486

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2487

2488

These are values defined by OpenSSL intended only to be used as flags to

2489

OpenSSL APIs. The only assertions it seems can be made about them is

2490

their values.

2491

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2492

# unittest.TestCase has no skip mechanism

2493

if OP_NO_QUERY_MTU is not None:

2494

def test_op_no_query_mtu(self):

2495

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2496

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2497

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2498

"""

2499

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

2500

else:

2501

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2502

2503

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2504

if OP_COOKIE_EXCHANGE is not None:

2505

def test_op_cookie_exchange(self):

2506

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2507

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2508

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2509

"""

2510

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

2511

else:

2512

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2513

2514

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2515

if OP_NO_TICKET is not None:

2516

def test_op_no_ticket(self):

2517

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2518

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2519

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2520

"""

2521

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

2522

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2523

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

2524

2525

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2526

if OP_NO_COMPRESSION is not None:

2527

def test_op_no_compression(self):

2528

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2529

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

2530

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2531

"""

2532

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

2533

else:

2534

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

2535

2536

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2537

def test_sess_cache_off(self):

2538

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2539

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

2540

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2541

"""

2542

self.assertEqual(0x0, SESS_CACHE_OFF)

2543

2544

2545

def test_sess_cache_client(self):

2546

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2547

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

2548

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2549

"""

2550

self.assertEqual(0x1, SESS_CACHE_CLIENT)

2551

2552

2553

def test_sess_cache_server(self):

2554

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2555

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

2556

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2557

"""

2558

self.assertEqual(0x2, SESS_CACHE_SERVER)

2559

2560

2561

def test_sess_cache_both(self):

2562

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2563

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

2564

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2565

"""

2566

self.assertEqual(0x3, SESS_CACHE_BOTH)

2567

2568

2569

def test_sess_cache_no_auto_clear(self):

2570

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2571

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

2572

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

2573

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2574

"""

2575

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

2576

2577

2578

def test_sess_cache_no_internal_lookup(self):

2579

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2580

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

2581

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

2582

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2583

"""

2584

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

2585

2586

2587

def test_sess_cache_no_internal_store(self):

2588

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2589

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

2590

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

2591

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2592

"""

2593

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

2594

2595

2596

def test_sess_cache_no_internal(self):

2597

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2598

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

2599

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

2600

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2601

"""

2602

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

2603

2604

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

2605

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2606

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2607

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2608

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2609

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2610

def _server(self, sock):

2611

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2612

Create a new server-side SSL :py:obj:`Connection` object wrapped around

2613

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2614

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2615

# Create the server side Connection. This is mostly setup boilerplate

2616

# - use TLSv1, use a particular certificate, etc.

2617

server_ctx = Context(TLSv1_METHOD)

2618

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2619

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2620

server_store = server_ctx.get_cert_store()

2621

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2622

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2623

server_ctx.check_privatekey()

2624

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2625

# Here the Connection is actually created. If None is passed as the 2nd

2626

# parameter, it indicates a memory BIO should be created.

2627

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2628

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2632

def _client(self, sock):

2633

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2634

Create a new client-side SSL :py:obj:`Connection` object wrapped around

2635

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2636

"""

2637

# Now create the client side Connection. Similar boilerplate to the

2638

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2639

client_ctx = Context(TLSv1_METHOD)

2640

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2641

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2642

client_store = client_ctx.get_cert_store()

2643

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

2644

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

2645

client_ctx.check_privatekey()

2646

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2647

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2648

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2652

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2653

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2654

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2655

reading from the output of each and writing those bytes to the input of

2656

the other and in this way establish a connection and exchange

2657

application-level bytes with each other.

2658

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2659

server_conn = self._server(None)

2660

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2661

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2662

# There should be no key or nonces yet.

2663

self.assertIdentical(server_conn.master_key(), None)

2664

self.assertIdentical(server_conn.client_random(), None)

2665

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2666

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2667

# First, the handshake needs to happen. We'll deliver bytes back and

2668

# forth between the client and server until neither of them feels like

2669

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2670

self.assertIdentical(

2671

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2672

2673

# Now that the handshake is done, there should be a key and nonces.

2674

self.assertNotIdentical(server_conn.master_key(), None)

2675

self.assertNotIdentical(server_conn.client_random(), None)

2676

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

2677

self.assertEquals(server_conn.client_random(), client_conn.client_random())

2678

self.assertEquals(server_conn.server_random(), client_conn.server_random())

2679

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

2680

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2681

2682

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2683

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2684

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2685

server_conn.write(important_message)

2686

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2687

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2688

(client_conn, important_message))

2689

2690

client_conn.write(important_message[::-1])

2691

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2692

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2693

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2694

2695

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2696

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2697

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2698

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2699

2700

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2701

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2702

this test fails, there must be a problem outside the memory BIO

2703

code, as no memory BIO is involved here). Even though this isn't a

2704

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2705

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

2706

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2707

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2708

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2709

client_conn.send(important_message)

2710

msg = server_conn.recv(1024)

2711

self.assertEqual(msg, important_message)

2712

2713

# Again in the other direction, just for fun.

2714

important_message = important_message[::-1]

2715

server_conn.send(important_message)

2716

msg = client_conn.recv(1024)

2717

self.assertEqual(msg, important_message)

2718

2719

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

2720

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2721

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2722

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

2723

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2724

"""

2725

context = Context(SSLv3_METHOD)

2726

client = socket()

2727

clientSSL = Connection(context, client)

2728

self.assertRaises( TypeError, clientSSL.bio_read, 100)

2729

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

2730

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2731

2732

2733

def test_outgoingOverflow(self):

2734

"""

2735

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2736

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2737

returned and that many bytes from the beginning of the input can be

2738

read from the other end of the connection.

2739

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2740

server = self._server(None)

2741

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2742

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2743

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2744

2745

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2746

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2747

# Sanity check. We're trying to test what happens when the entire

2748

# input can't be sent. If the entire input was sent, this test is

2749

# meaningless.

2750

self.assertTrue(sent < size)

2751

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2752

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2753

self.assertIdentical(receiver, server)

2754

2755

# We can rely on all of these bytes being received at once because

2756

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

2757

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2758

2759

2760

def test_shutdown(self):

2761

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2762

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

2763

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2764

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2765

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2766

server.bio_shutdown()

2767

e = self.assertRaises(Error, server.recv, 1024)

2768

# We don't want WantReadError or ZeroReturnError or anything - it's a

2769

# handshake failure.

2770

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2771

2772

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2773

def test_unexpectedEndOfFile(self):

2774

"""

2775

If the connection is lost before an orderly SSL shutdown occurs,

2776

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

2777

"Unexpected EOF".

2778

"""

2779

server_conn, client_conn = self._loopback()

2780

client_conn.sock_shutdown(SHUT_RDWR)

2781

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

2782

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

2783

2784

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2785

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2786

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2787

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2788

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

2789

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2790

before the client and server are connected to each other. This

2791

function should specify a list of CAs for the server to send to the

2792

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2793

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2794

times.

2795

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2796

server = self._server(None)

2797

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2798

self.assertEqual(client.get_client_ca_list(), [])

2799

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2800

ctx = server.get_context()

2801

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2802

self.assertEqual(client.get_client_ca_list(), [])

2803

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2804

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2805

self.assertEqual(client.get_client_ca_list(), expected)

2806

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2807

2808

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2809

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2810

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2811

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2812

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2813

"""

2814

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2815

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

2816

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

2817

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2818

2819

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2820

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2821

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2822

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2823

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2824

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2825

after the connection is set up.

2826

"""

2827

def no_ca(ctx):

2828

ctx.set_client_ca_list([])

2829

return []

2830

self._check_client_ca_list(no_ca)

2831

2832

2833

def test_set_one_ca_list(self):

2834

"""

2835

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2836

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2837

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2838

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2839

X509Name after the connection is set up.

2840

"""

2841

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2842

cadesc = cacert.get_subject()

2843

def single_ca(ctx):

2844

ctx.set_client_ca_list([cadesc])

2845

return [cadesc]

2846

self._check_client_ca_list(single_ca)

2847

2848

2849

def test_set_multiple_ca_list(self):

2850

"""

2851

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2852

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2853

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2854

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2855

X509Names after the connection is set up.

2856

"""

2857

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2858

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2859

2860

sedesc = secert.get_subject()

2861

cldesc = clcert.get_subject()

2862

2863

def multiple_ca(ctx):

2864

L = [sedesc, cldesc]

2865

ctx.set_client_ca_list(L)

2866

return L

2867

self._check_client_ca_list(multiple_ca)

2868

2869

2870

def test_reset_ca_list(self):

2871

"""

2872

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2873

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2874

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2875

"""

2876

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2877

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2878

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2879

2880

cadesc = cacert.get_subject()

2881

sedesc = secert.get_subject()

2882

cldesc = clcert.get_subject()

2883

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2884

def changed_ca(ctx):

2885

ctx.set_client_ca_list([sedesc, cldesc])

2886

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2887

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2888

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2889

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2890

2891

def test_mutated_ca_list(self):

2892

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2893

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2894

afterwards, this does not affect the list of CA names sent to the

2895

client.

2896

"""

2897

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2898

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2899

2900

cadesc = cacert.get_subject()

2901

sedesc = secert.get_subject()

2902

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2903

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2904

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2905

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2906

L.append(sedesc)

2907

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2908

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2909

2910

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2911

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2912

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2913

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2914

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2915

"""

2916

ctx = Context(TLSv1_METHOD)

2917

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2918

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2919

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2920

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2921

2922

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2923

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2924

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2925

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2926

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2927

"""

2928

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2929

cadesc = cacert.get_subject()

2930

def single_ca(ctx):

2931

ctx.add_client_ca(cacert)

2932

return [cadesc]

2933

self._check_client_ca_list(single_ca)

2934

2935

2936

def test_multiple_add_client_ca(self):

2937

"""

2938

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2939

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2940

"""

2941

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2942

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2943

2944

cadesc = cacert.get_subject()

2945

sedesc = secert.get_subject()

2946

2947

def multiple_ca(ctx):

2948

ctx.add_client_ca(cacert)

2949

ctx.add_client_ca(secert)

2950

return [cadesc, sedesc]

2951

self._check_client_ca_list(multiple_ca)

2952

2953

2954

def test_set_and_add_client_ca(self):

2955

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2956

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

2957

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2958

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2959

"""

2960

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2961

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2962

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2963

2964

cadesc = cacert.get_subject()

2965

sedesc = secert.get_subject()

2966

cldesc = clcert.get_subject()

2967

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2968

def mixed_set_add_ca(ctx):

2969

ctx.set_client_ca_list([cadesc, sedesc])

2970

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2971

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2972

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2973

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2974

2975

def test_set_after_add_client_ca(self):

2976

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2977

A call to :py:obj:`Context.set_client_ca_list` after a call to

2978

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2979

call with the names specified by the latter cal.

2980

"""

2981

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2982

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2983

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2984

2985

cadesc = cacert.get_subject()

2986

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2987

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2988

def set_replaces_add_ca(ctx):

2989

ctx.add_client_ca(clcert)

2990

ctx.set_client_ca_list([cadesc])

2991

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2992

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2993

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2994

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2995

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2996

2997

class ConnectionBIOTests(TestCase):

2998

"""

2999

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

3000

"""

3001

def test_wantReadError(self):

3002

"""

3003

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

3004

if there are no bytes available to be read from the BIO.

3005

"""

3006

ctx = Context(TLSv1_METHOD)

3007

conn = Connection(ctx, None)

3008

self.assertRaises(WantReadError, conn.bio_read, 1024)

3009

3010

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3011

def test_buffer_size(self):

3012

"""

3013

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

3014

number of bytes to read and return.

3015

"""

3016

ctx = Context(TLSv1_METHOD)

3017

conn = Connection(ctx, None)

3018

conn.set_connect_state()

3019

try:

3020

conn.do_handshake()

3021

except WantReadError:

3022

pass

3023

data = conn.bio_read(2)

3024

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

3029

"""

3030

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

3031

:py:obj:`long` as well as :py:obj:`int`.

3032

"""

3033

ctx = Context(TLSv1_METHOD)

3034

conn = Connection(ctx, None)

3035

conn.set_connect_state()

3036

try:

3037

conn.do_handshake()

3038

except WantReadError:

3039

pass

3040

data = conn.bio_read(long(2))

3041

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3045

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

3046

class InfoConstantTests(TestCase):

3047

"""

3048

Tests for assorted constants exposed for use in info callbacks.

3049

"""

3050

def test_integers(self):

3051

"""

3052

All of the info constants are integers.

3053

3054

This is a very weak test. It would be nice to have one that actually

3055

verifies that as certain info events happen, the value passed to the

3056

info callback matches up with the constant exposed by OpenSSL.SSL.

3057

"""

3058

for const in [

3059

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

3060

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

3061

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

3062

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

3063

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

3064

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

3065

3066

self.assertTrue(isinstance(const, int))

3067

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3068

Jean-Paul Calderone