Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

5

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

8

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

9

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

10

from sys import platform, version_info, getfilesystemencoding

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

11

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

12

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

13

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

14

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

15

from weakref import ref

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

16

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

17

from six import PY3, binary_type, text_type, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

18

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

19

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

20

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

21

from OpenSSL.crypto import dump_privatekey, load_privatekey

22

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

23

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

24

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

25

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

26

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

27

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

28

from OpenSSL.SSL import (

29

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

30

TLSv1_1_METHOD, TLSv1_2_METHOD)

31

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

32

from OpenSSL.SSL import (

33

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

34

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

35

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

36

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

37

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

38

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

39

40

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

41

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

42

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

43

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

44

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

45

from OpenSSL.test.util import NON_ASCII, TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

46

from OpenSSL.test.test_crypto import (

47

cleartextCertificatePEM, cleartextPrivateKeyPEM)

48

from OpenSSL.test.test_crypto import (

49

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

50

root_cert_pem)

51

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

52

try:

53

from OpenSSL.SSL import OP_NO_QUERY_MTU

54

except ImportError:

55

OP_NO_QUERY_MTU = None

56

try:

57

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

58

except ImportError:

59

OP_COOKIE_EXCHANGE = None

60

try:

61

from OpenSSL.SSL import OP_NO_TICKET

62

except ImportError:

63

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

64

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

65

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

66

from OpenSSL.SSL import OP_NO_COMPRESSION

67

except ImportError:

68

OP_NO_COMPRESSION = None

69

70

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

71

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

72

except ImportError:

73

MODE_RELEASE_BUFFERS = None

74

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

75

try:

76

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

77

except ImportError:

78

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

79

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

80

from OpenSSL.SSL import (

81

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

82

SSL_ST_OK, SSL_ST_RENEGOTIATE,

83

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

84

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

85

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

86

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

87

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

88

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

89

# to use)

90

dhparam = """\

91

-----BEGIN DH PARAMETERS-----

92

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

93

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2015-04-12 11:38:49 -0400

[diff] [blame]

97

def join_bytes_or_unicode(prefix, suffix):

98

"""

99

Join two path components of either ``bytes`` or ``unicode``.

100

101

The return type is the same as the type of ``prefix``.

102

"""

103

# If the types are the same, nothing special is necessary.

104

if type(prefix) == type(suffix):

105

return join(prefix, suffix)

106

107

# Otherwise, coerce suffix to the type of prefix.

108

if isinstance(prefix, text_type):

109

return join(prefix, suffix.decode(getfilesystemencoding()))

110

else:

111

return join(prefix, suffix.encode(getfilesystemencoding()))

112

113

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

114

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

115

return ok

116

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

117

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

118

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

119

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

120

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

121

"""

122

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

128

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

129

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

130

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

131

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

132

# Let's pass some unencrypted data to make sure our socket connection is

133

# fine. Just one byte, so we don't have to worry about buffers getting

134

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

135

server.send(b("x"))

136

assert client.recv(1024) == b("x")

137

client.send(b("y"))

138

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

139

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

140

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

141

server.setblocking(False)

142

client.setblocking(False)

143

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

144

return (server, client)

145

146

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

147

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

148

def handshake(client, server):

149

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

160

def _create_certificate_chain():

161

"""

162

Construct and return a chain of certificates.

163

164

1. A new self-signed certificate authority certificate (cacert)

165

2. A new intermediate certificate signed by cacert (icert)

166

3. A new server certificate signed by icert (scert)

167

"""

168

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

173

cacert = X509()

174

cacert.get_subject().commonName = "Authority Certificate"

175

cacert.set_issuer(cacert.get_subject())

176

cacert.set_pubkey(cakey)

177

cacert.set_notBefore(b("20000101000000Z"))

178

cacert.set_notAfter(b("20200101000000Z"))

179

cacert.add_extensions([caext])

180

cacert.set_serial_number(0)

181

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

186

icert = X509()

187

icert.get_subject().commonName = "Intermediate Certificate"

188

icert.set_issuer(cacert.get_subject())

189

icert.set_pubkey(ikey)

190

icert.set_notBefore(b("20000101000000Z"))

191

icert.set_notAfter(b("20200101000000Z"))

192

icert.add_extensions([caext])

193

icert.set_serial_number(0)

194

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

199

scert = X509()

200

scert.get_subject().commonName = "Server Certificate"

201

scert.set_issuer(icert.get_subject())

202

scert.set_pubkey(skey)

203

scert.set_notBefore(b("20000101000000Z"))

204

scert.set_notAfter(b("20200101000000Z"))

205

scert.add_extensions([

206

X509Extension(b('basicConstraints'), True, b('CA:false'))])

207

scert.set_serial_number(0)

208

scert.sign(ikey, "sha1")

209

210

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

214

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

215

"""

216

Helper mixin which defines methods for creating a connected socket pair and

217

for forcing two connected SSL sockets to talk to each other via memory BIOs.

218

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

219

def _loopbackClientFactory(self, socket):

220

client = Connection(Context(TLSv1_METHOD), socket)

221

client.set_connect_state()

222

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

223

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

224

225

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

226

ctx = Context(TLSv1_METHOD)

227

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

228

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

229

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

230

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

235

if serverFactory is None:

236

serverFactory = self._loopbackServerFactory

237

if clientFactory is None:

238

clientFactory = self._loopbackClientFactory

239

240

(server, client) = socket_pair()

241

server = serverFactory(server)

242

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

243

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

244

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

245

246

server.setblocking(True)

247

client.setblocking(True)

248

return server, client

249

250

251

def _interactInMemory(self, client_conn, server_conn):

252

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

253

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

254

objects. Copy bytes back and forth between their send/receive buffers

255

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

256

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

257

some application bytes, return a two-tuple of the connection from which

258

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

263

wrote = False

264

265

# Copy stuff from each side's send buffer to the other side's

266

# receive buffer.

267

for (read, write) in [(client_conn, server_conn),

268

(server_conn, client_conn)]:

269

270

# Give the side a chance to generate some more bytes, or

271

# succeed.

272

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

273

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

274

except WantReadError:

275

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

280

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

281

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

282

283

while True:

284

# Keep copying as long as there's more stuff there.

285

try:

286

dirty = read.bio_read(4096)

287

except WantReadError:

288

# Okay, nothing more waiting to be sent. Stop

289

# processing this send buffer.

290

break

291

else:

292

# Keep track of the fact that someone generated some

293

# output.

294

wrote = True

295

write.bio_write(dirty)

296

297

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

298

def _handshakeInMemory(self, client_conn, server_conn):

Jean-Paul Calderone

b2b4078

2014-05-06 08:47:40 -0400

[diff] [blame]

299

"""

300

Perform the TLS handshake between two :py:class:`Connection` instances

301

connected to each other via memory BIOs.

302

"""

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

303

client_conn.set_connect_state()

304

server_conn.set_accept_state()

305

306

for conn in [client_conn, server_conn]:

307

try:

308

conn.do_handshake()

309

except WantReadError:

310

pass

311

312

self._interactInMemory(client_conn, server_conn)

313

314

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

315

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

316

class VersionTests(TestCase):

317

"""

318

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

319

:py:obj:`OpenSSL.SSL.SSLeay_version` and

320

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

321

"""

322

def test_OPENSSL_VERSION_NUMBER(self):

323

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

324

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

325

byte and the patch, fix, minor, and major versions in the

326

nibbles above that.

327

"""

328

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

329

330

331

def test_SSLeay_version(self):

332

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

333

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

334

one of a number of version strings based on that indicator.

335

"""

336

versions = {}

337

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

338

SSLEAY_PLATFORM, SSLEAY_DIR]:

339

version = SSLeay_version(t)

340

versions[version] = t

341

self.assertTrue(isinstance(version, bytes))

342

self.assertEqual(len(versions), 5)

343

344

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

345

346

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

347

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

348

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

349

"""

350

def test_method(self):

351

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

352

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

353

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

354

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

355

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

356

methods = [

357

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

358

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

359

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

360

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

361

362

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

367

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

368

# don't. Difficult to say in advance.

369

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

370

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

371

self.assertRaises(TypeError, Context, "")

372

self.assertRaises(ValueError, Context, 10)

373

374

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

375

if not PY3:

376

def test_method_long(self):

377

"""

378

On Python 2 :py:class:`Context` accepts values of type

379

:py:obj:`long` as well as :py:obj:`int`.

380

"""

381

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

385

def test_type(self):

386

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

387

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

388

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

389

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

390

self.assertIdentical(Context, ContextType)

391

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

392

393

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

394

def test_use_privatekey(self):

395

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

396

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

397

"""

398

key = PKey()

399

key.generate_key(TYPE_RSA, 128)

400

ctx = Context(TLSv1_METHOD)

401

ctx.use_privatekey(key)

402

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

403

404

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

405

def test_use_privatekey_file_missing(self):

406

"""

407

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

408

when passed the name of a file which does not exist.

409

"""

410

ctx = Context(TLSv1_METHOD)

411

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

412

413

Jean-Paul Calderone

69a4e5b

2015-04-12 10:04:28 -0400

[diff] [blame]

414

def _use_privatekey_file_test(self, pemfile, filetype):

415

"""

416

Verify that calling ``Context.use_privatekey_file`` with the given

417

arguments does not raise an exception.

418

"""

419

key = PKey()

420

key.generate_key(TYPE_RSA, 128)

421

422

with open(pemfile, "wt") as pem:

423

pem.write(

424

dump_privatekey(FILETYPE_PEM, key).decode("ascii")

425

)

426

427

ctx = Context(TLSv1_METHOD)

428

ctx.use_privatekey_file(pemfile, filetype)

429

430

431

def test_use_privatekey_file_bytes(self):

432

"""

433

A private key can be specified from a file by passing a ``bytes``

434

instance giving the file name to ``Context.use_privatekey_file``.

435

"""

436

self._use_privatekey_file_test(

437

self.mktemp() + NON_ASCII.encode(getfilesystemencoding()),

FILETYPE_PEM,

)

def test_use_privatekey_file_unicode(self):

443

"""

444

A private key can be specified from a file by passing a ``unicode``

445

instance giving the file name to ``Context.use_privatekey_file``.

446

"""

447

self._use_privatekey_file_test(

448

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII,

FILETYPE_PEM,

)

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

453

if not PY3:

454

def test_use_privatekey_file_long(self):

455

"""

456

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

457

filetype of type :py:obj:`long` as well as :py:obj:`int`.

458

"""

Jean-Paul Calderone

69a4e5b

2015-04-12 10:04:28 -0400

[diff] [blame]

459

self._use_privatekey_file_test(self.mktemp(), long(FILETYPE_PEM))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

460

461

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

462

def test_use_certificate_wrong_args(self):

463

"""

464

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

465

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

466

argument.

467

"""

468

ctx = Context(TLSv1_METHOD)

469

self.assertRaises(TypeError, ctx.use_certificate)

470

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

471

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

472

473

474

def test_use_certificate_uninitialized(self):

475

"""

476

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

477

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

478

initialized (ie, which does not actually have any certificate data).

479

"""

480

ctx = Context(TLSv1_METHOD)

481

self.assertRaises(Error, ctx.use_certificate, X509())

482

483

484

def test_use_certificate(self):

485

"""

486

:py:obj:`Context.use_certificate` sets the certificate which will be

487

used to identify connections created using the context.

488

"""

489

# TODO

490

# Hard to assert anything. But we could set a privatekey then ask

491

# OpenSSL if the cert and key agree using check_privatekey. Then as

492

# long as check_privatekey works right we're good...

493

ctx = Context(TLSv1_METHOD)

494

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

495

496

497

def test_use_certificate_file_wrong_args(self):

498

"""

499

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

500

called with zero arguments or more than two arguments, or if the first

501

argument is not a byte string or the second argumnent is not an integer.

502

"""

503

ctx = Context(TLSv1_METHOD)

504

self.assertRaises(TypeError, ctx.use_certificate_file)

505

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

506

self.assertRaises(

507

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

508

self.assertRaises(

509

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

510

self.assertRaises(

511

TypeError, ctx.use_certificate_file, b"somefile", object())

512

513

514

def test_use_certificate_file_missing(self):

515

"""

516

:py:obj:`Context.use_certificate_file` raises

517

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

518

exist.

519

"""

520

ctx = Context(TLSv1_METHOD)

521

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

522

523

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

524

def _use_certificate_file_test(self, certificate_file):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

525

"""

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

526

Verify that calling ``Context.use_certificate_file`` with the given

527

filename doesn't raise an exception.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

528

"""

529

# TODO

530

# Hard to assert anything. But we could set a privatekey then ask

531

# OpenSSL if the cert and key agree using check_privatekey. Then as

532

# long as check_privatekey works right we're good...

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

533

with open(certificate_file, "wb") as pem_file:

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

534

pem_file.write(cleartextCertificatePEM)

535

536

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

537

ctx.use_certificate_file(certificate_file)

538

539

540

def test_use_certificate_file_bytes(self):

541

"""

542

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

543

``bytes`` filename) which will be used to identify connections created

544

using the context.

545

"""

546

filename = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

547

self._use_certificate_file_test(filename)

548

549

550

def test_use_certificate_file_unicode(self):

551

"""

552

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

553

``bytes`` filename) which will be used to identify connections created

554

using the context.

555

"""

556

filename = self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

557

self._use_certificate_file_test(filename)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

558

559

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

560

if not PY3:

561

def test_use_certificate_file_long(self):

562

"""

563

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

564

filetype of type :py:obj:`long` as well as :py:obj:`int`.

565

"""

566

pem_filename = self.mktemp()

567

with open(pem_filename, "wb") as pem_file:

568

pem_file.write(cleartextCertificatePEM)

569

570

ctx = Context(TLSv1_METHOD)

571

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

572

573

Jean-Paul Calderone

932f5cc

2014-12-11 13:58:00 -0500

[diff] [blame]

574

def test_check_privatekey_valid(self):

575

"""

576

:py:obj:`Context.check_privatekey` returns :py:obj:`None` if the

577

:py:obj:`Context` instance has been configured to use a matched key and

578

certificate pair.

579

"""

580

key = load_privatekey(FILETYPE_PEM, client_key_pem)

581

cert = load_certificate(FILETYPE_PEM, client_cert_pem)

582

context = Context(TLSv1_METHOD)

583

context.use_privatekey(key)

584

context.use_certificate(cert)

585

self.assertIs(None, context.check_privatekey())

586

587

588

def test_check_privatekey_invalid(self):

589

"""

590

:py:obj:`Context.check_privatekey` raises :py:obj:`Error` if the

591

:py:obj:`Context` instance has been configured to use a key and

592

certificate pair which don't relate to each other.

593

"""

594

key = load_privatekey(FILETYPE_PEM, client_key_pem)

595

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

596

context = Context(TLSv1_METHOD)

597

context.use_privatekey(key)

598

context.use_certificate(cert)

599

self.assertRaises(Error, context.check_privatekey)

600

601

602

def test_check_privatekey_wrong_args(self):

603

"""

604

:py:obj:`Context.check_privatekey` raises :py:obj:`TypeError` if called

605

with other than no arguments.

606

"""

607

context = Context(TLSv1_METHOD)

608

self.assertRaises(TypeError, context.check_privatekey, object())

609

610

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

611

def test_set_app_data_wrong_args(self):

612

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

613

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

614

one argument.

615

"""

616

context = Context(TLSv1_METHOD)

617

self.assertRaises(TypeError, context.set_app_data)

618

self.assertRaises(TypeError, context.set_app_data, None, None)

619

620

621

def test_get_app_data_wrong_args(self):

622

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

623

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

624

arguments.

625

"""

626

context = Context(TLSv1_METHOD)

627

self.assertRaises(TypeError, context.get_app_data, None)

628

629

630

def test_app_data(self):

631

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

632

:py:obj:`Context.set_app_data` stores an object for later retrieval using

633

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

634

"""

635

app_data = object()

636

context = Context(TLSv1_METHOD)

637

context.set_app_data(app_data)

638

self.assertIdentical(context.get_app_data(), app_data)

639

640

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

641

def test_set_options_wrong_args(self):

642

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

643

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

644

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

645

"""

646

context = Context(TLSv1_METHOD)

647

self.assertRaises(TypeError, context.set_options)

648

self.assertRaises(TypeError, context.set_options, None)

649

self.assertRaises(TypeError, context.set_options, 1, None)

650

651

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

652

def test_set_options(self):

653

"""

654

:py:obj:`Context.set_options` returns the new options value.

655

"""

656

context = Context(TLSv1_METHOD)

657

options = context.set_options(OP_NO_SSLv2)

658

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

663

"""

664

On Python 2 :py:obj:`Context.set_options` accepts values of type

665

:py:obj:`long` as well as :py:obj:`int`.

666

"""

667

context = Context(TLSv1_METHOD)

668

options = context.set_options(long(OP_NO_SSLv2))

669

self.assertTrue(OP_NO_SSLv2 & options)

670

671

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

672

def test_set_mode_wrong_args(self):

673

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

674

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

675

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

676

"""

677

context = Context(TLSv1_METHOD)

678

self.assertRaises(TypeError, context.set_mode)

679

self.assertRaises(TypeError, context.set_mode, None)

680

self.assertRaises(TypeError, context.set_mode, 1, None)

681

682

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

683

if MODE_RELEASE_BUFFERS is not None:

684

def test_set_mode(self):

685

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

686

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

687

set mode.

688

"""

689

context = Context(TLSv1_METHOD)

690

self.assertTrue(

691

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

692

693

if not PY3:

694

def test_set_mode_long(self):

695

"""

696

On Python 2 :py:obj:`Context.set_mode` accepts values of type

697

:py:obj:`long` as well as :py:obj:`int`.

698

"""

699

context = Context(TLSv1_METHOD)

700

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

701

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

702

else:

703

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

704

705

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

706

def test_set_timeout_wrong_args(self):

707

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

708

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

709

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

710

"""

711

context = Context(TLSv1_METHOD)

712

self.assertRaises(TypeError, context.set_timeout)

713

self.assertRaises(TypeError, context.set_timeout, None)

714

self.assertRaises(TypeError, context.set_timeout, 1, None)

715

716

717

def test_get_timeout_wrong_args(self):

718

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

719

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

720

"""

721

context = Context(TLSv1_METHOD)

722

self.assertRaises(TypeError, context.get_timeout, None)

723

724

725

def test_timeout(self):

726

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

727

:py:obj:`Context.set_timeout` sets the session timeout for all connections

728

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

729

value.

730

"""

731

context = Context(TLSv1_METHOD)

732

context.set_timeout(1234)

733

self.assertEquals(context.get_timeout(), 1234)

734

735

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

736

if not PY3:

737

def test_timeout_long(self):

738

"""

739

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

740

`long` as well as int.

741

"""

742

context = Context(TLSv1_METHOD)

743

context.set_timeout(long(1234))

744

self.assertEquals(context.get_timeout(), 1234)

745

746

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

747

def test_set_verify_depth_wrong_args(self):

748

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

749

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

750

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

751

"""

752

context = Context(TLSv1_METHOD)

753

self.assertRaises(TypeError, context.set_verify_depth)

754

self.assertRaises(TypeError, context.set_verify_depth, None)

755

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

756

757

758

def test_get_verify_depth_wrong_args(self):

759

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

760

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

761

"""

762

context = Context(TLSv1_METHOD)

763

self.assertRaises(TypeError, context.get_verify_depth, None)

764

765

766

def test_verify_depth(self):

767

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

768

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

769

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

770

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

771

"""

772

context = Context(TLSv1_METHOD)

773

context.set_verify_depth(11)

774

self.assertEquals(context.get_verify_depth(), 11)

775

776

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

777

if not PY3:

778

def test_verify_depth_long(self):

779

"""

780

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

781

type `long` as well as int.

782

"""

783

context = Context(TLSv1_METHOD)

784

context.set_verify_depth(long(11))

785

self.assertEquals(context.get_verify_depth(), 11)

786

787

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

788

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

789

"""

790

Write a new private key out to a new file, encrypted using the given

791

passphrase. Return the path to the new file.

792

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

793

key = PKey()

794

key.generate_key(TYPE_RSA, 128)

795

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

796

fObj = open(pemFile, 'w')

797

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

798

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

803

def test_set_passwd_cb_wrong_args(self):

804

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

805

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

806

wrong arguments or with a non-callable first argument.

807

"""

808

context = Context(TLSv1_METHOD)

809

self.assertRaises(TypeError, context.set_passwd_cb)

810

self.assertRaises(TypeError, context.set_passwd_cb, None)

811

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

812

813

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

814

def test_set_passwd_cb(self):

815

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

816

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

817

a private key is loaded from an encrypted PEM.

818

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

819

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

820

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

821

calledWith = []

822

def passphraseCallback(maxlen, verify, extra):

823

calledWith.append((maxlen, verify, extra))

824

return passphrase

825

context = Context(TLSv1_METHOD)

826

context.set_passwd_cb(passphraseCallback)

827

context.use_privatekey_file(pemFile)

828

self.assertTrue(len(calledWith), 1)

829

self.assertTrue(isinstance(calledWith[0][0], int))

830

self.assertTrue(isinstance(calledWith[0][1], int))

831

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

832

833

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

834

def test_passwd_callback_exception(self):

835

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

836

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

837

passphrase callback.

838

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

839

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

840

def passphraseCallback(maxlen, verify, extra):

841

raise RuntimeError("Sorry, I am a fail.")

842

843

context = Context(TLSv1_METHOD)

844

context.set_passwd_cb(passphraseCallback)

845

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

846

847

848

def test_passwd_callback_false(self):

849

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

850

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

851

passphrase callback returns a false value.

852

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

853

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

854

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

855

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

856

857

context = Context(TLSv1_METHOD)

858

context.set_passwd_cb(passphraseCallback)

859

self.assertRaises(Error, context.use_privatekey_file, pemFile)

860

861

862

def test_passwd_callback_non_string(self):

863

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

864

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

865

passphrase callback returns a true non-string value.

866

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

867

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

868

def passphraseCallback(maxlen, verify, extra):

869

return 10

870

871

context = Context(TLSv1_METHOD)

872

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

873

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

874

875

876

def test_passwd_callback_too_long(self):

877

"""

878

If the passphrase returned by the passphrase callback returns a string

879

longer than the indicated maximum length, it is truncated.

880

"""

881

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

882

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

883

pemFile = self._write_encrypted_pem(passphrase)

884

def passphraseCallback(maxlen, verify, extra):

885

assert maxlen == 1024

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

886

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

887

888

context = Context(TLSv1_METHOD)

889

context.set_passwd_cb(passphraseCallback)

890

# This shall succeed because the truncated result is the correct

891

# passphrase.

892

context.use_privatekey_file(pemFile)

893

894

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

895

def test_set_info_callback(self):

896

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

897

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

898

when certain information about an SSL connection is available.

899

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

900

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

901

902

clientSSL = Connection(Context(TLSv1_METHOD), client)

903

clientSSL.set_connect_state()

904

905

called = []

906

def info(conn, where, ret):

907

called.append((conn, where, ret))

908

context = Context(TLSv1_METHOD)

909

context.set_info_callback(info)

910

context.use_certificate(

911

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

912

context.use_privatekey(

913

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

914

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

915

serverSSL = Connection(context, server)

916

serverSSL.set_accept_state()

917

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

918

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

919

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

920

# The callback must always be called with a Connection instance as the

921

# first argument. It would probably be better to split this into

922

# separate tests for client and server side info callbacks so we could

923

# assert it is called with the right Connection instance. It would

924

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

925

notConnections = [

926

conn for (conn, where, ret) in called

927

if not isinstance(conn, Connection)]

928

self.assertEqual(

929

[], notConnections,

930

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

931

932

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

933

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

934

"""

935

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

936

its :py:obj:`load_verify_locations` method with the given arguments.

937

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

938

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

939

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

940

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

941

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

942

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

943

# Require that the server certificate verify properly or the

944

# connection will fail.

945

clientContext.set_verify(

946

VERIFY_PEER,

947

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

948

949

clientSSL = Connection(clientContext, client)

950

clientSSL.set_connect_state()

951

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

952

serverContext = Context(TLSv1_METHOD)

953

serverContext.use_certificate(

954

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

955

serverContext.use_privatekey(

956

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

957

958

serverSSL = Connection(serverContext, server)

959

serverSSL.set_accept_state()

960

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

961

# Without load_verify_locations above, the handshake

962

# will fail:

963

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

964

# 'certificate verify failed')]

965

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

966

967

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

968

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

969

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

970

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

971

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

972

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

973

Verify that if path to a file containing a certificate is passed to

974

``Context.load_verify_locations`` for the ``cafile`` parameter, that

975

certificate is used as a trust root for the purposes of verifying

976

connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

977

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

978

fObj = open(cafile, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

979

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

980

fObj.close()

981

982

self._load_verify_locations_test(cafile)

983

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

984

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

985

def test_load_verify_bytes_cafile(self):

986

"""

987

:py:obj:`Context.load_verify_locations` accepts a file name as a

988

``bytes`` instance and uses the certificates within for verification

989

purposes.

990

"""

991

cafile = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

992

self._load_verify_cafile(cafile)

993

994

995

def test_load_verify_unicode_cafile(self):

996

"""

997

:py:obj:`Context.load_verify_locations` accepts a file name as a

998

``unicode`` instance and uses the certificates within for verification

999

purposes.

1000

"""

Jean-Paul Calderone

4f70c80

2015-04-12 11:26:47 -0400

[diff] [blame]

1001

self._load_verify_cafile(

1002

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

1003

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1004

1005

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

1006

def test_load_verify_invalid_file(self):

1007

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1008

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

1009

non-existent cafile.

1010

"""

1011

clientContext = Context(TLSv1_METHOD)

1012

self.assertRaises(

1013

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1014

1015

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1016

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1017

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1018

Verify that if path to a directory containing certificate files is

1019

passed to ``Context.load_verify_locations`` for the ``capath``

1020

parameter, those certificates are used as trust roots for the purposes

1021

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1022

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1023

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

1024

# Hash values computed manually with c_rehash to avoid depending on

1025

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

1026

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1027

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1028

cafile = join_bytes_or_unicode(capath, name)

1029

with open(cafile, 'w') as fObj:

1030

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1031

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1032

self._load_verify_locations_test(None, capath)

1033

1034

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1035

def test_load_verify_directory_bytes_capath(self):

1036

"""

1037

:py:obj:`Context.load_verify_locations` accepts a directory name as a

1038

``bytes`` instance and uses the certificates within for verification

1039

purposes.

1040

"""

1041

self._load_verify_directory_locations_capath(

1042

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_load_verify_directory_unicode_capath(self):

1047

"""

1048

:py:obj:`Context.load_verify_locations` accepts a directory name as a

1049

``unicode`` instance and uses the certificates within for verification

1050

purposes.

1051

"""

Jean-Paul Calderone

4f70c80

2015-04-12 11:26:47 -0400

[diff] [blame]

1052

self._load_verify_directory_locations_capath(

1053

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

1054

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1055

1056

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1057

def test_load_verify_locations_wrong_args(self):

1058

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1059

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

1060

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1061

"""

1062

context = Context(TLSv1_METHOD)

1063

self.assertRaises(TypeError, context.load_verify_locations)

1064

self.assertRaises(TypeError, context.load_verify_locations, object())

1065

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

1066

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

1067

1068

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

1069

if platform == "win32":

1070

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1071

"See LP#404343 and LP#404344."

1072

else:

1073

def test_set_default_verify_paths(self):

1074

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1075

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1076

certificate locations to be used for verification purposes.

1077

"""

1078

# Testing this requires a server with a certificate signed by one of

1079

# the CAs in the platform CA location. Getting one of those costs

1080

# money. Fortunately (or unfortunately, depending on your

1081

# perspective), it's easy to think of a public server on the

1082

# internet which has such a certificate. Connecting to the network

1083

# in a unit test is bad, but it's the only way I can think of to

1084

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1085

Alex Gaynor

b586da3

2014-11-15 09:22:21 -0800

[diff] [blame]

1086

# Arg, verisign.com doesn't speak anything newer than TLS 1.0

1087

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1088

context.set_default_verify_paths()

1089

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

1090

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1091

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1092

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1093

client = socket()

1094

client.connect(('verisign.com', 443))

1095

clientSSL = Connection(context, client)

1096

clientSSL.set_connect_state()

1097

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1098

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1099

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1100

1101

1102

def test_set_default_verify_paths_signature(self):

1103

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1104

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

1105

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1106

"""

1107

context = Context(TLSv1_METHOD)

1108

self.assertRaises(TypeError, context.set_default_verify_paths, None)

1109

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

1110

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1111

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1112

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1113

def test_add_extra_chain_cert_invalid_cert(self):

1114

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1115

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1116

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1117

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1118

"""

1119

context = Context(TLSv1_METHOD)

1120

self.assertRaises(TypeError, context.add_extra_chain_cert)

1121

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

1122

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

1123

1124

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1125

def _handshake_test(self, serverContext, clientContext):

1126

"""

1127

Verify that a client and server created with the given contexts can

1128

successfully handshake and communicate.

1129

"""

1130

serverSocket, clientSocket = socket_pair()

1131

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1132

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1133

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1134

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1135

client = Connection(clientContext, clientSocket)

1136

client.set_connect_state()

1137

1138

# Make them talk to each other.

1139

# self._interactInMemory(client, server)

1140

for i in range(3):

1141

for s in [client, server]:

1142

try:

1143

s.do_handshake()

1144

except WantReadError:

pass

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1148

def test_set_verify_callback_connection_argument(self):

1149

"""

1150

The first argument passed to the verify callback is the

1151

:py:class:`Connection` instance for which verification is taking place.

1152

"""

1153

serverContext = Context(TLSv1_METHOD)

1154

serverContext.use_privatekey(

1155

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1156

serverContext.use_certificate(

1157

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1158

serverConnection = Connection(serverContext, None)

1159

1160

class VerifyCallback(object):

1161

def callback(self, connection, *args):

1162

self.connection = connection

1163

return 1

1164

1165

verify = VerifyCallback()

1166

clientContext = Context(TLSv1_METHOD)

1167

clientContext.set_verify(VERIFY_PEER, verify.callback)

1168

clientConnection = Connection(clientContext, None)

1169

clientConnection.set_connect_state()

1170

1171

self._handshakeInMemory(clientConnection, serverConnection)

1172

1173

self.assertIdentical(verify.connection, clientConnection)

1174

1175

Jean-Paul Calderone

7e166fe

2013-03-06 20:54:38 -0800

[diff] [blame]

1176

def test_set_verify_callback_exception(self):

1177

"""

1178

If the verify callback passed to :py:obj:`Context.set_verify` raises an

1179

exception, verification fails and the exception is propagated to the

1180

caller of :py:obj:`Connection.do_handshake`.

1181

"""

1182

serverContext = Context(TLSv1_METHOD)

1183

serverContext.use_privatekey(

1184

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1185

serverContext.use_certificate(

1186

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1187

1188

clientContext = Context(TLSv1_METHOD)

1189

def verify_callback(*args):

1190

raise Exception("silly verify failure")

1191

clientContext.set_verify(VERIFY_PEER, verify_callback)

1192

1193

exc = self.assertRaises(

1194

Exception, self._handshake_test, serverContext, clientContext)

1195

self.assertEqual("silly verify failure", str(exc))

1196

1197

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1198

def test_add_extra_chain_cert(self):

1199

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1200

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509` instance to add to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1201

the certificate chain.

1202

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1203

See :py:obj:`_create_certificate_chain` for the details of the certificate

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1204

chain tested.

1205

1206

The chain is tested by starting a server with scert and connecting

1207

to it with a client which trusts cacert and requires verification to

1208

succeed.

1209

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1210

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1211

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1212

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1213

# Dump the CA certificate to a file because that's the only way to load

1214

# it as a trusted CA in the client context.

1215

for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1216

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1217

fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1218

fObj.close()

1219

1220

for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1221

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1222

fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1223

fObj.close()

1224

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1225

# Create the server context

1226

serverContext = Context(TLSv1_METHOD)

1227

serverContext.use_privatekey(skey)

1228

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1229

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1230

serverContext.add_extra_chain_cert(icert)

1231

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1232

# Create the client

1233

clientContext = Context(TLSv1_METHOD)

1234

clientContext.set_verify(

1235

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1236

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1237

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1238

# Try it out.

1239

self._handshake_test(serverContext, clientContext)

1240

1241

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1242

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1243

"""

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1244

Verify that :py:obj:`Context.use_certificate_chain_file` reads a

1245

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1246

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1247

The chain is tested by starting a server with scert and connecting to

1248

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1249

succeed.

1250

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1251

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1252

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1253

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1254

makedirs(certdir)

1255

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1256

chainFile = join_bytes_or_unicode(certdir, "chain.pem")

1257

caFile = join_bytes_or_unicode(certdir, "ca.pem")

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1258

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1259

# Write out the chain file.

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1260

with open(chainFile, 'wb') as fObj:

1261

# Most specific to least general.

1262

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1263

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1264

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1265

1266

with open(caFile, 'w') as fObj:

1267

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1268

1269

serverContext = Context(TLSv1_METHOD)

1270

serverContext.use_certificate_chain_file(chainFile)

1271

serverContext.use_privatekey(skey)

1272

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1273

clientContext = Context(TLSv1_METHOD)

1274

clientContext.set_verify(

1275

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1276

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1277

1278

self._handshake_test(serverContext, clientContext)

1279

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1280

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1281

def test_use_certificate_chain_file_bytes(self):

1282

"""

1283

``Context.use_certificate_chain_file`` accepts the name of a file (as

1284

an instance of ``bytes``) to specify additional certificates to use to

1285

construct and verify a trust chain.

1286

"""

1287

self._use_certificate_chain_file_test(

1288

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_use_certificate_chain_file_unicode(self):

1293

"""

1294

``Context.use_certificate_chain_file`` accepts the name of a file (as

1295

an instance of ``unicode``) to specify additional certificates to use

1296

to construct and verify a trust chain.

1297

"""

1298

self._use_certificate_chain_file_test(

1299

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

)

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1303

def test_use_certificate_chain_file_wrong_args(self):

1304

"""

1305

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1306

if passed zero or more than one argument or when passed a non-byte

1307

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1308

passed a bad chain file name (for example, the name of a file which does

1309

not exist).

1310

"""

1311

context = Context(TLSv1_METHOD)

1312

self.assertRaises(TypeError, context.use_certificate_chain_file)

1313

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1314

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1315

1316

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1317

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1318

# XXX load_client_ca

1319

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1320

1321

def test_get_verify_mode_wrong_args(self):

1322

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1323

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1324

arguments.

1325

"""

1326

context = Context(TLSv1_METHOD)

1327

self.assertRaises(TypeError, context.get_verify_mode, None)

1328

1329

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1330

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1331

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1332

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1333

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1334

"""

1335

context = Context(TLSv1_METHOD)

1336

self.assertEquals(context.get_verify_mode(), 0)

1337

context.set_verify(

1338

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1339

self.assertEquals(

1340

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1341

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1342

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1343

if not PY3:

1344

def test_set_verify_mode_long(self):

1345

"""

1346

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1347

type :py:obj:`long` as well as :py:obj:`int`.

1348

"""

1349

context = Context(TLSv1_METHOD)

1350

self.assertEquals(context.get_verify_mode(), 0)

1351

context.set_verify(

1352

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1353

self.assertEquals(

1354

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1355

1356

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1357

def test_load_tmp_dh_wrong_args(self):

1358

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1359

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1360

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1361

"""

1362

context = Context(TLSv1_METHOD)

1363

self.assertRaises(TypeError, context.load_tmp_dh)

1364

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1365

self.assertRaises(TypeError, context.load_tmp_dh, object())

1366

1367

1368

def test_load_tmp_dh_missing_file(self):

1369

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1370

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1371

does not exist.

1372

"""

1373

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1374

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1375

1376

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1377

def _load_tmp_dh_test(self, dhfilename):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1378

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1379

with open(dhfilename, "w") as dhfile:

1380

dhfile.write(dhparam)

1381

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1382

context.load_tmp_dh(dhfilename)

1383

# XXX What should I assert here? -exarkun

1384

1385

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1386

def test_load_tmp_dh_bytes(self):

1387

"""

1388

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

1389

specified file (given as ``bytes``).

1390

"""

1391

self._load_tmp_dh_test(

1392

self.mktemp() + NON_ASCII.encode(getfilesystemencoding()),

)

def test_load_tmp_dh_unicode(self):

1397

"""

1398

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

1399

specified file (given as ``unicode``).

1400

"""

1401

self._load_tmp_dh_test(

1402

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII,

)

Jean-Paul Calderone

2014-04-19 09:28:28 -0400

[diff] [blame]

1406

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1407

"""

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1408

:py:obj:`Context.set_tmp_ecdh` sets the elliptic curve for

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1409

Diffie-Hellman to the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1410

"""

1411

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1412

for curve in get_elliptic_curves():

1413

# The only easily "assertable" thing is that it does not raise an

1414

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1415

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1416

1417

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1418

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1419

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1420

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1421

ciphers which connections created with the context object will be able

1422

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1423

"""

1424

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1425

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1426

conn = Connection(context, None)

1427

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1428

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1429

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1430

def test_set_cipher_list_text(self):

1431

"""

1432

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1433

the ciphers which connections created with the context object will be

1434

able to choose from.

1435

"""

1436

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1437

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1438

conn = Connection(context, None)

1439

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1440

1441

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1442

def test_set_cipher_list_wrong_args(self):

1443

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1444

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1445

passed zero arguments or more than one argument or when passed a

1446

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1447

passed an incorrect cipher list string.

1448

"""

1449

context = Context(TLSv1_METHOD)

1450

self.assertRaises(TypeError, context.set_cipher_list)

1451

self.assertRaises(TypeError, context.set_cipher_list, object())

1452

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1453

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1454

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1455

1456

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1457

def test_set_session_cache_mode_wrong_args(self):

1458

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1459

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1460

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1461

"""

1462

context = Context(TLSv1_METHOD)

1463

self.assertRaises(TypeError, context.set_session_cache_mode)

1464

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1465

1466

1467

def test_get_session_cache_mode_wrong_args(self):

1468

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1469

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1470

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1471

"""

1472

context = Context(TLSv1_METHOD)

1473

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1474

1475

1476

def test_session_cache_mode(self):

1477

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1478

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1479

cached. The setting can be retrieved via

1480

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1481

"""

1482

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1483

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1484

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1485

self.assertEqual(SESS_CACHE_OFF, off)

1486

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1487

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1488

if not PY3:

1489

def test_session_cache_mode_long(self):

1490

"""

1491

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1492

of type :py:obj:`long` as well as :py:obj:`int`.

1493

"""

1494

context = Context(TLSv1_METHOD)

1495

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1496

self.assertEqual(

1497

SESS_CACHE_BOTH, context.get_session_cache_mode())

1498

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1499

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1500

def test_get_cert_store(self):

1501

"""

1502

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1503

"""

1504

context = Context(TLSv1_METHOD)

1505

store = context.get_cert_store()

1506

self.assertIsInstance(store, X509Store)

1507

1508

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1509

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1510

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1511

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1512

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1513

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1514

"""

1515

def test_wrong_args(self):

1516

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1517

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1518

with other than one argument.

1519

"""

1520

context = Context(TLSv1_METHOD)

1521

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1522

self.assertRaises(

1523

TypeError, context.set_tlsext_servername_callback, 1, 2)

1524

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1525

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1526

def test_old_callback_forgotten(self):

1527

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1528

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1529

callback, the one it replaces is dereferenced.

1530

"""

1531

def callback(connection):

1532

pass

1533

1534

def replacement(connection):

1535

pass

1536

1537

context = Context(TLSv1_METHOD)

1538

context.set_tlsext_servername_callback(callback)

1539

1540

tracker = ref(callback)

1541

del callback

1542

1543

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1544

1545

# One run of the garbage collector happens to work on CPython. PyPy

1546

# doesn't collect the underlying object until a second run for whatever

1547

# reason. That's fine, it still demonstrates our code has properly

1548

# dropped the reference.

1549

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1550

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1551

1552

callback = tracker()

1553

if callback is not None:

1554

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1555

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1556

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1557

1558

1559

def test_no_servername(self):

1560

"""

1561

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1562

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1563

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1564

"""

1565

args = []

1566

def servername(conn):

1567

args.append((conn, conn.get_servername()))

1568

context = Context(TLSv1_METHOD)

1569

context.set_tlsext_servername_callback(servername)

1570

1571

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1577

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1578

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1579

1580

# Do a little connection to trigger the logic

1581

server = Connection(context, None)

1582

server.set_accept_state()

1583

1584

client = Connection(Context(TLSv1_METHOD), None)

1585

client.set_connect_state()

1586

1587

self._interactInMemory(server, client)

1588

1589

self.assertEqual([(server, None)], args)

1590

1591

1592

def test_servername(self):

1593

"""

1594

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1595

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1596

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1597

"""

1598

args = []

1599

def servername(conn):

1600

args.append((conn, conn.get_servername()))

1601

context = Context(TLSv1_METHOD)

1602

context.set_tlsext_servername_callback(servername)

1603

1604

# Necessary to actually accept the connection

1605

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1606

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1607

1608

# Do a little connection to trigger the logic

1609

server = Connection(context, None)

1610

server.set_accept_state()

1611

1612

client = Connection(Context(TLSv1_METHOD), None)

1613

client.set_connect_state()

1614

client.set_tlsext_host_name(b("foo1.example.com"))

1615

1616

self._interactInMemory(server, client)

1617

1618

self.assertEqual([(server, b("foo1.example.com"))], args)

1619

1620

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1621

class NextProtoNegotiationTests(TestCase, _LoopbackMixin):

1622

"""

1623

Test for Next Protocol Negotiation in PyOpenSSL.

1624

"""

1625

def test_npn_success(self):

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1626

"""

1627

Tests that clients and servers that agree on the negotiated next

1628

protocol can correct establish a connection, and that the agreed

1629

protocol is reported by the connections.

1630

"""

1631

advertise_args = []

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1632

select_args = []

1633

def advertise(conn):

1634

advertise_args.append((conn,))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1635

return [b'http/1.1', b'spdy/2']

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1636

def select(conn, options):

1637

select_args.append((conn, options))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1638

return b'spdy/2'

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1639

1640

server_context = Context(TLSv1_METHOD)

1641

server_context.set_npn_advertise_callback(advertise)

1642

1643

client_context = Context(TLSv1_METHOD)

1644

client_context.set_npn_select_callback(select)

1645

1646

# Necessary to actually accept the connection

1647

server_context.use_privatekey(

1648

load_privatekey(FILETYPE_PEM, server_key_pem))

1649

server_context.use_certificate(

1650

load_certificate(FILETYPE_PEM, server_cert_pem))

1651

1652

# Do a little connection to trigger the logic

1653

server = Connection(server_context, None)

1654

server.set_accept_state()

1655

1656

client = Connection(client_context, None)

1657

client.set_connect_state()

1658

1659

self._interactInMemory(server, client)

1660

1661

self.assertEqual([(server,)], advertise_args)

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1662

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1663

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1664

self.assertEqual(server.get_next_proto_negotiated(), b'spdy/2')

1665

self.assertEqual(client.get_next_proto_negotiated(), b'spdy/2')

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1666

1667

1668

def test_npn_client_fail(self):

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1669

"""

1670

Tests that when clients and servers cannot agree on what protocol to

1671

use next that the TLS connection does not get established.

1672

"""

1673

advertise_args = []

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1674

select_args = []

1675

def advertise(conn):

1676

advertise_args.append((conn,))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1677

return [b'http/1.1', b'spdy/2']

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1678

def select(conn, options):

1679

select_args.append((conn, options))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1680

return b''

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1681

1682

server_context = Context(TLSv1_METHOD)

1683

server_context.set_npn_advertise_callback(advertise)

1684

1685

client_context = Context(TLSv1_METHOD)

1686

client_context.set_npn_select_callback(select)

1687

1688

# Necessary to actually accept the connection

1689

server_context.use_privatekey(

1690

load_privatekey(FILETYPE_PEM, server_key_pem))

1691

server_context.use_certificate(

1692

load_certificate(FILETYPE_PEM, server_cert_pem))

1693

1694

# Do a little connection to trigger the logic

1695

server = Connection(server_context, None)

1696

server.set_accept_state()

1697

1698

client = Connection(client_context, None)

1699

client.set_connect_state()

1700

1701

# If the client doesn't return anything, the connection will fail.

1702

self.assertRaises(Error, self._interactInMemory, server, client)

1703

1704

self.assertEqual([(server,)], advertise_args)

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1705

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1706

1707

Cory Benfield

0ea76e7

2015-03-22 09:05:28 +0000

[diff] [blame]

1708

def test_npn_select_error(self):

1709

"""

1710

Test that we can handle exceptions in the select callback. If select

1711

fails it should be fatal to the connection.

"""

advertise_args = []

def advertise(conn):

advertise_args.append((conn,))

1716

return [b'http/1.1', b'spdy/2']

1717

def select(conn, options):

1718

raise TypeError

1719

1720

server_context = Context(TLSv1_METHOD)

1721

server_context.set_npn_advertise_callback(advertise)

1722

1723

client_context = Context(TLSv1_METHOD)

1724

client_context.set_npn_select_callback(select)

1725

1726

# Necessary to actually accept the connection

1727

server_context.use_privatekey(

1728

load_privatekey(FILETYPE_PEM, server_key_pem))

1729

server_context.use_certificate(

1730

load_certificate(FILETYPE_PEM, server_cert_pem))

1731

1732

# Do a little connection to trigger the logic

1733

server = Connection(server_context, None)

1734

server.set_accept_state()

1735

1736

client = Connection(client_context, None)

1737

client.set_connect_state()

1738

1739

# If the callback throws an exception it should be raised here.

1740

self.assertRaises(TypeError, self._interactInMemory, server, client)

1741

self.assertEqual([(server,)], advertise_args)

1742

1743

1744

def test_npn_advertise_error(self):

1745

"""

1746

Test that we can handle exceptions in the advertise callback. If

1747

advertise fails no NPN is advertised to the client.

"""

select_args = []

def advertise(conn):

raise TypeError

def select(conn, options):

1753

select_args.append((conn, options))

1754

return b''

1755

1756

server_context = Context(TLSv1_METHOD)

1757

server_context.set_npn_advertise_callback(advertise)

1758

1759

client_context = Context(TLSv1_METHOD)

1760

client_context.set_npn_select_callback(select)

1761

1762

# Necessary to actually accept the connection

1763

server_context.use_privatekey(

1764

load_privatekey(FILETYPE_PEM, server_key_pem))

1765

server_context.use_certificate(

1766

load_certificate(FILETYPE_PEM, server_cert_pem))

1767

1768

# Do a little connection to trigger the logic

1769

server = Connection(server_context, None)

1770

server.set_accept_state()

1771

1772

client = Connection(client_context, None)

1773

client.set_connect_state()

1774

1775

# If the client doesn't return anything, the connection will fail.

1776

self.assertRaises(TypeError, self._interactInMemory, server, client)

1777

self.assertEqual([], select_args)

1778

1779

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1780

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

1781

class SessionTests(TestCase):

1782

"""

1783

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1784

"""

1785

def test_construction(self):

1786

"""

1787

:py:class:`Session` can be constructed with no arguments, creating a new

1788

instance of that type.

1789

"""

1790

new_session = Session()

1791

self.assertTrue(isinstance(new_session, Session))

1792

1793

1794

def test_construction_wrong_args(self):

1795

"""

1796

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

1797

is raised.

1798

"""

1799

self.assertRaises(TypeError, Session, 123)

1800

self.assertRaises(TypeError, Session, "hello")

1801

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1805

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1806

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1807

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1808

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1809

# XXX get_peer_certificate -> None

1810

# XXX sock_shutdown

1811

# XXX master_key -> TypeError

1812

# XXX server_random -> TypeError

1813

# XXX state_string

1814

# XXX connect -> TypeError

1815

# XXX connect_ex -> TypeError

1816

# XXX set_connect_state -> TypeError

1817

# XXX set_accept_state -> TypeError

1818

# XXX renegotiate_pending

1819

# XXX do_handshake -> TypeError

1820

# XXX bio_read -> TypeError

1821

# XXX recv -> TypeError

1822

# XXX send -> TypeError

1823

# XXX bio_write -> TypeError

1824

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1825

def test_type(self):

1826

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1827

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1828

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1829

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1830

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1831

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1832

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1833

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1834

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1835

def test_get_context(self):

1836

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1837

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

1838

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1839

"""

1840

context = Context(TLSv1_METHOD)

1841

connection = Connection(context, None)

1842

self.assertIdentical(connection.get_context(), context)

1843

1844

1845

def test_get_context_wrong_args(self):

1846

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1847

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1848

arguments.

1849

"""

1850

connection = Connection(Context(TLSv1_METHOD), None)

1851

self.assertRaises(TypeError, connection.get_context, None)

1852

1853

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1854

def test_set_context_wrong_args(self):

1855

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1856

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

1857

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1858

than 1.

1859

"""

1860

ctx = Context(TLSv1_METHOD)

1861

connection = Connection(ctx, None)

1862

self.assertRaises(TypeError, connection.set_context)

1863

self.assertRaises(TypeError, connection.set_context, object())

1864

self.assertRaises(TypeError, connection.set_context, "hello")

1865

self.assertRaises(TypeError, connection.set_context, 1)

1866

self.assertRaises(TypeError, connection.set_context, 1, 2)

1867

self.assertRaises(

1868

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

1869

self.assertIdentical(ctx, connection.get_context())

1870

1871

1872

def test_set_context(self):

1873

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1874

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1875

for the connection.

1876

"""

1877

original = Context(SSLv23_METHOD)

1878

replacement = Context(TLSv1_METHOD)

1879

connection = Connection(original, None)

1880

connection.set_context(replacement)

1881

self.assertIdentical(replacement, connection.get_context())

1882

# Lose our references to the contexts, just in case the Connection isn't

1883

# properly managing its own contributions to their reference counts.

1884

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

1889

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1890

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1891

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1892

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1893

"""

1894

conn = Connection(Context(TLSv1_METHOD), None)

1895

self.assertRaises(TypeError, conn.set_tlsext_host_name)

1896

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

1897

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

1898

self.assertRaises(

1899

TypeError, conn.set_tlsext_host_name, b("with\0null"))

1900

1901

if version_info >= (3,):

1902

# On Python 3.x, don't accidentally implicitly convert from text.

1903

self.assertRaises(

1904

TypeError,

1905

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1906

1907

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1908

def test_get_servername_wrong_args(self):

1909

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1910

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1911

arguments.

1912

"""

1913

connection = Connection(Context(TLSv1_METHOD), None)

1914

self.assertRaises(TypeError, connection.get_servername, object())

1915

self.assertRaises(TypeError, connection.get_servername, 1)

1916

self.assertRaises(TypeError, connection.get_servername, "hello")

1917

1918

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1919

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1920

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1921

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1922

immediate read.

1923

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1924

connection = Connection(Context(TLSv1_METHOD), None)

1925

self.assertEquals(connection.pending(), 0)

1926

1927

1928

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1929

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1930

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1931

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1932

connection = Connection(Context(TLSv1_METHOD), None)

1933

self.assertRaises(TypeError, connection.pending, None)

1934

1935

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1936

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1937

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1938

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1939

argument or with the wrong number of arguments.

1940

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1941

connection = Connection(Context(TLSv1_METHOD), socket())

1942

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1943

self.assertRaises(TypeError, connection.connect)

1944

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1945

1946

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1947

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1948

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1949

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1950

connect method raises it.

1951

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1952

client = socket()

1953

context = Context(TLSv1_METHOD)

1954

clientSSL = Connection(context, client)

1955

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

1956

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1957

1958

1959

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1960

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1961

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1962

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1968

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

1969

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1970

1971

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1972

if platform == "darwin":

1973

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

1974

else:

1975

def test_connect_ex(self):

1976

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1977

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1978

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1983

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1984

clientSSL = Connection(Context(TLSv1_METHOD), socket())

1985

clientSSL.setblocking(False)

1986

result = clientSSL.connect_ex(port.getsockname())

1987

expected = (EINPROGRESS, EWOULDBLOCK)

1988

self.assertTrue(

1989

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1990

1991

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1992

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1993

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1994

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1995

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1996

connection = Connection(Context(TLSv1_METHOD), socket())

1997

self.assertRaises(TypeError, connection.accept, None)

1998

1999

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2000

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2001

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2002

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

2003

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2004

connection originated from.

2005

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2006

ctx = Context(TLSv1_METHOD)

2007

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2008

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2009

port = socket()

2010

portSSL = Connection(ctx, port)

2011

portSSL.bind(('', 0))

2012

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2013

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2014

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2015

2016

# Calling portSSL.getsockname() here to get the server IP address sounds

2017

# great, but frequently fails on Windows.

2018

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2019

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2020

serverSSL, address = portSSL.accept()

2021

2022

self.assertTrue(isinstance(serverSSL, Connection))

2023

self.assertIdentical(serverSSL.get_context(), ctx)

2024

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2025

2026

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2027

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2028

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2029

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2030

number of arguments or with arguments other than integers.

2031

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2032

connection = Connection(Context(TLSv1_METHOD), None)

2033

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

2034

self.assertRaises(TypeError, connection.get_shutdown, None)

2035

self.assertRaises(TypeError, connection.set_shutdown)

2036

self.assertRaises(TypeError, connection.set_shutdown, None)

2037

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2038

2039

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2040

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2041

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2042

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2043

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2044

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2045

self.assertFalse(server.shutdown())

2046

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2047

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2048

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

2049

client.shutdown()

2050

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

2051

self.assertRaises(ZeroReturnError, server.recv, 1024)

2052

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2053

2054

Paul Aurich

c85e086

2015-01-08 08:34:33 -0800

[diff] [blame]

2055

def test_shutdown_closed(self):

2056

"""

2057

If the underlying socket is closed, :py:obj:`Connection.shutdown` propagates the

2058

write error from the low level write call.

2059

"""

2060

server, client = self._loopback()

2061

server.sock_shutdown(2)

2062

exc = self.assertRaises(SysCallError, server.shutdown)

2063

if platform == "win32":

2064

self.assertEqual(exc.args[0], ESHUTDOWN)

2065

else:

2066

self.assertEqual(exc.args[0], EPIPE)

2067

2068

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2069

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2070

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2071

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2072

process.

2073

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2074

connection = Connection(Context(TLSv1_METHOD), socket())

2075

connection.set_shutdown(RECEIVED_SHUTDOWN)

2076

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

2077

2078

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

2079

if not PY3:

2080

def test_set_shutdown_long(self):

2081

"""

2082

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

2083

of type :py:obj:`long` as well as :py:obj:`int`.

2084

"""

2085

connection = Connection(Context(TLSv1_METHOD), socket())

2086

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

2087

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

2088

2089

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2090

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2091

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2092

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

2093

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2094

with any arguments.

2095

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2096

conn = Connection(Context(TLSv1_METHOD), None)

2097

self.assertRaises(TypeError, conn.get_app_data, None)

2098

self.assertRaises(TypeError, conn.set_app_data)

2099

self.assertRaises(TypeError, conn.set_app_data, None, None)

2100

2101

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2102

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2103

"""

2104

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2105

:py:obj:`Connection.set_app_data` and later retrieved with

2106

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2107

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2108

conn = Connection(Context(TLSv1_METHOD), None)

2109

app_data = object()

2110

conn.set_app_data(app_data)

2111

self.assertIdentical(conn.get_app_data(), app_data)

2112

2113

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2114

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2115

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2116

:py:obj:`Connection.makefile` is not implemented and calling that method raises

2117

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2118

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2119

conn = Connection(Context(TLSv1_METHOD), None)

2120

self.assertRaises(NotImplementedError, conn.makefile)

2121

2122

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2123

def test_get_peer_cert_chain_wrong_args(self):

2124

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2125

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2126

arguments.

2127

"""

2128

conn = Connection(Context(TLSv1_METHOD), None)

2129

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

2130

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

2131

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

2132

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

2133

2134

2135

def test_get_peer_cert_chain(self):

2136

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2137

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2138

the connected server returned for the certification verification.

2139

"""

2140

chain = _create_certificate_chain()

2141

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2142

2143

serverContext = Context(TLSv1_METHOD)

2144

serverContext.use_privatekey(skey)

2145

serverContext.use_certificate(scert)

2146

serverContext.add_extra_chain_cert(icert)

2147

serverContext.add_extra_chain_cert(cacert)

2148

server = Connection(serverContext, None)

2149

server.set_accept_state()

2150

2151

# Create the client

2152

clientContext = Context(TLSv1_METHOD)

2153

clientContext.set_verify(VERIFY_NONE, verify_cb)

2154

client = Connection(clientContext, None)

2155

client.set_connect_state()

2156

2157

self._interactInMemory(client, server)

2158

2159

chain = client.get_peer_cert_chain()

2160

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2161

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2162

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2163

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2164

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2165

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2166

"Authority Certificate", chain[2].get_subject().CN)

2167

2168

2169

def test_get_peer_cert_chain_none(self):

2170

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2171

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2172

certificate chain.

2173

"""

2174

ctx = Context(TLSv1_METHOD)

2175

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2176

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2177

server = Connection(ctx, None)

2178

server.set_accept_state()

2179

client = Connection(Context(TLSv1_METHOD), None)

2180

client.set_connect_state()

2181

self._interactInMemory(client, server)

2182

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2183

2184

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2185

def test_get_session_wrong_args(self):

2186

"""

2187

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

2188

with any arguments.

2189

"""

2190

ctx = Context(TLSv1_METHOD)

2191

server = Connection(ctx, None)

2192

self.assertRaises(TypeError, server.get_session, 123)

2193

self.assertRaises(TypeError, server.get_session, "hello")

2194

self.assertRaises(TypeError, server.get_session, object())

2195

2196

2197

def test_get_session_unconnected(self):

2198

"""

2199

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

2200

an object which has not been connected.

2201

"""

2202

ctx = Context(TLSv1_METHOD)

2203

server = Connection(ctx, None)

2204

session = server.get_session()

2205

self.assertIdentical(None, session)

2206

2207

2208

def test_server_get_session(self):

2209

"""

2210

On the server side of a connection, :py:obj:`Connection.get_session`

2211

returns a :py:class:`Session` instance representing the SSL session for

2212

that connection.

2213

"""

2214

server, client = self._loopback()

2215

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

2216

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2217

2218

2219

def test_client_get_session(self):

2220

"""

2221

On the client side of a connection, :py:obj:`Connection.get_session`

2222

returns a :py:class:`Session` instance representing the SSL session for

2223

that connection.

2224

"""

2225

server, client = self._loopback()

2226

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

2227

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2228

2229

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2230

def test_set_session_wrong_args(self):

2231

"""

2232

If called with an object that is not an instance of :py:class:`Session`,

2233

or with other than one argument, :py:obj:`Connection.set_session` raises

2234

:py:obj:`TypeError`.

2235

"""

2236

ctx = Context(TLSv1_METHOD)

2237

connection = Connection(ctx, None)

2238

self.assertRaises(TypeError, connection.set_session)

2239

self.assertRaises(TypeError, connection.set_session, 123)

2240

self.assertRaises(TypeError, connection.set_session, "hello")

2241

self.assertRaises(TypeError, connection.set_session, object())

2242

self.assertRaises(

2243

TypeError, connection.set_session, Session(), Session())

2244

2245

2246

def test_client_set_session(self):

2247

"""

2248

:py:obj:`Connection.set_session`, when used prior to a connection being

2249

established, accepts a :py:class:`Session` instance and causes an

2250

attempt to re-use the session it represents when the SSL handshake is

2251

performed.

2252

"""

2253

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2254

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2255

ctx = Context(TLSv1_METHOD)

2256

ctx.use_privatekey(key)

2257

ctx.use_certificate(cert)

2258

ctx.set_session_id("unity-test")

2259

2260

def makeServer(socket):

2261

server = Connection(ctx, socket)

2262

server.set_accept_state()

2263

return server

2264

2265

originalServer, originalClient = self._loopback(

2266

serverFactory=makeServer)

2267

originalSession = originalClient.get_session()

2268

2269

def makeClient(socket):

2270

client = self._loopbackClientFactory(socket)

2271

client.set_session(originalSession)

2272

return client

2273

resumedServer, resumedClient = self._loopback(

2274

serverFactory=makeServer,

2275

clientFactory=makeClient)

2276

2277

# This is a proxy: in general, we have no access to any unique

2278

# identifier for the session (new enough versions of OpenSSL expose a

2279

# hash which could be usable, but "new enough" is very, very new).

2280

# Instead, exploit the fact that the master key is re-used if the

2281

# session is re-used. As long as the master key for the two connections

2282

# is the same, the session was re-used!

2283

self.assertEqual(

2284

originalServer.master_key(), resumedServer.master_key())

2285

2286

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2287

def test_set_session_wrong_method(self):

2288

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

2289

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

2290

instance associated with a context using a different SSL method than the

2291

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

2292

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2293

"""

2294

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2295

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2296

ctx = Context(TLSv1_METHOD)

2297

ctx.use_privatekey(key)

2298

ctx.use_certificate(cert)

2299

ctx.set_session_id("unity-test")

2300

2301

def makeServer(socket):

2302

server = Connection(ctx, socket)

2303

server.set_accept_state()

2304

return server

2305

2306

originalServer, originalClient = self._loopback(

2307

serverFactory=makeServer)

2308

originalSession = originalClient.get_session()

2309

2310

def makeClient(socket):

2311

# Intentionally use a different, incompatible method here.

2312

client = Connection(Context(SSLv3_METHOD), socket)

2313

client.set_connect_state()

2314

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

2320

2321

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2322

def test_wantWriteError(self):

2323

"""

2324

:py:obj:`Connection` methods which generate output raise

2325

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

2326

fail indicating a should-write state.

2327

"""

2328

client_socket, server_socket = socket_pair()

2329

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2330

# anything. Only write a single byte at a time so we can be sure we

2331

# completely fill the buffer. Even though the socket API is allowed to

2332

# signal a short write via its return value it seems this doesn't

2333

# always happen on all platforms (FreeBSD and OS X particular) for the

2334

# very last bit of available buffer space.

2335

msg = b"x"

2336

for i in range(1024 * 1024 * 4):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2337

try:

2338

client_socket.send(msg)

2339

except error as e:

2340

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

2346

2347

ctx = Context(TLSv1_METHOD)

2348

conn = Connection(ctx, client_socket)

2349

# Client's speak first, so make it an SSL client

2350

conn.set_connect_state()

2351

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2355

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2356

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2357

:py:obj:`Connection.get_finished` returns :py:obj:`None` before TLS

2358

handshake is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2359

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2360

ctx = Context(TLSv1_METHOD)

2361

connection = Connection(ctx, None)

2362

self.assertEqual(connection.get_finished(), None)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2363

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2364

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2365

def test_get_peer_finished_before_connect(self):

2366

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2367

:py:obj:`Connection.get_peer_finished` returns :py:obj:`None` before

2368

TLS handshake is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2369

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2370

ctx = Context(TLSv1_METHOD)

2371

connection = Connection(ctx, None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2372

self.assertEqual(connection.get_peer_finished(), None)

2373

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2374

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2375

def test_get_finished(self):

2376

"""

2377

:py:obj:`Connection.get_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2378

message send from client, or server. Finished messages are send during

2379

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2380

"""

2381

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2382

server, client = self._loopback()

2383

2384

self.assertNotEqual(server.get_finished(), None)

2385

self.assertTrue(len(server.get_finished()) > 0)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2386

Jean-Paul Calderone

d979f23

2014-03-30 11:58:00 -0400

[diff] [blame]

2387

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2388

def test_get_peer_finished(self):

2389

"""

2390

:py:obj:`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2391

message received from client, or server. Finished messages are send

2392

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2393

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2394

server, client = self._loopback()

2395

2396

self.assertNotEqual(server.get_peer_finished(), None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2397

self.assertTrue(len(server.get_peer_finished()) > 0)

2398

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2399

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2400

def test_tls_finished_message_symmetry(self):

2401

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2402

The TLS Finished message send by server must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2403

received by client.

2404

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2405

The TLS Finished message send by client must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2406

received by server.

2407

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2408

server, client = self._loopback()

2409

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2410

self.assertEqual(server.get_finished(), client.get_peer_finished())

2411

self.assertEqual(client.get_finished(), server.get_peer_finished())

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2412

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2413

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2414

def test_get_cipher_name_before_connect(self):

2415

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2416

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None` if no

2417

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2418

"""

2419

ctx = Context(TLSv1_METHOD)

2420

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2421

self.assertIdentical(conn.get_cipher_name(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2422

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2423

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2424

def test_get_cipher_name(self):

2425

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2426

:py:obj:`Connection.get_cipher_name` returns a :py:class:`unicode`

2427

string giving the name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2428

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2429

server, client = self._loopback()

2430

server_cipher_name, client_cipher_name = \

2431

server.get_cipher_name(), client.get_cipher_name()

2432

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2433

self.assertIsInstance(server_cipher_name, text_type)

2434

self.assertIsInstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2435

2436

self.assertEqual(server_cipher_name, client_cipher_name)

2437

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2438

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2439

def test_get_cipher_version_before_connect(self):

2440

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2441

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None` if no

2442

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2443

"""

2444

ctx = Context(TLSv1_METHOD)

2445

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2446

self.assertIdentical(conn.get_cipher_version(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2447

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2448

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2449

def test_get_cipher_version(self):

2450

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2451

:py:obj:`Connection.get_cipher_version` returns a :py:class:`unicode`

2452

string giving the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2453

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2454

server, client = self._loopback()

2455

server_cipher_version, client_cipher_version = \

2456

server.get_cipher_version(), client.get_cipher_version()

2457

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2458

self.assertIsInstance(server_cipher_version, text_type)

2459

self.assertIsInstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2460

2461

self.assertEqual(server_cipher_version, client_cipher_version)

2462

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2463

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2464

def test_get_cipher_bits_before_connect(self):

2465

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2466

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None` if no

2467

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2468

"""

2469

ctx = Context(TLSv1_METHOD)

2470

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2471

self.assertIdentical(conn.get_cipher_bits(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2472

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2473

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2474

def test_get_cipher_bits(self):

2475

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2476

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits

2477

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2478

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2479

server, client = self._loopback()

2480

server_cipher_bits, client_cipher_bits = \

2481

server.get_cipher_bits(), client.get_cipher_bits()

2482

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2483

self.assertIsInstance(server_cipher_bits, int)

2484

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2485

2486

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2487

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2488

2489

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2490

class ConnectionGetCipherListTests(TestCase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2491

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2492

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2493

"""

Jean-Paul Calderone

54a2bc0

2010-09-09 17:52:38 -0400

[diff] [blame]

2494

def test_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2495

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2496

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2497

arguments.

2498

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2499

connection = Connection(Context(TLSv1_METHOD), None)

2500

self.assertRaises(TypeError, connection.get_cipher_list, None)

2501

2502

2503

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2504

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2505

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2506

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2507

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2508

connection = Connection(Context(TLSv1_METHOD), None)

2509

ciphers = connection.get_cipher_list()

2510

self.assertTrue(isinstance(ciphers, list))

2511

for cipher in ciphers:

2512

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2516

class ConnectionSendTests(TestCase, _LoopbackMixin):

2517

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2518

Tests for :py:obj:`Connection.send`

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2519

"""

2520

def test_wrong_args(self):

2521

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2522

When called with arguments other than string argument for its first

2523

parameter or more than two arguments, :py:obj:`Connection.send` raises

2524

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2525

"""

2526

connection = Connection(Context(TLSv1_METHOD), None)

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2527

self.assertRaises(TypeError, connection.send)

2528

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2529

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2530

2531

2532

def test_short_bytes(self):

2533

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2534

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2535

and returns the number of bytes sent.

2536

"""

2537

server, client = self._loopback()

2538

count = server.send(b('xy'))

2539

self.assertEquals(count, 2)

2540

self.assertEquals(client.recv(2), b('xy'))

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2546

else:

2547

def test_short_memoryview(self):

2548

"""

2549

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2550

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2551

bytes sent.

2552

"""

2553

server, client = self._loopback()

2554

count = server.send(memoryview(b('xy')))

2555

self.assertEquals(count, 2)

2556

self.assertEquals(client.recv(2), b('xy'))

2557

2558

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffer without buffer"

2563

else:

2564

def test_short_buffer(self):

2565

"""

2566

When passed a buffer containing a small number of bytes,

2567

:py:obj:`Connection.send` transmits all of them and returns the number of

2568

bytes sent.

2569

"""

2570

server, client = self._loopback()

2571

count = server.send(buffer(b('xy')))

2572

self.assertEquals(count, 2)

2573

self.assertEquals(client.recv(2), b('xy'))

2574

2575

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2576

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2577

def _make_memoryview(size):

2578

"""

2579

Create a new ``memoryview`` wrapped around a ``bytearray`` of the given

2580

size.

2581

"""

2582

return memoryview(bytearray(size))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2586

class ConnectionRecvIntoTests(TestCase, _LoopbackMixin):

2587

"""

2588

Tests for :py:obj:`Connection.recv_into`

2589

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2590

def _no_length_test(self, factory):

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2591

"""

2592

Assert that when the given buffer is passed to

2593

``Connection.recv_into``, whatever bytes are available to be received

2594

that fit into that buffer are written into that buffer.

2595

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2596

output_buffer = factory(5)

2597

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2598

server, client = self._loopback()

2599

server.send(b('xy'))

2600

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2601

self.assertEqual(client.recv_into(output_buffer), 2)

2602

self.assertEqual(output_buffer, bytearray(b('xy\x00\x00\x00')))

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2603

2604

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2605

def test_bytearray_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2606

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2607

:py:obj:`Connection.recv_into` can be passed a ``bytearray`` instance

2608

and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2609

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2610

self._no_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2611

2612

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2613

def _respects_length_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2614

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2615

Assert that when the given buffer is passed to ``Connection.recv_into``

2616

along with a value for ``nbytes`` that is less than the size of that

2617

buffer, only ``nbytes`` bytes are written into the buffer.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2618

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2619

output_buffer = factory(10)

2620

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2621

server, client = self._loopback()

2622

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2623

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2624

self.assertEqual(client.recv_into(output_buffer, 5), 5)

2625

self.assertEqual(

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2626

output_buffer, bytearray(b('abcde\x00\x00\x00\x00\x00'))

)

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2630

def test_bytearray_respects_length(self):

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2631

"""

2632

When called with a ``bytearray`` instance,

2633

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter and

2634

doesn't copy in more than that number of bytes.

2635

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2636

self._respects_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2637

2638

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2639

def _doesnt_overfill_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2640

"""

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2641

Assert that if there are more bytes available to be read from the

2642

receive buffer than would fit into the buffer passed to

2643

:py:obj:`Connection.recv_into`, only as many as fit are written into

2644

it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2645

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2646

output_buffer = factory(5)

2647

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2648

server, client = self._loopback()

2649

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2650

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2651

self.assertEqual(client.recv_into(output_buffer), 5)

2652

self.assertEqual(output_buffer, bytearray(b('abcde')))

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2653

rest = client.recv(5)

2654

self.assertEqual(b('fghij'), rest)

2655

2656

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2657

def test_bytearray_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2658

"""

2659

When called with a ``bytearray`` instance,

2660

:py:obj:`Connection.recv_into` respects the size of the array and

2661

doesn't write more bytes into it than will fit.

2662

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2663

self._doesnt_overfill_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2664

2665

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2666

def _really_doesnt_overfill_test(self, factory):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2667

"""

2668

Assert that if the value given by ``nbytes`` is greater than the actual

2669

size of the output buffer passed to :py:obj:`Connection.recv_into`, the

2670

behavior is as if no value was given for ``nbytes`` at all.

2671

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2672

output_buffer = factory(5)

2673

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2674

server, client = self._loopback()

2675

server.send(b('abcdefghij'))

2676

2677

self.assertEqual(client.recv_into(output_buffer, 50), 5)

2678

self.assertEqual(output_buffer, bytearray(b('abcde')))

2679

rest = client.recv(5)

2680

self.assertEqual(b('fghij'), rest)

2681

2682

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2683

def test_bytearray_really_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2684

"""

2685

When called with a ``bytearray`` instance and an ``nbytes`` value that

2686

is too large, :py:obj:`Connection.recv_into` respects the size of the

2687

array and not the ``nbytes`` value and doesn't write more bytes into

2688

the buffer than will fit.

2689

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2690

self._doesnt_overfill_test(bytearray)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2691

2692

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

try:

memoryview

except NameError:

"cannot test recv_into memoryview without memoryview"

2697

else:

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2698

def test_memoryview_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2699

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2700

:py:obj:`Connection.recv_into` can be passed a ``memoryview``

2701

instance and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2702

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2703

self._no_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2704

2705

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2706

def test_memoryview_respects_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2707

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2708

When called with a ``memoryview`` instance,

2709

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter

2710

and doesn't copy more than that number of bytes in.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2711

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2712

self._respects_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2713

2714

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2715

def test_memoryview_doesnt_overfill(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2716

"""

Jean-Paul Calderone

8fd8255

2015-03-15 17:21:07 -0400

[diff] [blame]

2717

When called with a ``memoryview`` instance,

2718

:py:obj:`Connection.recv_into` respects the size of the array and

2719

doesn't write more bytes into it than will fit.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2720

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2721

self._doesnt_overfill_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2722

2723

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2724

def test_memoryview_really_doesnt_overfill(self):

2725

"""

2726

When called with a ``memoryview`` instance and an ``nbytes`` value

2727

that is too large, :py:obj:`Connection.recv_into` respects the size

2728

of the array and not the ``nbytes`` value and doesn't write more

2729

bytes into the buffer than will fit.

2730

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2731

self._doesnt_overfill_test(_make_memoryview)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2732

2733

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2734

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2735

class ConnectionSendallTests(TestCase, _LoopbackMixin):

2736

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2737

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2738

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2739

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2740

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2741

When called with arguments other than a string argument for its first

2742

parameter or with more than two arguments, :py:obj:`Connection.sendall`

2743

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2744

"""

2745

connection = Connection(Context(TLSv1_METHOD), None)

2746

self.assertRaises(TypeError, connection.sendall)

2747

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2748

self.assertRaises(

2749

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2750

2751

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2752

def test_short(self):

2753

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2754

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2755

it.

2756

"""

2757

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

2758

server.sendall(b('x'))

2759

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2760

2761

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2766

else:

2767

def test_short_memoryview(self):

2768

"""

2769

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2770

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2771

"""

2772

server, client = self._loopback()

2773

server.sendall(memoryview(b('x')))

2774

self.assertEquals(client.recv(1), b('x'))

2775

2776

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffers without buffers"

2781

else:

2782

def test_short_buffers(self):

2783

"""

2784

When passed a buffer containing a small number of bytes,

2785

:py:obj:`Connection.sendall` transmits all of them.

2786

"""

2787

server, client = self._loopback()

2788

server.sendall(buffer(b('x')))

2789

self.assertEquals(client.recv(1), b('x'))

2790

2791

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2792

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2793

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2794

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2795

it even if this requires multiple calls of an underlying write function.

2796

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2797

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

2798

# Should be enough, underlying SSL_write should only do 16k at a time.

2799

# On Windows, after 32k of bytes the write will block (forever - because

2800

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

2801

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2802

server.sendall(message)

2803

accum = []

2804

received = 0

2805

while received < len(message):

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

2806

data = client.recv(1024)

2807

accum.append(data)

2808

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

2809

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2810

2811

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2812

def test_closed(self):

2813

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2814

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2815

write error from the low level write call.

2816

"""

2817

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

2818

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2819

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2820

if platform == "win32":

2821

self.assertEqual(exc.args[0], ESHUTDOWN)

2822

else:

2823

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2824

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2825

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2826

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2827

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

2828

"""

2829

Tests for SSL renegotiation APIs.

2830

"""

2831

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2832

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2833

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2834

arguments.

2835

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2836

connection = Connection(Context(TLSv1_METHOD), None)

2837

self.assertRaises(TypeError, connection.renegotiate, None)

2838

2839

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2840

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2841

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2842

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2843

any arguments.

2844

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2845

connection = Connection(Context(TLSv1_METHOD), None)

2846

self.assertRaises(TypeError, connection.total_renegotiations, None)

2847

2848

2849

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2850

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2851

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2852

renegotiations have happened.

2853

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2854

connection = Connection(Context(TLSv1_METHOD), None)

2855

self.assertEquals(connection.total_renegotiations(), 0)

2856

2857

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2858

# def test_renegotiate(self):

2859

# """

2860

# """

2861

# server, client = self._loopback()

2862

2863

# server.send("hello world")

2864

# self.assertEquals(client.recv(len("hello world")), "hello world")

2865

2866

# self.assertEquals(server.total_renegotiations(), 0)

2867

# self.assertTrue(server.renegotiate())

2868

2869

# server.setblocking(False)

2870

# client.setblocking(False)

2871

# while server.renegotiate_pending():

2872

# client.do_handshake()

2873

# server.do_handshake()

2874

2875

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2880

class ErrorTests(TestCase):

2881

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2882

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2883

"""

2884

def test_type(self):

2885

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2886

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2887

"""

2888

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2889

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2893

class ConstantsTests(TestCase):

2894

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2895

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2896

2897

These are values defined by OpenSSL intended only to be used as flags to

2898

OpenSSL APIs. The only assertions it seems can be made about them is

2899

their values.

2900

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2901

# unittest.TestCase has no skip mechanism

2902

if OP_NO_QUERY_MTU is not None:

2903

def test_op_no_query_mtu(self):

2904

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2905

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2906

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2907

"""

2908

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

2909

else:

2910

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2911

2912

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2913

if OP_COOKIE_EXCHANGE is not None:

2914

def test_op_cookie_exchange(self):

2915

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2916

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2917

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2918

"""

2919

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

2920

else:

2921

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2922

2923

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2924

if OP_NO_TICKET is not None:

2925

def test_op_no_ticket(self):

2926

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2927

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2928

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2929

"""

2930

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

2931

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2932

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

2933

2934

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2935

if OP_NO_COMPRESSION is not None:

2936

def test_op_no_compression(self):

2937

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2938

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

2939

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2940

"""

2941

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

2942

else:

2943

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

2944

2945

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2946

def test_sess_cache_off(self):

2947

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2948

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

2949

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2950

"""

2951

self.assertEqual(0x0, SESS_CACHE_OFF)

2952

2953

2954

def test_sess_cache_client(self):

2955

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2956

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

2957

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2958

"""

2959

self.assertEqual(0x1, SESS_CACHE_CLIENT)

2960

2961

2962

def test_sess_cache_server(self):

2963

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2964

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

2965

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2966

"""

2967

self.assertEqual(0x2, SESS_CACHE_SERVER)

2968

2969

2970

def test_sess_cache_both(self):

2971

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2972

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

2973

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2974

"""

2975

self.assertEqual(0x3, SESS_CACHE_BOTH)

2976

2977

2978

def test_sess_cache_no_auto_clear(self):

2979

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2980

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

2981

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

2982

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2983

"""

2984

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

2985

2986

2987

def test_sess_cache_no_internal_lookup(self):

2988

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2989

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

2990

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

2991

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2992

"""

2993

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

2994

2995

2996

def test_sess_cache_no_internal_store(self):

2997

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2998

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

2999

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

3000

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3001

"""

3002

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

3003

3004

3005

def test_sess_cache_no_internal(self):

3006

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3007

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

3008

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

3009

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3010

"""

3011

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

3012

3013

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

3014

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3015

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3016

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3017

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3018

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3019

def _server(self, sock):

3020

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3021

Create a new server-side SSL :py:obj:`Connection` object wrapped around

3022

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3023

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3024

# Create the server side Connection. This is mostly setup boilerplate

3025

# - use TLSv1, use a particular certificate, etc.

3026

server_ctx = Context(TLSv1_METHOD)

3027

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

3028

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

3029

server_store = server_ctx.get_cert_store()

3030

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

3031

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

3032

server_ctx.check_privatekey()

3033

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3034

# Here the Connection is actually created. If None is passed as the 2nd

3035

# parameter, it indicates a memory BIO should be created.

3036

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3037

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3041

def _client(self, sock):

3042

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3043

Create a new client-side SSL :py:obj:`Connection` object wrapped around

3044

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3045

"""

3046

# Now create the client side Connection. Similar boilerplate to the

3047

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3048

client_ctx = Context(TLSv1_METHOD)

3049

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

3050

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

3051

client_store = client_ctx.get_cert_store()

3052

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

3053

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

3054

client_ctx.check_privatekey()

3055

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3056

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3057

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3061

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3062

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3063

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3064

reading from the output of each and writing those bytes to the input of

3065

the other and in this way establish a connection and exchange

3066

application-level bytes with each other.

3067

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3068

server_conn = self._server(None)

3069

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3070

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3071

# There should be no key or nonces yet.

3072

self.assertIdentical(server_conn.master_key(), None)

3073

self.assertIdentical(server_conn.client_random(), None)

3074

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3075

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3076

# First, the handshake needs to happen. We'll deliver bytes back and

3077

# forth between the client and server until neither of them feels like

3078

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3079

self.assertIdentical(

3080

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3081

3082

# Now that the handshake is done, there should be a key and nonces.

3083

self.assertNotIdentical(server_conn.master_key(), None)

3084

self.assertNotIdentical(server_conn.client_random(), None)

3085

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

3086

self.assertEquals(server_conn.client_random(), client_conn.client_random())

3087

self.assertEquals(server_conn.server_random(), client_conn.server_random())

3088

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

3089

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3090

3091

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

3092

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3093

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3094

server_conn.write(important_message)

3095

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3096

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3097

(client_conn, important_message))

3098

3099

client_conn.write(important_message[::-1])

3100

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3101

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3102

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3103

3104

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3105

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3106

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3107

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3108

3109

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3110

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3111

this test fails, there must be a problem outside the memory BIO

3112

code, as no memory BIO is involved here). Even though this isn't a

3113

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3114

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

3115

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3116

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

3117

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3118

client_conn.send(important_message)

3119

msg = server_conn.recv(1024)

3120

self.assertEqual(msg, important_message)

3121

3122

# Again in the other direction, just for fun.

3123

important_message = important_message[::-1]

3124

server_conn.send(important_message)

3125

msg = client_conn.recv(1024)

3126

self.assertEqual(msg, important_message)

3127

3128

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

3129

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3130

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3131

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

3132

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3133

"""

3134

context = Context(SSLv3_METHOD)

3135

client = socket()

3136

clientSSL = Connection(context, client)

3137

self.assertRaises( TypeError, clientSSL.bio_read, 100)

3138

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

3139

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3140

3141

3142

def test_outgoingOverflow(self):

3143

"""

3144

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3145

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3146

returned and that many bytes from the beginning of the input can be

3147

read from the other end of the connection.

3148

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3149

server = self._server(None)

3150

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3151

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3152

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3153

3154

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

3155

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3156

# Sanity check. We're trying to test what happens when the entire

3157

# input can't be sent. If the entire input was sent, this test is

3158

# meaningless.

3159

self.assertTrue(sent < size)

3160

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3161

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3162

self.assertIdentical(receiver, server)

3163

3164

# We can rely on all of these bytes being received at once because

3165

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

3166

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3167

3168

3169

def test_shutdown(self):

3170

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3171

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

3172

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3173

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3174

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3175

server.bio_shutdown()

3176

e = self.assertRaises(Error, server.recv, 1024)

3177

# We don't want WantReadError or ZeroReturnError or anything - it's a

3178

# handshake failure.

3179

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3180

3181

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3182

def test_unexpectedEndOfFile(self):

3183

"""

3184

If the connection is lost before an orderly SSL shutdown occurs,

3185

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

3186

"Unexpected EOF".

3187

"""

3188

server_conn, client_conn = self._loopback()

3189

client_conn.sock_shutdown(SHUT_RDWR)

3190

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

3191

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

3192

3193

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3194

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3195

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3196

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3197

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

3198

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3199

before the client and server are connected to each other. This

3200

function should specify a list of CAs for the server to send to the

3201

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3202

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3203

times.

3204

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3205

server = self._server(None)

3206

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3207

self.assertEqual(client.get_client_ca_list(), [])

3208

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3209

ctx = server.get_context()

3210

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3211

self.assertEqual(client.get_client_ca_list(), [])

3212

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3213

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3214

self.assertEqual(client.get_client_ca_list(), expected)

3215

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3216

3217

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3218

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3219

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3220

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3221

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3222

"""

3223

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3224

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

3225

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

3226

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3227

3228

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3229

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3230

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3231

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3232

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3233

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3234

after the connection is set up.

3235

"""

3236

def no_ca(ctx):

3237

ctx.set_client_ca_list([])

3238

return []

3239

self._check_client_ca_list(no_ca)

3240

3241

3242

def test_set_one_ca_list(self):

3243

"""

3244

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3245

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3246

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3247

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3248

X509Name after the connection is set up.

3249

"""

3250

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3251

cadesc = cacert.get_subject()

3252

def single_ca(ctx):

3253

ctx.set_client_ca_list([cadesc])

3254

return [cadesc]

3255

self._check_client_ca_list(single_ca)

3256

3257

3258

def test_set_multiple_ca_list(self):

3259

"""

3260

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3261

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3262

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3263

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3264

X509Names after the connection is set up.

3265

"""

3266

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3267

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3268

3269

sedesc = secert.get_subject()

3270

cldesc = clcert.get_subject()

3271

3272

def multiple_ca(ctx):

3273

L = [sedesc, cldesc]

3274

ctx.set_client_ca_list(L)

3275

return L

3276

self._check_client_ca_list(multiple_ca)

3277

3278

3279

def test_reset_ca_list(self):

3280

"""

3281

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3282

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3283

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3284

"""

3285

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3286

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3287

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3288

3289

cadesc = cacert.get_subject()

3290

sedesc = secert.get_subject()

3291

cldesc = clcert.get_subject()

3292

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3293

def changed_ca(ctx):

3294

ctx.set_client_ca_list([sedesc, cldesc])

3295

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3296

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3297

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3298

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3299

3300

def test_mutated_ca_list(self):

3301

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3302

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3303

afterwards, this does not affect the list of CA names sent to the

3304

client.

3305

"""

3306

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3307

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3308

3309

cadesc = cacert.get_subject()

3310

sedesc = secert.get_subject()

3311

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3312

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3313

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3314

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3315

L.append(sedesc)

3316

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3317

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3318

3319

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3320

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3321

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3322

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3323

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3324

"""

3325

ctx = Context(TLSv1_METHOD)

3326

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3327

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3328

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3329

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3330

3331

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3332

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3333

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3334

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3335

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3336

"""

3337

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3338

cadesc = cacert.get_subject()

3339

def single_ca(ctx):

3340

ctx.add_client_ca(cacert)

3341

return [cadesc]

3342

self._check_client_ca_list(single_ca)

3343

3344

3345

def test_multiple_add_client_ca(self):

3346

"""

3347

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3348

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3349

"""

3350

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3351

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3352

3353

cadesc = cacert.get_subject()

3354

sedesc = secert.get_subject()

3355

3356

def multiple_ca(ctx):

3357

ctx.add_client_ca(cacert)

3358

ctx.add_client_ca(secert)

3359

return [cadesc, sedesc]

3360

self._check_client_ca_list(multiple_ca)

3361

3362

3363

def test_set_and_add_client_ca(self):

3364

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3365

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

3366

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3367

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3368

"""

3369

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3370

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3371

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3372

3373

cadesc = cacert.get_subject()

3374

sedesc = secert.get_subject()

3375

cldesc = clcert.get_subject()

3376

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3377

def mixed_set_add_ca(ctx):

3378

ctx.set_client_ca_list([cadesc, sedesc])

3379

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3380

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3381

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3382

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3383

3384

def test_set_after_add_client_ca(self):

3385

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3386

A call to :py:obj:`Context.set_client_ca_list` after a call to

3387

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3388

call with the names specified by the latter cal.

3389

"""

3390

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3391

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3392

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3393

3394

cadesc = cacert.get_subject()

3395

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3396

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3397

def set_replaces_add_ca(ctx):

3398

ctx.add_client_ca(clcert)

3399

ctx.set_client_ca_list([cadesc])

3400

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3401

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3402

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3403

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3404

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3405

3406

class ConnectionBIOTests(TestCase):

3407

"""

3408

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

3409

"""

3410

def test_wantReadError(self):

3411

"""

3412

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

3413

if there are no bytes available to be read from the BIO.

3414

"""

3415

ctx = Context(TLSv1_METHOD)

3416

conn = Connection(ctx, None)

3417

self.assertRaises(WantReadError, conn.bio_read, 1024)

3418

3419

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3420

def test_buffer_size(self):

3421

"""

3422

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

3423

number of bytes to read and return.

3424

"""

3425

ctx = Context(TLSv1_METHOD)

3426

conn = Connection(ctx, None)

3427

conn.set_connect_state()

3428

try:

3429

conn.do_handshake()

3430

except WantReadError:

3431

pass

3432

data = conn.bio_read(2)

3433

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

3438

"""

3439

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

3440

:py:obj:`long` as well as :py:obj:`int`.

3441

"""

3442

ctx = Context(TLSv1_METHOD)

3443

conn = Connection(ctx, None)

3444

conn.set_connect_state()

3445

try:

3446

conn.do_handshake()

3447

except WantReadError:

3448

pass

3449

data = conn.bio_read(long(2))

3450

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3454

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

3455

class InfoConstantTests(TestCase):

3456

"""

3457

Tests for assorted constants exposed for use in info callbacks.

3458

"""

3459

def test_integers(self):

3460

"""

3461

All of the info constants are integers.

3462

3463

This is a very weak test. It would be nice to have one that actually

3464

verifies that as certain info events happen, the value passed to the

3465

info callback matches up with the constant exposed by OpenSSL.SSL.

3466

"""

3467

for const in [

3468

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

3469

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

3470

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

3471

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

3472

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

3473

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

3474

3475

self.assertTrue(isinstance(const, int))

3476

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3477

Jean-Paul Calderone