Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

5

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

8

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

9

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

10

from sys import platform, version_info, getfilesystemencoding

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

11

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

12

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

13

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

14

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

15

from weakref import ref

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

16

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

17

from six import PY3, binary_type, text_type, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

18

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

19

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

20

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

21

from OpenSSL.crypto import dump_privatekey, load_privatekey

22

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

23

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

24

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

25

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

26

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

27

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

28

from OpenSSL.SSL import (

29

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

30

TLSv1_1_METHOD, TLSv1_2_METHOD)

31

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

32

from OpenSSL.SSL import (

33

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

34

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

35

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

36

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

37

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

38

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

39

40

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

41

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

42

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

43

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

44

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

45

from OpenSSL.test.util import NON_ASCII, TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

46

from OpenSSL.test.test_crypto import (

47

cleartextCertificatePEM, cleartextPrivateKeyPEM)

48

from OpenSSL.test.test_crypto import (

49

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

50

root_cert_pem)

51

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

52

try:

53

from OpenSSL.SSL import OP_NO_QUERY_MTU

54

except ImportError:

55

OP_NO_QUERY_MTU = None

56

try:

57

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

58

except ImportError:

59

OP_COOKIE_EXCHANGE = None

60

try:

61

from OpenSSL.SSL import OP_NO_TICKET

62

except ImportError:

63

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

64

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

65

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

66

from OpenSSL.SSL import OP_NO_COMPRESSION

67

except ImportError:

68

OP_NO_COMPRESSION = None

69

70

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

71

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

72

except ImportError:

73

MODE_RELEASE_BUFFERS = None

74

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

75

try:

76

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

77

except ImportError:

78

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

79

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

80

from OpenSSL.SSL import (

81

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

82

SSL_ST_OK, SSL_ST_RENEGOTIATE,

83

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

84

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

85

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

86

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

87

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

88

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

89

# to use)

90

dhparam = """\

91

-----BEGIN DH PARAMETERS-----

92

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

93

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

97

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

98

return ok

99

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

100

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

101

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

102

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

103

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

104

"""

105

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

111

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

112

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

113

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

114

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

115

# Let's pass some unencrypted data to make sure our socket connection is

116

# fine. Just one byte, so we don't have to worry about buffers getting

117

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

118

server.send(b("x"))

119

assert client.recv(1024) == b("x")

120

client.send(b("y"))

121

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

122

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

123

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

124

server.setblocking(False)

125

client.setblocking(False)

126

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

127

return (server, client)

128

129

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

130

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

131

def handshake(client, server):

132

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

143

def _create_certificate_chain():

144

"""

145

Construct and return a chain of certificates.

146

147

1. A new self-signed certificate authority certificate (cacert)

148

2. A new intermediate certificate signed by cacert (icert)

149

3. A new server certificate signed by icert (scert)

150

"""

151

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

156

cacert = X509()

157

cacert.get_subject().commonName = "Authority Certificate"

158

cacert.set_issuer(cacert.get_subject())

159

cacert.set_pubkey(cakey)

160

cacert.set_notBefore(b("20000101000000Z"))

161

cacert.set_notAfter(b("20200101000000Z"))

162

cacert.add_extensions([caext])

163

cacert.set_serial_number(0)

164

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

169

icert = X509()

170

icert.get_subject().commonName = "Intermediate Certificate"

171

icert.set_issuer(cacert.get_subject())

172

icert.set_pubkey(ikey)

173

icert.set_notBefore(b("20000101000000Z"))

174

icert.set_notAfter(b("20200101000000Z"))

175

icert.add_extensions([caext])

176

icert.set_serial_number(0)

177

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

182

scert = X509()

183

scert.get_subject().commonName = "Server Certificate"

184

scert.set_issuer(icert.get_subject())

185

scert.set_pubkey(skey)

186

scert.set_notBefore(b("20000101000000Z"))

187

scert.set_notAfter(b("20200101000000Z"))

188

scert.add_extensions([

189

X509Extension(b('basicConstraints'), True, b('CA:false'))])

190

scert.set_serial_number(0)

191

scert.sign(ikey, "sha1")

192

193

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

197

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

198

"""

199

Helper mixin which defines methods for creating a connected socket pair and

200

for forcing two connected SSL sockets to talk to each other via memory BIOs.

201

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

202

def _loopbackClientFactory(self, socket):

203

client = Connection(Context(TLSv1_METHOD), socket)

204

client.set_connect_state()

205

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

206

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

207

208

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

209

ctx = Context(TLSv1_METHOD)

210

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

211

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

212

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

213

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

218

if serverFactory is None:

219

serverFactory = self._loopbackServerFactory

220

if clientFactory is None:

221

clientFactory = self._loopbackClientFactory

222

223

(server, client) = socket_pair()

224

server = serverFactory(server)

225

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

226

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

227

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

228

229

server.setblocking(True)

230

client.setblocking(True)

231

return server, client

232

233

234

def _interactInMemory(self, client_conn, server_conn):

235

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

236

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

237

objects. Copy bytes back and forth between their send/receive buffers

238

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

239

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

240

some application bytes, return a two-tuple of the connection from which

241

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

246

wrote = False

247

248

# Copy stuff from each side's send buffer to the other side's

249

# receive buffer.

250

for (read, write) in [(client_conn, server_conn),

251

(server_conn, client_conn)]:

252

253

# Give the side a chance to generate some more bytes, or

254

# succeed.

255

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

256

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

257

except WantReadError:

258

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

263

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

264

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

265

266

while True:

267

# Keep copying as long as there's more stuff there.

268

try:

269

dirty = read.bio_read(4096)

270

except WantReadError:

271

# Okay, nothing more waiting to be sent. Stop

272

# processing this send buffer.

273

break

274

else:

275

# Keep track of the fact that someone generated some

276

# output.

277

wrote = True

278

write.bio_write(dirty)

279

280

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

281

def _handshakeInMemory(self, client_conn, server_conn):

Jean-Paul Calderone

b2b4078

2014-05-06 08:47:40 -0400

[diff] [blame]

282

"""

283

Perform the TLS handshake between two :py:class:`Connection` instances

284

connected to each other via memory BIOs.

285

"""

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

286

client_conn.set_connect_state()

287

server_conn.set_accept_state()

288

289

for conn in [client_conn, server_conn]:

290

try:

291

conn.do_handshake()

292

except WantReadError:

293

pass

294

295

self._interactInMemory(client_conn, server_conn)

296

297

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

298

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

299

class VersionTests(TestCase):

300

"""

301

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

302

:py:obj:`OpenSSL.SSL.SSLeay_version` and

303

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

304

"""

305

def test_OPENSSL_VERSION_NUMBER(self):

306

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

307

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

308

byte and the patch, fix, minor, and major versions in the

309

nibbles above that.

310

"""

311

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

312

313

314

def test_SSLeay_version(self):

315

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

316

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

317

one of a number of version strings based on that indicator.

318

"""

319

versions = {}

320

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

321

SSLEAY_PLATFORM, SSLEAY_DIR]:

322

version = SSLeay_version(t)

323

versions[version] = t

324

self.assertTrue(isinstance(version, bytes))

325

self.assertEqual(len(versions), 5)

326

327

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

328

329

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

330

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

331

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

332

"""

333

def test_method(self):

334

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

335

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

336

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

337

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

338

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

339

methods = [

340

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

341

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

342

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

343

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

344

345

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

350

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

351

# don't. Difficult to say in advance.

352

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

353

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

354

self.assertRaises(TypeError, Context, "")

355

self.assertRaises(ValueError, Context, 10)

356

357

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

358

if not PY3:

359

def test_method_long(self):

360

"""

361

On Python 2 :py:class:`Context` accepts values of type

362

:py:obj:`long` as well as :py:obj:`int`.

363

"""

364

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

368

def test_type(self):

369

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

370

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

371

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

372

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

373

self.assertIdentical(Context, ContextType)

374

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

375

376

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

377

def test_use_privatekey(self):

378

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

379

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

380

"""

381

key = PKey()

382

key.generate_key(TYPE_RSA, 128)

383

ctx = Context(TLSv1_METHOD)

384

ctx.use_privatekey(key)

385

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

386

387

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

388

def test_use_privatekey_file_missing(self):

389

"""

390

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

391

when passed the name of a file which does not exist.

392

"""

393

ctx = Context(TLSv1_METHOD)

394

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

395

396

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

397

if not PY3:

398

def test_use_privatekey_file_long(self):

399

"""

400

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

401

filetype of type :py:obj:`long` as well as :py:obj:`int`.

402

"""

403

pemfile = self.mktemp()

404

405

key = PKey()

406

key.generate_key(TYPE_RSA, 128)

407

408

with open(pemfile, "wt") as pem:

409

pem.write(

410

dump_privatekey(FILETYPE_PEM, key).decode("ascii"))

411

412

ctx = Context(TLSv1_METHOD)

413

ctx.use_privatekey_file(pemfile, long(FILETYPE_PEM))

414

415

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

416

def test_use_certificate_wrong_args(self):

417

"""

418

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

419

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

420

argument.

421

"""

422

ctx = Context(TLSv1_METHOD)

423

self.assertRaises(TypeError, ctx.use_certificate)

424

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

425

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

426

427

428

def test_use_certificate_uninitialized(self):

429

"""

430

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

431

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

432

initialized (ie, which does not actually have any certificate data).

433

"""

434

ctx = Context(TLSv1_METHOD)

435

self.assertRaises(Error, ctx.use_certificate, X509())

436

437

438

def test_use_certificate(self):

439

"""

440

:py:obj:`Context.use_certificate` sets the certificate which will be

441

used to identify connections created using the context.

442

"""

443

# TODO

444

# Hard to assert anything. But we could set a privatekey then ask

445

# OpenSSL if the cert and key agree using check_privatekey. Then as

446

# long as check_privatekey works right we're good...

447

ctx = Context(TLSv1_METHOD)

448

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

449

450

451

def test_use_certificate_file_wrong_args(self):

452

"""

453

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

454

called with zero arguments or more than two arguments, or if the first

455

argument is not a byte string or the second argumnent is not an integer.

456

"""

457

ctx = Context(TLSv1_METHOD)

458

self.assertRaises(TypeError, ctx.use_certificate_file)

459

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

460

self.assertRaises(

461

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

462

self.assertRaises(

463

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

464

self.assertRaises(

465

TypeError, ctx.use_certificate_file, b"somefile", object())

466

467

468

def test_use_certificate_file_missing(self):

469

"""

470

:py:obj:`Context.use_certificate_file` raises

471

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

472

exist.

473

"""

474

ctx = Context(TLSv1_METHOD)

475

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

476

477

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame^]

478

def _use_certificate_file_test(self, certificate_file):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

479

"""

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame^]

480

Verify that calling ``Context.use_certificate_file`` with the given

481

filename doesn't raise an exception.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

482

"""

483

# TODO

484

# Hard to assert anything. But we could set a privatekey then ask

485

# OpenSSL if the cert and key agree using check_privatekey. Then as

486

# long as check_privatekey works right we're good...

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame^]

487

with open(certificate_file, "wb") as pem_file:

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

488

pem_file.write(cleartextCertificatePEM)

489

490

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame^]

491

ctx.use_certificate_file(certificate_file)

492

493

494

def test_use_certificate_file_bytes(self):

495

"""

496

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

497

``bytes`` filename) which will be used to identify connections created

498

using the context.

499

"""

500

filename = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

501

self._use_certificate_file_test(filename)

502

503

504

def test_use_certificate_file_unicode(self):

505

"""

506

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

507

``bytes`` filename) which will be used to identify connections created

508

using the context.

509

"""

510

filename = self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

511

self._use_certificate_file_test(filename)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

512

513

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

514

if not PY3:

515

def test_use_certificate_file_long(self):

516

"""

517

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

518

filetype of type :py:obj:`long` as well as :py:obj:`int`.

519

"""

520

pem_filename = self.mktemp()

521

with open(pem_filename, "wb") as pem_file:

522

pem_file.write(cleartextCertificatePEM)

523

524

ctx = Context(TLSv1_METHOD)

525

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

526

527

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

528

def test_set_app_data_wrong_args(self):

529

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

530

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

531

one argument.

532

"""

533

context = Context(TLSv1_METHOD)

534

self.assertRaises(TypeError, context.set_app_data)

535

self.assertRaises(TypeError, context.set_app_data, None, None)

536

537

538

def test_get_app_data_wrong_args(self):

539

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

540

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

541

arguments.

542

"""

543

context = Context(TLSv1_METHOD)

544

self.assertRaises(TypeError, context.get_app_data, None)

545

546

547

def test_app_data(self):

548

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

549

:py:obj:`Context.set_app_data` stores an object for later retrieval using

550

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

551

"""

552

app_data = object()

553

context = Context(TLSv1_METHOD)

554

context.set_app_data(app_data)

555

self.assertIdentical(context.get_app_data(), app_data)

556

557

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

558

def test_set_options_wrong_args(self):

559

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

560

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

561

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

562

"""

563

context = Context(TLSv1_METHOD)

564

self.assertRaises(TypeError, context.set_options)

565

self.assertRaises(TypeError, context.set_options, None)

566

self.assertRaises(TypeError, context.set_options, 1, None)

567

568

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

569

def test_set_options(self):

570

"""

571

:py:obj:`Context.set_options` returns the new options value.

572

"""

573

context = Context(TLSv1_METHOD)

574

options = context.set_options(OP_NO_SSLv2)

575

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

580

"""

581

On Python 2 :py:obj:`Context.set_options` accepts values of type

582

:py:obj:`long` as well as :py:obj:`int`.

583

"""

584

context = Context(TLSv1_METHOD)

585

options = context.set_options(long(OP_NO_SSLv2))

586

self.assertTrue(OP_NO_SSLv2 & options)

587

588

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

589

def test_set_mode_wrong_args(self):

590

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

591

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

592

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

593

"""

594

context = Context(TLSv1_METHOD)

595

self.assertRaises(TypeError, context.set_mode)

596

self.assertRaises(TypeError, context.set_mode, None)

597

self.assertRaises(TypeError, context.set_mode, 1, None)

598

599

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

600

if MODE_RELEASE_BUFFERS is not None:

601

def test_set_mode(self):

602

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

603

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

604

set mode.

605

"""

606

context = Context(TLSv1_METHOD)

607

self.assertTrue(

608

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

609

610

if not PY3:

611

def test_set_mode_long(self):

612

"""

613

On Python 2 :py:obj:`Context.set_mode` accepts values of type

614

:py:obj:`long` as well as :py:obj:`int`.

615

"""

616

context = Context(TLSv1_METHOD)

617

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

618

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

619

else:

620

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

621

622

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

623

def test_set_timeout_wrong_args(self):

624

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

625

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

626

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

627

"""

628

context = Context(TLSv1_METHOD)

629

self.assertRaises(TypeError, context.set_timeout)

630

self.assertRaises(TypeError, context.set_timeout, None)

631

self.assertRaises(TypeError, context.set_timeout, 1, None)

632

633

634

def test_get_timeout_wrong_args(self):

635

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

636

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

637

"""

638

context = Context(TLSv1_METHOD)

639

self.assertRaises(TypeError, context.get_timeout, None)

640

641

642

def test_timeout(self):

643

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

644

:py:obj:`Context.set_timeout` sets the session timeout for all connections

645

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

646

value.

647

"""

648

context = Context(TLSv1_METHOD)

649

context.set_timeout(1234)

650

self.assertEquals(context.get_timeout(), 1234)

651

652

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

653

if not PY3:

654

def test_timeout_long(self):

655

"""

656

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

657

`long` as well as int.

658

"""

659

context = Context(TLSv1_METHOD)

660

context.set_timeout(long(1234))

661

self.assertEquals(context.get_timeout(), 1234)

662

663

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

664

def test_set_verify_depth_wrong_args(self):

665

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

666

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

667

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

668

"""

669

context = Context(TLSv1_METHOD)

670

self.assertRaises(TypeError, context.set_verify_depth)

671

self.assertRaises(TypeError, context.set_verify_depth, None)

672

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

673

674

675

def test_get_verify_depth_wrong_args(self):

676

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

677

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

678

"""

679

context = Context(TLSv1_METHOD)

680

self.assertRaises(TypeError, context.get_verify_depth, None)

681

682

683

def test_verify_depth(self):

684

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

685

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

686

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

687

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

688

"""

689

context = Context(TLSv1_METHOD)

690

context.set_verify_depth(11)

691

self.assertEquals(context.get_verify_depth(), 11)

692

693

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

694

if not PY3:

695

def test_verify_depth_long(self):

696

"""

697

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

698

type `long` as well as int.

699

"""

700

context = Context(TLSv1_METHOD)

701

context.set_verify_depth(long(11))

702

self.assertEquals(context.get_verify_depth(), 11)

703

704

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

705

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

706

"""

707

Write a new private key out to a new file, encrypted using the given

708

passphrase. Return the path to the new file.

709

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

710

key = PKey()

711

key.generate_key(TYPE_RSA, 128)

712

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

713

fObj = open(pemFile, 'w')

714

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

715

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

720

def test_set_passwd_cb_wrong_args(self):

721

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

722

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

723

wrong arguments or with a non-callable first argument.

724

"""

725

context = Context(TLSv1_METHOD)

726

self.assertRaises(TypeError, context.set_passwd_cb)

727

self.assertRaises(TypeError, context.set_passwd_cb, None)

728

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

729

730

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

731

def test_set_passwd_cb(self):

732

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

733

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

734

a private key is loaded from an encrypted PEM.

735

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

736

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

737

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

738

calledWith = []

739

def passphraseCallback(maxlen, verify, extra):

740

calledWith.append((maxlen, verify, extra))

741

return passphrase

742

context = Context(TLSv1_METHOD)

743

context.set_passwd_cb(passphraseCallback)

744

context.use_privatekey_file(pemFile)

745

self.assertTrue(len(calledWith), 1)

746

self.assertTrue(isinstance(calledWith[0][0], int))

747

self.assertTrue(isinstance(calledWith[0][1], int))

748

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

749

750

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

751

def test_passwd_callback_exception(self):

752

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

753

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

754

passphrase callback.

755

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

756

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

757

def passphraseCallback(maxlen, verify, extra):

758

raise RuntimeError("Sorry, I am a fail.")

759

760

context = Context(TLSv1_METHOD)

761

context.set_passwd_cb(passphraseCallback)

762

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

763

764

765

def test_passwd_callback_false(self):

766

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

767

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

768

passphrase callback returns a false value.

769

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

770

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

771

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

772

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

773

774

context = Context(TLSv1_METHOD)

775

context.set_passwd_cb(passphraseCallback)

776

self.assertRaises(Error, context.use_privatekey_file, pemFile)

777

778

779

def test_passwd_callback_non_string(self):

780

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

781

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

782

passphrase callback returns a true non-string value.

783

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

784

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

785

def passphraseCallback(maxlen, verify, extra):

786

return 10

787

788

context = Context(TLSv1_METHOD)

789

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

790

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

791

792

793

def test_passwd_callback_too_long(self):

794

"""

795

If the passphrase returned by the passphrase callback returns a string

796

longer than the indicated maximum length, it is truncated.

797

"""

798

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

799

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

800

pemFile = self._write_encrypted_pem(passphrase)

801

def passphraseCallback(maxlen, verify, extra):

802

assert maxlen == 1024

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

803

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

804

805

context = Context(TLSv1_METHOD)

806

context.set_passwd_cb(passphraseCallback)

807

# This shall succeed because the truncated result is the correct

808

# passphrase.

809

context.use_privatekey_file(pemFile)

810

811

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

812

def test_set_info_callback(self):

813

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

814

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

815

when certain information about an SSL connection is available.

816

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

817

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

818

819

clientSSL = Connection(Context(TLSv1_METHOD), client)

820

clientSSL.set_connect_state()

821

822

called = []

823

def info(conn, where, ret):

824

called.append((conn, where, ret))

825

context = Context(TLSv1_METHOD)

826

context.set_info_callback(info)

827

context.use_certificate(

828

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

829

context.use_privatekey(

830

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

831

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

832

serverSSL = Connection(context, server)

833

serverSSL.set_accept_state()

834

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

835

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

836

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

837

# The callback must always be called with a Connection instance as the

838

# first argument. It would probably be better to split this into

839

# separate tests for client and server side info callbacks so we could

840

# assert it is called with the right Connection instance. It would

841

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

842

notConnections = [

843

conn for (conn, where, ret) in called

844

if not isinstance(conn, Connection)]

845

self.assertEqual(

846

[], notConnections,

847

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

848

849

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

850

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

851

"""

852

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

853

its :py:obj:`load_verify_locations` method with the given arguments.

854

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

855

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

856

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

857

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

858

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

859

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

860

# Require that the server certificate verify properly or the

861

# connection will fail.

862

clientContext.set_verify(

863

VERIFY_PEER,

864

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

865

866

clientSSL = Connection(clientContext, client)

867

clientSSL.set_connect_state()

868

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

869

serverContext = Context(TLSv1_METHOD)

870

serverContext.use_certificate(

871

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

872

serverContext.use_privatekey(

873

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

874

875

serverSSL = Connection(serverContext, server)

876

serverSSL.set_accept_state()

877

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

878

# Without load_verify_locations above, the handshake

879

# will fail:

880

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

881

# 'certificate verify failed')]

882

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

883

884

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

885

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

886

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

887

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

888

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

889

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

890

Verify that if path to a file containing a certificate is passed to

891

``Context.load_verify_locations`` for the ``cafile`` parameter, that

892

certificate is used as a trust root for the purposes of verifying

893

connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

894

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

895

fObj = open(cafile, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

896

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

897

fObj.close()

898

899

self._load_verify_locations_test(cafile)

900

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

901

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

902

def test_load_verify_bytes_cafile(self):

903

"""

904

:py:obj:`Context.load_verify_locations` accepts a file name as a

905

``bytes`` instance and uses the certificates within for verification

906

purposes.

907

"""

908

cafile = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

909

self._load_verify_cafile(cafile)

910

911

912

def test_load_verify_unicode_cafile(self):

913

"""

914

:py:obj:`Context.load_verify_locations` accepts a file name as a

915

``unicode`` instance and uses the certificates within for verification

916

purposes.

917

"""

918

cafile = self.mktemp() + NON_ASCII

919

self._load_verify_cafile(cafile)

920

921

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

922

def test_load_verify_invalid_file(self):

923

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

924

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

925

non-existent cafile.

926

"""

927

clientContext = Context(TLSv1_METHOD)

928

self.assertRaises(

929

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

930

931

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

932

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

933

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

934

Verify that if path to a directory containing certificate files is

935

passed to ``Context.load_verify_locations`` for the ``capath``

936

parameter, those certificates are used as trust roots for the purposes

937

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

938

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

939

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

940

# Hash values computed manually with c_rehash to avoid depending on

941

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

942

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

943

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

944

cafile = join(capath, name)

945

fObj = open(cafile, 'w')

946

fObj.write(cleartextCertificatePEM.decode('ascii'))

947

fObj.close()

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

948

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

949

self._load_verify_locations_test(None, capath)

950

951

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

952

def test_load_verify_directory_bytes_capath(self):

953

"""

954

:py:obj:`Context.load_verify_locations` accepts a directory name as a

955

``bytes`` instance and uses the certificates within for verification

956

purposes.

957

"""

958

self._load_verify_directory_locations_capath(

959

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_load_verify_directory_unicode_capath(self):

964

"""

965

:py:obj:`Context.load_verify_locations` accepts a directory name as a

966

``unicode`` instance and uses the certificates within for verification

967

purposes.

968

"""

969

self._load_verify_directory_locations_capath(self.mktemp() + NON_ASCII)

970

971

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

972

def test_load_verify_locations_wrong_args(self):

973

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

974

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

975

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

976

"""

977

context = Context(TLSv1_METHOD)

978

self.assertRaises(TypeError, context.load_verify_locations)

979

self.assertRaises(TypeError, context.load_verify_locations, object())

980

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

981

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

982

983

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

984

if platform == "win32":

985

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

986

"See LP#404343 and LP#404344."

987

else:

988

def test_set_default_verify_paths(self):

989

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

990

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

991

certificate locations to be used for verification purposes.

992

"""

993

# Testing this requires a server with a certificate signed by one of

994

# the CAs in the platform CA location. Getting one of those costs

995

# money. Fortunately (or unfortunately, depending on your

996

# perspective), it's easy to think of a public server on the

997

# internet which has such a certificate. Connecting to the network

998

# in a unit test is bad, but it's the only way I can think of to

999

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1000

Alex Gaynor

b586da3

2014-11-15 09:22:21 -0800

[diff] [blame]

1001

# Arg, verisign.com doesn't speak anything newer than TLS 1.0

1002

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1003

context.set_default_verify_paths()

1004

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

1005

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1006

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1007

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1008

client = socket()

1009

client.connect(('verisign.com', 443))

1010

clientSSL = Connection(context, client)

1011

clientSSL.set_connect_state()

1012

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1013

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1014

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1015

1016

1017

def test_set_default_verify_paths_signature(self):

1018

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1019

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

1020

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1021

"""

1022

context = Context(TLSv1_METHOD)

1023

self.assertRaises(TypeError, context.set_default_verify_paths, None)

1024

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

1025

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1026

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1027

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1028

def test_add_extra_chain_cert_invalid_cert(self):

1029

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1030

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1031

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1032

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1033

"""

1034

context = Context(TLSv1_METHOD)

1035

self.assertRaises(TypeError, context.add_extra_chain_cert)

1036

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

1037

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

1038

1039

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1040

def _handshake_test(self, serverContext, clientContext):

1041

"""

1042

Verify that a client and server created with the given contexts can

1043

successfully handshake and communicate.

1044

"""

1045

serverSocket, clientSocket = socket_pair()

1046

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1047

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1048

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1049

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1050

client = Connection(clientContext, clientSocket)

1051

client.set_connect_state()

1052

1053

# Make them talk to each other.

1054

# self._interactInMemory(client, server)

1055

for i in range(3):

1056

for s in [client, server]:

1057

try:

1058

s.do_handshake()

1059

except WantReadError:

pass

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1063

def test_set_verify_callback_connection_argument(self):

1064

"""

1065

The first argument passed to the verify callback is the

1066

:py:class:`Connection` instance for which verification is taking place.

1067

"""

1068

serverContext = Context(TLSv1_METHOD)

1069

serverContext.use_privatekey(

1070

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1071

serverContext.use_certificate(

1072

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1073

serverConnection = Connection(serverContext, None)

1074

1075

class VerifyCallback(object):

1076

def callback(self, connection, *args):

1077

self.connection = connection

1078

return 1

1079

1080

verify = VerifyCallback()

1081

clientContext = Context(TLSv1_METHOD)

1082

clientContext.set_verify(VERIFY_PEER, verify.callback)

1083

clientConnection = Connection(clientContext, None)

1084

clientConnection.set_connect_state()

1085

1086

self._handshakeInMemory(clientConnection, serverConnection)

1087

1088

self.assertIdentical(verify.connection, clientConnection)

1089

1090

Jean-Paul Calderone

7e166fe

2013-03-06 20:54:38 -0800

[diff] [blame]

1091

def test_set_verify_callback_exception(self):

1092

"""

1093

If the verify callback passed to :py:obj:`Context.set_verify` raises an

1094

exception, verification fails and the exception is propagated to the

1095

caller of :py:obj:`Connection.do_handshake`.

1096

"""

1097

serverContext = Context(TLSv1_METHOD)

1098

serverContext.use_privatekey(

1099

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1100

serverContext.use_certificate(

1101

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1102

1103

clientContext = Context(TLSv1_METHOD)

1104

def verify_callback(*args):

1105

raise Exception("silly verify failure")

1106

clientContext.set_verify(VERIFY_PEER, verify_callback)

1107

1108

exc = self.assertRaises(

1109

Exception, self._handshake_test, serverContext, clientContext)

1110

self.assertEqual("silly verify failure", str(exc))

1111

1112

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1113

def test_add_extra_chain_cert(self):

1114

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1115

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509` instance to add to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1116

the certificate chain.

1117

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1118

See :py:obj:`_create_certificate_chain` for the details of the certificate

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1119

chain tested.

1120

1121

The chain is tested by starting a server with scert and connecting

1122

to it with a client which trusts cacert and requires verification to

1123

succeed.

1124

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1125

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1126

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1127

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1128

# Dump the CA certificate to a file because that's the only way to load

1129

# it as a trusted CA in the client context.

1130

for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1131

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1132

fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1133

fObj.close()

1134

1135

for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1136

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1137

fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1138

fObj.close()

1139

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1140

# Create the server context

1141

serverContext = Context(TLSv1_METHOD)

1142

serverContext.use_privatekey(skey)

1143

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1144

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1145

serverContext.add_extra_chain_cert(icert)

1146

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1147

# Create the client

1148

clientContext = Context(TLSv1_METHOD)

1149

clientContext.set_verify(

1150

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1151

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1152

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1153

# Try it out.

1154

self._handshake_test(serverContext, clientContext)

1155

1156

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1157

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1158

"""

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1159

Verify that :py:obj:`Context.use_certificate_chain_file` reads a

1160

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1161

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1162

The chain is tested by starting a server with scert and connecting to

1163

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1164

succeed.

1165

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1166

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1167

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1168

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1169

makedirs(certdir)

1170

1171

if isinstance(certdir, binary_type):

1172

chainFile = join(certdir, b("chain.pem"))

1173

caFile = join(certdir, b("ca.pem"))

1174

else:

1175

chainFile = join(certdir, u"chain.pem")

1176

caFile = join(certdir, u"ca.pem")

1177

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1178

# Write out the chain file.

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1179

with open(chainFile, 'wb') as fObj:

1180

# Most specific to least general.

1181

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1182

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1183

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1184

1185

with open(caFile, 'w') as fObj:

1186

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1187

1188

serverContext = Context(TLSv1_METHOD)

1189

serverContext.use_certificate_chain_file(chainFile)

1190

serverContext.use_privatekey(skey)

1191

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1192

clientContext = Context(TLSv1_METHOD)

1193

clientContext.set_verify(

1194

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1195

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1196

1197

self._handshake_test(serverContext, clientContext)

1198

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1199

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1200

def test_use_certificate_chain_file_bytes(self):

1201

"""

1202

``Context.use_certificate_chain_file`` accepts the name of a file (as

1203

an instance of ``bytes``) to specify additional certificates to use to

1204

construct and verify a trust chain.

1205

"""

1206

self._use_certificate_chain_file_test(

1207

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_use_certificate_chain_file_unicode(self):

1212

"""

1213

``Context.use_certificate_chain_file`` accepts the name of a file (as

1214

an instance of ``unicode``) to specify additional certificates to use

1215

to construct and verify a trust chain.

1216

"""

1217

self._use_certificate_chain_file_test(

1218

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

)

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1222

def test_use_certificate_chain_file_wrong_args(self):

1223

"""

1224

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1225

if passed zero or more than one argument or when passed a non-byte

1226

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1227

passed a bad chain file name (for example, the name of a file which does

1228

not exist).

1229

"""

1230

context = Context(TLSv1_METHOD)

1231

self.assertRaises(TypeError, context.use_certificate_chain_file)

1232

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1233

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1234

1235

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1236

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1237

# XXX load_client_ca

1238

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1239

1240

def test_get_verify_mode_wrong_args(self):

1241

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1242

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1243

arguments.

1244

"""

1245

context = Context(TLSv1_METHOD)

1246

self.assertRaises(TypeError, context.get_verify_mode, None)

1247

1248

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1249

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1250

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1251

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1252

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1253

"""

1254

context = Context(TLSv1_METHOD)

1255

self.assertEquals(context.get_verify_mode(), 0)

1256

context.set_verify(

1257

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1258

self.assertEquals(

1259

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1260

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1261

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1262

if not PY3:

1263

def test_set_verify_mode_long(self):

1264

"""

1265

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1266

type :py:obj:`long` as well as :py:obj:`int`.

1267

"""

1268

context = Context(TLSv1_METHOD)

1269

self.assertEquals(context.get_verify_mode(), 0)

1270

context.set_verify(

1271

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1272

self.assertEquals(

1273

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1274

1275

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1276

def test_load_tmp_dh_wrong_args(self):

1277

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1278

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1279

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1280

"""

1281

context = Context(TLSv1_METHOD)

1282

self.assertRaises(TypeError, context.load_tmp_dh)

1283

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1284

self.assertRaises(TypeError, context.load_tmp_dh, object())

1285

1286

1287

def test_load_tmp_dh_missing_file(self):

1288

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1289

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1290

does not exist.

1291

"""

1292

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1293

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1294

1295

1296

def test_load_tmp_dh(self):

1297

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1298

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1299

specified file.

1300

"""

1301

context = Context(TLSv1_METHOD)

1302

dhfilename = self.mktemp()

1303

dhfile = open(dhfilename, "w")

1304

dhfile.write(dhparam)

1305

dhfile.close()

1306

context.load_tmp_dh(dhfilename)

1307

# XXX What should I assert here? -exarkun

1308

1309

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1310

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1311

"""

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1312

:py:obj:`Context.set_tmp_ecdh` sets the elliptic curve for

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1313

Diffie-Hellman to the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1314

"""

1315

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1316

for curve in get_elliptic_curves():

1317

# The only easily "assertable" thing is that it does not raise an

1318

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1319

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1320

1321

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1322

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1323

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1324

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1325

ciphers which connections created with the context object will be able

1326

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1327

"""

1328

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1329

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1330

conn = Connection(context, None)

1331

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1332

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1333

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1334

def test_set_cipher_list_text(self):

1335

"""

1336

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1337

the ciphers which connections created with the context object will be

1338

able to choose from.

1339

"""

1340

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1341

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1342

conn = Connection(context, None)

1343

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1344

1345

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1346

def test_set_cipher_list_wrong_args(self):

1347

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1348

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1349

passed zero arguments or more than one argument or when passed a

1350

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1351

passed an incorrect cipher list string.

1352

"""

1353

context = Context(TLSv1_METHOD)

1354

self.assertRaises(TypeError, context.set_cipher_list)

1355

self.assertRaises(TypeError, context.set_cipher_list, object())

1356

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1357

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1358

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1359

1360

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1361

def test_set_session_cache_mode_wrong_args(self):

1362

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1363

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1364

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1365

"""

1366

context = Context(TLSv1_METHOD)

1367

self.assertRaises(TypeError, context.set_session_cache_mode)

1368

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1369

1370

1371

def test_get_session_cache_mode_wrong_args(self):

1372

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1373

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1374

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1375

"""

1376

context = Context(TLSv1_METHOD)

1377

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1378

1379

1380

def test_session_cache_mode(self):

1381

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1382

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1383

cached. The setting can be retrieved via

1384

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1385

"""

1386

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1387

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1388

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1389

self.assertEqual(SESS_CACHE_OFF, off)

1390

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1391

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1392

if not PY3:

1393

def test_session_cache_mode_long(self):

1394

"""

1395

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1396

of type :py:obj:`long` as well as :py:obj:`int`.

1397

"""

1398

context = Context(TLSv1_METHOD)

1399

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1400

self.assertEqual(

1401

SESS_CACHE_BOTH, context.get_session_cache_mode())

1402

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1403

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1404

def test_get_cert_store(self):

1405

"""

1406

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1407

"""

1408

context = Context(TLSv1_METHOD)

1409

store = context.get_cert_store()

1410

self.assertIsInstance(store, X509Store)

1411

1412

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1413

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1414

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1415

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1416

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1417

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1418

"""

1419

def test_wrong_args(self):

1420

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1421

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1422

with other than one argument.

1423

"""

1424

context = Context(TLSv1_METHOD)

1425

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1426

self.assertRaises(

1427

TypeError, context.set_tlsext_servername_callback, 1, 2)

1428

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1429

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1430

def test_old_callback_forgotten(self):

1431

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1432

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1433

callback, the one it replaces is dereferenced.

1434

"""

1435

def callback(connection):

1436

pass

1437

1438

def replacement(connection):

1439

pass

1440

1441

context = Context(TLSv1_METHOD)

1442

context.set_tlsext_servername_callback(callback)

1443

1444

tracker = ref(callback)

1445

del callback

1446

1447

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1448

1449

# One run of the garbage collector happens to work on CPython. PyPy

1450

# doesn't collect the underlying object until a second run for whatever

1451

# reason. That's fine, it still demonstrates our code has properly

1452

# dropped the reference.

1453

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1454

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1455

1456

callback = tracker()

1457

if callback is not None:

1458

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1459

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1460

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1461

1462

1463

def test_no_servername(self):

1464

"""

1465

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1466

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1467

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1468

"""

1469

args = []

1470

def servername(conn):

1471

args.append((conn, conn.get_servername()))

1472

context = Context(TLSv1_METHOD)

1473

context.set_tlsext_servername_callback(servername)

1474

1475

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1481

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1482

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1483

1484

# Do a little connection to trigger the logic

1485

server = Connection(context, None)

1486

server.set_accept_state()

1487

1488

client = Connection(Context(TLSv1_METHOD), None)

1489

client.set_connect_state()

1490

1491

self._interactInMemory(server, client)

1492

1493

self.assertEqual([(server, None)], args)

1494

1495

1496

def test_servername(self):

1497

"""

1498

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1499

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1500

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1501

"""

1502

args = []

1503

def servername(conn):

1504

args.append((conn, conn.get_servername()))

1505

context = Context(TLSv1_METHOD)

1506

context.set_tlsext_servername_callback(servername)

1507

1508

# Necessary to actually accept the connection

1509

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1510

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1511

1512

# Do a little connection to trigger the logic

1513

server = Connection(context, None)

1514

server.set_accept_state()

1515

1516

client = Connection(Context(TLSv1_METHOD), None)

1517

client.set_connect_state()

1518

client.set_tlsext_host_name(b("foo1.example.com"))

1519

1520

self._interactInMemory(server, client)

1521

1522

self.assertEqual([(server, b("foo1.example.com"))], args)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

1526

class SessionTests(TestCase):

1527

"""

1528

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1529

"""

1530

def test_construction(self):

1531

"""

1532

:py:class:`Session` can be constructed with no arguments, creating a new

1533

instance of that type.

1534

"""

1535

new_session = Session()

1536

self.assertTrue(isinstance(new_session, Session))

1537

1538

1539

def test_construction_wrong_args(self):

1540

"""

1541

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

1542

is raised.

1543

"""

1544

self.assertRaises(TypeError, Session, 123)

1545

self.assertRaises(TypeError, Session, "hello")

1546

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1550

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1551

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1552

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1553

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1554

# XXX get_peer_certificate -> None

1555

# XXX sock_shutdown

1556

# XXX master_key -> TypeError

1557

# XXX server_random -> TypeError

1558

# XXX state_string

1559

# XXX connect -> TypeError

1560

# XXX connect_ex -> TypeError

1561

# XXX set_connect_state -> TypeError

1562

# XXX set_accept_state -> TypeError

1563

# XXX renegotiate_pending

1564

# XXX do_handshake -> TypeError

1565

# XXX bio_read -> TypeError

1566

# XXX recv -> TypeError

1567

# XXX send -> TypeError

1568

# XXX bio_write -> TypeError

1569

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1570

def test_type(self):

1571

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1572

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1573

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1574

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1575

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1576

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1577

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1578

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1579

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1580

def test_get_context(self):

1581

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1582

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

1583

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1584

"""

1585

context = Context(TLSv1_METHOD)

1586

connection = Connection(context, None)

1587

self.assertIdentical(connection.get_context(), context)

1588

1589

1590

def test_get_context_wrong_args(self):

1591

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1592

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1593

arguments.

1594

"""

1595

connection = Connection(Context(TLSv1_METHOD), None)

1596

self.assertRaises(TypeError, connection.get_context, None)

1597

1598

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1599

def test_set_context_wrong_args(self):

1600

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1601

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

1602

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1603

than 1.

1604

"""

1605

ctx = Context(TLSv1_METHOD)

1606

connection = Connection(ctx, None)

1607

self.assertRaises(TypeError, connection.set_context)

1608

self.assertRaises(TypeError, connection.set_context, object())

1609

self.assertRaises(TypeError, connection.set_context, "hello")

1610

self.assertRaises(TypeError, connection.set_context, 1)

1611

self.assertRaises(TypeError, connection.set_context, 1, 2)

1612

self.assertRaises(

1613

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

1614

self.assertIdentical(ctx, connection.get_context())

1615

1616

1617

def test_set_context(self):

1618

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1619

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1620

for the connection.

1621

"""

1622

original = Context(SSLv23_METHOD)

1623

replacement = Context(TLSv1_METHOD)

1624

connection = Connection(original, None)

1625

connection.set_context(replacement)

1626

self.assertIdentical(replacement, connection.get_context())

1627

# Lose our references to the contexts, just in case the Connection isn't

1628

# properly managing its own contributions to their reference counts.

1629

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

1634

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1635

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1636

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1637

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1638

"""

1639

conn = Connection(Context(TLSv1_METHOD), None)

1640

self.assertRaises(TypeError, conn.set_tlsext_host_name)

1641

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

1642

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

1643

self.assertRaises(

1644

TypeError, conn.set_tlsext_host_name, b("with\0null"))

1645

1646

if version_info >= (3,):

1647

# On Python 3.x, don't accidentally implicitly convert from text.

1648

self.assertRaises(

1649

TypeError,

1650

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1651

1652

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1653

def test_get_servername_wrong_args(self):

1654

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1655

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1656

arguments.

1657

"""

1658

connection = Connection(Context(TLSv1_METHOD), None)

1659

self.assertRaises(TypeError, connection.get_servername, object())

1660

self.assertRaises(TypeError, connection.get_servername, 1)

1661

self.assertRaises(TypeError, connection.get_servername, "hello")

1662

1663

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1664

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1665

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1666

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1667

immediate read.

1668

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1669

connection = Connection(Context(TLSv1_METHOD), None)

1670

self.assertEquals(connection.pending(), 0)

1671

1672

1673

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1674

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1675

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1676

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1677

connection = Connection(Context(TLSv1_METHOD), None)

1678

self.assertRaises(TypeError, connection.pending, None)

1679

1680

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1681

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1682

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1683

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1684

argument or with the wrong number of arguments.

1685

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1686

connection = Connection(Context(TLSv1_METHOD), socket())

1687

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1688

self.assertRaises(TypeError, connection.connect)

1689

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1690

1691

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1692

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1693

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1694

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1695

connect method raises it.

1696

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1697

client = socket()

1698

context = Context(TLSv1_METHOD)

1699

clientSSL = Connection(context, client)

1700

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

1701

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1702

1703

1704

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1705

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1706

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1707

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1713

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

1714

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1715

1716

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1717

if platform == "darwin":

1718

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

1719

else:

1720

def test_connect_ex(self):

1721

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1722

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1723

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1728

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1729

clientSSL = Connection(Context(TLSv1_METHOD), socket())

1730

clientSSL.setblocking(False)

1731

result = clientSSL.connect_ex(port.getsockname())

1732

expected = (EINPROGRESS, EWOULDBLOCK)

1733

self.assertTrue(

1734

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1735

1736

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1737

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1738

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1739

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1740

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1741

connection = Connection(Context(TLSv1_METHOD), socket())

1742

self.assertRaises(TypeError, connection.accept, None)

1743

1744

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1745

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1746

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1747

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

1748

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1749

connection originated from.

1750

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1751

ctx = Context(TLSv1_METHOD)

1752

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1753

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1754

port = socket()

1755

portSSL = Connection(ctx, port)

1756

portSSL.bind(('', 0))

1757

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1758

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1759

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1760

1761

# Calling portSSL.getsockname() here to get the server IP address sounds

1762

# great, but frequently fails on Windows.

1763

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1764

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1765

serverSSL, address = portSSL.accept()

1766

1767

self.assertTrue(isinstance(serverSSL, Connection))

1768

self.assertIdentical(serverSSL.get_context(), ctx)

1769

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1770

1771

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1772

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1773

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1774

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1775

number of arguments or with arguments other than integers.

1776

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1777

connection = Connection(Context(TLSv1_METHOD), None)

1778

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

1779

self.assertRaises(TypeError, connection.get_shutdown, None)

1780

self.assertRaises(TypeError, connection.set_shutdown)

1781

self.assertRaises(TypeError, connection.set_shutdown, None)

1782

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1783

1784

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1785

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1786

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1787

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1788

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1789

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1790

self.assertFalse(server.shutdown())

1791

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1792

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1793

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

1794

client.shutdown()

1795

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

1796

self.assertRaises(ZeroReturnError, server.recv, 1024)

1797

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1798

1799

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1800

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1801

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1802

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1803

process.

1804

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1805

connection = Connection(Context(TLSv1_METHOD), socket())

1806

connection.set_shutdown(RECEIVED_SHUTDOWN)

1807

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1808

1809

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

1810

if not PY3:

1811

def test_set_shutdown_long(self):

1812

"""

1813

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

1814

of type :py:obj:`long` as well as :py:obj:`int`.

1815

"""

1816

connection = Connection(Context(TLSv1_METHOD), socket())

1817

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

1818

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1819

1820

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1821

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1822

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1823

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

1824

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1825

with any arguments.

1826

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1827

conn = Connection(Context(TLSv1_METHOD), None)

1828

self.assertRaises(TypeError, conn.get_app_data, None)

1829

self.assertRaises(TypeError, conn.set_app_data)

1830

self.assertRaises(TypeError, conn.set_app_data, None, None)

1831

1832

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1833

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1834

"""

1835

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1836

:py:obj:`Connection.set_app_data` and later retrieved with

1837

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1838

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1839

conn = Connection(Context(TLSv1_METHOD), None)

1840

app_data = object()

1841

conn.set_app_data(app_data)

1842

self.assertIdentical(conn.get_app_data(), app_data)

1843

1844

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1845

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1846

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1847

:py:obj:`Connection.makefile` is not implemented and calling that method raises

1848

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1849

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1850

conn = Connection(Context(TLSv1_METHOD), None)

1851

self.assertRaises(NotImplementedError, conn.makefile)

1852

1853

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1854

def test_get_peer_cert_chain_wrong_args(self):

1855

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1856

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1857

arguments.

1858

"""

1859

conn = Connection(Context(TLSv1_METHOD), None)

1860

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

1861

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

1862

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

1863

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

1864

1865

1866

def test_get_peer_cert_chain(self):

1867

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1868

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1869

the connected server returned for the certification verification.

1870

"""

1871

chain = _create_certificate_chain()

1872

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1873

1874

serverContext = Context(TLSv1_METHOD)

1875

serverContext.use_privatekey(skey)

1876

serverContext.use_certificate(scert)

1877

serverContext.add_extra_chain_cert(icert)

1878

serverContext.add_extra_chain_cert(cacert)

1879

server = Connection(serverContext, None)

1880

server.set_accept_state()

1881

1882

# Create the client

1883

clientContext = Context(TLSv1_METHOD)

1884

clientContext.set_verify(VERIFY_NONE, verify_cb)

1885

client = Connection(clientContext, None)

1886

client.set_connect_state()

1887

1888

self._interactInMemory(client, server)

1889

1890

chain = client.get_peer_cert_chain()

1891

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1892

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1893

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1894

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1895

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1896

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1897

"Authority Certificate", chain[2].get_subject().CN)

1898

1899

1900

def test_get_peer_cert_chain_none(self):

1901

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1902

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1903

certificate chain.

1904

"""

1905

ctx = Context(TLSv1_METHOD)

1906

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1907

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1908

server = Connection(ctx, None)

1909

server.set_accept_state()

1910

client = Connection(Context(TLSv1_METHOD), None)

1911

client.set_connect_state()

1912

self._interactInMemory(client, server)

1913

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1914

1915

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1916

def test_get_session_wrong_args(self):

1917

"""

1918

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

1919

with any arguments.

1920

"""

1921

ctx = Context(TLSv1_METHOD)

1922

server = Connection(ctx, None)

1923

self.assertRaises(TypeError, server.get_session, 123)

1924

self.assertRaises(TypeError, server.get_session, "hello")

1925

self.assertRaises(TypeError, server.get_session, object())

1926

1927

1928

def test_get_session_unconnected(self):

1929

"""

1930

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

1931

an object which has not been connected.

1932

"""

1933

ctx = Context(TLSv1_METHOD)

1934

server = Connection(ctx, None)

1935

session = server.get_session()

1936

self.assertIdentical(None, session)

1937

1938

1939

def test_server_get_session(self):

1940

"""

1941

On the server side of a connection, :py:obj:`Connection.get_session`

1942

returns a :py:class:`Session` instance representing the SSL session for

1943

that connection.

1944

"""

1945

server, client = self._loopback()

1946

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1947

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1948

1949

1950

def test_client_get_session(self):

1951

"""

1952

On the client side of a connection, :py:obj:`Connection.get_session`

1953

returns a :py:class:`Session` instance representing the SSL session for

1954

that connection.

1955

"""

1956

server, client = self._loopback()

1957

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1958

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1959

1960

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

1961

def test_set_session_wrong_args(self):

1962

"""

1963

If called with an object that is not an instance of :py:class:`Session`,

1964

or with other than one argument, :py:obj:`Connection.set_session` raises

1965

:py:obj:`TypeError`.

1966

"""

1967

ctx = Context(TLSv1_METHOD)

1968

connection = Connection(ctx, None)

1969

self.assertRaises(TypeError, connection.set_session)

1970

self.assertRaises(TypeError, connection.set_session, 123)

1971

self.assertRaises(TypeError, connection.set_session, "hello")

1972

self.assertRaises(TypeError, connection.set_session, object())

1973

self.assertRaises(

1974

TypeError, connection.set_session, Session(), Session())

1975

1976

1977

def test_client_set_session(self):

1978

"""

1979

:py:obj:`Connection.set_session`, when used prior to a connection being

1980

established, accepts a :py:class:`Session` instance and causes an

1981

attempt to re-use the session it represents when the SSL handshake is

1982

performed.

1983

"""

1984

key = load_privatekey(FILETYPE_PEM, server_key_pem)

1985

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

1986

ctx = Context(TLSv1_METHOD)

1987

ctx.use_privatekey(key)

1988

ctx.use_certificate(cert)

1989

ctx.set_session_id("unity-test")

1990

1991

def makeServer(socket):

1992

server = Connection(ctx, socket)

1993

server.set_accept_state()

1994

return server

1995

1996

originalServer, originalClient = self._loopback(

1997

serverFactory=makeServer)

1998

originalSession = originalClient.get_session()

1999

2000

def makeClient(socket):

2001

client = self._loopbackClientFactory(socket)

2002

client.set_session(originalSession)

2003

return client

2004

resumedServer, resumedClient = self._loopback(

2005

serverFactory=makeServer,

2006

clientFactory=makeClient)

2007

2008

# This is a proxy: in general, we have no access to any unique

2009

# identifier for the session (new enough versions of OpenSSL expose a

2010

# hash which could be usable, but "new enough" is very, very new).

2011

# Instead, exploit the fact that the master key is re-used if the

2012

# session is re-used. As long as the master key for the two connections

2013

# is the same, the session was re-used!

2014

self.assertEqual(

2015

originalServer.master_key(), resumedServer.master_key())

2016

2017

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2018

def test_set_session_wrong_method(self):

2019

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

2020

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

2021

instance associated with a context using a different SSL method than the

2022

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

2023

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2024

"""

2025

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2026

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2027

ctx = Context(TLSv1_METHOD)

2028

ctx.use_privatekey(key)

2029

ctx.use_certificate(cert)

2030

ctx.set_session_id("unity-test")

2031

2032

def makeServer(socket):

2033

server = Connection(ctx, socket)

2034

server.set_accept_state()

2035

return server

2036

2037

originalServer, originalClient = self._loopback(

2038

serverFactory=makeServer)

2039

originalSession = originalClient.get_session()

2040

2041

def makeClient(socket):

2042

# Intentionally use a different, incompatible method here.

2043

client = Connection(Context(SSLv3_METHOD), socket)

2044

client.set_connect_state()

2045

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

2051

2052

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2053

def test_wantWriteError(self):

2054

"""

2055

:py:obj:`Connection` methods which generate output raise

2056

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

2057

fail indicating a should-write state.

2058

"""

2059

client_socket, server_socket = socket_pair()

2060

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2061

# anything. Only write a single byte at a time so we can be sure we

2062

# completely fill the buffer. Even though the socket API is allowed to

2063

# signal a short write via its return value it seems this doesn't

2064

# always happen on all platforms (FreeBSD and OS X particular) for the

2065

# very last bit of available buffer space.

2066

msg = b"x"

2067

for i in range(1024 * 1024 * 4):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2068

try:

2069

client_socket.send(msg)

2070

except error as e:

2071

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

2077

2078

ctx = Context(TLSv1_METHOD)

2079

conn = Connection(ctx, client_socket)

2080

# Client's speak first, so make it an SSL client

2081

conn.set_connect_state()

2082

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2086

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2087

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2088

:py:obj:`Connection.get_finished` returns :py:obj:`None` before TLS

2089

handshake is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2090

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2091

ctx = Context(TLSv1_METHOD)

2092

connection = Connection(ctx, None)

2093

self.assertEqual(connection.get_finished(), None)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2094

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2095

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2096

def test_get_peer_finished_before_connect(self):

2097

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2098

:py:obj:`Connection.get_peer_finished` returns :py:obj:`None` before

2099

TLS handshake is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2100

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2101

ctx = Context(TLSv1_METHOD)

2102

connection = Connection(ctx, None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2103

self.assertEqual(connection.get_peer_finished(), None)

2104

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2105

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2106

def test_get_finished(self):

2107

"""

2108

:py:obj:`Connection.get_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2109

message send from client, or server. Finished messages are send during

2110

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2111

"""

2112

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2113

server, client = self._loopback()

2114

2115

self.assertNotEqual(server.get_finished(), None)

2116

self.assertTrue(len(server.get_finished()) > 0)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2117

Jean-Paul Calderone

d979f23

2014-03-30 11:58:00 -0400

[diff] [blame]

2118

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2119

def test_get_peer_finished(self):

2120

"""

2121

:py:obj:`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2122

message received from client, or server. Finished messages are send

2123

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2124

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2125

server, client = self._loopback()

2126

2127

self.assertNotEqual(server.get_peer_finished(), None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2128

self.assertTrue(len(server.get_peer_finished()) > 0)

2129

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2130

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2131

def test_tls_finished_message_symmetry(self):

2132

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2133

The TLS Finished message send by server must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2134

received by client.

2135

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2136

The TLS Finished message send by client must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2137

received by server.

2138

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2139

server, client = self._loopback()

2140

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2141

self.assertEqual(server.get_finished(), client.get_peer_finished())

2142

self.assertEqual(client.get_finished(), server.get_peer_finished())

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2143

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2144

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2145

def test_get_cipher_name_before_connect(self):

2146

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2147

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None` if no

2148

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2149

"""

2150

ctx = Context(TLSv1_METHOD)

2151

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2152

self.assertIdentical(conn.get_cipher_name(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2153

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2154

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2155

def test_get_cipher_name(self):

2156

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2157

:py:obj:`Connection.get_cipher_name` returns a :py:class:`unicode`

2158

string giving the name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2159

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2160

server, client = self._loopback()

2161

server_cipher_name, client_cipher_name = \

2162

server.get_cipher_name(), client.get_cipher_name()

2163

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2164

self.assertIsInstance(server_cipher_name, text_type)

2165

self.assertIsInstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2166

2167

self.assertEqual(server_cipher_name, client_cipher_name)

2168

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2169

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2170

def test_get_cipher_version_before_connect(self):

2171

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2172

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None` if no

2173

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2174

"""

2175

ctx = Context(TLSv1_METHOD)

2176

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2177

self.assertIdentical(conn.get_cipher_version(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2178

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2179

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2180

def test_get_cipher_version(self):

2181

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2182

:py:obj:`Connection.get_cipher_version` returns a :py:class:`unicode`

2183

string giving the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2184

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2185

server, client = self._loopback()

2186

server_cipher_version, client_cipher_version = \

2187

server.get_cipher_version(), client.get_cipher_version()

2188

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2189

self.assertIsInstance(server_cipher_version, text_type)

2190

self.assertIsInstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2191

2192

self.assertEqual(server_cipher_version, client_cipher_version)

2193

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2194

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2195

def test_get_cipher_bits_before_connect(self):

2196

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2197

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None` if no

2198

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2199

"""

2200

ctx = Context(TLSv1_METHOD)

2201

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2202

self.assertIdentical(conn.get_cipher_bits(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2203

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2204

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2205

def test_get_cipher_bits(self):

2206

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2207

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits

2208

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2209

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2210

server, client = self._loopback()

2211

server_cipher_bits, client_cipher_bits = \

2212

server.get_cipher_bits(), client.get_cipher_bits()

2213

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2214

self.assertIsInstance(server_cipher_bits, int)

2215

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2216

2217

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2218

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2219

2220

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2221

class ConnectionGetCipherListTests(TestCase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2222

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2223

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2224

"""

Jean-Paul Calderone

54a2bc0

2010-09-09 17:52:38 -0400

[diff] [blame]

2225

def test_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2226

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2227

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2228

arguments.

2229

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2230

connection = Connection(Context(TLSv1_METHOD), None)

2231

self.assertRaises(TypeError, connection.get_cipher_list, None)

2232

2233

2234

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2235

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2236

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2237

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2238

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2239

connection = Connection(Context(TLSv1_METHOD), None)

2240

ciphers = connection.get_cipher_list()

2241

self.assertTrue(isinstance(ciphers, list))

2242

for cipher in ciphers:

2243

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2247

class ConnectionSendTests(TestCase, _LoopbackMixin):

2248

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2249

Tests for :py:obj:`Connection.send`

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2250

"""

2251

def test_wrong_args(self):

2252

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2253

When called with arguments other than string argument for its first

2254

parameter or more than two arguments, :py:obj:`Connection.send` raises

2255

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2256

"""

2257

connection = Connection(Context(TLSv1_METHOD), None)

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2258

self.assertRaises(TypeError, connection.send)

2259

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2260

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2261

2262

2263

def test_short_bytes(self):

2264

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2265

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2266

and returns the number of bytes sent.

2267

"""

2268

server, client = self._loopback()

2269

count = server.send(b('xy'))

2270

self.assertEquals(count, 2)

2271

self.assertEquals(client.recv(2), b('xy'))

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2277

else:

2278

def test_short_memoryview(self):

2279

"""

2280

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2281

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2282

bytes sent.

2283

"""

2284

server, client = self._loopback()

2285

count = server.send(memoryview(b('xy')))

2286

self.assertEquals(count, 2)

2287

self.assertEquals(client.recv(2), b('xy'))

2288

2289

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffer without buffer"

2294

else:

2295

def test_short_buffer(self):

2296

"""

2297

When passed a buffer containing a small number of bytes,

2298

:py:obj:`Connection.send` transmits all of them and returns the number of

2299

bytes sent.

2300

"""

2301

server, client = self._loopback()

2302

count = server.send(buffer(b('xy')))

2303

self.assertEquals(count, 2)

2304

self.assertEquals(client.recv(2), b('xy'))

2305

2306

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2307

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2308

class ConnectionSendallTests(TestCase, _LoopbackMixin):

2309

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2310

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2311

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2312

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2313

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2314

When called with arguments other than a string argument for its first

2315

parameter or with more than two arguments, :py:obj:`Connection.sendall`

2316

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2317

"""

2318

connection = Connection(Context(TLSv1_METHOD), None)

2319

self.assertRaises(TypeError, connection.sendall)

2320

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2321

self.assertRaises(

2322

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2323

2324

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2325

def test_short(self):

2326

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2327

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2328

it.

2329

"""

2330

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

2331

server.sendall(b('x'))

2332

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2333

2334

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2339

else:

2340

def test_short_memoryview(self):

2341

"""

2342

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2343

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2344

"""

2345

server, client = self._loopback()

2346

server.sendall(memoryview(b('x')))

2347

self.assertEquals(client.recv(1), b('x'))

2348

2349

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffers without buffers"

2354

else:

2355

def test_short_buffers(self):

2356

"""

2357

When passed a buffer containing a small number of bytes,

2358

:py:obj:`Connection.sendall` transmits all of them.

2359

"""

2360

server, client = self._loopback()

2361

server.sendall(buffer(b('x')))

2362

self.assertEquals(client.recv(1), b('x'))

2363

2364

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2365

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2366

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2367

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2368

it even if this requires multiple calls of an underlying write function.

2369

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2370

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

2371

# Should be enough, underlying SSL_write should only do 16k at a time.

2372

# On Windows, after 32k of bytes the write will block (forever - because

2373

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

2374

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2375

server.sendall(message)

2376

accum = []

2377

received = 0

2378

while received < len(message):

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

2379

data = client.recv(1024)

2380

accum.append(data)

2381

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

2382

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2383

2384

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2385

def test_closed(self):

2386

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2387

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2388

write error from the low level write call.

2389

"""

2390

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

2391

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2392

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2393

if platform == "win32":

2394

self.assertEqual(exc.args[0], ESHUTDOWN)

2395

else:

2396

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2397

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2398

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2399

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2400

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

2401

"""

2402

Tests for SSL renegotiation APIs.

2403

"""

2404

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2405

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2406

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2407

arguments.

2408

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2409

connection = Connection(Context(TLSv1_METHOD), None)

2410

self.assertRaises(TypeError, connection.renegotiate, None)

2411

2412

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2413

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2414

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2415

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2416

any arguments.

2417

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2418

connection = Connection(Context(TLSv1_METHOD), None)

2419

self.assertRaises(TypeError, connection.total_renegotiations, None)

2420

2421

2422

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2423

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2424

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2425

renegotiations have happened.

2426

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2427

connection = Connection(Context(TLSv1_METHOD), None)

2428

self.assertEquals(connection.total_renegotiations(), 0)

2429

2430

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2431

# def test_renegotiate(self):

2432

# """

2433

# """

2434

# server, client = self._loopback()

2435

2436

# server.send("hello world")

2437

# self.assertEquals(client.recv(len("hello world")), "hello world")

2438

2439

# self.assertEquals(server.total_renegotiations(), 0)

2440

# self.assertTrue(server.renegotiate())

2441

2442

# server.setblocking(False)

2443

# client.setblocking(False)

2444

# while server.renegotiate_pending():

2445

# client.do_handshake()

2446

# server.do_handshake()

2447

2448

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2453

class ErrorTests(TestCase):

2454

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2455

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2456

"""

2457

def test_type(self):

2458

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2459

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2460

"""

2461

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2462

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2466

class ConstantsTests(TestCase):

2467

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2468

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2469

2470

These are values defined by OpenSSL intended only to be used as flags to

2471

OpenSSL APIs. The only assertions it seems can be made about them is

2472

their values.

2473

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2474

# unittest.TestCase has no skip mechanism

2475

if OP_NO_QUERY_MTU is not None:

2476

def test_op_no_query_mtu(self):

2477

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2478

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2479

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2480

"""

2481

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

2482

else:

2483

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2484

2485

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2486

if OP_COOKIE_EXCHANGE is not None:

2487

def test_op_cookie_exchange(self):

2488

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2489

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2490

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2491

"""

2492

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

2493

else:

2494

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2495

2496

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2497

if OP_NO_TICKET is not None:

2498

def test_op_no_ticket(self):

2499

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2500

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2501

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2502

"""

2503

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

2504

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2505

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

2506

2507

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2508

if OP_NO_COMPRESSION is not None:

2509

def test_op_no_compression(self):

2510

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2511

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

2512

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2513

"""

2514

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

2515

else:

2516

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

2517

2518

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2519

def test_sess_cache_off(self):

2520

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2521

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

2522

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2523

"""

2524

self.assertEqual(0x0, SESS_CACHE_OFF)

2525

2526

2527

def test_sess_cache_client(self):

2528

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2529

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

2530

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2531

"""

2532

self.assertEqual(0x1, SESS_CACHE_CLIENT)

2533

2534

2535

def test_sess_cache_server(self):

2536

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2537

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

2538

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2539

"""

2540

self.assertEqual(0x2, SESS_CACHE_SERVER)

2541

2542

2543

def test_sess_cache_both(self):

2544

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2545

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

2546

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2547

"""

2548

self.assertEqual(0x3, SESS_CACHE_BOTH)

2549

2550

2551

def test_sess_cache_no_auto_clear(self):

2552

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2553

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

2554

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

2555

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2556

"""

2557

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

2558

2559

2560

def test_sess_cache_no_internal_lookup(self):

2561

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2562

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

2563

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

2564

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2565

"""

2566

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

2567

2568

2569

def test_sess_cache_no_internal_store(self):

2570

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2571

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

2572

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

2573

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2574

"""

2575

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

2576

2577

2578

def test_sess_cache_no_internal(self):

2579

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2580

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

2581

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

2582

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2583

"""

2584

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

2585

2586

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

2587

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2588

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2589

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2590

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2591

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2592

def _server(self, sock):

2593

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2594

Create a new server-side SSL :py:obj:`Connection` object wrapped around

2595

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2596

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2597

# Create the server side Connection. This is mostly setup boilerplate

2598

# - use TLSv1, use a particular certificate, etc.

2599

server_ctx = Context(TLSv1_METHOD)

2600

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2601

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2602

server_store = server_ctx.get_cert_store()

2603

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2604

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2605

server_ctx.check_privatekey()

2606

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2607

# Here the Connection is actually created. If None is passed as the 2nd

2608

# parameter, it indicates a memory BIO should be created.

2609

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2610

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2614

def _client(self, sock):

2615

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2616

Create a new client-side SSL :py:obj:`Connection` object wrapped around

2617

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2618

"""

2619

# Now create the client side Connection. Similar boilerplate to the

2620

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2621

client_ctx = Context(TLSv1_METHOD)

2622

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2623

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2624

client_store = client_ctx.get_cert_store()

2625

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

2626

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

2627

client_ctx.check_privatekey()

2628

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2629

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2630

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2634

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2635

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2636

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2637

reading from the output of each and writing those bytes to the input of

2638

the other and in this way establish a connection and exchange

2639

application-level bytes with each other.

2640

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2641

server_conn = self._server(None)

2642

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2643

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2644

# There should be no key or nonces yet.

2645

self.assertIdentical(server_conn.master_key(), None)

2646

self.assertIdentical(server_conn.client_random(), None)

2647

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2648

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2649

# First, the handshake needs to happen. We'll deliver bytes back and

2650

# forth between the client and server until neither of them feels like

2651

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2652

self.assertIdentical(

2653

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2654

2655

# Now that the handshake is done, there should be a key and nonces.

2656

self.assertNotIdentical(server_conn.master_key(), None)

2657

self.assertNotIdentical(server_conn.client_random(), None)

2658

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

2659

self.assertEquals(server_conn.client_random(), client_conn.client_random())

2660

self.assertEquals(server_conn.server_random(), client_conn.server_random())

2661

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

2662

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2663

2664

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2665

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2666

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2667

server_conn.write(important_message)

2668

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2669

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2670

(client_conn, important_message))

2671

2672

client_conn.write(important_message[::-1])

2673

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2674

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2675

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2676

2677

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2678

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2679

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2680

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2681

2682

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2683

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2684

this test fails, there must be a problem outside the memory BIO

2685

code, as no memory BIO is involved here). Even though this isn't a

2686

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2687

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

2688

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2689

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2690

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2691

client_conn.send(important_message)

2692

msg = server_conn.recv(1024)

2693

self.assertEqual(msg, important_message)

2694

2695

# Again in the other direction, just for fun.

2696

important_message = important_message[::-1]

2697

server_conn.send(important_message)

2698

msg = client_conn.recv(1024)

2699

self.assertEqual(msg, important_message)

2700

2701

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

2702

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2703

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2704

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

2705

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2706

"""

2707

context = Context(SSLv3_METHOD)

2708

client = socket()

2709

clientSSL = Connection(context, client)

2710

self.assertRaises( TypeError, clientSSL.bio_read, 100)

2711

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

2712

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2713

2714

2715

def test_outgoingOverflow(self):

2716

"""

2717

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2718

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2719

returned and that many bytes from the beginning of the input can be

2720

read from the other end of the connection.

2721

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2722

server = self._server(None)

2723

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2724

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2725

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2726

2727

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2728

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2729

# Sanity check. We're trying to test what happens when the entire

2730

# input can't be sent. If the entire input was sent, this test is

2731

# meaningless.

2732

self.assertTrue(sent < size)

2733

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2734

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2735

self.assertIdentical(receiver, server)

2736

2737

# We can rely on all of these bytes being received at once because

2738

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

2739

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2740

2741

2742

def test_shutdown(self):

2743

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2744

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

2745

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2746

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2747

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2748

server.bio_shutdown()

2749

e = self.assertRaises(Error, server.recv, 1024)

2750

# We don't want WantReadError or ZeroReturnError or anything - it's a

2751

# handshake failure.

2752

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2753

2754

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2755

def test_unexpectedEndOfFile(self):

2756

"""

2757

If the connection is lost before an orderly SSL shutdown occurs,

2758

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

2759

"Unexpected EOF".

2760

"""

2761

server_conn, client_conn = self._loopback()

2762

client_conn.sock_shutdown(SHUT_RDWR)

2763

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

2764

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

2765

2766

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2767

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2768

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2769

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2770

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

2771

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2772

before the client and server are connected to each other. This

2773

function should specify a list of CAs for the server to send to the

2774

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2775

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2776

times.

2777

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2778

server = self._server(None)

2779

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2780

self.assertEqual(client.get_client_ca_list(), [])

2781

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2782

ctx = server.get_context()

2783

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2784

self.assertEqual(client.get_client_ca_list(), [])

2785

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2786

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2787

self.assertEqual(client.get_client_ca_list(), expected)

2788

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2789

2790

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2791

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2792

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2793

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2794

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2795

"""

2796

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2797

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

2798

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

2799

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2800

2801

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2802

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2803

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2804

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2805

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2806

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2807

after the connection is set up.

2808

"""

2809

def no_ca(ctx):

2810

ctx.set_client_ca_list([])

2811

return []

2812

self._check_client_ca_list(no_ca)

2813

2814

2815

def test_set_one_ca_list(self):

2816

"""

2817

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2818

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2819

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2820

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2821

X509Name after the connection is set up.

2822

"""

2823

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2824

cadesc = cacert.get_subject()

2825

def single_ca(ctx):

2826

ctx.set_client_ca_list([cadesc])

2827

return [cadesc]

2828

self._check_client_ca_list(single_ca)

2829

2830

2831

def test_set_multiple_ca_list(self):

2832

"""

2833

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2834

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2835

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2836

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2837

X509Names after the connection is set up.

2838

"""

2839

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2840

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2841

2842

sedesc = secert.get_subject()

2843

cldesc = clcert.get_subject()

2844

2845

def multiple_ca(ctx):

2846

L = [sedesc, cldesc]

2847

ctx.set_client_ca_list(L)

2848

return L

2849

self._check_client_ca_list(multiple_ca)

2850

2851

2852

def test_reset_ca_list(self):

2853

"""

2854

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2855

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2856

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2857

"""

2858

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2859

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2860

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2861

2862

cadesc = cacert.get_subject()

2863

sedesc = secert.get_subject()

2864

cldesc = clcert.get_subject()

2865

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2866

def changed_ca(ctx):

2867

ctx.set_client_ca_list([sedesc, cldesc])

2868

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2869

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2870

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2871

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2872

2873

def test_mutated_ca_list(self):

2874

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2875

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2876

afterwards, this does not affect the list of CA names sent to the

2877

client.

2878

"""

2879

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2880

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2881

2882

cadesc = cacert.get_subject()

2883

sedesc = secert.get_subject()

2884

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2885

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2886

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2887

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2888

L.append(sedesc)

2889

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2890

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2891

2892

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2893

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2894

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2895

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2896

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2897

"""

2898

ctx = Context(TLSv1_METHOD)

2899

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2900

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2901

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2902

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2903

2904

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2905

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2906

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2907

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2908

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2909

"""

2910

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2911

cadesc = cacert.get_subject()

2912

def single_ca(ctx):

2913

ctx.add_client_ca(cacert)

2914

return [cadesc]

2915

self._check_client_ca_list(single_ca)

2916

2917

2918

def test_multiple_add_client_ca(self):

2919

"""

2920

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2921

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2922

"""

2923

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2924

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2925

2926

cadesc = cacert.get_subject()

2927

sedesc = secert.get_subject()

2928

2929

def multiple_ca(ctx):

2930

ctx.add_client_ca(cacert)

2931

ctx.add_client_ca(secert)

2932

return [cadesc, sedesc]

2933

self._check_client_ca_list(multiple_ca)

2934

2935

2936

def test_set_and_add_client_ca(self):

2937

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2938

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

2939

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2940

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2941

"""

2942

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2943

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2944

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2945

2946

cadesc = cacert.get_subject()

2947

sedesc = secert.get_subject()

2948

cldesc = clcert.get_subject()

2949

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2950

def mixed_set_add_ca(ctx):

2951

ctx.set_client_ca_list([cadesc, sedesc])

2952

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2953

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2954

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2955

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2956

2957

def test_set_after_add_client_ca(self):

2958

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2959

A call to :py:obj:`Context.set_client_ca_list` after a call to

2960

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2961

call with the names specified by the latter cal.

2962

"""

2963

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2964

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2965

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2966

2967

cadesc = cacert.get_subject()

2968

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2969

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2970

def set_replaces_add_ca(ctx):

2971

ctx.add_client_ca(clcert)

2972

ctx.set_client_ca_list([cadesc])

2973

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2974

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2975

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2976

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2977

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2978

2979

class ConnectionBIOTests(TestCase):

2980

"""

2981

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

2982

"""

2983

def test_wantReadError(self):

2984

"""

2985

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

2986

if there are no bytes available to be read from the BIO.

2987

"""

2988

ctx = Context(TLSv1_METHOD)

2989

conn = Connection(ctx, None)

2990

self.assertRaises(WantReadError, conn.bio_read, 1024)

2991

2992

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2993

def test_buffer_size(self):

2994

"""

2995

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

2996

number of bytes to read and return.

2997

"""

2998

ctx = Context(TLSv1_METHOD)

2999

conn = Connection(ctx, None)

3000

conn.set_connect_state()

3001

try:

3002

conn.do_handshake()

3003

except WantReadError:

3004

pass

3005

data = conn.bio_read(2)

3006

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

3011

"""

3012

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

3013

:py:obj:`long` as well as :py:obj:`int`.

3014

"""

3015

ctx = Context(TLSv1_METHOD)

3016

conn = Connection(ctx, None)

3017

conn.set_connect_state()

3018

try:

3019

conn.do_handshake()

3020

except WantReadError:

3021

pass

3022

data = conn.bio_read(long(2))

3023

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3027

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

3028

class InfoConstantTests(TestCase):

3029

"""

3030

Tests for assorted constants exposed for use in info callbacks.

3031

"""

3032

def test_integers(self):

3033

"""

3034

All of the info constants are integers.

3035

3036

This is a very weak test. It would be nice to have one that actually

3037

verifies that as certain info events happen, the value passed to the

3038

info callback matches up with the constant exposed by OpenSSL.SSL.

3039

"""

3040

for const in [

3041

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

3042

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

3043

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

3044

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

3045

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

3046

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

3047

3048

self.assertTrue(isinstance(const, int))

3049

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3050

Jean-Paul Calderone