Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

5

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

8

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

9

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

10

from sys import platform, version_info

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

11

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

12

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

13

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

14

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

15

from weakref import ref

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

16

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

17

from six import PY3, text_type, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

18

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

19

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

20

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

21

from OpenSSL.crypto import dump_privatekey, load_privatekey

22

from OpenSSL.crypto import dump_certificate, load_certificate

23

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

24

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

25

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

26

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

27

from OpenSSL.SSL import (

28

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

29

TLSv1_1_METHOD, TLSv1_2_METHOD)

30

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

31

from OpenSSL.SSL import (

32

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

33

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

34

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

35

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

36

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

37

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

38

39

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

40

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

41

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

42

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

43

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

44

from OpenSSL.test.util import TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

45

from OpenSSL.test.test_crypto import (

46

cleartextCertificatePEM, cleartextPrivateKeyPEM)

47

from OpenSSL.test.test_crypto import (

48

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

49

root_cert_pem)

50

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

51

try:

52

from OpenSSL.SSL import OP_NO_QUERY_MTU

53

except ImportError:

54

OP_NO_QUERY_MTU = None

55

try:

56

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

57

except ImportError:

58

OP_COOKIE_EXCHANGE = None

59

try:

60

from OpenSSL.SSL import OP_NO_TICKET

61

except ImportError:

62

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

63

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

64

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

65

from OpenSSL.SSL import OP_NO_COMPRESSION

66

except ImportError:

67

OP_NO_COMPRESSION = None

68

69

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

70

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

71

except ImportError:

72

MODE_RELEASE_BUFFERS = None

73

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

74

try:

75

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

76

except ImportError:

77

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

78

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

79

from OpenSSL.SSL import (

80

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

81

SSL_ST_OK, SSL_ST_RENEGOTIATE,

82

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

83

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

84

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

85

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

86

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

87

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

88

# to use)

89

dhparam = """\

90

-----BEGIN DH PARAMETERS-----

91

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

92

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

96

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

97

return ok

98

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

99

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

100

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

101

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

102

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

103

"""

104

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

110

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

111

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

112

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

113

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

114

# Let's pass some unencrypted data to make sure our socket connection is

115

# fine. Just one byte, so we don't have to worry about buffers getting

116

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

117

server.send(b("x"))

118

assert client.recv(1024) == b("x")

119

client.send(b("y"))

120

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

121

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

122

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

123

server.setblocking(False)

124

client.setblocking(False)

125

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

126

return (server, client)

127

128

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

129

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

130

def handshake(client, server):

131

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

142

def _create_certificate_chain():

143

"""

144

Construct and return a chain of certificates.

145

146

1. A new self-signed certificate authority certificate (cacert)

147

2. A new intermediate certificate signed by cacert (icert)

148

3. A new server certificate signed by icert (scert)

149

"""

150

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

155

cacert = X509()

156

cacert.get_subject().commonName = "Authority Certificate"

157

cacert.set_issuer(cacert.get_subject())

158

cacert.set_pubkey(cakey)

159

cacert.set_notBefore(b("20000101000000Z"))

160

cacert.set_notAfter(b("20200101000000Z"))

161

cacert.add_extensions([caext])

162

cacert.set_serial_number(0)

163

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

168

icert = X509()

169

icert.get_subject().commonName = "Intermediate Certificate"

170

icert.set_issuer(cacert.get_subject())

171

icert.set_pubkey(ikey)

172

icert.set_notBefore(b("20000101000000Z"))

173

icert.set_notAfter(b("20200101000000Z"))

174

icert.add_extensions([caext])

175

icert.set_serial_number(0)

176

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

181

scert = X509()

182

scert.get_subject().commonName = "Server Certificate"

183

scert.set_issuer(icert.get_subject())

184

scert.set_pubkey(skey)

185

scert.set_notBefore(b("20000101000000Z"))

186

scert.set_notAfter(b("20200101000000Z"))

187

scert.add_extensions([

188

X509Extension(b('basicConstraints'), True, b('CA:false'))])

189

scert.set_serial_number(0)

190

scert.sign(ikey, "sha1")

191

192

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

196

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

197

"""

198

Helper mixin which defines methods for creating a connected socket pair and

199

for forcing two connected SSL sockets to talk to each other via memory BIOs.

200

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

201

def _loopbackClientFactory(self, socket):

202

client = Connection(Context(TLSv1_METHOD), socket)

203

client.set_connect_state()

204

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

205

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

206

207

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

208

ctx = Context(TLSv1_METHOD)

209

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

210

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

211

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

212

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

217

if serverFactory is None:

218

serverFactory = self._loopbackServerFactory

219

if clientFactory is None:

220

clientFactory = self._loopbackClientFactory

221

222

(server, client) = socket_pair()

223

server = serverFactory(server)

224

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

225

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

226

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

227

228

server.setblocking(True)

229

client.setblocking(True)

230

return server, client

231

232

233

def _interactInMemory(self, client_conn, server_conn):

234

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

235

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

236

objects. Copy bytes back and forth between their send/receive buffers

237

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

238

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

239

some application bytes, return a two-tuple of the connection from which

240

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

245

wrote = False

246

247

# Copy stuff from each side's send buffer to the other side's

248

# receive buffer.

249

for (read, write) in [(client_conn, server_conn),

250

(server_conn, client_conn)]:

251

252

# Give the side a chance to generate some more bytes, or

253

# succeed.

254

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

255

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

256

except WantReadError:

257

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

262

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

263

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

264

265

while True:

266

# Keep copying as long as there's more stuff there.

267

try:

268

dirty = read.bio_read(4096)

269

except WantReadError:

270

# Okay, nothing more waiting to be sent. Stop

271

# processing this send buffer.

272

break

273

else:

274

# Keep track of the fact that someone generated some

275

# output.

276

wrote = True

277

write.bio_write(dirty)

278

279

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame^]

280

def _handshakeInMemory(self, client_conn, server_conn):

281

client_conn.set_connect_state()

282

server_conn.set_accept_state()

283

284

for conn in [client_conn, server_conn]:

285

try:

286

conn.do_handshake()

287

except WantReadError:

288

pass

289

290

self._interactInMemory(client_conn, server_conn)

291

292

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

293

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

294

class VersionTests(TestCase):

295

"""

296

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

297

:py:obj:`OpenSSL.SSL.SSLeay_version` and

298

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

299

"""

300

def test_OPENSSL_VERSION_NUMBER(self):

301

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

302

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

303

byte and the patch, fix, minor, and major versions in the

304

nibbles above that.

305

"""

306

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

307

308

309

def test_SSLeay_version(self):

310

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

311

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

312

one of a number of version strings based on that indicator.

313

"""

314

versions = {}

315

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

316

SSLEAY_PLATFORM, SSLEAY_DIR]:

317

version = SSLeay_version(t)

318

versions[version] = t

319

self.assertTrue(isinstance(version, bytes))

320

self.assertEqual(len(versions), 5)

321

322

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

323

324

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

325

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

326

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

327

"""

328

def test_method(self):

329

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

330

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

331

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

332

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

333

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

334

methods = [

335

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

336

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

337

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

338

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

339

340

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

345

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

346

# don't. Difficult to say in advance.

347

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

348

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

349

self.assertRaises(TypeError, Context, "")

350

self.assertRaises(ValueError, Context, 10)

351

352

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

353

if not PY3:

354

def test_method_long(self):

355

"""

356

On Python 2 :py:class:`Context` accepts values of type

357

:py:obj:`long` as well as :py:obj:`int`.

358

"""

359

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

363

def test_type(self):

364

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

365

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

366

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

367

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

368

self.assertIdentical(Context, ContextType)

369

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

370

371

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

372

def test_use_privatekey(self):

373

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

374

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

375

"""

376

key = PKey()

377

key.generate_key(TYPE_RSA, 128)

378

ctx = Context(TLSv1_METHOD)

379

ctx.use_privatekey(key)

380

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

381

382

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

383

def test_use_privatekey_file_missing(self):

384

"""

385

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

386

when passed the name of a file which does not exist.

387

"""

388

ctx = Context(TLSv1_METHOD)

389

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

390

391

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

392

if not PY3:

393

def test_use_privatekey_file_long(self):

394

"""

395

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

396

filetype of type :py:obj:`long` as well as :py:obj:`int`.

397

"""

398

pemfile = self.mktemp()

399

400

key = PKey()

401

key.generate_key(TYPE_RSA, 128)

402

403

with open(pemfile, "wt") as pem:

404

pem.write(

405

dump_privatekey(FILETYPE_PEM, key).decode("ascii"))

406

407

ctx = Context(TLSv1_METHOD)

408

ctx.use_privatekey_file(pemfile, long(FILETYPE_PEM))

409

410

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

411

def test_use_certificate_wrong_args(self):

412

"""

413

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

414

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

415

argument.

416

"""

417

ctx = Context(TLSv1_METHOD)

418

self.assertRaises(TypeError, ctx.use_certificate)

419

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

420

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

421

422

423

def test_use_certificate_uninitialized(self):

424

"""

425

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

426

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

427

initialized (ie, which does not actually have any certificate data).

428

"""

429

ctx = Context(TLSv1_METHOD)

430

self.assertRaises(Error, ctx.use_certificate, X509())

431

432

433

def test_use_certificate(self):

434

"""

435

:py:obj:`Context.use_certificate` sets the certificate which will be

436

used to identify connections created using the context.

437

"""

438

# TODO

439

# Hard to assert anything. But we could set a privatekey then ask

440

# OpenSSL if the cert and key agree using check_privatekey. Then as

441

# long as check_privatekey works right we're good...

442

ctx = Context(TLSv1_METHOD)

443

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

444

445

446

def test_use_certificate_file_wrong_args(self):

447

"""

448

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

449

called with zero arguments or more than two arguments, or if the first

450

argument is not a byte string or the second argumnent is not an integer.

451

"""

452

ctx = Context(TLSv1_METHOD)

453

self.assertRaises(TypeError, ctx.use_certificate_file)

454

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

455

self.assertRaises(

456

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

457

self.assertRaises(

458

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

459

self.assertRaises(

460

TypeError, ctx.use_certificate_file, b"somefile", object())

461

462

463

def test_use_certificate_file_missing(self):

464

"""

465

:py:obj:`Context.use_certificate_file` raises

466

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

467

exist.

468

"""

469

ctx = Context(TLSv1_METHOD)

470

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

471

472

473

def test_use_certificate_file(self):

474

"""

475

:py:obj:`Context.use_certificate` sets the certificate which will be

476

used to identify connections created using the context.

477

"""

478

# TODO

479

# Hard to assert anything. But we could set a privatekey then ask

480

# OpenSSL if the cert and key agree using check_privatekey. Then as

481

# long as check_privatekey works right we're good...

482

pem_filename = self.mktemp()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

483

with open(pem_filename, "wb") as pem_file:

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

484

pem_file.write(cleartextCertificatePEM)

485

486

ctx = Context(TLSv1_METHOD)

487

ctx.use_certificate_file(pem_filename)

488

489

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

490

if not PY3:

491

def test_use_certificate_file_long(self):

492

"""

493

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

494

filetype of type :py:obj:`long` as well as :py:obj:`int`.

495

"""

496

pem_filename = self.mktemp()

497

with open(pem_filename, "wb") as pem_file:

498

pem_file.write(cleartextCertificatePEM)

499

500

ctx = Context(TLSv1_METHOD)

501

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

502

503

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

504

def test_set_app_data_wrong_args(self):

505

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

506

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

507

one argument.

508

"""

509

context = Context(TLSv1_METHOD)

510

self.assertRaises(TypeError, context.set_app_data)

511

self.assertRaises(TypeError, context.set_app_data, None, None)

512

513

514

def test_get_app_data_wrong_args(self):

515

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

516

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

517

arguments.

518

"""

519

context = Context(TLSv1_METHOD)

520

self.assertRaises(TypeError, context.get_app_data, None)

521

522

523

def test_app_data(self):

524

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

525

:py:obj:`Context.set_app_data` stores an object for later retrieval using

526

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

527

"""

528

app_data = object()

529

context = Context(TLSv1_METHOD)

530

context.set_app_data(app_data)

531

self.assertIdentical(context.get_app_data(), app_data)

532

533

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

534

def test_set_options_wrong_args(self):

535

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

536

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

537

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

538

"""

539

context = Context(TLSv1_METHOD)

540

self.assertRaises(TypeError, context.set_options)

541

self.assertRaises(TypeError, context.set_options, None)

542

self.assertRaises(TypeError, context.set_options, 1, None)

543

544

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

545

def test_set_options(self):

546

"""

547

:py:obj:`Context.set_options` returns the new options value.

548

"""

549

context = Context(TLSv1_METHOD)

550

options = context.set_options(OP_NO_SSLv2)

551

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

556

"""

557

On Python 2 :py:obj:`Context.set_options` accepts values of type

558

:py:obj:`long` as well as :py:obj:`int`.

559

"""

560

context = Context(TLSv1_METHOD)

561

options = context.set_options(long(OP_NO_SSLv2))

562

self.assertTrue(OP_NO_SSLv2 & options)

563

564

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

565

def test_set_mode_wrong_args(self):

566

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

567

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

568

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

569

"""

570

context = Context(TLSv1_METHOD)

571

self.assertRaises(TypeError, context.set_mode)

572

self.assertRaises(TypeError, context.set_mode, None)

573

self.assertRaises(TypeError, context.set_mode, 1, None)

574

575

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

576

if MODE_RELEASE_BUFFERS is not None:

577

def test_set_mode(self):

578

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

579

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

580

set mode.

581

"""

582

context = Context(TLSv1_METHOD)

583

self.assertTrue(

584

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

585

586

if not PY3:

587

def test_set_mode_long(self):

588

"""

589

On Python 2 :py:obj:`Context.set_mode` accepts values of type

590

:py:obj:`long` as well as :py:obj:`int`.

591

"""

592

context = Context(TLSv1_METHOD)

593

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

594

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

595

else:

596

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

597

598

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

599

def test_set_timeout_wrong_args(self):

600

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

601

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

602

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

603

"""

604

context = Context(TLSv1_METHOD)

605

self.assertRaises(TypeError, context.set_timeout)

606

self.assertRaises(TypeError, context.set_timeout, None)

607

self.assertRaises(TypeError, context.set_timeout, 1, None)

608

609

610

def test_get_timeout_wrong_args(self):

611

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

612

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

613

"""

614

context = Context(TLSv1_METHOD)

615

self.assertRaises(TypeError, context.get_timeout, None)

616

617

618

def test_timeout(self):

619

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

620

:py:obj:`Context.set_timeout` sets the session timeout for all connections

621

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

622

value.

623

"""

624

context = Context(TLSv1_METHOD)

625

context.set_timeout(1234)

626

self.assertEquals(context.get_timeout(), 1234)

627

628

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

629

if not PY3:

630

def test_timeout_long(self):

631

"""

632

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

633

`long` as well as int.

634

"""

635

context = Context(TLSv1_METHOD)

636

context.set_timeout(long(1234))

637

self.assertEquals(context.get_timeout(), 1234)

638

639

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

640

def test_set_verify_depth_wrong_args(self):

641

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

642

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

643

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

644

"""

645

context = Context(TLSv1_METHOD)

646

self.assertRaises(TypeError, context.set_verify_depth)

647

self.assertRaises(TypeError, context.set_verify_depth, None)

648

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

649

650

651

def test_get_verify_depth_wrong_args(self):

652

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

653

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

654

"""

655

context = Context(TLSv1_METHOD)

656

self.assertRaises(TypeError, context.get_verify_depth, None)

657

658

659

def test_verify_depth(self):

660

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

661

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

662

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

663

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

664

"""

665

context = Context(TLSv1_METHOD)

666

context.set_verify_depth(11)

667

self.assertEquals(context.get_verify_depth(), 11)

668

669

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

670

if not PY3:

671

def test_verify_depth_long(self):

672

"""

673

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

674

type `long` as well as int.

675

"""

676

context = Context(TLSv1_METHOD)

677

context.set_verify_depth(long(11))

678

self.assertEquals(context.get_verify_depth(), 11)

679

680

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

681

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

682

"""

683

Write a new private key out to a new file, encrypted using the given

684

passphrase. Return the path to the new file.

685

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

686

key = PKey()

687

key.generate_key(TYPE_RSA, 128)

688

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

689

fObj = open(pemFile, 'w')

690

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

691

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

696

def test_set_passwd_cb_wrong_args(self):

697

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

698

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

699

wrong arguments or with a non-callable first argument.

700

"""

701

context = Context(TLSv1_METHOD)

702

self.assertRaises(TypeError, context.set_passwd_cb)

703

self.assertRaises(TypeError, context.set_passwd_cb, None)

704

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

705

706

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

707

def test_set_passwd_cb(self):

708

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

709

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

710

a private key is loaded from an encrypted PEM.

711

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

712

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

713

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

714

calledWith = []

715

def passphraseCallback(maxlen, verify, extra):

716

calledWith.append((maxlen, verify, extra))

717

return passphrase

718

context = Context(TLSv1_METHOD)

719

context.set_passwd_cb(passphraseCallback)

720

context.use_privatekey_file(pemFile)

721

self.assertTrue(len(calledWith), 1)

722

self.assertTrue(isinstance(calledWith[0][0], int))

723

self.assertTrue(isinstance(calledWith[0][1], int))

724

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

725

726

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

727

def test_passwd_callback_exception(self):

728

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

729

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

730

passphrase callback.

731

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

732

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

733

def passphraseCallback(maxlen, verify, extra):

734

raise RuntimeError("Sorry, I am a fail.")

735

736

context = Context(TLSv1_METHOD)

737

context.set_passwd_cb(passphraseCallback)

738

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

739

740

741

def test_passwd_callback_false(self):

742

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

743

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

744

passphrase callback returns a false value.

745

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

746

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

747

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

748

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

749

750

context = Context(TLSv1_METHOD)

751

context.set_passwd_cb(passphraseCallback)

752

self.assertRaises(Error, context.use_privatekey_file, pemFile)

753

754

755

def test_passwd_callback_non_string(self):

756

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

757

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

758

passphrase callback returns a true non-string value.

759

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

760

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

761

def passphraseCallback(maxlen, verify, extra):

762

return 10

763

764

context = Context(TLSv1_METHOD)

765

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

766

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

767

768

769

def test_passwd_callback_too_long(self):

770

"""

771

If the passphrase returned by the passphrase callback returns a string

772

longer than the indicated maximum length, it is truncated.

773

"""

774

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

775

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

776

pemFile = self._write_encrypted_pem(passphrase)

777

def passphraseCallback(maxlen, verify, extra):

778

assert maxlen == 1024

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

779

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

780

781

context = Context(TLSv1_METHOD)

782

context.set_passwd_cb(passphraseCallback)

783

# This shall succeed because the truncated result is the correct

784

# passphrase.

785

context.use_privatekey_file(pemFile)

786

787

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

788

def test_set_info_callback(self):

789

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

790

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

791

when certain information about an SSL connection is available.

792

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

793

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

794

795

clientSSL = Connection(Context(TLSv1_METHOD), client)

796

clientSSL.set_connect_state()

797

798

called = []

799

def info(conn, where, ret):

800

called.append((conn, where, ret))

801

context = Context(TLSv1_METHOD)

802

context.set_info_callback(info)

803

context.use_certificate(

804

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

805

context.use_privatekey(

806

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

807

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

808

serverSSL = Connection(context, server)

809

serverSSL.set_accept_state()

810

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

811

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

812

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

813

# The callback must always be called with a Connection instance as the

814

# first argument. It would probably be better to split this into

815

# separate tests for client and server side info callbacks so we could

816

# assert it is called with the right Connection instance. It would

817

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

818

notConnections = [

819

conn for (conn, where, ret) in called

820

if not isinstance(conn, Connection)]

821

self.assertEqual(

822

[], notConnections,

823

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

824

825

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

826

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

827

"""

828

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

829

its :py:obj:`load_verify_locations` method with the given arguments.

830

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

831

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

832

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

833

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

834

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

835

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

836

# Require that the server certificate verify properly or the

837

# connection will fail.

838

clientContext.set_verify(

839

VERIFY_PEER,

840

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

841

842

clientSSL = Connection(clientContext, client)

843

clientSSL.set_connect_state()

844

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

845

serverContext = Context(TLSv1_METHOD)

846

serverContext.use_certificate(

847

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

848

serverContext.use_privatekey(

849

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

850

851

serverSSL = Connection(serverContext, server)

852

serverSSL.set_accept_state()

853

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

854

# Without load_verify_locations above, the handshake

855

# will fail:

856

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

857

# 'certificate verify failed')]

858

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

859

860

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

861

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

862

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

863

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

864

def test_load_verify_file(self):

865

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

866

:py:obj:`Context.load_verify_locations` accepts a file name and uses the

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

867

certificates within for verification purposes.

868

"""

869

cafile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

870

fObj = open(cafile, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

871

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

872

fObj.close()

873

874

self._load_verify_locations_test(cafile)

875

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

876

877

def test_load_verify_invalid_file(self):

878

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

879

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

880

non-existent cafile.

881

"""

882

clientContext = Context(TLSv1_METHOD)

883

self.assertRaises(

884

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

885

886

887

def test_load_verify_directory(self):

888

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

889

:py:obj:`Context.load_verify_locations` accepts a directory name and uses

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

890

the certificates within for verification purposes.

891

"""

892

capath = self.mktemp()

893

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

894

# Hash values computed manually with c_rehash to avoid depending on

895

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

896

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

897

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

898

cafile = join(capath, name)

899

fObj = open(cafile, 'w')

900

fObj.write(cleartextCertificatePEM.decode('ascii'))

901

fObj.close()

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

902

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

903

self._load_verify_locations_test(None, capath)

904

905

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

906

def test_load_verify_locations_wrong_args(self):

907

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

908

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

909

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

910

"""

911

context = Context(TLSv1_METHOD)

912

self.assertRaises(TypeError, context.load_verify_locations)

913

self.assertRaises(TypeError, context.load_verify_locations, object())

914

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

915

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

916

917

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

918

if platform == "win32":

919

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

920

"See LP#404343 and LP#404344."

921

else:

922

def test_set_default_verify_paths(self):

923

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

924

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

925

certificate locations to be used for verification purposes.

926

"""

927

# Testing this requires a server with a certificate signed by one of

928

# the CAs in the platform CA location. Getting one of those costs

929

# money. Fortunately (or unfortunately, depending on your

930

# perspective), it's easy to think of a public server on the

931

# internet which has such a certificate. Connecting to the network

932

# in a unit test is bad, but it's the only way I can think of to

933

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

934

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

935

# Arg, verisign.com doesn't speak TLSv1

936

context = Context(SSLv3_METHOD)

937

context.set_default_verify_paths()

938

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

939

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

940

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

941

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

942

client = socket()

943

client.connect(('verisign.com', 443))

944

clientSSL = Connection(context, client)

945

clientSSL.set_connect_state()

946

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

947

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

948

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

949

950

951

def test_set_default_verify_paths_signature(self):

952

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

953

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

954

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

955

"""

956

context = Context(TLSv1_METHOD)

957

self.assertRaises(TypeError, context.set_default_verify_paths, None)

958

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

959

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

960

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

961

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

962

def test_add_extra_chain_cert_invalid_cert(self):

963

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

964

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

965

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

966

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

967

"""

968

context = Context(TLSv1_METHOD)

969

self.assertRaises(TypeError, context.add_extra_chain_cert)

970

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

971

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

972

973

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

974

def _handshake_test(self, serverContext, clientContext):

975

"""

976

Verify that a client and server created with the given contexts can

977

successfully handshake and communicate.

978

"""

979

serverSocket, clientSocket = socket_pair()

980

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

981

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

982

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

983

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

984

client = Connection(clientContext, clientSocket)

985

client.set_connect_state()

986

987

# Make them talk to each other.

988

# self._interactInMemory(client, server)

989

for i in range(3):

990

for s in [client, server]:

991

try:

992

s.do_handshake()

993

except WantReadError:

pass

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame^]

997

def test_set_verify_callback_connection_argument(self):

998

"""

999

The first argument passed to the verify callback is the

1000

:py:class:`Connection` instance for which verification is taking place.

1001

"""

1002

serverContext = Context(TLSv1_METHOD)

1003

serverContext.use_privatekey(

1004

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1005

serverContext.use_certificate(

1006

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1007

serverConnection = Connection(serverContext, None)

1008

1009

class VerifyCallback(object):

1010

def callback(self, connection, *args):

1011

self.connection = connection

1012

return 1

1013

1014

verify = VerifyCallback()

1015

clientContext = Context(TLSv1_METHOD)

1016

clientContext.set_verify(VERIFY_PEER, verify.callback)

1017

clientConnection = Connection(clientContext, None)

1018

clientConnection.set_connect_state()

1019

1020

self._handshakeInMemory(clientConnection, serverConnection)

1021

1022

self.assertIdentical(verify.connection, clientConnection)

1023

1024

Jean-Paul Calderone

7e166fe

2013-03-06 20:54:38 -0800

[diff] [blame]

1025

def test_set_verify_callback_exception(self):

1026

"""

1027

If the verify callback passed to :py:obj:`Context.set_verify` raises an

1028

exception, verification fails and the exception is propagated to the

1029

caller of :py:obj:`Connection.do_handshake`.

1030

"""

1031

serverContext = Context(TLSv1_METHOD)

1032

serverContext.use_privatekey(

1033

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1034

serverContext.use_certificate(

1035

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1036

1037

clientContext = Context(TLSv1_METHOD)

1038

def verify_callback(*args):

1039

raise Exception("silly verify failure")

1040

clientContext.set_verify(VERIFY_PEER, verify_callback)

1041

1042

exc = self.assertRaises(

1043

Exception, self._handshake_test, serverContext, clientContext)

1044

self.assertEqual("silly verify failure", str(exc))

1045

1046

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1047

def test_add_extra_chain_cert(self):

1048

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1049

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509` instance to add to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1050

the certificate chain.

1051

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1052

See :py:obj:`_create_certificate_chain` for the details of the certificate

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1053

chain tested.

1054

1055

The chain is tested by starting a server with scert and connecting

1056

to it with a client which trusts cacert and requires verification to

1057

succeed.

1058

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1059

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1060

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1061

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1062

# Dump the CA certificate to a file because that's the only way to load

1063

# it as a trusted CA in the client context.

1064

for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1065

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1066

fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1067

fObj.close()

1068

1069

for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1070

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1071

fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1072

fObj.close()

1073

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1074

# Create the server context

1075

serverContext = Context(TLSv1_METHOD)

1076

serverContext.use_privatekey(skey)

1077

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1078

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1079

serverContext.add_extra_chain_cert(icert)

1080

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1081

# Create the client

1082

clientContext = Context(TLSv1_METHOD)

1083

clientContext.set_verify(

1084

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1085

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1086

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1087

# Try it out.

1088

self._handshake_test(serverContext, clientContext)

1089

1090

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1091

def test_use_certificate_chain_file(self):

1092

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1093

:py:obj:`Context.use_certificate_chain_file` reads a certificate chain from

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1094

the specified file.

1095

1096

The chain is tested by starting a server with scert and connecting

1097

to it with a client which trusts cacert and requires verification to

1098

succeed.

1099

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1100

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1101

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1102

1103

# Write out the chain file.

1104

chainFile = self.mktemp()

Jean-Paul Calderone

d860798

2014-01-18 10:30:55 -0500

[diff] [blame]

1105

fObj = open(chainFile, 'wb')

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1106

# Most specific to least general.

Jean-Paul Calderone

d860798

2014-01-18 10:30:55 -0500

[diff] [blame]

1107

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1108

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1109

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1110

fObj.close()

1111

1112

serverContext = Context(TLSv1_METHOD)

1113

serverContext.use_certificate_chain_file(chainFile)

1114

serverContext.use_privatekey(skey)

1115

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1116

fObj = open('ca.pem', 'w')

1117

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1118

fObj.close()

1119

1120

clientContext = Context(TLSv1_METHOD)

1121

clientContext.set_verify(

1122

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1123

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1124

1125

self._handshake_test(serverContext, clientContext)

1126

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1127

1128

def test_use_certificate_chain_file_wrong_args(self):

1129

"""

1130

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1131

if passed zero or more than one argument or when passed a non-byte

1132

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1133

passed a bad chain file name (for example, the name of a file which does

1134

not exist).

1135

"""

1136

context = Context(TLSv1_METHOD)

1137

self.assertRaises(TypeError, context.use_certificate_chain_file)

1138

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1139

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1140

1141

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1142

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1143

# XXX load_client_ca

1144

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1145

1146

def test_get_verify_mode_wrong_args(self):

1147

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1148

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1149

arguments.

1150

"""

1151

context = Context(TLSv1_METHOD)

1152

self.assertRaises(TypeError, context.get_verify_mode, None)

1153

1154

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1155

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1156

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1157

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1158

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1159

"""

1160

context = Context(TLSv1_METHOD)

1161

self.assertEquals(context.get_verify_mode(), 0)

1162

context.set_verify(

1163

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1164

self.assertEquals(

1165

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1166

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1167

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1168

if not PY3:

1169

def test_set_verify_mode_long(self):

1170

"""

1171

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1172

type :py:obj:`long` as well as :py:obj:`int`.

1173

"""

1174

context = Context(TLSv1_METHOD)

1175

self.assertEquals(context.get_verify_mode(), 0)

1176

context.set_verify(

1177

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1178

self.assertEquals(

1179

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1180

1181

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1182

def test_load_tmp_dh_wrong_args(self):

1183

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1184

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1185

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1186

"""

1187

context = Context(TLSv1_METHOD)

1188

self.assertRaises(TypeError, context.load_tmp_dh)

1189

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1190

self.assertRaises(TypeError, context.load_tmp_dh, object())

1191

1192

1193

def test_load_tmp_dh_missing_file(self):

1194

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1195

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1196

does not exist.

1197

"""

1198

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1199

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1200

1201

1202

def test_load_tmp_dh(self):

1203

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1204

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1205

specified file.

1206

"""

1207

context = Context(TLSv1_METHOD)

1208

dhfilename = self.mktemp()

1209

dhfile = open(dhfilename, "w")

1210

dhfile.write(dhparam)

1211

dhfile.close()

1212

context.load_tmp_dh(dhfilename)

1213

# XXX What should I assert here? -exarkun

1214

1215

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1216

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1217

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1218

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1219

ciphers which connections created with the context object will be able

1220

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1221

"""

1222

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1223

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1224

conn = Connection(context, None)

1225

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1226

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1227

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1228

def test_set_cipher_list_text(self):

1229

"""

1230

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1231

the ciphers which connections created with the context object will be

1232

able to choose from.

1233

"""

1234

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1235

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1236

conn = Connection(context, None)

1237

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1238

1239

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1240

def test_set_cipher_list_wrong_args(self):

1241

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1242

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1243

passed zero arguments or more than one argument or when passed a

1244

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1245

passed an incorrect cipher list string.

1246

"""

1247

context = Context(TLSv1_METHOD)

1248

self.assertRaises(TypeError, context.set_cipher_list)

1249

self.assertRaises(TypeError, context.set_cipher_list, object())

1250

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1251

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1252

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1253

1254

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1255

def test_set_session_cache_mode_wrong_args(self):

1256

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1257

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1258

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1259

"""

1260

context = Context(TLSv1_METHOD)

1261

self.assertRaises(TypeError, context.set_session_cache_mode)

1262

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1263

1264

1265

def test_get_session_cache_mode_wrong_args(self):

1266

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1267

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1268

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1269

"""

1270

context = Context(TLSv1_METHOD)

1271

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1272

1273

1274

def test_session_cache_mode(self):

1275

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1276

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1277

cached. The setting can be retrieved via

1278

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1279

"""

1280

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1281

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1282

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1283

self.assertEqual(SESS_CACHE_OFF, off)

1284

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1285

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1286

if not PY3:

1287

def test_session_cache_mode_long(self):

1288

"""

1289

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1290

of type :py:obj:`long` as well as :py:obj:`int`.

1291

"""

1292

context = Context(TLSv1_METHOD)

1293

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1294

self.assertEqual(

1295

SESS_CACHE_BOTH, context.get_session_cache_mode())

1296

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1297

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1298

def test_get_cert_store(self):

1299

"""

1300

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1301

"""

1302

context = Context(TLSv1_METHOD)

1303

store = context.get_cert_store()

1304

self.assertIsInstance(store, X509Store)

1305

1306

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1307

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1308

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1309

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1310

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1311

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1312

"""

1313

def test_wrong_args(self):

1314

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1315

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1316

with other than one argument.

1317

"""

1318

context = Context(TLSv1_METHOD)

1319

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1320

self.assertRaises(

1321

TypeError, context.set_tlsext_servername_callback, 1, 2)

1322

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1323

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1324

def test_old_callback_forgotten(self):

1325

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1326

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1327

callback, the one it replaces is dereferenced.

1328

"""

1329

def callback(connection):

1330

pass

1331

1332

def replacement(connection):

1333

pass

1334

1335

context = Context(TLSv1_METHOD)

1336

context.set_tlsext_servername_callback(callback)

1337

1338

tracker = ref(callback)

1339

del callback

1340

1341

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1342

1343

# One run of the garbage collector happens to work on CPython. PyPy

1344

# doesn't collect the underlying object until a second run for whatever

1345

# reason. That's fine, it still demonstrates our code has properly

1346

# dropped the reference.

1347

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1348

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1349

1350

callback = tracker()

1351

if callback is not None:

1352

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1353

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1354

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1355

1356

1357

def test_no_servername(self):

1358

"""

1359

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1360

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1361

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1362

"""

1363

args = []

1364

def servername(conn):

1365

args.append((conn, conn.get_servername()))

1366

context = Context(TLSv1_METHOD)

1367

context.set_tlsext_servername_callback(servername)

1368

1369

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1375

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1376

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1377

1378

# Do a little connection to trigger the logic

1379

server = Connection(context, None)

1380

server.set_accept_state()

1381

1382

client = Connection(Context(TLSv1_METHOD), None)

1383

client.set_connect_state()

1384

1385

self._interactInMemory(server, client)

1386

1387

self.assertEqual([(server, None)], args)

1388

1389

1390

def test_servername(self):

1391

"""

1392

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1393

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1394

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1395

"""

1396

args = []

1397

def servername(conn):

1398

args.append((conn, conn.get_servername()))

1399

context = Context(TLSv1_METHOD)

1400

context.set_tlsext_servername_callback(servername)

1401

1402

# Necessary to actually accept the connection

1403

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1404

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1405

1406

# Do a little connection to trigger the logic

1407

server = Connection(context, None)

1408

server.set_accept_state()

1409

1410

client = Connection(Context(TLSv1_METHOD), None)

1411

client.set_connect_state()

1412

client.set_tlsext_host_name(b("foo1.example.com"))

1413

1414

self._interactInMemory(server, client)

1415

1416

self.assertEqual([(server, b("foo1.example.com"))], args)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

1420

class SessionTests(TestCase):

1421

"""

1422

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1423

"""

1424

def test_construction(self):

1425

"""

1426

:py:class:`Session` can be constructed with no arguments, creating a new

1427

instance of that type.

1428

"""

1429

new_session = Session()

1430

self.assertTrue(isinstance(new_session, Session))

1431

1432

1433

def test_construction_wrong_args(self):

1434

"""

1435

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

1436

is raised.

1437

"""

1438

self.assertRaises(TypeError, Session, 123)

1439

self.assertRaises(TypeError, Session, "hello")

1440

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1444

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1445

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1446

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1447

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1448

# XXX get_peer_certificate -> None

1449

# XXX sock_shutdown

1450

# XXX master_key -> TypeError

1451

# XXX server_random -> TypeError

1452

# XXX state_string

1453

# XXX connect -> TypeError

1454

# XXX connect_ex -> TypeError

1455

# XXX set_connect_state -> TypeError

1456

# XXX set_accept_state -> TypeError

1457

# XXX renegotiate_pending

1458

# XXX do_handshake -> TypeError

1459

# XXX bio_read -> TypeError

1460

# XXX recv -> TypeError

1461

# XXX send -> TypeError

1462

# XXX bio_write -> TypeError

1463

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1464

def test_type(self):

1465

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1466

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1467

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1468

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1469

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1470

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1471

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1472

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1473

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1474

def test_get_context(self):

1475

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1476

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

1477

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1478

"""

1479

context = Context(TLSv1_METHOD)

1480

connection = Connection(context, None)

1481

self.assertIdentical(connection.get_context(), context)

1482

1483

1484

def test_get_context_wrong_args(self):

1485

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1486

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1487

arguments.

1488

"""

1489

connection = Connection(Context(TLSv1_METHOD), None)

1490

self.assertRaises(TypeError, connection.get_context, None)

1491

1492

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1493

def test_set_context_wrong_args(self):

1494

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1495

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

1496

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1497

than 1.

1498

"""

1499

ctx = Context(TLSv1_METHOD)

1500

connection = Connection(ctx, None)

1501

self.assertRaises(TypeError, connection.set_context)

1502

self.assertRaises(TypeError, connection.set_context, object())

1503

self.assertRaises(TypeError, connection.set_context, "hello")

1504

self.assertRaises(TypeError, connection.set_context, 1)

1505

self.assertRaises(TypeError, connection.set_context, 1, 2)

1506

self.assertRaises(

1507

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

1508

self.assertIdentical(ctx, connection.get_context())

1509

1510

1511

def test_set_context(self):

1512

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1513

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1514

for the connection.

1515

"""

1516

original = Context(SSLv23_METHOD)

1517

replacement = Context(TLSv1_METHOD)

1518

connection = Connection(original, None)

1519

connection.set_context(replacement)

1520

self.assertIdentical(replacement, connection.get_context())

1521

# Lose our references to the contexts, just in case the Connection isn't

1522

# properly managing its own contributions to their reference counts.

1523

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

1528

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1529

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1530

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1531

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1532

"""

1533

conn = Connection(Context(TLSv1_METHOD), None)

1534

self.assertRaises(TypeError, conn.set_tlsext_host_name)

1535

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

1536

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

1537

self.assertRaises(

1538

TypeError, conn.set_tlsext_host_name, b("with\0null"))

1539

1540

if version_info >= (3,):

1541

# On Python 3.x, don't accidentally implicitly convert from text.

1542

self.assertRaises(

1543

TypeError,

1544

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1545

1546

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1547

def test_get_servername_wrong_args(self):

1548

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1549

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1550

arguments.

1551

"""

1552

connection = Connection(Context(TLSv1_METHOD), None)

1553

self.assertRaises(TypeError, connection.get_servername, object())

1554

self.assertRaises(TypeError, connection.get_servername, 1)

1555

self.assertRaises(TypeError, connection.get_servername, "hello")

1556

1557

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1558

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1559

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1560

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1561

immediate read.

1562

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1563

connection = Connection(Context(TLSv1_METHOD), None)

1564

self.assertEquals(connection.pending(), 0)

1565

1566

1567

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1568

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1569

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1570

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1571

connection = Connection(Context(TLSv1_METHOD), None)

1572

self.assertRaises(TypeError, connection.pending, None)

1573

1574

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1575

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1576

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1577

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1578

argument or with the wrong number of arguments.

1579

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1580

connection = Connection(Context(TLSv1_METHOD), socket())

1581

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1582

self.assertRaises(TypeError, connection.connect)

1583

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1584

1585

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1586

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1587

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1588

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1589

connect method raises it.

1590

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1591

client = socket()

1592

context = Context(TLSv1_METHOD)

1593

clientSSL = Connection(context, client)

1594

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

1595

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1596

1597

1598

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1599

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1600

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1601

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1607

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

1608

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1609

1610

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1611

if platform == "darwin":

1612

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

1613

else:

1614

def test_connect_ex(self):

1615

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1616

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1617

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1622

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1623

clientSSL = Connection(Context(TLSv1_METHOD), socket())

1624

clientSSL.setblocking(False)

1625

result = clientSSL.connect_ex(port.getsockname())

1626

expected = (EINPROGRESS, EWOULDBLOCK)

1627

self.assertTrue(

1628

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1629

1630

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1631

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1632

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1633

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1634

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1635

connection = Connection(Context(TLSv1_METHOD), socket())

1636

self.assertRaises(TypeError, connection.accept, None)

1637

1638

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1639

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1640

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1641

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

1642

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1643

connection originated from.

1644

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1645

ctx = Context(TLSv1_METHOD)

1646

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1647

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1648

port = socket()

1649

portSSL = Connection(ctx, port)

1650

portSSL.bind(('', 0))

1651

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1652

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1653

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1654

1655

# Calling portSSL.getsockname() here to get the server IP address sounds

1656

# great, but frequently fails on Windows.

1657

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1658

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1659

serverSSL, address = portSSL.accept()

1660

1661

self.assertTrue(isinstance(serverSSL, Connection))

1662

self.assertIdentical(serverSSL.get_context(), ctx)

1663

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1664

1665

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1666

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1667

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1668

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1669

number of arguments or with arguments other than integers.

1670

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1671

connection = Connection(Context(TLSv1_METHOD), None)

1672

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

1673

self.assertRaises(TypeError, connection.get_shutdown, None)

1674

self.assertRaises(TypeError, connection.set_shutdown)

1675

self.assertRaises(TypeError, connection.set_shutdown, None)

1676

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1677

1678

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1679

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1680

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1681

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1682

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1683

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1684

self.assertFalse(server.shutdown())

1685

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1686

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1687

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

1688

client.shutdown()

1689

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

1690

self.assertRaises(ZeroReturnError, server.recv, 1024)

1691

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1692

1693

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1694

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1695

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1696

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1697

process.

1698

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1699

connection = Connection(Context(TLSv1_METHOD), socket())

1700

connection.set_shutdown(RECEIVED_SHUTDOWN)

1701

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1702

1703

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

1704

if not PY3:

1705

def test_set_shutdown_long(self):

1706

"""

1707

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

1708

of type :py:obj:`long` as well as :py:obj:`int`.

1709

"""

1710

connection = Connection(Context(TLSv1_METHOD), socket())

1711

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

1712

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1713

1714

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1715

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1716

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1717

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

1718

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1719

with any arguments.

1720

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1721

conn = Connection(Context(TLSv1_METHOD), None)

1722

self.assertRaises(TypeError, conn.get_app_data, None)

1723

self.assertRaises(TypeError, conn.set_app_data)

1724

self.assertRaises(TypeError, conn.set_app_data, None, None)

1725

1726

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1727

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1728

"""

1729

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1730

:py:obj:`Connection.set_app_data` and later retrieved with

1731

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1732

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1733

conn = Connection(Context(TLSv1_METHOD), None)

1734

app_data = object()

1735

conn.set_app_data(app_data)

1736

self.assertIdentical(conn.get_app_data(), app_data)

1737

1738

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1739

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1740

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1741

:py:obj:`Connection.makefile` is not implemented and calling that method raises

1742

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1743

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1744

conn = Connection(Context(TLSv1_METHOD), None)

1745

self.assertRaises(NotImplementedError, conn.makefile)

1746

1747

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1748

def test_get_peer_cert_chain_wrong_args(self):

1749

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1750

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1751

arguments.

1752

"""

1753

conn = Connection(Context(TLSv1_METHOD), None)

1754

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

1755

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

1756

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

1757

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

1758

1759

1760

def test_get_peer_cert_chain(self):

1761

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1762

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1763

the connected server returned for the certification verification.

1764

"""

1765

chain = _create_certificate_chain()

1766

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1767

1768

serverContext = Context(TLSv1_METHOD)

1769

serverContext.use_privatekey(skey)

1770

serverContext.use_certificate(scert)

1771

serverContext.add_extra_chain_cert(icert)

1772

serverContext.add_extra_chain_cert(cacert)

1773

server = Connection(serverContext, None)

1774

server.set_accept_state()

1775

1776

# Create the client

1777

clientContext = Context(TLSv1_METHOD)

1778

clientContext.set_verify(VERIFY_NONE, verify_cb)

1779

client = Connection(clientContext, None)

1780

client.set_connect_state()

1781

1782

self._interactInMemory(client, server)

1783

1784

chain = client.get_peer_cert_chain()

1785

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1786

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1787

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1788

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1789

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1790

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1791

"Authority Certificate", chain[2].get_subject().CN)

1792

1793

1794

def test_get_peer_cert_chain_none(self):

1795

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1796

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1797

certificate chain.

1798

"""

1799

ctx = Context(TLSv1_METHOD)

1800

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1801

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1802

server = Connection(ctx, None)

1803

server.set_accept_state()

1804

client = Connection(Context(TLSv1_METHOD), None)

1805

client.set_connect_state()

1806

self._interactInMemory(client, server)

1807

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1808

1809

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1810

def test_get_session_wrong_args(self):

1811

"""

1812

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

1813

with any arguments.

1814

"""

1815

ctx = Context(TLSv1_METHOD)

1816

server = Connection(ctx, None)

1817

self.assertRaises(TypeError, server.get_session, 123)

1818

self.assertRaises(TypeError, server.get_session, "hello")

1819

self.assertRaises(TypeError, server.get_session, object())

1820

1821

1822

def test_get_session_unconnected(self):

1823

"""

1824

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

1825

an object which has not been connected.

1826

"""

1827

ctx = Context(TLSv1_METHOD)

1828

server = Connection(ctx, None)

1829

session = server.get_session()

1830

self.assertIdentical(None, session)

1831

1832

1833

def test_server_get_session(self):

1834

"""

1835

On the server side of a connection, :py:obj:`Connection.get_session`

1836

returns a :py:class:`Session` instance representing the SSL session for

1837

that connection.

1838

"""

1839

server, client = self._loopback()

1840

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1841

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1842

1843

1844

def test_client_get_session(self):

1845

"""

1846

On the client side of a connection, :py:obj:`Connection.get_session`

1847

returns a :py:class:`Session` instance representing the SSL session for

1848

that connection.

1849

"""

1850

server, client = self._loopback()

1851

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1852

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1853

1854

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

1855

def test_set_session_wrong_args(self):

1856

"""

1857

If called with an object that is not an instance of :py:class:`Session`,

1858

or with other than one argument, :py:obj:`Connection.set_session` raises

1859

:py:obj:`TypeError`.

1860

"""

1861

ctx = Context(TLSv1_METHOD)

1862

connection = Connection(ctx, None)

1863

self.assertRaises(TypeError, connection.set_session)

1864

self.assertRaises(TypeError, connection.set_session, 123)

1865

self.assertRaises(TypeError, connection.set_session, "hello")

1866

self.assertRaises(TypeError, connection.set_session, object())

1867

self.assertRaises(

1868

TypeError, connection.set_session, Session(), Session())

1869

1870

1871

def test_client_set_session(self):

1872

"""

1873

:py:obj:`Connection.set_session`, when used prior to a connection being

1874

established, accepts a :py:class:`Session` instance and causes an

1875

attempt to re-use the session it represents when the SSL handshake is

1876

performed.

1877

"""

1878

key = load_privatekey(FILETYPE_PEM, server_key_pem)

1879

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

1880

ctx = Context(TLSv1_METHOD)

1881

ctx.use_privatekey(key)

1882

ctx.use_certificate(cert)

1883

ctx.set_session_id("unity-test")

1884

1885

def makeServer(socket):

1886

server = Connection(ctx, socket)

1887

server.set_accept_state()

1888

return server

1889

1890

originalServer, originalClient = self._loopback(

1891

serverFactory=makeServer)

1892

originalSession = originalClient.get_session()

1893

1894

def makeClient(socket):

1895

client = self._loopbackClientFactory(socket)

1896

client.set_session(originalSession)

1897

return client

1898

resumedServer, resumedClient = self._loopback(

1899

serverFactory=makeServer,

1900

clientFactory=makeClient)

1901

1902

# This is a proxy: in general, we have no access to any unique

1903

# identifier for the session (new enough versions of OpenSSL expose a

1904

# hash which could be usable, but "new enough" is very, very new).

1905

# Instead, exploit the fact that the master key is re-used if the

1906

# session is re-used. As long as the master key for the two connections

1907

# is the same, the session was re-used!

1908

self.assertEqual(

1909

originalServer.master_key(), resumedServer.master_key())

1910

1911

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

1912

def test_set_session_wrong_method(self):

1913

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

1914

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

1915

instance associated with a context using a different SSL method than the

1916

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

1917

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

1918

"""

1919

key = load_privatekey(FILETYPE_PEM, server_key_pem)

1920

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

1921

ctx = Context(TLSv1_METHOD)

1922

ctx.use_privatekey(key)

1923

ctx.use_certificate(cert)

1924

ctx.set_session_id("unity-test")

1925

1926

def makeServer(socket):

1927

server = Connection(ctx, socket)

1928

server.set_accept_state()

1929

return server

1930

1931

originalServer, originalClient = self._loopback(

1932

serverFactory=makeServer)

1933

originalSession = originalClient.get_session()

1934

1935

def makeClient(socket):

1936

# Intentionally use a different, incompatible method here.

1937

client = Connection(Context(SSLv3_METHOD), socket)

1938

client.set_connect_state()

1939

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

1945

1946

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

1947

def test_wantWriteError(self):

1948

"""

1949

:py:obj:`Connection` methods which generate output raise

1950

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

1951

fail indicating a should-write state.

1952

"""

1953

client_socket, server_socket = socket_pair()

1954

# Fill up the client's send buffer so Connection won't be able to write

1955

# anything.

Jean-Paul Calderone

7d7c9c2

2014-02-18 16:38:26 -0500

[diff] [blame]

1956

msg = b"x" * 512

Jean-Paul Calderone

22c28b4

2014-02-18 16:40:34 -0500

[diff] [blame]

1957

for i in range(2048):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

1958

try:

1959

client_socket.send(msg)

1960

except error as e:

1961

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

1967

1968

ctx = Context(TLSv1_METHOD)

1969

conn = Connection(ctx, client_socket)

1970

# Client's speak first, so make it an SSL client

1971

conn.set_connect_state()

1972

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1976

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

1977

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

1978

:py:obj:`Connection.get_finished` returns :py:obj:`None` before TLS

1979

handshake is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

1980

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

1981

ctx = Context(TLSv1_METHOD)

1982

connection = Connection(ctx, None)

1983

self.assertEqual(connection.get_finished(), None)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1984

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

1985

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1986

def test_get_peer_finished_before_connect(self):

1987

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

1988

:py:obj:`Connection.get_peer_finished` returns :py:obj:`None` before

1989

TLS handshake is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1990

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1991

ctx = Context(TLSv1_METHOD)

1992

connection = Connection(ctx, None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

1993

self.assertEqual(connection.get_peer_finished(), None)

1994

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

1995

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1996

def test_get_finished(self):

1997

"""

1998

:py:obj:`Connection.get_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

1999

message send from client, or server. Finished messages are send during

2000

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2001

"""

2002

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2003

server, client = self._loopback()

2004

2005

self.assertNotEqual(server.get_finished(), None)

2006

self.assertTrue(len(server.get_finished()) > 0)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2007

Jean-Paul Calderone

d979f23

2014-03-30 11:58:00 -0400

[diff] [blame]

2008

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2009

def test_get_peer_finished(self):

2010

"""

2011

:py:obj:`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2012

message received from client, or server. Finished messages are send

2013

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2014

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2015

server, client = self._loopback()

2016

2017

self.assertNotEqual(server.get_peer_finished(), None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2018

self.assertTrue(len(server.get_peer_finished()) > 0)

2019

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2020

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2021

def test_tls_finished_message_symmetry(self):

2022

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2023

The TLS Finished message send by server must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2024

received by client.

2025

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2026

The TLS Finished message send by client must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2027

received by server.

2028

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2029

server, client = self._loopback()

2030

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2031

self.assertEqual(server.get_finished(), client.get_peer_finished())

2032

self.assertEqual(client.get_finished(), server.get_peer_finished())

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2033

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2034

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2035

def test_get_cipher_name_before_connect(self):

2036

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2037

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None` if no

2038

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2039

"""

2040

ctx = Context(TLSv1_METHOD)

2041

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2042

self.assertIdentical(conn.get_cipher_name(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2043

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2044

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2045

def test_get_cipher_name(self):

2046

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2047

:py:obj:`Connection.get_cipher_name` returns a :py:class:`unicode`

2048

string giving the name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2049

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2050

server, client = self._loopback()

2051

server_cipher_name, client_cipher_name = \

2052

server.get_cipher_name(), client.get_cipher_name()

2053

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2054

self.assertIsInstance(server_cipher_name, text_type)

2055

self.assertIsInstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2056

2057

self.assertEqual(server_cipher_name, client_cipher_name)

2058

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2059

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2060

def test_get_cipher_version_before_connect(self):

2061

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2062

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None` if no

2063

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2064

"""

2065

ctx = Context(TLSv1_METHOD)

2066

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2067

self.assertIdentical(conn.get_cipher_version(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2068

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2069

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2070

def test_get_cipher_version(self):

2071

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2072

:py:obj:`Connection.get_cipher_version` returns a :py:class:`unicode`

2073

string giving the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2074

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2075

server, client = self._loopback()

2076

server_cipher_version, client_cipher_version = \

2077

server.get_cipher_version(), client.get_cipher_version()

2078

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2079

self.assertIsInstance(server_cipher_version, text_type)

2080

self.assertIsInstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2081

2082

self.assertEqual(server_cipher_version, client_cipher_version)

2083

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2084

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2085

def test_get_cipher_bits_before_connect(self):

2086

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2087

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None` if no

2088

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2089

"""

2090

ctx = Context(TLSv1_METHOD)

2091

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2092

self.assertIdentical(conn.get_cipher_bits(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2093

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2094

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2095

def test_get_cipher_bits(self):

2096

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2097

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits

2098

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2099

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2100

server, client = self._loopback()

2101

server_cipher_bits, client_cipher_bits = \

2102

server.get_cipher_bits(), client.get_cipher_bits()

2103

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2104

self.assertIsInstance(server_cipher_bits, int)

2105

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2106

2107

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2108

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2109

2110

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2111

class ConnectionGetCipherListTests(TestCase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2112

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2113

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2114

"""

Jean-Paul Calderone

54a2bc0

2010-09-09 17:52:38 -0400

[diff] [blame]

2115

def test_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2116

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2117

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2118

arguments.

2119

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2120

connection = Connection(Context(TLSv1_METHOD), None)

2121

self.assertRaises(TypeError, connection.get_cipher_list, None)

2122

2123

2124

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2125

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2126

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2127

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2128

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2129

connection = Connection(Context(TLSv1_METHOD), None)

2130

ciphers = connection.get_cipher_list()

2131

self.assertTrue(isinstance(ciphers, list))

2132

for cipher in ciphers:

2133

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2137

class ConnectionSendTests(TestCase, _LoopbackMixin):

2138

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2139

Tests for :py:obj:`Connection.send`

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2140

"""

2141

def test_wrong_args(self):

2142

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2143

When called with arguments other than string argument for its first

2144

parameter or more than two arguments, :py:obj:`Connection.send` raises

2145

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2146

"""

2147

connection = Connection(Context(TLSv1_METHOD), None)

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2148

self.assertRaises(TypeError, connection.send)

2149

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2150

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2151

2152

2153

def test_short_bytes(self):

2154

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2155

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2156

and returns the number of bytes sent.

2157

"""

2158

server, client = self._loopback()

2159

count = server.send(b('xy'))

2160

self.assertEquals(count, 2)

2161

self.assertEquals(client.recv(2), b('xy'))

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2167

else:

2168

def test_short_memoryview(self):

2169

"""

2170

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2171

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2172

bytes sent.

2173

"""

2174

server, client = self._loopback()

2175

count = server.send(memoryview(b('xy')))

2176

self.assertEquals(count, 2)

2177

self.assertEquals(client.recv(2), b('xy'))

2178

2179

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2180

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2181

class ConnectionSendallTests(TestCase, _LoopbackMixin):

2182

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2183

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2184

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2185

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2186

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2187

When called with arguments other than a string argument for its first

2188

parameter or with more than two arguments, :py:obj:`Connection.sendall`

2189

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2190

"""

2191

connection = Connection(Context(TLSv1_METHOD), None)

2192

self.assertRaises(TypeError, connection.sendall)

2193

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2194

self.assertRaises(

2195

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2196

2197

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2198

def test_short(self):

2199

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2200

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2201

it.

2202

"""

2203

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

2204

server.sendall(b('x'))

2205

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2206

2207

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2212

else:

2213

def test_short_memoryview(self):

2214

"""

2215

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2216

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2217

"""

2218

server, client = self._loopback()

2219

server.sendall(memoryview(b('x')))

2220

self.assertEquals(client.recv(1), b('x'))

2221

2222

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2223

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2224

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2225

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2226

it even if this requires multiple calls of an underlying write function.

2227

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2228

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

2229

# Should be enough, underlying SSL_write should only do 16k at a time.

2230

# On Windows, after 32k of bytes the write will block (forever - because

2231

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

2232

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2233

server.sendall(message)

2234

accum = []

2235

received = 0

2236

while received < len(message):

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

2237

data = client.recv(1024)

2238

accum.append(data)

2239

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

2240

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2241

2242

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2243

def test_closed(self):

2244

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2245

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2246

write error from the low level write call.

2247

"""

2248

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

2249

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2250

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2251

if platform == "win32":

2252

self.assertEqual(exc.args[0], ESHUTDOWN)

2253

else:

2254

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2255

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2256

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2257

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2258

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

2259

"""

2260

Tests for SSL renegotiation APIs.

2261

"""

2262

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2263

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2264

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2265

arguments.

2266

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2267

connection = Connection(Context(TLSv1_METHOD), None)

2268

self.assertRaises(TypeError, connection.renegotiate, None)

2269

2270

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2271

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2272

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2273

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2274

any arguments.

2275

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2276

connection = Connection(Context(TLSv1_METHOD), None)

2277

self.assertRaises(TypeError, connection.total_renegotiations, None)

2278

2279

2280

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2281

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2282

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2283

renegotiations have happened.

2284

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2285

connection = Connection(Context(TLSv1_METHOD), None)

2286

self.assertEquals(connection.total_renegotiations(), 0)

2287

2288

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2289

# def test_renegotiate(self):

2290

# """

2291

# """

2292

# server, client = self._loopback()

2293

2294

# server.send("hello world")

2295

# self.assertEquals(client.recv(len("hello world")), "hello world")

2296

2297

# self.assertEquals(server.total_renegotiations(), 0)

2298

# self.assertTrue(server.renegotiate())

2299

2300

# server.setblocking(False)

2301

# client.setblocking(False)

2302

# while server.renegotiate_pending():

2303

# client.do_handshake()

2304

# server.do_handshake()

2305

2306

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2311

class ErrorTests(TestCase):

2312

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2313

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2314

"""

2315

def test_type(self):

2316

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2317

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2318

"""

2319

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2320

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2324

class ConstantsTests(TestCase):

2325

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2326

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2327

2328

These are values defined by OpenSSL intended only to be used as flags to

2329

OpenSSL APIs. The only assertions it seems can be made about them is

2330

their values.

2331

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2332

# unittest.TestCase has no skip mechanism

2333

if OP_NO_QUERY_MTU is not None:

2334

def test_op_no_query_mtu(self):

2335

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2336

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2337

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2338

"""

2339

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

2340

else:

2341

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2342

2343

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2344

if OP_COOKIE_EXCHANGE is not None:

2345

def test_op_cookie_exchange(self):

2346

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2347

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2348

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2349

"""

2350

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

2351

else:

2352

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2353

2354

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2355

if OP_NO_TICKET is not None:

2356

def test_op_no_ticket(self):

2357

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2358

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2359

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2360

"""

2361

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

2362

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2363

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

2364

2365

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2366

if OP_NO_COMPRESSION is not None:

2367

def test_op_no_compression(self):

2368

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2369

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

2370

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2371

"""

2372

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

2373

else:

2374

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

2375

2376

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2377

def test_sess_cache_off(self):

2378

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2379

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

2380

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2381

"""

2382

self.assertEqual(0x0, SESS_CACHE_OFF)

2383

2384

2385

def test_sess_cache_client(self):

2386

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2387

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

2388

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2389

"""

2390

self.assertEqual(0x1, SESS_CACHE_CLIENT)

2391

2392

2393

def test_sess_cache_server(self):

2394

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2395

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

2396

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2397

"""

2398

self.assertEqual(0x2, SESS_CACHE_SERVER)

2399

2400

2401

def test_sess_cache_both(self):

2402

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2403

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

2404

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2405

"""

2406

self.assertEqual(0x3, SESS_CACHE_BOTH)

2407

2408

2409

def test_sess_cache_no_auto_clear(self):

2410

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2411

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

2412

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

2413

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2414

"""

2415

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

2416

2417

2418

def test_sess_cache_no_internal_lookup(self):

2419

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2420

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

2421

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

2422

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2423

"""

2424

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

2425

2426

2427

def test_sess_cache_no_internal_store(self):

2428

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2429

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

2430

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

2431

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2432

"""

2433

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

2434

2435

2436

def test_sess_cache_no_internal(self):

2437

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2438

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

2439

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

2440

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2441

"""

2442

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

2443

2444

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

2445

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2446

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2447

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2448

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2449

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2450

def _server(self, sock):

2451

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2452

Create a new server-side SSL :py:obj:`Connection` object wrapped around

2453

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2454

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2455

# Create the server side Connection. This is mostly setup boilerplate

2456

# - use TLSv1, use a particular certificate, etc.

2457

server_ctx = Context(TLSv1_METHOD)

2458

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2459

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2460

server_store = server_ctx.get_cert_store()

2461

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2462

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2463

server_ctx.check_privatekey()

2464

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2465

# Here the Connection is actually created. If None is passed as the 2nd

2466

# parameter, it indicates a memory BIO should be created.

2467

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2468

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2472

def _client(self, sock):

2473

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2474

Create a new client-side SSL :py:obj:`Connection` object wrapped around

2475

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2476

"""

2477

# Now create the client side Connection. Similar boilerplate to the

2478

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2479

client_ctx = Context(TLSv1_METHOD)

2480

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2481

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2482

client_store = client_ctx.get_cert_store()

2483

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

2484

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

2485

client_ctx.check_privatekey()

2486

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2487

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2488

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2492

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2493

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2494

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2495

reading from the output of each and writing those bytes to the input of

2496

the other and in this way establish a connection and exchange

2497

application-level bytes with each other.

2498

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2499

server_conn = self._server(None)

2500

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2501

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2502

# There should be no key or nonces yet.

2503

self.assertIdentical(server_conn.master_key(), None)

2504

self.assertIdentical(server_conn.client_random(), None)

2505

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2506

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2507

# First, the handshake needs to happen. We'll deliver bytes back and

2508

# forth between the client and server until neither of them feels like

2509

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2510

self.assertIdentical(

2511

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2512

2513

# Now that the handshake is done, there should be a key and nonces.

2514

self.assertNotIdentical(server_conn.master_key(), None)

2515

self.assertNotIdentical(server_conn.client_random(), None)

2516

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

2517

self.assertEquals(server_conn.client_random(), client_conn.client_random())

2518

self.assertEquals(server_conn.server_random(), client_conn.server_random())

2519

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

2520

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2521

2522

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2523

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2524

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2525

server_conn.write(important_message)

2526

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2527

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2528

(client_conn, important_message))

2529

2530

client_conn.write(important_message[::-1])

2531

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2532

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2533

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2534

2535

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2536

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2537

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2538

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2539

2540

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2541

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2542

this test fails, there must be a problem outside the memory BIO

2543

code, as no memory BIO is involved here). Even though this isn't a

2544

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2545

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

2546

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2547

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2548

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2549

client_conn.send(important_message)

2550

msg = server_conn.recv(1024)

2551

self.assertEqual(msg, important_message)

2552

2553

# Again in the other direction, just for fun.

2554

important_message = important_message[::-1]

2555

server_conn.send(important_message)

2556

msg = client_conn.recv(1024)

2557

self.assertEqual(msg, important_message)

2558

2559

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

2560

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2561

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2562

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

2563

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2564

"""

2565

context = Context(SSLv3_METHOD)

2566

client = socket()

2567

clientSSL = Connection(context, client)

2568

self.assertRaises( TypeError, clientSSL.bio_read, 100)

2569

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

2570

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2571

2572

2573

def test_outgoingOverflow(self):

2574

"""

2575

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2576

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2577

returned and that many bytes from the beginning of the input can be

2578

read from the other end of the connection.

2579

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2580

server = self._server(None)

2581

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2582

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2583

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2584

2585

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2586

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2587

# Sanity check. We're trying to test what happens when the entire

2588

# input can't be sent. If the entire input was sent, this test is

2589

# meaningless.

2590

self.assertTrue(sent < size)

2591

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2592

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2593

self.assertIdentical(receiver, server)

2594

2595

# We can rely on all of these bytes being received at once because

2596

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

2597

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2598

2599

2600

def test_shutdown(self):

2601

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2602

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

2603

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2604

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2605

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2606

server.bio_shutdown()

2607

e = self.assertRaises(Error, server.recv, 1024)

2608

# We don't want WantReadError or ZeroReturnError or anything - it's a

2609

# handshake failure.

2610

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2611

2612

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2613

def test_unexpectedEndOfFile(self):

2614

"""

2615

If the connection is lost before an orderly SSL shutdown occurs,

2616

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

2617

"Unexpected EOF".

2618

"""

2619

server_conn, client_conn = self._loopback()

2620

client_conn.sock_shutdown(SHUT_RDWR)

2621

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

2622

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

2623

2624

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2625

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2626

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2627

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2628

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

2629

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2630

before the client and server are connected to each other. This

2631

function should specify a list of CAs for the server to send to the

2632

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2633

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2634

times.

2635

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2636

server = self._server(None)

2637

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2638

self.assertEqual(client.get_client_ca_list(), [])

2639

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2640

ctx = server.get_context()

2641

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2642

self.assertEqual(client.get_client_ca_list(), [])

2643

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2644

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2645

self.assertEqual(client.get_client_ca_list(), expected)

2646

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2647

2648

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2649

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2650

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2651

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2652

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2653

"""

2654

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2655

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

2656

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

2657

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2658

2659

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2660

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2661

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2662

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2663

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2664

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2665

after the connection is set up.

2666

"""

2667

def no_ca(ctx):

2668

ctx.set_client_ca_list([])

2669

return []

2670

self._check_client_ca_list(no_ca)

2671

2672

2673

def test_set_one_ca_list(self):

2674

"""

2675

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2676

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2677

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2678

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2679

X509Name after the connection is set up.

2680

"""

2681

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2682

cadesc = cacert.get_subject()

2683

def single_ca(ctx):

2684

ctx.set_client_ca_list([cadesc])

2685

return [cadesc]

2686

self._check_client_ca_list(single_ca)

2687

2688

2689

def test_set_multiple_ca_list(self):

2690

"""

2691

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2692

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2693

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2694

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2695

X509Names after the connection is set up.

2696

"""

2697

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2698

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2699

2700

sedesc = secert.get_subject()

2701

cldesc = clcert.get_subject()

2702

2703

def multiple_ca(ctx):

2704

L = [sedesc, cldesc]

2705

ctx.set_client_ca_list(L)

2706

return L

2707

self._check_client_ca_list(multiple_ca)

2708

2709

2710

def test_reset_ca_list(self):

2711

"""

2712

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2713

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2714

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2715

"""

2716

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2717

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2718

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2719

2720

cadesc = cacert.get_subject()

2721

sedesc = secert.get_subject()

2722

cldesc = clcert.get_subject()

2723

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2724

def changed_ca(ctx):

2725

ctx.set_client_ca_list([sedesc, cldesc])

2726

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2727

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2728

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2729

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2730

2731

def test_mutated_ca_list(self):

2732

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2733

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2734

afterwards, this does not affect the list of CA names sent to the

2735

client.

2736

"""

2737

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2738

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2739

2740

cadesc = cacert.get_subject()

2741

sedesc = secert.get_subject()

2742

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2743

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2744

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2745

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2746

L.append(sedesc)

2747

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2748

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2749

2750

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2751

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2752

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2753

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2754

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2755

"""

2756

ctx = Context(TLSv1_METHOD)

2757

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2758

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2759

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2760

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2761

2762

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2763

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2764

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2765

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2766

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2767

"""

2768

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2769

cadesc = cacert.get_subject()

2770

def single_ca(ctx):

2771

ctx.add_client_ca(cacert)

2772

return [cadesc]

2773

self._check_client_ca_list(single_ca)

2774

2775

2776

def test_multiple_add_client_ca(self):

2777

"""

2778

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2779

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2780

"""

2781

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2782

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2783

2784

cadesc = cacert.get_subject()

2785

sedesc = secert.get_subject()

2786

2787

def multiple_ca(ctx):

2788

ctx.add_client_ca(cacert)

2789

ctx.add_client_ca(secert)

2790

return [cadesc, sedesc]

2791

self._check_client_ca_list(multiple_ca)

2792

2793

2794

def test_set_and_add_client_ca(self):

2795

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2796

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

2797

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2798

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2799

"""

2800

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2801

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2802

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2803

2804

cadesc = cacert.get_subject()

2805

sedesc = secert.get_subject()

2806

cldesc = clcert.get_subject()

2807

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2808

def mixed_set_add_ca(ctx):

2809

ctx.set_client_ca_list([cadesc, sedesc])

2810

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2811

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2812

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2813

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2814

2815

def test_set_after_add_client_ca(self):

2816

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2817

A call to :py:obj:`Context.set_client_ca_list` after a call to

2818

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2819

call with the names specified by the latter cal.

2820

"""

2821

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2822

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2823

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2824

2825

cadesc = cacert.get_subject()

2826

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2827

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2828

def set_replaces_add_ca(ctx):

2829

ctx.add_client_ca(clcert)

2830

ctx.set_client_ca_list([cadesc])

2831

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2832

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2833

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2834

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2835

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2836

2837

class ConnectionBIOTests(TestCase):

2838

"""

2839

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

2840

"""

2841

def test_wantReadError(self):

2842

"""

2843

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

2844

if there are no bytes available to be read from the BIO.

2845

"""

2846

ctx = Context(TLSv1_METHOD)

2847

conn = Connection(ctx, None)

2848

self.assertRaises(WantReadError, conn.bio_read, 1024)

2849

2850

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2851

def test_buffer_size(self):

2852

"""

2853

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

2854

number of bytes to read and return.

2855

"""

2856

ctx = Context(TLSv1_METHOD)

2857

conn = Connection(ctx, None)

2858

conn.set_connect_state()

2859

try:

2860

conn.do_handshake()

2861

except WantReadError:

2862

pass

2863

data = conn.bio_read(2)

2864

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

2869

"""

2870

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

2871

:py:obj:`long` as well as :py:obj:`int`.

2872

"""

2873

ctx = Context(TLSv1_METHOD)

2874

conn = Connection(ctx, None)

2875

conn.set_connect_state()

2876

try:

2877

conn.do_handshake()

2878

except WantReadError:

2879

pass

2880

data = conn.bio_read(long(2))

2881

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2885

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

2886

class InfoConstantTests(TestCase):

2887

"""

2888

Tests for assorted constants exposed for use in info callbacks.

2889

"""

2890

def test_integers(self):

2891

"""

2892

All of the info constants are integers.

2893

2894

This is a very weak test. It would be nice to have one that actually

2895

verifies that as certain info events happen, the value passed to the

2896

info callback matches up with the constant exposed by OpenSSL.SSL.

2897

"""

2898

for const in [

2899

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

2900

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

2901

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

2902

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

2903

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

2904

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

2905

2906

self.assertTrue(isinstance(const, int))

2907

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

2908

Jean-Paul Calderone