Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

5

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

8

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

9

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

516c12c

2015-04-13 20:34:57 -0400

[diff] [blame]

10

from sys import platform, getfilesystemencoding

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

11

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

12

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

13

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

14

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

15

from weakref import ref

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

16

from warnings import catch_warnings, simplefilter

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

17

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

18

from six import PY3, text_type, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

19

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

20

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

21

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

22

from OpenSSL.crypto import dump_privatekey, load_privatekey

23

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

24

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

25

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

26

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

27

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

28

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

29

from OpenSSL.SSL import (

30

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

31

TLSv1_1_METHOD, TLSv1_2_METHOD)

32

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

33

from OpenSSL.SSL import (

34

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

35

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

36

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

37

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

38

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

39

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

40

41

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

42

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

43

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

44

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

45

Jean-Paul Calderone

17eca48

2015-04-13 20:31:07 -0400

[diff] [blame]

46

from OpenSSL.test.util import WARNING_TYPE_EXPECTED, NON_ASCII, TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

47

from OpenSSL.test.test_crypto import (

48

cleartextCertificatePEM, cleartextPrivateKeyPEM)

49

from OpenSSL.test.test_crypto import (

50

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

51

root_cert_pem)

52

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

53

try:

54

from OpenSSL.SSL import OP_NO_QUERY_MTU

55

except ImportError:

56

OP_NO_QUERY_MTU = None

57

try:

58

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

59

except ImportError:

60

OP_COOKIE_EXCHANGE = None

61

try:

62

from OpenSSL.SSL import OP_NO_TICKET

63

except ImportError:

64

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

65

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

66

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

67

from OpenSSL.SSL import OP_NO_COMPRESSION

68

except ImportError:

69

OP_NO_COMPRESSION = None

70

71

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

72

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

73

except ImportError:

74

MODE_RELEASE_BUFFERS = None

75

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

76

try:

77

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

78

except ImportError:

79

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

80

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

81

from OpenSSL.SSL import (

82

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

83

SSL_ST_OK, SSL_ST_RENEGOTIATE,

84

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

85

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

86

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

87

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

88

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

89

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

90

# to use)

91

dhparam = """\

92

-----BEGIN DH PARAMETERS-----

93

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

94

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2015-04-12 11:38:49 -0400

[diff] [blame]

98

def join_bytes_or_unicode(prefix, suffix):

99

"""

100

Join two path components of either ``bytes`` or ``unicode``.

101

102

The return type is the same as the type of ``prefix``.

103

"""

104

# If the types are the same, nothing special is necessary.

105

if type(prefix) == type(suffix):

106

return join(prefix, suffix)

107

108

# Otherwise, coerce suffix to the type of prefix.

109

if isinstance(prefix, text_type):

110

return join(prefix, suffix.decode(getfilesystemencoding()))

111

else:

112

return join(prefix, suffix.encode(getfilesystemencoding()))

113

114

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

115

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

116

return ok

117

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

118

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

119

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

120

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

121

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

122

"""

123

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

129

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

130

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

131

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

132

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

133

# Let's pass some unencrypted data to make sure our socket connection is

134

# fine. Just one byte, so we don't have to worry about buffers getting

135

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

136

server.send(b("x"))

137

assert client.recv(1024) == b("x")

138

client.send(b("y"))

139

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

140

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

141

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

142

server.setblocking(False)

143

client.setblocking(False)

144

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

145

return (server, client)

146

147

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

148

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

149

def handshake(client, server):

150

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

161

def _create_certificate_chain():

162

"""

163

Construct and return a chain of certificates.

164

165

1. A new self-signed certificate authority certificate (cacert)

166

2. A new intermediate certificate signed by cacert (icert)

167

3. A new server certificate signed by icert (scert)

168

"""

169

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

174

cacert = X509()

175

cacert.get_subject().commonName = "Authority Certificate"

176

cacert.set_issuer(cacert.get_subject())

177

cacert.set_pubkey(cakey)

178

cacert.set_notBefore(b("20000101000000Z"))

179

cacert.set_notAfter(b("20200101000000Z"))

180

cacert.add_extensions([caext])

181

cacert.set_serial_number(0)

182

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

187

icert = X509()

188

icert.get_subject().commonName = "Intermediate Certificate"

189

icert.set_issuer(cacert.get_subject())

190

icert.set_pubkey(ikey)

191

icert.set_notBefore(b("20000101000000Z"))

192

icert.set_notAfter(b("20200101000000Z"))

193

icert.add_extensions([caext])

194

icert.set_serial_number(0)

195

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

200

scert = X509()

201

scert.get_subject().commonName = "Server Certificate"

202

scert.set_issuer(icert.get_subject())

203

scert.set_pubkey(skey)

204

scert.set_notBefore(b("20000101000000Z"))

205

scert.set_notAfter(b("20200101000000Z"))

206

scert.add_extensions([

207

X509Extension(b('basicConstraints'), True, b('CA:false'))])

208

scert.set_serial_number(0)

209

scert.sign(ikey, "sha1")

210

211

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

215

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

216

"""

217

Helper mixin which defines methods for creating a connected socket pair and

218

for forcing two connected SSL sockets to talk to each other via memory BIOs.

219

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

220

def _loopbackClientFactory(self, socket):

221

client = Connection(Context(TLSv1_METHOD), socket)

222

client.set_connect_state()

223

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

224

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

225

226

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

227

ctx = Context(TLSv1_METHOD)

228

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

229

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

230

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

231

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

236

if serverFactory is None:

237

serverFactory = self._loopbackServerFactory

238

if clientFactory is None:

239

clientFactory = self._loopbackClientFactory

240

241

(server, client) = socket_pair()

242

server = serverFactory(server)

243

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

244

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

245

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

246

247

server.setblocking(True)

248

client.setblocking(True)

249

return server, client

250

251

252

def _interactInMemory(self, client_conn, server_conn):

253

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

254

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

255

objects. Copy bytes back and forth between their send/receive buffers

256

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

257

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

258

some application bytes, return a two-tuple of the connection from which

259

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

264

wrote = False

265

266

# Copy stuff from each side's send buffer to the other side's

267

# receive buffer.

268

for (read, write) in [(client_conn, server_conn),

269

(server_conn, client_conn)]:

270

271

# Give the side a chance to generate some more bytes, or

272

# succeed.

273

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

274

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

275

except WantReadError:

276

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

281

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

282

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

283

284

while True:

285

# Keep copying as long as there's more stuff there.

286

try:

287

dirty = read.bio_read(4096)

288

except WantReadError:

289

# Okay, nothing more waiting to be sent. Stop

290

# processing this send buffer.

291

break

292

else:

293

# Keep track of the fact that someone generated some

294

# output.

295

wrote = True

296

write.bio_write(dirty)

297

298

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

299

def _handshakeInMemory(self, client_conn, server_conn):

Jean-Paul Calderone

b2b4078

2014-05-06 08:47:40 -0400

[diff] [blame]

300

"""

301

Perform the TLS handshake between two :py:class:`Connection` instances

302

connected to each other via memory BIOs.

303

"""

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

304

client_conn.set_connect_state()

305

server_conn.set_accept_state()

306

307

for conn in [client_conn, server_conn]:

308

try:

309

conn.do_handshake()

310

except WantReadError:

311

pass

312

313

self._interactInMemory(client_conn, server_conn)

314

315

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

316

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

317

class VersionTests(TestCase):

318

"""

319

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

320

:py:obj:`OpenSSL.SSL.SSLeay_version` and

321

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

322

"""

323

def test_OPENSSL_VERSION_NUMBER(self):

324

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

325

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

326

byte and the patch, fix, minor, and major versions in the

327

nibbles above that.

328

"""

329

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

330

331

332

def test_SSLeay_version(self):

333

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

334

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

335

one of a number of version strings based on that indicator.

336

"""

337

versions = {}

338

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

339

SSLEAY_PLATFORM, SSLEAY_DIR]:

340

version = SSLeay_version(t)

341

versions[version] = t

342

self.assertTrue(isinstance(version, bytes))

343

self.assertEqual(len(versions), 5)

344

345

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

346

347

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

348

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

349

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

350

"""

351

def test_method(self):

352

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

353

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

354

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

355

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

356

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

357

methods = [

358

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

359

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

360

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

361

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

362

363

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

368

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

369

# don't. Difficult to say in advance.

370

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

371

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

372

self.assertRaises(TypeError, Context, "")

373

self.assertRaises(ValueError, Context, 10)

374

375

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

376

if not PY3:

377

def test_method_long(self):

378

"""

379

On Python 2 :py:class:`Context` accepts values of type

380

:py:obj:`long` as well as :py:obj:`int`.

381

"""

382

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

386

def test_type(self):

387

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

388

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

389

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

390

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

391

self.assertIdentical(Context, ContextType)

392

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

393

394

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

395

def test_use_privatekey(self):

396

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

397

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

398

"""

399

key = PKey()

400

key.generate_key(TYPE_RSA, 128)

401

ctx = Context(TLSv1_METHOD)

402

ctx.use_privatekey(key)

403

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

404

405

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

406

def test_use_privatekey_file_missing(self):

407

"""

408

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

409

when passed the name of a file which does not exist.

410

"""

411

ctx = Context(TLSv1_METHOD)

412

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

413

414

Jean-Paul Calderone

69a4e5b

2015-04-12 10:04:28 -0400

[diff] [blame]

415

def _use_privatekey_file_test(self, pemfile, filetype):

416

"""

417

Verify that calling ``Context.use_privatekey_file`` with the given

418

arguments does not raise an exception.

419

"""

420

key = PKey()

421

key.generate_key(TYPE_RSA, 128)

422

423

with open(pemfile, "wt") as pem:

424

pem.write(

425

dump_privatekey(FILETYPE_PEM, key).decode("ascii")

426

)

427

428

ctx = Context(TLSv1_METHOD)

429

ctx.use_privatekey_file(pemfile, filetype)

430

431

432

def test_use_privatekey_file_bytes(self):

433

"""

434

A private key can be specified from a file by passing a ``bytes``

435

instance giving the file name to ``Context.use_privatekey_file``.

436

"""

437

self._use_privatekey_file_test(

438

self.mktemp() + NON_ASCII.encode(getfilesystemencoding()),

FILETYPE_PEM,

)

def test_use_privatekey_file_unicode(self):

444

"""

445

A private key can be specified from a file by passing a ``unicode``

446

instance giving the file name to ``Context.use_privatekey_file``.

447

"""

448

self._use_privatekey_file_test(

449

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII,

FILETYPE_PEM,

)

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

454

if not PY3:

455

def test_use_privatekey_file_long(self):

456

"""

457

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

458

filetype of type :py:obj:`long` as well as :py:obj:`int`.

459

"""

Jean-Paul Calderone

69a4e5b

2015-04-12 10:04:28 -0400

[diff] [blame]

460

self._use_privatekey_file_test(self.mktemp(), long(FILETYPE_PEM))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

461

462

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

463

def test_use_certificate_wrong_args(self):

464

"""

465

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

466

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

467

argument.

468

"""

469

ctx = Context(TLSv1_METHOD)

470

self.assertRaises(TypeError, ctx.use_certificate)

471

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

472

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

473

474

475

def test_use_certificate_uninitialized(self):

476

"""

477

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

478

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

479

initialized (ie, which does not actually have any certificate data).

480

"""

481

ctx = Context(TLSv1_METHOD)

482

self.assertRaises(Error, ctx.use_certificate, X509())

483

484

485

def test_use_certificate(self):

486

"""

487

:py:obj:`Context.use_certificate` sets the certificate which will be

488

used to identify connections created using the context.

489

"""

490

# TODO

491

# Hard to assert anything. But we could set a privatekey then ask

492

# OpenSSL if the cert and key agree using check_privatekey. Then as

493

# long as check_privatekey works right we're good...

494

ctx = Context(TLSv1_METHOD)

495

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

496

497

498

def test_use_certificate_file_wrong_args(self):

499

"""

500

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

501

called with zero arguments or more than two arguments, or if the first

502

argument is not a byte string or the second argumnent is not an integer.

503

"""

504

ctx = Context(TLSv1_METHOD)

505

self.assertRaises(TypeError, ctx.use_certificate_file)

506

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

507

self.assertRaises(

508

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

509

self.assertRaises(

510

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

511

self.assertRaises(

512

TypeError, ctx.use_certificate_file, b"somefile", object())

513

514

515

def test_use_certificate_file_missing(self):

516

"""

517

:py:obj:`Context.use_certificate_file` raises

518

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

519

exist.

520

"""

521

ctx = Context(TLSv1_METHOD)

522

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

523

524

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

525

def _use_certificate_file_test(self, certificate_file):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

526

"""

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

527

Verify that calling ``Context.use_certificate_file`` with the given

528

filename doesn't raise an exception.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

529

"""

530

# TODO

531

# Hard to assert anything. But we could set a privatekey then ask

532

# OpenSSL if the cert and key agree using check_privatekey. Then as

533

# long as check_privatekey works right we're good...

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

534

with open(certificate_file, "wb") as pem_file:

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

535

pem_file.write(cleartextCertificatePEM)

536

537

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

538

ctx.use_certificate_file(certificate_file)

539

540

541

def test_use_certificate_file_bytes(self):

542

"""

543

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

544

``bytes`` filename) which will be used to identify connections created

545

using the context.

546

"""

547

filename = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

548

self._use_certificate_file_test(filename)

549

550

551

def test_use_certificate_file_unicode(self):

552

"""

553

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

554

``bytes`` filename) which will be used to identify connections created

555

using the context.

556

"""

557

filename = self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

558

self._use_certificate_file_test(filename)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

559

560

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

561

if not PY3:

562

def test_use_certificate_file_long(self):

563

"""

564

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

565

filetype of type :py:obj:`long` as well as :py:obj:`int`.

566

"""

567

pem_filename = self.mktemp()

568

with open(pem_filename, "wb") as pem_file:

569

pem_file.write(cleartextCertificatePEM)

570

571

ctx = Context(TLSv1_METHOD)

572

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

573

574

Jean-Paul Calderone

932f5cc

2014-12-11 13:58:00 -0500

[diff] [blame]

575

def test_check_privatekey_valid(self):

576

"""

577

:py:obj:`Context.check_privatekey` returns :py:obj:`None` if the

578

:py:obj:`Context` instance has been configured to use a matched key and

579

certificate pair.

580

"""

581

key = load_privatekey(FILETYPE_PEM, client_key_pem)

582

cert = load_certificate(FILETYPE_PEM, client_cert_pem)

583

context = Context(TLSv1_METHOD)

584

context.use_privatekey(key)

585

context.use_certificate(cert)

586

self.assertIs(None, context.check_privatekey())

587

588

589

def test_check_privatekey_invalid(self):

590

"""

591

:py:obj:`Context.check_privatekey` raises :py:obj:`Error` if the

592

:py:obj:`Context` instance has been configured to use a key and

593

certificate pair which don't relate to each other.

594

"""

595

key = load_privatekey(FILETYPE_PEM, client_key_pem)

596

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

597

context = Context(TLSv1_METHOD)

598

context.use_privatekey(key)

599

context.use_certificate(cert)

600

self.assertRaises(Error, context.check_privatekey)

601

602

603

def test_check_privatekey_wrong_args(self):

604

"""

605

:py:obj:`Context.check_privatekey` raises :py:obj:`TypeError` if called

606

with other than no arguments.

607

"""

608

context = Context(TLSv1_METHOD)

609

self.assertRaises(TypeError, context.check_privatekey, object())

610

611

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

612

def test_set_app_data_wrong_args(self):

613

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

614

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

615

one argument.

616

"""

617

context = Context(TLSv1_METHOD)

618

self.assertRaises(TypeError, context.set_app_data)

619

self.assertRaises(TypeError, context.set_app_data, None, None)

620

621

622

def test_get_app_data_wrong_args(self):

623

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

624

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

625

arguments.

626

"""

627

context = Context(TLSv1_METHOD)

628

self.assertRaises(TypeError, context.get_app_data, None)

629

630

631

def test_app_data(self):

632

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

633

:py:obj:`Context.set_app_data` stores an object for later retrieval using

634

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

635

"""

636

app_data = object()

637

context = Context(TLSv1_METHOD)

638

context.set_app_data(app_data)

639

self.assertIdentical(context.get_app_data(), app_data)

640

641

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

642

def test_set_options_wrong_args(self):

643

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

644

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

645

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

646

"""

647

context = Context(TLSv1_METHOD)

648

self.assertRaises(TypeError, context.set_options)

649

self.assertRaises(TypeError, context.set_options, None)

650

self.assertRaises(TypeError, context.set_options, 1, None)

651

652

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

653

def test_set_options(self):

654

"""

655

:py:obj:`Context.set_options` returns the new options value.

656

"""

657

context = Context(TLSv1_METHOD)

658

options = context.set_options(OP_NO_SSLv2)

659

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

664

"""

665

On Python 2 :py:obj:`Context.set_options` accepts values of type

666

:py:obj:`long` as well as :py:obj:`int`.

667

"""

668

context = Context(TLSv1_METHOD)

669

options = context.set_options(long(OP_NO_SSLv2))

670

self.assertTrue(OP_NO_SSLv2 & options)

671

672

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

673

def test_set_mode_wrong_args(self):

674

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

675

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

676

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

677

"""

678

context = Context(TLSv1_METHOD)

679

self.assertRaises(TypeError, context.set_mode)

680

self.assertRaises(TypeError, context.set_mode, None)

681

self.assertRaises(TypeError, context.set_mode, 1, None)

682

683

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

684

if MODE_RELEASE_BUFFERS is not None:

685

def test_set_mode(self):

686

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

687

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

688

set mode.

689

"""

690

context = Context(TLSv1_METHOD)

691

self.assertTrue(

692

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

693

694

if not PY3:

695

def test_set_mode_long(self):

696

"""

697

On Python 2 :py:obj:`Context.set_mode` accepts values of type

698

:py:obj:`long` as well as :py:obj:`int`.

699

"""

700

context = Context(TLSv1_METHOD)

701

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

702

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

703

else:

704

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

705

706

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

707

def test_set_timeout_wrong_args(self):

708

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

709

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

710

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

711

"""

712

context = Context(TLSv1_METHOD)

713

self.assertRaises(TypeError, context.set_timeout)

714

self.assertRaises(TypeError, context.set_timeout, None)

715

self.assertRaises(TypeError, context.set_timeout, 1, None)

716

717

718

def test_get_timeout_wrong_args(self):

719

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

720

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

721

"""

722

context = Context(TLSv1_METHOD)

723

self.assertRaises(TypeError, context.get_timeout, None)

724

725

726

def test_timeout(self):

727

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

728

:py:obj:`Context.set_timeout` sets the session timeout for all connections

729

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

730

value.

731

"""

732

context = Context(TLSv1_METHOD)

733

context.set_timeout(1234)

734

self.assertEquals(context.get_timeout(), 1234)

735

736

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

737

if not PY3:

738

def test_timeout_long(self):

739

"""

740

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

741

`long` as well as int.

742

"""

743

context = Context(TLSv1_METHOD)

744

context.set_timeout(long(1234))

745

self.assertEquals(context.get_timeout(), 1234)

746

747

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

748

def test_set_verify_depth_wrong_args(self):

749

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

750

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

751

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

752

"""

753

context = Context(TLSv1_METHOD)

754

self.assertRaises(TypeError, context.set_verify_depth)

755

self.assertRaises(TypeError, context.set_verify_depth, None)

756

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

757

758

759

def test_get_verify_depth_wrong_args(self):

760

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

761

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

762

"""

763

context = Context(TLSv1_METHOD)

764

self.assertRaises(TypeError, context.get_verify_depth, None)

765

766

767

def test_verify_depth(self):

768

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

769

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

770

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

771

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

772

"""

773

context = Context(TLSv1_METHOD)

774

context.set_verify_depth(11)

775

self.assertEquals(context.get_verify_depth(), 11)

776

777

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

778

if not PY3:

779

def test_verify_depth_long(self):

780

"""

781

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

782

type `long` as well as int.

783

"""

784

context = Context(TLSv1_METHOD)

785

context.set_verify_depth(long(11))

786

self.assertEquals(context.get_verify_depth(), 11)

787

788

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

789

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

790

"""

791

Write a new private key out to a new file, encrypted using the given

792

passphrase. Return the path to the new file.

793

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

794

key = PKey()

795

key.generate_key(TYPE_RSA, 128)

796

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

797

fObj = open(pemFile, 'w')

798

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

799

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

804

def test_set_passwd_cb_wrong_args(self):

805

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

806

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

807

wrong arguments or with a non-callable first argument.

808

"""

809

context = Context(TLSv1_METHOD)

810

self.assertRaises(TypeError, context.set_passwd_cb)

811

self.assertRaises(TypeError, context.set_passwd_cb, None)

812

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

813

814

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

815

def test_set_passwd_cb(self):

816

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

817

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

818

a private key is loaded from an encrypted PEM.

819

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

820

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

821

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

822

calledWith = []

823

def passphraseCallback(maxlen, verify, extra):

824

calledWith.append((maxlen, verify, extra))

825

return passphrase

826

context = Context(TLSv1_METHOD)

827

context.set_passwd_cb(passphraseCallback)

828

context.use_privatekey_file(pemFile)

829

self.assertTrue(len(calledWith), 1)

830

self.assertTrue(isinstance(calledWith[0][0], int))

831

self.assertTrue(isinstance(calledWith[0][1], int))

832

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

833

834

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

835

def test_passwd_callback_exception(self):

836

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

837

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

838

passphrase callback.

839

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

840

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

841

def passphraseCallback(maxlen, verify, extra):

842

raise RuntimeError("Sorry, I am a fail.")

843

844

context = Context(TLSv1_METHOD)

845

context.set_passwd_cb(passphraseCallback)

846

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

847

848

849

def test_passwd_callback_false(self):

850

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

851

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

852

passphrase callback returns a false value.

853

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

854

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

855

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

856

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

857

858

context = Context(TLSv1_METHOD)

859

context.set_passwd_cb(passphraseCallback)

860

self.assertRaises(Error, context.use_privatekey_file, pemFile)

861

862

863

def test_passwd_callback_non_string(self):

864

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

865

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

866

passphrase callback returns a true non-string value.

867

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

868

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

869

def passphraseCallback(maxlen, verify, extra):

870

return 10

871

872

context = Context(TLSv1_METHOD)

873

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

874

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

875

876

877

def test_passwd_callback_too_long(self):

878

"""

879

If the passphrase returned by the passphrase callback returns a string

880

longer than the indicated maximum length, it is truncated.

881

"""

882

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

883

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

884

pemFile = self._write_encrypted_pem(passphrase)

885

def passphraseCallback(maxlen, verify, extra):

886

assert maxlen == 1024

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

887

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

888

889

context = Context(TLSv1_METHOD)

890

context.set_passwd_cb(passphraseCallback)

891

# This shall succeed because the truncated result is the correct

892

# passphrase.

893

context.use_privatekey_file(pemFile)

894

895

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

896

def test_set_info_callback(self):

897

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

898

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

899

when certain information about an SSL connection is available.

900

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

901

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

902

903

clientSSL = Connection(Context(TLSv1_METHOD), client)

904

clientSSL.set_connect_state()

905

906

called = []

907

def info(conn, where, ret):

908

called.append((conn, where, ret))

909

context = Context(TLSv1_METHOD)

910

context.set_info_callback(info)

911

context.use_certificate(

912

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

913

context.use_privatekey(

914

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

915

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

916

serverSSL = Connection(context, server)

917

serverSSL.set_accept_state()

918

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

919

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

920

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

921

# The callback must always be called with a Connection instance as the

922

# first argument. It would probably be better to split this into

923

# separate tests for client and server side info callbacks so we could

924

# assert it is called with the right Connection instance. It would

925

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

926

notConnections = [

927

conn for (conn, where, ret) in called

928

if not isinstance(conn, Connection)]

929

self.assertEqual(

930

[], notConnections,

931

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

932

933

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

934

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

935

"""

936

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

937

its :py:obj:`load_verify_locations` method with the given arguments.

938

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

939

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

940

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

941

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

942

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

943

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

944

# Require that the server certificate verify properly or the

945

# connection will fail.

946

clientContext.set_verify(

947

VERIFY_PEER,

948

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

949

950

clientSSL = Connection(clientContext, client)

951

clientSSL.set_connect_state()

952

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

953

serverContext = Context(TLSv1_METHOD)

954

serverContext.use_certificate(

955

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

956

serverContext.use_privatekey(

957

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

958

959

serverSSL = Connection(serverContext, server)

960

serverSSL.set_accept_state()

961

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

962

# Without load_verify_locations above, the handshake

963

# will fail:

964

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

965

# 'certificate verify failed')]

966

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

967

968

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

969

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

970

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

971

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

972

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

973

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

974

Verify that if path to a file containing a certificate is passed to

975

``Context.load_verify_locations`` for the ``cafile`` parameter, that

976

certificate is used as a trust root for the purposes of verifying

977

connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

978

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

979

fObj = open(cafile, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

980

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

981

fObj.close()

982

983

self._load_verify_locations_test(cafile)

984

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

985

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

986

def test_load_verify_bytes_cafile(self):

987

"""

988

:py:obj:`Context.load_verify_locations` accepts a file name as a

989

``bytes`` instance and uses the certificates within for verification

990

purposes.

991

"""

992

cafile = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

993

self._load_verify_cafile(cafile)

994

995

996

def test_load_verify_unicode_cafile(self):

997

"""

998

:py:obj:`Context.load_verify_locations` accepts a file name as a

999

``unicode`` instance and uses the certificates within for verification

1000

purposes.

1001

"""

Jean-Paul Calderone

4f70c80

2015-04-12 11:26:47 -0400

[diff] [blame]

1002

self._load_verify_cafile(

1003

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

1004

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1005

1006

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

1007

def test_load_verify_invalid_file(self):

1008

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1009

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

1010

non-existent cafile.

1011

"""

1012

clientContext = Context(TLSv1_METHOD)

1013

self.assertRaises(

1014

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1015

1016

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1017

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1018

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1019

Verify that if path to a directory containing certificate files is

1020

passed to ``Context.load_verify_locations`` for the ``capath``

1021

parameter, those certificates are used as trust roots for the purposes

1022

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1023

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1024

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

1025

# Hash values computed manually with c_rehash to avoid depending on

1026

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

1027

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1028

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1029

cafile = join_bytes_or_unicode(capath, name)

1030

with open(cafile, 'w') as fObj:

1031

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1032

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1033

self._load_verify_locations_test(None, capath)

1034

1035

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1036

def test_load_verify_directory_bytes_capath(self):

1037

"""

1038

:py:obj:`Context.load_verify_locations` accepts a directory name as a

1039

``bytes`` instance and uses the certificates within for verification

1040

purposes.

1041

"""

1042

self._load_verify_directory_locations_capath(

1043

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_load_verify_directory_unicode_capath(self):

1048

"""

1049

:py:obj:`Context.load_verify_locations` accepts a directory name as a

1050

``unicode`` instance and uses the certificates within for verification

1051

purposes.

1052

"""

Jean-Paul Calderone

4f70c80

2015-04-12 11:26:47 -0400

[diff] [blame]

1053

self._load_verify_directory_locations_capath(

1054

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

1055

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1056

1057

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1058

def test_load_verify_locations_wrong_args(self):

1059

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1060

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

1061

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1062

"""

1063

context = Context(TLSv1_METHOD)

1064

self.assertRaises(TypeError, context.load_verify_locations)

1065

self.assertRaises(TypeError, context.load_verify_locations, object())

1066

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

1067

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

1068

1069

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

1070

if platform == "win32":

1071

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1072

"See LP#404343 and LP#404344."

1073

else:

1074

def test_set_default_verify_paths(self):

1075

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1076

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1077

certificate locations to be used for verification purposes.

1078

"""

1079

# Testing this requires a server with a certificate signed by one of

1080

# the CAs in the platform CA location. Getting one of those costs

1081

# money. Fortunately (or unfortunately, depending on your

1082

# perspective), it's easy to think of a public server on the

1083

# internet which has such a certificate. Connecting to the network

1084

# in a unit test is bad, but it's the only way I can think of to

1085

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1086

Alex Gaynor

b586da3

2014-11-15 09:22:21 -0800

[diff] [blame]

1087

# Arg, verisign.com doesn't speak anything newer than TLS 1.0

1088

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1089

context.set_default_verify_paths()

1090

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

1091

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1092

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1093

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1094

client = socket()

1095

client.connect(('verisign.com', 443))

1096

clientSSL = Connection(context, client)

1097

clientSSL.set_connect_state()

1098

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1099

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1100

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1101

1102

1103

def test_set_default_verify_paths_signature(self):

1104

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1105

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

1106

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1107

"""

1108

context = Context(TLSv1_METHOD)

1109

self.assertRaises(TypeError, context.set_default_verify_paths, None)

1110

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

1111

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1112

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1113

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1114

def test_add_extra_chain_cert_invalid_cert(self):

1115

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1116

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1117

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1118

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1119

"""

1120

context = Context(TLSv1_METHOD)

1121

self.assertRaises(TypeError, context.add_extra_chain_cert)

1122

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

1123

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

1124

1125

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1126

def _handshake_test(self, serverContext, clientContext):

1127

"""

1128

Verify that a client and server created with the given contexts can

1129

successfully handshake and communicate.

1130

"""

1131

serverSocket, clientSocket = socket_pair()

1132

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1133

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1134

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1135

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1136

client = Connection(clientContext, clientSocket)

1137

client.set_connect_state()

1138

1139

# Make them talk to each other.

1140

# self._interactInMemory(client, server)

1141

for i in range(3):

1142

for s in [client, server]:

1143

try:

1144

s.do_handshake()

1145

except WantReadError:

pass

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1149

def test_set_verify_callback_connection_argument(self):

1150

"""

1151

The first argument passed to the verify callback is the

1152

:py:class:`Connection` instance for which verification is taking place.

1153

"""

1154

serverContext = Context(TLSv1_METHOD)

1155

serverContext.use_privatekey(

1156

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1157

serverContext.use_certificate(

1158

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1159

serverConnection = Connection(serverContext, None)

1160

1161

class VerifyCallback(object):

1162

def callback(self, connection, *args):

1163

self.connection = connection

1164

return 1

1165

1166

verify = VerifyCallback()

1167

clientContext = Context(TLSv1_METHOD)

1168

clientContext.set_verify(VERIFY_PEER, verify.callback)

1169

clientConnection = Connection(clientContext, None)

1170

clientConnection.set_connect_state()

1171

1172

self._handshakeInMemory(clientConnection, serverConnection)

1173

1174

self.assertIdentical(verify.connection, clientConnection)

1175

1176

Jean-Paul Calderone

7e166fe

2013-03-06 20:54:38 -0800

[diff] [blame]

1177

def test_set_verify_callback_exception(self):

1178

"""

1179

If the verify callback passed to :py:obj:`Context.set_verify` raises an

1180

exception, verification fails and the exception is propagated to the

1181

caller of :py:obj:`Connection.do_handshake`.

1182

"""

1183

serverContext = Context(TLSv1_METHOD)

1184

serverContext.use_privatekey(

1185

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1186

serverContext.use_certificate(

1187

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1188

1189

clientContext = Context(TLSv1_METHOD)

1190

def verify_callback(*args):

1191

raise Exception("silly verify failure")

1192

clientContext.set_verify(VERIFY_PEER, verify_callback)

1193

1194

exc = self.assertRaises(

1195

Exception, self._handshake_test, serverContext, clientContext)

1196

self.assertEqual("silly verify failure", str(exc))

1197

1198

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1199

def test_add_extra_chain_cert(self):

1200

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1201

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509` instance to add to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1202

the certificate chain.

1203

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1204

See :py:obj:`_create_certificate_chain` for the details of the certificate

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1205

chain tested.

1206

1207

The chain is tested by starting a server with scert and connecting

1208

to it with a client which trusts cacert and requires verification to

1209

succeed.

1210

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1211

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1212

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1213

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1214

# Dump the CA certificate to a file because that's the only way to load

1215

# it as a trusted CA in the client context.

1216

for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1217

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1218

fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1219

fObj.close()

1220

1221

for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1222

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1223

fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1224

fObj.close()

1225

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1226

# Create the server context

1227

serverContext = Context(TLSv1_METHOD)

1228

serverContext.use_privatekey(skey)

1229

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1230

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1231

serverContext.add_extra_chain_cert(icert)

1232

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1233

# Create the client

1234

clientContext = Context(TLSv1_METHOD)

1235

clientContext.set_verify(

1236

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1237

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1238

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1239

# Try it out.

1240

self._handshake_test(serverContext, clientContext)

1241

1242

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1243

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1244

"""

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1245

Verify that :py:obj:`Context.use_certificate_chain_file` reads a

1246

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1247

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1248

The chain is tested by starting a server with scert and connecting to

1249

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1250

succeed.

1251

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1252

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1253

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1254

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1255

makedirs(certdir)

1256

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1257

chainFile = join_bytes_or_unicode(certdir, "chain.pem")

1258

caFile = join_bytes_or_unicode(certdir, "ca.pem")

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1259

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1260

# Write out the chain file.

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1261

with open(chainFile, 'wb') as fObj:

1262

# Most specific to least general.

1263

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1264

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1265

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1266

1267

with open(caFile, 'w') as fObj:

1268

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1269

1270

serverContext = Context(TLSv1_METHOD)

1271

serverContext.use_certificate_chain_file(chainFile)

1272

serverContext.use_privatekey(skey)

1273

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1274

clientContext = Context(TLSv1_METHOD)

1275

clientContext.set_verify(

1276

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1277

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1278

1279

self._handshake_test(serverContext, clientContext)

1280

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1281

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1282

def test_use_certificate_chain_file_bytes(self):

1283

"""

1284

``Context.use_certificate_chain_file`` accepts the name of a file (as

1285

an instance of ``bytes``) to specify additional certificates to use to

1286

construct and verify a trust chain.

1287

"""

1288

self._use_certificate_chain_file_test(

1289

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_use_certificate_chain_file_unicode(self):

1294

"""

1295

``Context.use_certificate_chain_file`` accepts the name of a file (as

1296

an instance of ``unicode``) to specify additional certificates to use

1297

to construct and verify a trust chain.

1298

"""

1299

self._use_certificate_chain_file_test(

1300

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

)

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1304

def test_use_certificate_chain_file_wrong_args(self):

1305

"""

1306

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1307

if passed zero or more than one argument or when passed a non-byte

1308

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1309

passed a bad chain file name (for example, the name of a file which does

1310

not exist).

1311

"""

1312

context = Context(TLSv1_METHOD)

1313

self.assertRaises(TypeError, context.use_certificate_chain_file)

1314

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1315

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1316

1317

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1318

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1319

# XXX load_client_ca

1320

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1321

1322

def test_get_verify_mode_wrong_args(self):

1323

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1324

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1325

arguments.

1326

"""

1327

context = Context(TLSv1_METHOD)

1328

self.assertRaises(TypeError, context.get_verify_mode, None)

1329

1330

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1331

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1332

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1333

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1334

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1335

"""

1336

context = Context(TLSv1_METHOD)

1337

self.assertEquals(context.get_verify_mode(), 0)

1338

context.set_verify(

1339

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1340

self.assertEquals(

1341

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1342

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1343

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1344

if not PY3:

1345

def test_set_verify_mode_long(self):

1346

"""

1347

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1348

type :py:obj:`long` as well as :py:obj:`int`.

1349

"""

1350

context = Context(TLSv1_METHOD)

1351

self.assertEquals(context.get_verify_mode(), 0)

1352

context.set_verify(

1353

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1354

self.assertEquals(

1355

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1356

1357

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1358

def test_load_tmp_dh_wrong_args(self):

1359

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1360

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1361

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1362

"""

1363

context = Context(TLSv1_METHOD)

1364

self.assertRaises(TypeError, context.load_tmp_dh)

1365

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1366

self.assertRaises(TypeError, context.load_tmp_dh, object())

1367

1368

1369

def test_load_tmp_dh_missing_file(self):

1370

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1371

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1372

does not exist.

1373

"""

1374

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1375

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1376

1377

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1378

def _load_tmp_dh_test(self, dhfilename):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1379

"""

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

1380

Verify that calling ``Context.load_tmp_dh`` with the given filename

1381

does not raise an exception.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1382

"""

1383

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1384

with open(dhfilename, "w") as dhfile:

1385

dhfile.write(dhparam)

1386

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1387

context.load_tmp_dh(dhfilename)

1388

# XXX What should I assert here? -exarkun

1389

1390

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1391

def test_load_tmp_dh_bytes(self):

1392

"""

1393

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

1394

specified file (given as ``bytes``).

1395

"""

1396

self._load_tmp_dh_test(

1397

self.mktemp() + NON_ASCII.encode(getfilesystemencoding()),

)

def test_load_tmp_dh_unicode(self):

1402

"""

1403

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

1404

specified file (given as ``unicode``).

1405

"""

1406

self._load_tmp_dh_test(

1407

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII,

)

Jean-Paul Calderone

2014-04-19 09:28:28 -0400

[diff] [blame]

1411

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1412

"""

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1413

:py:obj:`Context.set_tmp_ecdh` sets the elliptic curve for

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1414

Diffie-Hellman to the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1415

"""

1416

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1417

for curve in get_elliptic_curves():

1418

# The only easily "assertable" thing is that it does not raise an

1419

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1420

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1421

1422

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1423

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1424

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1425

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1426

ciphers which connections created with the context object will be able

1427

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1428

"""

1429

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1430

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1431

conn = Connection(context, None)

1432

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1433

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1434

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1435

def test_set_cipher_list_text(self):

1436

"""

1437

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1438

the ciphers which connections created with the context object will be

1439

able to choose from.

1440

"""

1441

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1442

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1443

conn = Connection(context, None)

1444

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1445

1446

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1447

def test_set_cipher_list_wrong_args(self):

1448

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1449

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1450

passed zero arguments or more than one argument or when passed a

1451

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1452

passed an incorrect cipher list string.

1453

"""

1454

context = Context(TLSv1_METHOD)

1455

self.assertRaises(TypeError, context.set_cipher_list)

1456

self.assertRaises(TypeError, context.set_cipher_list, object())

1457

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1458

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1459

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1460

1461

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1462

def test_set_session_cache_mode_wrong_args(self):

1463

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1464

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1465

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1466

"""

1467

context = Context(TLSv1_METHOD)

1468

self.assertRaises(TypeError, context.set_session_cache_mode)

1469

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1470

1471

1472

def test_get_session_cache_mode_wrong_args(self):

1473

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1474

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1475

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1476

"""

1477

context = Context(TLSv1_METHOD)

1478

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1479

1480

1481

def test_session_cache_mode(self):

1482

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1483

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1484

cached. The setting can be retrieved via

1485

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1486

"""

1487

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1488

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1489

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1490

self.assertEqual(SESS_CACHE_OFF, off)

1491

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1492

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1493

if not PY3:

1494

def test_session_cache_mode_long(self):

1495

"""

1496

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1497

of type :py:obj:`long` as well as :py:obj:`int`.

1498

"""

1499

context = Context(TLSv1_METHOD)

1500

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1501

self.assertEqual(

1502

SESS_CACHE_BOTH, context.get_session_cache_mode())

1503

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1504

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1505

def test_get_cert_store(self):

1506

"""

1507

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1508

"""

1509

context = Context(TLSv1_METHOD)

1510

store = context.get_cert_store()

1511

self.assertIsInstance(store, X509Store)

1512

1513

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1514

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1515

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1516

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1517

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1518

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1519

"""

1520

def test_wrong_args(self):

1521

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1522

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1523

with other than one argument.

1524

"""

1525

context = Context(TLSv1_METHOD)

1526

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1527

self.assertRaises(

1528

TypeError, context.set_tlsext_servername_callback, 1, 2)

1529

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1530

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1531

def test_old_callback_forgotten(self):

1532

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1533

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1534

callback, the one it replaces is dereferenced.

1535

"""

1536

def callback(connection):

1537

pass

1538

1539

def replacement(connection):

1540

pass

1541

1542

context = Context(TLSv1_METHOD)

1543

context.set_tlsext_servername_callback(callback)

1544

1545

tracker = ref(callback)

1546

del callback

1547

1548

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1549

1550

# One run of the garbage collector happens to work on CPython. PyPy

1551

# doesn't collect the underlying object until a second run for whatever

1552

# reason. That's fine, it still demonstrates our code has properly

1553

# dropped the reference.

1554

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1555

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1556

1557

callback = tracker()

1558

if callback is not None:

1559

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1560

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1561

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1562

1563

1564

def test_no_servername(self):

1565

"""

1566

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1567

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1568

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1569

"""

1570

args = []

1571

def servername(conn):

1572

args.append((conn, conn.get_servername()))

1573

context = Context(TLSv1_METHOD)

1574

context.set_tlsext_servername_callback(servername)

1575

1576

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1582

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1583

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1584

1585

# Do a little connection to trigger the logic

1586

server = Connection(context, None)

1587

server.set_accept_state()

1588

1589

client = Connection(Context(TLSv1_METHOD), None)

1590

client.set_connect_state()

1591

1592

self._interactInMemory(server, client)

1593

1594

self.assertEqual([(server, None)], args)

1595

1596

1597

def test_servername(self):

1598

"""

1599

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1600

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1601

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1602

"""

1603

args = []

1604

def servername(conn):

1605

args.append((conn, conn.get_servername()))

1606

context = Context(TLSv1_METHOD)

1607

context.set_tlsext_servername_callback(servername)

1608

1609

# Necessary to actually accept the connection

1610

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1611

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1612

1613

# Do a little connection to trigger the logic

1614

server = Connection(context, None)

1615

server.set_accept_state()

1616

1617

client = Connection(Context(TLSv1_METHOD), None)

1618

client.set_connect_state()

1619

client.set_tlsext_host_name(b("foo1.example.com"))

1620

1621

self._interactInMemory(server, client)

1622

1623

self.assertEqual([(server, b("foo1.example.com"))], args)

1624

1625

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1626

class NextProtoNegotiationTests(TestCase, _LoopbackMixin):

1627

"""

1628

Test for Next Protocol Negotiation in PyOpenSSL.

1629

"""

1630

def test_npn_success(self):

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1631

"""

1632

Tests that clients and servers that agree on the negotiated next

1633

protocol can correct establish a connection, and that the agreed

1634

protocol is reported by the connections.

1635

"""

1636

advertise_args = []

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1637

select_args = []

1638

def advertise(conn):

1639

advertise_args.append((conn,))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1640

return [b'http/1.1', b'spdy/2']

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1641

def select(conn, options):

1642

select_args.append((conn, options))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1643

return b'spdy/2'

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1644

1645

server_context = Context(TLSv1_METHOD)

1646

server_context.set_npn_advertise_callback(advertise)

1647

1648

client_context = Context(TLSv1_METHOD)

1649

client_context.set_npn_select_callback(select)

1650

1651

# Necessary to actually accept the connection

1652

server_context.use_privatekey(

1653

load_privatekey(FILETYPE_PEM, server_key_pem))

1654

server_context.use_certificate(

1655

load_certificate(FILETYPE_PEM, server_cert_pem))

1656

1657

# Do a little connection to trigger the logic

1658

server = Connection(server_context, None)

1659

server.set_accept_state()

1660

1661

client = Connection(client_context, None)

1662

client.set_connect_state()

1663

1664

self._interactInMemory(server, client)

1665

1666

self.assertEqual([(server,)], advertise_args)

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1667

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1668

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1669

self.assertEqual(server.get_next_proto_negotiated(), b'spdy/2')

1670

self.assertEqual(client.get_next_proto_negotiated(), b'spdy/2')

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1671

1672

1673

def test_npn_client_fail(self):

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1674

"""

1675

Tests that when clients and servers cannot agree on what protocol to

1676

use next that the TLS connection does not get established.

1677

"""

1678

advertise_args = []

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1679

select_args = []

1680

def advertise(conn):

1681

advertise_args.append((conn,))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1682

return [b'http/1.1', b'spdy/2']

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1683

def select(conn, options):

1684

select_args.append((conn, options))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1685

return b''

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1686

1687

server_context = Context(TLSv1_METHOD)

1688

server_context.set_npn_advertise_callback(advertise)

1689

1690

client_context = Context(TLSv1_METHOD)

1691

client_context.set_npn_select_callback(select)

1692

1693

# Necessary to actually accept the connection

1694

server_context.use_privatekey(

1695

load_privatekey(FILETYPE_PEM, server_key_pem))

1696

server_context.use_certificate(

1697

load_certificate(FILETYPE_PEM, server_cert_pem))

1698

1699

# Do a little connection to trigger the logic

1700

server = Connection(server_context, None)

1701

server.set_accept_state()

1702

1703

client = Connection(client_context, None)

1704

client.set_connect_state()

1705

1706

# If the client doesn't return anything, the connection will fail.

1707

self.assertRaises(Error, self._interactInMemory, server, client)

1708

1709

self.assertEqual([(server,)], advertise_args)

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1710

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1711

1712

Cory Benfield

0ea76e7

2015-03-22 09:05:28 +0000

[diff] [blame]

1713

def test_npn_select_error(self):

1714

"""

1715

Test that we can handle exceptions in the select callback. If select

1716

fails it should be fatal to the connection.

"""

advertise_args = []

def advertise(conn):

advertise_args.append((conn,))

1721

return [b'http/1.1', b'spdy/2']

1722

def select(conn, options):

1723

raise TypeError

1724

1725

server_context = Context(TLSv1_METHOD)

1726

server_context.set_npn_advertise_callback(advertise)

1727

1728

client_context = Context(TLSv1_METHOD)

1729

client_context.set_npn_select_callback(select)

1730

1731

# Necessary to actually accept the connection

1732

server_context.use_privatekey(

1733

load_privatekey(FILETYPE_PEM, server_key_pem))

1734

server_context.use_certificate(

1735

load_certificate(FILETYPE_PEM, server_cert_pem))

1736

1737

# Do a little connection to trigger the logic

1738

server = Connection(server_context, None)

1739

server.set_accept_state()

1740

1741

client = Connection(client_context, None)

1742

client.set_connect_state()

1743

1744

# If the callback throws an exception it should be raised here.

1745

self.assertRaises(TypeError, self._interactInMemory, server, client)

1746

self.assertEqual([(server,)], advertise_args)

1747

1748

1749

def test_npn_advertise_error(self):

1750

"""

1751

Test that we can handle exceptions in the advertise callback. If

1752

advertise fails no NPN is advertised to the client.

"""

select_args = []

def advertise(conn):

raise TypeError

def select(conn, options):

1758

select_args.append((conn, options))

1759

return b''

1760

1761

server_context = Context(TLSv1_METHOD)

1762

server_context.set_npn_advertise_callback(advertise)

1763

1764

client_context = Context(TLSv1_METHOD)

1765

client_context.set_npn_select_callback(select)

1766

1767

# Necessary to actually accept the connection

1768

server_context.use_privatekey(

1769

load_privatekey(FILETYPE_PEM, server_key_pem))

1770

server_context.use_certificate(

1771

load_certificate(FILETYPE_PEM, server_cert_pem))

1772

1773

# Do a little connection to trigger the logic

1774

server = Connection(server_context, None)

1775

server.set_accept_state()

1776

1777

client = Connection(client_context, None)

1778

client.set_connect_state()

1779

1780

# If the client doesn't return anything, the connection will fail.

1781

self.assertRaises(TypeError, self._interactInMemory, server, client)

1782

self.assertEqual([], select_args)

1783

1784

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1785

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

1786

class SessionTests(TestCase):

1787

"""

1788

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1789

"""

1790

def test_construction(self):

1791

"""

1792

:py:class:`Session` can be constructed with no arguments, creating a new

1793

instance of that type.

1794

"""

1795

new_session = Session()

1796

self.assertTrue(isinstance(new_session, Session))

1797

1798

1799

def test_construction_wrong_args(self):

1800

"""

1801

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

1802

is raised.

1803

"""

1804

self.assertRaises(TypeError, Session, 123)

1805

self.assertRaises(TypeError, Session, "hello")

1806

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1810

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1811

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1812

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1813

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1814

# XXX get_peer_certificate -> None

1815

# XXX sock_shutdown

1816

# XXX master_key -> TypeError

1817

# XXX server_random -> TypeError

1818

# XXX state_string

1819

# XXX connect -> TypeError

1820

# XXX connect_ex -> TypeError

1821

# XXX set_connect_state -> TypeError

1822

# XXX set_accept_state -> TypeError

1823

# XXX renegotiate_pending

1824

# XXX do_handshake -> TypeError

1825

# XXX bio_read -> TypeError

1826

# XXX recv -> TypeError

1827

# XXX send -> TypeError

1828

# XXX bio_write -> TypeError

1829

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1830

def test_type(self):

1831

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1832

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1833

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1834

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1835

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1836

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1837

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1838

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1839

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1840

def test_get_context(self):

1841

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1842

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

1843

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1844

"""

1845

context = Context(TLSv1_METHOD)

1846

connection = Connection(context, None)

1847

self.assertIdentical(connection.get_context(), context)

1848

1849

1850

def test_get_context_wrong_args(self):

1851

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1852

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1853

arguments.

1854

"""

1855

connection = Connection(Context(TLSv1_METHOD), None)

1856

self.assertRaises(TypeError, connection.get_context, None)

1857

1858

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1859

def test_set_context_wrong_args(self):

1860

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1861

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

1862

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1863

than 1.

1864

"""

1865

ctx = Context(TLSv1_METHOD)

1866

connection = Connection(ctx, None)

1867

self.assertRaises(TypeError, connection.set_context)

1868

self.assertRaises(TypeError, connection.set_context, object())

1869

self.assertRaises(TypeError, connection.set_context, "hello")

1870

self.assertRaises(TypeError, connection.set_context, 1)

1871

self.assertRaises(TypeError, connection.set_context, 1, 2)

1872

self.assertRaises(

1873

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

1874

self.assertIdentical(ctx, connection.get_context())

1875

1876

1877

def test_set_context(self):

1878

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1879

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1880

for the connection.

1881

"""

1882

original = Context(SSLv23_METHOD)

1883

replacement = Context(TLSv1_METHOD)

1884

connection = Connection(original, None)

1885

connection.set_context(replacement)

1886

self.assertIdentical(replacement, connection.get_context())

1887

# Lose our references to the contexts, just in case the Connection isn't

1888

# properly managing its own contributions to their reference counts.

1889

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

1894

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1895

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1896

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1897

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1898

"""

1899

conn = Connection(Context(TLSv1_METHOD), None)

1900

self.assertRaises(TypeError, conn.set_tlsext_host_name)

1901

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

1902

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

1903

self.assertRaises(

1904

TypeError, conn.set_tlsext_host_name, b("with\0null"))

1905

Abraham Martin

c5484ba

2015-03-25 15:33:05 +0000

[diff] [blame]

1906

if PY3:

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1907

# On Python 3.x, don't accidentally implicitly convert from text.

1908

self.assertRaises(

1909

TypeError,

1910

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1911

1912

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1913

def test_get_servername_wrong_args(self):

1914

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1915

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1916

arguments.

1917

"""

1918

connection = Connection(Context(TLSv1_METHOD), None)

1919

self.assertRaises(TypeError, connection.get_servername, object())

1920

self.assertRaises(TypeError, connection.get_servername, 1)

1921

self.assertRaises(TypeError, connection.get_servername, "hello")

1922

1923

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1924

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1925

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1926

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1927

immediate read.

1928

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1929

connection = Connection(Context(TLSv1_METHOD), None)

1930

self.assertEquals(connection.pending(), 0)

1931

1932

1933

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1934

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1935

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1936

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1937

connection = Connection(Context(TLSv1_METHOD), None)

1938

self.assertRaises(TypeError, connection.pending, None)

1939

1940

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1941

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1942

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1943

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1944

argument or with the wrong number of arguments.

1945

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1946

connection = Connection(Context(TLSv1_METHOD), socket())

1947

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1948

self.assertRaises(TypeError, connection.connect)

1949

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1950

1951

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1952

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1953

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1954

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1955

connect method raises it.

1956

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1957

client = socket()

1958

context = Context(TLSv1_METHOD)

1959

clientSSL = Connection(context, client)

1960

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

1961

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1962

1963

1964

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1965

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1966

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1967

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1973

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

1974

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1975

1976

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1977

if platform == "darwin":

1978

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

1979

else:

1980

def test_connect_ex(self):

1981

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1982

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1983

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1988

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1989

clientSSL = Connection(Context(TLSv1_METHOD), socket())

1990

clientSSL.setblocking(False)

1991

result = clientSSL.connect_ex(port.getsockname())

1992

expected = (EINPROGRESS, EWOULDBLOCK)

1993

self.assertTrue(

1994

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1995

1996

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1997

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1998

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1999

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2000

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2001

connection = Connection(Context(TLSv1_METHOD), socket())

2002

self.assertRaises(TypeError, connection.accept, None)

2003

2004

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2005

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2006

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2007

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

2008

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2009

connection originated from.

2010

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2011

ctx = Context(TLSv1_METHOD)

2012

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2013

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2014

port = socket()

2015

portSSL = Connection(ctx, port)

2016

portSSL.bind(('', 0))

2017

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2018

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2019

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2020

2021

# Calling portSSL.getsockname() here to get the server IP address sounds

2022

# great, but frequently fails on Windows.

2023

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2024

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2025

serverSSL, address = portSSL.accept()

2026

2027

self.assertTrue(isinstance(serverSSL, Connection))

2028

self.assertIdentical(serverSSL.get_context(), ctx)

2029

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2030

2031

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2032

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2033

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2034

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2035

number of arguments or with arguments other than integers.

2036

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2037

connection = Connection(Context(TLSv1_METHOD), None)

2038

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

2039

self.assertRaises(TypeError, connection.get_shutdown, None)

2040

self.assertRaises(TypeError, connection.set_shutdown)

2041

self.assertRaises(TypeError, connection.set_shutdown, None)

2042

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2043

2044

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2045

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2046

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2047

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2048

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2049

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2050

self.assertFalse(server.shutdown())

2051

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2052

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2053

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

2054

client.shutdown()

2055

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

2056

self.assertRaises(ZeroReturnError, server.recv, 1024)

2057

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2058

2059

Paul Aurich

c85e086

2015-01-08 08:34:33 -0800

[diff] [blame]

2060

def test_shutdown_closed(self):

2061

"""

2062

If the underlying socket is closed, :py:obj:`Connection.shutdown` propagates the

2063

write error from the low level write call.

2064

"""

2065

server, client = self._loopback()

2066

server.sock_shutdown(2)

2067

exc = self.assertRaises(SysCallError, server.shutdown)

2068

if platform == "win32":

2069

self.assertEqual(exc.args[0], ESHUTDOWN)

2070

else:

2071

self.assertEqual(exc.args[0], EPIPE)

2072

2073

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2074

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2075

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2076

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2077

process.

2078

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2079

connection = Connection(Context(TLSv1_METHOD), socket())

2080

connection.set_shutdown(RECEIVED_SHUTDOWN)

2081

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

2082

2083

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

2084

if not PY3:

2085

def test_set_shutdown_long(self):

2086

"""

2087

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

2088

of type :py:obj:`long` as well as :py:obj:`int`.

2089

"""

2090

connection = Connection(Context(TLSv1_METHOD), socket())

2091

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

2092

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

2093

2094

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2095

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2096

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2097

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

2098

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2099

with any arguments.

2100

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2101

conn = Connection(Context(TLSv1_METHOD), None)

2102

self.assertRaises(TypeError, conn.get_app_data, None)

2103

self.assertRaises(TypeError, conn.set_app_data)

2104

self.assertRaises(TypeError, conn.set_app_data, None, None)

2105

2106

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2107

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2108

"""

2109

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2110

:py:obj:`Connection.set_app_data` and later retrieved with

2111

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2112

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2113

conn = Connection(Context(TLSv1_METHOD), None)

2114

app_data = object()

2115

conn.set_app_data(app_data)

2116

self.assertIdentical(conn.get_app_data(), app_data)

2117

2118

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2119

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2120

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2121

:py:obj:`Connection.makefile` is not implemented and calling that method raises

2122

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2123

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2124

conn = Connection(Context(TLSv1_METHOD), None)

2125

self.assertRaises(NotImplementedError, conn.makefile)

2126

2127

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2128

def test_get_peer_cert_chain_wrong_args(self):

2129

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2130

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2131

arguments.

2132

"""

2133

conn = Connection(Context(TLSv1_METHOD), None)

2134

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

2135

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

2136

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

2137

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

2138

2139

2140

def test_get_peer_cert_chain(self):

2141

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2142

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2143

the connected server returned for the certification verification.

2144

"""

2145

chain = _create_certificate_chain()

2146

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2147

2148

serverContext = Context(TLSv1_METHOD)

2149

serverContext.use_privatekey(skey)

2150

serverContext.use_certificate(scert)

2151

serverContext.add_extra_chain_cert(icert)

2152

serverContext.add_extra_chain_cert(cacert)

2153

server = Connection(serverContext, None)

2154

server.set_accept_state()

2155

2156

# Create the client

2157

clientContext = Context(TLSv1_METHOD)

2158

clientContext.set_verify(VERIFY_NONE, verify_cb)

2159

client = Connection(clientContext, None)

2160

client.set_connect_state()

2161

2162

self._interactInMemory(client, server)

2163

2164

chain = client.get_peer_cert_chain()

2165

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2166

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2167

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2168

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2169

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2170

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2171

"Authority Certificate", chain[2].get_subject().CN)

2172

2173

2174

def test_get_peer_cert_chain_none(self):

2175

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2176

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2177

certificate chain.

2178

"""

2179

ctx = Context(TLSv1_METHOD)

2180

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2181

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2182

server = Connection(ctx, None)

2183

server.set_accept_state()

2184

client = Connection(Context(TLSv1_METHOD), None)

2185

client.set_connect_state()

2186

self._interactInMemory(client, server)

2187

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2188

2189

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2190

def test_get_session_wrong_args(self):

2191

"""

2192

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

2193

with any arguments.

2194

"""

2195

ctx = Context(TLSv1_METHOD)

2196

server = Connection(ctx, None)

2197

self.assertRaises(TypeError, server.get_session, 123)

2198

self.assertRaises(TypeError, server.get_session, "hello")

2199

self.assertRaises(TypeError, server.get_session, object())

2200

2201

2202

def test_get_session_unconnected(self):

2203

"""

2204

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

2205

an object which has not been connected.

2206

"""

2207

ctx = Context(TLSv1_METHOD)

2208

server = Connection(ctx, None)

2209

session = server.get_session()

2210

self.assertIdentical(None, session)

2211

2212

2213

def test_server_get_session(self):

2214

"""

2215

On the server side of a connection, :py:obj:`Connection.get_session`

2216

returns a :py:class:`Session` instance representing the SSL session for

2217

that connection.

2218

"""

2219

server, client = self._loopback()

2220

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

2221

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2222

2223

2224

def test_client_get_session(self):

2225

"""

2226

On the client side of a connection, :py:obj:`Connection.get_session`

2227

returns a :py:class:`Session` instance representing the SSL session for

2228

that connection.

2229

"""

2230

server, client = self._loopback()

2231

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

2232

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2233

2234

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2235

def test_set_session_wrong_args(self):

2236

"""

2237

If called with an object that is not an instance of :py:class:`Session`,

2238

or with other than one argument, :py:obj:`Connection.set_session` raises

2239

:py:obj:`TypeError`.

2240

"""

2241

ctx = Context(TLSv1_METHOD)

2242

connection = Connection(ctx, None)

2243

self.assertRaises(TypeError, connection.set_session)

2244

self.assertRaises(TypeError, connection.set_session, 123)

2245

self.assertRaises(TypeError, connection.set_session, "hello")

2246

self.assertRaises(TypeError, connection.set_session, object())

2247

self.assertRaises(

2248

TypeError, connection.set_session, Session(), Session())

2249

2250

2251

def test_client_set_session(self):

2252

"""

2253

:py:obj:`Connection.set_session`, when used prior to a connection being

2254

established, accepts a :py:class:`Session` instance and causes an

2255

attempt to re-use the session it represents when the SSL handshake is

2256

performed.

2257

"""

2258

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2259

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2260

ctx = Context(TLSv1_METHOD)

2261

ctx.use_privatekey(key)

2262

ctx.use_certificate(cert)

2263

ctx.set_session_id("unity-test")

2264

2265

def makeServer(socket):

2266

server = Connection(ctx, socket)

2267

server.set_accept_state()

2268

return server

2269

2270

originalServer, originalClient = self._loopback(

2271

serverFactory=makeServer)

2272

originalSession = originalClient.get_session()

2273

2274

def makeClient(socket):

2275

client = self._loopbackClientFactory(socket)

2276

client.set_session(originalSession)

2277

return client

2278

resumedServer, resumedClient = self._loopback(

2279

serverFactory=makeServer,

2280

clientFactory=makeClient)

2281

2282

# This is a proxy: in general, we have no access to any unique

2283

# identifier for the session (new enough versions of OpenSSL expose a

2284

# hash which could be usable, but "new enough" is very, very new).

2285

# Instead, exploit the fact that the master key is re-used if the

2286

# session is re-used. As long as the master key for the two connections

2287

# is the same, the session was re-used!

2288

self.assertEqual(

2289

originalServer.master_key(), resumedServer.master_key())

2290

2291

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2292

def test_set_session_wrong_method(self):

2293

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

2294

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

2295

instance associated with a context using a different SSL method than the

2296

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

2297

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2298

"""

2299

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2300

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2301

ctx = Context(TLSv1_METHOD)

2302

ctx.use_privatekey(key)

2303

ctx.use_certificate(cert)

2304

ctx.set_session_id("unity-test")

2305

2306

def makeServer(socket):

2307

server = Connection(ctx, socket)

2308

server.set_accept_state()

2309

return server

2310

2311

originalServer, originalClient = self._loopback(

2312

serverFactory=makeServer)

2313

originalSession = originalClient.get_session()

2314

2315

def makeClient(socket):

2316

# Intentionally use a different, incompatible method here.

2317

client = Connection(Context(SSLv3_METHOD), socket)

2318

client.set_connect_state()

2319

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

2325

2326

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2327

def test_wantWriteError(self):

2328

"""

2329

:py:obj:`Connection` methods which generate output raise

2330

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

2331

fail indicating a should-write state.

2332

"""

2333

client_socket, server_socket = socket_pair()

2334

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2335

# anything. Only write a single byte at a time so we can be sure we

2336

# completely fill the buffer. Even though the socket API is allowed to

2337

# signal a short write via its return value it seems this doesn't

2338

# always happen on all platforms (FreeBSD and OS X particular) for the

2339

# very last bit of available buffer space.

2340

msg = b"x"

2341

for i in range(1024 * 1024 * 4):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2342

try:

2343

client_socket.send(msg)

2344

except error as e:

2345

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

2351

2352

ctx = Context(TLSv1_METHOD)

2353

conn = Connection(ctx, client_socket)

2354

# Client's speak first, so make it an SSL client

2355

conn.set_connect_state()

2356

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2360

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2361

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2362

:py:obj:`Connection.get_finished` returns :py:obj:`None` before TLS

2363

handshake is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2364

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2365

ctx = Context(TLSv1_METHOD)

2366

connection = Connection(ctx, None)

2367

self.assertEqual(connection.get_finished(), None)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2368

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2369

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2370

def test_get_peer_finished_before_connect(self):

2371

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2372

:py:obj:`Connection.get_peer_finished` returns :py:obj:`None` before

2373

TLS handshake is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2374

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2375

ctx = Context(TLSv1_METHOD)

2376

connection = Connection(ctx, None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2377

self.assertEqual(connection.get_peer_finished(), None)

2378

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2379

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2380

def test_get_finished(self):

2381

"""

2382

:py:obj:`Connection.get_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2383

message send from client, or server. Finished messages are send during

2384

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2385

"""

2386

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2387

server, client = self._loopback()

2388

2389

self.assertNotEqual(server.get_finished(), None)

2390

self.assertTrue(len(server.get_finished()) > 0)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2391

Jean-Paul Calderone

d979f23

2014-03-30 11:58:00 -0400

[diff] [blame]

2392

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2393

def test_get_peer_finished(self):

2394

"""

2395

:py:obj:`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2396

message received from client, or server. Finished messages are send

2397

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2398

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2399

server, client = self._loopback()

2400

2401

self.assertNotEqual(server.get_peer_finished(), None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2402

self.assertTrue(len(server.get_peer_finished()) > 0)

2403

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2404

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2405

def test_tls_finished_message_symmetry(self):

2406

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2407

The TLS Finished message send by server must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2408

received by client.

2409

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2410

The TLS Finished message send by client must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2411

received by server.

2412

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2413

server, client = self._loopback()

2414

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2415

self.assertEqual(server.get_finished(), client.get_peer_finished())

2416

self.assertEqual(client.get_finished(), server.get_peer_finished())

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2417

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2418

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2419

def test_get_cipher_name_before_connect(self):

2420

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2421

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None` if no

2422

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2423

"""

2424

ctx = Context(TLSv1_METHOD)

2425

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2426

self.assertIdentical(conn.get_cipher_name(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2427

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2428

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2429

def test_get_cipher_name(self):

2430

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2431

:py:obj:`Connection.get_cipher_name` returns a :py:class:`unicode`

2432

string giving the name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2433

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2434

server, client = self._loopback()

2435

server_cipher_name, client_cipher_name = \

2436

server.get_cipher_name(), client.get_cipher_name()

2437

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2438

self.assertIsInstance(server_cipher_name, text_type)

2439

self.assertIsInstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2440

2441

self.assertEqual(server_cipher_name, client_cipher_name)

2442

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2443

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2444

def test_get_cipher_version_before_connect(self):

2445

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2446

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None` if no

2447

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2448

"""

2449

ctx = Context(TLSv1_METHOD)

2450

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2451

self.assertIdentical(conn.get_cipher_version(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2452

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2453

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2454

def test_get_cipher_version(self):

2455

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2456

:py:obj:`Connection.get_cipher_version` returns a :py:class:`unicode`

2457

string giving the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2458

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2459

server, client = self._loopback()

2460

server_cipher_version, client_cipher_version = \

2461

server.get_cipher_version(), client.get_cipher_version()

2462

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2463

self.assertIsInstance(server_cipher_version, text_type)

2464

self.assertIsInstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2465

2466

self.assertEqual(server_cipher_version, client_cipher_version)

2467

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2468

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2469

def test_get_cipher_bits_before_connect(self):

2470

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2471

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None` if no

2472

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2473

"""

2474

ctx = Context(TLSv1_METHOD)

2475

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2476

self.assertIdentical(conn.get_cipher_bits(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2477

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2478

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2479

def test_get_cipher_bits(self):

2480

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2481

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits

2482

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2483

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2484

server, client = self._loopback()

2485

server_cipher_bits, client_cipher_bits = \

2486

server.get_cipher_bits(), client.get_cipher_bits()

2487

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2488

self.assertIsInstance(server_cipher_bits, int)

2489

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2490

2491

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2492

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2493

2494

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2495

class ConnectionGetCipherListTests(TestCase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2496

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2497

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2498

"""

Jean-Paul Calderone

54a2bc0

2010-09-09 17:52:38 -0400

[diff] [blame]

2499

def test_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2500

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2501

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2502

arguments.

2503

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2504

connection = Connection(Context(TLSv1_METHOD), None)

2505

self.assertRaises(TypeError, connection.get_cipher_list, None)

2506

2507

2508

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2509

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2510

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2511

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2512

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2513

connection = Connection(Context(TLSv1_METHOD), None)

2514

ciphers = connection.get_cipher_list()

2515

self.assertTrue(isinstance(ciphers, list))

2516

for cipher in ciphers:

2517

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2521

class ConnectionSendTests(TestCase, _LoopbackMixin):

2522

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2523

Tests for :py:obj:`Connection.send`

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2524

"""

2525

def test_wrong_args(self):

2526

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2527

When called with arguments other than string argument for its first

2528

parameter or more than two arguments, :py:obj:`Connection.send` raises

2529

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2530

"""

2531

connection = Connection(Context(TLSv1_METHOD), None)

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2532

self.assertRaises(TypeError, connection.send)

2533

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2534

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2535

2536

2537

def test_short_bytes(self):

2538

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2539

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2540

and returns the number of bytes sent.

2541

"""

2542

server, client = self._loopback()

2543

count = server.send(b('xy'))

2544

self.assertEquals(count, 2)

2545

self.assertEquals(client.recv(2), b('xy'))

2546

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2547

2548

def test_text(self):

2549

"""

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

2550

When passed a text, :py:obj:`Connection.send` transmits all of it and

2551

returns the number of bytes sent. It also raises a DeprecationWarning.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2552

"""

2553

server, client = self._loopback()

2554

with catch_warnings(record=True) as w:

2555

simplefilter("always")

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

2556

count = server.send(b"xy".decode("ascii"))

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

2557

self.assertEqual(

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

2558

"{0} for buf is no longer accepted, use bytes".format(

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

2559

WARNING_TYPE_EXPECTED

),

str(w[-1].message)

)

self.assertIs(w[-1].category, DeprecationWarning)

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2564

self.assertEquals(count, 2)

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

2565

self.assertEquals(client.recv(2), b"xy")

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2566

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2571

else:

2572

def test_short_memoryview(self):

2573

"""

2574

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2575

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2576

bytes sent.

2577

"""

2578

server, client = self._loopback()

2579

count = server.send(memoryview(b('xy')))

2580

self.assertEquals(count, 2)

2581

self.assertEquals(client.recv(2), b('xy'))

2582

2583

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffer without buffer"

2588

else:

2589

def test_short_buffer(self):

2590

"""

2591

When passed a buffer containing a small number of bytes,

2592

:py:obj:`Connection.send` transmits all of them and returns the number of

2593

bytes sent.

2594

"""

2595

server, client = self._loopback()

2596

count = server.send(buffer(b('xy')))

2597

self.assertEquals(count, 2)

2598

self.assertEquals(client.recv(2), b('xy'))

2599

2600

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2601

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2602

def _make_memoryview(size):

2603

"""

2604

Create a new ``memoryview`` wrapped around a ``bytearray`` of the given

2605

size.

2606

"""

2607

return memoryview(bytearray(size))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2611

class ConnectionRecvIntoTests(TestCase, _LoopbackMixin):

2612

"""

2613

Tests for :py:obj:`Connection.recv_into`

2614

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2615

def _no_length_test(self, factory):

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2616

"""

2617

Assert that when the given buffer is passed to

2618

``Connection.recv_into``, whatever bytes are available to be received

2619

that fit into that buffer are written into that buffer.

2620

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2621

output_buffer = factory(5)

2622

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2623

server, client = self._loopback()

2624

server.send(b('xy'))

2625

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2626

self.assertEqual(client.recv_into(output_buffer), 2)

2627

self.assertEqual(output_buffer, bytearray(b('xy\x00\x00\x00')))

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2628

2629

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2630

def test_bytearray_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2631

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2632

:py:obj:`Connection.recv_into` can be passed a ``bytearray`` instance

2633

and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2634

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2635

self._no_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2636

2637

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2638

def _respects_length_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2639

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2640

Assert that when the given buffer is passed to ``Connection.recv_into``

2641

along with a value for ``nbytes`` that is less than the size of that

2642

buffer, only ``nbytes`` bytes are written into the buffer.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2643

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2644

output_buffer = factory(10)

2645

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2646

server, client = self._loopback()

2647

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2648

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2649

self.assertEqual(client.recv_into(output_buffer, 5), 5)

2650

self.assertEqual(

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2651

output_buffer, bytearray(b('abcde\x00\x00\x00\x00\x00'))

)

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2655

def test_bytearray_respects_length(self):

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2656

"""

2657

When called with a ``bytearray`` instance,

2658

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter and

2659

doesn't copy in more than that number of bytes.

2660

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2661

self._respects_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2662

2663

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2664

def _doesnt_overfill_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2665

"""

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2666

Assert that if there are more bytes available to be read from the

2667

receive buffer than would fit into the buffer passed to

2668

:py:obj:`Connection.recv_into`, only as many as fit are written into

2669

it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2670

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2671

output_buffer = factory(5)

2672

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2673

server, client = self._loopback()

2674

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2675

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2676

self.assertEqual(client.recv_into(output_buffer), 5)

2677

self.assertEqual(output_buffer, bytearray(b('abcde')))

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2678

rest = client.recv(5)

2679

self.assertEqual(b('fghij'), rest)

2680

2681

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2682

def test_bytearray_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2683

"""

2684

When called with a ``bytearray`` instance,

2685

:py:obj:`Connection.recv_into` respects the size of the array and

2686

doesn't write more bytes into it than will fit.

2687

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2688

self._doesnt_overfill_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2689

2690

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2691

def _really_doesnt_overfill_test(self, factory):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2692

"""

2693

Assert that if the value given by ``nbytes`` is greater than the actual

2694

size of the output buffer passed to :py:obj:`Connection.recv_into`, the

2695

behavior is as if no value was given for ``nbytes`` at all.

2696

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2697

output_buffer = factory(5)

2698

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2699

server, client = self._loopback()

2700

server.send(b('abcdefghij'))

2701

2702

self.assertEqual(client.recv_into(output_buffer, 50), 5)

2703

self.assertEqual(output_buffer, bytearray(b('abcde')))

2704

rest = client.recv(5)

2705

self.assertEqual(b('fghij'), rest)

2706

2707

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2708

def test_bytearray_really_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2709

"""

2710

When called with a ``bytearray`` instance and an ``nbytes`` value that

2711

is too large, :py:obj:`Connection.recv_into` respects the size of the

2712

array and not the ``nbytes`` value and doesn't write more bytes into

2713

the buffer than will fit.

2714

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2715

self._doesnt_overfill_test(bytearray)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2716

2717

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

try:

memoryview

except NameError:

"cannot test recv_into memoryview without memoryview"

2722

else:

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2723

def test_memoryview_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2724

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2725

:py:obj:`Connection.recv_into` can be passed a ``memoryview``

2726

instance and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2727

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2728

self._no_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2729

2730

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2731

def test_memoryview_respects_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2732

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2733

When called with a ``memoryview`` instance,

2734

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter

2735

and doesn't copy more than that number of bytes in.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2736

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2737

self._respects_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2738

2739

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2740

def test_memoryview_doesnt_overfill(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2741

"""

Jean-Paul Calderone

8fd8255

2015-03-15 17:21:07 -0400

[diff] [blame]

2742

When called with a ``memoryview`` instance,

2743

:py:obj:`Connection.recv_into` respects the size of the array and

2744

doesn't write more bytes into it than will fit.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2745

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2746

self._doesnt_overfill_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2747

2748

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2749

def test_memoryview_really_doesnt_overfill(self):

2750

"""

2751

When called with a ``memoryview`` instance and an ``nbytes`` value

2752

that is too large, :py:obj:`Connection.recv_into` respects the size

2753

of the array and not the ``nbytes`` value and doesn't write more

2754

bytes into the buffer than will fit.

2755

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2756

self._doesnt_overfill_test(_make_memoryview)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2757

2758

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2759

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2760

class ConnectionSendallTests(TestCase, _LoopbackMixin):

2761

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2762

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2763

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2764

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2765

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2766

When called with arguments other than a string argument for its first

2767

parameter or with more than two arguments, :py:obj:`Connection.sendall`

2768

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2769

"""

2770

connection = Connection(Context(TLSv1_METHOD), None)

2771

self.assertRaises(TypeError, connection.sendall)

2772

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2773

self.assertRaises(

2774

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2775

2776

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2777

def test_short(self):

2778

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2779

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2780

it.

2781

"""

2782

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

2783

server.sendall(b('x'))

2784

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2785

2786

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2787

def test_text(self):

2788

"""

Jean-Paul Calderone

9347742

2015-04-13 20:38:57 -0400

[diff] [blame^]

2789

:py:obj:`Connection.sendall` transmits all the content in the string

2790

passed to it raising a DeprecationWarning in case of this being a text.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2791

"""

2792

server, client = self._loopback()

2793

with catch_warnings(record=True) as w:

2794

simplefilter("always")

Jean-Paul Calderone

8dc37a1

2015-03-29 08:16:52 -0400

[diff] [blame]

2795

server.sendall(b"x".decode("ascii"))

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

2796

self.assertEqual(

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

2797

"{0} for buf is no longer accepted, use bytes".format(

Jean-Paul Calderone

2015-03-29 07:03:11 -0400

[diff] [blame]

2798

WARNING_TYPE_EXPECTED

),

str(w[-1].message)

)

self.assertIs(w[-1].category, DeprecationWarning)

2803

self.assertEquals(client.recv(1), b"x")

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2804

2805

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2810

else:

2811

def test_short_memoryview(self):

2812

"""

2813

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2814

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2815

"""

2816

server, client = self._loopback()

2817

server.sendall(memoryview(b('x')))

2818

self.assertEquals(client.recv(1), b('x'))

2819

2820

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffers without buffers"

2825

else:

2826

def test_short_buffers(self):

2827

"""

2828

When passed a buffer containing a small number of bytes,

2829

:py:obj:`Connection.sendall` transmits all of them.

2830

"""

2831

server, client = self._loopback()

2832

server.sendall(buffer(b('x')))

2833

self.assertEquals(client.recv(1), b('x'))

2834

2835

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2836

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2837

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2838

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2839

it even if this requires multiple calls of an underlying write function.

2840

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2841

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

2842

# Should be enough, underlying SSL_write should only do 16k at a time.

2843

# On Windows, after 32k of bytes the write will block (forever - because

2844

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

2845

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2846

server.sendall(message)

2847

accum = []

2848

received = 0

2849

while received < len(message):

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

2850

data = client.recv(1024)

2851

accum.append(data)

2852

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

2853

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2854

2855

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2856

def test_closed(self):

2857

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2858

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2859

write error from the low level write call.

2860

"""

2861

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

2862

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2863

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2864

if platform == "win32":

2865

self.assertEqual(exc.args[0], ESHUTDOWN)

2866

else:

2867

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2868

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2869

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2870

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2871

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

2872

"""

2873

Tests for SSL renegotiation APIs.

2874

"""

2875

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2876

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2877

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2878

arguments.

2879

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2880

connection = Connection(Context(TLSv1_METHOD), None)

2881

self.assertRaises(TypeError, connection.renegotiate, None)

2882

2883

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2884

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2885

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2886

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2887

any arguments.

2888

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2889

connection = Connection(Context(TLSv1_METHOD), None)

2890

self.assertRaises(TypeError, connection.total_renegotiations, None)

2891

2892

2893

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2894

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2895

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2896

renegotiations have happened.

2897

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2898

connection = Connection(Context(TLSv1_METHOD), None)

2899

self.assertEquals(connection.total_renegotiations(), 0)

2900

2901

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2902

# def test_renegotiate(self):

2903

# """

2904

# """

2905

# server, client = self._loopback()

2906

2907

# server.send("hello world")

2908

# self.assertEquals(client.recv(len("hello world")), "hello world")

2909

2910

# self.assertEquals(server.total_renegotiations(), 0)

2911

# self.assertTrue(server.renegotiate())

2912

2913

# server.setblocking(False)

2914

# client.setblocking(False)

2915

# while server.renegotiate_pending():

2916

# client.do_handshake()

2917

# server.do_handshake()

2918

2919

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2924

class ErrorTests(TestCase):

2925

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2926

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2927

"""

2928

def test_type(self):

2929

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2930

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2931

"""

2932

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2933

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2937

class ConstantsTests(TestCase):

2938

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2939

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2940

2941

These are values defined by OpenSSL intended only to be used as flags to

2942

OpenSSL APIs. The only assertions it seems can be made about them is

2943

their values.

2944

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2945

# unittest.TestCase has no skip mechanism

2946

if OP_NO_QUERY_MTU is not None:

2947

def test_op_no_query_mtu(self):

2948

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2949

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2950

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2951

"""

2952

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

2953

else:

2954

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2955

2956

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2957

if OP_COOKIE_EXCHANGE is not None:

2958

def test_op_cookie_exchange(self):

2959

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2960

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2961

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2962

"""

2963

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

2964

else:

2965

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2966

2967

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2968

if OP_NO_TICKET is not None:

2969

def test_op_no_ticket(self):

2970

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2971

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2972

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2973

"""

2974

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

2975

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2976

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

2977

2978

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2979

if OP_NO_COMPRESSION is not None:

2980

def test_op_no_compression(self):

2981

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2982

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

2983

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2984

"""

2985

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

2986

else:

2987

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

2988

2989

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2990

def test_sess_cache_off(self):

2991

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2992

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

2993

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2994

"""

2995

self.assertEqual(0x0, SESS_CACHE_OFF)

2996

2997

2998

def test_sess_cache_client(self):

2999

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3000

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

3001

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3002

"""

3003

self.assertEqual(0x1, SESS_CACHE_CLIENT)

3004

3005

3006

def test_sess_cache_server(self):

3007

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3008

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

3009

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3010

"""

3011

self.assertEqual(0x2, SESS_CACHE_SERVER)

3012

3013

3014

def test_sess_cache_both(self):

3015

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3016

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

3017

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3018

"""

3019

self.assertEqual(0x3, SESS_CACHE_BOTH)

3020

3021

3022

def test_sess_cache_no_auto_clear(self):

3023

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3024

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

3025

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

3026

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3027

"""

3028

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

3029

3030

3031

def test_sess_cache_no_internal_lookup(self):

3032

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3033

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

3034

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

3035

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3036

"""

3037

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

3038

3039

3040

def test_sess_cache_no_internal_store(self):

3041

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3042

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

3043

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

3044

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3045

"""

3046

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

3047

3048

3049

def test_sess_cache_no_internal(self):

3050

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3051

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

3052

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

3053

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3054

"""

3055

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

3056

3057

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

3058

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3059

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3060

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3061

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3062

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3063

def _server(self, sock):

3064

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3065

Create a new server-side SSL :py:obj:`Connection` object wrapped around

3066

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3067

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3068

# Create the server side Connection. This is mostly setup boilerplate

3069

# - use TLSv1, use a particular certificate, etc.

3070

server_ctx = Context(TLSv1_METHOD)

3071

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

3072

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

3073

server_store = server_ctx.get_cert_store()

3074

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

3075

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

3076

server_ctx.check_privatekey()

3077

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3078

# Here the Connection is actually created. If None is passed as the 2nd

3079

# parameter, it indicates a memory BIO should be created.

3080

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3081

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3085

def _client(self, sock):

3086

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3087

Create a new client-side SSL :py:obj:`Connection` object wrapped around

3088

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3089

"""

3090

# Now create the client side Connection. Similar boilerplate to the

3091

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3092

client_ctx = Context(TLSv1_METHOD)

3093

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

3094

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

3095

client_store = client_ctx.get_cert_store()

3096

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

3097

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

3098

client_ctx.check_privatekey()

3099

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3100

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3101

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3105

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3106

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3107

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3108

reading from the output of each and writing those bytes to the input of

3109

the other and in this way establish a connection and exchange

3110

application-level bytes with each other.

3111

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3112

server_conn = self._server(None)

3113

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3114

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3115

# There should be no key or nonces yet.

3116

self.assertIdentical(server_conn.master_key(), None)

3117

self.assertIdentical(server_conn.client_random(), None)

3118

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3119

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3120

# First, the handshake needs to happen. We'll deliver bytes back and

3121

# forth between the client and server until neither of them feels like

3122

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3123

self.assertIdentical(

3124

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3125

3126

# Now that the handshake is done, there should be a key and nonces.

3127

self.assertNotIdentical(server_conn.master_key(), None)

3128

self.assertNotIdentical(server_conn.client_random(), None)

3129

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

3130

self.assertEquals(server_conn.client_random(), client_conn.client_random())

3131

self.assertEquals(server_conn.server_random(), client_conn.server_random())

3132

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

3133

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3134

3135

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

3136

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3137

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3138

server_conn.write(important_message)

3139

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3140

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3141

(client_conn, important_message))

3142

3143

client_conn.write(important_message[::-1])

3144

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3145

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3146

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3147

3148

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3149

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3150

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3151

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3152

3153

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3154

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3155

this test fails, there must be a problem outside the memory BIO

3156

code, as no memory BIO is involved here). Even though this isn't a

3157

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3158

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

3159

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3160

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

3161

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3162

client_conn.send(important_message)

3163

msg = server_conn.recv(1024)

3164

self.assertEqual(msg, important_message)

3165

3166

# Again in the other direction, just for fun.

3167

important_message = important_message[::-1]

3168

server_conn.send(important_message)

3169

msg = client_conn.recv(1024)

3170

self.assertEqual(msg, important_message)

3171

3172

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

3173

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3174

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3175

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

3176

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3177

"""

3178

context = Context(SSLv3_METHOD)

3179

client = socket()

3180

clientSSL = Connection(context, client)

3181

self.assertRaises( TypeError, clientSSL.bio_read, 100)

3182

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

3183

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3184

3185

3186

def test_outgoingOverflow(self):

3187

"""

3188

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3189

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3190

returned and that many bytes from the beginning of the input can be

3191

read from the other end of the connection.

3192

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3193

server = self._server(None)

3194

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3195

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3196

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3197

3198

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

3199

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3200

# Sanity check. We're trying to test what happens when the entire

3201

# input can't be sent. If the entire input was sent, this test is

3202

# meaningless.

3203

self.assertTrue(sent < size)

3204

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3205

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3206

self.assertIdentical(receiver, server)

3207

3208

# We can rely on all of these bytes being received at once because

3209

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

3210

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3211

3212

3213

def test_shutdown(self):

3214

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3215

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

3216

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3217

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3218

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3219

server.bio_shutdown()

3220

e = self.assertRaises(Error, server.recv, 1024)

3221

# We don't want WantReadError or ZeroReturnError or anything - it's a

3222

# handshake failure.

3223

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3224

3225

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3226

def test_unexpectedEndOfFile(self):

3227

"""

3228

If the connection is lost before an orderly SSL shutdown occurs,

3229

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

3230

"Unexpected EOF".

3231

"""

3232

server_conn, client_conn = self._loopback()

3233

client_conn.sock_shutdown(SHUT_RDWR)

3234

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

3235

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

3236

3237

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3238

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3239

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3240

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3241

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

3242

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3243

before the client and server are connected to each other. This

3244

function should specify a list of CAs for the server to send to the

3245

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3246

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3247

times.

3248

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3249

server = self._server(None)

3250

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3251

self.assertEqual(client.get_client_ca_list(), [])

3252

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3253

ctx = server.get_context()

3254

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3255

self.assertEqual(client.get_client_ca_list(), [])

3256

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3257

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3258

self.assertEqual(client.get_client_ca_list(), expected)

3259

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3260

3261

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3262

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3263

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3264

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3265

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3266

"""

3267

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3268

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

3269

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

3270

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3271

3272

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3273

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3274

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3275

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3276

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3277

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3278

after the connection is set up.

3279

"""

3280

def no_ca(ctx):

3281

ctx.set_client_ca_list([])

3282

return []

3283

self._check_client_ca_list(no_ca)

3284

3285

3286

def test_set_one_ca_list(self):

3287

"""

3288

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3289

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3290

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3291

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3292

X509Name after the connection is set up.

3293

"""

3294

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3295

cadesc = cacert.get_subject()

3296

def single_ca(ctx):

3297

ctx.set_client_ca_list([cadesc])

3298

return [cadesc]

3299

self._check_client_ca_list(single_ca)

3300

3301

3302

def test_set_multiple_ca_list(self):

3303

"""

3304

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3305

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3306

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3307

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3308

X509Names after the connection is set up.

3309

"""

3310

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3311

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3312

3313

sedesc = secert.get_subject()

3314

cldesc = clcert.get_subject()

3315

3316

def multiple_ca(ctx):

3317

L = [sedesc, cldesc]

3318

ctx.set_client_ca_list(L)

3319

return L

3320

self._check_client_ca_list(multiple_ca)

3321

3322

3323

def test_reset_ca_list(self):

3324

"""

3325

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3326

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3327

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3328

"""

3329

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3330

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3331

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3332

3333

cadesc = cacert.get_subject()

3334

sedesc = secert.get_subject()

3335

cldesc = clcert.get_subject()

3336

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3337

def changed_ca(ctx):

3338

ctx.set_client_ca_list([sedesc, cldesc])

3339

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3340

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3341

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3342

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3343

3344

def test_mutated_ca_list(self):

3345

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3346

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3347

afterwards, this does not affect the list of CA names sent to the

3348

client.

3349

"""

3350

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3351

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3352

3353

cadesc = cacert.get_subject()

3354

sedesc = secert.get_subject()

3355

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3356

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3357

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3358

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3359

L.append(sedesc)

3360

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3361

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3362

3363

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3364

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3365

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3366

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3367

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3368

"""

3369

ctx = Context(TLSv1_METHOD)

3370

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3371

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3372

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3373

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3374

3375

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3376

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3377

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3378

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3379

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3380

"""

3381

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3382

cadesc = cacert.get_subject()

3383

def single_ca(ctx):

3384

ctx.add_client_ca(cacert)

3385

return [cadesc]

3386

self._check_client_ca_list(single_ca)

3387

3388

3389

def test_multiple_add_client_ca(self):

3390

"""

3391

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3392

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3393

"""

3394

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3395

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3396

3397

cadesc = cacert.get_subject()

3398

sedesc = secert.get_subject()

3399

3400

def multiple_ca(ctx):

3401

ctx.add_client_ca(cacert)

3402

ctx.add_client_ca(secert)

3403

return [cadesc, sedesc]

3404

self._check_client_ca_list(multiple_ca)

3405

3406

3407

def test_set_and_add_client_ca(self):

3408

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3409

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

3410

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3411

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3412

"""

3413

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3414

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3415

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3416

3417

cadesc = cacert.get_subject()

3418

sedesc = secert.get_subject()

3419

cldesc = clcert.get_subject()

3420

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3421

def mixed_set_add_ca(ctx):

3422

ctx.set_client_ca_list([cadesc, sedesc])

3423

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3424

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3425

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3426

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3427

3428

def test_set_after_add_client_ca(self):

3429

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3430

A call to :py:obj:`Context.set_client_ca_list` after a call to

3431

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3432

call with the names specified by the latter cal.

3433

"""

3434

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3435

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3436

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3437

3438

cadesc = cacert.get_subject()

3439

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3440

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3441

def set_replaces_add_ca(ctx):

3442

ctx.add_client_ca(clcert)

3443

ctx.set_client_ca_list([cadesc])

3444

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3445

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3446

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3447

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3448

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3449

3450

class ConnectionBIOTests(TestCase):

3451

"""

3452

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

3453

"""

3454

def test_wantReadError(self):

3455

"""

3456

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

3457

if there are no bytes available to be read from the BIO.

3458

"""

3459

ctx = Context(TLSv1_METHOD)

3460

conn = Connection(ctx, None)

3461

self.assertRaises(WantReadError, conn.bio_read, 1024)

3462

3463

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3464

def test_buffer_size(self):

3465

"""

3466

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

3467

number of bytes to read and return.

3468

"""

3469

ctx = Context(TLSv1_METHOD)

3470

conn = Connection(ctx, None)

3471

conn.set_connect_state()

3472

try:

3473

conn.do_handshake()

3474

except WantReadError:

3475

pass

3476

data = conn.bio_read(2)

3477

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

3482

"""

3483

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

3484

:py:obj:`long` as well as :py:obj:`int`.

3485

"""

3486

ctx = Context(TLSv1_METHOD)

3487

conn = Connection(ctx, None)

3488

conn.set_connect_state()

3489

try:

3490

conn.do_handshake()

3491

except WantReadError:

3492

pass

3493

data = conn.bio_read(long(2))

3494

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3498

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

3499

class InfoConstantTests(TestCase):

3500

"""

3501

Tests for assorted constants exposed for use in info callbacks.

3502

"""

3503

def test_integers(self):

3504

"""

3505

All of the info constants are integers.

3506

3507

This is a very weak test. It would be nice to have one that actually

3508

verifies that as certain info events happen, the value passed to the

3509

info callback matches up with the constant exposed by OpenSSL.SSL.

3510

"""

3511

for const in [

3512

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

3513

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

3514

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

3515

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

3516

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

3517

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

3518

3519

self.assertTrue(isinstance(const, int))

3520

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3521

Jean-Paul Calderone