Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

5

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

8

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

9

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

10

from sys import platform, version_info, getfilesystemencoding

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

11

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

12

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

13

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

14

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

15

from weakref import ref

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

16

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

17

from six import PY3, binary_type, text_type, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

18

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

19

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

20

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

21

from OpenSSL.crypto import dump_privatekey, load_privatekey

22

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

23

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

24

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

25

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

26

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

27

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

28

from OpenSSL.SSL import (

29

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

30

TLSv1_1_METHOD, TLSv1_2_METHOD)

31

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

32

from OpenSSL.SSL import (

33

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

34

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

35

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

36

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

37

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

38

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

39

40

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

41

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

42

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

43

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

44

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

45

from OpenSSL.test.util import NON_ASCII, TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

46

from OpenSSL.test.test_crypto import (

47

cleartextCertificatePEM, cleartextPrivateKeyPEM)

48

from OpenSSL.test.test_crypto import (

49

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

50

root_cert_pem)

51

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

52

try:

53

from OpenSSL.SSL import OP_NO_QUERY_MTU

54

except ImportError:

55

OP_NO_QUERY_MTU = None

56

try:

57

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

58

except ImportError:

59

OP_COOKIE_EXCHANGE = None

60

try:

61

from OpenSSL.SSL import OP_NO_TICKET

62

except ImportError:

63

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

64

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

65

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

66

from OpenSSL.SSL import OP_NO_COMPRESSION

67

except ImportError:

68

OP_NO_COMPRESSION = None

69

70

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

71

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

72

except ImportError:

73

MODE_RELEASE_BUFFERS = None

74

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

75

try:

76

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

77

except ImportError:

78

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

79

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

80

from OpenSSL.SSL import (

81

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

82

SSL_ST_OK, SSL_ST_RENEGOTIATE,

83

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

84

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

85

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

86

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

87

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

88

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

89

# to use)

90

dhparam = """\

91

-----BEGIN DH PARAMETERS-----

92

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

93

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

97

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

98

return ok

99

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

100

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

101

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

102

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

103

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

104

"""

105

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

111

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

112

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

113

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

114

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

115

# Let's pass some unencrypted data to make sure our socket connection is

116

# fine. Just one byte, so we don't have to worry about buffers getting

117

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

118

server.send(b("x"))

119

assert client.recv(1024) == b("x")

120

client.send(b("y"))

121

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

122

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

123

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

124

server.setblocking(False)

125

client.setblocking(False)

126

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

127

return (server, client)

128

129

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

130

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

131

def handshake(client, server):

132

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

143

def _create_certificate_chain():

144

"""

145

Construct and return a chain of certificates.

146

147

1. A new self-signed certificate authority certificate (cacert)

148

2. A new intermediate certificate signed by cacert (icert)

149

3. A new server certificate signed by icert (scert)

150

"""

151

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

156

cacert = X509()

157

cacert.get_subject().commonName = "Authority Certificate"

158

cacert.set_issuer(cacert.get_subject())

159

cacert.set_pubkey(cakey)

160

cacert.set_notBefore(b("20000101000000Z"))

161

cacert.set_notAfter(b("20200101000000Z"))

162

cacert.add_extensions([caext])

163

cacert.set_serial_number(0)

164

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

169

icert = X509()

170

icert.get_subject().commonName = "Intermediate Certificate"

171

icert.set_issuer(cacert.get_subject())

172

icert.set_pubkey(ikey)

173

icert.set_notBefore(b("20000101000000Z"))

174

icert.set_notAfter(b("20200101000000Z"))

175

icert.add_extensions([caext])

176

icert.set_serial_number(0)

177

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

182

scert = X509()

183

scert.get_subject().commonName = "Server Certificate"

184

scert.set_issuer(icert.get_subject())

185

scert.set_pubkey(skey)

186

scert.set_notBefore(b("20000101000000Z"))

187

scert.set_notAfter(b("20200101000000Z"))

188

scert.add_extensions([

189

X509Extension(b('basicConstraints'), True, b('CA:false'))])

190

scert.set_serial_number(0)

191

scert.sign(ikey, "sha1")

192

193

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

197

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

198

"""

199

Helper mixin which defines methods for creating a connected socket pair and

200

for forcing two connected SSL sockets to talk to each other via memory BIOs.

201

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

202

def _loopbackClientFactory(self, socket):

203

client = Connection(Context(TLSv1_METHOD), socket)

204

client.set_connect_state()

205

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

206

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

207

208

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

209

ctx = Context(TLSv1_METHOD)

210

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

211

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

212

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

213

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

218

if serverFactory is None:

219

serverFactory = self._loopbackServerFactory

220

if clientFactory is None:

221

clientFactory = self._loopbackClientFactory

222

223

(server, client) = socket_pair()

224

server = serverFactory(server)

225

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

226

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

227

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

228

229

server.setblocking(True)

230

client.setblocking(True)

231

return server, client

232

233

234

def _interactInMemory(self, client_conn, server_conn):

235

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

236

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

237

objects. Copy bytes back and forth between their send/receive buffers

238

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

239

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

240

some application bytes, return a two-tuple of the connection from which

241

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

246

wrote = False

247

248

# Copy stuff from each side's send buffer to the other side's

249

# receive buffer.

250

for (read, write) in [(client_conn, server_conn),

251

(server_conn, client_conn)]:

252

253

# Give the side a chance to generate some more bytes, or

254

# succeed.

255

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

256

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

257

except WantReadError:

258

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

263

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

264

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

265

266

while True:

267

# Keep copying as long as there's more stuff there.

268

try:

269

dirty = read.bio_read(4096)

270

except WantReadError:

271

# Okay, nothing more waiting to be sent. Stop

272

# processing this send buffer.

273

break

274

else:

275

# Keep track of the fact that someone generated some

276

# output.

277

wrote = True

278

write.bio_write(dirty)

279

280

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

281

def _handshakeInMemory(self, client_conn, server_conn):

Jean-Paul Calderone

b2b4078

2014-05-06 08:47:40 -0400

[diff] [blame]

282

"""

283

Perform the TLS handshake between two :py:class:`Connection` instances

284

connected to each other via memory BIOs.

285

"""

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

286

client_conn.set_connect_state()

287

server_conn.set_accept_state()

288

289

for conn in [client_conn, server_conn]:

290

try:

291

conn.do_handshake()

292

except WantReadError:

293

pass

294

295

self._interactInMemory(client_conn, server_conn)

296

297

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

298

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

299

class VersionTests(TestCase):

300

"""

301

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

302

:py:obj:`OpenSSL.SSL.SSLeay_version` and

303

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

304

"""

305

def test_OPENSSL_VERSION_NUMBER(self):

306

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

307

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

308

byte and the patch, fix, minor, and major versions in the

309

nibbles above that.

310

"""

311

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

312

313

314

def test_SSLeay_version(self):

315

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

316

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

317

one of a number of version strings based on that indicator.

318

"""

319

versions = {}

320

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

321

SSLEAY_PLATFORM, SSLEAY_DIR]:

322

version = SSLeay_version(t)

323

versions[version] = t

324

self.assertTrue(isinstance(version, bytes))

325

self.assertEqual(len(versions), 5)

326

327

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

328

329

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

330

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

331

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

332

"""

333

def test_method(self):

334

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

335

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

336

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

337

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

338

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

339

methods = [

340

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

341

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

342

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

343

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

344

345

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

350

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

351

# don't. Difficult to say in advance.

352

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

353

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

354

self.assertRaises(TypeError, Context, "")

355

self.assertRaises(ValueError, Context, 10)

356

357

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

358

if not PY3:

359

def test_method_long(self):

360

"""

361

On Python 2 :py:class:`Context` accepts values of type

362

:py:obj:`long` as well as :py:obj:`int`.

363

"""

364

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

368

def test_type(self):

369

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

370

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

371

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

372

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

373

self.assertIdentical(Context, ContextType)

374

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

375

376

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

377

def test_use_privatekey(self):

378

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

379

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

380

"""

381

key = PKey()

382

key.generate_key(TYPE_RSA, 128)

383

ctx = Context(TLSv1_METHOD)

384

ctx.use_privatekey(key)

385

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

386

387

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

388

def test_use_privatekey_file_missing(self):

389

"""

390

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

391

when passed the name of a file which does not exist.

392

"""

393

ctx = Context(TLSv1_METHOD)

394

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

395

396

Jean-Paul Calderone

69a4e5b

2015-04-12 10:04:28 -0400

[diff] [blame^]

397

def _use_privatekey_file_test(self, pemfile, filetype):

398

"""

399

Verify that calling ``Context.use_privatekey_file`` with the given

400

arguments does not raise an exception.

401

"""

402

key = PKey()

403

key.generate_key(TYPE_RSA, 128)

404

405

with open(pemfile, "wt") as pem:

406

pem.write(

407

dump_privatekey(FILETYPE_PEM, key).decode("ascii")

408

)

409

410

ctx = Context(TLSv1_METHOD)

411

ctx.use_privatekey_file(pemfile, filetype)

412

413

414

def test_use_privatekey_file_bytes(self):

415

"""

416

A private key can be specified from a file by passing a ``bytes``

417

instance giving the file name to ``Context.use_privatekey_file``.

418

"""

419

self._use_privatekey_file_test(

420

self.mktemp() + NON_ASCII.encode(getfilesystemencoding()),

FILETYPE_PEM,

)

def test_use_privatekey_file_unicode(self):

426

"""

427

A private key can be specified from a file by passing a ``unicode``

428

instance giving the file name to ``Context.use_privatekey_file``.

429

"""

430

self._use_privatekey_file_test(

431

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII,

FILETYPE_PEM,

)

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

436

if not PY3:

437

def test_use_privatekey_file_long(self):

438

"""

439

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

440

filetype of type :py:obj:`long` as well as :py:obj:`int`.

441

"""

Jean-Paul Calderone

69a4e5b

2015-04-12 10:04:28 -0400

[diff] [blame^]

442

self._use_privatekey_file_test(self.mktemp(), long(FILETYPE_PEM))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

443

444

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

445

def test_use_certificate_wrong_args(self):

446

"""

447

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

448

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

449

argument.

450

"""

451

ctx = Context(TLSv1_METHOD)

452

self.assertRaises(TypeError, ctx.use_certificate)

453

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

454

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

455

456

457

def test_use_certificate_uninitialized(self):

458

"""

459

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

460

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

461

initialized (ie, which does not actually have any certificate data).

462

"""

463

ctx = Context(TLSv1_METHOD)

464

self.assertRaises(Error, ctx.use_certificate, X509())

465

466

467

def test_use_certificate(self):

468

"""

469

:py:obj:`Context.use_certificate` sets the certificate which will be

470

used to identify connections created using the context.

471

"""

472

# TODO

473

# Hard to assert anything. But we could set a privatekey then ask

474

# OpenSSL if the cert and key agree using check_privatekey. Then as

475

# long as check_privatekey works right we're good...

476

ctx = Context(TLSv1_METHOD)

477

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

478

479

480

def test_use_certificate_file_wrong_args(self):

481

"""

482

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

483

called with zero arguments or more than two arguments, or if the first

484

argument is not a byte string or the second argumnent is not an integer.

485

"""

486

ctx = Context(TLSv1_METHOD)

487

self.assertRaises(TypeError, ctx.use_certificate_file)

488

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

489

self.assertRaises(

490

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

491

self.assertRaises(

492

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

493

self.assertRaises(

494

TypeError, ctx.use_certificate_file, b"somefile", object())

495

496

497

def test_use_certificate_file_missing(self):

498

"""

499

:py:obj:`Context.use_certificate_file` raises

500

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

501

exist.

502

"""

503

ctx = Context(TLSv1_METHOD)

504

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

505

506

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

507

def _use_certificate_file_test(self, certificate_file):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

508

"""

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

509

Verify that calling ``Context.use_certificate_file`` with the given

510

filename doesn't raise an exception.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

511

"""

512

# TODO

513

# Hard to assert anything. But we could set a privatekey then ask

514

# OpenSSL if the cert and key agree using check_privatekey. Then as

515

# long as check_privatekey works right we're good...

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

516

with open(certificate_file, "wb") as pem_file:

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

517

pem_file.write(cleartextCertificatePEM)

518

519

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

520

ctx.use_certificate_file(certificate_file)

521

522

523

def test_use_certificate_file_bytes(self):

524

"""

525

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

526

``bytes`` filename) which will be used to identify connections created

527

using the context.

528

"""

529

filename = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

530

self._use_certificate_file_test(filename)

531

532

533

def test_use_certificate_file_unicode(self):

534

"""

535

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

536

``bytes`` filename) which will be used to identify connections created

537

using the context.

538

"""

539

filename = self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

540

self._use_certificate_file_test(filename)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

541

542

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

543

if not PY3:

544

def test_use_certificate_file_long(self):

545

"""

546

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

547

filetype of type :py:obj:`long` as well as :py:obj:`int`.

548

"""

549

pem_filename = self.mktemp()

550

with open(pem_filename, "wb") as pem_file:

551

pem_file.write(cleartextCertificatePEM)

552

553

ctx = Context(TLSv1_METHOD)

554

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

555

556

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

557

def test_set_app_data_wrong_args(self):

558

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

559

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

560

one argument.

561

"""

562

context = Context(TLSv1_METHOD)

563

self.assertRaises(TypeError, context.set_app_data)

564

self.assertRaises(TypeError, context.set_app_data, None, None)

565

566

567

def test_get_app_data_wrong_args(self):

568

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

569

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

570

arguments.

571

"""

572

context = Context(TLSv1_METHOD)

573

self.assertRaises(TypeError, context.get_app_data, None)

574

575

576

def test_app_data(self):

577

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

578

:py:obj:`Context.set_app_data` stores an object for later retrieval using

579

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

580

"""

581

app_data = object()

582

context = Context(TLSv1_METHOD)

583

context.set_app_data(app_data)

584

self.assertIdentical(context.get_app_data(), app_data)

585

586

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

587

def test_set_options_wrong_args(self):

588

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

589

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

590

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

591

"""

592

context = Context(TLSv1_METHOD)

593

self.assertRaises(TypeError, context.set_options)

594

self.assertRaises(TypeError, context.set_options, None)

595

self.assertRaises(TypeError, context.set_options, 1, None)

596

597

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

598

def test_set_options(self):

599

"""

600

:py:obj:`Context.set_options` returns the new options value.

601

"""

602

context = Context(TLSv1_METHOD)

603

options = context.set_options(OP_NO_SSLv2)

604

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

609

"""

610

On Python 2 :py:obj:`Context.set_options` accepts values of type

611

:py:obj:`long` as well as :py:obj:`int`.

612

"""

613

context = Context(TLSv1_METHOD)

614

options = context.set_options(long(OP_NO_SSLv2))

615

self.assertTrue(OP_NO_SSLv2 & options)

616

617

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

618

def test_set_mode_wrong_args(self):

619

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

620

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

621

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

622

"""

623

context = Context(TLSv1_METHOD)

624

self.assertRaises(TypeError, context.set_mode)

625

self.assertRaises(TypeError, context.set_mode, None)

626

self.assertRaises(TypeError, context.set_mode, 1, None)

627

628

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

629

if MODE_RELEASE_BUFFERS is not None:

630

def test_set_mode(self):

631

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

632

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

633

set mode.

634

"""

635

context = Context(TLSv1_METHOD)

636

self.assertTrue(

637

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

638

639

if not PY3:

640

def test_set_mode_long(self):

641

"""

642

On Python 2 :py:obj:`Context.set_mode` accepts values of type

643

:py:obj:`long` as well as :py:obj:`int`.

644

"""

645

context = Context(TLSv1_METHOD)

646

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

647

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

648

else:

649

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

650

651

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

652

def test_set_timeout_wrong_args(self):

653

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

654

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

655

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

656

"""

657

context = Context(TLSv1_METHOD)

658

self.assertRaises(TypeError, context.set_timeout)

659

self.assertRaises(TypeError, context.set_timeout, None)

660

self.assertRaises(TypeError, context.set_timeout, 1, None)

661

662

663

def test_get_timeout_wrong_args(self):

664

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

665

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

666

"""

667

context = Context(TLSv1_METHOD)

668

self.assertRaises(TypeError, context.get_timeout, None)

669

670

671

def test_timeout(self):

672

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

673

:py:obj:`Context.set_timeout` sets the session timeout for all connections

674

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

675

value.

676

"""

677

context = Context(TLSv1_METHOD)

678

context.set_timeout(1234)

679

self.assertEquals(context.get_timeout(), 1234)

680

681

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

682

if not PY3:

683

def test_timeout_long(self):

684

"""

685

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

686

`long` as well as int.

687

"""

688

context = Context(TLSv1_METHOD)

689

context.set_timeout(long(1234))

690

self.assertEquals(context.get_timeout(), 1234)

691

692

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

693

def test_set_verify_depth_wrong_args(self):

694

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

695

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

696

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

697

"""

698

context = Context(TLSv1_METHOD)

699

self.assertRaises(TypeError, context.set_verify_depth)

700

self.assertRaises(TypeError, context.set_verify_depth, None)

701

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

702

703

704

def test_get_verify_depth_wrong_args(self):

705

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

706

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

707

"""

708

context = Context(TLSv1_METHOD)

709

self.assertRaises(TypeError, context.get_verify_depth, None)

710

711

712

def test_verify_depth(self):

713

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

714

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

715

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

716

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

717

"""

718

context = Context(TLSv1_METHOD)

719

context.set_verify_depth(11)

720

self.assertEquals(context.get_verify_depth(), 11)

721

722

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

723

if not PY3:

724

def test_verify_depth_long(self):

725

"""

726

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

727

type `long` as well as int.

728

"""

729

context = Context(TLSv1_METHOD)

730

context.set_verify_depth(long(11))

731

self.assertEquals(context.get_verify_depth(), 11)

732

733

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

734

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

735

"""

736

Write a new private key out to a new file, encrypted using the given

737

passphrase. Return the path to the new file.

738

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

739

key = PKey()

740

key.generate_key(TYPE_RSA, 128)

741

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

742

fObj = open(pemFile, 'w')

743

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

744

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

749

def test_set_passwd_cb_wrong_args(self):

750

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

751

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

752

wrong arguments or with a non-callable first argument.

753

"""

754

context = Context(TLSv1_METHOD)

755

self.assertRaises(TypeError, context.set_passwd_cb)

756

self.assertRaises(TypeError, context.set_passwd_cb, None)

757

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

758

759

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

760

def test_set_passwd_cb(self):

761

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

762

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

763

a private key is loaded from an encrypted PEM.

764

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

765

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

766

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

767

calledWith = []

768

def passphraseCallback(maxlen, verify, extra):

769

calledWith.append((maxlen, verify, extra))

770

return passphrase

771

context = Context(TLSv1_METHOD)

772

context.set_passwd_cb(passphraseCallback)

773

context.use_privatekey_file(pemFile)

774

self.assertTrue(len(calledWith), 1)

775

self.assertTrue(isinstance(calledWith[0][0], int))

776

self.assertTrue(isinstance(calledWith[0][1], int))

777

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

778

779

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

780

def test_passwd_callback_exception(self):

781

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

782

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

783

passphrase callback.

784

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

785

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

786

def passphraseCallback(maxlen, verify, extra):

787

raise RuntimeError("Sorry, I am a fail.")

788

789

context = Context(TLSv1_METHOD)

790

context.set_passwd_cb(passphraseCallback)

791

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

792

793

794

def test_passwd_callback_false(self):

795

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

796

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

797

passphrase callback returns a false value.

798

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

799

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

800

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

801

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

802

803

context = Context(TLSv1_METHOD)

804

context.set_passwd_cb(passphraseCallback)

805

self.assertRaises(Error, context.use_privatekey_file, pemFile)

806

807

808

def test_passwd_callback_non_string(self):

809

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

810

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

811

passphrase callback returns a true non-string value.

812

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

813

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

814

def passphraseCallback(maxlen, verify, extra):

815

return 10

816

817

context = Context(TLSv1_METHOD)

818

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

819

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

820

821

822

def test_passwd_callback_too_long(self):

823

"""

824

If the passphrase returned by the passphrase callback returns a string

825

longer than the indicated maximum length, it is truncated.

826

"""

827

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

828

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

829

pemFile = self._write_encrypted_pem(passphrase)

830

def passphraseCallback(maxlen, verify, extra):

831

assert maxlen == 1024

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

832

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

833

834

context = Context(TLSv1_METHOD)

835

context.set_passwd_cb(passphraseCallback)

836

# This shall succeed because the truncated result is the correct

837

# passphrase.

838

context.use_privatekey_file(pemFile)

839

840

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

841

def test_set_info_callback(self):

842

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

843

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

844

when certain information about an SSL connection is available.

845

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

846

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

847

848

clientSSL = Connection(Context(TLSv1_METHOD), client)

849

clientSSL.set_connect_state()

850

851

called = []

852

def info(conn, where, ret):

853

called.append((conn, where, ret))

854

context = Context(TLSv1_METHOD)

855

context.set_info_callback(info)

856

context.use_certificate(

857

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

858

context.use_privatekey(

859

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

860

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

861

serverSSL = Connection(context, server)

862

serverSSL.set_accept_state()

863

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

864

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

865

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

866

# The callback must always be called with a Connection instance as the

867

# first argument. It would probably be better to split this into

868

# separate tests for client and server side info callbacks so we could

869

# assert it is called with the right Connection instance. It would

870

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

871

notConnections = [

872

conn for (conn, where, ret) in called

873

if not isinstance(conn, Connection)]

874

self.assertEqual(

875

[], notConnections,

876

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

877

878

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

879

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

880

"""

881

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

882

its :py:obj:`load_verify_locations` method with the given arguments.

883

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

884

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

885

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

886

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

887

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

888

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

889

# Require that the server certificate verify properly or the

890

# connection will fail.

891

clientContext.set_verify(

892

VERIFY_PEER,

893

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

894

895

clientSSL = Connection(clientContext, client)

896

clientSSL.set_connect_state()

897

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

898

serverContext = Context(TLSv1_METHOD)

899

serverContext.use_certificate(

900

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

901

serverContext.use_privatekey(

902

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

903

904

serverSSL = Connection(serverContext, server)

905

serverSSL.set_accept_state()

906

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

907

# Without load_verify_locations above, the handshake

908

# will fail:

909

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

910

# 'certificate verify failed')]

911

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

912

913

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

914

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

915

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

916

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

917

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

918

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

919

Verify that if path to a file containing a certificate is passed to

920

``Context.load_verify_locations`` for the ``cafile`` parameter, that

921

certificate is used as a trust root for the purposes of verifying

922

connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

923

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

924

fObj = open(cafile, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

925

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

926

fObj.close()

927

928

self._load_verify_locations_test(cafile)

929

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

930

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

931

def test_load_verify_bytes_cafile(self):

932

"""

933

:py:obj:`Context.load_verify_locations` accepts a file name as a

934

``bytes`` instance and uses the certificates within for verification

935

purposes.

936

"""

937

cafile = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

938

self._load_verify_cafile(cafile)

939

940

941

def test_load_verify_unicode_cafile(self):

942

"""

943

:py:obj:`Context.load_verify_locations` accepts a file name as a

944

``unicode`` instance and uses the certificates within for verification

945

purposes.

946

"""

947

cafile = self.mktemp() + NON_ASCII

948

self._load_verify_cafile(cafile)

949

950

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

951

def test_load_verify_invalid_file(self):

952

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

953

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

954

non-existent cafile.

955

"""

956

clientContext = Context(TLSv1_METHOD)

957

self.assertRaises(

958

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

959

960

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

961

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

962

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

963

Verify that if path to a directory containing certificate files is

964

passed to ``Context.load_verify_locations`` for the ``capath``

965

parameter, those certificates are used as trust roots for the purposes

966

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

967

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

968

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

969

# Hash values computed manually with c_rehash to avoid depending on

970

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

971

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

972

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

973

cafile = join(capath, name)

974

fObj = open(cafile, 'w')

975

fObj.write(cleartextCertificatePEM.decode('ascii'))

976

fObj.close()

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

977

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

978

self._load_verify_locations_test(None, capath)

979

980

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

981

def test_load_verify_directory_bytes_capath(self):

982

"""

983

:py:obj:`Context.load_verify_locations` accepts a directory name as a

984

``bytes`` instance and uses the certificates within for verification

985

purposes.

986

"""

987

self._load_verify_directory_locations_capath(

988

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_load_verify_directory_unicode_capath(self):

993

"""

994

:py:obj:`Context.load_verify_locations` accepts a directory name as a

995

``unicode`` instance and uses the certificates within for verification

996

purposes.

997

"""

998

self._load_verify_directory_locations_capath(self.mktemp() + NON_ASCII)

999

1000

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1001

def test_load_verify_locations_wrong_args(self):

1002

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1003

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

1004

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1005

"""

1006

context = Context(TLSv1_METHOD)

1007

self.assertRaises(TypeError, context.load_verify_locations)

1008

self.assertRaises(TypeError, context.load_verify_locations, object())

1009

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

1010

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

1011

1012

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

1013

if platform == "win32":

1014

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1015

"See LP#404343 and LP#404344."

1016

else:

1017

def test_set_default_verify_paths(self):

1018

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1019

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1020

certificate locations to be used for verification purposes.

1021

"""

1022

# Testing this requires a server with a certificate signed by one of

1023

# the CAs in the platform CA location. Getting one of those costs

1024

# money. Fortunately (or unfortunately, depending on your

1025

# perspective), it's easy to think of a public server on the

1026

# internet which has such a certificate. Connecting to the network

1027

# in a unit test is bad, but it's the only way I can think of to

1028

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1029

Alex Gaynor

b586da3

2014-11-15 09:22:21 -0800

[diff] [blame]

1030

# Arg, verisign.com doesn't speak anything newer than TLS 1.0

1031

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1032

context.set_default_verify_paths()

1033

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

1034

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1035

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1036

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1037

client = socket()

1038

client.connect(('verisign.com', 443))

1039

clientSSL = Connection(context, client)

1040

clientSSL.set_connect_state()

1041

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1042

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1043

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1044

1045

1046

def test_set_default_verify_paths_signature(self):

1047

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1048

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

1049

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1050

"""

1051

context = Context(TLSv1_METHOD)

1052

self.assertRaises(TypeError, context.set_default_verify_paths, None)

1053

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

1054

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1055

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1056

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1057

def test_add_extra_chain_cert_invalid_cert(self):

1058

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1059

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1060

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1061

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1062

"""

1063

context = Context(TLSv1_METHOD)

1064

self.assertRaises(TypeError, context.add_extra_chain_cert)

1065

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

1066

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

1067

1068

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1069

def _handshake_test(self, serverContext, clientContext):

1070

"""

1071

Verify that a client and server created with the given contexts can

1072

successfully handshake and communicate.

1073

"""

1074

serverSocket, clientSocket = socket_pair()

1075

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1076

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1077

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1078

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1079

client = Connection(clientContext, clientSocket)

1080

client.set_connect_state()

1081

1082

# Make them talk to each other.

1083

# self._interactInMemory(client, server)

1084

for i in range(3):

1085

for s in [client, server]:

1086

try:

1087

s.do_handshake()

1088

except WantReadError:

pass

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1092

def test_set_verify_callback_connection_argument(self):

1093

"""

1094

The first argument passed to the verify callback is the

1095

:py:class:`Connection` instance for which verification is taking place.

1096

"""

1097

serverContext = Context(TLSv1_METHOD)

1098

serverContext.use_privatekey(

1099

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1100

serverContext.use_certificate(

1101

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1102

serverConnection = Connection(serverContext, None)

1103

1104

class VerifyCallback(object):

1105

def callback(self, connection, *args):

1106

self.connection = connection

1107

return 1

1108

1109

verify = VerifyCallback()

1110

clientContext = Context(TLSv1_METHOD)

1111

clientContext.set_verify(VERIFY_PEER, verify.callback)

1112

clientConnection = Connection(clientContext, None)

1113

clientConnection.set_connect_state()

1114

1115

self._handshakeInMemory(clientConnection, serverConnection)

1116

1117

self.assertIdentical(verify.connection, clientConnection)

1118

1119

Jean-Paul Calderone

7e166fe

2013-03-06 20:54:38 -0800

[diff] [blame]

1120

def test_set_verify_callback_exception(self):

1121

"""

1122

If the verify callback passed to :py:obj:`Context.set_verify` raises an

1123

exception, verification fails and the exception is propagated to the

1124

caller of :py:obj:`Connection.do_handshake`.

1125

"""

1126

serverContext = Context(TLSv1_METHOD)

1127

serverContext.use_privatekey(

1128

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1129

serverContext.use_certificate(

1130

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1131

1132

clientContext = Context(TLSv1_METHOD)

1133

def verify_callback(*args):

1134

raise Exception("silly verify failure")

1135

clientContext.set_verify(VERIFY_PEER, verify_callback)

1136

1137

exc = self.assertRaises(

1138

Exception, self._handshake_test, serverContext, clientContext)

1139

self.assertEqual("silly verify failure", str(exc))

1140

1141

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1142

def test_add_extra_chain_cert(self):

1143

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1144

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509` instance to add to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1145

the certificate chain.

1146

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1147

See :py:obj:`_create_certificate_chain` for the details of the certificate

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1148

chain tested.

1149

1150

The chain is tested by starting a server with scert and connecting

1151

to it with a client which trusts cacert and requires verification to

1152

succeed.

1153

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1154

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1155

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1156

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1157

# Dump the CA certificate to a file because that's the only way to load

1158

# it as a trusted CA in the client context.

1159

for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1160

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1161

fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1162

fObj.close()

1163

1164

for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1165

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1166

fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1167

fObj.close()

1168

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1169

# Create the server context

1170

serverContext = Context(TLSv1_METHOD)

1171

serverContext.use_privatekey(skey)

1172

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1173

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1174

serverContext.add_extra_chain_cert(icert)

1175

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1176

# Create the client

1177

clientContext = Context(TLSv1_METHOD)

1178

clientContext.set_verify(

1179

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1180

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1181

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1182

# Try it out.

1183

self._handshake_test(serverContext, clientContext)

1184

1185

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1186

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1187

"""

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1188

Verify that :py:obj:`Context.use_certificate_chain_file` reads a

1189

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1190

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1191

The chain is tested by starting a server with scert and connecting to

1192

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1193

succeed.

1194

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1195

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1196

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1197

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1198

makedirs(certdir)

1199

1200

if isinstance(certdir, binary_type):

1201

chainFile = join(certdir, b("chain.pem"))

1202

caFile = join(certdir, b("ca.pem"))

1203

else:

1204

chainFile = join(certdir, u"chain.pem")

1205

caFile = join(certdir, u"ca.pem")

1206

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1207

# Write out the chain file.

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1208

with open(chainFile, 'wb') as fObj:

1209

# Most specific to least general.

1210

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1211

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1212

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1213

1214

with open(caFile, 'w') as fObj:

1215

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1216

1217

serverContext = Context(TLSv1_METHOD)

1218

serverContext.use_certificate_chain_file(chainFile)

1219

serverContext.use_privatekey(skey)

1220

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1221

clientContext = Context(TLSv1_METHOD)

1222

clientContext.set_verify(

1223

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1224

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1225

1226

self._handshake_test(serverContext, clientContext)

1227

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1228

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1229

def test_use_certificate_chain_file_bytes(self):

1230

"""

1231

``Context.use_certificate_chain_file`` accepts the name of a file (as

1232

an instance of ``bytes``) to specify additional certificates to use to

1233

construct and verify a trust chain.

1234

"""

1235

self._use_certificate_chain_file_test(

1236

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_use_certificate_chain_file_unicode(self):

1241

"""

1242

``Context.use_certificate_chain_file`` accepts the name of a file (as

1243

an instance of ``unicode``) to specify additional certificates to use

1244

to construct and verify a trust chain.

1245

"""

1246

self._use_certificate_chain_file_test(

1247

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

)

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1251

def test_use_certificate_chain_file_wrong_args(self):

1252

"""

1253

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1254

if passed zero or more than one argument or when passed a non-byte

1255

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1256

passed a bad chain file name (for example, the name of a file which does

1257

not exist).

1258

"""

1259

context = Context(TLSv1_METHOD)

1260

self.assertRaises(TypeError, context.use_certificate_chain_file)

1261

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1262

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1263

1264

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1265

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1266

# XXX load_client_ca

1267

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1268

1269

def test_get_verify_mode_wrong_args(self):

1270

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1271

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1272

arguments.

1273

"""

1274

context = Context(TLSv1_METHOD)

1275

self.assertRaises(TypeError, context.get_verify_mode, None)

1276

1277

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1278

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1279

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1280

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1281

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1282

"""

1283

context = Context(TLSv1_METHOD)

1284

self.assertEquals(context.get_verify_mode(), 0)

1285

context.set_verify(

1286

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1287

self.assertEquals(

1288

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1289

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1290

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1291

if not PY3:

1292

def test_set_verify_mode_long(self):

1293

"""

1294

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1295

type :py:obj:`long` as well as :py:obj:`int`.

1296

"""

1297

context = Context(TLSv1_METHOD)

1298

self.assertEquals(context.get_verify_mode(), 0)

1299

context.set_verify(

1300

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1301

self.assertEquals(

1302

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1303

1304

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1305

def test_load_tmp_dh_wrong_args(self):

1306

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1307

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1308

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1309

"""

1310

context = Context(TLSv1_METHOD)

1311

self.assertRaises(TypeError, context.load_tmp_dh)

1312

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1313

self.assertRaises(TypeError, context.load_tmp_dh, object())

1314

1315

1316

def test_load_tmp_dh_missing_file(self):

1317

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1318

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1319

does not exist.

1320

"""

1321

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1322

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1323

1324

1325

def test_load_tmp_dh(self):

1326

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1327

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1328

specified file.

1329

"""

1330

context = Context(TLSv1_METHOD)

1331

dhfilename = self.mktemp()

1332

dhfile = open(dhfilename, "w")

1333

dhfile.write(dhparam)

1334

dhfile.close()

1335

context.load_tmp_dh(dhfilename)

1336

# XXX What should I assert here? -exarkun

1337

1338

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1339

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1340

"""

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1341

:py:obj:`Context.set_tmp_ecdh` sets the elliptic curve for

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1342

Diffie-Hellman to the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1343

"""

1344

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1345

for curve in get_elliptic_curves():

1346

# The only easily "assertable" thing is that it does not raise an

1347

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1348

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1349

1350

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1351

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1352

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1353

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1354

ciphers which connections created with the context object will be able

1355

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1356

"""

1357

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1358

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1359

conn = Connection(context, None)

1360

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1361

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1362

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1363

def test_set_cipher_list_text(self):

1364

"""

1365

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1366

the ciphers which connections created with the context object will be

1367

able to choose from.

1368

"""

1369

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1370

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1371

conn = Connection(context, None)

1372

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1373

1374

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1375

def test_set_cipher_list_wrong_args(self):

1376

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1377

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1378

passed zero arguments or more than one argument or when passed a

1379

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1380

passed an incorrect cipher list string.

1381

"""

1382

context = Context(TLSv1_METHOD)

1383

self.assertRaises(TypeError, context.set_cipher_list)

1384

self.assertRaises(TypeError, context.set_cipher_list, object())

1385

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1386

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1387

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1388

1389

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1390

def test_set_session_cache_mode_wrong_args(self):

1391

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1392

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1393

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1394

"""

1395

context = Context(TLSv1_METHOD)

1396

self.assertRaises(TypeError, context.set_session_cache_mode)

1397

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1398

1399

1400

def test_get_session_cache_mode_wrong_args(self):

1401

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1402

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1403

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1404

"""

1405

context = Context(TLSv1_METHOD)

1406

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1407

1408

1409

def test_session_cache_mode(self):

1410

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1411

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1412

cached. The setting can be retrieved via

1413

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1414

"""

1415

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1416

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1417

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1418

self.assertEqual(SESS_CACHE_OFF, off)

1419

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1420

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1421

if not PY3:

1422

def test_session_cache_mode_long(self):

1423

"""

1424

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1425

of type :py:obj:`long` as well as :py:obj:`int`.

1426

"""

1427

context = Context(TLSv1_METHOD)

1428

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1429

self.assertEqual(

1430

SESS_CACHE_BOTH, context.get_session_cache_mode())

1431

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1432

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1433

def test_get_cert_store(self):

1434

"""

1435

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1436

"""

1437

context = Context(TLSv1_METHOD)

1438

store = context.get_cert_store()

1439

self.assertIsInstance(store, X509Store)

1440

1441

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1442

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1443

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1444

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1445

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1446

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1447

"""

1448

def test_wrong_args(self):

1449

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1450

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1451

with other than one argument.

1452

"""

1453

context = Context(TLSv1_METHOD)

1454

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1455

self.assertRaises(

1456

TypeError, context.set_tlsext_servername_callback, 1, 2)

1457

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1458

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1459

def test_old_callback_forgotten(self):

1460

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1461

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1462

callback, the one it replaces is dereferenced.

1463

"""

1464

def callback(connection):

1465

pass

1466

1467

def replacement(connection):

1468

pass

1469

1470

context = Context(TLSv1_METHOD)

1471

context.set_tlsext_servername_callback(callback)

1472

1473

tracker = ref(callback)

1474

del callback

1475

1476

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1477

1478

# One run of the garbage collector happens to work on CPython. PyPy

1479

# doesn't collect the underlying object until a second run for whatever

1480

# reason. That's fine, it still demonstrates our code has properly

1481

# dropped the reference.

1482

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1483

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1484

1485

callback = tracker()

1486

if callback is not None:

1487

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1488

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1489

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1490

1491

1492

def test_no_servername(self):

1493

"""

1494

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1495

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1496

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1497

"""

1498

args = []

1499

def servername(conn):

1500

args.append((conn, conn.get_servername()))

1501

context = Context(TLSv1_METHOD)

1502

context.set_tlsext_servername_callback(servername)

1503

1504

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1510

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1511

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1512

1513

# Do a little connection to trigger the logic

1514

server = Connection(context, None)

1515

server.set_accept_state()

1516

1517

client = Connection(Context(TLSv1_METHOD), None)

1518

client.set_connect_state()

1519

1520

self._interactInMemory(server, client)

1521

1522

self.assertEqual([(server, None)], args)

1523

1524

1525

def test_servername(self):

1526

"""

1527

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1528

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1529

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1530

"""

1531

args = []

1532

def servername(conn):

1533

args.append((conn, conn.get_servername()))

1534

context = Context(TLSv1_METHOD)

1535

context.set_tlsext_servername_callback(servername)

1536

1537

# Necessary to actually accept the connection

1538

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1539

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1540

1541

# Do a little connection to trigger the logic

1542

server = Connection(context, None)

1543

server.set_accept_state()

1544

1545

client = Connection(Context(TLSv1_METHOD), None)

1546

client.set_connect_state()

1547

client.set_tlsext_host_name(b("foo1.example.com"))

1548

1549

self._interactInMemory(server, client)

1550

1551

self.assertEqual([(server, b("foo1.example.com"))], args)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

1555

class SessionTests(TestCase):

1556

"""

1557

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1558

"""

1559

def test_construction(self):

1560

"""

1561

:py:class:`Session` can be constructed with no arguments, creating a new

1562

instance of that type.

1563

"""

1564

new_session = Session()

1565

self.assertTrue(isinstance(new_session, Session))

1566

1567

1568

def test_construction_wrong_args(self):

1569

"""

1570

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

1571

is raised.

1572

"""

1573

self.assertRaises(TypeError, Session, 123)

1574

self.assertRaises(TypeError, Session, "hello")

1575

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1579

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1580

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1581

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1582

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1583

# XXX get_peer_certificate -> None

1584

# XXX sock_shutdown

1585

# XXX master_key -> TypeError

1586

# XXX server_random -> TypeError

1587

# XXX state_string

1588

# XXX connect -> TypeError

1589

# XXX connect_ex -> TypeError

1590

# XXX set_connect_state -> TypeError

1591

# XXX set_accept_state -> TypeError

1592

# XXX renegotiate_pending

1593

# XXX do_handshake -> TypeError

1594

# XXX bio_read -> TypeError

1595

# XXX recv -> TypeError

1596

# XXX send -> TypeError

1597

# XXX bio_write -> TypeError

1598

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1599

def test_type(self):

1600

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1601

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1602

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1603

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1604

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1605

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1606

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1607

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1608

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1609

def test_get_context(self):

1610

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1611

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

1612

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1613

"""

1614

context = Context(TLSv1_METHOD)

1615

connection = Connection(context, None)

1616

self.assertIdentical(connection.get_context(), context)

1617

1618

1619

def test_get_context_wrong_args(self):

1620

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1621

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1622

arguments.

1623

"""

1624

connection = Connection(Context(TLSv1_METHOD), None)

1625

self.assertRaises(TypeError, connection.get_context, None)

1626

1627

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1628

def test_set_context_wrong_args(self):

1629

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1630

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

1631

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1632

than 1.

1633

"""

1634

ctx = Context(TLSv1_METHOD)

1635

connection = Connection(ctx, None)

1636

self.assertRaises(TypeError, connection.set_context)

1637

self.assertRaises(TypeError, connection.set_context, object())

1638

self.assertRaises(TypeError, connection.set_context, "hello")

1639

self.assertRaises(TypeError, connection.set_context, 1)

1640

self.assertRaises(TypeError, connection.set_context, 1, 2)

1641

self.assertRaises(

1642

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

1643

self.assertIdentical(ctx, connection.get_context())

1644

1645

1646

def test_set_context(self):

1647

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1648

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1649

for the connection.

1650

"""

1651

original = Context(SSLv23_METHOD)

1652

replacement = Context(TLSv1_METHOD)

1653

connection = Connection(original, None)

1654

connection.set_context(replacement)

1655

self.assertIdentical(replacement, connection.get_context())

1656

# Lose our references to the contexts, just in case the Connection isn't

1657

# properly managing its own contributions to their reference counts.

1658

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

1663

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1664

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1665

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1666

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1667

"""

1668

conn = Connection(Context(TLSv1_METHOD), None)

1669

self.assertRaises(TypeError, conn.set_tlsext_host_name)

1670

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

1671

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

1672

self.assertRaises(

1673

TypeError, conn.set_tlsext_host_name, b("with\0null"))

1674

1675

if version_info >= (3,):

1676

# On Python 3.x, don't accidentally implicitly convert from text.

1677

self.assertRaises(

1678

TypeError,

1679

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1680

1681

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1682

def test_get_servername_wrong_args(self):

1683

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1684

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1685

arguments.

1686

"""

1687

connection = Connection(Context(TLSv1_METHOD), None)

1688

self.assertRaises(TypeError, connection.get_servername, object())

1689

self.assertRaises(TypeError, connection.get_servername, 1)

1690

self.assertRaises(TypeError, connection.get_servername, "hello")

1691

1692

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1693

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1694

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1695

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1696

immediate read.

1697

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1698

connection = Connection(Context(TLSv1_METHOD), None)

1699

self.assertEquals(connection.pending(), 0)

1700

1701

1702

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1703

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1704

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1705

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1706

connection = Connection(Context(TLSv1_METHOD), None)

1707

self.assertRaises(TypeError, connection.pending, None)

1708

1709

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1710

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1711

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1712

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1713

argument or with the wrong number of arguments.

1714

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1715

connection = Connection(Context(TLSv1_METHOD), socket())

1716

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1717

self.assertRaises(TypeError, connection.connect)

1718

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1719

1720

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1721

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1722

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1723

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1724

connect method raises it.

1725

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1726

client = socket()

1727

context = Context(TLSv1_METHOD)

1728

clientSSL = Connection(context, client)

1729

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

1730

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1731

1732

1733

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1734

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1735

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1736

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1742

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

1743

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1744

1745

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1746

if platform == "darwin":

1747

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

1748

else:

1749

def test_connect_ex(self):

1750

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1751

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1752

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1757

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1758

clientSSL = Connection(Context(TLSv1_METHOD), socket())

1759

clientSSL.setblocking(False)

1760

result = clientSSL.connect_ex(port.getsockname())

1761

expected = (EINPROGRESS, EWOULDBLOCK)

1762

self.assertTrue(

1763

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1764

1765

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1766

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1767

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1768

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1769

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1770

connection = Connection(Context(TLSv1_METHOD), socket())

1771

self.assertRaises(TypeError, connection.accept, None)

1772

1773

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1774

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1775

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1776

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

1777

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1778

connection originated from.

1779

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1780

ctx = Context(TLSv1_METHOD)

1781

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1782

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1783

port = socket()

1784

portSSL = Connection(ctx, port)

1785

portSSL.bind(('', 0))

1786

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1787

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1788

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1789

1790

# Calling portSSL.getsockname() here to get the server IP address sounds

1791

# great, but frequently fails on Windows.

1792

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1793

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1794

serverSSL, address = portSSL.accept()

1795

1796

self.assertTrue(isinstance(serverSSL, Connection))

1797

self.assertIdentical(serverSSL.get_context(), ctx)

1798

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1799

1800

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1801

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1802

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1803

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1804

number of arguments or with arguments other than integers.

1805

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1806

connection = Connection(Context(TLSv1_METHOD), None)

1807

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

1808

self.assertRaises(TypeError, connection.get_shutdown, None)

1809

self.assertRaises(TypeError, connection.set_shutdown)

1810

self.assertRaises(TypeError, connection.set_shutdown, None)

1811

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1812

1813

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1814

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1815

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1816

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1817

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1818

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1819

self.assertFalse(server.shutdown())

1820

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1821

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1822

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

1823

client.shutdown()

1824

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

1825

self.assertRaises(ZeroReturnError, server.recv, 1024)

1826

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1827

1828

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1829

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1830

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1831

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1832

process.

1833

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1834

connection = Connection(Context(TLSv1_METHOD), socket())

1835

connection.set_shutdown(RECEIVED_SHUTDOWN)

1836

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1837

1838

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

1839

if not PY3:

1840

def test_set_shutdown_long(self):

1841

"""

1842

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

1843

of type :py:obj:`long` as well as :py:obj:`int`.

1844

"""

1845

connection = Connection(Context(TLSv1_METHOD), socket())

1846

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

1847

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1848

1849

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1850

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1851

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1852

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

1853

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1854

with any arguments.

1855

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1856

conn = Connection(Context(TLSv1_METHOD), None)

1857

self.assertRaises(TypeError, conn.get_app_data, None)

1858

self.assertRaises(TypeError, conn.set_app_data)

1859

self.assertRaises(TypeError, conn.set_app_data, None, None)

1860

1861

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1862

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1863

"""

1864

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1865

:py:obj:`Connection.set_app_data` and later retrieved with

1866

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1867

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1868

conn = Connection(Context(TLSv1_METHOD), None)

1869

app_data = object()

1870

conn.set_app_data(app_data)

1871

self.assertIdentical(conn.get_app_data(), app_data)

1872

1873

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1874

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1875

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1876

:py:obj:`Connection.makefile` is not implemented and calling that method raises

1877

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1878

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1879

conn = Connection(Context(TLSv1_METHOD), None)

1880

self.assertRaises(NotImplementedError, conn.makefile)

1881

1882

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1883

def test_get_peer_cert_chain_wrong_args(self):

1884

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1885

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1886

arguments.

1887

"""

1888

conn = Connection(Context(TLSv1_METHOD), None)

1889

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

1890

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

1891

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

1892

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

1893

1894

1895

def test_get_peer_cert_chain(self):

1896

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1897

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1898

the connected server returned for the certification verification.

1899

"""

1900

chain = _create_certificate_chain()

1901

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1902

1903

serverContext = Context(TLSv1_METHOD)

1904

serverContext.use_privatekey(skey)

1905

serverContext.use_certificate(scert)

1906

serverContext.add_extra_chain_cert(icert)

1907

serverContext.add_extra_chain_cert(cacert)

1908

server = Connection(serverContext, None)

1909

server.set_accept_state()

1910

1911

# Create the client

1912

clientContext = Context(TLSv1_METHOD)

1913

clientContext.set_verify(VERIFY_NONE, verify_cb)

1914

client = Connection(clientContext, None)

1915

client.set_connect_state()

1916

1917

self._interactInMemory(client, server)

1918

1919

chain = client.get_peer_cert_chain()

1920

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1921

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1922

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1923

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1924

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1925

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1926

"Authority Certificate", chain[2].get_subject().CN)

1927

1928

1929

def test_get_peer_cert_chain_none(self):

1930

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1931

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1932

certificate chain.

1933

"""

1934

ctx = Context(TLSv1_METHOD)

1935

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1936

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1937

server = Connection(ctx, None)

1938

server.set_accept_state()

1939

client = Connection(Context(TLSv1_METHOD), None)

1940

client.set_connect_state()

1941

self._interactInMemory(client, server)

1942

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1943

1944

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1945

def test_get_session_wrong_args(self):

1946

"""

1947

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

1948

with any arguments.

1949

"""

1950

ctx = Context(TLSv1_METHOD)

1951

server = Connection(ctx, None)

1952

self.assertRaises(TypeError, server.get_session, 123)

1953

self.assertRaises(TypeError, server.get_session, "hello")

1954

self.assertRaises(TypeError, server.get_session, object())

1955

1956

1957

def test_get_session_unconnected(self):

1958

"""

1959

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

1960

an object which has not been connected.

1961

"""

1962

ctx = Context(TLSv1_METHOD)

1963

server = Connection(ctx, None)

1964

session = server.get_session()

1965

self.assertIdentical(None, session)

1966

1967

1968

def test_server_get_session(self):

1969

"""

1970

On the server side of a connection, :py:obj:`Connection.get_session`

1971

returns a :py:class:`Session` instance representing the SSL session for

1972

that connection.

1973

"""

1974

server, client = self._loopback()

1975

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1976

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1977

1978

1979

def test_client_get_session(self):

1980

"""

1981

On the client side of a connection, :py:obj:`Connection.get_session`

1982

returns a :py:class:`Session` instance representing the SSL session for

1983

that connection.

1984

"""

1985

server, client = self._loopback()

1986

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1987

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1988

1989

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

1990

def test_set_session_wrong_args(self):

1991

"""

1992

If called with an object that is not an instance of :py:class:`Session`,

1993

or with other than one argument, :py:obj:`Connection.set_session` raises

1994

:py:obj:`TypeError`.

1995

"""

1996

ctx = Context(TLSv1_METHOD)

1997

connection = Connection(ctx, None)

1998

self.assertRaises(TypeError, connection.set_session)

1999

self.assertRaises(TypeError, connection.set_session, 123)

2000

self.assertRaises(TypeError, connection.set_session, "hello")

2001

self.assertRaises(TypeError, connection.set_session, object())

2002

self.assertRaises(

2003

TypeError, connection.set_session, Session(), Session())

2004

2005

2006

def test_client_set_session(self):

2007

"""

2008

:py:obj:`Connection.set_session`, when used prior to a connection being

2009

established, accepts a :py:class:`Session` instance and causes an

2010

attempt to re-use the session it represents when the SSL handshake is

2011

performed.

2012

"""

2013

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2014

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2015

ctx = Context(TLSv1_METHOD)

2016

ctx.use_privatekey(key)

2017

ctx.use_certificate(cert)

2018

ctx.set_session_id("unity-test")

2019

2020

def makeServer(socket):

2021

server = Connection(ctx, socket)

2022

server.set_accept_state()

2023

return server

2024

2025

originalServer, originalClient = self._loopback(

2026

serverFactory=makeServer)

2027

originalSession = originalClient.get_session()

2028

2029

def makeClient(socket):

2030

client = self._loopbackClientFactory(socket)

2031

client.set_session(originalSession)

2032

return client

2033

resumedServer, resumedClient = self._loopback(

2034

serverFactory=makeServer,

2035

clientFactory=makeClient)

2036

2037

# This is a proxy: in general, we have no access to any unique

2038

# identifier for the session (new enough versions of OpenSSL expose a

2039

# hash which could be usable, but "new enough" is very, very new).

2040

# Instead, exploit the fact that the master key is re-used if the

2041

# session is re-used. As long as the master key for the two connections

2042

# is the same, the session was re-used!

2043

self.assertEqual(

2044

originalServer.master_key(), resumedServer.master_key())

2045

2046

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2047

def test_set_session_wrong_method(self):

2048

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

2049

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

2050

instance associated with a context using a different SSL method than the

2051

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

2052

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2053

"""

2054

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2055

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2056

ctx = Context(TLSv1_METHOD)

2057

ctx.use_privatekey(key)

2058

ctx.use_certificate(cert)

2059

ctx.set_session_id("unity-test")

2060

2061

def makeServer(socket):

2062

server = Connection(ctx, socket)

2063

server.set_accept_state()

2064

return server

2065

2066

originalServer, originalClient = self._loopback(

2067

serverFactory=makeServer)

2068

originalSession = originalClient.get_session()

2069

2070

def makeClient(socket):

2071

# Intentionally use a different, incompatible method here.

2072

client = Connection(Context(SSLv3_METHOD), socket)

2073

client.set_connect_state()

2074

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

2080

2081

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2082

def test_wantWriteError(self):

2083

"""

2084

:py:obj:`Connection` methods which generate output raise

2085

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

2086

fail indicating a should-write state.

2087

"""

2088

client_socket, server_socket = socket_pair()

2089

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2090

# anything. Only write a single byte at a time so we can be sure we

2091

# completely fill the buffer. Even though the socket API is allowed to

2092

# signal a short write via its return value it seems this doesn't

2093

# always happen on all platforms (FreeBSD and OS X particular) for the

2094

# very last bit of available buffer space.

2095

msg = b"x"

2096

for i in range(1024 * 1024 * 4):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2097

try:

2098

client_socket.send(msg)

2099

except error as e:

2100

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

2106

2107

ctx = Context(TLSv1_METHOD)

2108

conn = Connection(ctx, client_socket)

2109

# Client's speak first, so make it an SSL client

2110

conn.set_connect_state()

2111

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2115

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2116

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2117

:py:obj:`Connection.get_finished` returns :py:obj:`None` before TLS

2118

handshake is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2119

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2120

ctx = Context(TLSv1_METHOD)

2121

connection = Connection(ctx, None)

2122

self.assertEqual(connection.get_finished(), None)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2123

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2124

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2125

def test_get_peer_finished_before_connect(self):

2126

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2127

:py:obj:`Connection.get_peer_finished` returns :py:obj:`None` before

2128

TLS handshake is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2129

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2130

ctx = Context(TLSv1_METHOD)

2131

connection = Connection(ctx, None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2132

self.assertEqual(connection.get_peer_finished(), None)

2133

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2134

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2135

def test_get_finished(self):

2136

"""

2137

:py:obj:`Connection.get_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2138

message send from client, or server. Finished messages are send during

2139

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2140

"""

2141

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2142

server, client = self._loopback()

2143

2144

self.assertNotEqual(server.get_finished(), None)

2145

self.assertTrue(len(server.get_finished()) > 0)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2146

Jean-Paul Calderone

d979f23

2014-03-30 11:58:00 -0400

[diff] [blame]

2147

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2148

def test_get_peer_finished(self):

2149

"""

2150

:py:obj:`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2151

message received from client, or server. Finished messages are send

2152

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2153

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2154

server, client = self._loopback()

2155

2156

self.assertNotEqual(server.get_peer_finished(), None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2157

self.assertTrue(len(server.get_peer_finished()) > 0)

2158

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2159

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2160

def test_tls_finished_message_symmetry(self):

2161

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2162

The TLS Finished message send by server must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2163

received by client.

2164

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2165

The TLS Finished message send by client must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2166

received by server.

2167

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2168

server, client = self._loopback()

2169

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2170

self.assertEqual(server.get_finished(), client.get_peer_finished())

2171

self.assertEqual(client.get_finished(), server.get_peer_finished())

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2172

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2173

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2174

def test_get_cipher_name_before_connect(self):

2175

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2176

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None` if no

2177

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2178

"""

2179

ctx = Context(TLSv1_METHOD)

2180

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2181

self.assertIdentical(conn.get_cipher_name(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2182

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2183

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2184

def test_get_cipher_name(self):

2185

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2186

:py:obj:`Connection.get_cipher_name` returns a :py:class:`unicode`

2187

string giving the name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2188

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2189

server, client = self._loopback()

2190

server_cipher_name, client_cipher_name = \

2191

server.get_cipher_name(), client.get_cipher_name()

2192

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2193

self.assertIsInstance(server_cipher_name, text_type)

2194

self.assertIsInstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2195

2196

self.assertEqual(server_cipher_name, client_cipher_name)

2197

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2198

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2199

def test_get_cipher_version_before_connect(self):

2200

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2201

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None` if no

2202

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2203

"""

2204

ctx = Context(TLSv1_METHOD)

2205

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2206

self.assertIdentical(conn.get_cipher_version(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2207

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2208

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2209

def test_get_cipher_version(self):

2210

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2211

:py:obj:`Connection.get_cipher_version` returns a :py:class:`unicode`

2212

string giving the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2213

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2214

server, client = self._loopback()

2215

server_cipher_version, client_cipher_version = \

2216

server.get_cipher_version(), client.get_cipher_version()

2217

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2218

self.assertIsInstance(server_cipher_version, text_type)

2219

self.assertIsInstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2220

2221

self.assertEqual(server_cipher_version, client_cipher_version)

2222

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2223

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2224

def test_get_cipher_bits_before_connect(self):

2225

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2226

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None` if no

2227

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2228

"""

2229

ctx = Context(TLSv1_METHOD)

2230

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2231

self.assertIdentical(conn.get_cipher_bits(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2232

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2233

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2234

def test_get_cipher_bits(self):

2235

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2236

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits

2237

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2238

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2239

server, client = self._loopback()

2240

server_cipher_bits, client_cipher_bits = \

2241

server.get_cipher_bits(), client.get_cipher_bits()

2242

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2243

self.assertIsInstance(server_cipher_bits, int)

2244

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2245

2246

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2247

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2248

2249

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2250

class ConnectionGetCipherListTests(TestCase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2251

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2252

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2253

"""

Jean-Paul Calderone

54a2bc0

2010-09-09 17:52:38 -0400

[diff] [blame]

2254

def test_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2255

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2256

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2257

arguments.

2258

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2259

connection = Connection(Context(TLSv1_METHOD), None)

2260

self.assertRaises(TypeError, connection.get_cipher_list, None)

2261

2262

2263

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2264

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2265

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2266

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2267

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2268

connection = Connection(Context(TLSv1_METHOD), None)

2269

ciphers = connection.get_cipher_list()

2270

self.assertTrue(isinstance(ciphers, list))

2271

for cipher in ciphers:

2272

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2276

class ConnectionSendTests(TestCase, _LoopbackMixin):

2277

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2278

Tests for :py:obj:`Connection.send`

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2279

"""

2280

def test_wrong_args(self):

2281

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2282

When called with arguments other than string argument for its first

2283

parameter or more than two arguments, :py:obj:`Connection.send` raises

2284

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2285

"""

2286

connection = Connection(Context(TLSv1_METHOD), None)

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2287

self.assertRaises(TypeError, connection.send)

2288

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2289

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2290

2291

2292

def test_short_bytes(self):

2293

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2294

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2295

and returns the number of bytes sent.

2296

"""

2297

server, client = self._loopback()

2298

count = server.send(b('xy'))

2299

self.assertEquals(count, 2)

2300

self.assertEquals(client.recv(2), b('xy'))

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2306

else:

2307

def test_short_memoryview(self):

2308

"""

2309

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2310

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2311

bytes sent.

2312

"""

2313

server, client = self._loopback()

2314

count = server.send(memoryview(b('xy')))

2315

self.assertEquals(count, 2)

2316

self.assertEquals(client.recv(2), b('xy'))

2317

2318

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffer without buffer"

2323

else:

2324

def test_short_buffer(self):

2325

"""

2326

When passed a buffer containing a small number of bytes,

2327

:py:obj:`Connection.send` transmits all of them and returns the number of

2328

bytes sent.

2329

"""

2330

server, client = self._loopback()

2331

count = server.send(buffer(b('xy')))

2332

self.assertEquals(count, 2)

2333

self.assertEquals(client.recv(2), b('xy'))

2334

2335

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2336

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2337

class ConnectionSendallTests(TestCase, _LoopbackMixin):

2338

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2339

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2340

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2341

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2342

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2343

When called with arguments other than a string argument for its first

2344

parameter or with more than two arguments, :py:obj:`Connection.sendall`

2345

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2346

"""

2347

connection = Connection(Context(TLSv1_METHOD), None)

2348

self.assertRaises(TypeError, connection.sendall)

2349

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2350

self.assertRaises(

2351

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2352

2353

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2354

def test_short(self):

2355

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2356

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2357

it.

2358

"""

2359

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

2360

server.sendall(b('x'))

2361

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2362

2363

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2368

else:

2369

def test_short_memoryview(self):

2370

"""

2371

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2372

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2373

"""

2374

server, client = self._loopback()

2375

server.sendall(memoryview(b('x')))

2376

self.assertEquals(client.recv(1), b('x'))

2377

2378

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffers without buffers"

2383

else:

2384

def test_short_buffers(self):

2385

"""

2386

When passed a buffer containing a small number of bytes,

2387

:py:obj:`Connection.sendall` transmits all of them.

2388

"""

2389

server, client = self._loopback()

2390

server.sendall(buffer(b('x')))

2391

self.assertEquals(client.recv(1), b('x'))

2392

2393

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2394

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2395

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2396

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2397

it even if this requires multiple calls of an underlying write function.

2398

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2399

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

2400

# Should be enough, underlying SSL_write should only do 16k at a time.

2401

# On Windows, after 32k of bytes the write will block (forever - because

2402

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

2403

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2404

server.sendall(message)

2405

accum = []

2406

received = 0

2407

while received < len(message):

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

2408

data = client.recv(1024)

2409

accum.append(data)

2410

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

2411

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2412

2413

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2414

def test_closed(self):

2415

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2416

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2417

write error from the low level write call.

2418

"""

2419

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

2420

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2421

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2422

if platform == "win32":

2423

self.assertEqual(exc.args[0], ESHUTDOWN)

2424

else:

2425

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2426

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2427

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2428

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2429

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

2430

"""

2431

Tests for SSL renegotiation APIs.

2432

"""

2433

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2434

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2435

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2436

arguments.

2437

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2438

connection = Connection(Context(TLSv1_METHOD), None)

2439

self.assertRaises(TypeError, connection.renegotiate, None)

2440

2441

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2442

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2443

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2444

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2445

any arguments.

2446

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2447

connection = Connection(Context(TLSv1_METHOD), None)

2448

self.assertRaises(TypeError, connection.total_renegotiations, None)

2449

2450

2451

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2452

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2453

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2454

renegotiations have happened.

2455

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2456

connection = Connection(Context(TLSv1_METHOD), None)

2457

self.assertEquals(connection.total_renegotiations(), 0)

2458

2459

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2460

# def test_renegotiate(self):

2461

# """

2462

# """

2463

# server, client = self._loopback()

2464

2465

# server.send("hello world")

2466

# self.assertEquals(client.recv(len("hello world")), "hello world")

2467

2468

# self.assertEquals(server.total_renegotiations(), 0)

2469

# self.assertTrue(server.renegotiate())

2470

2471

# server.setblocking(False)

2472

# client.setblocking(False)

2473

# while server.renegotiate_pending():

2474

# client.do_handshake()

2475

# server.do_handshake()

2476

2477

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2482

class ErrorTests(TestCase):

2483

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2484

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2485

"""

2486

def test_type(self):

2487

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2488

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2489

"""

2490

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2491

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2495

class ConstantsTests(TestCase):

2496

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2497

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2498

2499

These are values defined by OpenSSL intended only to be used as flags to

2500

OpenSSL APIs. The only assertions it seems can be made about them is

2501

their values.

2502

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2503

# unittest.TestCase has no skip mechanism

2504

if OP_NO_QUERY_MTU is not None:

2505

def test_op_no_query_mtu(self):

2506

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2507

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2508

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2509

"""

2510

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

2511

else:

2512

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2513

2514

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2515

if OP_COOKIE_EXCHANGE is not None:

2516

def test_op_cookie_exchange(self):

2517

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2518

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2519

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2520

"""

2521

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

2522

else:

2523

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2524

2525

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2526

if OP_NO_TICKET is not None:

2527

def test_op_no_ticket(self):

2528

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2529

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2530

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2531

"""

2532

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

2533

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2534

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

2535

2536

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2537

if OP_NO_COMPRESSION is not None:

2538

def test_op_no_compression(self):

2539

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2540

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

2541

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2542

"""

2543

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

2544

else:

2545

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

2546

2547

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2548

def test_sess_cache_off(self):

2549

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2550

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

2551

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2552

"""

2553

self.assertEqual(0x0, SESS_CACHE_OFF)

2554

2555

2556

def test_sess_cache_client(self):

2557

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2558

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

2559

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2560

"""

2561

self.assertEqual(0x1, SESS_CACHE_CLIENT)

2562

2563

2564

def test_sess_cache_server(self):

2565

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2566

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

2567

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2568

"""

2569

self.assertEqual(0x2, SESS_CACHE_SERVER)

2570

2571

2572

def test_sess_cache_both(self):

2573

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2574

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

2575

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2576

"""

2577

self.assertEqual(0x3, SESS_CACHE_BOTH)

2578

2579

2580

def test_sess_cache_no_auto_clear(self):

2581

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2582

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

2583

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

2584

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2585

"""

2586

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

2587

2588

2589

def test_sess_cache_no_internal_lookup(self):

2590

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2591

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

2592

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

2593

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2594

"""

2595

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

2596

2597

2598

def test_sess_cache_no_internal_store(self):

2599

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2600

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

2601

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

2602

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2603

"""

2604

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

2605

2606

2607

def test_sess_cache_no_internal(self):

2608

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2609

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

2610

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

2611

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2612

"""

2613

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

2614

2615

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

2616

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2617

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2618

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2619

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2620

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2621

def _server(self, sock):

2622

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2623

Create a new server-side SSL :py:obj:`Connection` object wrapped around

2624

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2625

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2626

# Create the server side Connection. This is mostly setup boilerplate

2627

# - use TLSv1, use a particular certificate, etc.

2628

server_ctx = Context(TLSv1_METHOD)

2629

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2630

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2631

server_store = server_ctx.get_cert_store()

2632

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2633

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2634

server_ctx.check_privatekey()

2635

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2636

# Here the Connection is actually created. If None is passed as the 2nd

2637

# parameter, it indicates a memory BIO should be created.

2638

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2639

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2643

def _client(self, sock):

2644

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2645

Create a new client-side SSL :py:obj:`Connection` object wrapped around

2646

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2647

"""

2648

# Now create the client side Connection. Similar boilerplate to the

2649

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2650

client_ctx = Context(TLSv1_METHOD)

2651

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2652

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2653

client_store = client_ctx.get_cert_store()

2654

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

2655

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

2656

client_ctx.check_privatekey()

2657

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2658

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2659

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2663

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2664

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2665

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2666

reading from the output of each and writing those bytes to the input of

2667

the other and in this way establish a connection and exchange

2668

application-level bytes with each other.

2669

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2670

server_conn = self._server(None)

2671

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2672

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2673

# There should be no key or nonces yet.

2674

self.assertIdentical(server_conn.master_key(), None)

2675

self.assertIdentical(server_conn.client_random(), None)

2676

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2677

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2678

# First, the handshake needs to happen. We'll deliver bytes back and

2679

# forth between the client and server until neither of them feels like

2680

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2681

self.assertIdentical(

2682

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2683

2684

# Now that the handshake is done, there should be a key and nonces.

2685

self.assertNotIdentical(server_conn.master_key(), None)

2686

self.assertNotIdentical(server_conn.client_random(), None)

2687

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

2688

self.assertEquals(server_conn.client_random(), client_conn.client_random())

2689

self.assertEquals(server_conn.server_random(), client_conn.server_random())

2690

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

2691

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2692

2693

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2694

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2695

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2696

server_conn.write(important_message)

2697

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2698

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2699

(client_conn, important_message))

2700

2701

client_conn.write(important_message[::-1])

2702

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2703

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2704

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2705

2706

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2707

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2708

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2709

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2710

2711

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2712

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2713

this test fails, there must be a problem outside the memory BIO

2714

code, as no memory BIO is involved here). Even though this isn't a

2715

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2716

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

2717

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2718

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2719

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2720

client_conn.send(important_message)

2721

msg = server_conn.recv(1024)

2722

self.assertEqual(msg, important_message)

2723

2724

# Again in the other direction, just for fun.

2725

important_message = important_message[::-1]

2726

server_conn.send(important_message)

2727

msg = client_conn.recv(1024)

2728

self.assertEqual(msg, important_message)

2729

2730

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

2731

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2732

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2733

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

2734

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2735

"""

2736

context = Context(SSLv3_METHOD)

2737

client = socket()

2738

clientSSL = Connection(context, client)

2739

self.assertRaises( TypeError, clientSSL.bio_read, 100)

2740

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

2741

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2742

2743

2744

def test_outgoingOverflow(self):

2745

"""

2746

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2747

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2748

returned and that many bytes from the beginning of the input can be

2749

read from the other end of the connection.

2750

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2751

server = self._server(None)

2752

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2753

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2754

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2755

2756

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2757

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2758

# Sanity check. We're trying to test what happens when the entire

2759

# input can't be sent. If the entire input was sent, this test is

2760

# meaningless.

2761

self.assertTrue(sent < size)

2762

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2763

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2764

self.assertIdentical(receiver, server)

2765

2766

# We can rely on all of these bytes being received at once because

2767

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

2768

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2769

2770

2771

def test_shutdown(self):

2772

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2773

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

2774

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2775

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2776

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2777

server.bio_shutdown()

2778

e = self.assertRaises(Error, server.recv, 1024)

2779

# We don't want WantReadError or ZeroReturnError or anything - it's a

2780

# handshake failure.

2781

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2782

2783

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2784

def test_unexpectedEndOfFile(self):

2785

"""

2786

If the connection is lost before an orderly SSL shutdown occurs,

2787

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

2788

"Unexpected EOF".

2789

"""

2790

server_conn, client_conn = self._loopback()

2791

client_conn.sock_shutdown(SHUT_RDWR)

2792

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

2793

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

2794

2795

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2796

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2797

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2798

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2799

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

2800

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2801

before the client and server are connected to each other. This

2802

function should specify a list of CAs for the server to send to the

2803

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2804

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2805

times.

2806

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2807

server = self._server(None)

2808

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2809

self.assertEqual(client.get_client_ca_list(), [])

2810

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2811

ctx = server.get_context()

2812

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2813

self.assertEqual(client.get_client_ca_list(), [])

2814

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2815

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2816

self.assertEqual(client.get_client_ca_list(), expected)

2817

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2818

2819

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2820

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2821

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2822

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2823

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2824

"""

2825

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2826

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

2827

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

2828

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2829

2830

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2831

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2832

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2833

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2834

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2835

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2836

after the connection is set up.

2837

"""

2838

def no_ca(ctx):

2839

ctx.set_client_ca_list([])

2840

return []

2841

self._check_client_ca_list(no_ca)

2842

2843

2844

def test_set_one_ca_list(self):

2845

"""

2846

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2847

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2848

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2849

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2850

X509Name after the connection is set up.

2851

"""

2852

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2853

cadesc = cacert.get_subject()

2854

def single_ca(ctx):

2855

ctx.set_client_ca_list([cadesc])

2856

return [cadesc]

2857

self._check_client_ca_list(single_ca)

2858

2859

2860

def test_set_multiple_ca_list(self):

2861

"""

2862

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2863

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2864

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2865

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2866

X509Names after the connection is set up.

2867

"""

2868

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2869

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2870

2871

sedesc = secert.get_subject()

2872

cldesc = clcert.get_subject()

2873

2874

def multiple_ca(ctx):

2875

L = [sedesc, cldesc]

2876

ctx.set_client_ca_list(L)

2877

return L

2878

self._check_client_ca_list(multiple_ca)

2879

2880

2881

def test_reset_ca_list(self):

2882

"""

2883

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2884

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2885

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2886

"""

2887

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2888

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2889

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2890

2891

cadesc = cacert.get_subject()

2892

sedesc = secert.get_subject()

2893

cldesc = clcert.get_subject()

2894

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2895

def changed_ca(ctx):

2896

ctx.set_client_ca_list([sedesc, cldesc])

2897

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2898

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2899

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2900

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2901

2902

def test_mutated_ca_list(self):

2903

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2904

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2905

afterwards, this does not affect the list of CA names sent to the

2906

client.

2907

"""

2908

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2909

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2910

2911

cadesc = cacert.get_subject()

2912

sedesc = secert.get_subject()

2913

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2914

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2915

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2916

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2917

L.append(sedesc)

2918

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2919

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2920

2921

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2922

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2923

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2924

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2925

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2926

"""

2927

ctx = Context(TLSv1_METHOD)

2928

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2929

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2930

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2931

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2932

2933

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2934

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2935

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2936

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2937

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2938

"""

2939

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2940

cadesc = cacert.get_subject()

2941

def single_ca(ctx):

2942

ctx.add_client_ca(cacert)

2943

return [cadesc]

2944

self._check_client_ca_list(single_ca)

2945

2946

2947

def test_multiple_add_client_ca(self):

2948

"""

2949

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2950

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2951

"""

2952

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2953

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2954

2955

cadesc = cacert.get_subject()

2956

sedesc = secert.get_subject()

2957

2958

def multiple_ca(ctx):

2959

ctx.add_client_ca(cacert)

2960

ctx.add_client_ca(secert)

2961

return [cadesc, sedesc]

2962

self._check_client_ca_list(multiple_ca)

2963

2964

2965

def test_set_and_add_client_ca(self):

2966

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2967

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

2968

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2969

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2970

"""

2971

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2972

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2973

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2974

2975

cadesc = cacert.get_subject()

2976

sedesc = secert.get_subject()

2977

cldesc = clcert.get_subject()

2978

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2979

def mixed_set_add_ca(ctx):

2980

ctx.set_client_ca_list([cadesc, sedesc])

2981

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2982

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2983

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2984

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2985

2986

def test_set_after_add_client_ca(self):

2987

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2988

A call to :py:obj:`Context.set_client_ca_list` after a call to

2989

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2990

call with the names specified by the latter cal.

2991

"""

2992

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2993

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2994

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2995

2996

cadesc = cacert.get_subject()

2997

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2998

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2999

def set_replaces_add_ca(ctx):

3000

ctx.add_client_ca(clcert)

3001

ctx.set_client_ca_list([cadesc])

3002

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3003

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3004

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3005

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3006

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3007

3008

class ConnectionBIOTests(TestCase):

3009

"""

3010

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

3011

"""

3012

def test_wantReadError(self):

3013

"""

3014

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

3015

if there are no bytes available to be read from the BIO.

3016

"""

3017

ctx = Context(TLSv1_METHOD)

3018

conn = Connection(ctx, None)

3019

self.assertRaises(WantReadError, conn.bio_read, 1024)

3020

3021

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3022

def test_buffer_size(self):

3023

"""

3024

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

3025

number of bytes to read and return.

3026

"""

3027

ctx = Context(TLSv1_METHOD)

3028

conn = Connection(ctx, None)

3029

conn.set_connect_state()

3030

try:

3031

conn.do_handshake()

3032

except WantReadError:

3033

pass

3034

data = conn.bio_read(2)

3035

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

3040

"""

3041

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

3042

:py:obj:`long` as well as :py:obj:`int`.

3043

"""

3044

ctx = Context(TLSv1_METHOD)

3045

conn = Connection(ctx, None)

3046

conn.set_connect_state()

3047

try:

3048

conn.do_handshake()

3049

except WantReadError:

3050

pass

3051

data = conn.bio_read(long(2))

3052

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3056

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

3057

class InfoConstantTests(TestCase):

3058

"""

3059

Tests for assorted constants exposed for use in info callbacks.

3060

"""

3061

def test_integers(self):

3062

"""

3063

All of the info constants are integers.

3064

3065

This is a very weak test. It would be nice to have one that actually

3066

verifies that as certain info events happen, the value passed to the

3067

info callback matches up with the constant exposed by OpenSSL.SSL.

3068

"""

3069

for const in [

3070

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

3071

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

3072

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

3073

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

3074

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

3075

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

3076

3077

self.assertTrue(isinstance(const, int))

3078

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3079

Jean-Paul Calderone