Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

5

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

8

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

9

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

10

from sys import platform, version_info

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

11

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

12

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

13

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

14

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

15

from weakref import ref

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

16

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

17

from six import PY3, text_type, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

18

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

19

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

20

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

21

from OpenSSL.crypto import dump_privatekey, load_privatekey

22

from OpenSSL.crypto import dump_certificate, load_certificate

23

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

24

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

25

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

26

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

27

from OpenSSL.SSL import (

28

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

29

TLSv1_1_METHOD, TLSv1_2_METHOD)

30

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

31

from OpenSSL.SSL import (

32

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

33

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

34

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

35

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

36

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

37

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

Andy Lutomirski

2014-03-13 17:22:25 -0700

[diff] [blame]

38

from OpenSSL.SSL import (

Andy Lutomirski

61d7d39

2014-04-04 12:16:56 -0700

[diff] [blame]

39

_Cryptography_HAS_EC, ELLIPTIC_CURVE_DESCRIPTIONS,

40

ECNotAvailable, UnknownObject)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

41

42

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

43

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

44

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

45

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

46

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

47

from OpenSSL.test.util import TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

48

from OpenSSL.test.test_crypto import (

49

cleartextCertificatePEM, cleartextPrivateKeyPEM)

50

from OpenSSL.test.test_crypto import (

51

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

52

root_cert_pem)

53

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

54

try:

55

from OpenSSL.SSL import OP_NO_QUERY_MTU

56

except ImportError:

57

OP_NO_QUERY_MTU = None

58

try:

59

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

60

except ImportError:

61

OP_COOKIE_EXCHANGE = None

62

try:

63

from OpenSSL.SSL import OP_NO_TICKET

64

except ImportError:

65

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

66

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

67

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

68

from OpenSSL.SSL import OP_NO_COMPRESSION

69

except ImportError:

70

OP_NO_COMPRESSION = None

71

72

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

73

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

74

except ImportError:

75

MODE_RELEASE_BUFFERS = None

76

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

77

try:

78

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

79

except ImportError:

80

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

81

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

82

from OpenSSL.SSL import (

83

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

84

SSL_ST_OK, SSL_ST_RENEGOTIATE,

85

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

86

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

87

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

88

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

89

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

90

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

91

# to use)

92

dhparam = """\

93

-----BEGIN DH PARAMETERS-----

94

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

95

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

99

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

100

return ok

101

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

102

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

103

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

104

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

105

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

106

"""

107

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

113

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

114

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

115

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

116

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

117

# Let's pass some unencrypted data to make sure our socket connection is

118

# fine. Just one byte, so we don't have to worry about buffers getting

119

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

120

server.send(b("x"))

121

assert client.recv(1024) == b("x")

122

client.send(b("y"))

123

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

124

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

125

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

126

server.setblocking(False)

127

client.setblocking(False)

128

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

129

return (server, client)

130

131

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

132

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

133

def handshake(client, server):

134

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

145

def _create_certificate_chain():

146

"""

147

Construct and return a chain of certificates.

148

149

1. A new self-signed certificate authority certificate (cacert)

150

2. A new intermediate certificate signed by cacert (icert)

151

3. A new server certificate signed by icert (scert)

152

"""

153

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

158

cacert = X509()

159

cacert.get_subject().commonName = "Authority Certificate"

160

cacert.set_issuer(cacert.get_subject())

161

cacert.set_pubkey(cakey)

162

cacert.set_notBefore(b("20000101000000Z"))

163

cacert.set_notAfter(b("20200101000000Z"))

164

cacert.add_extensions([caext])

165

cacert.set_serial_number(0)

166

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

171

icert = X509()

172

icert.get_subject().commonName = "Intermediate Certificate"

173

icert.set_issuer(cacert.get_subject())

174

icert.set_pubkey(ikey)

175

icert.set_notBefore(b("20000101000000Z"))

176

icert.set_notAfter(b("20200101000000Z"))

177

icert.add_extensions([caext])

178

icert.set_serial_number(0)

179

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

184

scert = X509()

185

scert.get_subject().commonName = "Server Certificate"

186

scert.set_issuer(icert.get_subject())

187

scert.set_pubkey(skey)

188

scert.set_notBefore(b("20000101000000Z"))

189

scert.set_notAfter(b("20200101000000Z"))

190

scert.add_extensions([

191

X509Extension(b('basicConstraints'), True, b('CA:false'))])

192

scert.set_serial_number(0)

193

scert.sign(ikey, "sha1")

194

195

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

199

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

200

"""

201

Helper mixin which defines methods for creating a connected socket pair and

202

for forcing two connected SSL sockets to talk to each other via memory BIOs.

203

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

204

def _loopbackClientFactory(self, socket):

205

client = Connection(Context(TLSv1_METHOD), socket)

206

client.set_connect_state()

207

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

208

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

209

210

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

211

ctx = Context(TLSv1_METHOD)

212

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

213

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

214

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

215

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

220

if serverFactory is None:

221

serverFactory = self._loopbackServerFactory

222

if clientFactory is None:

223

clientFactory = self._loopbackClientFactory

224

225

(server, client) = socket_pair()

226

server = serverFactory(server)

227

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

228

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

229

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

230

231

server.setblocking(True)

232

client.setblocking(True)

233

return server, client

234

235

236

def _interactInMemory(self, client_conn, server_conn):

237

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

238

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

239

objects. Copy bytes back and forth between their send/receive buffers

240

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

241

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

242

some application bytes, return a two-tuple of the connection from which

243

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

248

wrote = False

249

250

# Copy stuff from each side's send buffer to the other side's

251

# receive buffer.

252

for (read, write) in [(client_conn, server_conn),

253

(server_conn, client_conn)]:

254

255

# Give the side a chance to generate some more bytes, or

256

# succeed.

257

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

258

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

259

except WantReadError:

260

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

265

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

266

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

267

268

while True:

269

# Keep copying as long as there's more stuff there.

270

try:

271

dirty = read.bio_read(4096)

272

except WantReadError:

273

# Okay, nothing more waiting to be sent. Stop

274

# processing this send buffer.

275

break

276

else:

277

# Keep track of the fact that someone generated some

278

# output.

279

wrote = True

280

write.bio_write(dirty)

281

282

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

283

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

284

class VersionTests(TestCase):

285

"""

286

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

287

:py:obj:`OpenSSL.SSL.SSLeay_version` and

288

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

289

"""

290

def test_OPENSSL_VERSION_NUMBER(self):

291

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

292

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

293

byte and the patch, fix, minor, and major versions in the

294

nibbles above that.

295

"""

296

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

297

298

299

def test_SSLeay_version(self):

300

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

301

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

302

one of a number of version strings based on that indicator.

303

"""

304

versions = {}

305

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

306

SSLEAY_PLATFORM, SSLEAY_DIR]:

307

version = SSLeay_version(t)

308

versions[version] = t

309

self.assertTrue(isinstance(version, bytes))

310

self.assertEqual(len(versions), 5)

311

312

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

313

314

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

315

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

316

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

317

"""

318

def test_method(self):

319

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

320

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

321

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

322

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

323

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

324

methods = [

325

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

326

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

327

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

328

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

329

330

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

335

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

336

# don't. Difficult to say in advance.

337

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

338

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

339

self.assertRaises(TypeError, Context, "")

340

self.assertRaises(ValueError, Context, 10)

341

342

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

343

if not PY3:

344

def test_method_long(self):

345

"""

346

On Python 2 :py:class:`Context` accepts values of type

347

:py:obj:`long` as well as :py:obj:`int`.

348

"""

349

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

353

def test_type(self):

354

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

355

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

356

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

357

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

358

self.assertIdentical(Context, ContextType)

359

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

360

361

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

362

def test_use_privatekey(self):

363

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

364

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

365

"""

366

key = PKey()

367

key.generate_key(TYPE_RSA, 128)

368

ctx = Context(TLSv1_METHOD)

369

ctx.use_privatekey(key)

370

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

371

372

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

373

def test_use_privatekey_file_missing(self):

374

"""

375

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

376

when passed the name of a file which does not exist.

377

"""

378

ctx = Context(TLSv1_METHOD)

379

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

380

381

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

382

if not PY3:

383

def test_use_privatekey_file_long(self):

384

"""

385

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

386

filetype of type :py:obj:`long` as well as :py:obj:`int`.

387

"""

388

pemfile = self.mktemp()

389

390

key = PKey()

391

key.generate_key(TYPE_RSA, 128)

392

393

with open(pemfile, "wt") as pem:

394

pem.write(

395

dump_privatekey(FILETYPE_PEM, key).decode("ascii"))

396

397

ctx = Context(TLSv1_METHOD)

398

ctx.use_privatekey_file(pemfile, long(FILETYPE_PEM))

399

400

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

401

def test_use_certificate_wrong_args(self):

402

"""

403

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

404

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

405

argument.

406

"""

407

ctx = Context(TLSv1_METHOD)

408

self.assertRaises(TypeError, ctx.use_certificate)

409

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

410

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

411

412

413

def test_use_certificate_uninitialized(self):

414

"""

415

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

416

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

417

initialized (ie, which does not actually have any certificate data).

418

"""

419

ctx = Context(TLSv1_METHOD)

420

self.assertRaises(Error, ctx.use_certificate, X509())

421

422

423

def test_use_certificate(self):

424

"""

425

:py:obj:`Context.use_certificate` sets the certificate which will be

426

used to identify connections created using the context.

427

"""

428

# TODO

429

# Hard to assert anything. But we could set a privatekey then ask

430

# OpenSSL if the cert and key agree using check_privatekey. Then as

431

# long as check_privatekey works right we're good...

432

ctx = Context(TLSv1_METHOD)

433

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

434

435

436

def test_use_certificate_file_wrong_args(self):

437

"""

438

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

439

called with zero arguments or more than two arguments, or if the first

440

argument is not a byte string or the second argumnent is not an integer.

441

"""

442

ctx = Context(TLSv1_METHOD)

443

self.assertRaises(TypeError, ctx.use_certificate_file)

444

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

445

self.assertRaises(

446

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

447

self.assertRaises(

448

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

449

self.assertRaises(

450

TypeError, ctx.use_certificate_file, b"somefile", object())

451

452

453

def test_use_certificate_file_missing(self):

454

"""

455

:py:obj:`Context.use_certificate_file` raises

456

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

457

exist.

458

"""

459

ctx = Context(TLSv1_METHOD)

460

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

461

462

463

def test_use_certificate_file(self):

464

"""

465

:py:obj:`Context.use_certificate` sets the certificate which will be

466

used to identify connections created using the context.

467

"""

468

# TODO

469

# Hard to assert anything. But we could set a privatekey then ask

470

# OpenSSL if the cert and key agree using check_privatekey. Then as

471

# long as check_privatekey works right we're good...

472

pem_filename = self.mktemp()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

473

with open(pem_filename, "wb") as pem_file:

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

474

pem_file.write(cleartextCertificatePEM)

475

476

ctx = Context(TLSv1_METHOD)

477

ctx.use_certificate_file(pem_filename)

478

479

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

480

if not PY3:

481

def test_use_certificate_file_long(self):

482

"""

483

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

484

filetype of type :py:obj:`long` as well as :py:obj:`int`.

485

"""

486

pem_filename = self.mktemp()

487

with open(pem_filename, "wb") as pem_file:

488

pem_file.write(cleartextCertificatePEM)

489

490

ctx = Context(TLSv1_METHOD)

491

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

492

493

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

494

def test_set_app_data_wrong_args(self):

495

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

496

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

497

one argument.

498

"""

499

context = Context(TLSv1_METHOD)

500

self.assertRaises(TypeError, context.set_app_data)

501

self.assertRaises(TypeError, context.set_app_data, None, None)

502

503

504

def test_get_app_data_wrong_args(self):

505

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

506

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

507

arguments.

508

"""

509

context = Context(TLSv1_METHOD)

510

self.assertRaises(TypeError, context.get_app_data, None)

511

512

513

def test_app_data(self):

514

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

515

:py:obj:`Context.set_app_data` stores an object for later retrieval using

516

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

517

"""

518

app_data = object()

519

context = Context(TLSv1_METHOD)

520

context.set_app_data(app_data)

521

self.assertIdentical(context.get_app_data(), app_data)

522

523

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

524

def test_set_options_wrong_args(self):

525

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

526

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

527

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

528

"""

529

context = Context(TLSv1_METHOD)

530

self.assertRaises(TypeError, context.set_options)

531

self.assertRaises(TypeError, context.set_options, None)

532

self.assertRaises(TypeError, context.set_options, 1, None)

533

534

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

535

def test_set_options(self):

536

"""

537

:py:obj:`Context.set_options` returns the new options value.

538

"""

539

context = Context(TLSv1_METHOD)

540

options = context.set_options(OP_NO_SSLv2)

541

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

546

"""

547

On Python 2 :py:obj:`Context.set_options` accepts values of type

548

:py:obj:`long` as well as :py:obj:`int`.

549

"""

550

context = Context(TLSv1_METHOD)

551

options = context.set_options(long(OP_NO_SSLv2))

552

self.assertTrue(OP_NO_SSLv2 & options)

553

554

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

555

def test_set_mode_wrong_args(self):

556

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

557

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

558

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

559

"""

560

context = Context(TLSv1_METHOD)

561

self.assertRaises(TypeError, context.set_mode)

562

self.assertRaises(TypeError, context.set_mode, None)

563

self.assertRaises(TypeError, context.set_mode, 1, None)

564

565

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

566

if MODE_RELEASE_BUFFERS is not None:

567

def test_set_mode(self):

568

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

569

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

570

set mode.

571

"""

572

context = Context(TLSv1_METHOD)

573

self.assertTrue(

574

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

575

576

if not PY3:

577

def test_set_mode_long(self):

578

"""

579

On Python 2 :py:obj:`Context.set_mode` accepts values of type

580

:py:obj:`long` as well as :py:obj:`int`.

581

"""

582

context = Context(TLSv1_METHOD)

583

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

584

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

585

else:

586

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

587

588

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

589

def test_set_timeout_wrong_args(self):

590

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

591

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

592

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

593

"""

594

context = Context(TLSv1_METHOD)

595

self.assertRaises(TypeError, context.set_timeout)

596

self.assertRaises(TypeError, context.set_timeout, None)

597

self.assertRaises(TypeError, context.set_timeout, 1, None)

598

599

600

def test_get_timeout_wrong_args(self):

601

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

602

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

603

"""

604

context = Context(TLSv1_METHOD)

605

self.assertRaises(TypeError, context.get_timeout, None)

606

607

608

def test_timeout(self):

609

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

610

:py:obj:`Context.set_timeout` sets the session timeout for all connections

611

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

612

value.

613

"""

614

context = Context(TLSv1_METHOD)

615

context.set_timeout(1234)

616

self.assertEquals(context.get_timeout(), 1234)

617

618

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

619

if not PY3:

620

def test_timeout_long(self):

621

"""

622

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

623

`long` as well as int.

624

"""

625

context = Context(TLSv1_METHOD)

626

context.set_timeout(long(1234))

627

self.assertEquals(context.get_timeout(), 1234)

628

629

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

630

def test_set_verify_depth_wrong_args(self):

631

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

632

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

633

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

634

"""

635

context = Context(TLSv1_METHOD)

636

self.assertRaises(TypeError, context.set_verify_depth)

637

self.assertRaises(TypeError, context.set_verify_depth, None)

638

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

639

640

641

def test_get_verify_depth_wrong_args(self):

642

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

643

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

644

"""

645

context = Context(TLSv1_METHOD)

646

self.assertRaises(TypeError, context.get_verify_depth, None)

647

648

649

def test_verify_depth(self):

650

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

651

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

652

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

653

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

654

"""

655

context = Context(TLSv1_METHOD)

656

context.set_verify_depth(11)

657

self.assertEquals(context.get_verify_depth(), 11)

658

659

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

660

if not PY3:

661

def test_verify_depth_long(self):

662

"""

663

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

664

type `long` as well as int.

665

"""

666

context = Context(TLSv1_METHOD)

667

context.set_verify_depth(long(11))

668

self.assertEquals(context.get_verify_depth(), 11)

669

670

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

671

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

672

"""

673

Write a new private key out to a new file, encrypted using the given

674

passphrase. Return the path to the new file.

675

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

676

key = PKey()

677

key.generate_key(TYPE_RSA, 128)

678

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

679

fObj = open(pemFile, 'w')

680

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

681

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

686

def test_set_passwd_cb_wrong_args(self):

687

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

688

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

689

wrong arguments or with a non-callable first argument.

690

"""

691

context = Context(TLSv1_METHOD)

692

self.assertRaises(TypeError, context.set_passwd_cb)

693

self.assertRaises(TypeError, context.set_passwd_cb, None)

694

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

695

696

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

697

def test_set_passwd_cb(self):

698

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

699

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

700

a private key is loaded from an encrypted PEM.

701

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

702

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

703

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

704

calledWith = []

705

def passphraseCallback(maxlen, verify, extra):

706

calledWith.append((maxlen, verify, extra))

707

return passphrase

708

context = Context(TLSv1_METHOD)

709

context.set_passwd_cb(passphraseCallback)

710

context.use_privatekey_file(pemFile)

711

self.assertTrue(len(calledWith), 1)

712

self.assertTrue(isinstance(calledWith[0][0], int))

713

self.assertTrue(isinstance(calledWith[0][1], int))

714

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

715

716

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

717

def test_passwd_callback_exception(self):

718

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

719

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

720

passphrase callback.

721

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

722

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

723

def passphraseCallback(maxlen, verify, extra):

724

raise RuntimeError("Sorry, I am a fail.")

725

726

context = Context(TLSv1_METHOD)

727

context.set_passwd_cb(passphraseCallback)

728

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

729

730

731

def test_passwd_callback_false(self):

732

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

733

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

734

passphrase callback returns a false value.

735

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

736

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

737

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

738

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

739

740

context = Context(TLSv1_METHOD)

741

context.set_passwd_cb(passphraseCallback)

742

self.assertRaises(Error, context.use_privatekey_file, pemFile)

743

744

745

def test_passwd_callback_non_string(self):

746

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

747

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

748

passphrase callback returns a true non-string value.

749

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

750

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

751

def passphraseCallback(maxlen, verify, extra):

752

return 10

753

754

context = Context(TLSv1_METHOD)

755

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

756

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

757

758

759

def test_passwd_callback_too_long(self):

760

"""

761

If the passphrase returned by the passphrase callback returns a string

762

longer than the indicated maximum length, it is truncated.

763

"""

764

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

765

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

766

pemFile = self._write_encrypted_pem(passphrase)

767

def passphraseCallback(maxlen, verify, extra):

768

assert maxlen == 1024

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

769

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

770

771

context = Context(TLSv1_METHOD)

772

context.set_passwd_cb(passphraseCallback)

773

# This shall succeed because the truncated result is the correct

774

# passphrase.

775

context.use_privatekey_file(pemFile)

776

777

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

778

def test_set_info_callback(self):

779

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

780

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

781

when certain information about an SSL connection is available.

782

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

783

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

784

785

clientSSL = Connection(Context(TLSv1_METHOD), client)

786

clientSSL.set_connect_state()

787

788

called = []

789

def info(conn, where, ret):

790

called.append((conn, where, ret))

791

context = Context(TLSv1_METHOD)

792

context.set_info_callback(info)

793

context.use_certificate(

794

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

795

context.use_privatekey(

796

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

797

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

798

serverSSL = Connection(context, server)

799

serverSSL.set_accept_state()

800

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

801

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

802

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

803

# The callback must always be called with a Connection instance as the

804

# first argument. It would probably be better to split this into

805

# separate tests for client and server side info callbacks so we could

806

# assert it is called with the right Connection instance. It would

807

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

808

notConnections = [

809

conn for (conn, where, ret) in called

810

if not isinstance(conn, Connection)]

811

self.assertEqual(

812

[], notConnections,

813

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

814

815

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

816

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

817

"""

818

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

819

its :py:obj:`load_verify_locations` method with the given arguments.

820

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

821

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

822

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

823

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

824

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

825

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

826

# Require that the server certificate verify properly or the

827

# connection will fail.

828

clientContext.set_verify(

829

VERIFY_PEER,

830

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

831

832

clientSSL = Connection(clientContext, client)

833

clientSSL.set_connect_state()

834

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

835

serverContext = Context(TLSv1_METHOD)

836

serverContext.use_certificate(

837

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

838

serverContext.use_privatekey(

839

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

840

841

serverSSL = Connection(serverContext, server)

842

serverSSL.set_accept_state()

843

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

844

# Without load_verify_locations above, the handshake

845

# will fail:

846

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

847

# 'certificate verify failed')]

848

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

849

850

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

851

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

852

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

853

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

854

def test_load_verify_file(self):

855

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

856

:py:obj:`Context.load_verify_locations` accepts a file name and uses the

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

857

certificates within for verification purposes.

858

"""

859

cafile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

860

fObj = open(cafile, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

861

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

862

fObj.close()

863

864

self._load_verify_locations_test(cafile)

865

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

866

867

def test_load_verify_invalid_file(self):

868

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

869

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

870

non-existent cafile.

871

"""

872

clientContext = Context(TLSv1_METHOD)

873

self.assertRaises(

874

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

875

876

877

def test_load_verify_directory(self):

878

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

879

:py:obj:`Context.load_verify_locations` accepts a directory name and uses

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

880

the certificates within for verification purposes.

881

"""

882

capath = self.mktemp()

883

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

884

# Hash values computed manually with c_rehash to avoid depending on

885

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

886

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

887

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

888

cafile = join(capath, name)

889

fObj = open(cafile, 'w')

890

fObj.write(cleartextCertificatePEM.decode('ascii'))

891

fObj.close()

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

892

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

893

self._load_verify_locations_test(None, capath)

894

895

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

896

def test_load_verify_locations_wrong_args(self):

897

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

898

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

899

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

900

"""

901

context = Context(TLSv1_METHOD)

902

self.assertRaises(TypeError, context.load_verify_locations)

903

self.assertRaises(TypeError, context.load_verify_locations, object())

904

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

905

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

906

907

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

908

if platform == "win32":

909

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

910

"See LP#404343 and LP#404344."

911

else:

912

def test_set_default_verify_paths(self):

913

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

914

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

915

certificate locations to be used for verification purposes.

916

"""

917

# Testing this requires a server with a certificate signed by one of

918

# the CAs in the platform CA location. Getting one of those costs

919

# money. Fortunately (or unfortunately, depending on your

920

# perspective), it's easy to think of a public server on the

921

# internet which has such a certificate. Connecting to the network

922

# in a unit test is bad, but it's the only way I can think of to

923

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

924

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

925

# Arg, verisign.com doesn't speak TLSv1

926

context = Context(SSLv3_METHOD)

927

context.set_default_verify_paths()

928

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

929

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

930

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

931

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

932

client = socket()

933

client.connect(('verisign.com', 443))

934

clientSSL = Connection(context, client)

935

clientSSL.set_connect_state()

936

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

937

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

938

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

939

940

941

def test_set_default_verify_paths_signature(self):

942

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

943

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

944

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

945

"""

946

context = Context(TLSv1_METHOD)

947

self.assertRaises(TypeError, context.set_default_verify_paths, None)

948

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

949

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

950

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

951

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

952

def test_add_extra_chain_cert_invalid_cert(self):

953

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

954

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

955

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

956

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

957

"""

958

context = Context(TLSv1_METHOD)

959

self.assertRaises(TypeError, context.add_extra_chain_cert)

960

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

961

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

962

963

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

964

def _handshake_test(self, serverContext, clientContext):

965

"""

966

Verify that a client and server created with the given contexts can

967

successfully handshake and communicate.

968

"""

969

serverSocket, clientSocket = socket_pair()

970

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

971

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

972

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

973

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

974

client = Connection(clientContext, clientSocket)

975

client.set_connect_state()

976

977

# Make them talk to each other.

978

# self._interactInMemory(client, server)

979

for i in range(3):

980

for s in [client, server]:

981

try:

982

s.do_handshake()

983

except WantReadError:

pass

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

987

def test_set_verify_callback_exception(self):

988

"""

989

If the verify callback passed to :py:obj:`Context.set_verify` raises an

990

exception, verification fails and the exception is propagated to the

991

caller of :py:obj:`Connection.do_handshake`.

992

"""

993

serverContext = Context(TLSv1_METHOD)

994

serverContext.use_privatekey(

995

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

996

serverContext.use_certificate(

997

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

998

999

clientContext = Context(TLSv1_METHOD)

1000

def verify_callback(*args):

1001

raise Exception("silly verify failure")

1002

clientContext.set_verify(VERIFY_PEER, verify_callback)

1003

1004

exc = self.assertRaises(

1005

Exception, self._handshake_test, serverContext, clientContext)

1006

self.assertEqual("silly verify failure", str(exc))

1007

1008

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1009

def test_add_extra_chain_cert(self):

1010

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1011

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509` instance to add to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1012

the certificate chain.

1013

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1014

See :py:obj:`_create_certificate_chain` for the details of the certificate

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1015

chain tested.

1016

1017

The chain is tested by starting a server with scert and connecting

1018

to it with a client which trusts cacert and requires verification to

1019

succeed.

1020

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1021

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1022

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1023

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1024

# Dump the CA certificate to a file because that's the only way to load

1025

# it as a trusted CA in the client context.

1026

for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1027

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1028

fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1029

fObj.close()

1030

1031

for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1032

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1033

fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1034

fObj.close()

1035

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1036

# Create the server context

1037

serverContext = Context(TLSv1_METHOD)

1038

serverContext.use_privatekey(skey)

1039

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1040

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1041

serverContext.add_extra_chain_cert(icert)

1042

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1043

# Create the client

1044

clientContext = Context(TLSv1_METHOD)

1045

clientContext.set_verify(

1046

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1047

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1048

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1049

# Try it out.

1050

self._handshake_test(serverContext, clientContext)

1051

1052

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1053

def test_use_certificate_chain_file(self):

1054

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1055

:py:obj:`Context.use_certificate_chain_file` reads a certificate chain from

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1056

the specified file.

1057

1058

The chain is tested by starting a server with scert and connecting

1059

to it with a client which trusts cacert and requires verification to

1060

succeed.

1061

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1062

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1063

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1064

1065

# Write out the chain file.

1066

chainFile = self.mktemp()

Jean-Paul Calderone

d860798

2014-01-18 10:30:55 -0500

[diff] [blame]

1067

fObj = open(chainFile, 'wb')

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1068

# Most specific to least general.

Jean-Paul Calderone

d860798

2014-01-18 10:30:55 -0500

[diff] [blame]

1069

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1070

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1071

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1072

fObj.close()

1073

1074

serverContext = Context(TLSv1_METHOD)

1075

serverContext.use_certificate_chain_file(chainFile)

1076

serverContext.use_privatekey(skey)

1077

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1078

fObj = open('ca.pem', 'w')

1079

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1080

fObj.close()

1081

1082

clientContext = Context(TLSv1_METHOD)

1083

clientContext.set_verify(

1084

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1085

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1086

1087

self._handshake_test(serverContext, clientContext)

1088

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1089

1090

def test_use_certificate_chain_file_wrong_args(self):

1091

"""

1092

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1093

if passed zero or more than one argument or when passed a non-byte

1094

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1095

passed a bad chain file name (for example, the name of a file which does

1096

not exist).

1097

"""

1098

context = Context(TLSv1_METHOD)

1099

self.assertRaises(TypeError, context.use_certificate_chain_file)

1100

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1101

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1102

1103

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1104

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1105

# XXX load_client_ca

1106

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1107

1108

def test_get_verify_mode_wrong_args(self):

1109

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1110

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1111

arguments.

1112

"""

1113

context = Context(TLSv1_METHOD)

1114

self.assertRaises(TypeError, context.get_verify_mode, None)

1115

1116

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1117

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1118

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1119

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1120

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1121

"""

1122

context = Context(TLSv1_METHOD)

1123

self.assertEquals(context.get_verify_mode(), 0)

1124

context.set_verify(

1125

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1126

self.assertEquals(

1127

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1128

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1129

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1130

if not PY3:

1131

def test_set_verify_mode_long(self):

1132

"""

1133

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1134

type :py:obj:`long` as well as :py:obj:`int`.

1135

"""

1136

context = Context(TLSv1_METHOD)

1137

self.assertEquals(context.get_verify_mode(), 0)

1138

context.set_verify(

1139

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1140

self.assertEquals(

1141

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1142

1143

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1144

def test_load_tmp_dh_wrong_args(self):

1145

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1146

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1147

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1148

"""

1149

context = Context(TLSv1_METHOD)

1150

self.assertRaises(TypeError, context.load_tmp_dh)

1151

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1152

self.assertRaises(TypeError, context.load_tmp_dh, object())

1153

1154

1155

def test_load_tmp_dh_missing_file(self):

1156

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1157

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1158

does not exist.

1159

"""

1160

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1161

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1162

1163

1164

def test_load_tmp_dh(self):

1165

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1166

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1167

specified file.

1168

"""

1169

context = Context(TLSv1_METHOD)

1170

dhfilename = self.mktemp()

1171

dhfile = open(dhfilename, "w")

1172

dhfile.write(dhparam)

1173

dhfile.close()

1174

context.load_tmp_dh(dhfilename)

1175

# XXX What should I assert here? -exarkun

1176

1177

Andy Lutomirski

2014-03-13 17:22:25 -0700

[diff] [blame]

1178

def test_set_tmp_ecdh_curve(self):

1179

"""

Andy Lutomirski

61d7d39

2014-04-04 12:16:56 -0700

[diff] [blame]

1180

:py:obj:`Context.set_tmp_ecdh_curve` sets the elliptic

1181

curve for Diffie-Hellman to the specified named curve.

Andy Lutomirski

2014-03-13 17:22:25 -0700

[diff] [blame]

1182

"""

1183

context = Context(TLSv1_METHOD)

1184

for curve in ELLIPTIC_CURVE_DESCRIPTIONS.keys():

1185

context.set_tmp_ecdh_curve(curve) # Must not throw.

1186

Laurens Van Houtven

f5df243

2014-04-03 12:17:28 +0200

[diff] [blame]

1187

Andy Lutomirski

61d7d39

2014-04-04 12:16:56 -0700

[diff] [blame]

1188

def test_set_tmp_ecdh_curve_bad_sn(self):

1189

"""

1190

:py:obj:`Context.set_tmp_ecdh_curve` raises

1191

:py:obj:`UnknownObject` if passed a curve_name that OpenSSL

1192

does not recognize and EC is available. It raises

1193

:py:obj:`ECNotAvailable` if EC is not available at all.

1194

"""

1195

context = Context(TLSv1_METHOD)

1196

try:

1197

context.set_tmp_ecdh_curve('not_an_elliptic_curve')

1198

except ECNotAvailable:

1199

self.assertFalse(_Cryptography_HAS_EC)

1200

except UnknownObject:

1201

self.assertTrue(_Cryptography_HAS_EC)

1202

else:

1203

self.assertFalse(True)

1204

1205

1206

def test_set_tmp_ecdh_curve_not_a_curve(self):

1207

"""

1208

:py:obj:`Context.set_tmp_ecdh_curve` raises

1209

:py:obj:`UnsupportedEllipticCurve` if passed a curve_name that

1210

OpenSSL cannot instantiate as an elliptic curve. It raises

1211

:py:obj:`ECNotAvailable` if EC is not available at all.

1212

"""

1213

context = Context(TLSv1_METHOD)

1214

try:

1215

context.set_tmp_ecdh_curve('sha256')

1216

except ECNotAvailable:

1217

self.assertFalse(_Cryptography_HAS_EC)

1218

except UnknownObject:

1219

self.assertTrue(_Cryptography_HAS_EC)

1220

else:

1221

self.assertFalse(True)

1222

1223

Laurens Van Houtven

f5df243

2014-04-03 12:17:28 +0200

[diff] [blame]

1224

def test_has_curve_descriptions(self):

1225

"""

1226

If the underlying cryptography bindings claim to have elliptic

1227

curve support, there should be at least one curve.

1228

1229

(In theory there could be an OpenSSL that violates this

1230

assumption. If so, this test will fail and we'll find out.)

1231

1232

"""

Andy Lutomirski

2014-03-13 17:22:25 -0700

[diff] [blame]

1233

if _Cryptography_HAS_EC:

Laurens Van Houtven

f5df243

2014-04-03 12:17:28 +0200

[diff] [blame]

1234

self.assertNotEqual(len(ELLIPTIC_CURVE_DESCRIPTIONS), 0)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1235

1236

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1237

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1238

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1239

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1240

ciphers which connections created with the context object will be able

1241

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1242

"""

1243

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1244

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1245

conn = Connection(context, None)

1246

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1247

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1248

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1249

def test_set_cipher_list_text(self):

1250

"""

1251

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1252

the ciphers which connections created with the context object will be

1253

able to choose from.

1254

"""

1255

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1256

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1257

conn = Connection(context, None)

1258

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1259

1260

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1261

def test_set_cipher_list_wrong_args(self):

1262

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1263

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1264

passed zero arguments or more than one argument or when passed a

1265

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1266

passed an incorrect cipher list string.

1267

"""

1268

context = Context(TLSv1_METHOD)

1269

self.assertRaises(TypeError, context.set_cipher_list)

1270

self.assertRaises(TypeError, context.set_cipher_list, object())

1271

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1272

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1273

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1274

1275

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1276

def test_set_session_cache_mode_wrong_args(self):

1277

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1278

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1279

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1280

"""

1281

context = Context(TLSv1_METHOD)

1282

self.assertRaises(TypeError, context.set_session_cache_mode)

1283

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1284

1285

1286

def test_get_session_cache_mode_wrong_args(self):

1287

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1288

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1289

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1290

"""

1291

context = Context(TLSv1_METHOD)

1292

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1293

1294

1295

def test_session_cache_mode(self):

1296

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1297

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1298

cached. The setting can be retrieved via

1299

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1300

"""

1301

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1302

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1303

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1304

self.assertEqual(SESS_CACHE_OFF, off)

1305

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1306

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1307

if not PY3:

1308

def test_session_cache_mode_long(self):

1309

"""

1310

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1311

of type :py:obj:`long` as well as :py:obj:`int`.

1312

"""

1313

context = Context(TLSv1_METHOD)

1314

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1315

self.assertEqual(

1316

SESS_CACHE_BOTH, context.get_session_cache_mode())

1317

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1318

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1319

def test_get_cert_store(self):

1320

"""

1321

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1322

"""

1323

context = Context(TLSv1_METHOD)

1324

store = context.get_cert_store()

1325

self.assertIsInstance(store, X509Store)

1326

1327

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1328

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1329

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1330

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1331

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1332

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1333

"""

1334

def test_wrong_args(self):

1335

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1336

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1337

with other than one argument.

1338

"""

1339

context = Context(TLSv1_METHOD)

1340

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1341

self.assertRaises(

1342

TypeError, context.set_tlsext_servername_callback, 1, 2)

1343

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1344

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1345

def test_old_callback_forgotten(self):

1346

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1347

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1348

callback, the one it replaces is dereferenced.

1349

"""

1350

def callback(connection):

1351

pass

1352

1353

def replacement(connection):

1354

pass

1355

1356

context = Context(TLSv1_METHOD)

1357

context.set_tlsext_servername_callback(callback)

1358

1359

tracker = ref(callback)

1360

del callback

1361

1362

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1363

1364

# One run of the garbage collector happens to work on CPython. PyPy

1365

# doesn't collect the underlying object until a second run for whatever

1366

# reason. That's fine, it still demonstrates our code has properly

1367

# dropped the reference.

1368

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1369

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1370

1371

callback = tracker()

1372

if callback is not None:

1373

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1374

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1375

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1376

1377

1378

def test_no_servername(self):

1379

"""

1380

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1381

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1382

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1383

"""

1384

args = []

1385

def servername(conn):

1386

args.append((conn, conn.get_servername()))

1387

context = Context(TLSv1_METHOD)

1388

context.set_tlsext_servername_callback(servername)

1389

1390

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1396

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1397

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1398

1399

# Do a little connection to trigger the logic

1400

server = Connection(context, None)

1401

server.set_accept_state()

1402

1403

client = Connection(Context(TLSv1_METHOD), None)

1404

client.set_connect_state()

1405

1406

self._interactInMemory(server, client)

1407

1408

self.assertEqual([(server, None)], args)

1409

1410

1411

def test_servername(self):

1412

"""

1413

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1414

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1415

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1416

"""

1417

args = []

1418

def servername(conn):

1419

args.append((conn, conn.get_servername()))

1420

context = Context(TLSv1_METHOD)

1421

context.set_tlsext_servername_callback(servername)

1422

1423

# Necessary to actually accept the connection

1424

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1425

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1426

1427

# Do a little connection to trigger the logic

1428

server = Connection(context, None)

1429

server.set_accept_state()

1430

1431

client = Connection(Context(TLSv1_METHOD), None)

1432

client.set_connect_state()

1433

client.set_tlsext_host_name(b("foo1.example.com"))

1434

1435

self._interactInMemory(server, client)

1436

1437

self.assertEqual([(server, b("foo1.example.com"))], args)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

1441

class SessionTests(TestCase):

1442

"""

1443

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1444

"""

1445

def test_construction(self):

1446

"""

1447

:py:class:`Session` can be constructed with no arguments, creating a new

1448

instance of that type.

1449

"""

1450

new_session = Session()

1451

self.assertTrue(isinstance(new_session, Session))

1452

1453

1454

def test_construction_wrong_args(self):

1455

"""

1456

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

1457

is raised.

1458

"""

1459

self.assertRaises(TypeError, Session, 123)

1460

self.assertRaises(TypeError, Session, "hello")

1461

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1465

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1466

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1467

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1468

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1469

# XXX get_peer_certificate -> None

1470

# XXX sock_shutdown

1471

# XXX master_key -> TypeError

1472

# XXX server_random -> TypeError

1473

# XXX state_string

1474

# XXX connect -> TypeError

1475

# XXX connect_ex -> TypeError

1476

# XXX set_connect_state -> TypeError

1477

# XXX set_accept_state -> TypeError

1478

# XXX renegotiate_pending

1479

# XXX do_handshake -> TypeError

1480

# XXX bio_read -> TypeError

1481

# XXX recv -> TypeError

1482

# XXX send -> TypeError

1483

# XXX bio_write -> TypeError

1484

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1485

def test_type(self):

1486

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1487

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1488

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1489

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1490

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1491

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1492

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1493

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1494

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1495

def test_get_context(self):

1496

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1497

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

1498

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1499

"""

1500

context = Context(TLSv1_METHOD)

1501

connection = Connection(context, None)

1502

self.assertIdentical(connection.get_context(), context)

1503

1504

1505

def test_get_context_wrong_args(self):

1506

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1507

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1508

arguments.

1509

"""

1510

connection = Connection(Context(TLSv1_METHOD), None)

1511

self.assertRaises(TypeError, connection.get_context, None)

1512

1513

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1514

def test_set_context_wrong_args(self):

1515

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1516

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

1517

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1518

than 1.

1519

"""

1520

ctx = Context(TLSv1_METHOD)

1521

connection = Connection(ctx, None)

1522

self.assertRaises(TypeError, connection.set_context)

1523

self.assertRaises(TypeError, connection.set_context, object())

1524

self.assertRaises(TypeError, connection.set_context, "hello")

1525

self.assertRaises(TypeError, connection.set_context, 1)

1526

self.assertRaises(TypeError, connection.set_context, 1, 2)

1527

self.assertRaises(

1528

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

1529

self.assertIdentical(ctx, connection.get_context())

1530

1531

1532

def test_set_context(self):

1533

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1534

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1535

for the connection.

1536

"""

1537

original = Context(SSLv23_METHOD)

1538

replacement = Context(TLSv1_METHOD)

1539

connection = Connection(original, None)

1540

connection.set_context(replacement)

1541

self.assertIdentical(replacement, connection.get_context())

1542

# Lose our references to the contexts, just in case the Connection isn't

1543

# properly managing its own contributions to their reference counts.

1544

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

1549

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1550

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1551

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1552

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1553

"""

1554

conn = Connection(Context(TLSv1_METHOD), None)

1555

self.assertRaises(TypeError, conn.set_tlsext_host_name)

1556

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

1557

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

1558

self.assertRaises(

1559

TypeError, conn.set_tlsext_host_name, b("with\0null"))

1560

1561

if version_info >= (3,):

1562

# On Python 3.x, don't accidentally implicitly convert from text.

1563

self.assertRaises(

1564

TypeError,

1565

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1566

1567

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1568

def test_get_servername_wrong_args(self):

1569

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1570

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1571

arguments.

1572

"""

1573

connection = Connection(Context(TLSv1_METHOD), None)

1574

self.assertRaises(TypeError, connection.get_servername, object())

1575

self.assertRaises(TypeError, connection.get_servername, 1)

1576

self.assertRaises(TypeError, connection.get_servername, "hello")

1577

1578

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1579

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1580

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1581

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1582

immediate read.

1583

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1584

connection = Connection(Context(TLSv1_METHOD), None)

1585

self.assertEquals(connection.pending(), 0)

1586

1587

1588

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1589

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1590

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1591

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1592

connection = Connection(Context(TLSv1_METHOD), None)

1593

self.assertRaises(TypeError, connection.pending, None)

1594

1595

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1596

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1597

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1598

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1599

argument or with the wrong number of arguments.

1600

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1601

connection = Connection(Context(TLSv1_METHOD), socket())

1602

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1603

self.assertRaises(TypeError, connection.connect)

1604

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1605

1606

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1607

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1608

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1609

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1610

connect method raises it.

1611

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1612

client = socket()

1613

context = Context(TLSv1_METHOD)

1614

clientSSL = Connection(context, client)

1615

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

1616

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1617

1618

1619

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1620

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1621

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1622

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1628

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

1629

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1630

1631

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1632

if platform == "darwin":

1633

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

1634

else:

1635

def test_connect_ex(self):

1636

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1637

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1638

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1643

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1644

clientSSL = Connection(Context(TLSv1_METHOD), socket())

1645

clientSSL.setblocking(False)

1646

result = clientSSL.connect_ex(port.getsockname())

1647

expected = (EINPROGRESS, EWOULDBLOCK)

1648

self.assertTrue(

1649

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1650

1651

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1652

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1653

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1654

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1655

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1656

connection = Connection(Context(TLSv1_METHOD), socket())

1657

self.assertRaises(TypeError, connection.accept, None)

1658

1659

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1660

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1661

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1662

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

1663

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1664

connection originated from.

1665

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1666

ctx = Context(TLSv1_METHOD)

1667

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1668

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1669

port = socket()

1670

portSSL = Connection(ctx, port)

1671

portSSL.bind(('', 0))

1672

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1673

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1674

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1675

1676

# Calling portSSL.getsockname() here to get the server IP address sounds

1677

# great, but frequently fails on Windows.

1678

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1679

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1680

serverSSL, address = portSSL.accept()

1681

1682

self.assertTrue(isinstance(serverSSL, Connection))

1683

self.assertIdentical(serverSSL.get_context(), ctx)

1684

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1685

1686

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1687

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1688

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1689

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1690

number of arguments or with arguments other than integers.

1691

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1692

connection = Connection(Context(TLSv1_METHOD), None)

1693

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

1694

self.assertRaises(TypeError, connection.get_shutdown, None)

1695

self.assertRaises(TypeError, connection.set_shutdown)

1696

self.assertRaises(TypeError, connection.set_shutdown, None)

1697

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1698

1699

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1700

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1701

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1702

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1703

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1704

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1705

self.assertFalse(server.shutdown())

1706

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1707

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1708

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

1709

client.shutdown()

1710

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

1711

self.assertRaises(ZeroReturnError, server.recv, 1024)

1712

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1713

1714

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1715

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1716

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1717

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1718

process.

1719

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1720

connection = Connection(Context(TLSv1_METHOD), socket())

1721

connection.set_shutdown(RECEIVED_SHUTDOWN)

1722

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1723

1724

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

1725

if not PY3:

1726

def test_set_shutdown_long(self):

1727

"""

1728

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

1729

of type :py:obj:`long` as well as :py:obj:`int`.

1730

"""

1731

connection = Connection(Context(TLSv1_METHOD), socket())

1732

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

1733

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1734

1735

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1736

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1737

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1738

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

1739

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1740

with any arguments.

1741

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1742

conn = Connection(Context(TLSv1_METHOD), None)

1743

self.assertRaises(TypeError, conn.get_app_data, None)

1744

self.assertRaises(TypeError, conn.set_app_data)

1745

self.assertRaises(TypeError, conn.set_app_data, None, None)

1746

1747

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1748

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1749

"""

1750

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1751

:py:obj:`Connection.set_app_data` and later retrieved with

1752

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1753

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1754

conn = Connection(Context(TLSv1_METHOD), None)

1755

app_data = object()

1756

conn.set_app_data(app_data)

1757

self.assertIdentical(conn.get_app_data(), app_data)

1758

1759

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1760

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1761

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1762

:py:obj:`Connection.makefile` is not implemented and calling that method raises

1763

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1764

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1765

conn = Connection(Context(TLSv1_METHOD), None)

1766

self.assertRaises(NotImplementedError, conn.makefile)

1767

1768

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1769

def test_get_peer_cert_chain_wrong_args(self):

1770

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1771

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1772

arguments.

1773

"""

1774

conn = Connection(Context(TLSv1_METHOD), None)

1775

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

1776

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

1777

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

1778

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

1779

1780

1781

def test_get_peer_cert_chain(self):

1782

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1783

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1784

the connected server returned for the certification verification.

1785

"""

1786

chain = _create_certificate_chain()

1787

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1788

1789

serverContext = Context(TLSv1_METHOD)

1790

serverContext.use_privatekey(skey)

1791

serverContext.use_certificate(scert)

1792

serverContext.add_extra_chain_cert(icert)

1793

serverContext.add_extra_chain_cert(cacert)

1794

server = Connection(serverContext, None)

1795

server.set_accept_state()

1796

1797

# Create the client

1798

clientContext = Context(TLSv1_METHOD)

1799

clientContext.set_verify(VERIFY_NONE, verify_cb)

1800

client = Connection(clientContext, None)

1801

client.set_connect_state()

1802

1803

self._interactInMemory(client, server)

1804

1805

chain = client.get_peer_cert_chain()

1806

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1807

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1808

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1809

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1810

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1811

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1812

"Authority Certificate", chain[2].get_subject().CN)

1813

1814

1815

def test_get_peer_cert_chain_none(self):

1816

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1817

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1818

certificate chain.

1819

"""

1820

ctx = Context(TLSv1_METHOD)

1821

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1822

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1823

server = Connection(ctx, None)

1824

server.set_accept_state()

1825

client = Connection(Context(TLSv1_METHOD), None)

1826

client.set_connect_state()

1827

self._interactInMemory(client, server)

1828

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1829

1830

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1831

def test_get_session_wrong_args(self):

1832

"""

1833

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

1834

with any arguments.

1835

"""

1836

ctx = Context(TLSv1_METHOD)

1837

server = Connection(ctx, None)

1838

self.assertRaises(TypeError, server.get_session, 123)

1839

self.assertRaises(TypeError, server.get_session, "hello")

1840

self.assertRaises(TypeError, server.get_session, object())

1841

1842

1843

def test_get_session_unconnected(self):

1844

"""

1845

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

1846

an object which has not been connected.

1847

"""

1848

ctx = Context(TLSv1_METHOD)

1849

server = Connection(ctx, None)

1850

session = server.get_session()

1851

self.assertIdentical(None, session)

1852

1853

1854

def test_server_get_session(self):

1855

"""

1856

On the server side of a connection, :py:obj:`Connection.get_session`

1857

returns a :py:class:`Session` instance representing the SSL session for

1858

that connection.

1859

"""

1860

server, client = self._loopback()

1861

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1862

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1863

1864

1865

def test_client_get_session(self):

1866

"""

1867

On the client side of a connection, :py:obj:`Connection.get_session`

1868

returns a :py:class:`Session` instance representing the SSL session for

1869

that connection.

1870

"""

1871

server, client = self._loopback()

1872

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1873

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1874

1875

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

1876

def test_set_session_wrong_args(self):

1877

"""

1878

If called with an object that is not an instance of :py:class:`Session`,

1879

or with other than one argument, :py:obj:`Connection.set_session` raises

1880

:py:obj:`TypeError`.

1881

"""

1882

ctx = Context(TLSv1_METHOD)

1883

connection = Connection(ctx, None)

1884

self.assertRaises(TypeError, connection.set_session)

1885

self.assertRaises(TypeError, connection.set_session, 123)

1886

self.assertRaises(TypeError, connection.set_session, "hello")

1887

self.assertRaises(TypeError, connection.set_session, object())

1888

self.assertRaises(

1889

TypeError, connection.set_session, Session(), Session())

1890

1891

1892

def test_client_set_session(self):

1893

"""

1894

:py:obj:`Connection.set_session`, when used prior to a connection being

1895

established, accepts a :py:class:`Session` instance and causes an

1896

attempt to re-use the session it represents when the SSL handshake is

1897

performed.

1898

"""

1899

key = load_privatekey(FILETYPE_PEM, server_key_pem)

1900

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

1901

ctx = Context(TLSv1_METHOD)

1902

ctx.use_privatekey(key)

1903

ctx.use_certificate(cert)

1904

ctx.set_session_id("unity-test")

1905

1906

def makeServer(socket):

1907

server = Connection(ctx, socket)

1908

server.set_accept_state()

1909

return server

1910

1911

originalServer, originalClient = self._loopback(

1912

serverFactory=makeServer)

1913

originalSession = originalClient.get_session()

1914

1915

def makeClient(socket):

1916

client = self._loopbackClientFactory(socket)

1917

client.set_session(originalSession)

1918

return client

1919

resumedServer, resumedClient = self._loopback(

1920

serverFactory=makeServer,

1921

clientFactory=makeClient)

1922

1923

# This is a proxy: in general, we have no access to any unique

1924

# identifier for the session (new enough versions of OpenSSL expose a

1925

# hash which could be usable, but "new enough" is very, very new).

1926

# Instead, exploit the fact that the master key is re-used if the

1927

# session is re-used. As long as the master key for the two connections

1928

# is the same, the session was re-used!

1929

self.assertEqual(

1930

originalServer.master_key(), resumedServer.master_key())

1931

1932

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

1933

def test_set_session_wrong_method(self):

1934

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

1935

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

1936

instance associated with a context using a different SSL method than the

1937

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

1938

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

1939

"""

1940

key = load_privatekey(FILETYPE_PEM, server_key_pem)

1941

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

1942

ctx = Context(TLSv1_METHOD)

1943

ctx.use_privatekey(key)

1944

ctx.use_certificate(cert)

1945

ctx.set_session_id("unity-test")

1946

1947

def makeServer(socket):

1948

server = Connection(ctx, socket)

1949

server.set_accept_state()

1950

return server

1951

1952

originalServer, originalClient = self._loopback(

1953

serverFactory=makeServer)

1954

originalSession = originalClient.get_session()

1955

1956

def makeClient(socket):

1957

# Intentionally use a different, incompatible method here.

1958

client = Connection(Context(SSLv3_METHOD), socket)

1959

client.set_connect_state()

1960

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

1966

1967

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

1968

def test_wantWriteError(self):

1969

"""

1970

:py:obj:`Connection` methods which generate output raise

1971

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

1972

fail indicating a should-write state.

1973

"""

1974

client_socket, server_socket = socket_pair()

1975

# Fill up the client's send buffer so Connection won't be able to write

1976

# anything.

Jean-Paul Calderone

7d7c9c2

2014-02-18 16:38:26 -0500

[diff] [blame]

1977

msg = b"x" * 512

Jean-Paul Calderone

22c28b4

2014-02-18 16:40:34 -0500

[diff] [blame]

1978

for i in range(2048):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

1979

try:

1980

client_socket.send(msg)

1981

except error as e:

1982

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

1988

1989

ctx = Context(TLSv1_METHOD)

1990

conn = Connection(ctx, client_socket)

1991

# Client's speak first, so make it an SSL client

1992

conn.set_connect_state()

1993

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

1997

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

1998

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

1999

:py:obj:`Connection.get_finished` returns :py:obj:`None` before TLS

2000

handshake is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2001

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2002

ctx = Context(TLSv1_METHOD)

2003

connection = Connection(ctx, None)

2004

self.assertEqual(connection.get_finished(), None)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2005

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2006

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2007

def test_get_peer_finished_before_connect(self):

2008

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2009

:py:obj:`Connection.get_peer_finished` returns :py:obj:`None` before

2010

TLS handshake is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2011

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2012

ctx = Context(TLSv1_METHOD)

2013

connection = Connection(ctx, None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2014

self.assertEqual(connection.get_peer_finished(), None)

2015

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2016

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2017

def test_get_finished(self):

2018

"""

2019

:py:obj:`Connection.get_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2020

message send from client, or server. Finished messages are send during

2021

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2022

"""

2023

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2024

server, client = self._loopback()

2025

2026

self.assertNotEqual(server.get_finished(), None)

2027

self.assertTrue(len(server.get_finished()) > 0)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2028

Jean-Paul Calderone

d979f23

2014-03-30 11:58:00 -0400

[diff] [blame]

2029

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2030

def test_get_peer_finished(self):

2031

"""

2032

:py:obj:`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2033

message received from client, or server. Finished messages are send

2034

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2035

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2036

server, client = self._loopback()

2037

2038

self.assertNotEqual(server.get_peer_finished(), None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2039

self.assertTrue(len(server.get_peer_finished()) > 0)

2040

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2041

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2042

def test_tls_finished_message_symmetry(self):

2043

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2044

The TLS Finished message send by server must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2045

received by client.

2046

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2047

The TLS Finished message send by client must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2048

received by server.

2049

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2050

server, client = self._loopback()

2051

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2052

self.assertEqual(server.get_finished(), client.get_peer_finished())

2053

self.assertEqual(client.get_finished(), server.get_peer_finished())

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2054

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2055

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2056

def test_get_cipher_name_before_connect(self):

2057

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2058

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None` if no

2059

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2060

"""

2061

ctx = Context(TLSv1_METHOD)

2062

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2063

self.assertIdentical(conn.get_cipher_name(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2064

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2065

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2066

def test_get_cipher_name(self):

2067

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2068

:py:obj:`Connection.get_cipher_name` returns a :py:class:`unicode`

2069

string giving the name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2070

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2071

server, client = self._loopback()

2072

server_cipher_name, client_cipher_name = \

2073

server.get_cipher_name(), client.get_cipher_name()

2074

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2075

self.assertIsInstance(server_cipher_name, text_type)

2076

self.assertIsInstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2077

2078

self.assertEqual(server_cipher_name, client_cipher_name)

2079

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2080

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2081

def test_get_cipher_version_before_connect(self):

2082

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2083

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None` if no

2084

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2085

"""

2086

ctx = Context(TLSv1_METHOD)

2087

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2088

self.assertIdentical(conn.get_cipher_version(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2089

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2090

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2091

def test_get_cipher_version(self):

2092

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2093

:py:obj:`Connection.get_cipher_version` returns a :py:class:`unicode`

2094

string giving the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2095

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2096

server, client = self._loopback()

2097

server_cipher_version, client_cipher_version = \

2098

server.get_cipher_version(), client.get_cipher_version()

2099

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2100

self.assertIsInstance(server_cipher_version, text_type)

2101

self.assertIsInstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2102

2103

self.assertEqual(server_cipher_version, client_cipher_version)

2104

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2105

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2106

def test_get_cipher_bits_before_connect(self):

2107

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2108

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None` if no

2109

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2110

"""

2111

ctx = Context(TLSv1_METHOD)

2112

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2113

self.assertIdentical(conn.get_cipher_bits(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2114

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2115

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2116

def test_get_cipher_bits(self):

2117

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2118

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits

2119

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2120

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2121

server, client = self._loopback()

2122

server_cipher_bits, client_cipher_bits = \

2123

server.get_cipher_bits(), client.get_cipher_bits()

2124

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2125

self.assertIsInstance(server_cipher_bits, int)

2126

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2127

2128

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2129

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2130

2131

2132

class ConnectionGetCipherListTests(TestCase):

2133

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2134

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2135

"""

2136

def test_wrong_args(self):

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2137

"""

2138

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

2139

arguments.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2140

"""

2141

connection = Connection(Context(TLSv1_METHOD), None)

2142

self.assertRaises(TypeError, connection.get_cipher_list, None)

2143

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2144

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2145

def test_result(self):

2146

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2147

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2148

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2149

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2150

connection = Connection(Context(TLSv1_METHOD), None)

2151

ciphers = connection.get_cipher_list()

2152

self.assertTrue(isinstance(ciphers, list))

2153

for cipher in ciphers:

2154

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2158

class ConnectionSendTests(TestCase, _LoopbackMixin):

2159

"""

2160

Tests for :py:obj:`Connection.send`

2161

"""

2162

def test_wrong_args(self):

2163

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2164

When called with arguments other than string argument for its first

2165

parameter or more than two arguments, :py:obj:`Connection.send` raises

2166

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2167

"""

2168

connection = Connection(Context(TLSv1_METHOD), None)

2169

self.assertRaises(TypeError, connection.send)

2170

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2171

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2172

2173

2174

def test_short_bytes(self):

2175

"""

2176

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

2177

and returns the number of bytes sent.

2178

"""

2179

server, client = self._loopback()

2180

count = server.send(b('xy'))

2181

self.assertEquals(count, 2)

2182

self.assertEquals(client.recv(2), b('xy'))

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2188

else:

2189

def test_short_memoryview(self):

2190

"""

2191

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2192

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2193

bytes sent.

2194

"""

2195

server, client = self._loopback()

2196

count = server.send(memoryview(b('xy')))

2197

self.assertEquals(count, 2)

2198

self.assertEquals(client.recv(2), b('xy'))

2199

2200

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2201

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2202

class ConnectionSendallTests(TestCase, _LoopbackMixin):

2203

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2204

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2205

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2206

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2207

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2208

When called with arguments other than a string argument for its first

2209

parameter or with more than two arguments, :py:obj:`Connection.sendall`

2210

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2211

"""

2212

connection = Connection(Context(TLSv1_METHOD), None)

2213

self.assertRaises(TypeError, connection.sendall)

2214

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2215

self.assertRaises(

2216

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2217

2218

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2219

def test_short(self):

2220

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2221

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2222

it.

2223

"""

2224

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

2225

server.sendall(b('x'))

2226

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2227

2228

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2233

else:

2234

def test_short_memoryview(self):

2235

"""

2236

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2237

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2238

"""

2239

server, client = self._loopback()

2240

server.sendall(memoryview(b('x')))

2241

self.assertEquals(client.recv(1), b('x'))

2242

2243

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2244

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2245

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2246

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2247

it even if this requires multiple calls of an underlying write function.

2248

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2249

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

2250

# Should be enough, underlying SSL_write should only do 16k at a time.

2251

# On Windows, after 32k of bytes the write will block (forever - because

2252

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

2253

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2254

server.sendall(message)

2255

accum = []

2256

received = 0

2257

while received < len(message):

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

2258

data = client.recv(1024)

2259

accum.append(data)

2260

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

2261

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2262

2263

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2264

def test_closed(self):

2265

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2266

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2267

write error from the low level write call.

2268

"""

2269

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

2270

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2271

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2272

if platform == "win32":

2273

self.assertEqual(exc.args[0], ESHUTDOWN)

2274

else:

2275

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2276

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2277

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2278

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2279

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

2280

"""

2281

Tests for SSL renegotiation APIs.

2282

"""

2283

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2284

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2285

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2286

arguments.

2287

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2288

connection = Connection(Context(TLSv1_METHOD), None)

2289

self.assertRaises(TypeError, connection.renegotiate, None)

2290

2291

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2292

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2293

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2294

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2295

any arguments.

2296

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2297

connection = Connection(Context(TLSv1_METHOD), None)

2298

self.assertRaises(TypeError, connection.total_renegotiations, None)

2299

2300

2301

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2302

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2303

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2304

renegotiations have happened.

2305

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2306

connection = Connection(Context(TLSv1_METHOD), None)

2307

self.assertEquals(connection.total_renegotiations(), 0)

2308

2309

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2310

# def test_renegotiate(self):

2311

# """

2312

# """

2313

# server, client = self._loopback()

2314

2315

# server.send("hello world")

2316

# self.assertEquals(client.recv(len("hello world")), "hello world")

2317

2318

# self.assertEquals(server.total_renegotiations(), 0)

2319

# self.assertTrue(server.renegotiate())

2320

2321

# server.setblocking(False)

2322

# client.setblocking(False)

2323

# while server.renegotiate_pending():

2324

# client.do_handshake()

2325

# server.do_handshake()

2326

2327

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2332

class ErrorTests(TestCase):

2333

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2334

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2335

"""

2336

def test_type(self):

2337

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2338

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2339

"""

2340

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2341

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2345

class ConstantsTests(TestCase):

2346

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2347

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2348

2349

These are values defined by OpenSSL intended only to be used as flags to

2350

OpenSSL APIs. The only assertions it seems can be made about them is

2351

their values.

2352

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2353

# unittest.TestCase has no skip mechanism

2354

if OP_NO_QUERY_MTU is not None:

2355

def test_op_no_query_mtu(self):

2356

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2357

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2358

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2359

"""

2360

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

2361

else:

2362

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2363

2364

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2365

if OP_COOKIE_EXCHANGE is not None:

2366

def test_op_cookie_exchange(self):

2367

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2368

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2369

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2370

"""

2371

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

2372

else:

2373

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2374

2375

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2376

if OP_NO_TICKET is not None:

2377

def test_op_no_ticket(self):

2378

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2379

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2380

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2381

"""

2382

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

2383

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2384

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

2385

2386

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2387

if OP_NO_COMPRESSION is not None:

2388

def test_op_no_compression(self):

2389

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2390

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

2391

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2392

"""

2393

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

2394

else:

2395

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

2396

2397

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2398

def test_sess_cache_off(self):

2399

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2400

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

2401

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2402

"""

2403

self.assertEqual(0x0, SESS_CACHE_OFF)

2404

2405

2406

def test_sess_cache_client(self):

2407

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2408

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

2409

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2410

"""

2411

self.assertEqual(0x1, SESS_CACHE_CLIENT)

2412

2413

2414

def test_sess_cache_server(self):

2415

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2416

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

2417

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2418

"""

2419

self.assertEqual(0x2, SESS_CACHE_SERVER)

2420

2421

2422

def test_sess_cache_both(self):

2423

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2424

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

2425

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2426

"""

2427

self.assertEqual(0x3, SESS_CACHE_BOTH)

2428

2429

2430

def test_sess_cache_no_auto_clear(self):

2431

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2432

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

2433

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

2434

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2435

"""

2436

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

2437

2438

2439

def test_sess_cache_no_internal_lookup(self):

2440

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2441

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

2442

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

2443

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2444

"""

2445

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

2446

2447

2448

def test_sess_cache_no_internal_store(self):

2449

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2450

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

2451

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

2452

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2453

"""

2454

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

2455

2456

2457

def test_sess_cache_no_internal(self):

2458

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2459

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

2460

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

2461

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2462

"""

2463

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

2464

2465

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

2466

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2467

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2468

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2469

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2470

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2471

def _server(self, sock):

2472

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2473

Create a new server-side SSL :py:obj:`Connection` object wrapped around

2474

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2475

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2476

# Create the server side Connection. This is mostly setup boilerplate

2477

# - use TLSv1, use a particular certificate, etc.

2478

server_ctx = Context(TLSv1_METHOD)

2479

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2480

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2481

server_store = server_ctx.get_cert_store()

2482

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2483

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2484

server_ctx.check_privatekey()

2485

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2486

# Here the Connection is actually created. If None is passed as the 2nd

2487

# parameter, it indicates a memory BIO should be created.

2488

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2489

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2493

def _client(self, sock):

2494

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2495

Create a new client-side SSL :py:obj:`Connection` object wrapped around

2496

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2497

"""

2498

# Now create the client side Connection. Similar boilerplate to the

2499

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2500

client_ctx = Context(TLSv1_METHOD)

2501

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2502

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2503

client_store = client_ctx.get_cert_store()

2504

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

2505

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

2506

client_ctx.check_privatekey()

2507

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2508

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2509

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2513

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2514

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2515

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2516

reading from the output of each and writing those bytes to the input of

2517

the other and in this way establish a connection and exchange

2518

application-level bytes with each other.

2519

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2520

server_conn = self._server(None)

2521

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2522

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2523

# There should be no key or nonces yet.

2524

self.assertIdentical(server_conn.master_key(), None)

2525

self.assertIdentical(server_conn.client_random(), None)

2526

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2527

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2528

# First, the handshake needs to happen. We'll deliver bytes back and

2529

# forth between the client and server until neither of them feels like

2530

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2531

self.assertIdentical(

2532

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2533

2534

# Now that the handshake is done, there should be a key and nonces.

2535

self.assertNotIdentical(server_conn.master_key(), None)

2536

self.assertNotIdentical(server_conn.client_random(), None)

2537

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

2538

self.assertEquals(server_conn.client_random(), client_conn.client_random())

2539

self.assertEquals(server_conn.server_random(), client_conn.server_random())

2540

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

2541

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2542

2543

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2544

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2545

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2546

server_conn.write(important_message)

2547

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2548

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2549

(client_conn, important_message))

2550

2551

client_conn.write(important_message[::-1])

2552

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2553

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2554

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2555

2556

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2557

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2558

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2559

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2560

2561

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2562

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2563

this test fails, there must be a problem outside the memory BIO

2564

code, as no memory BIO is involved here). Even though this isn't a

2565

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2566

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

2567

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2568

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2569

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2570

client_conn.send(important_message)

2571

msg = server_conn.recv(1024)

2572

self.assertEqual(msg, important_message)

2573

2574

# Again in the other direction, just for fun.

2575

important_message = important_message[::-1]

2576

server_conn.send(important_message)

2577

msg = client_conn.recv(1024)

2578

self.assertEqual(msg, important_message)

2579

2580

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

2581

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2582

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2583

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

2584

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2585

"""

2586

context = Context(SSLv3_METHOD)

2587

client = socket()

2588

clientSSL = Connection(context, client)

2589

self.assertRaises( TypeError, clientSSL.bio_read, 100)

2590

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

2591

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2592

2593

2594

def test_outgoingOverflow(self):

2595

"""

2596

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2597

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2598

returned and that many bytes from the beginning of the input can be

2599

read from the other end of the connection.

2600

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2601

server = self._server(None)

2602

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2603

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2604

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2605

2606

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2607

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2608

# Sanity check. We're trying to test what happens when the entire

2609

# input can't be sent. If the entire input was sent, this test is

2610

# meaningless.

2611

self.assertTrue(sent < size)

2612

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2613

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2614

self.assertIdentical(receiver, server)

2615

2616

# We can rely on all of these bytes being received at once because

2617

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

2618

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2619

2620

2621

def test_shutdown(self):

2622

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2623

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

2624

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2625

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2626

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2627

server.bio_shutdown()

2628

e = self.assertRaises(Error, server.recv, 1024)

2629

# We don't want WantReadError or ZeroReturnError or anything - it's a

2630

# handshake failure.

2631

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2632

2633

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2634

def test_unexpectedEndOfFile(self):

2635

"""

2636

If the connection is lost before an orderly SSL shutdown occurs,

2637

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

2638

"Unexpected EOF".

2639

"""

2640

server_conn, client_conn = self._loopback()

2641

client_conn.sock_shutdown(SHUT_RDWR)

2642

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

2643

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

2644

2645

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2646

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2647

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2648

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2649

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

2650

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2651

before the client and server are connected to each other. This

2652

function should specify a list of CAs for the server to send to the

2653

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2654

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2655

times.

2656

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2657

server = self._server(None)

2658

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2659

self.assertEqual(client.get_client_ca_list(), [])

2660

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2661

ctx = server.get_context()

2662

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2663

self.assertEqual(client.get_client_ca_list(), [])

2664

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2665

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2666

self.assertEqual(client.get_client_ca_list(), expected)

2667

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2668

2669

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2670

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2671

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2672

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2673

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2674

"""

2675

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2676

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

2677

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

2678

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2679

2680

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2681

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2682

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2683

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2684

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2685

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2686

after the connection is set up.

2687

"""

2688

def no_ca(ctx):

2689

ctx.set_client_ca_list([])

2690

return []

2691

self._check_client_ca_list(no_ca)

2692

2693

2694

def test_set_one_ca_list(self):

2695

"""

2696

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2697

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2698

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2699

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2700

X509Name after the connection is set up.

2701

"""

2702

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2703

cadesc = cacert.get_subject()

2704

def single_ca(ctx):

2705

ctx.set_client_ca_list([cadesc])

2706

return [cadesc]

2707

self._check_client_ca_list(single_ca)

2708

2709

2710

def test_set_multiple_ca_list(self):

2711

"""

2712

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2713

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2714

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2715

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2716

X509Names after the connection is set up.

2717

"""

2718

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2719

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2720

2721

sedesc = secert.get_subject()

2722

cldesc = clcert.get_subject()

2723

2724

def multiple_ca(ctx):

2725

L = [sedesc, cldesc]

2726

ctx.set_client_ca_list(L)

2727

return L

2728

self._check_client_ca_list(multiple_ca)

2729

2730

2731

def test_reset_ca_list(self):

2732

"""

2733

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2734

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2735

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2736

"""

2737

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2738

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2739

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2740

2741

cadesc = cacert.get_subject()

2742

sedesc = secert.get_subject()

2743

cldesc = clcert.get_subject()

2744

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2745

def changed_ca(ctx):

2746

ctx.set_client_ca_list([sedesc, cldesc])

2747

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2748

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2749

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2750

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2751

2752

def test_mutated_ca_list(self):

2753

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2754

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2755

afterwards, this does not affect the list of CA names sent to the

2756

client.

2757

"""

2758

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2759

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2760

2761

cadesc = cacert.get_subject()

2762

sedesc = secert.get_subject()

2763

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2764

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2765

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2766

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2767

L.append(sedesc)

2768

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2769

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2770

2771

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2772

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2773

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2774

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2775

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2776

"""

2777

ctx = Context(TLSv1_METHOD)

2778

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2779

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2780

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2781

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2782

2783

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2784

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2785

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2786

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2787

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2788

"""

2789

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2790

cadesc = cacert.get_subject()

2791

def single_ca(ctx):

2792

ctx.add_client_ca(cacert)

2793

return [cadesc]

2794

self._check_client_ca_list(single_ca)

2795

2796

2797

def test_multiple_add_client_ca(self):

2798

"""

2799

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2800

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2801

"""

2802

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2803

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2804

2805

cadesc = cacert.get_subject()

2806

sedesc = secert.get_subject()

2807

2808

def multiple_ca(ctx):

2809

ctx.add_client_ca(cacert)

2810

ctx.add_client_ca(secert)

2811

return [cadesc, sedesc]

2812

self._check_client_ca_list(multiple_ca)

2813

2814

2815

def test_set_and_add_client_ca(self):

2816

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2817

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

2818

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2819

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2820

"""

2821

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2822

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2823

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2824

2825

cadesc = cacert.get_subject()

2826

sedesc = secert.get_subject()

2827

cldesc = clcert.get_subject()

2828

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2829

def mixed_set_add_ca(ctx):

2830

ctx.set_client_ca_list([cadesc, sedesc])

2831

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2832

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2833

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2834

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2835

2836

def test_set_after_add_client_ca(self):

2837

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2838

A call to :py:obj:`Context.set_client_ca_list` after a call to

2839

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2840

call with the names specified by the latter cal.

2841

"""

2842

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2843

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2844

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2845

2846

cadesc = cacert.get_subject()

2847

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2848

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2849

def set_replaces_add_ca(ctx):

2850

ctx.add_client_ca(clcert)

2851

ctx.set_client_ca_list([cadesc])

2852

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2853

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2854

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2855

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2856

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2857

2858

class ConnectionBIOTests(TestCase):

2859

"""

2860

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

2861

"""

2862

def test_wantReadError(self):

2863

"""

2864

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

2865

if there are no bytes available to be read from the BIO.

2866

"""

2867

ctx = Context(TLSv1_METHOD)

2868

conn = Connection(ctx, None)

2869

self.assertRaises(WantReadError, conn.bio_read, 1024)

2870

2871

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2872

def test_buffer_size(self):

2873

"""

2874

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

2875

number of bytes to read and return.

2876

"""

2877

ctx = Context(TLSv1_METHOD)

2878

conn = Connection(ctx, None)

2879

conn.set_connect_state()

2880

try:

2881

conn.do_handshake()

2882

except WantReadError:

2883

pass

2884

data = conn.bio_read(2)

2885

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

2890

"""

2891

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

2892

:py:obj:`long` as well as :py:obj:`int`.

2893

"""

2894

ctx = Context(TLSv1_METHOD)

2895

conn = Connection(ctx, None)

2896

conn.set_connect_state()

2897

try:

2898

conn.do_handshake()

2899

except WantReadError:

2900

pass

2901

data = conn.bio_read(long(2))

2902

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2906

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

2907

class InfoConstantTests(TestCase):

2908

"""

2909

Tests for assorted constants exposed for use in info callbacks.

2910

"""

2911

def test_integers(self):

2912

"""

2913

All of the info constants are integers.

2914

2915

This is a very weak test. It would be nice to have one that actually

2916

verifies that as certain info events happen, the value passed to the

2917

info callback matches up with the constant exposed by OpenSSL.SSL.

2918

"""

2919

for const in [

2920

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

2921

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

2922

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

2923

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

2924

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

2925

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

2926

2927

self.assertTrue(isinstance(const, int))

2928

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

2929

Jean-Paul Calderone