Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

5

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

8

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

9

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

10

from sys import platform, version_info

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

11

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

12

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

13

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

14

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

15

from weakref import ref

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame^]

16

from warnings import catch_warnings, simplefilter

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

17

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

18

from six import PY3, text_type, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

19

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

20

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

21

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

22

from OpenSSL.crypto import dump_privatekey, load_privatekey

23

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

24

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

25

Jean-Paul Calderone

b41d1f4

2014-04-17 16:02:04 -0400

[diff] [blame]

26

from OpenSSL.SSL import _lib

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

27

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

28

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

29

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

30

from OpenSSL.SSL import (

31

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

32

TLSv1_1_METHOD, TLSv1_2_METHOD)

33

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

34

from OpenSSL.SSL import (

35

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

36

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

37

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

38

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

39

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

40

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

41

42

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

43

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

44

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

45

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

46

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

47

from OpenSSL.test.util import TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

48

from OpenSSL.test.test_crypto import (

49

cleartextCertificatePEM, cleartextPrivateKeyPEM)

50

from OpenSSL.test.test_crypto import (

51

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

52

root_cert_pem)

53

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

54

try:

55

from OpenSSL.SSL import OP_NO_QUERY_MTU

56

except ImportError:

57

OP_NO_QUERY_MTU = None

58

try:

59

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

60

except ImportError:

61

OP_COOKIE_EXCHANGE = None

62

try:

63

from OpenSSL.SSL import OP_NO_TICKET

64

except ImportError:

65

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

66

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

67

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

68

from OpenSSL.SSL import OP_NO_COMPRESSION

69

except ImportError:

70

OP_NO_COMPRESSION = None

71

72

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

73

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

74

except ImportError:

75

MODE_RELEASE_BUFFERS = None

76

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

77

try:

78

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

79

except ImportError:

80

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

81

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

82

from OpenSSL.SSL import (

83

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

84

SSL_ST_OK, SSL_ST_RENEGOTIATE,

85

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

86

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

87

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

88

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

89

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

90

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

91

# to use)

92

dhparam = """\

93

-----BEGIN DH PARAMETERS-----

94

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

95

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

99

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

100

return ok

101

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

102

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

103

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

104

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

105

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

106

"""

107

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

113

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

114

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

115

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

116

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

117

# Let's pass some unencrypted data to make sure our socket connection is

118

# fine. Just one byte, so we don't have to worry about buffers getting

119

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

120

server.send(b("x"))

121

assert client.recv(1024) == b("x")

122

client.send(b("y"))

123

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

124

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

125

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

126

server.setblocking(False)

127

client.setblocking(False)

128

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

129

return (server, client)

130

131

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

132

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

133

def handshake(client, server):

134

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

145

def _create_certificate_chain():

146

"""

147

Construct and return a chain of certificates.

148

149

1. A new self-signed certificate authority certificate (cacert)

150

2. A new intermediate certificate signed by cacert (icert)

151

3. A new server certificate signed by icert (scert)

152

"""

153

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

158

cacert = X509()

159

cacert.get_subject().commonName = "Authority Certificate"

160

cacert.set_issuer(cacert.get_subject())

161

cacert.set_pubkey(cakey)

162

cacert.set_notBefore(b("20000101000000Z"))

163

cacert.set_notAfter(b("20200101000000Z"))

164

cacert.add_extensions([caext])

165

cacert.set_serial_number(0)

166

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

171

icert = X509()

172

icert.get_subject().commonName = "Intermediate Certificate"

173

icert.set_issuer(cacert.get_subject())

174

icert.set_pubkey(ikey)

175

icert.set_notBefore(b("20000101000000Z"))

176

icert.set_notAfter(b("20200101000000Z"))

177

icert.add_extensions([caext])

178

icert.set_serial_number(0)

179

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

184

scert = X509()

185

scert.get_subject().commonName = "Server Certificate"

186

scert.set_issuer(icert.get_subject())

187

scert.set_pubkey(skey)

188

scert.set_notBefore(b("20000101000000Z"))

189

scert.set_notAfter(b("20200101000000Z"))

190

scert.add_extensions([

191

X509Extension(b('basicConstraints'), True, b('CA:false'))])

192

scert.set_serial_number(0)

193

scert.sign(ikey, "sha1")

194

195

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

199

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

200

"""

201

Helper mixin which defines methods for creating a connected socket pair and

202

for forcing two connected SSL sockets to talk to each other via memory BIOs.

203

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

204

def _loopbackClientFactory(self, socket):

205

client = Connection(Context(TLSv1_METHOD), socket)

206

client.set_connect_state()

207

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

208

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

209

210

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

211

ctx = Context(TLSv1_METHOD)

212

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

213

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

214

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

215

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

220

if serverFactory is None:

221

serverFactory = self._loopbackServerFactory

222

if clientFactory is None:

223

clientFactory = self._loopbackClientFactory

224

225

(server, client) = socket_pair()

226

server = serverFactory(server)

227

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

228

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

229

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

230

231

server.setblocking(True)

232

client.setblocking(True)

233

return server, client

234

235

236

def _interactInMemory(self, client_conn, server_conn):

237

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

238

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

239

objects. Copy bytes back and forth between their send/receive buffers

240

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

241

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

242

some application bytes, return a two-tuple of the connection from which

243

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

248

wrote = False

249

250

# Copy stuff from each side's send buffer to the other side's

251

# receive buffer.

252

for (read, write) in [(client_conn, server_conn),

253

(server_conn, client_conn)]:

254

255

# Give the side a chance to generate some more bytes, or

256

# succeed.

257

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

258

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

259

except WantReadError:

260

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

265

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

266

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

267

268

while True:

269

# Keep copying as long as there's more stuff there.

270

try:

271

dirty = read.bio_read(4096)

272

except WantReadError:

273

# Okay, nothing more waiting to be sent. Stop

274

# processing this send buffer.

275

break

276

else:

277

# Keep track of the fact that someone generated some

278

# output.

279

wrote = True

280

write.bio_write(dirty)

281

282

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

283

def _handshakeInMemory(self, client_conn, server_conn):

Jean-Paul Calderone

b2b4078

2014-05-06 08:47:40 -0400

[diff] [blame]

284

"""

285

Perform the TLS handshake between two :py:class:`Connection` instances

286

connected to each other via memory BIOs.

287

"""

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

288

client_conn.set_connect_state()

289

server_conn.set_accept_state()

290

291

for conn in [client_conn, server_conn]:

292

try:

293

conn.do_handshake()

294

except WantReadError:

295

pass

296

297

self._interactInMemory(client_conn, server_conn)

298

299

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

300

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

301

class VersionTests(TestCase):

302

"""

303

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

304

:py:obj:`OpenSSL.SSL.SSLeay_version` and

305

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

306

"""

307

def test_OPENSSL_VERSION_NUMBER(self):

308

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

309

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

310

byte and the patch, fix, minor, and major versions in the

311

nibbles above that.

312

"""

313

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

314

315

316

def test_SSLeay_version(self):

317

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

318

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

319

one of a number of version strings based on that indicator.

320

"""

321

versions = {}

322

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

323

SSLEAY_PLATFORM, SSLEAY_DIR]:

324

version = SSLeay_version(t)

325

versions[version] = t

326

self.assertTrue(isinstance(version, bytes))

327

self.assertEqual(len(versions), 5)

328

329

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

330

331

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

332

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

333

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

334

"""

335

def test_method(self):

336

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

337

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

338

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

339

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

340

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

341

methods = [

342

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

343

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

344

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

345

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

346

347

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

352

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

353

# don't. Difficult to say in advance.

354

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

355

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

356

self.assertRaises(TypeError, Context, "")

357

self.assertRaises(ValueError, Context, 10)

358

359

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

360

if not PY3:

361

def test_method_long(self):

362

"""

363

On Python 2 :py:class:`Context` accepts values of type

364

:py:obj:`long` as well as :py:obj:`int`.

365

"""

366

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

370

def test_type(self):

371

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

372

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

373

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

374

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

375

self.assertIdentical(Context, ContextType)

376

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

377

378

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

379

def test_use_privatekey(self):

380

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

381

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

382

"""

383

key = PKey()

384

key.generate_key(TYPE_RSA, 128)

385

ctx = Context(TLSv1_METHOD)

386

ctx.use_privatekey(key)

387

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

388

389

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

390

def test_use_privatekey_file_missing(self):

391

"""

392

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

393

when passed the name of a file which does not exist.

394

"""

395

ctx = Context(TLSv1_METHOD)

396

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

397

398

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

399

if not PY3:

400

def test_use_privatekey_file_long(self):

401

"""

402

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

403

filetype of type :py:obj:`long` as well as :py:obj:`int`.

404

"""

405

pemfile = self.mktemp()

406

407

key = PKey()

408

key.generate_key(TYPE_RSA, 128)

409

410

with open(pemfile, "wt") as pem:

411

pem.write(

412

dump_privatekey(FILETYPE_PEM, key).decode("ascii"))

413

414

ctx = Context(TLSv1_METHOD)

415

ctx.use_privatekey_file(pemfile, long(FILETYPE_PEM))

416

417

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

418

def test_use_certificate_wrong_args(self):

419

"""

420

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

421

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

422

argument.

423

"""

424

ctx = Context(TLSv1_METHOD)

425

self.assertRaises(TypeError, ctx.use_certificate)

426

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

427

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

428

429

430

def test_use_certificate_uninitialized(self):

431

"""

432

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

433

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

434

initialized (ie, which does not actually have any certificate data).

435

"""

436

ctx = Context(TLSv1_METHOD)

437

self.assertRaises(Error, ctx.use_certificate, X509())

438

439

440

def test_use_certificate(self):

441

"""

442

:py:obj:`Context.use_certificate` sets the certificate which will be

443

used to identify connections created using the context.

444

"""

445

# TODO

446

# Hard to assert anything. But we could set a privatekey then ask

447

# OpenSSL if the cert and key agree using check_privatekey. Then as

448

# long as check_privatekey works right we're good...

449

ctx = Context(TLSv1_METHOD)

450

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

451

452

453

def test_use_certificate_file_wrong_args(self):

454

"""

455

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

456

called with zero arguments or more than two arguments, or if the first

457

argument is not a byte string or the second argumnent is not an integer.

458

"""

459

ctx = Context(TLSv1_METHOD)

460

self.assertRaises(TypeError, ctx.use_certificate_file)

461

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

462

self.assertRaises(

463

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

464

self.assertRaises(

465

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

466

self.assertRaises(

467

TypeError, ctx.use_certificate_file, b"somefile", object())

468

469

470

def test_use_certificate_file_missing(self):

471

"""

472

:py:obj:`Context.use_certificate_file` raises

473

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

474

exist.

475

"""

476

ctx = Context(TLSv1_METHOD)

477

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

478

479

480

def test_use_certificate_file(self):

481

"""

482

:py:obj:`Context.use_certificate` sets the certificate which will be

483

used to identify connections created using the context.

484

"""

485

# TODO

486

# Hard to assert anything. But we could set a privatekey then ask

487

# OpenSSL if the cert and key agree using check_privatekey. Then as

488

# long as check_privatekey works right we're good...

489

pem_filename = self.mktemp()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

490

with open(pem_filename, "wb") as pem_file:

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

491

pem_file.write(cleartextCertificatePEM)

492

493

ctx = Context(TLSv1_METHOD)

494

ctx.use_certificate_file(pem_filename)

495

496

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

497

if not PY3:

498

def test_use_certificate_file_long(self):

499

"""

500

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

501

filetype of type :py:obj:`long` as well as :py:obj:`int`.

502

"""

503

pem_filename = self.mktemp()

504

with open(pem_filename, "wb") as pem_file:

505

pem_file.write(cleartextCertificatePEM)

506

507

ctx = Context(TLSv1_METHOD)

508

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

509

510

Jean-Paul Calderone

932f5cc

2014-12-11 13:58:00 -0500

[diff] [blame]

511

def test_check_privatekey_valid(self):

512

"""

513

:py:obj:`Context.check_privatekey` returns :py:obj:`None` if the

514

:py:obj:`Context` instance has been configured to use a matched key and

515

certificate pair.

516

"""

517

key = load_privatekey(FILETYPE_PEM, client_key_pem)

518

cert = load_certificate(FILETYPE_PEM, client_cert_pem)

519

context = Context(TLSv1_METHOD)

520

context.use_privatekey(key)

521

context.use_certificate(cert)

522

self.assertIs(None, context.check_privatekey())

523

524

525

def test_check_privatekey_invalid(self):

526

"""

527

:py:obj:`Context.check_privatekey` raises :py:obj:`Error` if the

528

:py:obj:`Context` instance has been configured to use a key and

529

certificate pair which don't relate to each other.

530

"""

531

key = load_privatekey(FILETYPE_PEM, client_key_pem)

532

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

533

context = Context(TLSv1_METHOD)

534

context.use_privatekey(key)

535

context.use_certificate(cert)

536

self.assertRaises(Error, context.check_privatekey)

537

538

539

def test_check_privatekey_wrong_args(self):

540

"""

541

:py:obj:`Context.check_privatekey` raises :py:obj:`TypeError` if called

542

with other than no arguments.

543

"""

544

context = Context(TLSv1_METHOD)

545

self.assertRaises(TypeError, context.check_privatekey, object())

546

547

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

548

def test_set_app_data_wrong_args(self):

549

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

550

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

551

one argument.

552

"""

553

context = Context(TLSv1_METHOD)

554

self.assertRaises(TypeError, context.set_app_data)

555

self.assertRaises(TypeError, context.set_app_data, None, None)

556

557

558

def test_get_app_data_wrong_args(self):

559

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

560

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

561

arguments.

562

"""

563

context = Context(TLSv1_METHOD)

564

self.assertRaises(TypeError, context.get_app_data, None)

565

566

567

def test_app_data(self):

568

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

569

:py:obj:`Context.set_app_data` stores an object for later retrieval using

570

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

571

"""

572

app_data = object()

573

context = Context(TLSv1_METHOD)

574

context.set_app_data(app_data)

575

self.assertIdentical(context.get_app_data(), app_data)

576

577

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

578

def test_set_options_wrong_args(self):

579

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

580

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

581

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

582

"""

583

context = Context(TLSv1_METHOD)

584

self.assertRaises(TypeError, context.set_options)

585

self.assertRaises(TypeError, context.set_options, None)

586

self.assertRaises(TypeError, context.set_options, 1, None)

587

588

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

589

def test_set_options(self):

590

"""

591

:py:obj:`Context.set_options` returns the new options value.

592

"""

593

context = Context(TLSv1_METHOD)

594

options = context.set_options(OP_NO_SSLv2)

595

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

600

"""

601

On Python 2 :py:obj:`Context.set_options` accepts values of type

602

:py:obj:`long` as well as :py:obj:`int`.

603

"""

604

context = Context(TLSv1_METHOD)

605

options = context.set_options(long(OP_NO_SSLv2))

606

self.assertTrue(OP_NO_SSLv2 & options)

607

608

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

609

def test_set_mode_wrong_args(self):

610

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

611

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

612

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

613

"""

614

context = Context(TLSv1_METHOD)

615

self.assertRaises(TypeError, context.set_mode)

616

self.assertRaises(TypeError, context.set_mode, None)

617

self.assertRaises(TypeError, context.set_mode, 1, None)

618

619

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

620

if MODE_RELEASE_BUFFERS is not None:

621

def test_set_mode(self):

622

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

623

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

624

set mode.

625

"""

626

context = Context(TLSv1_METHOD)

627

self.assertTrue(

628

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

629

630

if not PY3:

631

def test_set_mode_long(self):

632

"""

633

On Python 2 :py:obj:`Context.set_mode` accepts values of type

634

:py:obj:`long` as well as :py:obj:`int`.

635

"""

636

context = Context(TLSv1_METHOD)

637

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

638

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

639

else:

640

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

641

642

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

643

def test_set_timeout_wrong_args(self):

644

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

645

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

646

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

647

"""

648

context = Context(TLSv1_METHOD)

649

self.assertRaises(TypeError, context.set_timeout)

650

self.assertRaises(TypeError, context.set_timeout, None)

651

self.assertRaises(TypeError, context.set_timeout, 1, None)

652

653

654

def test_get_timeout_wrong_args(self):

655

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

656

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

657

"""

658

context = Context(TLSv1_METHOD)

659

self.assertRaises(TypeError, context.get_timeout, None)

660

661

662

def test_timeout(self):

663

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

664

:py:obj:`Context.set_timeout` sets the session timeout for all connections

665

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

666

value.

667

"""

668

context = Context(TLSv1_METHOD)

669

context.set_timeout(1234)

670

self.assertEquals(context.get_timeout(), 1234)

671

672

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

673

if not PY3:

674

def test_timeout_long(self):

675

"""

676

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

677

`long` as well as int.

678

"""

679

context = Context(TLSv1_METHOD)

680

context.set_timeout(long(1234))

681

self.assertEquals(context.get_timeout(), 1234)

682

683

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

684

def test_set_verify_depth_wrong_args(self):

685

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

686

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

687

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

688

"""

689

context = Context(TLSv1_METHOD)

690

self.assertRaises(TypeError, context.set_verify_depth)

691

self.assertRaises(TypeError, context.set_verify_depth, None)

692

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

693

694

695

def test_get_verify_depth_wrong_args(self):

696

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

697

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

698

"""

699

context = Context(TLSv1_METHOD)

700

self.assertRaises(TypeError, context.get_verify_depth, None)

701

702

703

def test_verify_depth(self):

704

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

705

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

706

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

707

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

708

"""

709

context = Context(TLSv1_METHOD)

710

context.set_verify_depth(11)

711

self.assertEquals(context.get_verify_depth(), 11)

712

713

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

714

if not PY3:

715

def test_verify_depth_long(self):

716

"""

717

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

718

type `long` as well as int.

719

"""

720

context = Context(TLSv1_METHOD)

721

context.set_verify_depth(long(11))

722

self.assertEquals(context.get_verify_depth(), 11)

723

724

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

725

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

726

"""

727

Write a new private key out to a new file, encrypted using the given

728

passphrase. Return the path to the new file.

729

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

730

key = PKey()

731

key.generate_key(TYPE_RSA, 128)

732

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

733

fObj = open(pemFile, 'w')

734

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

735

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

740

def test_set_passwd_cb_wrong_args(self):

741

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

742

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

743

wrong arguments or with a non-callable first argument.

744

"""

745

context = Context(TLSv1_METHOD)

746

self.assertRaises(TypeError, context.set_passwd_cb)

747

self.assertRaises(TypeError, context.set_passwd_cb, None)

748

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

749

750

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

751

def test_set_passwd_cb(self):

752

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

753

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

754

a private key is loaded from an encrypted PEM.

755

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

756

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

757

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

758

calledWith = []

759

def passphraseCallback(maxlen, verify, extra):

760

calledWith.append((maxlen, verify, extra))

761

return passphrase

762

context = Context(TLSv1_METHOD)

763

context.set_passwd_cb(passphraseCallback)

764

context.use_privatekey_file(pemFile)

765

self.assertTrue(len(calledWith), 1)

766

self.assertTrue(isinstance(calledWith[0][0], int))

767

self.assertTrue(isinstance(calledWith[0][1], int))

768

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

769

770

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

771

def test_passwd_callback_exception(self):

772

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

773

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

774

passphrase callback.

775

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

776

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

777

def passphraseCallback(maxlen, verify, extra):

778

raise RuntimeError("Sorry, I am a fail.")

779

780

context = Context(TLSv1_METHOD)

781

context.set_passwd_cb(passphraseCallback)

782

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

783

784

785

def test_passwd_callback_false(self):

786

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

787

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

788

passphrase callback returns a false value.

789

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

790

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

791

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

792

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

793

794

context = Context(TLSv1_METHOD)

795

context.set_passwd_cb(passphraseCallback)

796

self.assertRaises(Error, context.use_privatekey_file, pemFile)

797

798

799

def test_passwd_callback_non_string(self):

800

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

801

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

802

passphrase callback returns a true non-string value.

803

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

804

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

805

def passphraseCallback(maxlen, verify, extra):

806

return 10

807

808

context = Context(TLSv1_METHOD)

809

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

810

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

811

812

813

def test_passwd_callback_too_long(self):

814

"""

815

If the passphrase returned by the passphrase callback returns a string

816

longer than the indicated maximum length, it is truncated.

817

"""

818

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

819

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

820

pemFile = self._write_encrypted_pem(passphrase)

821

def passphraseCallback(maxlen, verify, extra):

822

assert maxlen == 1024

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

823

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

824

825

context = Context(TLSv1_METHOD)

826

context.set_passwd_cb(passphraseCallback)

827

# This shall succeed because the truncated result is the correct

828

# passphrase.

829

context.use_privatekey_file(pemFile)

830

831

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

832

def test_set_info_callback(self):

833

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

834

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

835

when certain information about an SSL connection is available.

836

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

837

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

838

839

clientSSL = Connection(Context(TLSv1_METHOD), client)

840

clientSSL.set_connect_state()

841

842

called = []

843

def info(conn, where, ret):

844

called.append((conn, where, ret))

845

context = Context(TLSv1_METHOD)

846

context.set_info_callback(info)

847

context.use_certificate(

848

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

849

context.use_privatekey(

850

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

851

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

852

serverSSL = Connection(context, server)

853

serverSSL.set_accept_state()

854

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

855

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

856

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

857

# The callback must always be called with a Connection instance as the

858

# first argument. It would probably be better to split this into

859

# separate tests for client and server side info callbacks so we could

860

# assert it is called with the right Connection instance. It would

861

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

862

notConnections = [

863

conn for (conn, where, ret) in called

864

if not isinstance(conn, Connection)]

865

self.assertEqual(

866

[], notConnections,

867

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

868

869

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

870

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

871

"""

872

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

873

its :py:obj:`load_verify_locations` method with the given arguments.

874

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

875

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

876

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

877

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

878

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

879

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

880

# Require that the server certificate verify properly or the

881

# connection will fail.

882

clientContext.set_verify(

883

VERIFY_PEER,

884

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

885

886

clientSSL = Connection(clientContext, client)

887

clientSSL.set_connect_state()

888

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

889

serverContext = Context(TLSv1_METHOD)

890

serverContext.use_certificate(

891

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

892

serverContext.use_privatekey(

893

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

894

895

serverSSL = Connection(serverContext, server)

896

serverSSL.set_accept_state()

897

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

898

# Without load_verify_locations above, the handshake

899

# will fail:

900

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

901

# 'certificate verify failed')]

902

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

903

904

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

905

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

906

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

907

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

908

def test_load_verify_file(self):

909

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

910

:py:obj:`Context.load_verify_locations` accepts a file name and uses the

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

911

certificates within for verification purposes.

912

"""

913

cafile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

914

fObj = open(cafile, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

915

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

916

fObj.close()

917

918

self._load_verify_locations_test(cafile)

919

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

920

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame^]

921

def test_load_verify_warning(self):

922

"""

923

:py:obj:`Context.load_verify_locations` accepts a file name and uses the

924

certificates within for verification purposes. Raises a warning when

925

using a text in cafile.

926

"""

927

cafile = self.mktemp()

928

fObj = open(cafile, 'w')

929

fObj.write(cleartextCertificatePEM.decode('ascii'))

930

fObj.close()

931

932

with catch_warnings(record=True) as w:

933

simplefilter("always")

934

if version_info.major == 2:

935

self._load_verify_locations_test(unicode(cafile))

936

self.assertTrue("unicode in cafile is no longer accepted, use bytes" in str(w[-1].message))

937

elif version_info.major == 3:

938

self._load_verify_locations_test(cafile.decode())

939

self.assertTrue("str in cafile is no longer accepted, use bytes" in str(w[-1].message))

940

self.assertTrue(issubclass(w[-1].category, DeprecationWarning))

941

942

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

943

def test_load_verify_invalid_file(self):

944

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

945

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

946

non-existent cafile.

947

"""

948

clientContext = Context(TLSv1_METHOD)

949

self.assertRaises(

950

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

951

952

953

def test_load_verify_directory(self):

954

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

955

:py:obj:`Context.load_verify_locations` accepts a directory name and uses

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

956

the certificates within for verification purposes.

957

"""

958

capath = self.mktemp()

959

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

960

# Hash values computed manually with c_rehash to avoid depending on

961

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

962

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

963

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

964

cafile = join(capath, name)

965

fObj = open(cafile, 'w')

966

fObj.write(cleartextCertificatePEM.decode('ascii'))

967

fObj.close()

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

968

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

969

self._load_verify_locations_test(None, capath)

970

971

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

972

def test_load_verify_locations_wrong_args(self):

973

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

974

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

975

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

976

"""

977

context = Context(TLSv1_METHOD)

978

self.assertRaises(TypeError, context.load_verify_locations)

979

self.assertRaises(TypeError, context.load_verify_locations, object())

980

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

981

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

982

983

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

984

if platform == "win32":

985

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

986

"See LP#404343 and LP#404344."

987

else:

988

def test_set_default_verify_paths(self):

989

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

990

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

991

certificate locations to be used for verification purposes.

992

"""

993

# Testing this requires a server with a certificate signed by one of

994

# the CAs in the platform CA location. Getting one of those costs

995

# money. Fortunately (or unfortunately, depending on your

996

# perspective), it's easy to think of a public server on the

997

# internet which has such a certificate. Connecting to the network

998

# in a unit test is bad, but it's the only way I can think of to

999

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1000

Alex Gaynor

b586da3

2014-11-15 09:22:21 -0800

[diff] [blame]

1001

# Arg, verisign.com doesn't speak anything newer than TLS 1.0

1002

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1003

context.set_default_verify_paths()

1004

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

1005

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1006

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1007

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1008

client = socket()

1009

client.connect(('verisign.com', 443))

1010

clientSSL = Connection(context, client)

1011

clientSSL.set_connect_state()

1012

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1013

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1014

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1015

1016

1017

def test_set_default_verify_paths_signature(self):

1018

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1019

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

1020

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1021

"""

1022

context = Context(TLSv1_METHOD)

1023

self.assertRaises(TypeError, context.set_default_verify_paths, None)

1024

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

1025

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1026

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1027

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1028

def test_add_extra_chain_cert_invalid_cert(self):

1029

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1030

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1031

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1032

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1033

"""

1034

context = Context(TLSv1_METHOD)

1035

self.assertRaises(TypeError, context.add_extra_chain_cert)

1036

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

1037

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

1038

1039

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1040

def _handshake_test(self, serverContext, clientContext):

1041

"""

1042

Verify that a client and server created with the given contexts can

1043

successfully handshake and communicate.

1044

"""

1045

serverSocket, clientSocket = socket_pair()

1046

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1047

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1048

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1049

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1050

client = Connection(clientContext, clientSocket)

1051

client.set_connect_state()

1052

1053

# Make them talk to each other.

1054

# self._interactInMemory(client, server)

1055

for i in range(3):

1056

for s in [client, server]:

1057

try:

1058

s.do_handshake()

1059

except WantReadError:

pass

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1063

def test_set_verify_callback_connection_argument(self):

1064

"""

1065

The first argument passed to the verify callback is the

1066

:py:class:`Connection` instance for which verification is taking place.

1067

"""

1068

serverContext = Context(TLSv1_METHOD)

1069

serverContext.use_privatekey(

1070

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1071

serverContext.use_certificate(

1072

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1073

serverConnection = Connection(serverContext, None)

1074

1075

class VerifyCallback(object):

1076

def callback(self, connection, *args):

1077

self.connection = connection

1078

return 1

1079

1080

verify = VerifyCallback()

1081

clientContext = Context(TLSv1_METHOD)

1082

clientContext.set_verify(VERIFY_PEER, verify.callback)

1083

clientConnection = Connection(clientContext, None)

1084

clientConnection.set_connect_state()

1085

1086

self._handshakeInMemory(clientConnection, serverConnection)

1087

1088

self.assertIdentical(verify.connection, clientConnection)

1089

1090

Jean-Paul Calderone

7e166fe

2013-03-06 20:54:38 -0800

[diff] [blame]

1091

def test_set_verify_callback_exception(self):

1092

"""

1093

If the verify callback passed to :py:obj:`Context.set_verify` raises an

1094

exception, verification fails and the exception is propagated to the

1095

caller of :py:obj:`Connection.do_handshake`.

1096

"""

1097

serverContext = Context(TLSv1_METHOD)

1098

serverContext.use_privatekey(

1099

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1100

serverContext.use_certificate(

1101

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1102

1103

clientContext = Context(TLSv1_METHOD)

1104

def verify_callback(*args):

1105

raise Exception("silly verify failure")

1106

clientContext.set_verify(VERIFY_PEER, verify_callback)

1107

1108

exc = self.assertRaises(

1109

Exception, self._handshake_test, serverContext, clientContext)

1110

self.assertEqual("silly verify failure", str(exc))

1111

1112

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1113

def test_add_extra_chain_cert(self):

1114

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1115

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509` instance to add to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1116

the certificate chain.

1117

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1118

See :py:obj:`_create_certificate_chain` for the details of the certificate

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1119

chain tested.

1120

1121

The chain is tested by starting a server with scert and connecting

1122

to it with a client which trusts cacert and requires verification to

1123

succeed.

1124

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1125

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1126

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1127

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1128

# Dump the CA certificate to a file because that's the only way to load

1129

# it as a trusted CA in the client context.

1130

for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1131

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1132

fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1133

fObj.close()

1134

1135

for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1136

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1137

fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1138

fObj.close()

1139

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1140

# Create the server context

1141

serverContext = Context(TLSv1_METHOD)

1142

serverContext.use_privatekey(skey)

1143

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1144

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1145

serverContext.add_extra_chain_cert(icert)

1146

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1147

# Create the client

1148

clientContext = Context(TLSv1_METHOD)

1149

clientContext.set_verify(

1150

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1151

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1152

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1153

# Try it out.

1154

self._handshake_test(serverContext, clientContext)

1155

1156

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1157

def test_use_certificate_chain_file(self):

1158

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1159

:py:obj:`Context.use_certificate_chain_file` reads a certificate chain from

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1160

the specified file.

1161

1162

The chain is tested by starting a server with scert and connecting

1163

to it with a client which trusts cacert and requires verification to

1164

succeed.

1165

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1166

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1167

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1168

1169

# Write out the chain file.

1170

chainFile = self.mktemp()

Jean-Paul Calderone

d860798

2014-01-18 10:30:55 -0500

[diff] [blame]

1171

fObj = open(chainFile, 'wb')

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1172

# Most specific to least general.

Jean-Paul Calderone

d860798

2014-01-18 10:30:55 -0500

[diff] [blame]

1173

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1174

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1175

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1176

fObj.close()

1177

1178

serverContext = Context(TLSv1_METHOD)

1179

serverContext.use_certificate_chain_file(chainFile)

1180

serverContext.use_privatekey(skey)

1181

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1182

fObj = open('ca.pem', 'w')

1183

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1184

fObj.close()

1185

1186

clientContext = Context(TLSv1_METHOD)

1187

clientContext.set_verify(

1188

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1189

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1190

1191

self._handshake_test(serverContext, clientContext)

1192

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1193

1194

def test_use_certificate_chain_file_wrong_args(self):

1195

"""

1196

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1197

if passed zero or more than one argument or when passed a non-byte

1198

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1199

passed a bad chain file name (for example, the name of a file which does

1200

not exist).

1201

"""

1202

context = Context(TLSv1_METHOD)

1203

self.assertRaises(TypeError, context.use_certificate_chain_file)

1204

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1205

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1206

1207

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1208

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1209

# XXX load_client_ca

1210

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1211

1212

def test_get_verify_mode_wrong_args(self):

1213

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1214

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1215

arguments.

1216

"""

1217

context = Context(TLSv1_METHOD)

1218

self.assertRaises(TypeError, context.get_verify_mode, None)

1219

1220

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1221

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1222

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1223

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1224

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1225

"""

1226

context = Context(TLSv1_METHOD)

1227

self.assertEquals(context.get_verify_mode(), 0)

1228

context.set_verify(

1229

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1230

self.assertEquals(

1231

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1232

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1233

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1234

if not PY3:

1235

def test_set_verify_mode_long(self):

1236

"""

1237

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1238

type :py:obj:`long` as well as :py:obj:`int`.

1239

"""

1240

context = Context(TLSv1_METHOD)

1241

self.assertEquals(context.get_verify_mode(), 0)

1242

context.set_verify(

1243

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1244

self.assertEquals(

1245

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1246

1247

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1248

def test_load_tmp_dh_wrong_args(self):

1249

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1250

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1251

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1252

"""

1253

context = Context(TLSv1_METHOD)

1254

self.assertRaises(TypeError, context.load_tmp_dh)

1255

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1256

self.assertRaises(TypeError, context.load_tmp_dh, object())

1257

1258

1259

def test_load_tmp_dh_missing_file(self):

1260

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1261

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1262

does not exist.

1263

"""

1264

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1265

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1266

1267

1268

def test_load_tmp_dh(self):

1269

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1270

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1271

specified file.

1272

"""

1273

context = Context(TLSv1_METHOD)

1274

dhfilename = self.mktemp()

1275

dhfile = open(dhfilename, "w")

1276

dhfile.write(dhparam)

1277

dhfile.close()

1278

context.load_tmp_dh(dhfilename)

1279

# XXX What should I assert here? -exarkun

1280

1281

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1282

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1283

"""

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1284

:py:obj:`Context.set_tmp_ecdh` sets the elliptic curve for

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1285

Diffie-Hellman to the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1286

"""

1287

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1288

for curve in get_elliptic_curves():

1289

# The only easily "assertable" thing is that it does not raise an

1290

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1291

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1292

1293

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1294

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1295

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1296

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1297

ciphers which connections created with the context object will be able

1298

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1299

"""

1300

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1301

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1302

conn = Connection(context, None)

1303

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1304

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1305

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1306

def test_set_cipher_list_text(self):

1307

"""

1308

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1309

the ciphers which connections created with the context object will be

1310

able to choose from.

1311

"""

1312

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1313

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1314

conn = Connection(context, None)

1315

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1316

1317

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1318

def test_set_cipher_list_wrong_args(self):

1319

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1320

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1321

passed zero arguments or more than one argument or when passed a

1322

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1323

passed an incorrect cipher list string.

1324

"""

1325

context = Context(TLSv1_METHOD)

1326

self.assertRaises(TypeError, context.set_cipher_list)

1327

self.assertRaises(TypeError, context.set_cipher_list, object())

1328

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1329

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1330

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1331

1332

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1333

def test_set_session_cache_mode_wrong_args(self):

1334

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1335

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1336

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1337

"""

1338

context = Context(TLSv1_METHOD)

1339

self.assertRaises(TypeError, context.set_session_cache_mode)

1340

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1341

1342

1343

def test_get_session_cache_mode_wrong_args(self):

1344

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1345

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1346

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1347

"""

1348

context = Context(TLSv1_METHOD)

1349

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1350

1351

1352

def test_session_cache_mode(self):

1353

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1354

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1355

cached. The setting can be retrieved via

1356

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1357

"""

1358

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1359

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1360

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1361

self.assertEqual(SESS_CACHE_OFF, off)

1362

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1363

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1364

if not PY3:

1365

def test_session_cache_mode_long(self):

1366

"""

1367

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1368

of type :py:obj:`long` as well as :py:obj:`int`.

1369

"""

1370

context = Context(TLSv1_METHOD)

1371

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1372

self.assertEqual(

1373

SESS_CACHE_BOTH, context.get_session_cache_mode())

1374

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1375

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1376

def test_get_cert_store(self):

1377

"""

1378

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1379

"""

1380

context = Context(TLSv1_METHOD)

1381

store = context.get_cert_store()

1382

self.assertIsInstance(store, X509Store)

1383

1384

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1385

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1386

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1387

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1388

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1389

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1390

"""

1391

def test_wrong_args(self):

1392

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1393

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1394

with other than one argument.

1395

"""

1396

context = Context(TLSv1_METHOD)

1397

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1398

self.assertRaises(

1399

TypeError, context.set_tlsext_servername_callback, 1, 2)

1400

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1401

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1402

def test_old_callback_forgotten(self):

1403

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1404

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1405

callback, the one it replaces is dereferenced.

1406

"""

1407

def callback(connection):

1408

pass

1409

1410

def replacement(connection):

1411

pass

1412

1413

context = Context(TLSv1_METHOD)

1414

context.set_tlsext_servername_callback(callback)

1415

1416

tracker = ref(callback)

1417

del callback

1418

1419

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1420

1421

# One run of the garbage collector happens to work on CPython. PyPy

1422

# doesn't collect the underlying object until a second run for whatever

1423

# reason. That's fine, it still demonstrates our code has properly

1424

# dropped the reference.

1425

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1426

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1427

1428

callback = tracker()

1429

if callback is not None:

1430

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1431

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1432

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1433

1434

1435

def test_no_servername(self):

1436

"""

1437

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1438

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1439

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1440

"""

1441

args = []

1442

def servername(conn):

1443

args.append((conn, conn.get_servername()))

1444

context = Context(TLSv1_METHOD)

1445

context.set_tlsext_servername_callback(servername)

1446

1447

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1453

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1454

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1455

1456

# Do a little connection to trigger the logic

1457

server = Connection(context, None)

1458

server.set_accept_state()

1459

1460

client = Connection(Context(TLSv1_METHOD), None)

1461

client.set_connect_state()

1462

1463

self._interactInMemory(server, client)

1464

1465

self.assertEqual([(server, None)], args)

1466

1467

1468

def test_servername(self):

1469

"""

1470

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1471

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1472

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1473

"""

1474

args = []

1475

def servername(conn):

1476

args.append((conn, conn.get_servername()))

1477

context = Context(TLSv1_METHOD)

1478

context.set_tlsext_servername_callback(servername)

1479

1480

# Necessary to actually accept the connection

1481

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1482

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1483

1484

# Do a little connection to trigger the logic

1485

server = Connection(context, None)

1486

server.set_accept_state()

1487

1488

client = Connection(Context(TLSv1_METHOD), None)

1489

client.set_connect_state()

1490

client.set_tlsext_host_name(b("foo1.example.com"))

1491

1492

self._interactInMemory(server, client)

1493

1494

self.assertEqual([(server, b("foo1.example.com"))], args)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

1498

class SessionTests(TestCase):

1499

"""

1500

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1501

"""

1502

def test_construction(self):

1503

"""

1504

:py:class:`Session` can be constructed with no arguments, creating a new

1505

instance of that type.

1506

"""

1507

new_session = Session()

1508

self.assertTrue(isinstance(new_session, Session))

1509

1510

1511

def test_construction_wrong_args(self):

1512

"""

1513

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

1514

is raised.

1515

"""

1516

self.assertRaises(TypeError, Session, 123)

1517

self.assertRaises(TypeError, Session, "hello")

1518

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1522

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1523

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1524

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1525

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1526

# XXX get_peer_certificate -> None

1527

# XXX sock_shutdown

1528

# XXX master_key -> TypeError

1529

# XXX server_random -> TypeError

1530

# XXX state_string

1531

# XXX connect -> TypeError

1532

# XXX connect_ex -> TypeError

1533

# XXX set_connect_state -> TypeError

1534

# XXX set_accept_state -> TypeError

1535

# XXX renegotiate_pending

1536

# XXX do_handshake -> TypeError

1537

# XXX bio_read -> TypeError

1538

# XXX recv -> TypeError

1539

# XXX send -> TypeError

1540

# XXX bio_write -> TypeError

1541

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1542

def test_type(self):

1543

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1544

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1545

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1546

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1547

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1548

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1549

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1550

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1551

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1552

def test_get_context(self):

1553

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1554

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

1555

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1556

"""

1557

context = Context(TLSv1_METHOD)

1558

connection = Connection(context, None)

1559

self.assertIdentical(connection.get_context(), context)

1560

1561

1562

def test_get_context_wrong_args(self):

1563

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1564

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1565

arguments.

1566

"""

1567

connection = Connection(Context(TLSv1_METHOD), None)

1568

self.assertRaises(TypeError, connection.get_context, None)

1569

1570

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1571

def test_set_context_wrong_args(self):

1572

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1573

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

1574

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1575

than 1.

1576

"""

1577

ctx = Context(TLSv1_METHOD)

1578

connection = Connection(ctx, None)

1579

self.assertRaises(TypeError, connection.set_context)

1580

self.assertRaises(TypeError, connection.set_context, object())

1581

self.assertRaises(TypeError, connection.set_context, "hello")

1582

self.assertRaises(TypeError, connection.set_context, 1)

1583

self.assertRaises(TypeError, connection.set_context, 1, 2)

1584

self.assertRaises(

1585

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

1586

self.assertIdentical(ctx, connection.get_context())

1587

1588

1589

def test_set_context(self):

1590

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1591

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1592

for the connection.

1593

"""

1594

original = Context(SSLv23_METHOD)

1595

replacement = Context(TLSv1_METHOD)

1596

connection = Connection(original, None)

1597

connection.set_context(replacement)

1598

self.assertIdentical(replacement, connection.get_context())

1599

# Lose our references to the contexts, just in case the Connection isn't

1600

# properly managing its own contributions to their reference counts.

1601

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

1606

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1607

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1608

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1609

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1610

"""

1611

conn = Connection(Context(TLSv1_METHOD), None)

1612

self.assertRaises(TypeError, conn.set_tlsext_host_name)

1613

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

1614

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

1615

self.assertRaises(

1616

TypeError, conn.set_tlsext_host_name, b("with\0null"))

1617

1618

if version_info >= (3,):

1619

# On Python 3.x, don't accidentally implicitly convert from text.

1620

self.assertRaises(

1621

TypeError,

1622

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1623

1624

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1625

def test_get_servername_wrong_args(self):

1626

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1627

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1628

arguments.

1629

"""

1630

connection = Connection(Context(TLSv1_METHOD), None)

1631

self.assertRaises(TypeError, connection.get_servername, object())

1632

self.assertRaises(TypeError, connection.get_servername, 1)

1633

self.assertRaises(TypeError, connection.get_servername, "hello")

1634

1635

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1636

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1637

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1638

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1639

immediate read.

1640

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1641

connection = Connection(Context(TLSv1_METHOD), None)

1642

self.assertEquals(connection.pending(), 0)

1643

1644

1645

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1646

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1647

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1648

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1649

connection = Connection(Context(TLSv1_METHOD), None)

1650

self.assertRaises(TypeError, connection.pending, None)

1651

1652

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1653

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1654

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1655

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1656

argument or with the wrong number of arguments.

1657

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1658

connection = Connection(Context(TLSv1_METHOD), socket())

1659

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1660

self.assertRaises(TypeError, connection.connect)

1661

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1662

1663

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1664

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1665

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1666

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1667

connect method raises it.

1668

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1669

client = socket()

1670

context = Context(TLSv1_METHOD)

1671

clientSSL = Connection(context, client)

1672

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

1673

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1674

1675

1676

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1677

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1678

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1679

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1685

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

1686

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1687

1688

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1689

if platform == "darwin":

1690

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

1691

else:

1692

def test_connect_ex(self):

1693

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1694

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1695

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1700

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1701

clientSSL = Connection(Context(TLSv1_METHOD), socket())

1702

clientSSL.setblocking(False)

1703

result = clientSSL.connect_ex(port.getsockname())

1704

expected = (EINPROGRESS, EWOULDBLOCK)

1705

self.assertTrue(

1706

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1707

1708

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1709

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1710

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1711

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1712

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1713

connection = Connection(Context(TLSv1_METHOD), socket())

1714

self.assertRaises(TypeError, connection.accept, None)

1715

1716

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1717

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1718

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1719

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

1720

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1721

connection originated from.

1722

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1723

ctx = Context(TLSv1_METHOD)

1724

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1725

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1726

port = socket()

1727

portSSL = Connection(ctx, port)

1728

portSSL.bind(('', 0))

1729

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1730

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1731

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1732

1733

# Calling portSSL.getsockname() here to get the server IP address sounds

1734

# great, but frequently fails on Windows.

1735

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1736

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1737

serverSSL, address = portSSL.accept()

1738

1739

self.assertTrue(isinstance(serverSSL, Connection))

1740

self.assertIdentical(serverSSL.get_context(), ctx)

1741

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1742

1743

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1744

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1745

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1746

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1747

number of arguments or with arguments other than integers.

1748

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1749

connection = Connection(Context(TLSv1_METHOD), None)

1750

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

1751

self.assertRaises(TypeError, connection.get_shutdown, None)

1752

self.assertRaises(TypeError, connection.set_shutdown)

1753

self.assertRaises(TypeError, connection.set_shutdown, None)

1754

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1755

1756

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1757

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1758

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1759

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1760

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1761

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1762

self.assertFalse(server.shutdown())

1763

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1764

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1765

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

1766

client.shutdown()

1767

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

1768

self.assertRaises(ZeroReturnError, server.recv, 1024)

1769

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1770

1771

Paul Aurich

c85e086

2015-01-08 08:34:33 -0800

[diff] [blame]

1772

def test_shutdown_closed(self):

1773

"""

1774

If the underlying socket is closed, :py:obj:`Connection.shutdown` propagates the

1775

write error from the low level write call.

1776

"""

1777

server, client = self._loopback()

1778

server.sock_shutdown(2)

1779

exc = self.assertRaises(SysCallError, server.shutdown)

1780

if platform == "win32":

1781

self.assertEqual(exc.args[0], ESHUTDOWN)

1782

else:

1783

self.assertEqual(exc.args[0], EPIPE)

1784

1785

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1786

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1787

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1788

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1789

process.

1790

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1791

connection = Connection(Context(TLSv1_METHOD), socket())

1792

connection.set_shutdown(RECEIVED_SHUTDOWN)

1793

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1794

1795

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

1796

if not PY3:

1797

def test_set_shutdown_long(self):

1798

"""

1799

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

1800

of type :py:obj:`long` as well as :py:obj:`int`.

1801

"""

1802

connection = Connection(Context(TLSv1_METHOD), socket())

1803

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

1804

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1805

1806

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1807

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1808

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1809

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

1810

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1811

with any arguments.

1812

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1813

conn = Connection(Context(TLSv1_METHOD), None)

1814

self.assertRaises(TypeError, conn.get_app_data, None)

1815

self.assertRaises(TypeError, conn.set_app_data)

1816

self.assertRaises(TypeError, conn.set_app_data, None, None)

1817

1818

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1819

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1820

"""

1821

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1822

:py:obj:`Connection.set_app_data` and later retrieved with

1823

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1824

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1825

conn = Connection(Context(TLSv1_METHOD), None)

1826

app_data = object()

1827

conn.set_app_data(app_data)

1828

self.assertIdentical(conn.get_app_data(), app_data)

1829

1830

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1831

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1832

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1833

:py:obj:`Connection.makefile` is not implemented and calling that method raises

1834

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1835

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1836

conn = Connection(Context(TLSv1_METHOD), None)

1837

self.assertRaises(NotImplementedError, conn.makefile)

1838

1839

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1840

def test_get_peer_cert_chain_wrong_args(self):

1841

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1842

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1843

arguments.

1844

"""

1845

conn = Connection(Context(TLSv1_METHOD), None)

1846

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

1847

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

1848

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

1849

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

1850

1851

1852

def test_get_peer_cert_chain(self):

1853

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1854

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1855

the connected server returned for the certification verification.

1856

"""

1857

chain = _create_certificate_chain()

1858

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1859

1860

serverContext = Context(TLSv1_METHOD)

1861

serverContext.use_privatekey(skey)

1862

serverContext.use_certificate(scert)

1863

serverContext.add_extra_chain_cert(icert)

1864

serverContext.add_extra_chain_cert(cacert)

1865

server = Connection(serverContext, None)

1866

server.set_accept_state()

1867

1868

# Create the client

1869

clientContext = Context(TLSv1_METHOD)

1870

clientContext.set_verify(VERIFY_NONE, verify_cb)

1871

client = Connection(clientContext, None)

1872

client.set_connect_state()

1873

1874

self._interactInMemory(client, server)

1875

1876

chain = client.get_peer_cert_chain()

1877

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1878

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1879

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1880

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1881

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1882

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1883

"Authority Certificate", chain[2].get_subject().CN)

1884

1885

1886

def test_get_peer_cert_chain_none(self):

1887

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1888

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1889

certificate chain.

1890

"""

1891

ctx = Context(TLSv1_METHOD)

1892

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1893

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1894

server = Connection(ctx, None)

1895

server.set_accept_state()

1896

client = Connection(Context(TLSv1_METHOD), None)

1897

client.set_connect_state()

1898

self._interactInMemory(client, server)

1899

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1900

1901

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1902

def test_get_session_wrong_args(self):

1903

"""

1904

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

1905

with any arguments.

1906

"""

1907

ctx = Context(TLSv1_METHOD)

1908

server = Connection(ctx, None)

1909

self.assertRaises(TypeError, server.get_session, 123)

1910

self.assertRaises(TypeError, server.get_session, "hello")

1911

self.assertRaises(TypeError, server.get_session, object())

1912

1913

1914

def test_get_session_unconnected(self):

1915

"""

1916

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

1917

an object which has not been connected.

1918

"""

1919

ctx = Context(TLSv1_METHOD)

1920

server = Connection(ctx, None)

1921

session = server.get_session()

1922

self.assertIdentical(None, session)

1923

1924

1925

def test_server_get_session(self):

1926

"""

1927

On the server side of a connection, :py:obj:`Connection.get_session`

1928

returns a :py:class:`Session` instance representing the SSL session for

1929

that connection.

1930

"""

1931

server, client = self._loopback()

1932

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1933

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1934

1935

1936

def test_client_get_session(self):

1937

"""

1938

On the client side of a connection, :py:obj:`Connection.get_session`

1939

returns a :py:class:`Session` instance representing the SSL session for

1940

that connection.

1941

"""

1942

server, client = self._loopback()

1943

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1944

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1945

1946

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

1947

def test_set_session_wrong_args(self):

1948

"""

1949

If called with an object that is not an instance of :py:class:`Session`,

1950

or with other than one argument, :py:obj:`Connection.set_session` raises

1951

:py:obj:`TypeError`.

1952

"""

1953

ctx = Context(TLSv1_METHOD)

1954

connection = Connection(ctx, None)

1955

self.assertRaises(TypeError, connection.set_session)

1956

self.assertRaises(TypeError, connection.set_session, 123)

1957

self.assertRaises(TypeError, connection.set_session, "hello")

1958

self.assertRaises(TypeError, connection.set_session, object())

1959

self.assertRaises(

1960

TypeError, connection.set_session, Session(), Session())

1961

1962

1963

def test_client_set_session(self):

1964

"""

1965

:py:obj:`Connection.set_session`, when used prior to a connection being

1966

established, accepts a :py:class:`Session` instance and causes an

1967

attempt to re-use the session it represents when the SSL handshake is

1968

performed.

1969

"""

1970

key = load_privatekey(FILETYPE_PEM, server_key_pem)

1971

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

1972

ctx = Context(TLSv1_METHOD)

1973

ctx.use_privatekey(key)

1974

ctx.use_certificate(cert)

1975

ctx.set_session_id("unity-test")

1976

1977

def makeServer(socket):

1978

server = Connection(ctx, socket)

1979

server.set_accept_state()

1980

return server

1981

1982

originalServer, originalClient = self._loopback(

1983

serverFactory=makeServer)

1984

originalSession = originalClient.get_session()

1985

1986

def makeClient(socket):

1987

client = self._loopbackClientFactory(socket)

1988

client.set_session(originalSession)

1989

return client

1990

resumedServer, resumedClient = self._loopback(

1991

serverFactory=makeServer,

1992

clientFactory=makeClient)

1993

1994

# This is a proxy: in general, we have no access to any unique

1995

# identifier for the session (new enough versions of OpenSSL expose a

1996

# hash which could be usable, but "new enough" is very, very new).

1997

# Instead, exploit the fact that the master key is re-used if the

1998

# session is re-used. As long as the master key for the two connections

1999

# is the same, the session was re-used!

2000

self.assertEqual(

2001

originalServer.master_key(), resumedServer.master_key())

2002

2003

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2004

def test_set_session_wrong_method(self):

2005

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

2006

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

2007

instance associated with a context using a different SSL method than the

2008

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

2009

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2010

"""

2011

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2012

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2013

ctx = Context(TLSv1_METHOD)

2014

ctx.use_privatekey(key)

2015

ctx.use_certificate(cert)

2016

ctx.set_session_id("unity-test")

2017

2018

def makeServer(socket):

2019

server = Connection(ctx, socket)

2020

server.set_accept_state()

2021

return server

2022

2023

originalServer, originalClient = self._loopback(

2024

serverFactory=makeServer)

2025

originalSession = originalClient.get_session()

2026

2027

def makeClient(socket):

2028

# Intentionally use a different, incompatible method here.

2029

client = Connection(Context(SSLv3_METHOD), socket)

2030

client.set_connect_state()

2031

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

2037

2038

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2039

def test_wantWriteError(self):

2040

"""

2041

:py:obj:`Connection` methods which generate output raise

2042

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

2043

fail indicating a should-write state.

2044

"""

2045

client_socket, server_socket = socket_pair()

2046

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2047

# anything. Only write a single byte at a time so we can be sure we

2048

# completely fill the buffer. Even though the socket API is allowed to

2049

# signal a short write via its return value it seems this doesn't

2050

# always happen on all platforms (FreeBSD and OS X particular) for the

2051

# very last bit of available buffer space.

2052

msg = b"x"

2053

for i in range(1024 * 1024 * 4):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2054

try:

2055

client_socket.send(msg)

2056

except error as e:

2057

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

2063

2064

ctx = Context(TLSv1_METHOD)

2065

conn = Connection(ctx, client_socket)

2066

# Client's speak first, so make it an SSL client

2067

conn.set_connect_state()

2068

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2072

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2073

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2074

:py:obj:`Connection.get_finished` returns :py:obj:`None` before TLS

2075

handshake is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2076

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2077

ctx = Context(TLSv1_METHOD)

2078

connection = Connection(ctx, None)

2079

self.assertEqual(connection.get_finished(), None)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2080

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2081

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2082

def test_get_peer_finished_before_connect(self):

2083

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2084

:py:obj:`Connection.get_peer_finished` returns :py:obj:`None` before

2085

TLS handshake is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2086

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2087

ctx = Context(TLSv1_METHOD)

2088

connection = Connection(ctx, None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2089

self.assertEqual(connection.get_peer_finished(), None)

2090

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2091

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2092

def test_get_finished(self):

2093

"""

2094

:py:obj:`Connection.get_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2095

message send from client, or server. Finished messages are send during

2096

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2097

"""

2098

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2099

server, client = self._loopback()

2100

2101

self.assertNotEqual(server.get_finished(), None)

2102

self.assertTrue(len(server.get_finished()) > 0)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2103

Jean-Paul Calderone

d979f23

2014-03-30 11:58:00 -0400

[diff] [blame]

2104

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2105

def test_get_peer_finished(self):

2106

"""

2107

:py:obj:`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2108

message received from client, or server. Finished messages are send

2109

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2110

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2111

server, client = self._loopback()

2112

2113

self.assertNotEqual(server.get_peer_finished(), None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2114

self.assertTrue(len(server.get_peer_finished()) > 0)

2115

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2116

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2117

def test_tls_finished_message_symmetry(self):

2118

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2119

The TLS Finished message send by server must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2120

received by client.

2121

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2122

The TLS Finished message send by client must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2123

received by server.

2124

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2125

server, client = self._loopback()

2126

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2127

self.assertEqual(server.get_finished(), client.get_peer_finished())

2128

self.assertEqual(client.get_finished(), server.get_peer_finished())

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2129

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2130

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2131

def test_get_cipher_name_before_connect(self):

2132

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2133

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None` if no

2134

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2135

"""

2136

ctx = Context(TLSv1_METHOD)

2137

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2138

self.assertIdentical(conn.get_cipher_name(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2139

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2140

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2141

def test_get_cipher_name(self):

2142

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2143

:py:obj:`Connection.get_cipher_name` returns a :py:class:`unicode`

2144

string giving the name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2145

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2146

server, client = self._loopback()

2147

server_cipher_name, client_cipher_name = \

2148

server.get_cipher_name(), client.get_cipher_name()

2149

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2150

self.assertIsInstance(server_cipher_name, text_type)

2151

self.assertIsInstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2152

2153

self.assertEqual(server_cipher_name, client_cipher_name)

2154

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2155

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2156

def test_get_cipher_version_before_connect(self):

2157

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2158

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None` if no

2159

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2160

"""

2161

ctx = Context(TLSv1_METHOD)

2162

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2163

self.assertIdentical(conn.get_cipher_version(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2164

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2165

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2166

def test_get_cipher_version(self):

2167

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2168

:py:obj:`Connection.get_cipher_version` returns a :py:class:`unicode`

2169

string giving the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2170

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2171

server, client = self._loopback()

2172

server_cipher_version, client_cipher_version = \

2173

server.get_cipher_version(), client.get_cipher_version()

2174

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2175

self.assertIsInstance(server_cipher_version, text_type)

2176

self.assertIsInstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2177

2178

self.assertEqual(server_cipher_version, client_cipher_version)

2179

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2180

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2181

def test_get_cipher_bits_before_connect(self):

2182

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2183

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None` if no

2184

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2185

"""

2186

ctx = Context(TLSv1_METHOD)

2187

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2188

self.assertIdentical(conn.get_cipher_bits(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2189

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2190

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2191

def test_get_cipher_bits(self):

2192

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2193

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits

2194

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2195

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2196

server, client = self._loopback()

2197

server_cipher_bits, client_cipher_bits = \

2198

server.get_cipher_bits(), client.get_cipher_bits()

2199

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2200

self.assertIsInstance(server_cipher_bits, int)

2201

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2202

2203

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2204

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2205

2206

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2207

class ConnectionGetCipherListTests(TestCase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2208

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2209

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2210

"""

Jean-Paul Calderone

54a2bc0

2010-09-09 17:52:38 -0400

[diff] [blame]

2211

def test_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2212

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2213

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2214

arguments.

2215

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2216

connection = Connection(Context(TLSv1_METHOD), None)

2217

self.assertRaises(TypeError, connection.get_cipher_list, None)

2218

2219

2220

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2221

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2222

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2223

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2224

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2225

connection = Connection(Context(TLSv1_METHOD), None)

2226

ciphers = connection.get_cipher_list()

2227

self.assertTrue(isinstance(ciphers, list))

2228

for cipher in ciphers:

2229

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2233

class ConnectionSendTests(TestCase, _LoopbackMixin):

2234

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2235

Tests for :py:obj:`Connection.send`

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2236

"""

2237

def test_wrong_args(self):

2238

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2239

When called with arguments other than string argument for its first

2240

parameter or more than two arguments, :py:obj:`Connection.send` raises

2241

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2242

"""

2243

connection = Connection(Context(TLSv1_METHOD), None)

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2244

self.assertRaises(TypeError, connection.send)

2245

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2246

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2247

2248

2249

def test_short_bytes(self):

2250

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2251

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2252

and returns the number of bytes sent.

2253

"""

2254

server, client = self._loopback()

2255

count = server.send(b('xy'))

2256

self.assertEquals(count, 2)

2257

self.assertEquals(client.recv(2), b('xy'))

2258

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame^]

def test_text(self):

"""

When passed a text, :py:obj:`Connection.send` transmits all of it and returns

2263

the number of bytes sent. It also raises a DeprecationWarning.

2264

"""

2265

server, client = self._loopback()

2266

with catch_warnings(record=True) as w:

2267

simplefilter("always")

2268

if PY3:

2269

count = server.send(b'xy'.decode())

2270

self.assertTrue("str in buf is no longer accepted, use bytes" in str(w[-1].message))

2271

else:

2272

count = server.send(unicode('xy'))

2273

self.assertTrue("unicode in buf is no longer accepted, use bytes" in str(w[-1].message))

2274

self.assertTrue(issubclass(w[-1].category, DeprecationWarning))

2275

self.assertEquals(count, 2)

2276

self.assertEquals(client.recv(2), b('xy'))

2277

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2282

else:

2283

def test_short_memoryview(self):

2284

"""

2285

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2286

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2287

bytes sent.

2288

"""

2289

server, client = self._loopback()

2290

count = server.send(memoryview(b('xy')))

2291

self.assertEquals(count, 2)

2292

self.assertEquals(client.recv(2), b('xy'))

2293

2294

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffer without buffer"

2299

else:

2300

def test_short_buffer(self):

2301

"""

2302

When passed a buffer containing a small number of bytes,

2303

:py:obj:`Connection.send` transmits all of them and returns the number of

2304

bytes sent.

2305

"""

2306

server, client = self._loopback()

2307

count = server.send(buffer(b('xy')))

2308

self.assertEquals(count, 2)

2309

self.assertEquals(client.recv(2), b('xy'))

2310

2311

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2312

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2313

class ConnectionSendallTests(TestCase, _LoopbackMixin):

2314

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2315

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2316

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2317

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2318

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2319

When called with arguments other than a string argument for its first

2320

parameter or with more than two arguments, :py:obj:`Connection.sendall`

2321

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2322

"""

2323

connection = Connection(Context(TLSv1_METHOD), None)

2324

self.assertRaises(TypeError, connection.sendall)

2325

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2326

self.assertRaises(

2327

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2328

2329

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2330

def test_short(self):

2331

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2332

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2333

it.

2334

"""

2335

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

2336

server.sendall(b('x'))

2337

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2338

2339

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame^]

2340

def test_text(self):

2341

"""

2342

:py:obj:`Connection.sendall` transmits all the content in the string passed to

2343

it raising a DepreactionWarning in case of this being a text.

2344

"""

2345

server, client = self._loopback()

2346

with catch_warnings(record=True) as w:

2347

simplefilter("always")

2348

if PY3:

2349

server.sendall(b'x'.decode())

2350

self.assertTrue("str in buf is no longer accepted, use bytes" in str(w[-1].message))

2351

else:

2352

server.sendall(unicode('x'))

2353

self.assertTrue("unicode in buf is no longer accepted, use bytes" in str(w[-1].message))

2354

self.assertTrue(issubclass(w[-1].category, DeprecationWarning))

2355

self.assertEquals(client.recv(1), b('x'))

2356

2357

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2362

else:

2363

def test_short_memoryview(self):

2364

"""

2365

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2366

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2367

"""

2368

server, client = self._loopback()

2369

server.sendall(memoryview(b('x')))

2370

self.assertEquals(client.recv(1), b('x'))

2371

2372

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffers without buffers"

2377

else:

2378

def test_short_buffers(self):

2379

"""

2380

When passed a buffer containing a small number of bytes,

2381

:py:obj:`Connection.sendall` transmits all of them.

2382

"""

2383

server, client = self._loopback()

2384

server.sendall(buffer(b('x')))

2385

self.assertEquals(client.recv(1), b('x'))

2386

2387

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2388

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2389

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2390

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2391

it even if this requires multiple calls of an underlying write function.

2392

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2393

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

2394

# Should be enough, underlying SSL_write should only do 16k at a time.

2395

# On Windows, after 32k of bytes the write will block (forever - because

2396

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

2397

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2398

server.sendall(message)

2399

accum = []

2400

received = 0

2401

while received < len(message):

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

2402

data = client.recv(1024)

2403

accum.append(data)

2404

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

2405

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2406

2407

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2408

def test_closed(self):

2409

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2410

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2411

write error from the low level write call.

2412

"""

2413

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

2414

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2415

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2416

if platform == "win32":

2417

self.assertEqual(exc.args[0], ESHUTDOWN)

2418

else:

2419

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2420

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2421

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2422

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2423

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

2424

"""

2425

Tests for SSL renegotiation APIs.

2426

"""

2427

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2428

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2429

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2430

arguments.

2431

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2432

connection = Connection(Context(TLSv1_METHOD), None)

2433

self.assertRaises(TypeError, connection.renegotiate, None)

2434

2435

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2436

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2437

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2438

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2439

any arguments.

2440

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2441

connection = Connection(Context(TLSv1_METHOD), None)

2442

self.assertRaises(TypeError, connection.total_renegotiations, None)

2443

2444

2445

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2446

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2447

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2448

renegotiations have happened.

2449

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2450

connection = Connection(Context(TLSv1_METHOD), None)

2451

self.assertEquals(connection.total_renegotiations(), 0)

2452

2453

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2454

# def test_renegotiate(self):

2455

# """

2456

# """

2457

# server, client = self._loopback()

2458

2459

# server.send("hello world")

2460

# self.assertEquals(client.recv(len("hello world")), "hello world")

2461

2462

# self.assertEquals(server.total_renegotiations(), 0)

2463

# self.assertTrue(server.renegotiate())

2464

2465

# server.setblocking(False)

2466

# client.setblocking(False)

2467

# while server.renegotiate_pending():

2468

# client.do_handshake()

2469

# server.do_handshake()

2470

2471

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2476

class ErrorTests(TestCase):

2477

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2478

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2479

"""

2480

def test_type(self):

2481

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2482

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2483

"""

2484

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2485

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2489

class ConstantsTests(TestCase):

2490

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2491

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2492

2493

These are values defined by OpenSSL intended only to be used as flags to

2494

OpenSSL APIs. The only assertions it seems can be made about them is

2495

their values.

2496

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2497

# unittest.TestCase has no skip mechanism

2498

if OP_NO_QUERY_MTU is not None:

2499

def test_op_no_query_mtu(self):

2500

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2501

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2502

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2503

"""

2504

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

2505

else:

2506

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2507

2508

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2509

if OP_COOKIE_EXCHANGE is not None:

2510

def test_op_cookie_exchange(self):

2511

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2512

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2513

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2514

"""

2515

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

2516

else:

2517

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2518

2519

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2520

if OP_NO_TICKET is not None:

2521

def test_op_no_ticket(self):

2522

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2523

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2524

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2525

"""

2526

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

2527

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2528

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

2529

2530

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2531

if OP_NO_COMPRESSION is not None:

2532

def test_op_no_compression(self):

2533

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2534

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

2535

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2536

"""

2537

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

2538

else:

2539

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

2540

2541

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2542

def test_sess_cache_off(self):

2543

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2544

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

2545

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2546

"""

2547

self.assertEqual(0x0, SESS_CACHE_OFF)

2548

2549

2550

def test_sess_cache_client(self):

2551

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2552

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

2553

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2554

"""

2555

self.assertEqual(0x1, SESS_CACHE_CLIENT)

2556

2557

2558

def test_sess_cache_server(self):

2559

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2560

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

2561

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2562

"""

2563

self.assertEqual(0x2, SESS_CACHE_SERVER)

2564

2565

2566

def test_sess_cache_both(self):

2567

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2568

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

2569

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2570

"""

2571

self.assertEqual(0x3, SESS_CACHE_BOTH)

2572

2573

2574

def test_sess_cache_no_auto_clear(self):

2575

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2576

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

2577

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

2578

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2579

"""

2580

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

2581

2582

2583

def test_sess_cache_no_internal_lookup(self):

2584

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2585

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

2586

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

2587

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2588

"""

2589

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

2590

2591

2592

def test_sess_cache_no_internal_store(self):

2593

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2594

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

2595

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

2596

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2597

"""

2598

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

2599

2600

2601

def test_sess_cache_no_internal(self):

2602

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2603

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

2604

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

2605

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2606

"""

2607

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

2608

2609

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

2610

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2611

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2612

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2613

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2614

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2615

def _server(self, sock):

2616

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2617

Create a new server-side SSL :py:obj:`Connection` object wrapped around

2618

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2619

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2620

# Create the server side Connection. This is mostly setup boilerplate

2621

# - use TLSv1, use a particular certificate, etc.

2622

server_ctx = Context(TLSv1_METHOD)

2623

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2624

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2625

server_store = server_ctx.get_cert_store()

2626

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2627

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2628

server_ctx.check_privatekey()

2629

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2630

# Here the Connection is actually created. If None is passed as the 2nd

2631

# parameter, it indicates a memory BIO should be created.

2632

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2633

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2637

def _client(self, sock):

2638

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2639

Create a new client-side SSL :py:obj:`Connection` object wrapped around

2640

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2641

"""

2642

# Now create the client side Connection. Similar boilerplate to the

2643

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2644

client_ctx = Context(TLSv1_METHOD)

2645

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2646

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2647

client_store = client_ctx.get_cert_store()

2648

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

2649

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

2650

client_ctx.check_privatekey()

2651

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2652

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2653

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2657

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2658

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2659

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2660

reading from the output of each and writing those bytes to the input of

2661

the other and in this way establish a connection and exchange

2662

application-level bytes with each other.

2663

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2664

server_conn = self._server(None)

2665

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2666

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2667

# There should be no key or nonces yet.

2668

self.assertIdentical(server_conn.master_key(), None)

2669

self.assertIdentical(server_conn.client_random(), None)

2670

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2671

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2672

# First, the handshake needs to happen. We'll deliver bytes back and

2673

# forth between the client and server until neither of them feels like

2674

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2675

self.assertIdentical(

2676

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2677

2678

# Now that the handshake is done, there should be a key and nonces.

2679

self.assertNotIdentical(server_conn.master_key(), None)

2680

self.assertNotIdentical(server_conn.client_random(), None)

2681

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

2682

self.assertEquals(server_conn.client_random(), client_conn.client_random())

2683

self.assertEquals(server_conn.server_random(), client_conn.server_random())

2684

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

2685

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2686

2687

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2688

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2689

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2690

server_conn.write(important_message)

2691

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2692

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2693

(client_conn, important_message))

2694

2695

client_conn.write(important_message[::-1])

2696

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2697

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2698

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2699

2700

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2701

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2702

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2703

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2704

2705

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2706

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2707

this test fails, there must be a problem outside the memory BIO

2708

code, as no memory BIO is involved here). Even though this isn't a

2709

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2710

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

2711

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2712

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2713

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2714

client_conn.send(important_message)

2715

msg = server_conn.recv(1024)

2716

self.assertEqual(msg, important_message)

2717

2718

# Again in the other direction, just for fun.

2719

important_message = important_message[::-1]

2720

server_conn.send(important_message)

2721

msg = client_conn.recv(1024)

2722

self.assertEqual(msg, important_message)

2723

2724

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

2725

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2726

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2727

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

2728

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2729

"""

2730

context = Context(SSLv3_METHOD)

2731

client = socket()

2732

clientSSL = Connection(context, client)

2733

self.assertRaises( TypeError, clientSSL.bio_read, 100)

2734

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

2735

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2736

2737

2738

def test_outgoingOverflow(self):

2739

"""

2740

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2741

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2742

returned and that many bytes from the beginning of the input can be

2743

read from the other end of the connection.

2744

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2745

server = self._server(None)

2746

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2747

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2748

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2749

2750

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2751

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2752

# Sanity check. We're trying to test what happens when the entire

2753

# input can't be sent. If the entire input was sent, this test is

2754

# meaningless.

2755

self.assertTrue(sent < size)

2756

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2757

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2758

self.assertIdentical(receiver, server)

2759

2760

# We can rely on all of these bytes being received at once because

2761

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

2762

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2763

2764

2765

def test_shutdown(self):

2766

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2767

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

2768

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2769

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2770

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2771

server.bio_shutdown()

2772

e = self.assertRaises(Error, server.recv, 1024)

2773

# We don't want WantReadError or ZeroReturnError or anything - it's a

2774

# handshake failure.

2775

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2776

2777

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2778

def test_unexpectedEndOfFile(self):

2779

"""

2780

If the connection is lost before an orderly SSL shutdown occurs,

2781

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

2782

"Unexpected EOF".

2783

"""

2784

server_conn, client_conn = self._loopback()

2785

client_conn.sock_shutdown(SHUT_RDWR)

2786

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

2787

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

2788

2789

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2790

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2791

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2792

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2793

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

2794

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2795

before the client and server are connected to each other. This

2796

function should specify a list of CAs for the server to send to the

2797

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2798

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2799

times.

2800

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2801

server = self._server(None)

2802

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2803

self.assertEqual(client.get_client_ca_list(), [])

2804

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2805

ctx = server.get_context()

2806

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2807

self.assertEqual(client.get_client_ca_list(), [])

2808

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2809

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2810

self.assertEqual(client.get_client_ca_list(), expected)

2811

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2812

2813

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2814

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2815

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2816

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2817

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2818

"""

2819

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2820

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

2821

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

2822

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2823

2824

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2825

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2826

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2827

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2828

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2829

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2830

after the connection is set up.

2831

"""

2832

def no_ca(ctx):

2833

ctx.set_client_ca_list([])

2834

return []

2835

self._check_client_ca_list(no_ca)

2836

2837

2838

def test_set_one_ca_list(self):

2839

"""

2840

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2841

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2842

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2843

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2844

X509Name after the connection is set up.

2845

"""

2846

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2847

cadesc = cacert.get_subject()

2848

def single_ca(ctx):

2849

ctx.set_client_ca_list([cadesc])

2850

return [cadesc]

2851

self._check_client_ca_list(single_ca)

2852

2853

2854

def test_set_multiple_ca_list(self):

2855

"""

2856

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2857

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2858

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2859

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2860

X509Names after the connection is set up.

2861

"""

2862

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2863

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2864

2865

sedesc = secert.get_subject()

2866

cldesc = clcert.get_subject()

2867

2868

def multiple_ca(ctx):

2869

L = [sedesc, cldesc]

2870

ctx.set_client_ca_list(L)

2871

return L

2872

self._check_client_ca_list(multiple_ca)

2873

2874

2875

def test_reset_ca_list(self):

2876

"""

2877

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2878

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2879

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2880

"""

2881

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2882

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2883

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2884

2885

cadesc = cacert.get_subject()

2886

sedesc = secert.get_subject()

2887

cldesc = clcert.get_subject()

2888

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2889

def changed_ca(ctx):

2890

ctx.set_client_ca_list([sedesc, cldesc])

2891

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2892

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2893

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2894

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2895

2896

def test_mutated_ca_list(self):

2897

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2898

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2899

afterwards, this does not affect the list of CA names sent to the

2900

client.

2901

"""

2902

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2903

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2904

2905

cadesc = cacert.get_subject()

2906

sedesc = secert.get_subject()

2907

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2908

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2909

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2910

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2911

L.append(sedesc)

2912

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2913

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2914

2915

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2916

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2917

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2918

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2919

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2920

"""

2921

ctx = Context(TLSv1_METHOD)

2922

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2923

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2924

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2925

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2926

2927

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2928

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2929

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2930

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2931

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2932

"""

2933

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2934

cadesc = cacert.get_subject()

2935

def single_ca(ctx):

2936

ctx.add_client_ca(cacert)

2937

return [cadesc]

2938

self._check_client_ca_list(single_ca)

2939

2940

2941

def test_multiple_add_client_ca(self):

2942

"""

2943

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2944

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2945

"""

2946

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2947

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2948

2949

cadesc = cacert.get_subject()

2950

sedesc = secert.get_subject()

2951

2952

def multiple_ca(ctx):

2953

ctx.add_client_ca(cacert)

2954

ctx.add_client_ca(secert)

2955

return [cadesc, sedesc]

2956

self._check_client_ca_list(multiple_ca)

2957

2958

2959

def test_set_and_add_client_ca(self):

2960

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2961

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

2962

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2963

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2964

"""

2965

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2966

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2967

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2968

2969

cadesc = cacert.get_subject()

2970

sedesc = secert.get_subject()

2971

cldesc = clcert.get_subject()

2972

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2973

def mixed_set_add_ca(ctx):

2974

ctx.set_client_ca_list([cadesc, sedesc])

2975

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2976

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2977

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2978

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2979

2980

def test_set_after_add_client_ca(self):

2981

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2982

A call to :py:obj:`Context.set_client_ca_list` after a call to

2983

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2984

call with the names specified by the latter cal.

2985

"""

2986

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2987

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2988

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2989

2990

cadesc = cacert.get_subject()

2991

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2992

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2993

def set_replaces_add_ca(ctx):

2994

ctx.add_client_ca(clcert)

2995

ctx.set_client_ca_list([cadesc])

2996

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2997

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2998

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2999

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3000

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3001

3002

class ConnectionBIOTests(TestCase):

3003

"""

3004

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

3005

"""

3006

def test_wantReadError(self):

3007

"""

3008

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

3009

if there are no bytes available to be read from the BIO.

3010

"""

3011

ctx = Context(TLSv1_METHOD)

3012

conn = Connection(ctx, None)

3013

self.assertRaises(WantReadError, conn.bio_read, 1024)

3014

3015

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3016

def test_buffer_size(self):

3017

"""

3018

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

3019

number of bytes to read and return.

3020

"""

3021

ctx = Context(TLSv1_METHOD)

3022

conn = Connection(ctx, None)

3023

conn.set_connect_state()

3024

try:

3025

conn.do_handshake()

3026

except WantReadError:

3027

pass

3028

data = conn.bio_read(2)

3029

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

3034

"""

3035

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

3036

:py:obj:`long` as well as :py:obj:`int`.

3037

"""

3038

ctx = Context(TLSv1_METHOD)

3039

conn = Connection(ctx, None)

3040

conn.set_connect_state()

3041

try:

3042

conn.do_handshake()

3043

except WantReadError:

3044

pass

3045

data = conn.bio_read(long(2))

3046

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3050

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

3051

class InfoConstantTests(TestCase):

3052

"""

3053

Tests for assorted constants exposed for use in info callbacks.

3054

"""

3055

def test_integers(self):

3056

"""

3057

All of the info constants are integers.

3058

3059

This is a very weak test. It would be nice to have one that actually

3060

verifies that as certain info events happen, the value passed to the

3061

info callback matches up with the constant exposed by OpenSSL.SSL.

3062

"""

3063

for const in [

3064

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

3065

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

3066

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

3067

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

3068

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

3069

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

3070

3071

self.assertTrue(isinstance(const, int))

3072

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3073

Jean-Paul Calderone