Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

5

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

8

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

9

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

10

from sys import platform, version_info, getfilesystemencoding

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

11

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

12

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

13

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

14

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

15

from weakref import ref

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

16

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

17

from six import PY3, text_type, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

18

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

19

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

20

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

21

from OpenSSL.crypto import dump_privatekey, load_privatekey

22

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

23

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

24

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

25

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

26

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

27

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

28

from OpenSSL.SSL import (

29

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

30

TLSv1_1_METHOD, TLSv1_2_METHOD)

31

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

32

from OpenSSL.SSL import (

33

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

34

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

35

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

36

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

37

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

38

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

39

40

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

41

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

42

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

43

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

44

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

45

from OpenSSL.test.util import NON_ASCII, TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

46

from OpenSSL.test.test_crypto import (

47

cleartextCertificatePEM, cleartextPrivateKeyPEM)

48

from OpenSSL.test.test_crypto import (

49

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

50

root_cert_pem)

51

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

52

try:

53

from OpenSSL.SSL import OP_NO_QUERY_MTU

54

except ImportError:

55

OP_NO_QUERY_MTU = None

56

try:

57

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

58

except ImportError:

59

OP_COOKIE_EXCHANGE = None

60

try:

61

from OpenSSL.SSL import OP_NO_TICKET

62

except ImportError:

63

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

64

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

65

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

66

from OpenSSL.SSL import OP_NO_COMPRESSION

67

except ImportError:

68

OP_NO_COMPRESSION = None

69

70

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

71

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

72

except ImportError:

73

MODE_RELEASE_BUFFERS = None

74

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

75

try:

76

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

77

except ImportError:

78

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

79

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

80

from OpenSSL.SSL import (

81

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

82

SSL_ST_OK, SSL_ST_RENEGOTIATE,

83

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

84

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

85

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

86

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

87

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

88

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

89

# to use)

90

dhparam = """\

91

-----BEGIN DH PARAMETERS-----

92

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

93

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2015-04-12 11:38:49 -0400

[diff] [blame]

97

def join_bytes_or_unicode(prefix, suffix):

98

"""

99

Join two path components of either ``bytes`` or ``unicode``.

100

101

The return type is the same as the type of ``prefix``.

102

"""

103

# If the types are the same, nothing special is necessary.

104

if type(prefix) == type(suffix):

105

return join(prefix, suffix)

106

107

# Otherwise, coerce suffix to the type of prefix.

108

if isinstance(prefix, text_type):

109

return join(prefix, suffix.decode(getfilesystemencoding()))

110

else:

111

return join(prefix, suffix.encode(getfilesystemencoding()))

112

113

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

114

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

115

return ok

116

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

117

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

118

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

119

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

120

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

121

"""

122

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

128

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

129

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

130

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

131

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

132

# Let's pass some unencrypted data to make sure our socket connection is

133

# fine. Just one byte, so we don't have to worry about buffers getting

134

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

135

server.send(b("x"))

136

assert client.recv(1024) == b("x")

137

client.send(b("y"))

138

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

139

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

140

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

141

server.setblocking(False)

142

client.setblocking(False)

143

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

144

return (server, client)

145

146

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

147

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

148

def handshake(client, server):

149

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

160

def _create_certificate_chain():

161

"""

162

Construct and return a chain of certificates.

163

164

1. A new self-signed certificate authority certificate (cacert)

165

2. A new intermediate certificate signed by cacert (icert)

166

3. A new server certificate signed by icert (scert)

167

"""

168

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

173

cacert = X509()

174

cacert.get_subject().commonName = "Authority Certificate"

175

cacert.set_issuer(cacert.get_subject())

176

cacert.set_pubkey(cakey)

177

cacert.set_notBefore(b("20000101000000Z"))

178

cacert.set_notAfter(b("20200101000000Z"))

179

cacert.add_extensions([caext])

180

cacert.set_serial_number(0)

181

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

186

icert = X509()

187

icert.get_subject().commonName = "Intermediate Certificate"

188

icert.set_issuer(cacert.get_subject())

189

icert.set_pubkey(ikey)

190

icert.set_notBefore(b("20000101000000Z"))

191

icert.set_notAfter(b("20200101000000Z"))

192

icert.add_extensions([caext])

193

icert.set_serial_number(0)

194

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

199

scert = X509()

200

scert.get_subject().commonName = "Server Certificate"

201

scert.set_issuer(icert.get_subject())

202

scert.set_pubkey(skey)

203

scert.set_notBefore(b("20000101000000Z"))

204

scert.set_notAfter(b("20200101000000Z"))

205

scert.add_extensions([

206

X509Extension(b('basicConstraints'), True, b('CA:false'))])

207

scert.set_serial_number(0)

208

scert.sign(ikey, "sha1")

209

210

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

214

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

215

"""

216

Helper mixin which defines methods for creating a connected socket pair and

217

for forcing two connected SSL sockets to talk to each other via memory BIOs.

218

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

219

def _loopbackClientFactory(self, socket):

220

client = Connection(Context(TLSv1_METHOD), socket)

221

client.set_connect_state()

222

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

223

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

224

225

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

226

ctx = Context(TLSv1_METHOD)

227

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

228

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

229

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

230

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

235

if serverFactory is None:

236

serverFactory = self._loopbackServerFactory

237

if clientFactory is None:

238

clientFactory = self._loopbackClientFactory

239

240

(server, client) = socket_pair()

241

server = serverFactory(server)

242

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

243

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

244

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

245

246

server.setblocking(True)

247

client.setblocking(True)

248

return server, client

249

250

251

def _interactInMemory(self, client_conn, server_conn):

252

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

253

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

254

objects. Copy bytes back and forth between their send/receive buffers

255

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

256

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

257

some application bytes, return a two-tuple of the connection from which

258

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

263

wrote = False

264

265

# Copy stuff from each side's send buffer to the other side's

266

# receive buffer.

267

for (read, write) in [(client_conn, server_conn),

268

(server_conn, client_conn)]:

269

270

# Give the side a chance to generate some more bytes, or

271

# succeed.

272

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

273

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

274

except WantReadError:

275

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

280

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

281

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

282

283

while True:

284

# Keep copying as long as there's more stuff there.

285

try:

286

dirty = read.bio_read(4096)

287

except WantReadError:

288

# Okay, nothing more waiting to be sent. Stop

289

# processing this send buffer.

290

break

291

else:

292

# Keep track of the fact that someone generated some

293

# output.

294

wrote = True

295

write.bio_write(dirty)

296

297

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

298

def _handshakeInMemory(self, client_conn, server_conn):

Jean-Paul Calderone

b2b4078

2014-05-06 08:47:40 -0400

[diff] [blame]

299

"""

300

Perform the TLS handshake between two :py:class:`Connection` instances

301

connected to each other via memory BIOs.

302

"""

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

303

client_conn.set_connect_state()

304

server_conn.set_accept_state()

305

306

for conn in [client_conn, server_conn]:

307

try:

308

conn.do_handshake()

309

except WantReadError:

310

pass

311

312

self._interactInMemory(client_conn, server_conn)

313

314

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

315

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

316

class VersionTests(TestCase):

317

"""

318

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

319

:py:obj:`OpenSSL.SSL.SSLeay_version` and

320

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

321

"""

322

def test_OPENSSL_VERSION_NUMBER(self):

323

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

324

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

325

byte and the patch, fix, minor, and major versions in the

326

nibbles above that.

327

"""

328

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

329

330

331

def test_SSLeay_version(self):

332

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

333

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

334

one of a number of version strings based on that indicator.

335

"""

336

versions = {}

337

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

338

SSLEAY_PLATFORM, SSLEAY_DIR]:

339

version = SSLeay_version(t)

340

versions[version] = t

341

self.assertTrue(isinstance(version, bytes))

342

self.assertEqual(len(versions), 5)

343

344

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

345

346

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

347

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

348

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

349

"""

350

def test_method(self):

351

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

352

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

353

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

354

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

355

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

356

methods = [

357

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

358

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

359

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

360

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

361

362

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

367

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

368

# don't. Difficult to say in advance.

369

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

370

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

371

self.assertRaises(TypeError, Context, "")

372

self.assertRaises(ValueError, Context, 10)

373

374

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

375

if not PY3:

376

def test_method_long(self):

377

"""

378

On Python 2 :py:class:`Context` accepts values of type

379

:py:obj:`long` as well as :py:obj:`int`.

380

"""

381

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

385

def test_type(self):

386

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

387

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

388

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

389

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

390

self.assertIdentical(Context, ContextType)

391

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

392

393

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

394

def test_use_privatekey(self):

395

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

396

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

397

"""

398

key = PKey()

399

key.generate_key(TYPE_RSA, 128)

400

ctx = Context(TLSv1_METHOD)

401

ctx.use_privatekey(key)

402

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

403

404

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

405

def test_use_privatekey_file_missing(self):

406

"""

407

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

408

when passed the name of a file which does not exist.

409

"""

410

ctx = Context(TLSv1_METHOD)

411

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

412

413

Jean-Paul Calderone

69a4e5b

2015-04-12 10:04:28 -0400

[diff] [blame]

414

def _use_privatekey_file_test(self, pemfile, filetype):

415

"""

416

Verify that calling ``Context.use_privatekey_file`` with the given

417

arguments does not raise an exception.

418

"""

419

key = PKey()

420

key.generate_key(TYPE_RSA, 128)

421

422

with open(pemfile, "wt") as pem:

423

pem.write(

424

dump_privatekey(FILETYPE_PEM, key).decode("ascii")

425

)

426

427

ctx = Context(TLSv1_METHOD)

428

ctx.use_privatekey_file(pemfile, filetype)

429

430

431

def test_use_privatekey_file_bytes(self):

432

"""

433

A private key can be specified from a file by passing a ``bytes``

434

instance giving the file name to ``Context.use_privatekey_file``.

435

"""

436

self._use_privatekey_file_test(

437

self.mktemp() + NON_ASCII.encode(getfilesystemencoding()),

FILETYPE_PEM,

)

def test_use_privatekey_file_unicode(self):

443

"""

444

A private key can be specified from a file by passing a ``unicode``

445

instance giving the file name to ``Context.use_privatekey_file``.

446

"""

447

self._use_privatekey_file_test(

448

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII,

FILETYPE_PEM,

)

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

453

if not PY3:

454

def test_use_privatekey_file_long(self):

455

"""

456

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

457

filetype of type :py:obj:`long` as well as :py:obj:`int`.

458

"""

Jean-Paul Calderone

69a4e5b

2015-04-12 10:04:28 -0400

[diff] [blame]

459

self._use_privatekey_file_test(self.mktemp(), long(FILETYPE_PEM))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

460

461

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

462

def test_use_certificate_wrong_args(self):

463

"""

464

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

465

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

466

argument.

467

"""

468

ctx = Context(TLSv1_METHOD)

469

self.assertRaises(TypeError, ctx.use_certificate)

470

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

471

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

472

473

474

def test_use_certificate_uninitialized(self):

475

"""

476

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

477

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

478

initialized (ie, which does not actually have any certificate data).

479

"""

480

ctx = Context(TLSv1_METHOD)

481

self.assertRaises(Error, ctx.use_certificate, X509())

482

483

484

def test_use_certificate(self):

485

"""

486

:py:obj:`Context.use_certificate` sets the certificate which will be

487

used to identify connections created using the context.

488

"""

489

# TODO

490

# Hard to assert anything. But we could set a privatekey then ask

491

# OpenSSL if the cert and key agree using check_privatekey. Then as

492

# long as check_privatekey works right we're good...

493

ctx = Context(TLSv1_METHOD)

494

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

495

496

497

def test_use_certificate_file_wrong_args(self):

498

"""

499

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

500

called with zero arguments or more than two arguments, or if the first

501

argument is not a byte string or the second argumnent is not an integer.

502

"""

503

ctx = Context(TLSv1_METHOD)

504

self.assertRaises(TypeError, ctx.use_certificate_file)

505

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

506

self.assertRaises(

507

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

508

self.assertRaises(

509

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

510

self.assertRaises(

511

TypeError, ctx.use_certificate_file, b"somefile", object())

512

513

514

def test_use_certificate_file_missing(self):

515

"""

516

:py:obj:`Context.use_certificate_file` raises

517

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

518

exist.

519

"""

520

ctx = Context(TLSv1_METHOD)

521

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

522

523

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

524

def _use_certificate_file_test(self, certificate_file):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

525

"""

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

526

Verify that calling ``Context.use_certificate_file`` with the given

527

filename doesn't raise an exception.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

528

"""

529

# TODO

530

# Hard to assert anything. But we could set a privatekey then ask

531

# OpenSSL if the cert and key agree using check_privatekey. Then as

532

# long as check_privatekey works right we're good...

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

533

with open(certificate_file, "wb") as pem_file:

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

534

pem_file.write(cleartextCertificatePEM)

535

536

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

537

ctx.use_certificate_file(certificate_file)

538

539

540

def test_use_certificate_file_bytes(self):

541

"""

542

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

543

``bytes`` filename) which will be used to identify connections created

544

using the context.

545

"""

546

filename = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

547

self._use_certificate_file_test(filename)

548

549

550

def test_use_certificate_file_unicode(self):

551

"""

552

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

553

``bytes`` filename) which will be used to identify connections created

554

using the context.

555

"""

556

filename = self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

557

self._use_certificate_file_test(filename)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

558

559

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

560

if not PY3:

561

def test_use_certificate_file_long(self):

562

"""

563

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

564

filetype of type :py:obj:`long` as well as :py:obj:`int`.

565

"""

566

pem_filename = self.mktemp()

567

with open(pem_filename, "wb") as pem_file:

568

pem_file.write(cleartextCertificatePEM)

569

570

ctx = Context(TLSv1_METHOD)

571

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

572

573

Jean-Paul Calderone

932f5cc

2014-12-11 13:58:00 -0500

[diff] [blame]

574

def test_check_privatekey_valid(self):

575

"""

576

:py:obj:`Context.check_privatekey` returns :py:obj:`None` if the

577

:py:obj:`Context` instance has been configured to use a matched key and

578

certificate pair.

579

"""

580

key = load_privatekey(FILETYPE_PEM, client_key_pem)

581

cert = load_certificate(FILETYPE_PEM, client_cert_pem)

582

context = Context(TLSv1_METHOD)

583

context.use_privatekey(key)

584

context.use_certificate(cert)

585

self.assertIs(None, context.check_privatekey())

586

587

588

def test_check_privatekey_invalid(self):

589

"""

590

:py:obj:`Context.check_privatekey` raises :py:obj:`Error` if the

591

:py:obj:`Context` instance has been configured to use a key and

592

certificate pair which don't relate to each other.

593

"""

594

key = load_privatekey(FILETYPE_PEM, client_key_pem)

595

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

596

context = Context(TLSv1_METHOD)

597

context.use_privatekey(key)

598

context.use_certificate(cert)

599

self.assertRaises(Error, context.check_privatekey)

600

601

602

def test_check_privatekey_wrong_args(self):

603

"""

604

:py:obj:`Context.check_privatekey` raises :py:obj:`TypeError` if called

605

with other than no arguments.

606

"""

607

context = Context(TLSv1_METHOD)

608

self.assertRaises(TypeError, context.check_privatekey, object())

609

610

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

611

def test_set_app_data_wrong_args(self):

612

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

613

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

614

one argument.

615

"""

616

context = Context(TLSv1_METHOD)

617

self.assertRaises(TypeError, context.set_app_data)

618

self.assertRaises(TypeError, context.set_app_data, None, None)

619

620

621

def test_get_app_data_wrong_args(self):

622

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

623

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

624

arguments.

625

"""

626

context = Context(TLSv1_METHOD)

627

self.assertRaises(TypeError, context.get_app_data, None)

628

629

630

def test_app_data(self):

631

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

632

:py:obj:`Context.set_app_data` stores an object for later retrieval using

633

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

634

"""

635

app_data = object()

636

context = Context(TLSv1_METHOD)

637

context.set_app_data(app_data)

638

self.assertIdentical(context.get_app_data(), app_data)

639

640

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

641

def test_set_options_wrong_args(self):

642

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

643

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

644

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

645

"""

646

context = Context(TLSv1_METHOD)

647

self.assertRaises(TypeError, context.set_options)

648

self.assertRaises(TypeError, context.set_options, None)

649

self.assertRaises(TypeError, context.set_options, 1, None)

650

651

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

652

def test_set_options(self):

653

"""

654

:py:obj:`Context.set_options` returns the new options value.

655

"""

656

context = Context(TLSv1_METHOD)

657

options = context.set_options(OP_NO_SSLv2)

658

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

663

"""

664

On Python 2 :py:obj:`Context.set_options` accepts values of type

665

:py:obj:`long` as well as :py:obj:`int`.

666

"""

667

context = Context(TLSv1_METHOD)

668

options = context.set_options(long(OP_NO_SSLv2))

669

self.assertTrue(OP_NO_SSLv2 & options)

670

671

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

672

def test_set_mode_wrong_args(self):

673

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

674

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

675

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

676

"""

677

context = Context(TLSv1_METHOD)

678

self.assertRaises(TypeError, context.set_mode)

679

self.assertRaises(TypeError, context.set_mode, None)

680

self.assertRaises(TypeError, context.set_mode, 1, None)

681

682

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

683

if MODE_RELEASE_BUFFERS is not None:

684

def test_set_mode(self):

685

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

686

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

687

set mode.

688

"""

689

context = Context(TLSv1_METHOD)

690

self.assertTrue(

691

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

692

693

if not PY3:

694

def test_set_mode_long(self):

695

"""

696

On Python 2 :py:obj:`Context.set_mode` accepts values of type

697

:py:obj:`long` as well as :py:obj:`int`.

698

"""

699

context = Context(TLSv1_METHOD)

700

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

701

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

702

else:

703

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

704

705

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

706

def test_set_timeout_wrong_args(self):

707

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

708

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

709

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

710

"""

711

context = Context(TLSv1_METHOD)

712

self.assertRaises(TypeError, context.set_timeout)

713

self.assertRaises(TypeError, context.set_timeout, None)

714

self.assertRaises(TypeError, context.set_timeout, 1, None)

715

716

717

def test_get_timeout_wrong_args(self):

718

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

719

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

720

"""

721

context = Context(TLSv1_METHOD)

722

self.assertRaises(TypeError, context.get_timeout, None)

723

724

725

def test_timeout(self):

726

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

727

:py:obj:`Context.set_timeout` sets the session timeout for all connections

728

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

729

value.

730

"""

731

context = Context(TLSv1_METHOD)

732

context.set_timeout(1234)

733

self.assertEquals(context.get_timeout(), 1234)

734

735

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

736

if not PY3:

737

def test_timeout_long(self):

738

"""

739

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

740

`long` as well as int.

741

"""

742

context = Context(TLSv1_METHOD)

743

context.set_timeout(long(1234))

744

self.assertEquals(context.get_timeout(), 1234)

745

746

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

747

def test_set_verify_depth_wrong_args(self):

748

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

749

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

750

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

751

"""

752

context = Context(TLSv1_METHOD)

753

self.assertRaises(TypeError, context.set_verify_depth)

754

self.assertRaises(TypeError, context.set_verify_depth, None)

755

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

756

757

758

def test_get_verify_depth_wrong_args(self):

759

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

760

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

761

"""

762

context = Context(TLSv1_METHOD)

763

self.assertRaises(TypeError, context.get_verify_depth, None)

764

765

766

def test_verify_depth(self):

767

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

768

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

769

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

770

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

771

"""

772

context = Context(TLSv1_METHOD)

773

context.set_verify_depth(11)

774

self.assertEquals(context.get_verify_depth(), 11)

775

776

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

777

if not PY3:

778

def test_verify_depth_long(self):

779

"""

780

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

781

type `long` as well as int.

782

"""

783

context = Context(TLSv1_METHOD)

784

context.set_verify_depth(long(11))

785

self.assertEquals(context.get_verify_depth(), 11)

786

787

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

788

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

789

"""

790

Write a new private key out to a new file, encrypted using the given

791

passphrase. Return the path to the new file.

792

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

793

key = PKey()

794

key.generate_key(TYPE_RSA, 128)

795

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

796

fObj = open(pemFile, 'w')

797

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

798

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

803

def test_set_passwd_cb_wrong_args(self):

804

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

805

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

806

wrong arguments or with a non-callable first argument.

807

"""

808

context = Context(TLSv1_METHOD)

809

self.assertRaises(TypeError, context.set_passwd_cb)

810

self.assertRaises(TypeError, context.set_passwd_cb, None)

811

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

812

813

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

814

def test_set_passwd_cb(self):

815

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

816

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

817

a private key is loaded from an encrypted PEM.

818

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

819

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

820

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

821

calledWith = []

822

def passphraseCallback(maxlen, verify, extra):

823

calledWith.append((maxlen, verify, extra))

824

return passphrase

825

context = Context(TLSv1_METHOD)

826

context.set_passwd_cb(passphraseCallback)

827

context.use_privatekey_file(pemFile)

828

self.assertTrue(len(calledWith), 1)

829

self.assertTrue(isinstance(calledWith[0][0], int))

830

self.assertTrue(isinstance(calledWith[0][1], int))

831

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

832

833

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

834

def test_passwd_callback_exception(self):

835

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

836

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

837

passphrase callback.

838

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

839

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

840

def passphraseCallback(maxlen, verify, extra):

841

raise RuntimeError("Sorry, I am a fail.")

842

843

context = Context(TLSv1_METHOD)

844

context.set_passwd_cb(passphraseCallback)

845

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

846

847

848

def test_passwd_callback_false(self):

849

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

850

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

851

passphrase callback returns a false value.

852

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

853

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

854

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

855

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

856

857

context = Context(TLSv1_METHOD)

858

context.set_passwd_cb(passphraseCallback)

859

self.assertRaises(Error, context.use_privatekey_file, pemFile)

860

861

862

def test_passwd_callback_non_string(self):

863

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

864

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

865

passphrase callback returns a true non-string value.

866

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

867

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

868

def passphraseCallback(maxlen, verify, extra):

869

return 10

870

871

context = Context(TLSv1_METHOD)

872

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

873

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

874

875

876

def test_passwd_callback_too_long(self):

877

"""

878

If the passphrase returned by the passphrase callback returns a string

879

longer than the indicated maximum length, it is truncated.

880

"""

881

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

882

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

883

pemFile = self._write_encrypted_pem(passphrase)

884

def passphraseCallback(maxlen, verify, extra):

885

assert maxlen == 1024

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

886

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

887

888

context = Context(TLSv1_METHOD)

889

context.set_passwd_cb(passphraseCallback)

890

# This shall succeed because the truncated result is the correct

891

# passphrase.

892

context.use_privatekey_file(pemFile)

893

894

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

895

def test_set_info_callback(self):

896

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

897

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

898

when certain information about an SSL connection is available.

899

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

900

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

901

902

clientSSL = Connection(Context(TLSv1_METHOD), client)

903

clientSSL.set_connect_state()

904

905

called = []

906

def info(conn, where, ret):

907

called.append((conn, where, ret))

908

context = Context(TLSv1_METHOD)

909

context.set_info_callback(info)

910

context.use_certificate(

911

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

912

context.use_privatekey(

913

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

914

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

915

serverSSL = Connection(context, server)

916

serverSSL.set_accept_state()

917

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

918

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

919

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

920

# The callback must always be called with a Connection instance as the

921

# first argument. It would probably be better to split this into

922

# separate tests for client and server side info callbacks so we could

923

# assert it is called with the right Connection instance. It would

924

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

925

notConnections = [

926

conn for (conn, where, ret) in called

927

if not isinstance(conn, Connection)]

928

self.assertEqual(

929

[], notConnections,

930

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

931

932

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

933

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

934

"""

935

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

936

its :py:obj:`load_verify_locations` method with the given arguments.

937

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

938

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

939

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

940

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

941

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

942

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

943

# Require that the server certificate verify properly or the

944

# connection will fail.

945

clientContext.set_verify(

946

VERIFY_PEER,

947

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

948

949

clientSSL = Connection(clientContext, client)

950

clientSSL.set_connect_state()

951

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

952

serverContext = Context(TLSv1_METHOD)

953

serverContext.use_certificate(

954

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

955

serverContext.use_privatekey(

956

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

957

958

serverSSL = Connection(serverContext, server)

959

serverSSL.set_accept_state()

960

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

961

# Without load_verify_locations above, the handshake

962

# will fail:

963

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

964

# 'certificate verify failed')]

965

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

966

967

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

968

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

969

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

970

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

971

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

972

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

973

Verify that if path to a file containing a certificate is passed to

974

``Context.load_verify_locations`` for the ``cafile`` parameter, that

975

certificate is used as a trust root for the purposes of verifying

976

connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

977

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

978

fObj = open(cafile, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

979

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

980

fObj.close()

981

982

self._load_verify_locations_test(cafile)

983

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

984

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

985

def test_load_verify_bytes_cafile(self):

986

"""

987

:py:obj:`Context.load_verify_locations` accepts a file name as a

988

``bytes`` instance and uses the certificates within for verification

989

purposes.

990

"""

991

cafile = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

992

self._load_verify_cafile(cafile)

993

994

995

def test_load_verify_unicode_cafile(self):

996

"""

997

:py:obj:`Context.load_verify_locations` accepts a file name as a

998

``unicode`` instance and uses the certificates within for verification

999

purposes.

1000

"""

Jean-Paul Calderone

4f70c80

2015-04-12 11:26:47 -0400

[diff] [blame]

1001

self._load_verify_cafile(

1002

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

1003

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1004

1005

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

1006

def test_load_verify_invalid_file(self):

1007

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1008

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

1009

non-existent cafile.

1010

"""

1011

clientContext = Context(TLSv1_METHOD)

1012

self.assertRaises(

1013

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1014

1015

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1016

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1017

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1018

Verify that if path to a directory containing certificate files is

1019

passed to ``Context.load_verify_locations`` for the ``capath``

1020

parameter, those certificates are used as trust roots for the purposes

1021

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1022

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1023

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

1024

# Hash values computed manually with c_rehash to avoid depending on

1025

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

1026

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1027

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1028

cafile = join_bytes_or_unicode(capath, name)

1029

with open(cafile, 'w') as fObj:

1030

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1031

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1032

self._load_verify_locations_test(None, capath)

1033

1034

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1035

def test_load_verify_directory_bytes_capath(self):

1036

"""

1037

:py:obj:`Context.load_verify_locations` accepts a directory name as a

1038

``bytes`` instance and uses the certificates within for verification

1039

purposes.

1040

"""

1041

self._load_verify_directory_locations_capath(

1042

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_load_verify_directory_unicode_capath(self):

1047

"""

1048

:py:obj:`Context.load_verify_locations` accepts a directory name as a

1049

``unicode`` instance and uses the certificates within for verification

1050

purposes.

1051

"""

Jean-Paul Calderone

4f70c80

2015-04-12 11:26:47 -0400

[diff] [blame]

1052

self._load_verify_directory_locations_capath(

1053

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

1054

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1055

1056

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1057

def test_load_verify_locations_wrong_args(self):

1058

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1059

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

1060

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1061

"""

1062

context = Context(TLSv1_METHOD)

1063

self.assertRaises(TypeError, context.load_verify_locations)

1064

self.assertRaises(TypeError, context.load_verify_locations, object())

1065

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

1066

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

1067

1068

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

1069

if platform == "win32":

1070

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1071

"See LP#404343 and LP#404344."

1072

else:

1073

def test_set_default_verify_paths(self):

1074

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1075

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1076

certificate locations to be used for verification purposes.

1077

"""

1078

# Testing this requires a server with a certificate signed by one of

1079

# the CAs in the platform CA location. Getting one of those costs

1080

# money. Fortunately (or unfortunately, depending on your

1081

# perspective), it's easy to think of a public server on the

1082

# internet which has such a certificate. Connecting to the network

1083

# in a unit test is bad, but it's the only way I can think of to

1084

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1085

Alex Gaynor

b586da3

2014-11-15 09:22:21 -0800

[diff] [blame]

1086

# Arg, verisign.com doesn't speak anything newer than TLS 1.0

1087

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1088

context.set_default_verify_paths()

1089

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

1090

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1091

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1092

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1093

client = socket()

1094

client.connect(('verisign.com', 443))

1095

clientSSL = Connection(context, client)

1096

clientSSL.set_connect_state()

1097

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1098

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1099

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1100

1101

1102

def test_set_default_verify_paths_signature(self):

1103

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1104

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

1105

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1106

"""

1107

context = Context(TLSv1_METHOD)

1108

self.assertRaises(TypeError, context.set_default_verify_paths, None)

1109

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

1110

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1111

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1112

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1113

def test_add_extra_chain_cert_invalid_cert(self):

1114

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1115

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1116

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1117

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1118

"""

1119

context = Context(TLSv1_METHOD)

1120

self.assertRaises(TypeError, context.add_extra_chain_cert)

1121

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

1122

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

1123

1124

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1125

def _handshake_test(self, serverContext, clientContext):

1126

"""

1127

Verify that a client and server created with the given contexts can

1128

successfully handshake and communicate.

1129

"""

1130

serverSocket, clientSocket = socket_pair()

1131

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1132

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1133

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1134

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1135

client = Connection(clientContext, clientSocket)

1136

client.set_connect_state()

1137

1138

# Make them talk to each other.

1139

# self._interactInMemory(client, server)

1140

for i in range(3):

1141

for s in [client, server]:

1142

try:

1143

s.do_handshake()

1144

except WantReadError:

pass

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1148

def test_set_verify_callback_connection_argument(self):

1149

"""

1150

The first argument passed to the verify callback is the

1151

:py:class:`Connection` instance for which verification is taking place.

1152

"""

1153

serverContext = Context(TLSv1_METHOD)

1154

serverContext.use_privatekey(

1155

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1156

serverContext.use_certificate(

1157

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1158

serverConnection = Connection(serverContext, None)

1159

1160

class VerifyCallback(object):

1161

def callback(self, connection, *args):

1162

self.connection = connection

1163

return 1

1164

1165

verify = VerifyCallback()

1166

clientContext = Context(TLSv1_METHOD)

1167

clientContext.set_verify(VERIFY_PEER, verify.callback)

1168

clientConnection = Connection(clientContext, None)

1169

clientConnection.set_connect_state()

1170

1171

self._handshakeInMemory(clientConnection, serverConnection)

1172

1173

self.assertIdentical(verify.connection, clientConnection)

1174

1175

Jean-Paul Calderone

7e166fe

2013-03-06 20:54:38 -0800

[diff] [blame]

1176

def test_set_verify_callback_exception(self):

1177

"""

1178

If the verify callback passed to :py:obj:`Context.set_verify` raises an

1179

exception, verification fails and the exception is propagated to the

1180

caller of :py:obj:`Connection.do_handshake`.

1181

"""

1182

serverContext = Context(TLSv1_METHOD)

1183

serverContext.use_privatekey(

1184

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1185

serverContext.use_certificate(

1186

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1187

1188

clientContext = Context(TLSv1_METHOD)

1189

def verify_callback(*args):

1190

raise Exception("silly verify failure")

1191

clientContext.set_verify(VERIFY_PEER, verify_callback)

1192

1193

exc = self.assertRaises(

1194

Exception, self._handshake_test, serverContext, clientContext)

1195

self.assertEqual("silly verify failure", str(exc))

1196

1197

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1198

def test_add_extra_chain_cert(self):

1199

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1200

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509` instance to add to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1201

the certificate chain.

1202

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1203

See :py:obj:`_create_certificate_chain` for the details of the certificate

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1204

chain tested.

1205

1206

The chain is tested by starting a server with scert and connecting

1207

to it with a client which trusts cacert and requires verification to

1208

succeed.

1209

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1210

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1211

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1212

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1213

# Dump the CA certificate to a file because that's the only way to load

1214

# it as a trusted CA in the client context.

1215

for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1216

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1217

fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1218

fObj.close()

1219

1220

for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1221

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1222

fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1223

fObj.close()

1224

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1225

# Create the server context

1226

serverContext = Context(TLSv1_METHOD)

1227

serverContext.use_privatekey(skey)

1228

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1229

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1230

serverContext.add_extra_chain_cert(icert)

1231

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1232

# Create the client

1233

clientContext = Context(TLSv1_METHOD)

1234

clientContext.set_verify(

1235

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1236

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1237

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1238

# Try it out.

1239

self._handshake_test(serverContext, clientContext)

1240

1241

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1242

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1243

"""

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1244

Verify that :py:obj:`Context.use_certificate_chain_file` reads a

1245

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1246

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1247

The chain is tested by starting a server with scert and connecting to

1248

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1249

succeed.

1250

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1251

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1252

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1253

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1254

makedirs(certdir)

1255

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1256

chainFile = join_bytes_or_unicode(certdir, "chain.pem")

1257

caFile = join_bytes_or_unicode(certdir, "ca.pem")

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1258

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1259

# Write out the chain file.

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1260

with open(chainFile, 'wb') as fObj:

1261

# Most specific to least general.

1262

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1263

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1264

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1265

1266

with open(caFile, 'w') as fObj:

1267

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1268

1269

serverContext = Context(TLSv1_METHOD)

1270

serverContext.use_certificate_chain_file(chainFile)

1271

serverContext.use_privatekey(skey)

1272

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1273

clientContext = Context(TLSv1_METHOD)

1274

clientContext.set_verify(

1275

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1276

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1277

1278

self._handshake_test(serverContext, clientContext)

1279

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1280

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1281

def test_use_certificate_chain_file_bytes(self):

1282

"""

1283

``Context.use_certificate_chain_file`` accepts the name of a file (as

1284

an instance of ``bytes``) to specify additional certificates to use to

1285

construct and verify a trust chain.

1286

"""

1287

self._use_certificate_chain_file_test(

1288

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_use_certificate_chain_file_unicode(self):

1293

"""

1294

``Context.use_certificate_chain_file`` accepts the name of a file (as

1295

an instance of ``unicode``) to specify additional certificates to use

1296

to construct and verify a trust chain.

1297

"""

1298

self._use_certificate_chain_file_test(

1299

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

)

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1303

def test_use_certificate_chain_file_wrong_args(self):

1304

"""

1305

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1306

if passed zero or more than one argument or when passed a non-byte

1307

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1308

passed a bad chain file name (for example, the name of a file which does

1309

not exist).

1310

"""

1311

context = Context(TLSv1_METHOD)

1312

self.assertRaises(TypeError, context.use_certificate_chain_file)

1313

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1314

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1315

1316

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1317

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1318

# XXX load_client_ca

1319

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1320

1321

def test_get_verify_mode_wrong_args(self):

1322

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1323

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1324

arguments.

1325

"""

1326

context = Context(TLSv1_METHOD)

1327

self.assertRaises(TypeError, context.get_verify_mode, None)

1328

1329

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1330

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1331

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1332

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1333

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1334

"""

1335

context = Context(TLSv1_METHOD)

1336

self.assertEquals(context.get_verify_mode(), 0)

1337

context.set_verify(

1338

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1339

self.assertEquals(

1340

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1341

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1342

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1343

if not PY3:

1344

def test_set_verify_mode_long(self):

1345

"""

1346

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1347

type :py:obj:`long` as well as :py:obj:`int`.

1348

"""

1349

context = Context(TLSv1_METHOD)

1350

self.assertEquals(context.get_verify_mode(), 0)

1351

context.set_verify(

1352

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1353

self.assertEquals(

1354

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1355

1356

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1357

def test_load_tmp_dh_wrong_args(self):

1358

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1359

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1360

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1361

"""

1362

context = Context(TLSv1_METHOD)

1363

self.assertRaises(TypeError, context.load_tmp_dh)

1364

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1365

self.assertRaises(TypeError, context.load_tmp_dh, object())

1366

1367

1368

def test_load_tmp_dh_missing_file(self):

1369

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1370

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1371

does not exist.

1372

"""

1373

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1374

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1375

1376

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1377

def _load_tmp_dh_test(self, dhfilename):

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

1378

"""

1379

Verify that calling ``Context.load_tmp_dh`` with the given filename

1380

does not raise an exception.

1381

"""

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1382

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1383

with open(dhfilename, "w") as dhfile:

1384

dhfile.write(dhparam)

1385

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1386

context.load_tmp_dh(dhfilename)

1387

# XXX What should I assert here? -exarkun

1388

1389

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1390

def test_load_tmp_dh_bytes(self):

1391

"""

1392

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

1393

specified file (given as ``bytes``).

1394

"""

1395

self._load_tmp_dh_test(

1396

self.mktemp() + NON_ASCII.encode(getfilesystemencoding()),

)

def test_load_tmp_dh_unicode(self):

1401

"""

1402

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

1403

specified file (given as ``unicode``).

1404

"""

1405

self._load_tmp_dh_test(

1406

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII,

)

Jean-Paul Calderone

2014-04-19 09:28:28 -0400

[diff] [blame]

1410

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1411

"""

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1412

:py:obj:`Context.set_tmp_ecdh` sets the elliptic curve for

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1413

Diffie-Hellman to the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1414

"""

1415

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1416

for curve in get_elliptic_curves():

1417

# The only easily "assertable" thing is that it does not raise an

1418

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1419

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1420

1421

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1422

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1423

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1424

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1425

ciphers which connections created with the context object will be able

1426

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1427

"""

1428

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1429

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1430

conn = Connection(context, None)

1431

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1432

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1433

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1434

def test_set_cipher_list_text(self):

1435

"""

1436

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1437

the ciphers which connections created with the context object will be

1438

able to choose from.

1439

"""

1440

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1441

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1442

conn = Connection(context, None)

1443

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1444

1445

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1446

def test_set_cipher_list_wrong_args(self):

1447

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1448

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1449

passed zero arguments or more than one argument or when passed a

1450

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1451

passed an incorrect cipher list string.

1452

"""

1453

context = Context(TLSv1_METHOD)

1454

self.assertRaises(TypeError, context.set_cipher_list)

1455

self.assertRaises(TypeError, context.set_cipher_list, object())

1456

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1457

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1458

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1459

1460

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1461

def test_set_session_cache_mode_wrong_args(self):

1462

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1463

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1464

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1465

"""

1466

context = Context(TLSv1_METHOD)

1467

self.assertRaises(TypeError, context.set_session_cache_mode)

1468

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1469

1470

1471

def test_get_session_cache_mode_wrong_args(self):

1472

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1473

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1474

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1475

"""

1476

context = Context(TLSv1_METHOD)

1477

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1478

1479

1480

def test_session_cache_mode(self):

1481

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1482

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1483

cached. The setting can be retrieved via

1484

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1485

"""

1486

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1487

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1488

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1489

self.assertEqual(SESS_CACHE_OFF, off)

1490

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1491

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1492

if not PY3:

1493

def test_session_cache_mode_long(self):

1494

"""

1495

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1496

of type :py:obj:`long` as well as :py:obj:`int`.

1497

"""

1498

context = Context(TLSv1_METHOD)

1499

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1500

self.assertEqual(

1501

SESS_CACHE_BOTH, context.get_session_cache_mode())

1502

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1503

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1504

def test_get_cert_store(self):

1505

"""

1506

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1507

"""

1508

context = Context(TLSv1_METHOD)

1509

store = context.get_cert_store()

1510

self.assertIsInstance(store, X509Store)

1511

1512

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1513

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1514

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1515

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1516

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1517

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1518

"""

1519

def test_wrong_args(self):

1520

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1521

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1522

with other than one argument.

1523

"""

1524

context = Context(TLSv1_METHOD)

1525

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1526

self.assertRaises(

1527

TypeError, context.set_tlsext_servername_callback, 1, 2)

1528

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1529

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1530

def test_old_callback_forgotten(self):

1531

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1532

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1533

callback, the one it replaces is dereferenced.

1534

"""

1535

def callback(connection):

1536

pass

1537

1538

def replacement(connection):

1539

pass

1540

1541

context = Context(TLSv1_METHOD)

1542

context.set_tlsext_servername_callback(callback)

1543

1544

tracker = ref(callback)

1545

del callback

1546

1547

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1548

1549

# One run of the garbage collector happens to work on CPython. PyPy

1550

# doesn't collect the underlying object until a second run for whatever

1551

# reason. That's fine, it still demonstrates our code has properly

1552

# dropped the reference.

1553

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1554

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1555

1556

callback = tracker()

1557

if callback is not None:

1558

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1559

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1560

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1561

1562

1563

def test_no_servername(self):

1564

"""

1565

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1566

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1567

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1568

"""

1569

args = []

1570

def servername(conn):

1571

args.append((conn, conn.get_servername()))

1572

context = Context(TLSv1_METHOD)

1573

context.set_tlsext_servername_callback(servername)

1574

1575

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1581

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1582

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1583

1584

# Do a little connection to trigger the logic

1585

server = Connection(context, None)

1586

server.set_accept_state()

1587

1588

client = Connection(Context(TLSv1_METHOD), None)

1589

client.set_connect_state()

1590

1591

self._interactInMemory(server, client)

1592

1593

self.assertEqual([(server, None)], args)

1594

1595

1596

def test_servername(self):

1597

"""

1598

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1599

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1600

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1601

"""

1602

args = []

1603

def servername(conn):

1604

args.append((conn, conn.get_servername()))

1605

context = Context(TLSv1_METHOD)

1606

context.set_tlsext_servername_callback(servername)

1607

1608

# Necessary to actually accept the connection

1609

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1610

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1611

1612

# Do a little connection to trigger the logic

1613

server = Connection(context, None)

1614

server.set_accept_state()

1615

1616

client = Connection(Context(TLSv1_METHOD), None)

1617

client.set_connect_state()

1618

client.set_tlsext_host_name(b("foo1.example.com"))

1619

1620

self._interactInMemory(server, client)

1621

1622

self.assertEqual([(server, b("foo1.example.com"))], args)

1623

1624

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1625

class NextProtoNegotiationTests(TestCase, _LoopbackMixin):

1626

"""

1627

Test for Next Protocol Negotiation in PyOpenSSL.

1628

"""

1629

def test_npn_success(self):

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1630

"""

1631

Tests that clients and servers that agree on the negotiated next

1632

protocol can correct establish a connection, and that the agreed

1633

protocol is reported by the connections.

1634

"""

1635

advertise_args = []

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1636

select_args = []

1637

def advertise(conn):

1638

advertise_args.append((conn,))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1639

return [b'http/1.1', b'spdy/2']

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1640

def select(conn, options):

1641

select_args.append((conn, options))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1642

return b'spdy/2'

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1643

1644

server_context = Context(TLSv1_METHOD)

1645

server_context.set_npn_advertise_callback(advertise)

1646

1647

client_context = Context(TLSv1_METHOD)

1648

client_context.set_npn_select_callback(select)

1649

1650

# Necessary to actually accept the connection

1651

server_context.use_privatekey(

1652

load_privatekey(FILETYPE_PEM, server_key_pem))

1653

server_context.use_certificate(

1654

load_certificate(FILETYPE_PEM, server_cert_pem))

1655

1656

# Do a little connection to trigger the logic

1657

server = Connection(server_context, None)

1658

server.set_accept_state()

1659

1660

client = Connection(client_context, None)

1661

client.set_connect_state()

1662

1663

self._interactInMemory(server, client)

1664

1665

self.assertEqual([(server,)], advertise_args)

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1666

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1667

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1668

self.assertEqual(server.get_next_proto_negotiated(), b'spdy/2')

1669

self.assertEqual(client.get_next_proto_negotiated(), b'spdy/2')

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1670

1671

1672

def test_npn_client_fail(self):

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1673

"""

1674

Tests that when clients and servers cannot agree on what protocol to

1675

use next that the TLS connection does not get established.

1676

"""

1677

advertise_args = []

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1678

select_args = []

1679

def advertise(conn):

1680

advertise_args.append((conn,))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1681

return [b'http/1.1', b'spdy/2']

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1682

def select(conn, options):

1683

select_args.append((conn, options))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1684

return b''

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1685

1686

server_context = Context(TLSv1_METHOD)

1687

server_context.set_npn_advertise_callback(advertise)

1688

1689

client_context = Context(TLSv1_METHOD)

1690

client_context.set_npn_select_callback(select)

1691

1692

# Necessary to actually accept the connection

1693

server_context.use_privatekey(

1694

load_privatekey(FILETYPE_PEM, server_key_pem))

1695

server_context.use_certificate(

1696

load_certificate(FILETYPE_PEM, server_cert_pem))

1697

1698

# Do a little connection to trigger the logic

1699

server = Connection(server_context, None)

1700

server.set_accept_state()

1701

1702

client = Connection(client_context, None)

1703

client.set_connect_state()

1704

1705

# If the client doesn't return anything, the connection will fail.

1706

self.assertRaises(Error, self._interactInMemory, server, client)

1707

1708

self.assertEqual([(server,)], advertise_args)

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1709

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1710

1711

Cory Benfield

0ea76e7

2015-03-22 09:05:28 +0000

[diff] [blame]

1712

def test_npn_select_error(self):

1713

"""

1714

Test that we can handle exceptions in the select callback. If select

1715

fails it should be fatal to the connection.

"""

advertise_args = []

def advertise(conn):

advertise_args.append((conn,))

1720

return [b'http/1.1', b'spdy/2']

1721

def select(conn, options):

1722

raise TypeError

1723

1724

server_context = Context(TLSv1_METHOD)

1725

server_context.set_npn_advertise_callback(advertise)

1726

1727

client_context = Context(TLSv1_METHOD)

1728

client_context.set_npn_select_callback(select)

1729

1730

# Necessary to actually accept the connection

1731

server_context.use_privatekey(

1732

load_privatekey(FILETYPE_PEM, server_key_pem))

1733

server_context.use_certificate(

1734

load_certificate(FILETYPE_PEM, server_cert_pem))

1735

1736

# Do a little connection to trigger the logic

1737

server = Connection(server_context, None)

1738

server.set_accept_state()

1739

1740

client = Connection(client_context, None)

1741

client.set_connect_state()

1742

1743

# If the callback throws an exception it should be raised here.

1744

self.assertRaises(TypeError, self._interactInMemory, server, client)

1745

self.assertEqual([(server,)], advertise_args)

1746

1747

1748

def test_npn_advertise_error(self):

1749

"""

1750

Test that we can handle exceptions in the advertise callback. If

1751

advertise fails no NPN is advertised to the client.

"""

select_args = []

def advertise(conn):

raise TypeError

def select(conn, options):

1757

select_args.append((conn, options))

1758

return b''

1759

1760

server_context = Context(TLSv1_METHOD)

1761

server_context.set_npn_advertise_callback(advertise)

1762

1763

client_context = Context(TLSv1_METHOD)

1764

client_context.set_npn_select_callback(select)

1765

1766

# Necessary to actually accept the connection

1767

server_context.use_privatekey(

1768

load_privatekey(FILETYPE_PEM, server_key_pem))

1769

server_context.use_certificate(

1770

load_certificate(FILETYPE_PEM, server_cert_pem))

1771

1772

# Do a little connection to trigger the logic

1773

server = Connection(server_context, None)

1774

server.set_accept_state()

1775

1776

client = Connection(client_context, None)

1777

client.set_connect_state()

1778

1779

# If the client doesn't return anything, the connection will fail.

1780

self.assertRaises(TypeError, self._interactInMemory, server, client)

1781

self.assertEqual([], select_args)

1782

1783

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1784

Cory Benfield

12eae89

2014-06-07 15:42:56 +0100

[diff] [blame]

1785

class ApplicationLayerProtoNegotiationTests(TestCase, _LoopbackMixin):

1786

"""

1787

Tests for ALPN in PyOpenSSL.

1788

"""

1789

def test_alpn_success(self):

1790

"""

1791

Tests that clients and servers that agree on the negotiated ALPN

1792

protocol can correct establish a connection, and that the agreed

1793

protocol is reported by the connections.

1794

"""

1795

select_args = []

1796

def select(conn, options):

1797

select_args.append((conn, options))

1798

return b'spdy/2'

1799

1800

client_context = Context(TLSv1_METHOD)

1801

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

1802

1803

server_context = Context(TLSv1_METHOD)

1804

server_context.set_alpn_select_callback(select)

1805

1806

# Necessary to actually accept the connection

1807

server_context.use_privatekey(

1808

load_privatekey(FILETYPE_PEM, server_key_pem))

1809

server_context.use_certificate(

1810

load_certificate(FILETYPE_PEM, server_cert_pem))

1811

1812

# Do a little connection to trigger the logic

1813

server = Connection(server_context, None)

1814

server.set_accept_state()

1815

1816

client = Connection(client_context, None)

1817

client.set_connect_state()

1818

1819

self._interactInMemory(server, client)

1820

1821

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

1822

1823

self.assertEqual(server.get_alpn_proto_negotiated(), b'spdy/2')

1824

self.assertEqual(client.get_alpn_proto_negotiated(), b'spdy/2')

1825

1826

1827

def test_alpn_set_on_connection(self):

1828

"""

1829

The same as test_alpn_success, but setting the ALPN protocols on the

1830

connection rather than the context.

1831

"""

1832

select_args = []

1833

def select(conn, options):

1834

select_args.append((conn, options))

1835

return b'spdy/2'

1836

1837

# Setup the client context but don't set any ALPN protocols.

1838

client_context = Context(TLSv1_METHOD)

1839

1840

server_context = Context(TLSv1_METHOD)

1841

server_context.set_alpn_select_callback(select)

1842

1843

# Necessary to actually accept the connection

1844

server_context.use_privatekey(

1845

load_privatekey(FILETYPE_PEM, server_key_pem))

1846

server_context.use_certificate(

1847

load_certificate(FILETYPE_PEM, server_cert_pem))

1848

1849

# Do a little connection to trigger the logic

1850

server = Connection(server_context, None)

1851

server.set_accept_state()

1852

1853

# Set the ALPN protocols on the client connection.

1854

client = Connection(client_context, None)

1855

client.set_alpn_protos([b'http/1.1', b'spdy/2'])

1856

client.set_connect_state()

1857

1858

self._interactInMemory(server, client)

1859

1860

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

1861

1862

self.assertEqual(server.get_alpn_proto_negotiated(), b'spdy/2')

1863

self.assertEqual(client.get_alpn_proto_negotiated(), b'spdy/2')

1864

1865

1866

def test_alpn_server_fail(self):

1867

"""

1868

Tests that when clients and servers cannot agree on what protocol to

1869

use next that the TLS connection does not get established.

1870

"""

1871

select_args = []

1872

def select(conn, options):

1873

select_args.append((conn, options))

1874

return b''

1875

1876

client_context = Context(TLSv1_METHOD)

1877

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

1878

1879

server_context = Context(TLSv1_METHOD)

1880

server_context.set_alpn_select_callback(select)

1881

1882

# Necessary to actually accept the connection

1883

server_context.use_privatekey(

1884

load_privatekey(FILETYPE_PEM, server_key_pem))

1885

server_context.use_certificate(

1886

load_certificate(FILETYPE_PEM, server_cert_pem))

1887

1888

# Do a little connection to trigger the logic

1889

server = Connection(server_context, None)

1890

server.set_accept_state()

1891

1892

client = Connection(client_context, None)

1893

client.set_connect_state()

1894

1895

# If the client doesn't return anything, the connection will fail.

1896

self.assertRaises(Error, self._interactInMemory, server, client)

1897

1898

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

1902

class SessionTests(TestCase):

1903

"""

1904

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1905

"""

1906

def test_construction(self):

1907

"""

1908

:py:class:`Session` can be constructed with no arguments, creating a new

1909

instance of that type.

1910

"""

1911

new_session = Session()

1912

self.assertTrue(isinstance(new_session, Session))

1913

1914

1915

def test_construction_wrong_args(self):

1916

"""

1917

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

1918

is raised.

1919

"""

1920

self.assertRaises(TypeError, Session, 123)

1921

self.assertRaises(TypeError, Session, "hello")

1922

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1926

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1927

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1928

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1929

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1930

# XXX get_peer_certificate -> None

1931

# XXX sock_shutdown

1932

# XXX master_key -> TypeError

1933

# XXX server_random -> TypeError

1934

# XXX state_string

1935

# XXX connect -> TypeError

1936

# XXX connect_ex -> TypeError

1937

# XXX set_connect_state -> TypeError

1938

# XXX set_accept_state -> TypeError

1939

# XXX renegotiate_pending

1940

# XXX do_handshake -> TypeError

1941

# XXX bio_read -> TypeError

1942

# XXX recv -> TypeError

1943

# XXX send -> TypeError

1944

# XXX bio_write -> TypeError

1945

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1946

def test_type(self):

1947

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1948

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1949

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1950

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1951

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1952

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1953

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1954

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1955

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1956

def test_get_context(self):

1957

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1958

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

1959

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1960

"""

1961

context = Context(TLSv1_METHOD)

1962

connection = Connection(context, None)

1963

self.assertIdentical(connection.get_context(), context)

1964

1965

1966

def test_get_context_wrong_args(self):

1967

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1968

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1969

arguments.

1970

"""

1971

connection = Connection(Context(TLSv1_METHOD), None)

1972

self.assertRaises(TypeError, connection.get_context, None)

1973

1974

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1975

def test_set_context_wrong_args(self):

1976

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1977

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

1978

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1979

than 1.

1980

"""

1981

ctx = Context(TLSv1_METHOD)

1982

connection = Connection(ctx, None)

1983

self.assertRaises(TypeError, connection.set_context)

1984

self.assertRaises(TypeError, connection.set_context, object())

1985

self.assertRaises(TypeError, connection.set_context, "hello")

1986

self.assertRaises(TypeError, connection.set_context, 1)

1987

self.assertRaises(TypeError, connection.set_context, 1, 2)

1988

self.assertRaises(

1989

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

1990

self.assertIdentical(ctx, connection.get_context())

1991

1992

1993

def test_set_context(self):

1994

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1995

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1996

for the connection.

1997

"""

1998

original = Context(SSLv23_METHOD)

1999

replacement = Context(TLSv1_METHOD)

2000

connection = Connection(original, None)

2001

connection.set_context(replacement)

2002

self.assertIdentical(replacement, connection.get_context())

2003

# Lose our references to the contexts, just in case the Connection isn't

2004

# properly managing its own contributions to their reference counts.

2005

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

2010

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2011

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2012

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2013

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2014

"""

2015

conn = Connection(Context(TLSv1_METHOD), None)

2016

self.assertRaises(TypeError, conn.set_tlsext_host_name)

2017

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

2018

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

2019

self.assertRaises(

2020

TypeError, conn.set_tlsext_host_name, b("with\0null"))

2021

2022

if version_info >= (3,):

2023

# On Python 3.x, don't accidentally implicitly convert from text.

2024

self.assertRaises(

2025

TypeError,

2026

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2027

2028

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

2029

def test_get_servername_wrong_args(self):

2030

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2031

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

2032

arguments.

2033

"""

2034

connection = Connection(Context(TLSv1_METHOD), None)

2035

self.assertRaises(TypeError, connection.get_servername, object())

2036

self.assertRaises(TypeError, connection.get_servername, 1)

2037

self.assertRaises(TypeError, connection.get_servername, "hello")

2038

2039

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2040

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2041

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2042

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2043

immediate read.

2044

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2045

connection = Connection(Context(TLSv1_METHOD), None)

2046

self.assertEquals(connection.pending(), 0)

2047

2048

2049

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2050

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2051

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2052

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2053

connection = Connection(Context(TLSv1_METHOD), None)

2054

self.assertRaises(TypeError, connection.pending, None)

2055

2056

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2057

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2058

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2059

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2060

argument or with the wrong number of arguments.

2061

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2062

connection = Connection(Context(TLSv1_METHOD), socket())

2063

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2064

self.assertRaises(TypeError, connection.connect)

2065

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2066

2067

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2068

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2069

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2070

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2071

connect method raises it.

2072

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2073

client = socket()

2074

context = Context(TLSv1_METHOD)

2075

clientSSL = Connection(context, client)

2076

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

2077

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2078

2079

2080

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2081

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2082

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2083

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2089

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

2090

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2091

2092

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

2093

if platform == "darwin":

2094

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

2095

else:

2096

def test_connect_ex(self):

2097

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2098

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

2099

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

2104

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

2105

clientSSL = Connection(Context(TLSv1_METHOD), socket())

2106

clientSSL.setblocking(False)

2107

result = clientSSL.connect_ex(port.getsockname())

2108

expected = (EINPROGRESS, EWOULDBLOCK)

2109

self.assertTrue(

2110

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

2111

2112

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2113

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2114

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2115

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2116

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2117

connection = Connection(Context(TLSv1_METHOD), socket())

2118

self.assertRaises(TypeError, connection.accept, None)

2119

2120

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2121

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2122

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2123

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

2124

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2125

connection originated from.

2126

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2127

ctx = Context(TLSv1_METHOD)

2128

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2129

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2130

port = socket()

2131

portSSL = Connection(ctx, port)

2132

portSSL.bind(('', 0))

2133

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2134

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2135

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2136

2137

# Calling portSSL.getsockname() here to get the server IP address sounds

2138

# great, but frequently fails on Windows.

2139

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2140

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2141

serverSSL, address = portSSL.accept()

2142

2143

self.assertTrue(isinstance(serverSSL, Connection))

2144

self.assertIdentical(serverSSL.get_context(), ctx)

2145

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2146

2147

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2148

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2149

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2150

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2151

number of arguments or with arguments other than integers.

2152

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2153

connection = Connection(Context(TLSv1_METHOD), None)

2154

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

2155

self.assertRaises(TypeError, connection.get_shutdown, None)

2156

self.assertRaises(TypeError, connection.set_shutdown)

2157

self.assertRaises(TypeError, connection.set_shutdown, None)

2158

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2159

2160

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2161

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2162

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2163

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2164

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2165

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2166

self.assertFalse(server.shutdown())

2167

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2168

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2169

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

2170

client.shutdown()

2171

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

2172

self.assertRaises(ZeroReturnError, server.recv, 1024)

2173

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2174

2175

Paul Aurich

c85e086

2015-01-08 08:34:33 -0800

[diff] [blame]

2176

def test_shutdown_closed(self):

2177

"""

2178

If the underlying socket is closed, :py:obj:`Connection.shutdown` propagates the

2179

write error from the low level write call.

2180

"""

2181

server, client = self._loopback()

2182

server.sock_shutdown(2)

2183

exc = self.assertRaises(SysCallError, server.shutdown)

2184

if platform == "win32":

2185

self.assertEqual(exc.args[0], ESHUTDOWN)

2186

else:

2187

self.assertEqual(exc.args[0], EPIPE)

2188

2189

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2190

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2191

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2192

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2193

process.

2194

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2195

connection = Connection(Context(TLSv1_METHOD), socket())

2196

connection.set_shutdown(RECEIVED_SHUTDOWN)

2197

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

2198

2199

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

2200

if not PY3:

2201

def test_set_shutdown_long(self):

2202

"""

2203

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

2204

of type :py:obj:`long` as well as :py:obj:`int`.

2205

"""

2206

connection = Connection(Context(TLSv1_METHOD), socket())

2207

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

2208

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

2209

2210

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2211

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2212

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2213

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

2214

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2215

with any arguments.

2216

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2217

conn = Connection(Context(TLSv1_METHOD), None)

2218

self.assertRaises(TypeError, conn.get_app_data, None)

2219

self.assertRaises(TypeError, conn.set_app_data)

2220

self.assertRaises(TypeError, conn.set_app_data, None, None)

2221

2222

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2223

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2224

"""

2225

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2226

:py:obj:`Connection.set_app_data` and later retrieved with

2227

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2228

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2229

conn = Connection(Context(TLSv1_METHOD), None)

2230

app_data = object()

2231

conn.set_app_data(app_data)

2232

self.assertIdentical(conn.get_app_data(), app_data)

2233

2234

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2235

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2236

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2237

:py:obj:`Connection.makefile` is not implemented and calling that method raises

2238

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2239

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2240

conn = Connection(Context(TLSv1_METHOD), None)

2241

self.assertRaises(NotImplementedError, conn.makefile)

2242

2243

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2244

def test_get_peer_cert_chain_wrong_args(self):

2245

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2246

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2247

arguments.

2248

"""

2249

conn = Connection(Context(TLSv1_METHOD), None)

2250

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

2251

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

2252

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

2253

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

2254

2255

2256

def test_get_peer_cert_chain(self):

2257

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2258

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2259

the connected server returned for the certification verification.

2260

"""

2261

chain = _create_certificate_chain()

2262

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2263

2264

serverContext = Context(TLSv1_METHOD)

2265

serverContext.use_privatekey(skey)

2266

serverContext.use_certificate(scert)

2267

serverContext.add_extra_chain_cert(icert)

2268

serverContext.add_extra_chain_cert(cacert)

2269

server = Connection(serverContext, None)

2270

server.set_accept_state()

2271

2272

# Create the client

2273

clientContext = Context(TLSv1_METHOD)

2274

clientContext.set_verify(VERIFY_NONE, verify_cb)

2275

client = Connection(clientContext, None)

2276

client.set_connect_state()

2277

2278

self._interactInMemory(client, server)

2279

2280

chain = client.get_peer_cert_chain()

2281

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2282

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2283

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2284

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2285

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2286

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2287

"Authority Certificate", chain[2].get_subject().CN)

2288

2289

2290

def test_get_peer_cert_chain_none(self):

2291

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2292

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2293

certificate chain.

2294

"""

2295

ctx = Context(TLSv1_METHOD)

2296

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2297

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2298

server = Connection(ctx, None)

2299

server.set_accept_state()

2300

client = Connection(Context(TLSv1_METHOD), None)

2301

client.set_connect_state()

2302

self._interactInMemory(client, server)

2303

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2304

2305

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2306

def test_get_session_wrong_args(self):

2307

"""

2308

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

2309

with any arguments.

2310

"""

2311

ctx = Context(TLSv1_METHOD)

2312

server = Connection(ctx, None)

2313

self.assertRaises(TypeError, server.get_session, 123)

2314

self.assertRaises(TypeError, server.get_session, "hello")

2315

self.assertRaises(TypeError, server.get_session, object())

2316

2317

2318

def test_get_session_unconnected(self):

2319

"""

2320

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

2321

an object which has not been connected.

2322

"""

2323

ctx = Context(TLSv1_METHOD)

2324

server = Connection(ctx, None)

2325

session = server.get_session()

2326

self.assertIdentical(None, session)

2327

2328

2329

def test_server_get_session(self):

2330

"""

2331

On the server side of a connection, :py:obj:`Connection.get_session`

2332

returns a :py:class:`Session` instance representing the SSL session for

2333

that connection.

2334

"""

2335

server, client = self._loopback()

2336

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

2337

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2338

2339

2340

def test_client_get_session(self):

2341

"""

2342

On the client side of a connection, :py:obj:`Connection.get_session`

2343

returns a :py:class:`Session` instance representing the SSL session for

2344

that connection.

2345

"""

2346

server, client = self._loopback()

2347

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

2348

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2349

2350

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2351

def test_set_session_wrong_args(self):

2352

"""

2353

If called with an object that is not an instance of :py:class:`Session`,

2354

or with other than one argument, :py:obj:`Connection.set_session` raises

2355

:py:obj:`TypeError`.

2356

"""

2357

ctx = Context(TLSv1_METHOD)

2358

connection = Connection(ctx, None)

2359

self.assertRaises(TypeError, connection.set_session)

2360

self.assertRaises(TypeError, connection.set_session, 123)

2361

self.assertRaises(TypeError, connection.set_session, "hello")

2362

self.assertRaises(TypeError, connection.set_session, object())

2363

self.assertRaises(

2364

TypeError, connection.set_session, Session(), Session())

2365

2366

2367

def test_client_set_session(self):

2368

"""

2369

:py:obj:`Connection.set_session`, when used prior to a connection being

2370

established, accepts a :py:class:`Session` instance and causes an

2371

attempt to re-use the session it represents when the SSL handshake is

2372

performed.

2373

"""

2374

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2375

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2376

ctx = Context(TLSv1_METHOD)

2377

ctx.use_privatekey(key)

2378

ctx.use_certificate(cert)

2379

ctx.set_session_id("unity-test")

2380

2381

def makeServer(socket):

2382

server = Connection(ctx, socket)

2383

server.set_accept_state()

2384

return server

2385

2386

originalServer, originalClient = self._loopback(

2387

serverFactory=makeServer)

2388

originalSession = originalClient.get_session()

2389

2390

def makeClient(socket):

2391

client = self._loopbackClientFactory(socket)

2392

client.set_session(originalSession)

2393

return client

2394

resumedServer, resumedClient = self._loopback(

2395

serverFactory=makeServer,

2396

clientFactory=makeClient)

2397

2398

# This is a proxy: in general, we have no access to any unique

2399

# identifier for the session (new enough versions of OpenSSL expose a

2400

# hash which could be usable, but "new enough" is very, very new).

2401

# Instead, exploit the fact that the master key is re-used if the

2402

# session is re-used. As long as the master key for the two connections

2403

# is the same, the session was re-used!

2404

self.assertEqual(

2405

originalServer.master_key(), resumedServer.master_key())

2406

2407

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2408

def test_set_session_wrong_method(self):

2409

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

2410

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

2411

instance associated with a context using a different SSL method than the

2412

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

2413

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2414

"""

2415

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2416

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2417

ctx = Context(TLSv1_METHOD)

2418

ctx.use_privatekey(key)

2419

ctx.use_certificate(cert)

2420

ctx.set_session_id("unity-test")

2421

2422

def makeServer(socket):

2423

server = Connection(ctx, socket)

2424

server.set_accept_state()

2425

return server

2426

2427

originalServer, originalClient = self._loopback(

2428

serverFactory=makeServer)

2429

originalSession = originalClient.get_session()

2430

2431

def makeClient(socket):

2432

# Intentionally use a different, incompatible method here.

2433

client = Connection(Context(SSLv3_METHOD), socket)

2434

client.set_connect_state()

2435

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

2441

2442

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2443

def test_wantWriteError(self):

2444

"""

2445

:py:obj:`Connection` methods which generate output raise

2446

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

2447

fail indicating a should-write state.

2448

"""

2449

client_socket, server_socket = socket_pair()

2450

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2451

# anything. Only write a single byte at a time so we can be sure we

2452

# completely fill the buffer. Even though the socket API is allowed to

2453

# signal a short write via its return value it seems this doesn't

2454

# always happen on all platforms (FreeBSD and OS X particular) for the

2455

# very last bit of available buffer space.

2456

msg = b"x"

2457

for i in range(1024 * 1024 * 4):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2458

try:

2459

client_socket.send(msg)

2460

except error as e:

2461

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

2467

2468

ctx = Context(TLSv1_METHOD)

2469

conn = Connection(ctx, client_socket)

2470

# Client's speak first, so make it an SSL client

2471

conn.set_connect_state()

2472

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2476

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2477

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2478

:py:obj:`Connection.get_finished` returns :py:obj:`None` before TLS

2479

handshake is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2480

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2481

ctx = Context(TLSv1_METHOD)

2482

connection = Connection(ctx, None)

2483

self.assertEqual(connection.get_finished(), None)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2484

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2485

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2486

def test_get_peer_finished_before_connect(self):

2487

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2488

:py:obj:`Connection.get_peer_finished` returns :py:obj:`None` before

2489

TLS handshake is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2490

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2491

ctx = Context(TLSv1_METHOD)

2492

connection = Connection(ctx, None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2493

self.assertEqual(connection.get_peer_finished(), None)

2494

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2495

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2496

def test_get_finished(self):

2497

"""

2498

:py:obj:`Connection.get_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2499

message send from client, or server. Finished messages are send during

2500

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2501

"""

2502

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2503

server, client = self._loopback()

2504

2505

self.assertNotEqual(server.get_finished(), None)

2506

self.assertTrue(len(server.get_finished()) > 0)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2507

Jean-Paul Calderone

d979f23

2014-03-30 11:58:00 -0400

[diff] [blame]

2508

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2509

def test_get_peer_finished(self):

2510

"""

2511

:py:obj:`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2512

message received from client, or server. Finished messages are send

2513

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2514

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2515

server, client = self._loopback()

2516

2517

self.assertNotEqual(server.get_peer_finished(), None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2518

self.assertTrue(len(server.get_peer_finished()) > 0)

2519

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2520

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2521

def test_tls_finished_message_symmetry(self):

2522

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2523

The TLS Finished message send by server must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2524

received by client.

2525

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2526

The TLS Finished message send by client must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2527

received by server.

2528

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2529

server, client = self._loopback()

2530

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2531

self.assertEqual(server.get_finished(), client.get_peer_finished())

2532

self.assertEqual(client.get_finished(), server.get_peer_finished())

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2533

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2534

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2535

def test_get_cipher_name_before_connect(self):

2536

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2537

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None` if no

2538

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2539

"""

2540

ctx = Context(TLSv1_METHOD)

2541

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2542

self.assertIdentical(conn.get_cipher_name(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2543

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2544

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2545

def test_get_cipher_name(self):

2546

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2547

:py:obj:`Connection.get_cipher_name` returns a :py:class:`unicode`

2548

string giving the name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2549

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2550

server, client = self._loopback()

2551

server_cipher_name, client_cipher_name = \

2552

server.get_cipher_name(), client.get_cipher_name()

2553

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2554

self.assertIsInstance(server_cipher_name, text_type)

2555

self.assertIsInstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2556

2557

self.assertEqual(server_cipher_name, client_cipher_name)

2558

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2559

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2560

def test_get_cipher_version_before_connect(self):

2561

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2562

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None` if no

2563

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2564

"""

2565

ctx = Context(TLSv1_METHOD)

2566

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2567

self.assertIdentical(conn.get_cipher_version(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2568

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2569

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2570

def test_get_cipher_version(self):

2571

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2572

:py:obj:`Connection.get_cipher_version` returns a :py:class:`unicode`

2573

string giving the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2574

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2575

server, client = self._loopback()

2576

server_cipher_version, client_cipher_version = \

2577

server.get_cipher_version(), client.get_cipher_version()

2578

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2579

self.assertIsInstance(server_cipher_version, text_type)

2580

self.assertIsInstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2581

2582

self.assertEqual(server_cipher_version, client_cipher_version)

2583

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2584

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2585

def test_get_cipher_bits_before_connect(self):

2586

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2587

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None` if no

2588

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2589

"""

2590

ctx = Context(TLSv1_METHOD)

2591

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2592

self.assertIdentical(conn.get_cipher_bits(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2593

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2594

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2595

def test_get_cipher_bits(self):

2596

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2597

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits

2598

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2599

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2600

server, client = self._loopback()

2601

server_cipher_bits, client_cipher_bits = \

2602

server.get_cipher_bits(), client.get_cipher_bits()

2603

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2604

self.assertIsInstance(server_cipher_bits, int)

2605

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2606

2607

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2608

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2609

2610

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2611

class ConnectionGetCipherListTests(TestCase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2612

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2613

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2614

"""

Jean-Paul Calderone

54a2bc0

2010-09-09 17:52:38 -0400

[diff] [blame]

2615

def test_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2616

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2617

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2618

arguments.

2619

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2620

connection = Connection(Context(TLSv1_METHOD), None)

2621

self.assertRaises(TypeError, connection.get_cipher_list, None)

2622

2623

2624

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2625

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2626

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2627

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2628

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2629

connection = Connection(Context(TLSv1_METHOD), None)

2630

ciphers = connection.get_cipher_list()

2631

self.assertTrue(isinstance(ciphers, list))

2632

for cipher in ciphers:

2633

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2637

class ConnectionSendTests(TestCase, _LoopbackMixin):

2638

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2639

Tests for :py:obj:`Connection.send`

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2640

"""

2641

def test_wrong_args(self):

2642

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2643

When called with arguments other than string argument for its first

2644

parameter or more than two arguments, :py:obj:`Connection.send` raises

2645

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2646

"""

2647

connection = Connection(Context(TLSv1_METHOD), None)

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2648

self.assertRaises(TypeError, connection.send)

2649

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2650

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2651

2652

2653

def test_short_bytes(self):

2654

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2655

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2656

and returns the number of bytes sent.

2657

"""

2658

server, client = self._loopback()

2659

count = server.send(b('xy'))

2660

self.assertEquals(count, 2)

2661

self.assertEquals(client.recv(2), b('xy'))

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2667

else:

2668

def test_short_memoryview(self):

2669

"""

2670

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2671

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2672

bytes sent.

2673

"""

2674

server, client = self._loopback()

2675

count = server.send(memoryview(b('xy')))

2676

self.assertEquals(count, 2)

2677

self.assertEquals(client.recv(2), b('xy'))

2678

2679

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffer without buffer"

2684

else:

2685

def test_short_buffer(self):

2686

"""

2687

When passed a buffer containing a small number of bytes,

2688

:py:obj:`Connection.send` transmits all of them and returns the number of

2689

bytes sent.

2690

"""

2691

server, client = self._loopback()

2692

count = server.send(buffer(b('xy')))

2693

self.assertEquals(count, 2)

2694

self.assertEquals(client.recv(2), b('xy'))

2695

2696

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2697

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2698

def _make_memoryview(size):

2699

"""

2700

Create a new ``memoryview`` wrapped around a ``bytearray`` of the given

2701

size.

2702

"""

2703

return memoryview(bytearray(size))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2707

class ConnectionRecvIntoTests(TestCase, _LoopbackMixin):

2708

"""

2709

Tests for :py:obj:`Connection.recv_into`

2710

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2711

def _no_length_test(self, factory):

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2712

"""

2713

Assert that when the given buffer is passed to

2714

``Connection.recv_into``, whatever bytes are available to be received

2715

that fit into that buffer are written into that buffer.

2716

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2717

output_buffer = factory(5)

2718

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2719

server, client = self._loopback()

2720

server.send(b('xy'))

2721

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2722

self.assertEqual(client.recv_into(output_buffer), 2)

2723

self.assertEqual(output_buffer, bytearray(b('xy\x00\x00\x00')))

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2724

2725

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2726

def test_bytearray_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2727

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2728

:py:obj:`Connection.recv_into` can be passed a ``bytearray`` instance

2729

and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2730

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2731

self._no_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2732

2733

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2734

def _respects_length_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2735

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2736

Assert that when the given buffer is passed to ``Connection.recv_into``

2737

along with a value for ``nbytes`` that is less than the size of that

2738

buffer, only ``nbytes`` bytes are written into the buffer.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2739

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2740

output_buffer = factory(10)

2741

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2742

server, client = self._loopback()

2743

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2744

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2745

self.assertEqual(client.recv_into(output_buffer, 5), 5)

2746

self.assertEqual(

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2747

output_buffer, bytearray(b('abcde\x00\x00\x00\x00\x00'))

)

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2751

def test_bytearray_respects_length(self):

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2752

"""

2753

When called with a ``bytearray`` instance,

2754

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter and

2755

doesn't copy in more than that number of bytes.

2756

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2757

self._respects_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2758

2759

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2760

def _doesnt_overfill_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2761

"""

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2762

Assert that if there are more bytes available to be read from the

2763

receive buffer than would fit into the buffer passed to

2764

:py:obj:`Connection.recv_into`, only as many as fit are written into

2765

it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2766

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2767

output_buffer = factory(5)

2768

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2769

server, client = self._loopback()

2770

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2771

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2772

self.assertEqual(client.recv_into(output_buffer), 5)

2773

self.assertEqual(output_buffer, bytearray(b('abcde')))

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2774

rest = client.recv(5)

2775

self.assertEqual(b('fghij'), rest)

2776

2777

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2778

def test_bytearray_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2779

"""

2780

When called with a ``bytearray`` instance,

2781

:py:obj:`Connection.recv_into` respects the size of the array and

2782

doesn't write more bytes into it than will fit.

2783

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2784

self._doesnt_overfill_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2785

2786

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2787

def _really_doesnt_overfill_test(self, factory):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2788

"""

2789

Assert that if the value given by ``nbytes`` is greater than the actual

2790

size of the output buffer passed to :py:obj:`Connection.recv_into`, the

2791

behavior is as if no value was given for ``nbytes`` at all.

2792

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2793

output_buffer = factory(5)

2794

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2795

server, client = self._loopback()

2796

server.send(b('abcdefghij'))

2797

2798

self.assertEqual(client.recv_into(output_buffer, 50), 5)

2799

self.assertEqual(output_buffer, bytearray(b('abcde')))

2800

rest = client.recv(5)

2801

self.assertEqual(b('fghij'), rest)

2802

2803

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2804

def test_bytearray_really_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2805

"""

2806

When called with a ``bytearray`` instance and an ``nbytes`` value that

2807

is too large, :py:obj:`Connection.recv_into` respects the size of the

2808

array and not the ``nbytes`` value and doesn't write more bytes into

2809

the buffer than will fit.

2810

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2811

self._doesnt_overfill_test(bytearray)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2812

2813

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

try:

memoryview

except NameError:

"cannot test recv_into memoryview without memoryview"

2818

else:

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2819

def test_memoryview_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2820

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2821

:py:obj:`Connection.recv_into` can be passed a ``memoryview``

2822

instance and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2823

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2824

self._no_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2825

2826

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2827

def test_memoryview_respects_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2828

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2829

When called with a ``memoryview`` instance,

2830

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter

2831

and doesn't copy more than that number of bytes in.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2832

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2833

self._respects_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2834

2835

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2836

def test_memoryview_doesnt_overfill(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2837

"""

Jean-Paul Calderone

8fd8255

2015-03-15 17:21:07 -0400

[diff] [blame]

2838

When called with a ``memoryview`` instance,

2839

:py:obj:`Connection.recv_into` respects the size of the array and

2840

doesn't write more bytes into it than will fit.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2841

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2842

self._doesnt_overfill_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2843

2844

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2845

def test_memoryview_really_doesnt_overfill(self):

2846

"""

2847

When called with a ``memoryview`` instance and an ``nbytes`` value

2848

that is too large, :py:obj:`Connection.recv_into` respects the size

2849

of the array and not the ``nbytes`` value and doesn't write more

2850

bytes into the buffer than will fit.

2851

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2852

self._doesnt_overfill_test(_make_memoryview)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2853

2854

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2855

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2856

class ConnectionSendallTests(TestCase, _LoopbackMixin):

2857

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2858

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2859

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2860

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2861

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2862

When called with arguments other than a string argument for its first

2863

parameter or with more than two arguments, :py:obj:`Connection.sendall`

2864

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2865

"""

2866

connection = Connection(Context(TLSv1_METHOD), None)

2867

self.assertRaises(TypeError, connection.sendall)

2868

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2869

self.assertRaises(

2870

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2871

2872

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2873

def test_short(self):

2874

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2875

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2876

it.

2877

"""

2878

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

2879

server.sendall(b('x'))

2880

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2881

2882

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2887

else:

2888

def test_short_memoryview(self):

2889

"""

2890

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2891

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2892

"""

2893

server, client = self._loopback()

2894

server.sendall(memoryview(b('x')))

2895

self.assertEquals(client.recv(1), b('x'))

2896

2897

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffers without buffers"

2902

else:

2903

def test_short_buffers(self):

2904

"""

2905

When passed a buffer containing a small number of bytes,

2906

:py:obj:`Connection.sendall` transmits all of them.

2907

"""

2908

server, client = self._loopback()

2909

server.sendall(buffer(b('x')))

2910

self.assertEquals(client.recv(1), b('x'))

2911

2912

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2913

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2914

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2915

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2916

it even if this requires multiple calls of an underlying write function.

2917

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2918

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

2919

# Should be enough, underlying SSL_write should only do 16k at a time.

2920

# On Windows, after 32k of bytes the write will block (forever - because

2921

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

2922

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2923

server.sendall(message)

2924

accum = []

2925

received = 0

2926

while received < len(message):

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

2927

data = client.recv(1024)

2928

accum.append(data)

2929

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

2930

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2931

2932

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2933

def test_closed(self):

2934

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2935

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2936

write error from the low level write call.

2937

"""

2938

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

2939

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2940

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2941

if platform == "win32":

2942

self.assertEqual(exc.args[0], ESHUTDOWN)

2943

else:

2944

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2945

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2946

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2947

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2948

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

2949

"""

2950

Tests for SSL renegotiation APIs.

2951

"""

2952

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2953

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2954

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2955

arguments.

2956

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2957

connection = Connection(Context(TLSv1_METHOD), None)

2958

self.assertRaises(TypeError, connection.renegotiate, None)

2959

2960

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2961

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2962

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2963

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2964

any arguments.

2965

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2966

connection = Connection(Context(TLSv1_METHOD), None)

2967

self.assertRaises(TypeError, connection.total_renegotiations, None)

2968

2969

2970

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2971

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2972

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2973

renegotiations have happened.

2974

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2975

connection = Connection(Context(TLSv1_METHOD), None)

2976

self.assertEquals(connection.total_renegotiations(), 0)

2977

2978

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2979

# def test_renegotiate(self):

2980

# """

2981

# """

2982

# server, client = self._loopback()

2983

2984

# server.send("hello world")

2985

# self.assertEquals(client.recv(len("hello world")), "hello world")

2986

2987

# self.assertEquals(server.total_renegotiations(), 0)

2988

# self.assertTrue(server.renegotiate())

2989

2990

# server.setblocking(False)

2991

# client.setblocking(False)

2992

# while server.renegotiate_pending():

2993

# client.do_handshake()

2994

# server.do_handshake()

2995

2996

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3001

class ErrorTests(TestCase):

3002

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3003

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3004

"""

3005

def test_type(self):

3006

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3007

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3008

"""

3009

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

3010

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3014

class ConstantsTests(TestCase):

3015

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3016

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3017

3018

These are values defined by OpenSSL intended only to be used as flags to

3019

OpenSSL APIs. The only assertions it seems can be made about them is

3020

their values.

3021

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3022

# unittest.TestCase has no skip mechanism

3023

if OP_NO_QUERY_MTU is not None:

3024

def test_op_no_query_mtu(self):

3025

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3026

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

3027

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3028

"""

3029

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

3030

else:

3031

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3032

3033

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3034

if OP_COOKIE_EXCHANGE is not None:

3035

def test_op_cookie_exchange(self):

3036

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3037

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

3038

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3039

"""

3040

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

3041

else:

3042

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3043

3044

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3045

if OP_NO_TICKET is not None:

3046

def test_op_no_ticket(self):

3047

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3048

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

3049

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3050

"""

3051

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

3052

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3053

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

3054

3055

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

3056

if OP_NO_COMPRESSION is not None:

3057

def test_op_no_compression(self):

3058

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

3059

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

3060

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

3061

"""

3062

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

3063

else:

3064

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

3065

3066

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3067

def test_sess_cache_off(self):

3068

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3069

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

3070

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3071

"""

3072

self.assertEqual(0x0, SESS_CACHE_OFF)

3073

3074

3075

def test_sess_cache_client(self):

3076

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3077

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

3078

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3079

"""

3080

self.assertEqual(0x1, SESS_CACHE_CLIENT)

3081

3082

3083

def test_sess_cache_server(self):

3084

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3085

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

3086

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3087

"""

3088

self.assertEqual(0x2, SESS_CACHE_SERVER)

3089

3090

3091

def test_sess_cache_both(self):

3092

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3093

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

3094

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3095

"""

3096

self.assertEqual(0x3, SESS_CACHE_BOTH)

3097

3098

3099

def test_sess_cache_no_auto_clear(self):

3100

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3101

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

3102

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

3103

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3104

"""

3105

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

3106

3107

3108

def test_sess_cache_no_internal_lookup(self):

3109

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3110

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

3111

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

3112

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3113

"""

3114

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

3115

3116

3117

def test_sess_cache_no_internal_store(self):

3118

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3119

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

3120

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

3121

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3122

"""

3123

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

3124

3125

3126

def test_sess_cache_no_internal(self):

3127

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3128

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

3129

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

3130

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3131

"""

3132

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

3133

3134

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

3135

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3136

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3137

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3138

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3139

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3140

def _server(self, sock):

3141

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3142

Create a new server-side SSL :py:obj:`Connection` object wrapped around

3143

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3144

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3145

# Create the server side Connection. This is mostly setup boilerplate

3146

# - use TLSv1, use a particular certificate, etc.

3147

server_ctx = Context(TLSv1_METHOD)

3148

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

3149

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

3150

server_store = server_ctx.get_cert_store()

3151

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

3152

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

3153

server_ctx.check_privatekey()

3154

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3155

# Here the Connection is actually created. If None is passed as the 2nd

3156

# parameter, it indicates a memory BIO should be created.

3157

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3158

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3162

def _client(self, sock):

3163

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3164

Create a new client-side SSL :py:obj:`Connection` object wrapped around

3165

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3166

"""

3167

# Now create the client side Connection. Similar boilerplate to the

3168

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3169

client_ctx = Context(TLSv1_METHOD)

3170

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

3171

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

3172

client_store = client_ctx.get_cert_store()

3173

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

3174

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

3175

client_ctx.check_privatekey()

3176

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3177

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3178

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3182

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3183

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3184

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3185

reading from the output of each and writing those bytes to the input of

3186

the other and in this way establish a connection and exchange

3187

application-level bytes with each other.

3188

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3189

server_conn = self._server(None)

3190

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3191

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3192

# There should be no key or nonces yet.

3193

self.assertIdentical(server_conn.master_key(), None)

3194

self.assertIdentical(server_conn.client_random(), None)

3195

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3196

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3197

# First, the handshake needs to happen. We'll deliver bytes back and

3198

# forth between the client and server until neither of them feels like

3199

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3200

self.assertIdentical(

3201

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3202

3203

# Now that the handshake is done, there should be a key and nonces.

3204

self.assertNotIdentical(server_conn.master_key(), None)

3205

self.assertNotIdentical(server_conn.client_random(), None)

3206

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

3207

self.assertEquals(server_conn.client_random(), client_conn.client_random())

3208

self.assertEquals(server_conn.server_random(), client_conn.server_random())

3209

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

3210

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3211

3212

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

3213

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3214

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3215

server_conn.write(important_message)

3216

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3217

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3218

(client_conn, important_message))

3219

3220

client_conn.write(important_message[::-1])

3221

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3222

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3223

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3224

3225

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3226

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3227

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3228

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3229

3230

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3231

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3232

this test fails, there must be a problem outside the memory BIO

3233

code, as no memory BIO is involved here). Even though this isn't a

3234

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3235

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

3236

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3237

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

3238

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3239

client_conn.send(important_message)

3240

msg = server_conn.recv(1024)

3241

self.assertEqual(msg, important_message)

3242

3243

# Again in the other direction, just for fun.

3244

important_message = important_message[::-1]

3245

server_conn.send(important_message)

3246

msg = client_conn.recv(1024)

3247

self.assertEqual(msg, important_message)

3248

3249

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

3250

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3251

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3252

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

3253

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3254

"""

3255

context = Context(SSLv3_METHOD)

3256

client = socket()

3257

clientSSL = Connection(context, client)

3258

self.assertRaises( TypeError, clientSSL.bio_read, 100)

3259

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

3260

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3261

3262

3263

def test_outgoingOverflow(self):

3264

"""

3265

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3266

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3267

returned and that many bytes from the beginning of the input can be

3268

read from the other end of the connection.

3269

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3270

server = self._server(None)

3271

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3272

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3273

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3274

3275

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

3276

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3277

# Sanity check. We're trying to test what happens when the entire

3278

# input can't be sent. If the entire input was sent, this test is

3279

# meaningless.

3280

self.assertTrue(sent < size)

3281

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3282

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3283

self.assertIdentical(receiver, server)

3284

3285

# We can rely on all of these bytes being received at once because

3286

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

3287

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3288

3289

3290

def test_shutdown(self):

3291

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3292

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

3293

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3294

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3295

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3296

server.bio_shutdown()

3297

e = self.assertRaises(Error, server.recv, 1024)

3298

# We don't want WantReadError or ZeroReturnError or anything - it's a

3299

# handshake failure.

3300

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3301

3302

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3303

def test_unexpectedEndOfFile(self):

3304

"""

3305

If the connection is lost before an orderly SSL shutdown occurs,

3306

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

3307

"Unexpected EOF".

3308

"""

3309

server_conn, client_conn = self._loopback()

3310

client_conn.sock_shutdown(SHUT_RDWR)

3311

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

3312

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

3313

3314

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3315

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3316

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3317

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3318

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

3319

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3320

before the client and server are connected to each other. This

3321

function should specify a list of CAs for the server to send to the

3322

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3323

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3324

times.

3325

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3326

server = self._server(None)

3327

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3328

self.assertEqual(client.get_client_ca_list(), [])

3329

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3330

ctx = server.get_context()

3331

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3332

self.assertEqual(client.get_client_ca_list(), [])

3333

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3334

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3335

self.assertEqual(client.get_client_ca_list(), expected)

3336

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3337

3338

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3339

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3340

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3341

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3342

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3343

"""

3344

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3345

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

3346

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

3347

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3348

3349

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3350

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3351

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3352

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3353

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3354

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3355

after the connection is set up.

3356

"""

3357

def no_ca(ctx):

3358

ctx.set_client_ca_list([])

3359

return []

3360

self._check_client_ca_list(no_ca)

3361

3362

3363

def test_set_one_ca_list(self):

3364

"""

3365

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3366

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3367

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3368

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3369

X509Name after the connection is set up.

3370

"""

3371

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3372

cadesc = cacert.get_subject()

3373

def single_ca(ctx):

3374

ctx.set_client_ca_list([cadesc])

3375

return [cadesc]

3376

self._check_client_ca_list(single_ca)

3377

3378

3379

def test_set_multiple_ca_list(self):

3380

"""

3381

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3382

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3383

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3384

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3385

X509Names after the connection is set up.

3386

"""

3387

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3388

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3389

3390

sedesc = secert.get_subject()

3391

cldesc = clcert.get_subject()

3392

3393

def multiple_ca(ctx):

3394

L = [sedesc, cldesc]

3395

ctx.set_client_ca_list(L)

3396

return L

3397

self._check_client_ca_list(multiple_ca)

3398

3399

3400

def test_reset_ca_list(self):

3401

"""

3402

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3403

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3404

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3405

"""

3406

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3407

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3408

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3409

3410

cadesc = cacert.get_subject()

3411

sedesc = secert.get_subject()

3412

cldesc = clcert.get_subject()

3413

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3414

def changed_ca(ctx):

3415

ctx.set_client_ca_list([sedesc, cldesc])

3416

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3417

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3418

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3419

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3420

3421

def test_mutated_ca_list(self):

3422

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3423

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3424

afterwards, this does not affect the list of CA names sent to the

3425

client.

3426

"""

3427

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3428

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3429

3430

cadesc = cacert.get_subject()

3431

sedesc = secert.get_subject()

3432

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3433

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3434

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3435

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3436

L.append(sedesc)

3437

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3438

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3439

3440

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3441

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3442

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3443

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3444

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3445

"""

3446

ctx = Context(TLSv1_METHOD)

3447

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3448

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3449

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3450

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3451

3452

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3453

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3454

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3455

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3456

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3457

"""

3458

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3459

cadesc = cacert.get_subject()

3460

def single_ca(ctx):

3461

ctx.add_client_ca(cacert)

3462

return [cadesc]

3463

self._check_client_ca_list(single_ca)

3464

3465

3466

def test_multiple_add_client_ca(self):

3467

"""

3468

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3469

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3470

"""

3471

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3472

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3473

3474

cadesc = cacert.get_subject()

3475

sedesc = secert.get_subject()

3476

3477

def multiple_ca(ctx):

3478

ctx.add_client_ca(cacert)

3479

ctx.add_client_ca(secert)

3480

return [cadesc, sedesc]

3481

self._check_client_ca_list(multiple_ca)

3482

3483

3484

def test_set_and_add_client_ca(self):

3485

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3486

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

3487

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3488

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3489

"""

3490

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3491

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3492

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3493

3494

cadesc = cacert.get_subject()

3495

sedesc = secert.get_subject()

3496

cldesc = clcert.get_subject()

3497

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3498

def mixed_set_add_ca(ctx):

3499

ctx.set_client_ca_list([cadesc, sedesc])

3500

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3501

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3502

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3503

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3504

3505

def test_set_after_add_client_ca(self):

3506

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3507

A call to :py:obj:`Context.set_client_ca_list` after a call to

3508

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3509

call with the names specified by the latter cal.

3510

"""

3511

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3512

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3513

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3514

3515

cadesc = cacert.get_subject()

3516

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3517

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3518

def set_replaces_add_ca(ctx):

3519

ctx.add_client_ca(clcert)

3520

ctx.set_client_ca_list([cadesc])

3521

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3522

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3523

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3524

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3525

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3526

3527

class ConnectionBIOTests(TestCase):

3528

"""

3529

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

3530

"""

3531

def test_wantReadError(self):

3532

"""

3533

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

3534

if there are no bytes available to be read from the BIO.

3535

"""

3536

ctx = Context(TLSv1_METHOD)

3537

conn = Connection(ctx, None)

3538

self.assertRaises(WantReadError, conn.bio_read, 1024)

3539

3540

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3541

def test_buffer_size(self):

3542

"""

3543

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

3544

number of bytes to read and return.

3545

"""

3546

ctx = Context(TLSv1_METHOD)

3547

conn = Connection(ctx, None)

3548

conn.set_connect_state()

3549

try:

3550

conn.do_handshake()

3551

except WantReadError:

3552

pass

3553

data = conn.bio_read(2)

3554

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

3559

"""

3560

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

3561

:py:obj:`long` as well as :py:obj:`int`.

3562

"""

3563

ctx = Context(TLSv1_METHOD)

3564

conn = Connection(ctx, None)

3565

conn.set_connect_state()

3566

try:

3567

conn.do_handshake()

3568

except WantReadError:

3569

pass

3570

data = conn.bio_read(long(2))

3571

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3575

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

3576

class InfoConstantTests(TestCase):

3577

"""

3578

Tests for assorted constants exposed for use in info callbacks.

3579

"""

3580

def test_integers(self):

3581

"""

3582

All of the info constants are integers.

3583

3584

This is a very weak test. It would be nice to have one that actually

3585

verifies that as certain info events happen, the value passed to the

3586

info callback matches up with the constant exposed by OpenSSL.SSL.

3587

"""

3588

for const in [

3589

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

3590

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

3591

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

3592

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

3593

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

3594

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

3595

3596

self.assertTrue(isinstance(const, int))

3597

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3598

Jean-Paul Calderone