Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

5

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

8

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

9

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

10

from sys import platform, version_info, getfilesystemencoding

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

11

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

12

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

13

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

14

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

15

from weakref import ref

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

16

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

17

from six import PY3, text_type, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

18

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

19

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

20

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

21

from OpenSSL.crypto import dump_privatekey, load_privatekey

22

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

23

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

24

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

25

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

26

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

27

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

28

from OpenSSL.SSL import (

29

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

30

TLSv1_1_METHOD, TLSv1_2_METHOD)

31

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

32

from OpenSSL.SSL import (

33

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

34

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

35

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

36

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

37

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

38

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

39

40

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

41

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

42

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

43

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

44

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

45

from OpenSSL.test.util import NON_ASCII, TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

46

from OpenSSL.test.test_crypto import (

47

cleartextCertificatePEM, cleartextPrivateKeyPEM)

48

from OpenSSL.test.test_crypto import (

49

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

50

root_cert_pem)

51

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

52

try:

53

from OpenSSL.SSL import OP_NO_QUERY_MTU

54

except ImportError:

55

OP_NO_QUERY_MTU = None

56

try:

57

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

58

except ImportError:

59

OP_COOKIE_EXCHANGE = None

60

try:

61

from OpenSSL.SSL import OP_NO_TICKET

62

except ImportError:

63

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

64

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

65

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

66

from OpenSSL.SSL import OP_NO_COMPRESSION

67

except ImportError:

68

OP_NO_COMPRESSION = None

69

70

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

71

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

72

except ImportError:

73

MODE_RELEASE_BUFFERS = None

74

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

75

try:

76

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

77

except ImportError:

78

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

79

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

80

from OpenSSL.SSL import (

81

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

82

SSL_ST_OK, SSL_ST_RENEGOTIATE,

83

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

84

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

85

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

86

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

87

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

88

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

89

# to use)

90

dhparam = """\

91

-----BEGIN DH PARAMETERS-----

92

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

93

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2015-04-12 11:38:49 -0400

[diff] [blame]

97

def join_bytes_or_unicode(prefix, suffix):

98

"""

99

Join two path components of either ``bytes`` or ``unicode``.

100

101

The return type is the same as the type of ``prefix``.

102

"""

103

# If the types are the same, nothing special is necessary.

104

if type(prefix) == type(suffix):

105

return join(prefix, suffix)

106

107

# Otherwise, coerce suffix to the type of prefix.

108

if isinstance(prefix, text_type):

109

return join(prefix, suffix.decode(getfilesystemencoding()))

110

else:

111

return join(prefix, suffix.encode(getfilesystemencoding()))

112

113

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

114

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

115

return ok

116

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

117

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

118

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

119

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

120

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

121

"""

122

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

128

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

129

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

130

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

131

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

132

# Let's pass some unencrypted data to make sure our socket connection is

133

# fine. Just one byte, so we don't have to worry about buffers getting

134

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

135

server.send(b("x"))

136

assert client.recv(1024) == b("x")

137

client.send(b("y"))

138

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

139

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

140

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

141

server.setblocking(False)

142

client.setblocking(False)

143

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

144

return (server, client)

145

146

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

147

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

148

def handshake(client, server):

149

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

160

def _create_certificate_chain():

161

"""

162

Construct and return a chain of certificates.

163

164

1. A new self-signed certificate authority certificate (cacert)

165

2. A new intermediate certificate signed by cacert (icert)

166

3. A new server certificate signed by icert (scert)

167

"""

168

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

173

cacert = X509()

174

cacert.get_subject().commonName = "Authority Certificate"

175

cacert.set_issuer(cacert.get_subject())

176

cacert.set_pubkey(cakey)

177

cacert.set_notBefore(b("20000101000000Z"))

178

cacert.set_notAfter(b("20200101000000Z"))

179

cacert.add_extensions([caext])

180

cacert.set_serial_number(0)

181

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

186

icert = X509()

187

icert.get_subject().commonName = "Intermediate Certificate"

188

icert.set_issuer(cacert.get_subject())

189

icert.set_pubkey(ikey)

190

icert.set_notBefore(b("20000101000000Z"))

191

icert.set_notAfter(b("20200101000000Z"))

192

icert.add_extensions([caext])

193

icert.set_serial_number(0)

194

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

199

scert = X509()

200

scert.get_subject().commonName = "Server Certificate"

201

scert.set_issuer(icert.get_subject())

202

scert.set_pubkey(skey)

203

scert.set_notBefore(b("20000101000000Z"))

204

scert.set_notAfter(b("20200101000000Z"))

205

scert.add_extensions([

206

X509Extension(b('basicConstraints'), True, b('CA:false'))])

207

scert.set_serial_number(0)

208

scert.sign(ikey, "sha1")

209

210

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

214

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

215

"""

216

Helper mixin which defines methods for creating a connected socket pair and

217

for forcing two connected SSL sockets to talk to each other via memory BIOs.

218

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

219

def _loopbackClientFactory(self, socket):

220

client = Connection(Context(TLSv1_METHOD), socket)

221

client.set_connect_state()

222

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

223

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

224

225

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

226

ctx = Context(TLSv1_METHOD)

227

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

228

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

229

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

230

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

235

if serverFactory is None:

236

serverFactory = self._loopbackServerFactory

237

if clientFactory is None:

238

clientFactory = self._loopbackClientFactory

239

240

(server, client) = socket_pair()

241

server = serverFactory(server)

242

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

243

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

244

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

245

246

server.setblocking(True)

247

client.setblocking(True)

248

return server, client

249

250

251

def _interactInMemory(self, client_conn, server_conn):

252

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

253

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

254

objects. Copy bytes back and forth between their send/receive buffers

255

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

256

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

257

some application bytes, return a two-tuple of the connection from which

258

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

263

wrote = False

264

265

# Copy stuff from each side's send buffer to the other side's

266

# receive buffer.

267

for (read, write) in [(client_conn, server_conn),

268

(server_conn, client_conn)]:

269

270

# Give the side a chance to generate some more bytes, or

271

# succeed.

272

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

273

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

274

except WantReadError:

275

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

280

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

281

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

282

283

while True:

284

# Keep copying as long as there's more stuff there.

285

try:

286

dirty = read.bio_read(4096)

287

except WantReadError:

288

# Okay, nothing more waiting to be sent. Stop

289

# processing this send buffer.

290

break

291

else:

292

# Keep track of the fact that someone generated some

293

# output.

294

wrote = True

295

write.bio_write(dirty)

296

297

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

298

def _handshakeInMemory(self, client_conn, server_conn):

Jean-Paul Calderone

b2b4078

2014-05-06 08:47:40 -0400

[diff] [blame]

299

"""

300

Perform the TLS handshake between two :py:class:`Connection` instances

301

connected to each other via memory BIOs.

302

"""

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

303

client_conn.set_connect_state()

304

server_conn.set_accept_state()

305

306

for conn in [client_conn, server_conn]:

307

try:

308

conn.do_handshake()

309

except WantReadError:

310

pass

311

312

self._interactInMemory(client_conn, server_conn)

313

314

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

315

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

316

class VersionTests(TestCase):

317

"""

318

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

319

:py:obj:`OpenSSL.SSL.SSLeay_version` and

320

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

321

"""

322

def test_OPENSSL_VERSION_NUMBER(self):

323

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

324

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

325

byte and the patch, fix, minor, and major versions in the

326

nibbles above that.

327

"""

328

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

329

330

331

def test_SSLeay_version(self):

332

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

333

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

334

one of a number of version strings based on that indicator.

335

"""

336

versions = {}

337

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

338

SSLEAY_PLATFORM, SSLEAY_DIR]:

339

version = SSLeay_version(t)

340

versions[version] = t

341

self.assertTrue(isinstance(version, bytes))

342

self.assertEqual(len(versions), 5)

343

344

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

345

346

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

347

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

348

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

349

"""

350

def test_method(self):

351

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

352

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

353

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

354

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

355

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

356

methods = [

357

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

358

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

359

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

360

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

361

362

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

367

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

368

# don't. Difficult to say in advance.

369

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

370

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

371

self.assertRaises(TypeError, Context, "")

372

self.assertRaises(ValueError, Context, 10)

373

374

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

375

if not PY3:

376

def test_method_long(self):

377

"""

378

On Python 2 :py:class:`Context` accepts values of type

379

:py:obj:`long` as well as :py:obj:`int`.

380

"""

381

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

385

def test_type(self):

386

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

387

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

388

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

389

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

390

self.assertIdentical(Context, ContextType)

391

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

392

393

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

394

def test_use_privatekey(self):

395

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

396

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

397

"""

398

key = PKey()

399

key.generate_key(TYPE_RSA, 128)

400

ctx = Context(TLSv1_METHOD)

401

ctx.use_privatekey(key)

402

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

403

404

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

405

def test_use_privatekey_file_missing(self):

406

"""

407

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

408

when passed the name of a file which does not exist.

409

"""

410

ctx = Context(TLSv1_METHOD)

411

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

412

413

Jean-Paul Calderone

69a4e5b

2015-04-12 10:04:28 -0400

[diff] [blame]

414

def _use_privatekey_file_test(self, pemfile, filetype):

415

"""

416

Verify that calling ``Context.use_privatekey_file`` with the given

417

arguments does not raise an exception.

418

"""

419

key = PKey()

420

key.generate_key(TYPE_RSA, 128)

421

422

with open(pemfile, "wt") as pem:

423

pem.write(

424

dump_privatekey(FILETYPE_PEM, key).decode("ascii")

425

)

426

427

ctx = Context(TLSv1_METHOD)

428

ctx.use_privatekey_file(pemfile, filetype)

429

430

431

def test_use_privatekey_file_bytes(self):

432

"""

433

A private key can be specified from a file by passing a ``bytes``

434

instance giving the file name to ``Context.use_privatekey_file``.

435

"""

436

self._use_privatekey_file_test(

437

self.mktemp() + NON_ASCII.encode(getfilesystemencoding()),

FILETYPE_PEM,

)

def test_use_privatekey_file_unicode(self):

443

"""

444

A private key can be specified from a file by passing a ``unicode``

445

instance giving the file name to ``Context.use_privatekey_file``.

446

"""

447

self._use_privatekey_file_test(

448

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII,

FILETYPE_PEM,

)

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

453

if not PY3:

454

def test_use_privatekey_file_long(self):

455

"""

456

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

457

filetype of type :py:obj:`long` as well as :py:obj:`int`.

458

"""

Jean-Paul Calderone

69a4e5b

2015-04-12 10:04:28 -0400

[diff] [blame]

459

self._use_privatekey_file_test(self.mktemp(), long(FILETYPE_PEM))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

460

461

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

462

def test_use_certificate_wrong_args(self):

463

"""

464

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

465

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

466

argument.

467

"""

468

ctx = Context(TLSv1_METHOD)

469

self.assertRaises(TypeError, ctx.use_certificate)

470

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

471

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

472

473

474

def test_use_certificate_uninitialized(self):

475

"""

476

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

477

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

478

initialized (ie, which does not actually have any certificate data).

479

"""

480

ctx = Context(TLSv1_METHOD)

481

self.assertRaises(Error, ctx.use_certificate, X509())

482

483

484

def test_use_certificate(self):

485

"""

486

:py:obj:`Context.use_certificate` sets the certificate which will be

487

used to identify connections created using the context.

488

"""

489

# TODO

490

# Hard to assert anything. But we could set a privatekey then ask

491

# OpenSSL if the cert and key agree using check_privatekey. Then as

492

# long as check_privatekey works right we're good...

493

ctx = Context(TLSv1_METHOD)

494

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

495

496

497

def test_use_certificate_file_wrong_args(self):

498

"""

499

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

500

called with zero arguments or more than two arguments, or if the first

501

argument is not a byte string or the second argumnent is not an integer.

502

"""

503

ctx = Context(TLSv1_METHOD)

504

self.assertRaises(TypeError, ctx.use_certificate_file)

505

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

506

self.assertRaises(

507

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

508

self.assertRaises(

509

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

510

self.assertRaises(

511

TypeError, ctx.use_certificate_file, b"somefile", object())

512

513

514

def test_use_certificate_file_missing(self):

515

"""

516

:py:obj:`Context.use_certificate_file` raises

517

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

518

exist.

519

"""

520

ctx = Context(TLSv1_METHOD)

521

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

522

523

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

524

def _use_certificate_file_test(self, certificate_file):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

525

"""

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

526

Verify that calling ``Context.use_certificate_file`` with the given

527

filename doesn't raise an exception.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

528

"""

529

# TODO

530

# Hard to assert anything. But we could set a privatekey then ask

531

# OpenSSL if the cert and key agree using check_privatekey. Then as

532

# long as check_privatekey works right we're good...

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

533

with open(certificate_file, "wb") as pem_file:

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

534

pem_file.write(cleartextCertificatePEM)

535

536

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

537

ctx.use_certificate_file(certificate_file)

538

539

540

def test_use_certificate_file_bytes(self):

541

"""

542

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

543

``bytes`` filename) which will be used to identify connections created

544

using the context.

545

"""

546

filename = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

547

self._use_certificate_file_test(filename)

548

549

550

def test_use_certificate_file_unicode(self):

551

"""

552

:py:obj:`Context.use_certificate_file` sets the certificate (given as a

553

``bytes`` filename) which will be used to identify connections created

554

using the context.

555

"""

556

filename = self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

557

self._use_certificate_file_test(filename)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

558

559

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

560

if not PY3:

561

def test_use_certificate_file_long(self):

562

"""

563

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

564

filetype of type :py:obj:`long` as well as :py:obj:`int`.

565

"""

566

pem_filename = self.mktemp()

567

with open(pem_filename, "wb") as pem_file:

568

pem_file.write(cleartextCertificatePEM)

569

570

ctx = Context(TLSv1_METHOD)

571

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

572

573

Jean-Paul Calderone

932f5cc

2014-12-11 13:58:00 -0500

[diff] [blame]

574

def test_check_privatekey_valid(self):

575

"""

576

:py:obj:`Context.check_privatekey` returns :py:obj:`None` if the

577

:py:obj:`Context` instance has been configured to use a matched key and

578

certificate pair.

579

"""

580

key = load_privatekey(FILETYPE_PEM, client_key_pem)

581

cert = load_certificate(FILETYPE_PEM, client_cert_pem)

582

context = Context(TLSv1_METHOD)

583

context.use_privatekey(key)

584

context.use_certificate(cert)

585

self.assertIs(None, context.check_privatekey())

586

587

588

def test_check_privatekey_invalid(self):

589

"""

590

:py:obj:`Context.check_privatekey` raises :py:obj:`Error` if the

591

:py:obj:`Context` instance has been configured to use a key and

592

certificate pair which don't relate to each other.

593

"""

594

key = load_privatekey(FILETYPE_PEM, client_key_pem)

595

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

596

context = Context(TLSv1_METHOD)

597

context.use_privatekey(key)

598

context.use_certificate(cert)

599

self.assertRaises(Error, context.check_privatekey)

600

601

602

def test_check_privatekey_wrong_args(self):

603

"""

604

:py:obj:`Context.check_privatekey` raises :py:obj:`TypeError` if called

605

with other than no arguments.

606

"""

607

context = Context(TLSv1_METHOD)

608

self.assertRaises(TypeError, context.check_privatekey, object())

609

610

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

611

def test_set_app_data_wrong_args(self):

612

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

613

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

614

one argument.

615

"""

616

context = Context(TLSv1_METHOD)

617

self.assertRaises(TypeError, context.set_app_data)

618

self.assertRaises(TypeError, context.set_app_data, None, None)

619

620

621

def test_get_app_data_wrong_args(self):

622

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

623

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

624

arguments.

625

"""

626

context = Context(TLSv1_METHOD)

627

self.assertRaises(TypeError, context.get_app_data, None)

628

629

630

def test_app_data(self):

631

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

632

:py:obj:`Context.set_app_data` stores an object for later retrieval using

633

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

634

"""

635

app_data = object()

636

context = Context(TLSv1_METHOD)

637

context.set_app_data(app_data)

638

self.assertIdentical(context.get_app_data(), app_data)

639

640

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

641

def test_set_options_wrong_args(self):

642

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

643

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

644

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

645

"""

646

context = Context(TLSv1_METHOD)

647

self.assertRaises(TypeError, context.set_options)

648

self.assertRaises(TypeError, context.set_options, None)

649

self.assertRaises(TypeError, context.set_options, 1, None)

650

651

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

652

def test_set_options(self):

653

"""

654

:py:obj:`Context.set_options` returns the new options value.

655

"""

656

context = Context(TLSv1_METHOD)

657

options = context.set_options(OP_NO_SSLv2)

658

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

663

"""

664

On Python 2 :py:obj:`Context.set_options` accepts values of type

665

:py:obj:`long` as well as :py:obj:`int`.

666

"""

667

context = Context(TLSv1_METHOD)

668

options = context.set_options(long(OP_NO_SSLv2))

669

self.assertTrue(OP_NO_SSLv2 & options)

670

671

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

672

def test_set_mode_wrong_args(self):

673

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

674

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

675

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

676

"""

677

context = Context(TLSv1_METHOD)

678

self.assertRaises(TypeError, context.set_mode)

679

self.assertRaises(TypeError, context.set_mode, None)

680

self.assertRaises(TypeError, context.set_mode, 1, None)

681

682

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

683

if MODE_RELEASE_BUFFERS is not None:

684

def test_set_mode(self):

685

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

686

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

687

set mode.

688

"""

689

context = Context(TLSv1_METHOD)

690

self.assertTrue(

691

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

692

693

if not PY3:

694

def test_set_mode_long(self):

695

"""

696

On Python 2 :py:obj:`Context.set_mode` accepts values of type

697

:py:obj:`long` as well as :py:obj:`int`.

698

"""

699

context = Context(TLSv1_METHOD)

700

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

701

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

702

else:

703

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

704

705

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

706

def test_set_timeout_wrong_args(self):

707

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

708

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

709

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

710

"""

711

context = Context(TLSv1_METHOD)

712

self.assertRaises(TypeError, context.set_timeout)

713

self.assertRaises(TypeError, context.set_timeout, None)

714

self.assertRaises(TypeError, context.set_timeout, 1, None)

715

716

717

def test_get_timeout_wrong_args(self):

718

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

719

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

720

"""

721

context = Context(TLSv1_METHOD)

722

self.assertRaises(TypeError, context.get_timeout, None)

723

724

725

def test_timeout(self):

726

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

727

:py:obj:`Context.set_timeout` sets the session timeout for all connections

728

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

729

value.

730

"""

731

context = Context(TLSv1_METHOD)

732

context.set_timeout(1234)

733

self.assertEquals(context.get_timeout(), 1234)

734

735

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

736

if not PY3:

737

def test_timeout_long(self):

738

"""

739

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

740

`long` as well as int.

741

"""

742

context = Context(TLSv1_METHOD)

743

context.set_timeout(long(1234))

744

self.assertEquals(context.get_timeout(), 1234)

745

746

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

747

def test_set_verify_depth_wrong_args(self):

748

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

749

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

750

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

751

"""

752

context = Context(TLSv1_METHOD)

753

self.assertRaises(TypeError, context.set_verify_depth)

754

self.assertRaises(TypeError, context.set_verify_depth, None)

755

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

756

757

758

def test_get_verify_depth_wrong_args(self):

759

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

760

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

761

"""

762

context = Context(TLSv1_METHOD)

763

self.assertRaises(TypeError, context.get_verify_depth, None)

764

765

766

def test_verify_depth(self):

767

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

768

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

769

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

770

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

771

"""

772

context = Context(TLSv1_METHOD)

773

context.set_verify_depth(11)

774

self.assertEquals(context.get_verify_depth(), 11)

775

776

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

777

if not PY3:

778

def test_verify_depth_long(self):

779

"""

780

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

781

type `long` as well as int.

782

"""

783

context = Context(TLSv1_METHOD)

784

context.set_verify_depth(long(11))

785

self.assertEquals(context.get_verify_depth(), 11)

786

787

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

788

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

789

"""

790

Write a new private key out to a new file, encrypted using the given

791

passphrase. Return the path to the new file.

792

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

793

key = PKey()

794

key.generate_key(TYPE_RSA, 128)

795

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

796

fObj = open(pemFile, 'w')

797

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

798

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

803

def test_set_passwd_cb_wrong_args(self):

804

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

805

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

806

wrong arguments or with a non-callable first argument.

807

"""

808

context = Context(TLSv1_METHOD)

809

self.assertRaises(TypeError, context.set_passwd_cb)

810

self.assertRaises(TypeError, context.set_passwd_cb, None)

811

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

812

813

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

814

def test_set_passwd_cb(self):

815

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

816

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

817

a private key is loaded from an encrypted PEM.

818

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

819

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

820

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

821

calledWith = []

822

def passphraseCallback(maxlen, verify, extra):

823

calledWith.append((maxlen, verify, extra))

824

return passphrase

825

context = Context(TLSv1_METHOD)

826

context.set_passwd_cb(passphraseCallback)

827

context.use_privatekey_file(pemFile)

828

self.assertTrue(len(calledWith), 1)

829

self.assertTrue(isinstance(calledWith[0][0], int))

830

self.assertTrue(isinstance(calledWith[0][1], int))

831

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

832

833

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

834

def test_passwd_callback_exception(self):

835

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

836

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

837

passphrase callback.

838

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

839

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

840

def passphraseCallback(maxlen, verify, extra):

841

raise RuntimeError("Sorry, I am a fail.")

842

843

context = Context(TLSv1_METHOD)

844

context.set_passwd_cb(passphraseCallback)

845

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

846

847

848

def test_passwd_callback_false(self):

849

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

850

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

851

passphrase callback returns a false value.

852

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

853

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

854

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

855

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

856

857

context = Context(TLSv1_METHOD)

858

context.set_passwd_cb(passphraseCallback)

859

self.assertRaises(Error, context.use_privatekey_file, pemFile)

860

861

862

def test_passwd_callback_non_string(self):

863

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

864

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

865

passphrase callback returns a true non-string value.

866

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

867

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

868

def passphraseCallback(maxlen, verify, extra):

869

return 10

870

871

context = Context(TLSv1_METHOD)

872

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

873

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

874

875

876

def test_passwd_callback_too_long(self):

877

"""

878

If the passphrase returned by the passphrase callback returns a string

879

longer than the indicated maximum length, it is truncated.

880

"""

881

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

882

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

883

pemFile = self._write_encrypted_pem(passphrase)

884

def passphraseCallback(maxlen, verify, extra):

885

assert maxlen == 1024

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

886

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

887

888

context = Context(TLSv1_METHOD)

889

context.set_passwd_cb(passphraseCallback)

890

# This shall succeed because the truncated result is the correct

891

# passphrase.

892

context.use_privatekey_file(pemFile)

893

894

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

895

def test_set_info_callback(self):

896

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

897

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

898

when certain information about an SSL connection is available.

899

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

900

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

901

902

clientSSL = Connection(Context(TLSv1_METHOD), client)

903

clientSSL.set_connect_state()

904

905

called = []

906

def info(conn, where, ret):

907

called.append((conn, where, ret))

908

context = Context(TLSv1_METHOD)

909

context.set_info_callback(info)

910

context.use_certificate(

911

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

912

context.use_privatekey(

913

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

914

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

915

serverSSL = Connection(context, server)

916

serverSSL.set_accept_state()

917

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

918

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

919

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

920

# The callback must always be called with a Connection instance as the

921

# first argument. It would probably be better to split this into

922

# separate tests for client and server side info callbacks so we could

923

# assert it is called with the right Connection instance. It would

924

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

925

notConnections = [

926

conn for (conn, where, ret) in called

927

if not isinstance(conn, Connection)]

928

self.assertEqual(

929

[], notConnections,

930

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

931

932

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

933

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

934

"""

935

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

936

its :py:obj:`load_verify_locations` method with the given arguments.

937

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

938

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

939

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

940

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

941

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

942

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

943

# Require that the server certificate verify properly or the

944

# connection will fail.

945

clientContext.set_verify(

946

VERIFY_PEER,

947

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

948

949

clientSSL = Connection(clientContext, client)

950

clientSSL.set_connect_state()

951

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

952

serverContext = Context(TLSv1_METHOD)

953

serverContext.use_certificate(

954

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

955

serverContext.use_privatekey(

956

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

957

958

serverSSL = Connection(serverContext, server)

959

serverSSL.set_accept_state()

960

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

961

# Without load_verify_locations above, the handshake

962

# will fail:

963

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

964

# 'certificate verify failed')]

965

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

966

967

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

968

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

969

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

970

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

971

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

972

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

973

Verify that if path to a file containing a certificate is passed to

974

``Context.load_verify_locations`` for the ``cafile`` parameter, that

975

certificate is used as a trust root for the purposes of verifying

976

connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

977

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

978

fObj = open(cafile, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

979

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

980

fObj.close()

981

982

self._load_verify_locations_test(cafile)

983

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

984

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

985

def test_load_verify_bytes_cafile(self):

986

"""

987

:py:obj:`Context.load_verify_locations` accepts a file name as a

988

``bytes`` instance and uses the certificates within for verification

989

purposes.

990

"""

991

cafile = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

992

self._load_verify_cafile(cafile)

993

994

995

def test_load_verify_unicode_cafile(self):

996

"""

997

:py:obj:`Context.load_verify_locations` accepts a file name as a

998

``unicode`` instance and uses the certificates within for verification

999

purposes.

1000

"""

Jean-Paul Calderone

4f70c80

2015-04-12 11:26:47 -0400

[diff] [blame]

1001

self._load_verify_cafile(

1002

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

1003

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1004

1005

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

1006

def test_load_verify_invalid_file(self):

1007

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1008

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

1009

non-existent cafile.

1010

"""

1011

clientContext = Context(TLSv1_METHOD)

1012

self.assertRaises(

1013

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1014

1015

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1016

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1017

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1018

Verify that if path to a directory containing certificate files is

1019

passed to ``Context.load_verify_locations`` for the ``capath``

1020

parameter, those certificates are used as trust roots for the purposes

1021

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1022

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1023

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

1024

# Hash values computed manually with c_rehash to avoid depending on

1025

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

1026

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1027

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1028

cafile = join_bytes_or_unicode(capath, name)

1029

with open(cafile, 'w') as fObj:

1030

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1031

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1032

self._load_verify_locations_test(None, capath)

1033

1034

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1035

def test_load_verify_directory_bytes_capath(self):

1036

"""

1037

:py:obj:`Context.load_verify_locations` accepts a directory name as a

1038

``bytes`` instance and uses the certificates within for verification

1039

purposes.

1040

"""

1041

self._load_verify_directory_locations_capath(

1042

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_load_verify_directory_unicode_capath(self):

1047

"""

1048

:py:obj:`Context.load_verify_locations` accepts a directory name as a

1049

``unicode`` instance and uses the certificates within for verification

1050

purposes.

1051

"""

Jean-Paul Calderone

4f70c80

2015-04-12 11:26:47 -0400

[diff] [blame]

1052

self._load_verify_directory_locations_capath(

1053

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

1054

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1055

1056

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1057

def test_load_verify_locations_wrong_args(self):

1058

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1059

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

1060

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1061

"""

1062

context = Context(TLSv1_METHOD)

1063

self.assertRaises(TypeError, context.load_verify_locations)

1064

self.assertRaises(TypeError, context.load_verify_locations, object())

1065

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

1066

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

1067

1068

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

1069

if platform == "win32":

1070

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1071

"See LP#404343 and LP#404344."

1072

else:

1073

def test_set_default_verify_paths(self):

1074

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1075

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1076

certificate locations to be used for verification purposes.

1077

"""

1078

# Testing this requires a server with a certificate signed by one of

1079

# the CAs in the platform CA location. Getting one of those costs

1080

# money. Fortunately (or unfortunately, depending on your

1081

# perspective), it's easy to think of a public server on the

1082

# internet which has such a certificate. Connecting to the network

1083

# in a unit test is bad, but it's the only way I can think of to

1084

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1085

Alex Gaynor

b586da3

2014-11-15 09:22:21 -0800

[diff] [blame]

1086

# Arg, verisign.com doesn't speak anything newer than TLS 1.0

1087

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1088

context.set_default_verify_paths()

1089

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

1090

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1091

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1092

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1093

client = socket()

1094

client.connect(('verisign.com', 443))

1095

clientSSL = Connection(context, client)

1096

clientSSL.set_connect_state()

1097

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1098

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

1099

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1100

1101

1102

def test_set_default_verify_paths_signature(self):

1103

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1104

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

1105

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1106

"""

1107

context = Context(TLSv1_METHOD)

1108

self.assertRaises(TypeError, context.set_default_verify_paths, None)

1109

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

1110

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1111

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1112

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1113

def test_add_extra_chain_cert_invalid_cert(self):

1114

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1115

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1116

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1117

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1118

"""

1119

context = Context(TLSv1_METHOD)

1120

self.assertRaises(TypeError, context.add_extra_chain_cert)

1121

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

1122

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

1123

1124

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1125

def _handshake_test(self, serverContext, clientContext):

1126

"""

1127

Verify that a client and server created with the given contexts can

1128

successfully handshake and communicate.

1129

"""

1130

serverSocket, clientSocket = socket_pair()

1131

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1132

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1133

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1134

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1135

client = Connection(clientContext, clientSocket)

1136

client.set_connect_state()

1137

1138

# Make them talk to each other.

1139

# self._interactInMemory(client, server)

1140

for i in range(3):

1141

for s in [client, server]:

1142

try:

1143

s.do_handshake()

1144

except WantReadError:

pass

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1148

def test_set_verify_callback_connection_argument(self):

1149

"""

1150

The first argument passed to the verify callback is the

1151

:py:class:`Connection` instance for which verification is taking place.

1152

"""

1153

serverContext = Context(TLSv1_METHOD)

1154

serverContext.use_privatekey(

1155

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1156

serverContext.use_certificate(

1157

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1158

serverConnection = Connection(serverContext, None)

1159

1160

class VerifyCallback(object):

1161

def callback(self, connection, *args):

1162

self.connection = connection

1163

return 1

1164

1165

verify = VerifyCallback()

1166

clientContext = Context(TLSv1_METHOD)

1167

clientContext.set_verify(VERIFY_PEER, verify.callback)

1168

clientConnection = Connection(clientContext, None)

1169

clientConnection.set_connect_state()

1170

1171

self._handshakeInMemory(clientConnection, serverConnection)

1172

1173

self.assertIdentical(verify.connection, clientConnection)

1174

1175

Jean-Paul Calderone

7e166fe

2013-03-06 20:54:38 -0800

[diff] [blame]

1176

def test_set_verify_callback_exception(self):

1177

"""

1178

If the verify callback passed to :py:obj:`Context.set_verify` raises an

1179

exception, verification fails and the exception is propagated to the

1180

caller of :py:obj:`Connection.do_handshake`.

1181

"""

1182

serverContext = Context(TLSv1_METHOD)

1183

serverContext.use_privatekey(

1184

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1185

serverContext.use_certificate(

1186

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1187

1188

clientContext = Context(TLSv1_METHOD)

1189

def verify_callback(*args):

1190

raise Exception("silly verify failure")

1191

clientContext.set_verify(VERIFY_PEER, verify_callback)

1192

1193

exc = self.assertRaises(

1194

Exception, self._handshake_test, serverContext, clientContext)

1195

self.assertEqual("silly verify failure", str(exc))

1196

1197

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1198

def test_add_extra_chain_cert(self):

1199

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1200

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509` instance to add to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1201

the certificate chain.

1202

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1203

See :py:obj:`_create_certificate_chain` for the details of the certificate

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1204

chain tested.

1205

1206

The chain is tested by starting a server with scert and connecting

1207

to it with a client which trusts cacert and requires verification to

1208

succeed.

1209

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1210

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1211

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1212

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1213

# Dump the CA certificate to a file because that's the only way to load

1214

# it as a trusted CA in the client context.

1215

for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1216

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1217

fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1218

fObj.close()

1219

1220

for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1221

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1222

fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1223

fObj.close()

1224

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1225

# Create the server context

1226

serverContext = Context(TLSv1_METHOD)

1227

serverContext.use_privatekey(skey)

1228

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1229

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1230

serverContext.add_extra_chain_cert(icert)

1231

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1232

# Create the client

1233

clientContext = Context(TLSv1_METHOD)

1234

clientContext.set_verify(

1235

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1236

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1237

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1238

# Try it out.

1239

self._handshake_test(serverContext, clientContext)

1240

1241

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1242

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1243

"""

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1244

Verify that :py:obj:`Context.use_certificate_chain_file` reads a

1245

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1246

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1247

The chain is tested by starting a server with scert and connecting to

1248

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1249

succeed.

1250

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1251

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1252

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1253

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1254

makedirs(certdir)

1255

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1256

chainFile = join_bytes_or_unicode(certdir, "chain.pem")

1257

caFile = join_bytes_or_unicode(certdir, "ca.pem")

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1258

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1259

# Write out the chain file.

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1260

with open(chainFile, 'wb') as fObj:

1261

# Most specific to least general.

1262

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1263

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1264

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1265

1266

with open(caFile, 'w') as fObj:

1267

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1268

1269

serverContext = Context(TLSv1_METHOD)

1270

serverContext.use_certificate_chain_file(chainFile)

1271

serverContext.use_privatekey(skey)

1272

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1273

clientContext = Context(TLSv1_METHOD)

1274

clientContext.set_verify(

1275

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1276

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1277

1278

self._handshake_test(serverContext, clientContext)

1279

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1280

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1281

def test_use_certificate_chain_file_bytes(self):

1282

"""

1283

``Context.use_certificate_chain_file`` accepts the name of a file (as

1284

an instance of ``bytes``) to specify additional certificates to use to

1285

construct and verify a trust chain.

1286

"""

1287

self._use_certificate_chain_file_test(

1288

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_use_certificate_chain_file_unicode(self):

1293

"""

1294

``Context.use_certificate_chain_file`` accepts the name of a file (as

1295

an instance of ``unicode``) to specify additional certificates to use

1296

to construct and verify a trust chain.

1297

"""

1298

self._use_certificate_chain_file_test(

1299

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

)

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1303

def test_use_certificate_chain_file_wrong_args(self):

1304

"""

1305

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1306

if passed zero or more than one argument or when passed a non-byte

1307

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1308

passed a bad chain file name (for example, the name of a file which does

1309

not exist).

1310

"""

1311

context = Context(TLSv1_METHOD)

1312

self.assertRaises(TypeError, context.use_certificate_chain_file)

1313

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1314

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1315

1316

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1317

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1318

# XXX load_client_ca

1319

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1320

1321

def test_get_verify_mode_wrong_args(self):

1322

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1323

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1324

arguments.

1325

"""

1326

context = Context(TLSv1_METHOD)

1327

self.assertRaises(TypeError, context.get_verify_mode, None)

1328

1329

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1330

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1331

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1332

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1333

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1334

"""

1335

context = Context(TLSv1_METHOD)

1336

self.assertEquals(context.get_verify_mode(), 0)

1337

context.set_verify(

1338

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1339

self.assertEquals(

1340

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1341

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1342

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1343

if not PY3:

1344

def test_set_verify_mode_long(self):

1345

"""

1346

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1347

type :py:obj:`long` as well as :py:obj:`int`.

1348

"""

1349

context = Context(TLSv1_METHOD)

1350

self.assertEquals(context.get_verify_mode(), 0)

1351

context.set_verify(

1352

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1353

self.assertEquals(

1354

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1355

1356

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1357

def test_load_tmp_dh_wrong_args(self):

1358

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1359

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1360

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1361

"""

1362

context = Context(TLSv1_METHOD)

1363

self.assertRaises(TypeError, context.load_tmp_dh)

1364

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1365

self.assertRaises(TypeError, context.load_tmp_dh, object())

1366

1367

1368

def test_load_tmp_dh_missing_file(self):

1369

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1370

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1371

does not exist.

1372

"""

1373

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1374

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1375

1376

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1377

def _load_tmp_dh_test(self, dhfilename):

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

1378

"""

1379

Verify that calling ``Context.load_tmp_dh`` with the given filename

1380

does not raise an exception.

1381

"""

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1382

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1383

with open(dhfilename, "w") as dhfile:

1384

dhfile.write(dhparam)

1385

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1386

context.load_tmp_dh(dhfilename)

1387

# XXX What should I assert here? -exarkun

1388

1389

Jean-Paul Calderone

9e1c1dd

2015-04-12 10:13:13 -0400

[diff] [blame]

1390

def test_load_tmp_dh_bytes(self):

1391

"""

1392

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

1393

specified file (given as ``bytes``).

1394

"""

1395

self._load_tmp_dh_test(

1396

self.mktemp() + NON_ASCII.encode(getfilesystemencoding()),

)

def test_load_tmp_dh_unicode(self):

1401

"""

1402

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

1403

specified file (given as ``unicode``).

1404

"""

1405

self._load_tmp_dh_test(

1406

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII,

)

Jean-Paul Calderone

2014-04-19 09:28:28 -0400

[diff] [blame]

1410

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1411

"""

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1412

:py:obj:`Context.set_tmp_ecdh` sets the elliptic curve for

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1413

Diffie-Hellman to the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1414

"""

1415

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1416

for curve in get_elliptic_curves():

1417

# The only easily "assertable" thing is that it does not raise an

1418

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1419

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1420

1421

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1422

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1423

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1424

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1425

ciphers which connections created with the context object will be able

1426

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1427

"""

1428

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1429

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1430

conn = Connection(context, None)

1431

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1432

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1433

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1434

def test_set_cipher_list_text(self):

1435

"""

1436

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1437

the ciphers which connections created with the context object will be

1438

able to choose from.

1439

"""

1440

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1441

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1442

conn = Connection(context, None)

1443

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1444

1445

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1446

def test_set_cipher_list_wrong_args(self):

1447

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1448

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1449

passed zero arguments or more than one argument or when passed a

1450

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1451

passed an incorrect cipher list string.

1452

"""

1453

context = Context(TLSv1_METHOD)

1454

self.assertRaises(TypeError, context.set_cipher_list)

1455

self.assertRaises(TypeError, context.set_cipher_list, object())

1456

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1457

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1458

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1459

1460

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1461

def test_set_session_cache_mode_wrong_args(self):

1462

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1463

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1464

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1465

"""

1466

context = Context(TLSv1_METHOD)

1467

self.assertRaises(TypeError, context.set_session_cache_mode)

1468

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1469

1470

1471

def test_get_session_cache_mode_wrong_args(self):

1472

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1473

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1474

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1475

"""

1476

context = Context(TLSv1_METHOD)

1477

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1478

1479

1480

def test_session_cache_mode(self):

1481

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1482

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1483

cached. The setting can be retrieved via

1484

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1485

"""

1486

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1487

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1488

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1489

self.assertEqual(SESS_CACHE_OFF, off)

1490

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1491

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1492

if not PY3:

1493

def test_session_cache_mode_long(self):

1494

"""

1495

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1496

of type :py:obj:`long` as well as :py:obj:`int`.

1497

"""

1498

context = Context(TLSv1_METHOD)

1499

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1500

self.assertEqual(

1501

SESS_CACHE_BOTH, context.get_session_cache_mode())

1502

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1503

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1504

def test_get_cert_store(self):

1505

"""

1506

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1507

"""

1508

context = Context(TLSv1_METHOD)

1509

store = context.get_cert_store()

1510

self.assertIsInstance(store, X509Store)

1511

1512

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1513

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1514

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1515

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1516

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1517

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1518

"""

1519

def test_wrong_args(self):

1520

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1521

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1522

with other than one argument.

1523

"""

1524

context = Context(TLSv1_METHOD)

1525

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1526

self.assertRaises(

1527

TypeError, context.set_tlsext_servername_callback, 1, 2)

1528

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1529

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1530

def test_old_callback_forgotten(self):

1531

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1532

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1533

callback, the one it replaces is dereferenced.

1534

"""

1535

def callback(connection):

1536

pass

1537

1538

def replacement(connection):

1539

pass

1540

1541

context = Context(TLSv1_METHOD)

1542

context.set_tlsext_servername_callback(callback)

1543

1544

tracker = ref(callback)

1545

del callback

1546

1547

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1548

1549

# One run of the garbage collector happens to work on CPython. PyPy

1550

# doesn't collect the underlying object until a second run for whatever

1551

# reason. That's fine, it still demonstrates our code has properly

1552

# dropped the reference.

1553

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1554

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1555

1556

callback = tracker()

1557

if callback is not None:

1558

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1559

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1560

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1561

1562

1563

def test_no_servername(self):

1564

"""

1565

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1566

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1567

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1568

"""

1569

args = []

1570

def servername(conn):

1571

args.append((conn, conn.get_servername()))

1572

context = Context(TLSv1_METHOD)

1573

context.set_tlsext_servername_callback(servername)

1574

1575

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1581

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1582

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1583

1584

# Do a little connection to trigger the logic

1585

server = Connection(context, None)

1586

server.set_accept_state()

1587

1588

client = Connection(Context(TLSv1_METHOD), None)

1589

client.set_connect_state()

1590

1591

self._interactInMemory(server, client)

1592

1593

self.assertEqual([(server, None)], args)

1594

1595

1596

def test_servername(self):

1597

"""

1598

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1599

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1600

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1601

"""

1602

args = []

1603

def servername(conn):

1604

args.append((conn, conn.get_servername()))

1605

context = Context(TLSv1_METHOD)

1606

context.set_tlsext_servername_callback(servername)

1607

1608

# Necessary to actually accept the connection

1609

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1610

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1611

1612

# Do a little connection to trigger the logic

1613

server = Connection(context, None)

1614

server.set_accept_state()

1615

1616

client = Connection(Context(TLSv1_METHOD), None)

1617

client.set_connect_state()

1618

client.set_tlsext_host_name(b("foo1.example.com"))

1619

1620

self._interactInMemory(server, client)

1621

1622

self.assertEqual([(server, b("foo1.example.com"))], args)

1623

1624

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1625

class NextProtoNegotiationTests(TestCase, _LoopbackMixin):

1626

"""

1627

Test for Next Protocol Negotiation in PyOpenSSL.

1628

"""

1629

def test_npn_success(self):

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1630

"""

1631

Tests that clients and servers that agree on the negotiated next

1632

protocol can correct establish a connection, and that the agreed

1633

protocol is reported by the connections.

1634

"""

1635

advertise_args = []

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1636

select_args = []

1637

def advertise(conn):

1638

advertise_args.append((conn,))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1639

return [b'http/1.1', b'spdy/2']

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1640

def select(conn, options):

1641

select_args.append((conn, options))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1642

return b'spdy/2'

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1643

1644

server_context = Context(TLSv1_METHOD)

1645

server_context.set_npn_advertise_callback(advertise)

1646

1647

client_context = Context(TLSv1_METHOD)

1648

client_context.set_npn_select_callback(select)

1649

1650

# Necessary to actually accept the connection

1651

server_context.use_privatekey(

1652

load_privatekey(FILETYPE_PEM, server_key_pem))

1653

server_context.use_certificate(

1654

load_certificate(FILETYPE_PEM, server_cert_pem))

1655

1656

# Do a little connection to trigger the logic

1657

server = Connection(server_context, None)

1658

server.set_accept_state()

1659

1660

client = Connection(client_context, None)

1661

client.set_connect_state()

1662

1663

self._interactInMemory(server, client)

1664

1665

self.assertEqual([(server,)], advertise_args)

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1666

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1667

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1668

self.assertEqual(server.get_next_proto_negotiated(), b'spdy/2')

1669

self.assertEqual(client.get_next_proto_negotiated(), b'spdy/2')

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1670

1671

1672

def test_npn_client_fail(self):

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1673

"""

1674

Tests that when clients and servers cannot agree on what protocol to

1675

use next that the TLS connection does not get established.

1676

"""

1677

advertise_args = []

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1678

select_args = []

1679

def advertise(conn):

1680

advertise_args.append((conn,))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1681

return [b'http/1.1', b'spdy/2']

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1682

def select(conn, options):

1683

select_args.append((conn, options))

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1684

return b''

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1685

1686

server_context = Context(TLSv1_METHOD)

1687

server_context.set_npn_advertise_callback(advertise)

1688

1689

client_context = Context(TLSv1_METHOD)

1690

client_context.set_npn_select_callback(select)

1691

1692

# Necessary to actually accept the connection

1693

server_context.use_privatekey(

1694

load_privatekey(FILETYPE_PEM, server_key_pem))

1695

server_context.use_certificate(

1696

load_certificate(FILETYPE_PEM, server_cert_pem))

1697

1698

# Do a little connection to trigger the logic

1699

server = Connection(server_context, None)

1700

server.set_accept_state()

1701

1702

client = Connection(client_context, None)

1703

client.set_connect_state()

1704

1705

# If the client doesn't return anything, the connection will fail.

1706

self.assertRaises(Error, self._interactInMemory, server, client)

1707

1708

self.assertEqual([(server,)], advertise_args)

Cory Benfield

2014-05-10 09:48:55 +0100

[diff] [blame]

1709

self.assertEqual([(client, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1710

1711

Cory Benfield

0ea76e7

2015-03-22 09:05:28 +0000

[diff] [blame]

1712

def test_npn_select_error(self):

1713

"""

1714

Test that we can handle exceptions in the select callback. If select

1715

fails it should be fatal to the connection.

"""

advertise_args = []

def advertise(conn):

advertise_args.append((conn,))

1720

return [b'http/1.1', b'spdy/2']

1721

def select(conn, options):

1722

raise TypeError

1723

1724

server_context = Context(TLSv1_METHOD)

1725

server_context.set_npn_advertise_callback(advertise)

1726

1727

client_context = Context(TLSv1_METHOD)

1728

client_context.set_npn_select_callback(select)

1729

1730

# Necessary to actually accept the connection

1731

server_context.use_privatekey(

1732

load_privatekey(FILETYPE_PEM, server_key_pem))

1733

server_context.use_certificate(

1734

load_certificate(FILETYPE_PEM, server_cert_pem))

1735

1736

# Do a little connection to trigger the logic

1737

server = Connection(server_context, None)

1738

server.set_accept_state()

1739

1740

client = Connection(client_context, None)

1741

client.set_connect_state()

1742

1743

# If the callback throws an exception it should be raised here.

1744

self.assertRaises(TypeError, self._interactInMemory, server, client)

1745

self.assertEqual([(server,)], advertise_args)

1746

1747

1748

def test_npn_advertise_error(self):

1749

"""

1750

Test that we can handle exceptions in the advertise callback. If

1751

advertise fails no NPN is advertised to the client.

"""

select_args = []

def advertise(conn):

raise TypeError

def select(conn, options):

1757

select_args.append((conn, options))

1758

return b''

1759

1760

server_context = Context(TLSv1_METHOD)

1761

server_context.set_npn_advertise_callback(advertise)

1762

1763

client_context = Context(TLSv1_METHOD)

1764

client_context.set_npn_select_callback(select)

1765

1766

# Necessary to actually accept the connection

1767

server_context.use_privatekey(

1768

load_privatekey(FILETYPE_PEM, server_key_pem))

1769

server_context.use_certificate(

1770

load_certificate(FILETYPE_PEM, server_cert_pem))

1771

1772

# Do a little connection to trigger the logic

1773

server = Connection(server_context, None)

1774

server.set_accept_state()

1775

1776

client = Connection(client_context, None)

1777

client.set_connect_state()

1778

1779

# If the client doesn't return anything, the connection will fail.

1780

self.assertRaises(TypeError, self._interactInMemory, server, client)

1781

self.assertEqual([], select_args)

1782

1783

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1784

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1785

class ApplicationLayerProtoNegotiationTests(TestCase, _LoopbackMixin):

1786

"""

1787

Tests for ALPN in PyOpenSSL.

1788

"""

1789

def test_alpn_success(self):

1790

"""

1791

Tests that clients and servers that agree on the negotiated ALPN

1792

protocol can correct establish a connection, and that the agreed

1793

protocol is reported by the connections.

1794

"""

1795

select_args = []

1796

def select(conn, options):

1797

select_args.append((conn, options))

1798

return b'spdy/2'

1799

1800

client_context = Context(TLSv1_METHOD)

1801

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

1802

1803

server_context = Context(TLSv1_METHOD)

1804

server_context.set_alpn_select_callback(select)

1805

1806

# Necessary to actually accept the connection

1807

server_context.use_privatekey(

1808

load_privatekey(FILETYPE_PEM, server_key_pem))

1809

server_context.use_certificate(

1810

load_certificate(FILETYPE_PEM, server_cert_pem))

1811

1812

# Do a little connection to trigger the logic

1813

server = Connection(server_context, None)

1814

server.set_accept_state()

1815

1816

client = Connection(client_context, None)

1817

client.set_connect_state()

1818

1819

self._interactInMemory(server, client)

1820

Cory Benfield

7527958

2015-04-12 08:52:17 -0400

[diff] [blame]

1821

self.assertEqual([(server, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1822

1823

self.assertEqual(server.get_alpn_proto_negotiated(), b'spdy/2')

1824

self.assertEqual(client.get_alpn_proto_negotiated(), b'spdy/2')

1825

1826

1827

def test_alpn_set_on_connection(self):

1828

"""

1829

The same as test_alpn_success, but setting the ALPN protocols on the

1830

connection rather than the context.

1831

"""

1832

select_args = []

1833

def select(conn, options):

1834

select_args.append((conn, options))

1835

return b'spdy/2'

1836

1837

# Setup the client context but don't set any ALPN protocols.

1838

client_context = Context(TLSv1_METHOD)

1839

1840

server_context = Context(TLSv1_METHOD)

1841

server_context.set_alpn_select_callback(select)

1842

1843

# Necessary to actually accept the connection

1844

server_context.use_privatekey(

1845

load_privatekey(FILETYPE_PEM, server_key_pem))

1846

server_context.use_certificate(

1847

load_certificate(FILETYPE_PEM, server_cert_pem))

1848

1849

# Do a little connection to trigger the logic

1850

server = Connection(server_context, None)

1851

server.set_accept_state()

1852

1853

# Set the ALPN protocols on the client connection.

1854

client = Connection(client_context, None)

1855

client.set_alpn_protos([b'http/1.1', b'spdy/2'])

1856

client.set_connect_state()

1857

1858

self._interactInMemory(server, client)

1859

Cory Benfield

7527958

2015-04-12 08:52:17 -0400

[diff] [blame]

1860

self.assertEqual([(server, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1861

1862

self.assertEqual(server.get_alpn_proto_negotiated(), b'spdy/2')

1863

self.assertEqual(client.get_alpn_proto_negotiated(), b'spdy/2')

1864

1865

1866

def test_alpn_server_fail(self):

1867

"""

1868

Tests that when clients and servers cannot agree on what protocol to

1869

use next that the TLS connection does not get established.

1870

"""

1871

select_args = []

1872

def select(conn, options):

1873

select_args.append((conn, options))

1874

return b''

1875

1876

client_context = Context(TLSv1_METHOD)

1877

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

1878

1879

server_context = Context(TLSv1_METHOD)

1880

server_context.set_alpn_select_callback(select)

1881

1882

# Necessary to actually accept the connection

1883

server_context.use_privatekey(

1884

load_privatekey(FILETYPE_PEM, server_key_pem))

1885

server_context.use_certificate(

1886

load_certificate(FILETYPE_PEM, server_cert_pem))

1887

1888

# Do a little connection to trigger the logic

1889

server = Connection(server_context, None)

1890

server.set_accept_state()

1891

1892

client = Connection(client_context, None)

1893

client.set_connect_state()

1894

1895

# If the client doesn't return anything, the connection will fail.

1896

self.assertRaises(Error, self._interactInMemory, server, client)

1897

Cory Benfield

7527958

2015-04-12 08:52:17 -0400

[diff] [blame]

1898

self.assertEqual([(server, [b'http/1.1', b'spdy/2'])], select_args)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1899

1900

Cory Benfield

e3d5715

2015-04-11 17:57:35 -0400

[diff] [blame]

1901

def test_alpn_no_server(self):

1902

"""

1903

Tests that when clients and servers cannot agree on what protocol to

1904

use next because the server doesn't offer ALPN.

1905

"""

Cory Benfield

e3d5715

2015-04-11 17:57:35 -0400

[diff] [blame]

1906

client_context = Context(TLSv1_METHOD)

1907

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

1908

1909

server_context = Context(TLSv1_METHOD)

1910

1911

# Necessary to actually accept the connection

1912

server_context.use_privatekey(

1913

load_privatekey(FILETYPE_PEM, server_key_pem))

1914

server_context.use_certificate(

1915

load_certificate(FILETYPE_PEM, server_cert_pem))

1916

1917

# Do a little connection to trigger the logic

1918

server = Connection(server_context, None)

1919

server.set_accept_state()

1920

1921

client = Connection(client_context, None)

1922

client.set_connect_state()

1923

1924

# Do the dance.

1925

self._interactInMemory(server, client)

1926

Cory Benfield

e3d5715

2015-04-11 17:57:35 -0400

[diff] [blame]

1927

self.assertEqual(client.get_alpn_proto_negotiated(), b'')

1928

1929

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1930

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

1931

class SessionTests(TestCase):

1932

"""

1933

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1934

"""

1935

def test_construction(self):

1936

"""

1937

:py:class:`Session` can be constructed with no arguments, creating a new

1938

instance of that type.

1939

"""

1940

new_session = Session()

1941

self.assertTrue(isinstance(new_session, Session))

1942

1943

1944

def test_construction_wrong_args(self):

1945

"""

1946

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

1947

is raised.

1948

"""

1949

self.assertRaises(TypeError, Session, 123)

1950

self.assertRaises(TypeError, Session, "hello")

1951

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1955

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1956

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1957

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1958

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1959

# XXX get_peer_certificate -> None

1960

# XXX sock_shutdown

1961

# XXX master_key -> TypeError

1962

# XXX server_random -> TypeError

1963

# XXX state_string

1964

# XXX connect -> TypeError

1965

# XXX connect_ex -> TypeError

1966

# XXX set_connect_state -> TypeError

1967

# XXX set_accept_state -> TypeError

1968

# XXX renegotiate_pending

1969

# XXX do_handshake -> TypeError

1970

# XXX bio_read -> TypeError

1971

# XXX recv -> TypeError

1972

# XXX send -> TypeError

1973

# XXX bio_write -> TypeError

1974

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1975

def test_type(self):

1976

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1977

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1978

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1979

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1980

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1981

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1982

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1983

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1984

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1985

def test_get_context(self):

1986

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1987

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

1988

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1989

"""

1990

context = Context(TLSv1_METHOD)

1991

connection = Connection(context, None)

1992

self.assertIdentical(connection.get_context(), context)

1993

1994

1995

def test_get_context_wrong_args(self):

1996

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1997

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1998

arguments.

1999

"""

2000

connection = Connection(Context(TLSv1_METHOD), None)

2001

self.assertRaises(TypeError, connection.get_context, None)

2002

2003

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2004

def test_set_context_wrong_args(self):

2005

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2006

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

2007

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2008

than 1.

2009

"""

2010

ctx = Context(TLSv1_METHOD)

2011

connection = Connection(ctx, None)

2012

self.assertRaises(TypeError, connection.set_context)

2013

self.assertRaises(TypeError, connection.set_context, object())

2014

self.assertRaises(TypeError, connection.set_context, "hello")

2015

self.assertRaises(TypeError, connection.set_context, 1)

2016

self.assertRaises(TypeError, connection.set_context, 1, 2)

2017

self.assertRaises(

2018

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

2019

self.assertIdentical(ctx, connection.get_context())

2020

2021

2022

def test_set_context(self):

2023

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2024

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2025

for the connection.

2026

"""

2027

original = Context(SSLv23_METHOD)

2028

replacement = Context(TLSv1_METHOD)

2029

connection = Connection(original, None)

2030

connection.set_context(replacement)

2031

self.assertIdentical(replacement, connection.get_context())

2032

# Lose our references to the contexts, just in case the Connection isn't

2033

# properly managing its own contributions to their reference counts.

2034

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

2039

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2040

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2041

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2042

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2043

"""

2044

conn = Connection(Context(TLSv1_METHOD), None)

2045

self.assertRaises(TypeError, conn.set_tlsext_host_name)

2046

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

2047

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

2048

self.assertRaises(

2049

TypeError, conn.set_tlsext_host_name, b("with\0null"))

2050

2051

if version_info >= (3,):

2052

# On Python 3.x, don't accidentally implicitly convert from text.

2053

self.assertRaises(

2054

TypeError,

2055

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2056

2057

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

2058

def test_get_servername_wrong_args(self):

2059

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2060

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

2061

arguments.

2062

"""

2063

connection = Connection(Context(TLSv1_METHOD), None)

2064

self.assertRaises(TypeError, connection.get_servername, object())

2065

self.assertRaises(TypeError, connection.get_servername, 1)

2066

self.assertRaises(TypeError, connection.get_servername, "hello")

2067

2068

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2069

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2070

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2071

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2072

immediate read.

2073

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2074

connection = Connection(Context(TLSv1_METHOD), None)

2075

self.assertEquals(connection.pending(), 0)

2076

2077

2078

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2079

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2080

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2081

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2082

connection = Connection(Context(TLSv1_METHOD), None)

2083

self.assertRaises(TypeError, connection.pending, None)

2084

2085

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2086

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2087

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2088

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2089

argument or with the wrong number of arguments.

2090

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2091

connection = Connection(Context(TLSv1_METHOD), socket())

2092

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2093

self.assertRaises(TypeError, connection.connect)

2094

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2095

2096

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2097

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2098

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2099

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2100

connect method raises it.

2101

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2102

client = socket()

2103

context = Context(TLSv1_METHOD)

2104

clientSSL = Connection(context, client)

2105

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

2106

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2107

2108

2109

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2110

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2111

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2112

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2118

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

2119

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2120

2121

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

2122

if platform == "darwin":

2123

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

2124

else:

2125

def test_connect_ex(self):

2126

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2127

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

2128

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

2133

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

2134

clientSSL = Connection(Context(TLSv1_METHOD), socket())

2135

clientSSL.setblocking(False)

2136

result = clientSSL.connect_ex(port.getsockname())

2137

expected = (EINPROGRESS, EWOULDBLOCK)

2138

self.assertTrue(

2139

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

2140

2141

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2142

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2143

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2144

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2145

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2146

connection = Connection(Context(TLSv1_METHOD), socket())

2147

self.assertRaises(TypeError, connection.accept, None)

2148

2149

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2150

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2151

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2152

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

2153

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2154

connection originated from.

2155

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2156

ctx = Context(TLSv1_METHOD)

2157

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2158

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2159

port = socket()

2160

portSSL = Connection(ctx, port)

2161

portSSL.bind(('', 0))

2162

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2163

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2164

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2165

2166

# Calling portSSL.getsockname() here to get the server IP address sounds

2167

# great, but frequently fails on Windows.

2168

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2169

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2170

serverSSL, address = portSSL.accept()

2171

2172

self.assertTrue(isinstance(serverSSL, Connection))

2173

self.assertIdentical(serverSSL.get_context(), ctx)

2174

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2175

2176

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2177

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2178

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2179

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2180

number of arguments or with arguments other than integers.

2181

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2182

connection = Connection(Context(TLSv1_METHOD), None)

2183

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

2184

self.assertRaises(TypeError, connection.get_shutdown, None)

2185

self.assertRaises(TypeError, connection.set_shutdown)

2186

self.assertRaises(TypeError, connection.set_shutdown, None)

2187

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2188

2189

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2190

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2191

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2192

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2193

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2194

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2195

self.assertFalse(server.shutdown())

2196

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2197

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2198

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

2199

client.shutdown()

2200

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

2201

self.assertRaises(ZeroReturnError, server.recv, 1024)

2202

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2203

2204

Paul Aurich

c85e086

2015-01-08 08:34:33 -0800

[diff] [blame]

2205

def test_shutdown_closed(self):

2206

"""

2207

If the underlying socket is closed, :py:obj:`Connection.shutdown` propagates the

2208

write error from the low level write call.

2209

"""

2210

server, client = self._loopback()

2211

server.sock_shutdown(2)

2212

exc = self.assertRaises(SysCallError, server.shutdown)

2213

if platform == "win32":

2214

self.assertEqual(exc.args[0], ESHUTDOWN)

2215

else:

2216

self.assertEqual(exc.args[0], EPIPE)

2217

2218

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2219

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2220

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2221

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2222

process.

2223

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2224

connection = Connection(Context(TLSv1_METHOD), socket())

2225

connection.set_shutdown(RECEIVED_SHUTDOWN)

2226

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

2227

2228

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

2229

if not PY3:

2230

def test_set_shutdown_long(self):

2231

"""

2232

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

2233

of type :py:obj:`long` as well as :py:obj:`int`.

2234

"""

2235

connection = Connection(Context(TLSv1_METHOD), socket())

2236

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

2237

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

2238

2239

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2240

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2241

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2242

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

2243

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2244

with any arguments.

2245

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2246

conn = Connection(Context(TLSv1_METHOD), None)

2247

self.assertRaises(TypeError, conn.get_app_data, None)

2248

self.assertRaises(TypeError, conn.set_app_data)

2249

self.assertRaises(TypeError, conn.set_app_data, None, None)

2250

2251

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2252

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2253

"""

2254

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2255

:py:obj:`Connection.set_app_data` and later retrieved with

2256

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2257

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2258

conn = Connection(Context(TLSv1_METHOD), None)

2259

app_data = object()

2260

conn.set_app_data(app_data)

2261

self.assertIdentical(conn.get_app_data(), app_data)

2262

2263

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2264

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2265

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2266

:py:obj:`Connection.makefile` is not implemented and calling that method raises

2267

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2268

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2269

conn = Connection(Context(TLSv1_METHOD), None)

2270

self.assertRaises(NotImplementedError, conn.makefile)

2271

2272

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2273

def test_get_peer_cert_chain_wrong_args(self):

2274

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2275

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2276

arguments.

2277

"""

2278

conn = Connection(Context(TLSv1_METHOD), None)

2279

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

2280

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

2281

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

2282

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

2283

2284

2285

def test_get_peer_cert_chain(self):

2286

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2287

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2288

the connected server returned for the certification verification.

2289

"""

2290

chain = _create_certificate_chain()

2291

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2292

2293

serverContext = Context(TLSv1_METHOD)

2294

serverContext.use_privatekey(skey)

2295

serverContext.use_certificate(scert)

2296

serverContext.add_extra_chain_cert(icert)

2297

serverContext.add_extra_chain_cert(cacert)

2298

server = Connection(serverContext, None)

2299

server.set_accept_state()

2300

2301

# Create the client

2302

clientContext = Context(TLSv1_METHOD)

2303

clientContext.set_verify(VERIFY_NONE, verify_cb)

2304

client = Connection(clientContext, None)

2305

client.set_connect_state()

2306

2307

self._interactInMemory(client, server)

2308

2309

chain = client.get_peer_cert_chain()

2310

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2311

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2312

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2313

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2314

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

2315

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2316

"Authority Certificate", chain[2].get_subject().CN)

2317

2318

2319

def test_get_peer_cert_chain_none(self):

2320

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2321

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2322

certificate chain.

2323

"""

2324

ctx = Context(TLSv1_METHOD)

2325

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2326

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2327

server = Connection(ctx, None)

2328

server.set_accept_state()

2329

client = Connection(Context(TLSv1_METHOD), None)

2330

client.set_connect_state()

2331

self._interactInMemory(client, server)

2332

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2333

2334

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2335

def test_get_session_wrong_args(self):

2336

"""

2337

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

2338

with any arguments.

2339

"""

2340

ctx = Context(TLSv1_METHOD)

2341

server = Connection(ctx, None)

2342

self.assertRaises(TypeError, server.get_session, 123)

2343

self.assertRaises(TypeError, server.get_session, "hello")

2344

self.assertRaises(TypeError, server.get_session, object())

2345

2346

2347

def test_get_session_unconnected(self):

2348

"""

2349

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

2350

an object which has not been connected.

2351

"""

2352

ctx = Context(TLSv1_METHOD)

2353

server = Connection(ctx, None)

2354

session = server.get_session()

2355

self.assertIdentical(None, session)

2356

2357

2358

def test_server_get_session(self):

2359

"""

2360

On the server side of a connection, :py:obj:`Connection.get_session`

2361

returns a :py:class:`Session` instance representing the SSL session for

2362

that connection.

2363

"""

2364

server, client = self._loopback()

2365

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

2366

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2367

2368

2369

def test_client_get_session(self):

2370

"""

2371

On the client side of a connection, :py:obj:`Connection.get_session`

2372

returns a :py:class:`Session` instance representing the SSL session for

2373

that connection.

2374

"""

2375

server, client = self._loopback()

2376

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

2377

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

2378

2379

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2380

def test_set_session_wrong_args(self):

2381

"""

2382

If called with an object that is not an instance of :py:class:`Session`,

2383

or with other than one argument, :py:obj:`Connection.set_session` raises

2384

:py:obj:`TypeError`.

2385

"""

2386

ctx = Context(TLSv1_METHOD)

2387

connection = Connection(ctx, None)

2388

self.assertRaises(TypeError, connection.set_session)

2389

self.assertRaises(TypeError, connection.set_session, 123)

2390

self.assertRaises(TypeError, connection.set_session, "hello")

2391

self.assertRaises(TypeError, connection.set_session, object())

2392

self.assertRaises(

2393

TypeError, connection.set_session, Session(), Session())

2394

2395

2396

def test_client_set_session(self):

2397

"""

2398

:py:obj:`Connection.set_session`, when used prior to a connection being

2399

established, accepts a :py:class:`Session` instance and causes an

2400

attempt to re-use the session it represents when the SSL handshake is

2401

performed.

2402

"""

2403

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2404

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2405

ctx = Context(TLSv1_METHOD)

2406

ctx.use_privatekey(key)

2407

ctx.use_certificate(cert)

2408

ctx.set_session_id("unity-test")

2409

2410

def makeServer(socket):

2411

server = Connection(ctx, socket)

2412

server.set_accept_state()

2413

return server

2414

2415

originalServer, originalClient = self._loopback(

2416

serverFactory=makeServer)

2417

originalSession = originalClient.get_session()

2418

2419

def makeClient(socket):

2420

client = self._loopbackClientFactory(socket)

2421

client.set_session(originalSession)

2422

return client

2423

resumedServer, resumedClient = self._loopback(

2424

serverFactory=makeServer,

2425

clientFactory=makeClient)

2426

2427

# This is a proxy: in general, we have no access to any unique

2428

# identifier for the session (new enough versions of OpenSSL expose a

2429

# hash which could be usable, but "new enough" is very, very new).

2430

# Instead, exploit the fact that the master key is re-used if the

2431

# session is re-used. As long as the master key for the two connections

2432

# is the same, the session was re-used!

2433

self.assertEqual(

2434

originalServer.master_key(), resumedServer.master_key())

2435

2436

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2437

def test_set_session_wrong_method(self):

2438

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

2439

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

2440

instance associated with a context using a different SSL method than the

2441

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

2442

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2443

"""

2444

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2445

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2446

ctx = Context(TLSv1_METHOD)

2447

ctx.use_privatekey(key)

2448

ctx.use_certificate(cert)

2449

ctx.set_session_id("unity-test")

2450

2451

def makeServer(socket):

2452

server = Connection(ctx, socket)

2453

server.set_accept_state()

2454

return server

2455

2456

originalServer, originalClient = self._loopback(

2457

serverFactory=makeServer)

2458

originalSession = originalClient.get_session()

2459

2460

def makeClient(socket):

2461

# Intentionally use a different, incompatible method here.

2462

client = Connection(Context(SSLv3_METHOD), socket)

2463

client.set_connect_state()

2464

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

2470

2471

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2472

def test_wantWriteError(self):

2473

"""

2474

:py:obj:`Connection` methods which generate output raise

2475

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

2476

fail indicating a should-write state.

2477

"""

2478

client_socket, server_socket = socket_pair()

2479

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2480

# anything. Only write a single byte at a time so we can be sure we

2481

# completely fill the buffer. Even though the socket API is allowed to

2482

# signal a short write via its return value it seems this doesn't

2483

# always happen on all platforms (FreeBSD and OS X particular) for the

2484

# very last bit of available buffer space.

2485

msg = b"x"

2486

for i in range(1024 * 1024 * 4):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2487

try:

2488

client_socket.send(msg)

2489

except error as e:

2490

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

2496

2497

ctx = Context(TLSv1_METHOD)

2498

conn = Connection(ctx, client_socket)

2499

# Client's speak first, so make it an SSL client

2500

conn.set_connect_state()

2501

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2505

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2506

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2507

:py:obj:`Connection.get_finished` returns :py:obj:`None` before TLS

2508

handshake is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2509

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2510

ctx = Context(TLSv1_METHOD)

2511

connection = Connection(ctx, None)

2512

self.assertEqual(connection.get_finished(), None)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2513

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2514

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2515

def test_get_peer_finished_before_connect(self):

2516

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2517

:py:obj:`Connection.get_peer_finished` returns :py:obj:`None` before

2518

TLS handshake is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2519

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2520

ctx = Context(TLSv1_METHOD)

2521

connection = Connection(ctx, None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2522

self.assertEqual(connection.get_peer_finished(), None)

2523

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2524

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2525

def test_get_finished(self):

2526

"""

2527

:py:obj:`Connection.get_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2528

message send from client, or server. Finished messages are send during

2529

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2530

"""

2531

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2532

server, client = self._loopback()

2533

2534

self.assertNotEqual(server.get_finished(), None)

2535

self.assertTrue(len(server.get_finished()) > 0)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2536

Jean-Paul Calderone

d979f23

2014-03-30 11:58:00 -0400

[diff] [blame]

2537

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2538

def test_get_peer_finished(self):

2539

"""

2540

:py:obj:`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2541

message received from client, or server. Finished messages are send

2542

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2543

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2544

server, client = self._loopback()

2545

2546

self.assertNotEqual(server.get_peer_finished(), None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2547

self.assertTrue(len(server.get_peer_finished()) > 0)

2548

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2549

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2550

def test_tls_finished_message_symmetry(self):

2551

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2552

The TLS Finished message send by server must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2553

received by client.

2554

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2555

The TLS Finished message send by client must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2556

received by server.

2557

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2558

server, client = self._loopback()

2559

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2560

self.assertEqual(server.get_finished(), client.get_peer_finished())

2561

self.assertEqual(client.get_finished(), server.get_peer_finished())

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2562

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2563

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2564

def test_get_cipher_name_before_connect(self):

2565

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2566

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None` if no

2567

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2568

"""

2569

ctx = Context(TLSv1_METHOD)

2570

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2571

self.assertIdentical(conn.get_cipher_name(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2572

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2573

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2574

def test_get_cipher_name(self):

2575

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2576

:py:obj:`Connection.get_cipher_name` returns a :py:class:`unicode`

2577

string giving the name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2578

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2579

server, client = self._loopback()

2580

server_cipher_name, client_cipher_name = \

2581

server.get_cipher_name(), client.get_cipher_name()

2582

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2583

self.assertIsInstance(server_cipher_name, text_type)

2584

self.assertIsInstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2585

2586

self.assertEqual(server_cipher_name, client_cipher_name)

2587

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2588

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2589

def test_get_cipher_version_before_connect(self):

2590

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2591

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None` if no

2592

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2593

"""

2594

ctx = Context(TLSv1_METHOD)

2595

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2596

self.assertIdentical(conn.get_cipher_version(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2597

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2598

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2599

def test_get_cipher_version(self):

2600

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2601

:py:obj:`Connection.get_cipher_version` returns a :py:class:`unicode`

2602

string giving the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2603

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2604

server, client = self._loopback()

2605

server_cipher_version, client_cipher_version = \

2606

server.get_cipher_version(), client.get_cipher_version()

2607

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2608

self.assertIsInstance(server_cipher_version, text_type)

2609

self.assertIsInstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2610

2611

self.assertEqual(server_cipher_version, client_cipher_version)

2612

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2613

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2614

def test_get_cipher_bits_before_connect(self):

2615

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2616

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None` if no

2617

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2618

"""

2619

ctx = Context(TLSv1_METHOD)

2620

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2621

self.assertIdentical(conn.get_cipher_bits(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2622

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2623

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2624

def test_get_cipher_bits(self):

2625

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2626

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits

2627

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2628

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2629

server, client = self._loopback()

2630

server_cipher_bits, client_cipher_bits = \

2631

server.get_cipher_bits(), client.get_cipher_bits()

2632

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2633

self.assertIsInstance(server_cipher_bits, int)

2634

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2635

2636

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2637

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2638

2639

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2640

class ConnectionGetCipherListTests(TestCase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2641

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2642

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2643

"""

Jean-Paul Calderone

54a2bc0

2010-09-09 17:52:38 -0400

[diff] [blame]

2644

def test_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2645

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2646

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2647

arguments.

2648

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2649

connection = Connection(Context(TLSv1_METHOD), None)

2650

self.assertRaises(TypeError, connection.get_cipher_list, None)

2651

2652

2653

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2654

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2655

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2656

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2657

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2658

connection = Connection(Context(TLSv1_METHOD), None)

2659

ciphers = connection.get_cipher_list()

2660

self.assertTrue(isinstance(ciphers, list))

2661

for cipher in ciphers:

2662

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2666

class ConnectionSendTests(TestCase, _LoopbackMixin):

2667

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2668

Tests for :py:obj:`Connection.send`

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2669

"""

2670

def test_wrong_args(self):

2671

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2672

When called with arguments other than string argument for its first

2673

parameter or more than two arguments, :py:obj:`Connection.send` raises

2674

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2675

"""

2676

connection = Connection(Context(TLSv1_METHOD), None)

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2677

self.assertRaises(TypeError, connection.send)

2678

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2679

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2680

2681

2682

def test_short_bytes(self):

2683

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2684

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2685

and returns the number of bytes sent.

2686

"""

2687

server, client = self._loopback()

2688

count = server.send(b('xy'))

2689

self.assertEquals(count, 2)

2690

self.assertEquals(client.recv(2), b('xy'))

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2696

else:

2697

def test_short_memoryview(self):

2698

"""

2699

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2700

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2701

bytes sent.

2702

"""

2703

server, client = self._loopback()

2704

count = server.send(memoryview(b('xy')))

2705

self.assertEquals(count, 2)

2706

self.assertEquals(client.recv(2), b('xy'))

2707

2708

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffer without buffer"

2713

else:

2714

def test_short_buffer(self):

2715

"""

2716

When passed a buffer containing a small number of bytes,

2717

:py:obj:`Connection.send` transmits all of them and returns the number of

2718

bytes sent.

2719

"""

2720

server, client = self._loopback()

2721

count = server.send(buffer(b('xy')))

2722

self.assertEquals(count, 2)

2723

self.assertEquals(client.recv(2), b('xy'))

2724

2725

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2726

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2727

def _make_memoryview(size):

2728

"""

2729

Create a new ``memoryview`` wrapped around a ``bytearray`` of the given

2730

size.

2731

"""

2732

return memoryview(bytearray(size))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2736

class ConnectionRecvIntoTests(TestCase, _LoopbackMixin):

2737

"""

2738

Tests for :py:obj:`Connection.recv_into`

2739

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2740

def _no_length_test(self, factory):

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2741

"""

2742

Assert that when the given buffer is passed to

2743

``Connection.recv_into``, whatever bytes are available to be received

2744

that fit into that buffer are written into that buffer.

2745

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2746

output_buffer = factory(5)

2747

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2748

server, client = self._loopback()

2749

server.send(b('xy'))

2750

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2751

self.assertEqual(client.recv_into(output_buffer), 2)

2752

self.assertEqual(output_buffer, bytearray(b('xy\x00\x00\x00')))

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2753

2754

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2755

def test_bytearray_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2756

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2757

:py:obj:`Connection.recv_into` can be passed a ``bytearray`` instance

2758

and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2759

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2760

self._no_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2761

2762

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2763

def _respects_length_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2764

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2765

Assert that when the given buffer is passed to ``Connection.recv_into``

2766

along with a value for ``nbytes`` that is less than the size of that

2767

buffer, only ``nbytes`` bytes are written into the buffer.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2768

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2769

output_buffer = factory(10)

2770

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2771

server, client = self._loopback()

2772

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2773

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2774

self.assertEqual(client.recv_into(output_buffer, 5), 5)

2775

self.assertEqual(

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2776

output_buffer, bytearray(b('abcde\x00\x00\x00\x00\x00'))

)

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2780

def test_bytearray_respects_length(self):

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2781

"""

2782

When called with a ``bytearray`` instance,

2783

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter and

2784

doesn't copy in more than that number of bytes.

2785

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2786

self._respects_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2787

2788

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2789

def _doesnt_overfill_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2790

"""

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2791

Assert that if there are more bytes available to be read from the

2792

receive buffer than would fit into the buffer passed to

2793

:py:obj:`Connection.recv_into`, only as many as fit are written into

2794

it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2795

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2796

output_buffer = factory(5)

2797

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2798

server, client = self._loopback()

2799

server.send(b('abcdefghij'))

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2800

Jean-Paul Calderone

320af1e

2015-03-15 17:20:13 -0400

[diff] [blame]

2801

self.assertEqual(client.recv_into(output_buffer), 5)

2802

self.assertEqual(output_buffer, bytearray(b('abcde')))

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2803

rest = client.recv(5)

2804

self.assertEqual(b('fghij'), rest)

2805

2806

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2807

def test_bytearray_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2808

"""

2809

When called with a ``bytearray`` instance,

2810

:py:obj:`Connection.recv_into` respects the size of the array and

2811

doesn't write more bytes into it than will fit.

2812

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2813

self._doesnt_overfill_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2814

2815

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2816

def _really_doesnt_overfill_test(self, factory):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2817

"""

2818

Assert that if the value given by ``nbytes`` is greater than the actual

2819

size of the output buffer passed to :py:obj:`Connection.recv_into`, the

2820

behavior is as if no value was given for ``nbytes`` at all.

2821

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2822

output_buffer = factory(5)

2823

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2824

server, client = self._loopback()

2825

server.send(b('abcdefghij'))

2826

2827

self.assertEqual(client.recv_into(output_buffer, 50), 5)

2828

self.assertEqual(output_buffer, bytearray(b('abcde')))

2829

rest = client.recv(5)

2830

self.assertEqual(b('fghij'), rest)

2831

2832

Jean-Paul Calderone

d335b27

2015-03-15 17:26:38 -0400

[diff] [blame]

2833

def test_bytearray_really_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2834

"""

2835

When called with a ``bytearray`` instance and an ``nbytes`` value that

2836

is too large, :py:obj:`Connection.recv_into` respects the size of the

2837

array and not the ``nbytes`` value and doesn't write more bytes into

2838

the buffer than will fit.

2839

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2840

self._doesnt_overfill_test(bytearray)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2841

2842

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

try:

memoryview

except NameError:

"cannot test recv_into memoryview without memoryview"

2847

else:

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2848

def test_memoryview_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2849

"""

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2850

:py:obj:`Connection.recv_into` can be passed a ``memoryview``

2851

instance and data in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2852

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2853

self._no_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2854

2855

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2856

def test_memoryview_respects_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2857

"""

Jean-Paul Calderone

2015-03-15 17:11:18 -0400

[diff] [blame]

2858

When called with a ``memoryview`` instance,

2859

:py:obj:`Connection.recv_into` respects the ``nbytes`` parameter

2860

and doesn't copy more than that number of bytes in.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2861

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2862

self._respects_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2863

2864

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2865

def test_memoryview_doesnt_overfill(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2866

"""

Jean-Paul Calderone

8fd8255

2015-03-15 17:21:07 -0400

[diff] [blame]

2867

When called with a ``memoryview`` instance,

2868

:py:obj:`Connection.recv_into` respects the size of the array and

2869

doesn't write more bytes into it than will fit.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2870

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2871

self._doesnt_overfill_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2872

2873

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2874

def test_memoryview_really_doesnt_overfill(self):

2875

"""

2876

When called with a ``memoryview`` instance and an ``nbytes`` value

2877

that is too large, :py:obj:`Connection.recv_into` respects the size

2878

of the array and not the ``nbytes`` value and doesn't write more

2879

bytes into the buffer than will fit.

2880

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2881

self._doesnt_overfill_test(_make_memoryview)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2882

2883

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2884

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2885

class ConnectionSendallTests(TestCase, _LoopbackMixin):

2886

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2887

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2888

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2889

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2890

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2891

When called with arguments other than a string argument for its first

2892

parameter or with more than two arguments, :py:obj:`Connection.sendall`

2893

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2894

"""

2895

connection = Connection(Context(TLSv1_METHOD), None)

2896

self.assertRaises(TypeError, connection.sendall)

2897

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2898

self.assertRaises(

2899

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2900

2901

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2902

def test_short(self):

2903

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2904

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2905

it.

2906

"""

2907

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

2908

server.sendall(b('x'))

2909

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2910

2911

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2916

else:

2917

def test_short_memoryview(self):

2918

"""

2919

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2920

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2921

"""

2922

server, client = self._loopback()

2923

server.sendall(memoryview(b('x')))

2924

self.assertEquals(client.recv(1), b('x'))

2925

2926

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffers without buffers"

2931

else:

2932

def test_short_buffers(self):

2933

"""

2934

When passed a buffer containing a small number of bytes,

2935

:py:obj:`Connection.sendall` transmits all of them.

2936

"""

2937

server, client = self._loopback()

2938

server.sendall(buffer(b('x')))

2939

self.assertEquals(client.recv(1), b('x'))

2940

2941

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2942

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2943

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2944

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2945

it even if this requires multiple calls of an underlying write function.

2946

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2947

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

2948

# Should be enough, underlying SSL_write should only do 16k at a time.

2949

# On Windows, after 32k of bytes the write will block (forever - because

2950

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

2951

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2952

server.sendall(message)

2953

accum = []

2954

received = 0

2955

while received < len(message):

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

2956

data = client.recv(1024)

2957

accum.append(data)

2958

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

2959

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2960

2961

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2962

def test_closed(self):

2963

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2964

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2965

write error from the low level write call.

2966

"""

2967

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

2968

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2969

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2970

if platform == "win32":

2971

self.assertEqual(exc.args[0], ESHUTDOWN)

2972

else:

2973

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2974

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2975

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2976

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2977

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

2978

"""

2979

Tests for SSL renegotiation APIs.

2980

"""

2981

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2982

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2983

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2984

arguments.

2985

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2986

connection = Connection(Context(TLSv1_METHOD), None)

2987

self.assertRaises(TypeError, connection.renegotiate, None)

2988

2989

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2990

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2991

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2992

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2993

any arguments.

2994

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2995

connection = Connection(Context(TLSv1_METHOD), None)

2996

self.assertRaises(TypeError, connection.total_renegotiations, None)

2997

2998

2999

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3000

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3001

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3002

renegotiations have happened.

3003

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3004

connection = Connection(Context(TLSv1_METHOD), None)

3005

self.assertEquals(connection.total_renegotiations(), 0)

3006

3007

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3008

# def test_renegotiate(self):

3009

# """

3010

# """

3011

# server, client = self._loopback()

3012

3013

# server.send("hello world")

3014

# self.assertEquals(client.recv(len("hello world")), "hello world")

3015

3016

# self.assertEquals(server.total_renegotiations(), 0)

3017

# self.assertTrue(server.renegotiate())

3018

3019

# server.setblocking(False)

3020

# client.setblocking(False)

3021

# while server.renegotiate_pending():

3022

# client.do_handshake()

3023

# server.do_handshake()

3024

3025

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3030

class ErrorTests(TestCase):

3031

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3032

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3033

"""

3034

def test_type(self):

3035

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3036

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3037

"""

3038

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

3039

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3043

class ConstantsTests(TestCase):

3044

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3045

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3046

3047

These are values defined by OpenSSL intended only to be used as flags to

3048

OpenSSL APIs. The only assertions it seems can be made about them is

3049

their values.

3050

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3051

# unittest.TestCase has no skip mechanism

3052

if OP_NO_QUERY_MTU is not None:

3053

def test_op_no_query_mtu(self):

3054

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3055

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

3056

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3057

"""

3058

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

3059

else:

3060

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3061

3062

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3063

if OP_COOKIE_EXCHANGE is not None:

3064

def test_op_cookie_exchange(self):

3065

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3066

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

3067

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3068

"""

3069

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

3070

else:

3071

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3072

3073

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3074

if OP_NO_TICKET is not None:

3075

def test_op_no_ticket(self):

3076

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3077

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

3078

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3079

"""

3080

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

3081

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

3082

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

3083

3084

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

3085

if OP_NO_COMPRESSION is not None:

3086

def test_op_no_compression(self):

3087

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

3088

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

3089

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

3090

"""

3091

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

3092

else:

3093

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

3094

3095

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3096

def test_sess_cache_off(self):

3097

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3098

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

3099

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3100

"""

3101

self.assertEqual(0x0, SESS_CACHE_OFF)

3102

3103

3104

def test_sess_cache_client(self):

3105

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3106

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

3107

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3108

"""

3109

self.assertEqual(0x1, SESS_CACHE_CLIENT)

3110

3111

3112

def test_sess_cache_server(self):

3113

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3114

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

3115

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3116

"""

3117

self.assertEqual(0x2, SESS_CACHE_SERVER)

3118

3119

3120

def test_sess_cache_both(self):

3121

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3122

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

3123

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3124

"""

3125

self.assertEqual(0x3, SESS_CACHE_BOTH)

3126

3127

3128

def test_sess_cache_no_auto_clear(self):

3129

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3130

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

3131

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

3132

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3133

"""

3134

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

3135

3136

3137

def test_sess_cache_no_internal_lookup(self):

3138

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3139

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

3140

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

3141

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3142

"""

3143

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

3144

3145

3146

def test_sess_cache_no_internal_store(self):

3147

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3148

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

3149

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

3150

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3151

"""

3152

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

3153

3154

3155

def test_sess_cache_no_internal(self):

3156

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3157

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

3158

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

3159

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3160

"""

3161

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

3162

3163

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

3164

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3165

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3166

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3167

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3168

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3169

def _server(self, sock):

3170

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3171

Create a new server-side SSL :py:obj:`Connection` object wrapped around

3172

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3173

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3174

# Create the server side Connection. This is mostly setup boilerplate

3175

# - use TLSv1, use a particular certificate, etc.

3176

server_ctx = Context(TLSv1_METHOD)

3177

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

3178

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

3179

server_store = server_ctx.get_cert_store()

3180

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

3181

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

3182

server_ctx.check_privatekey()

3183

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3184

# Here the Connection is actually created. If None is passed as the 2nd

3185

# parameter, it indicates a memory BIO should be created.

3186

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3187

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3191

def _client(self, sock):

3192

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3193

Create a new client-side SSL :py:obj:`Connection` object wrapped around

3194

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3195

"""

3196

# Now create the client side Connection. Similar boilerplate to the

3197

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3198

client_ctx = Context(TLSv1_METHOD)

3199

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

3200

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

3201

client_store = client_ctx.get_cert_store()

3202

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

3203

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

3204

client_ctx.check_privatekey()

3205

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3206

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3207

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3211

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3212

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3213

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3214

reading from the output of each and writing those bytes to the input of

3215

the other and in this way establish a connection and exchange

3216

application-level bytes with each other.

3217

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3218

server_conn = self._server(None)

3219

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3220

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3221

# There should be no key or nonces yet.

3222

self.assertIdentical(server_conn.master_key(), None)

3223

self.assertIdentical(server_conn.client_random(), None)

3224

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3225

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3226

# First, the handshake needs to happen. We'll deliver bytes back and

3227

# forth between the client and server until neither of them feels like

3228

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3229

self.assertIdentical(

3230

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3231

3232

# Now that the handshake is done, there should be a key and nonces.

3233

self.assertNotIdentical(server_conn.master_key(), None)

3234

self.assertNotIdentical(server_conn.client_random(), None)

3235

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

3236

self.assertEquals(server_conn.client_random(), client_conn.client_random())

3237

self.assertEquals(server_conn.server_random(), client_conn.server_random())

3238

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

3239

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3240

3241

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

3242

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3243

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3244

server_conn.write(important_message)

3245

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3246

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3247

(client_conn, important_message))

3248

3249

client_conn.write(important_message[::-1])

3250

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3251

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3252

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3253

3254

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3255

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3256

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3257

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3258

3259

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3260

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3261

this test fails, there must be a problem outside the memory BIO

3262

code, as no memory BIO is involved here). Even though this isn't a

3263

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3264

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

3265

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3266

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

3267

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3268

client_conn.send(important_message)

3269

msg = server_conn.recv(1024)

3270

self.assertEqual(msg, important_message)

3271

3272

# Again in the other direction, just for fun.

3273

important_message = important_message[::-1]

3274

server_conn.send(important_message)

3275

msg = client_conn.recv(1024)

3276

self.assertEqual(msg, important_message)

3277

3278

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

3279

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3280

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3281

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

3282

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3283

"""

3284

context = Context(SSLv3_METHOD)

3285

client = socket()

3286

clientSSL = Connection(context, client)

3287

self.assertRaises( TypeError, clientSSL.bio_read, 100)

3288

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

3289

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3290

3291

3292

def test_outgoingOverflow(self):

3293

"""

3294

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3295

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3296

returned and that many bytes from the beginning of the input can be

3297

read from the other end of the connection.

3298

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3299

server = self._server(None)

3300

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3301

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3302

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3303

3304

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

3305

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3306

# Sanity check. We're trying to test what happens when the entire

3307

# input can't be sent. If the entire input was sent, this test is

3308

# meaningless.

3309

self.assertTrue(sent < size)

3310

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3311

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3312

self.assertIdentical(receiver, server)

3313

3314

# We can rely on all of these bytes being received at once because

3315

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

3316

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3317

3318

3319

def test_shutdown(self):

3320

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3321

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

3322

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3323

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3324

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

3325

server.bio_shutdown()

3326

e = self.assertRaises(Error, server.recv, 1024)

3327

# We don't want WantReadError or ZeroReturnError or anything - it's a

3328

# handshake failure.

3329

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3330

3331

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3332

def test_unexpectedEndOfFile(self):

3333

"""

3334

If the connection is lost before an orderly SSL shutdown occurs,

3335

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

3336

"Unexpected EOF".

3337

"""

3338

server_conn, client_conn = self._loopback()

3339

client_conn.sock_shutdown(SHUT_RDWR)

3340

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

3341

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

3342

3343

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3344

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3345

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3346

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3347

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

3348

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3349

before the client and server are connected to each other. This

3350

function should specify a list of CAs for the server to send to the

3351

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3352

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3353

times.

3354

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3355

server = self._server(None)

3356

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3357

self.assertEqual(client.get_client_ca_list(), [])

3358

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3359

ctx = server.get_context()

3360

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3361

self.assertEqual(client.get_client_ca_list(), [])

3362

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

3363

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3364

self.assertEqual(client.get_client_ca_list(), expected)

3365

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3366

3367

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3368

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3369

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3370

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3371

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3372

"""

3373

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3374

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

3375

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

3376

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3377

3378

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3379

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3380

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3381

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3382

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3383

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3384

after the connection is set up.

3385

"""

3386

def no_ca(ctx):

3387

ctx.set_client_ca_list([])

3388

return []

3389

self._check_client_ca_list(no_ca)

3390

3391

3392

def test_set_one_ca_list(self):

3393

"""

3394

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3395

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3396

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3397

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3398

X509Name after the connection is set up.

3399

"""

3400

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3401

cadesc = cacert.get_subject()

3402

def single_ca(ctx):

3403

ctx.set_client_ca_list([cadesc])

3404

return [cadesc]

3405

self._check_client_ca_list(single_ca)

3406

3407

3408

def test_set_multiple_ca_list(self):

3409

"""

3410

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3411

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3412

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3413

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3414

X509Names after the connection is set up.

3415

"""

3416

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3417

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3418

3419

sedesc = secert.get_subject()

3420

cldesc = clcert.get_subject()

3421

3422

def multiple_ca(ctx):

3423

L = [sedesc, cldesc]

3424

ctx.set_client_ca_list(L)

3425

return L

3426

self._check_client_ca_list(multiple_ca)

3427

3428

3429

def test_reset_ca_list(self):

3430

"""

3431

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3432

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3433

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3434

"""

3435

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3436

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3437

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3438

3439

cadesc = cacert.get_subject()

3440

sedesc = secert.get_subject()

3441

cldesc = clcert.get_subject()

3442

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3443

def changed_ca(ctx):

3444

ctx.set_client_ca_list([sedesc, cldesc])

3445

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3446

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3447

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3448

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3449

3450

def test_mutated_ca_list(self):

3451

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3452

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3453

afterwards, this does not affect the list of CA names sent to the

3454

client.

3455

"""

3456

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3457

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3458

3459

cadesc = cacert.get_subject()

3460

sedesc = secert.get_subject()

3461

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3462

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3463

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3464

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3465

L.append(sedesc)

3466

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3467

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3468

3469

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3470

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3471

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3472

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3473

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3474

"""

3475

ctx = Context(TLSv1_METHOD)

3476

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3477

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3478

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3479

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3480

3481

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3482

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3483

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3484

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3485

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3486

"""

3487

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3488

cadesc = cacert.get_subject()

3489

def single_ca(ctx):

3490

ctx.add_client_ca(cacert)

3491

return [cadesc]

3492

self._check_client_ca_list(single_ca)

3493

3494

3495

def test_multiple_add_client_ca(self):

3496

"""

3497

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3498

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3499

"""

3500

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3501

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3502

3503

cadesc = cacert.get_subject()

3504

sedesc = secert.get_subject()

3505

3506

def multiple_ca(ctx):

3507

ctx.add_client_ca(cacert)

3508

ctx.add_client_ca(secert)

3509

return [cadesc, sedesc]

3510

self._check_client_ca_list(multiple_ca)

3511

3512

3513

def test_set_and_add_client_ca(self):

3514

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3515

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

3516

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3517

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3518

"""

3519

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3520

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3521

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3522

3523

cadesc = cacert.get_subject()

3524

sedesc = secert.get_subject()

3525

cldesc = clcert.get_subject()

3526

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3527

def mixed_set_add_ca(ctx):

3528

ctx.set_client_ca_list([cadesc, sedesc])

3529

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3530

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3531

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3532

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3533

3534

def test_set_after_add_client_ca(self):

3535

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

3536

A call to :py:obj:`Context.set_client_ca_list` after a call to

3537

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3538

call with the names specified by the latter cal.

3539

"""

3540

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3541

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3542

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3543

3544

cadesc = cacert.get_subject()

3545

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3546

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3547

def set_replaces_add_ca(ctx):

3548

ctx.add_client_ca(clcert)

3549

ctx.set_client_ca_list([cadesc])

3550

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3551

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3552

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3553

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

3554

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3555

3556

class ConnectionBIOTests(TestCase):

3557

"""

3558

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

3559

"""

3560

def test_wantReadError(self):

3561

"""

3562

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

3563

if there are no bytes available to be read from the BIO.

3564

"""

3565

ctx = Context(TLSv1_METHOD)

3566

conn = Connection(ctx, None)

3567

self.assertRaises(WantReadError, conn.bio_read, 1024)

3568

3569

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3570

def test_buffer_size(self):

3571

"""

3572

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

3573

number of bytes to read and return.

3574

"""

3575

ctx = Context(TLSv1_METHOD)

3576

conn = Connection(ctx, None)

3577

conn.set_connect_state()

3578

try:

3579

conn.do_handshake()

3580

except WantReadError:

3581

pass

3582

data = conn.bio_read(2)

3583

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

3588

"""

3589

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

3590

:py:obj:`long` as well as :py:obj:`int`.

3591

"""

3592

ctx = Context(TLSv1_METHOD)

3593

conn = Connection(ctx, None)

3594

conn.set_connect_state()

3595

try:

3596

conn.do_handshake()

3597

except WantReadError:

3598

pass

3599

data = conn.bio_read(long(2))

3600

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3604

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

3605

class InfoConstantTests(TestCase):

3606

"""

3607

Tests for assorted constants exposed for use in info callbacks.

3608

"""

3609

def test_integers(self):

3610

"""

3611

All of the info constants are integers.

3612

3613

This is a very weak test. It would be nice to have one that actually

3614

verifies that as certain info events happen, the value passed to the

3615

info callback matches up with the constant exposed by OpenSSL.SSL.

3616

"""

3617

for const in [

3618

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

3619

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

3620

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

3621

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

3622

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

3623

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

3624

3625

self.assertTrue(isinstance(const, int))

3626

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3627

Jean-Paul Calderone