Spade
Mini Shell
| Directory:~$ /proc/self/root/usr/lib64/python2.7/site-packages/OpenSSL/test/ |
| [Home] [System Details] [Kill Me] |
�
o�[c@s�dZddlmZddlmZmZmZddlmZm Z ddl
m
Z
m
Z
ddl
m
Z
ddlmZddlmZdd lmZdd
lmZmZdd
lmZmZmZdd
lmZmZdd
lm
Z
m
Z
ddl
m Z m Z
m!Z!ddl
m"Z"m#Z#m$Z$ddl
m%Z%m&Z&ddl
m'Z'm(Z(m)Z)m*Z*ddl
m+Z+m,Z,m-Z-ddl
m.Z.m/Z/m0Z0m1Z1ddl
m2Z2m3Z3m4Z4m5Z5m6Z6ddl
m7Z7m8Z8m9Z9m:Z:ddl;m<Z<m=Z=m>Z>ddl?m@Z@mAZAddl?mBZBmCZCmDZDmEZEmFZFyddl
mGZGWneHk
r{eIZGnXyddl
mJZJWneHk
r�eIZJnXyddl
mKZKWneHk
r�eIZKnXdd
l
mLZLmMZMmNZNmOZOmPZPmQZQmRZRmSZSmTZTmUZUmVZVmWZWmXZXmYZYmZZZm[Z[m\Z\m]Z]m^Z^m_Z_d
Z`d
�Zad �Zbd
�Zcd!�Zdd"fd#��YZed$e<fd%��YZfd&e<eefd'��YZgd(e<eefd)��YZhd*e<eefd+��YZid,e<fd-��YZjd.e<eefd/��YZkd0e<eefd1��YZld2e<eefd3��YZmd4e<fd5��YZnd6e<fd7��YZod8e<eefd9��YZpd:e<fd;��YZqerd<kr�e�nd=S(>s
Unit tests for L{OpenSSL.SSL}.
i����(tcollect(t
ECONNREFUSEDt
EINPROGRESSt
EWOULDBLOCK(tplatformt
version_info(terrortsocket(tmakedirs(tjoin(tmain(tref(tTYPE_RSAt
FILETYPE_PEM(tPKeytX509t
X509Extension(tdump_privatekeytload_privatekey(tdump_certificatetload_certificate(tOPENSSL_VERSION_NUMBERtSSLEAY_VERSIONt
SSLEAY_CFLAGS(tSSLEAY_PLATFORMt
SSLEAY_DIRtSSLEAY_BUILT_ON(t
SENT_SHUTDOWNtRECEIVED_SHUTDOWN(t
SSLv2_METHODt
SSLv3_METHODt
SSLv23_METHODt
TLSv1_METHOD(t
OP_NO_SSLv2t
OP_NO_SSLv3tOP_SINGLE_DH_USE(t
VERIFY_PEERtVERIFY_FAIL_IF_NO_PEER_CERTtVERIFY_CLIENT_ONCEt
VERIFY_NONE(tErrort
SysCallErrort
WantReadErrortZeroReturnErrortSSLeay_version(tContextt
ContextTypet
ConnectiontConnectionType(tTestCasetbytestb(tcleartextCertificatePEMtcleartextPrivateKeyPEM(tclient_cert_pemtclient_key_pemtserver_cert_pemtserver_key_pemt
root_cert_pem(tOP_NO_QUERY_MTU(tOP_COOKIE_EXCHANGE(t
OP_NO_TICKET(tSSL_ST_CONNECTt
SSL_ST_ACCEPTt
SSL_ST_MASKt
SSL_ST_INITt
SSL_ST_BEFOREt SSL_ST_OKtSSL_ST_RENEGOTIATEt
SSL_CB_LOOPt
SSL_CB_EXITt
SSL_CB_READt
SSL_CB_WRITEt
SSL_CB_ALERTtSSL_CB_READ_ALERTtSSL_CB_WRITE_ALERTtSSL_CB_ACCEPT_LOOPtSSL_CB_ACCEPT_EXITtSSL_CB_CONNECT_LOOPtSSL_CB_CONNECT_EXITtSSL_CB_HANDSHAKE_STARTtSSL_CB_HANDSHAKE_DONEs[-----BEGIN
DH PARAMETERS-----
MBYCEQCobsg29c9WZP/54oAPcwiDAgEC
-----END DH PARAMETERS-----
cCs|S(N((tconntcertterrnumtdepthtok((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt verify_cbFscCs�t�}|jd�|jd�t�}|jt�|jd|j�df�|jt�|j�d}|j t
d��|j t
d��|jt�|jt�||fS(sQ
Establish and return a pair of network sockets connected to each other.
tiis 127.0.0.1txty(RXi(
Rtbindtlistent
setblockingtFalset
connect_ext
getsocknametTruetaccepttsendR3(tporttclienttserver((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
socket_pairJs
cCs]||g}xJ|rXx=|D]5}y|j�Wntk
rCq
X|j|�q
WqWdS(N(t
do_handshakeR*tremove(ReRftconnsRR((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt handshakehs
cCsAttd�ttd��}t�}|jtd�t�}d|j�_|j |j��|j
|�|j
td��|j
td��|j
|g�|jd�|j|d�t�}|jtd�t�}d |j�_|j |j��|j
|�|j
td��|j
td��|j
|g�|jd�|j|d�t�}|jtd�t�}d
|j�_|j |j��|j
|�|j
td��|j
td��|j
ttd�ttd
��g�|jd�|j|d�||f||f||fgS(
s�
Construct and return a chain of certificates.
1. A new self-signed certificate authority certificate (cacert)
2. A new intermediate certificate signed by cacert (icert)
3. A new server certificate signed by icert (scert)
tbasicConstraintssCA:trueisAuthority
Certificatet20000101000000Zt20200101000000Zitsha1sIntermediate
CertificatesServer
CertificatesCA:false(RR3R^Rt
generate_keyR
Rt
get_subjectt
commonNamet
set_issuert
set_pubkeyt
set_notBeforet
set_notAftertadd_extensionstset_serial_numbertsignRa(tcaexttcakeytcacerttikeyticerttskeytscert((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_create_certificate_chaintsH
"
t_LoopbackMixincBs
eZdZd�Zd�ZRS(s�
Helper mixin which defines methods for creating a connected socket pair
and
for forcing two connected SSL sockets to talk to each other via memory
BIOs.
cCs�t�\}}tt�}|jttt��|jttt ��t
||�}|j
�t
tt�|�}|j
�t
||�|jt�|jt�||fS(N(RgR-R
tuse_privatekeyRR
R9tuse_certificateRR8R/tset_accept_statetset_connect_stateRkR]Ra(tselfRfRetctx((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt _loopback�s
cCs�t}x�|r�t}x�||f||fgD]�\}}y|jd�}Wntk
r`n
X||fSxEtr�y|jd�}Wntk
r�PqnXt}|j|�qnWq.Wq WdS(s�
Try to read application bytes from each of the two L{Connection}
objects. Copy bytes back and forth between their send/receive
buffers
for as long as there is anything to copy. When there is nothing
more
to copy, return C{None}. If one of them actually manages to
deliver
some application bytes, return a two-tuple of the connection from
which
the bytes were read and the bytes themselves.
iiiNi(RaR^trecvR*tbio_readt bio_write(R�t
client_connt
server_conntwrotetreadtwritetdatatdirty((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_interactInMemory�s"
(t__name__t
__module__t__doc__R�R�(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��s t
VersionTestscBs
eZdZd�Zd�ZRS(s�
Tests for version information exposed by
L{OpenSSL.SSL.SSLeay_version} and
L{OpenSSL.SSL.OPENSSL_VERSION_NUMBER}.
cCs|jttt��dS(s�
L{OPENSSL_VERSION_NUMBER} is an integer with status in the low
byte and the patch, fix, minor, and major versions in the
nibbles above that.
N(t
assertTruet
isinstanceRtint(R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_OPENSSL_VERSION_NUMBER�scCsli}xItttttgD]2}t|�}|||<|jt|t��q
W|j t
|�d�dS(s�
L{SSLeay_version} takes a version type indicator and returns
one of a number of version strings based on that indicator.
iN(
RRRRRR,R�R�R2t
assertEqualtlen(R�tversionstttversion((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_SSLeay_versions
(R�R�R�R�R�(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��s t
ContextTestscBsmeZdZd�Zd�Zd�Zd�Zd�Zd�Zd�Z d�Z
d �Z
d
�Z
d
�Z
d
�Zd
�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Z
e
r�n d�Z
d
�Z d
�Z
d
�Z!d �Z"d
�Z#d!�Z$d"�Z%d#�Z&d$�Z'd%�Z(d&�Z)RS('s0
Unit tests for L{OpenSSL.SSL.Context}.
cCsvx!tttgD]}t|�qWytt�Wnttfk
rKnX|jttd�|jttd�dS(s�
L{Context} can be instantiated with one of L{SSLv2_METHOD},
L{SSLv3_METHOD}, L{SSLv23_METHOD}, or L{TLSv1_METHOD}.
RXi
N( R
R R R-R
t
ValueErrorR(t
assertRaisest TypeError(R�tmeth((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_methodscCs'|jtt�|jtdt�dS(s�
L{Context} and L{ContextType} refer to the same type object and can
be
used to create instances of that type.
R-N(tassertIdenticalR-R.tassertConsistentTypeR
(R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt test_type&scCsLt�}|jtd�tt�}|j|�|jt|jd�dS(sU
L{Context.use_privatekey} takes an L{OpenSSL.crypto.PKey} instance.
i�RXN(RRpR
R-R
R�R�R�(R�tkeyR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_use_privatekey/s
cCs<tt�}|jt|j�|jt|jdd�dS(sm
L{Context.set_app_data} raises L{TypeError} if called with other
than
one argument.
N(R-R
R�R�t
set_app_datatNone(R�tcontext((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_set_app_data_wrong_args:s
cCs&tt�}|jt|jd�dS(sc
L{Context.get_app_data} raises L{TypeError} if called with any
arguments.
N(R-R
R�R�t
get_app_dataR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_get_app_data_wrong_argsDs
cCs<t�}tt�}|j|�|j|j�|�dS(su
L{Context.set_app_data} stores an object for later retrieval using
L{Context.get_app_data}.
N(tobjectR-R
R�R�R�(R�tapp_dataR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_app_dataMs
cCsRtt�}|jt|j�|jt|jd�|jt|jdd�dS(s�
L{Context.set_options} raises L{TypeError} if called with the wrong
number of arguments or a non-C{int} argument.
iN(R-R
R�R�t
set_optionsR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_options_wrong_argsXs
cCsRtt�}|jt|j�|jt|jd�|jt|jdd�dS(s�
L{Context.set_timeout} raises L{TypeError} if called with the wrong
number of arguments or a non-C{int} argument.
iN(R-R
R�R�t
set_timeoutR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_timeout_wrong_argscs
cCs&tt�}|jt|jd�dS(sZ
L{Context.get_timeout} raises L{TypeError} if called with any
arguments.
N(R-R
R�R�t
get_timeoutR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_get_timeout_wrong_argsns
cCs3tt�}|jd�|j|j�d�dS(s�
L{Context.set_timeout} sets the session timeout for all connections
created using the context object. L{Context.get_timeout} retrieves
this
value.
i�N(R-R
R�t
assertEqualsR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_timeoutvs
cCsRtt�}|jt|j�|jt|jd�|jt|jdd�dS(s�
L{Context.set_verify_depth} raises L{TypeError} if called with the
wrong
number of arguments or a non-C{int} argument.
iN(R-R
R�R�tset_verify_depthR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_set_verify_depth_wrong_args�s
cCs&tt�}|jt|jd�dS(s_
L{Context.get_verify_depth} raises L{TypeError} if called with any
arguments.
N(R-R
R�R�tget_verify_depthR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_get_verify_depth_wrong_args�s
cCs3tt�}|jd�|j|j�d�dS(s�
L{Context.set_verify_depth} sets the number of certificates in a
chain
to follow before giving up. The value can be retrieved with
L{Context.get_verify_depth}.
i
N(R-R
R�R�R�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_verify_depth�s
cCsmt�}|jtd�|j�}t|d�}tt|d|�}|j|jd��|j �|S(s�
Write a new private key out to a new file, encrypted using the
given
passphrase. Return the path to the new file.
i�twtblowfishtascii(
RRpR
tmktemptopenRR
R�tdecodetclose(R�t
passphraseR�tpemFiletfObjtpem((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_write_encrypted_pem�s
cCsXtt�}|jt|j�|jt|jd�|jt|jd�dd�dS(s�
L{Context.set_passwd_cb} raises L{TypeError} if called with the
wrong arguments or with a non-callable first argument.
cSsdS(N(R�(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt<lambda>�sN(R-R
R�R�t
set_passwd_cbR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_set_passwd_cb_wrong_args�s
cs�td��|j��}g���fd�}tt�}|j|�|j|�|jt��d�|jt�ddt ��|jt�ddt ��|j
�ddd�dS(s�
L{Context.set_passwd_cb} accepts a callable which will be invoked
when
a private key is loaded from an encrypted PEM.
tfoobarcs�j|||f��S(N(tappend(tmaxlentverifytextra(t
calledWithR�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytpassphraseCallback�siiiN(
R3R�R-R
R�tuse_privatekey_fileR�R�R�R�R�R�(R�R�R�R�((R�R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_passwd_cb�s
cCsQ|jtd��}d�}tt�}|j|�|jt|j|�dS(st
L{Context.use_privatekey_file} propagates any exception raised by
the
passphrase callback.
smonkeys are nicecSstd��dS(NsSorry, I am a
fail.(t
RuntimeError(R�R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��sN(R�R3R-R
R�R�R�R�(R�R�R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_passwd_callback_exception�s
cCsQ|jtd��}d�}tt�}|j|�|jt|j|�dS(s�
L{Context.use_privatekey_file} raises L{OpenSSL.SSL.Error} if the
passphrase callback returns a false value.
smonkeys are
nicecSsdS(N(R�(R�R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��sN(R�R3R-R
R�R�R(R�(R�R�R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_passwd_callback_false�s
cCsQ|jtd��}d�}tt�}|j|�|jt|j|�dS(s�
L{Context.use_privatekey_file} raises L{OpenSSL.SSL.Error} if the
passphrase callback returns a true non-string value.
smonkeys are nicecSsdS(Ni
((R�R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��sN(R�R3R-R
R�R�R(R�(R�R�R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt test_passwd_callback_non_string�s
csXtd�d�|j��}�fd�}tt�}|j|�|j|�dS(s�
If the passphrase returned by the passphrase callback returns a
string
longer than the indicated maximum length, it is truncated.
RYics�td�S(NRZ(R3(R�R�R�(R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��sN(R3R�R-R
R�R�(R�R�R�R�((R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_passwd_callback_too_long�s
cs�t�\}}ttt�|�}|j�g��fd�}tt�}|j|�|jttt ��|j
t
tt
��t||�}|j
�xC�s�x6||fD](}y|j�Wq�tk
r�q�Xq�Wq�W|j��dS(s�
L{Context.set_info_callback} accepts a callable which will be
invoked
when certain information about an SSL connection is available.
cs�j|||f�dS(N(R�(RRtwheretret(tcalled(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytinfosN(RgR/R-R
R�tset_info_callbackR�RR
R4R�RR5R�RhR*R�(R�RfRet clientSSLR�R�t serverSSLtssl((R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_info_callback
s(
c Gs�t�\}}tt�}|j|�|jtd��t||�}|j�tt�}|jt t
t
��|j
t
t
t��t||�}|j�t||�|j�}|j|j�jd�dS(s�
Create a client context which will verify the peer certificate and
call
its C{load_verify_locations} method with C{*args}. Then connect it
to a
server and ensure that the handshake succeeds.
cSs|S(N((RRRSterrnoRUt
preverify_ok((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR�:ssTesting
Root CAN(RgR-R tload_verify_locationst
set_verifyR$R/R�R�RR
R4R�RR5R�Rktget_peer_certificateR�RqtCN( R�targsRfRet
clientContextR�t
serverContextR�RS((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_load_verify_locations_test,s$
cCsL|j�}t|d�}|jtjd��|j�|j|�dS(s�
L{Context.load_verify_locations} accepts a file name and uses the
certificates within for verification purposes.
R�R�N(R�R�R�R4R�R�R�(R�tcafileR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_load_verify_fileRs
cCs,tt�}|jt|j|j��dS(sm
L{Context.load_verify_locations} raises L{Error} when passed a
non-existent cafile.
N(R-R
R�R(R�R�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_load_verify_invalid_file_s
cCs|j�}t|�xRddgD]D}t||�}t|d�}|jtjd��|j�q#W|jd|�dS(s�
L{Context.load_verify_locations} accepts a directory name and uses
the certificates within for verification purposes.
s
c7adac82.0s
c3705638.0R�R�N(
R�RR R�R�R4R�R�R�R�(R�tcapathtnameR�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_load_verify_directoryis
cCswtt�}|jt|j�|jt|jt��|jt|jt�t��|jt|jddd�dS(s�
L{Context.load_verify_locations} raises L{TypeError} if called with
the wrong number of arguments or with non-C{str} arguments.
N(R-R
R�R�R�R�R�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt%test_load_verify_locations_wrong_args|s
cCs�tt�}|j�|jtd��t�}|jd�t||�}|j�|j �|j
d�|j
|j
d��dS(s�
L{Context.set_default_verify_paths} causes the
platform-specific CA
certificate locations to be used for verification purposes.
cSs|S(N((RRRSR�RUR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��ss
verisign.comi�sGET
/ HTTP/1.0
iN(s
verisign.comi�(
R-R
tset_default_verify_pathsR�R$RtconnectR/R�RhRcR�R�(R�R�ReR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_set_default_verify_paths�s
cCsRtt�}|jt|jd�|jt|jd�|jt|jd�dS(sv
L{Context.set_default_verify_paths} takes no arguments and raises
L{TypeError} if given any.
iRXN(R-R
R�R�R�R�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt'test_set_default_verify_paths_signature�s
cCs[tt�}|jt|j�|jt|jt��|jt|jt�t��dS(s�
L{Context.add_extra_chain_cert} raises L{TypeError} if called with
other than one argument or if called with an object which is not an
instance of L{X509}.
N(R-R
R�R�tadd_extra_chain_certR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt&test_add_extra_chain_cert_invalid_cert�s
c Cs�t�\}}t||�}|j�t||�}|j�xMtd�D]?}x6||gD](}y|j�Wqatk
r�qaXqaWqNWdS(s�
Verify that a client and server created with the given contexts can
successfully handshake and communicate.
iN(RgR/R�R�trangeRhR*( R�R�R�t
serverSockett
clientSocketRfRetits((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_handshake_test�s
cCsrt�}|\\}}\}}\}}xg|df|df|dfgD]D\}} t| d�}
|
jtt|�jd��|
j�qLWxg|df|df|dfgD]D\}
} t| d�}
|
jtt|
�jd��|
j�q�Wtt �}
|
j
|�|
j
|�|
j
|�tt �}
|
j
ttBt�|
jd�|j|
|
�d S(
s�
L{Context.add_extra_chain_cert} accepts an L{X509} instance to add
to
the certificate chain.
See L{_create_certificate_chain} for the details of the certificate
chain tested.
The chain is tested by starting a server with scert and connecting
to it with a client which trusts cacert and requires verification
to
succeed.
sca.pemsi.pemss.pemR�R�sca.keysi.keyss.keyN(R�R�R�RR
R�R�RR-R
R�R�R�R�R$R%RWR�R(R�tchainR{R|R}R~RR�RSR�R�R�R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_add_extra_chain_cert�s&
!. .
c
CsKt�}|\\}}\}}\}}|j�}t|d�} | jtt|�jd��| jtt|�jd��| jtt|�jd��| j�tt �}
|
j
|�|
j
|�tdd�} | jtt|�jd��| j�tt �}
|
j
t
tBt�|
jd�|j|
|
�dS(s
L{Context.use_certificate_chain_file} reads a certificate chain
from
the specified file.
The chain is tested by starting a server with scert and connecting
to it with a client which trusts cacert and requires verification
to
succeed.
R�R�sca.pemN(R�R�R�R�RR
R�R�R-R
tuse_certificate_chain_fileR�R�R$R%RWR�R(
R�RR{R|R}R~RR�t chainFileR�R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt test_use_certificate_chain_files& !
cCs&tt�}|jt|jd�dS(sf
L{Context.get_verify_mode} raises L{TypeError} if called with any
arguments.
N(R-R
R�R�tget_verify_modeR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt test_get_verify_mode_wrong_args*s
cCsWtt�}|j|j�d�|jttBd��|j|j�ttB�dS(s~
L{Context.get_verify_mode} returns the verify mode flags previously
passed to L{Context.set_verify}.
icWsdS(N(R�(R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR�;sN(R-R
R�R
R�R$R&(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_get_verify_mode3s
cCsUtt�}|jt|j�|jt|jdd�|jt|jt��dS(s�
L{Context.load_tmp_dh} raises L{TypeError} if called with the wrong
number of arguments or with a non-C{str} argument.
tfooN(R-R
R�R�t
load_tmp_dhR�R�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_load_tmp_dh_wrong_args@s
cCs&tt�}|jt|jd�dS(sr
L{Context.load_tmp_dh} raises L{OpenSSL.SSL.Error} if the specified
file
does not exist.
thelloN(R-R
R�R(R(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_load_tmp_dh_missing_fileKs
cCsOtt�}|j�}t|d�}|jt�|j�|j|�dS(si
L{Context.load_tmp_dh} loads Diffie-Hellman parameters from the
specified file.
R�N(R-R R�R�R�tdhparamR�R(R�R�t
dhfilenametdhfile((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_load_tmp_dhTs
cCsEtt�}|jd�t|d�}|j|j�dg�dS(s�
L{Context.set_cipher_list} accepts a C{str} naming the ciphers
which
connections created with the context object will be able to choose
from.
shello world:AES128-SHA256s
AES128-SHA256N(R-R
tset_cipher_listR/R�R�tget_cipher_list(R�R�RR((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_cipher_listbs
(*R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�RaR�R�RRRR
R
RRRRR(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR�sR
" &
, '
tServerNameCallbackTestscBs2eZdZd�Zd�Zd�Zd�ZRS(si
Tests for L{Context.set_tlsext_servername_callback} and its interaction
with
L{Connection}.
cCs<tt�}|jt|j�|jt|jdd�dS(s
L{Context.set_tlsext_servername_callback} raises L{TypeError} if
called
with other than one argument.
iiN(R-R
R�R�t
set_tlsext_servername_callback(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_wrong_argsss
cCsed�}d�}tt�}|j|�t|�}~|j|�t�|jd|��dS(s�
If L{Context.set_tlsext_servername_callback} is used to specify a
new
callback, the one it replaces is dereferenced.
cSsdS(N((t
connection((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytcallback�scSsdS(N((R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
replacement�sN(R-R
R
R
RR�R�(R�R R
R�ttracker((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_old_callback_forgotten}s
cs�g��fd�}tt�}|j|�~t�|jttt��|jt tt
��t
|d�}|j
�t
tt�d�}|j�|j||�|j|dfg��dS(s�
When a client specifies no server name, the callback passed to
L{Context.set_tlsext_servername_callback} is invoked and the result
of
L{Connection.get_servername} is C{None}.
cs
�j||j�f�dS(N(R�tget_servername(RR(R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
servername�sN(R-R
R
RR�RR
R9R�RR8R/R�R�R�R�R�(R�R$R�RfRe((R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_no_servername�s
cs�g��fd�}tt�}|j|�|jttt��|jttt ��t
|d�}|j
�t
tt�d�}|j
�|jtd��|j||�|j|td�fg��dS(s�
When a client specifies a server name in its hello message, the
callback
passed to L{Contexts.set_tlsext_servername_callback} is invoked and
the
result of L{Connection.get_servername} is that server name.
cs
�j||j�f�dS(N(R�R#(RR(R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR$�ssfoo1.example.comN(R-R
R
R�RR
R9R�RR8R/R�R�R�tset_tlsext_host_nameR3R�R�(R�R$R�RfRe((R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_servername�s
(R�R�R�R
R"R%R'(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRns
!tConnectionTestscBs�eZdZd�Zd�Zd�Zd�Zd�Zd�Zd�Z d�Z
d �Z
d
�Z
d
�Z
d
�Zed
kr�n d�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�ZRS(s3
Unit tests for L{OpenSSL.SSL.Connection}.
cCs6|jtt�tt�}|jtd|d�dS(s�
L{Connection} and L{ConnectionType} refer to the same type object
and
can be used to create instances of that type.
R/N(R�R/R0R-R
R�R�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��s
cCs5tt�}t|d�}|j|j�|�dS(s�
L{Connection.get_context} returns the L{Context} instance used to
construct the L{Connection} instance.
N(R-R
R/R�R�t
get_context(R�R�R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_get_context�s
cCs/ttt�d�}|jt|jd�dS(se
L{Connection.get_context} raises L{TypeError} if called with any
arguments.
N(R/R-R
R�R�R�R)(R�R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_get_context_wrong_args�scCs�tt�}t|d�}|jt|j�|jt|jt��|jt|jd�|jt|jd�|jt|jdd�|jt|jtt�d�|j||j ��dS(s�
L{Connection.set_context} raises L{TypeError} if called with a
non-L{Context} instance argument or with any number of arguments
other
than 1.
RiiN(
R-R
R/R�R�R�t
set_contextR�R�R)(R�R�R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_context_wrong_argss
cCs[tt�}tt�}t|d�}|j|�|j||j��~~t�dS(sv
L{Connection.set_context} specifies a new L{Context} instance to be
used
for the connection.
N( R-R R R/R�R,R�R)R(R�toriginalR
R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_contexts
cCs�ttt�d�}|jt|j�|jt|jt��|jt|jdd�|jt|jtd��t dkr�|jt|jtd�j
d��ndS( s�
If L{Connection.set_tlsext_host_name} is called with a non-byte
string
argument or a byte string with an embedded NUL or other than one
argument, L{TypeError} is raised.
i{i�t withnullis
example.comR�N(i(
R/R-R
R�R�R�R&R�R3RR�(R�RR((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt$test_set_tlsext_host_name_wrong_args's
cCs^ttt�d�}|jt|jt��|jt|jd�|jt|jd�dS(sh
L{Connection.get_servername} raises L{TypeError} if called with any
arguments.
iRN(R/R-R
R�R�R�R#R�(R�R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_get_servername_wrong_args;scCs/ttt�d�}|j|j�d�dS(si
L{Connection.pending} returns the number of bytes available for
immediate read.
iN(R/R-R
R�R�tpending(R�R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_pendingFscCs/ttt�d�}|jt|jd�dS(sY
L{Connection.pending} raises L{TypeError} if called with any
arguments.
N(R/R-R
R�R�R�R3(R�R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_pending_wrong_argsOscCs^ttt�t��}|jt|jd�|jt|j�|jt|jdd�dS(s�
L{Connection.connect} raises L{TypeError} if called with a
non-address
argument or with the wrong number of arguments.
s 127.0.0.1iN(s 127.0.0.1i(R/R-R
RR�R�R�R�(R�R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_connect_wrong_argsWscCsWt�}tt�}t||�}|jt|jd�}|j|jdt �dS(sy
L{Connection.connect} raises L{socket.error} if the underlying
socket
connect method raises it.
s 127.0.0.1iiN(s 127.0.0.1i(
RR-R
R/R�RR�R�R�R(R�ReR�R�texc((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_connect_refusedbs
cCs\t�}|jd�|jd�ttt�t��}|jd|j�df�dS(sZ
L{Connection.connect} establishes a connection to the specified
address.
RXiis 127.0.0.1iN(RXi(RR[R\R/R-R
R�R`(R�RdR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_connectns
tdarwincCs�t�}|jd�|jd�ttt�t��}|jt�|j|j ��}t
t
f}|j
||kd||f�dS(s�
If there is a connection error, L{Connection.connect_ex}
returns the
errno instead of raising an exception.
RXiis
%r not in %rN(RXi(
RR[R\R/R-R
R]R^R_R`RRR�(R�RdR�tresulttexpected((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_connect_ex~s
cCs2ttt�t��}|jt|jd�dS(sX
L{Connection.accept} raises L{TypeError} if called with any
arguments.
N(R/R-R
RR�R�RbR�(R�R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_accept_wrong_args�scCs�tt�}|jttt��|jttt��t �}t
||�}|j
d�|j
d�t
tt�t ��}|j
d|j�df�|j�\}}|jt|t
��|j|j�|�|j||j��dS(s�
L{Connection.accept} accepts a pending connection attempt and
returns a
tuple of a new L{Connection} (the accepted client) and the address
the
connection originated from.
RXiis 127.0.0.1iN(RXi(R-R
R�RR
R9R�RR8RR/R[R\R�R`RbR�R�R�R)R�(R�R�RdtportSSLR�R�taddress((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_accept�s
cCs�ttt�d�}|jt|jd�|jt|jd�|jt|j�|jt|jd�|jt|jdd�dS(s�
L{Connection.shutdown} raises L{TypeError} if called with the wrong
number of arguments or with arguments other than integers.
iiN( R/R-R
R�R�R�tshutdownt
get_shutdownt
set_shutdown(R�R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_shutdown_wrong_args�s
cCs�|j�\}}|j|j��|j|j�t�|jt|jd�|j|j�t �|j�|j|j�tt B�|jt|jd�|j|j�tt B�dS(sS
L{Connection.shutdown} performs an SSL-level connection shutdown.
iN(
R�t
assertFalseRBR�RCRR�R+R�R
(R�RfRe((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_shutdown�s
cCs?ttt�t��}|jt�|j|j�t�dS(sk
L{Connection.set_shutdown} sets the state of the SSL connection
shutdown
process.
N(R/R-R
RRDR
R�RC(R�R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_shutdown�s
cCs[ttt�d�}|jt|jd�|jt|j�|jt|jdd�dS(s�
L{Connection.set_app_data} raises L{TypeError} if called with other
than
one argument. L{Connection.get_app_data} raises L{TypeError} if
called
with any arguments.
N(R/R-R
R�R�R�R�R�(R�RR((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_app_data_wrong_args�scCsEttt�d�}t�}|j|�|j|j�|�dS(s�
Any object can be set as app data by passing it to
L{Connection.set_app_data} and later retrieved with
L{Connection.get_app_data}.
N(R/R-R
R�R�R�R�R�(R�RRR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��s
cCs,ttt�d�}|jt|j�dS(sz
L{Connection.makefile} is not implemented and calling that method
raises
L{NotImplementedError}.
N(R/R-R
R�R�tNotImplementedErrortmakefile(R�RR((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_makefile�scCstttt�d�}|jt|jd�|jt|jd�|jt|jt��|jt|jg�dS(sm
L{Connection.get_peer_cert_chain} raises L{TypeError} if called
with any
arguments.
iRN(R/R-R
R�R�R�tget_peer_cert_chainR�(R�RR((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt#test_get_peer_cert_chain_wrong_args�s
c
CsEt�}|\\}}\}}\}}tt�}|j|�|j|�|j|�|j|�t|d�} | j�tt�}
|
j t
t
�t|
d�}
|
j
�|j
|
| �|
j�}|jt|�d�|jd|dj�j�|jd|dj�j�|jd|dj�j�dS( s�
L{Connection.get_peer_cert_chain} returns a list of certificates
which
the connected server returned for the certification verification.
isServer CertificateisIntermediate CertificateisAuthority
CertificateiN(R�R-R
R�R�R�R/R�R�R�R'RWR�R�RMR�R�RqR�(
R�RR{R|R}R~RR�R�RfR�Re((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_get_peer_cert_chains, !
cCs�tt�}|jttt��|jttt��t |d�}|j
�t tt�d�}|j
�|j
||�|jd|j��dS(ss
L{Connection.get_peer_cert_chain} returns C{None} if the peer sends
no
certificate chain.
N(R-R
R�RR
R9R�RR8R/R�R�R�R�R�RM(R�R�RfRe((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_get_peer_cert_chain_none's
(
R�R�R�R�R*R+R-R/R1R2R4R5R6R8R9RR=R>RARERGRHRIR�RLRNRORP(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR(�s6
"t
ConnectionGetCipherListTestscBs
eZdZd�Zd�ZRS(s2
Tests for L{Connection.get_cipher_list}.
cCs/ttt�d�}|jt|jd�dS(si
L{Connection.get_cipher_list} raises L{TypeError} if called with
any
arguments.
N(R/R-R
R�R�R�R(R�R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR
<scCsbttt�d�}|j�}|jt|t��x$|D]
}|jt|t��q>WdS(s�
L{Connection.get_cipher_list} returns a C{list} of C{str} giving
the
names of the ciphers which might be used.
N( R/R-R
R�RR�R�tlisttstr(R�R
tcipherstcipher((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_resultEs
(R�R�R�R
RV(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRQ8s tConnectionSendTestscBsEeZdZd�Zd�ZyeWnek
r9n
Xd�ZRS(s&
Tests for L{Connection.send}
cCs^ttt�d�}|jt|j�|jt|jt��|jt|jdd�dS(sx
When called with arguments other than a single string,
L{Connection.send} raises L{TypeError}.
RtbarN(R/R-R
R�R�R�RcR�(R�R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR
VscCsZ|j�\}}|jtd��}|j|d�|j|jd�td��dS(s�
When passed a short byte string, L{Connection.send} transmits all
of it
and returns the number of bytes sent.
txyiN(R�RcR3R�R�(R�RfRetcount((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_short_bytesascCs`|j�\}}|jttd���}|j|d�|j|jd�td��dS(s�
When passed a memoryview onto a small number of bytes,
L{Connection.send} transmits all of them and returns the number
of
bytes sent.
RYiN(R�Rct
memoryviewR3R�R�(R�RfReRZ((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_short_memoryviewps(R�R�R�R
R[R\t NameErrorR](((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRWRs
tConnectionSendallTestscBsWeZdZd�Zd�ZyeWnek
r9n
Xd�Zd�Zd�Z RS(s*
Tests for L{Connection.sendall}.
cCs^ttt�d�}|jt|j�|jt|jt��|jt|jdd�dS(s{
When called with arguments other than a single string,
L{Connection.sendall} raises L{TypeError}.
RRXN(R/R-R
R�R�R�tsendallR�(R�R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR
�scCsH|j�\}}|jtd��|j|jd�td��dS(sf
L{Connection.sendall} transmits all of the bytes in the string
passed to
it.
RYiN(R�R`R3R�R�(R�RfRe((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_short�scCsN|j�\}}|jttd���|j|jd�td��dS(s�
When passed a memoryview onto a small number of bytes,
L{Connection.sendall} transmits all of them.
RYiN(R�R`R\R3R�R�(R�RfRe((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR]�scCs�|j�\}}td�d
td�}|j|�g}d}xB|t|�kr�|jd�}|j|�|t|�7}qHW|j|td�j|��dS(
s�
L{Connection.sendall} transmits all of the bytes in the string
passed to
it even if this requires multiple calls of an underlying write
function.
RYii
iRZiRXNi�i�(R�R3R`R�R�R�R�R (R�RfRetmessagetaccumtreceivedR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt test_long�s
cCs9|j�\}}|jd�|jt|jd�dS(s�
If the underlying socket is closed, L{Connection.sendall}
propagates the
write error from the low level write call.
is
hello,
worldN(R�t
sock_shutdownR�R)R`(R�RfRe((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_closed�s
(
R�R�R�R
RaR\R^R]ReRg(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR_}s
tConnectionRenegotiateTestscBs)eZdZd�Zd�Zd�ZRS(s+
Tests for SSL renegotiation APIs.
cCs/ttt�d�}|jt|jd�dS(se
L{Connection.renegotiate} raises L{TypeError} if called with any
arguments.
N(R/R-R
R�R�R�t
renegotiate(R�R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_renegotiate_wrong_args�scCs/ttt�d�}|jt|jd�dS(sn
L{Connection.total_renegotiations} raises L{TypeError} if called
with
any arguments.
N(R/R-R
R�R�R�ttotal_renegotiations(R�R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt$test_total_renegotiations_wrong_args�scCs/ttt�d�}|j|j�d�dS(sr
L{Connection.total_renegotiations} returns C{0} before any
renegotiations have happened.
iN(R/R-R
R�R�Rk(R�R
((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_total_renegotiations�s(R�R�R�RjRlRm(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRh�s t
ErrorTestscBseZdZd�ZRS(s.
Unit tests for L{OpenSSL.SSL.Error}.
cCs-|jttt��|jtjd�dS(s0
L{Error} is an exception type.
R(N(R�t
issubclassR(t ExceptionR�R�(R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��s(R�R�R�R�(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRn�stConstantsTestscBsVeZdZedk r$d�Znedk r<d�Znedk rTd�Z nRS(s�
Tests for the values of constants exposed in L{OpenSSL.SSL}.
These are values defined by OpenSSL intended only to be used as flags
to
OpenSSL APIs. The only assertions it seems can be made about them is
their values.
cCs|jtd�dS(s�
The value of L{OpenSSL.SSL.OP_NO_QUERY_MTU} is 0x1000, the
value of
I{SSL_OP_NO_QUERY_MTU} defined by I{openssl/ssl.h}.
iN(R�R;(R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_op_no_query_mtuscCs|jtd�dS(s�
The value of L{OpenSSL.SSL.OP_COOKIE_EXCHANGE} is 0x2000, the
value
of I{SSL_OP_COOKIE_EXCHANGE} defined by I{openssl/ssl.h}.
i
N(R�R<(R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_op_cookie_exchangescCs|jtd�dS(s�
The value of L{OpenSSL.SSL.OP_NO_TICKET} is 0x4000, the value
of
I{SSL_OP_NO_TICKET} defined by I{openssl/ssl.h}.
i@N(R�R=(R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_op_no_ticket&sN(
R�R�R�R;R�RrR<RsR=Rt(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRqs
tMemoryBIOTestscBs�eZdZd�Zd�Zd�Zd�Zd�Zd�Zd�Z d�Z
d �Z
d
�Z
d
�Z
d
�Zd
�Zd�Zd�Zd�Zd�Zd�Zd�ZRS(sA
Tests for L{OpenSSL.SSL.Connection} using a memory BIO.
cCs�tt�}|jttBtB�|jttBt Bt
�|j
�}|j
t
tt��|jttt��|j�|jttt��t||�}|j�|S(sc
Create a new server-side SSL L{Connection} object wrapped around
C{sock}.
(R-R
R�R!R"R#R�R$R%R&RWtget_cert_storeR�RR
R9R�RR8tcheck_privatekeytadd_certR:R/R�(R�tsockt
server_ctxt
server_storeR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_server5s
cCs�tt�}|jttBtB�|jttBt Bt
�|j
�}|j
t
tt��|jttt��|j�|jttt��t||�}|j�|S(sc
Create a new client-side SSL L{Connection} object wrapped around
C{sock}.
(R-R
R�R!R"R#R�R$R%R&RWRvR�RR
R7R�RR6RwRxR:R/R�(R�Ryt
client_ctxt
client_storeR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_clientKs
cCs�|jd�}|jd�}|j|j�d�|j|j�d�|j|j�d�|j|j||�d�|j|j�d�|j|j�d�|j|j�d�|j |j�|j��|j |j�|j��|j
|j�|j��|j
|j�|j��t
d�}|j
|�|j |j||�||f�|j
|ddd��|j |j||�||ddd�f�dS(s
Two L{Connection}s which use memory BIOs can be manually connected
by
reading from the output of each and writing those bytes to the
input of
the other and in this way establish a connection and exchange
application-level bytes with each other.
s
One if by land, two if by sea.Ni����(
R|R�RR�t
master_keyt
client_randomt
server_randomR�tassertNotIdenticalR�tassertNotEqualsR3R�(R�R�R�timportant_message((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_memoryConnect_s.
cCs�|j�\}}td�}|j|�|jd�}|j||�|ddd�}|j|�|jd�}|j||�dS(s�
Just like L{test_memoryConnect} but with an actual socket.
This is primarily to rule out the memory BIO code as the source of
any problems encountered while passing data over a L{Connection}
(if
this test fails, there must be a problem outside the memory BIO
code, as no memory BIO is involved here). Even though this
isn't a
memory BIO test, it's convenient to have it here.
s,Help me Obi Wan Kenobi, you're my only
hope.iNi����(R�R3RcR�R�(R�R�R�R�tmsg((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_socketConnect�s
cCsgtt�}t�}t||�}|jt|jd�|jt|jd�|jt|j�dS(s�
Test that L{OpenSSL.SSL.bio_read} and L{OpenSSL.SSL.bio_write}
don't
work on L{OpenSSL.SSL.Connection}() that use sockets.
idRN( R-R
RR/R�R�R�R�t
bio_shutdown(R�R�ReR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_socketOverridesMemory�s
cCs�|jd�}|jd�}|j||�d}|jd|�}|j||k�|j||�\}}|j||�|jt|�|�dS(s
If more bytes than can be written to the memory BIO are passed to
L{Connection.send} at once, the number of bytes which were written
is
returned and that many bytes from the beginning of the input can be
read from the other end of the connection.
iiRYNi�( R|R�RR�RcR�R�R�R�(R�RfRetsizetsenttreceiverRd((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_outgoingOverflow�scCsH|jd�}|j�|jt|jd�}|j|jt�dS(s{
L{Connection.bio_shutdown} signals the end of the data stream from
which the L{Connection} reads.
iN(R|R�R�R�R(R�R�t __class__(R�Rfte((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRG�s
cCs�|jd�}|jd�}|j|j�g�|j|j�g�|j�}||�}|j|j�g�|j|j�|�|j||�|j|j�|�|j|j�|�dS(s
Verify the return value of the C{get_client_ca_list} method for
server and client connections.
@param func: A function which will be called with the server
context
before the client and server are connected to each other. This
function should specify a list of CAs for the server to send to
the
client and return that same list. The list will be used to
verify
that C{get_client_ca_list} returns the proper value at various
times.
N(R|R�RR�tget_client_ca_listR)R�(R�tfuncRfReR�R<((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_check_client_ca_list�s
cCsXtt�}|jt|jd�|jt|jdg�|j|jg�d�dS(s�
L{Context.set_client_ca_list} raises a L{TypeError} if called with
a
non-list or a list that contains objects other than X509Names.
tspamN(R-R
R�R�tset_client_ca_listR�R�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_set_client_ca_list_errors�s
cCsd�}|j|�dS(s
If passed an empty list, L{Context.set_client_ca_list} configures
the
context to send no CA names to the client and, on both the server
and
client sides, L{Connection.get_client_ca_list} returns an empty
list
after the connection is set up.
cSs|jg�gS(N(R�(R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytno_cas
N(R�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_empty_ca_list�s cs;ttt�}|j���fd�}|j|�dS(sK
If passed a list containing a single X509Name,
L{Context.set_client_ca_list} configures the context to send that
CA
name to the client and, on both the server and client sides,
L{Connection.get_client_ca_list} returns a list containing that
X509Name after the connection is set up.
cs|j�g��gS(N(R�(R�(tcadesc(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt single_casN(RR
R:RqR�(R�R|R�((R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_one_ca_lists
csYttt�}ttt�}|j��|j����fd�}|j|�dS(sW
If passed a list containing multiple X509Name objects,
L{Context.set_client_ca_list} configures the context to send those
CA
names to the client and, on both the server and client sides,
L{Connection.get_client_ca_list} returns a list containing those
X509Names after the connection is set up.
cs
��g}|j|�|S(N(R�(R�tL(tcldesctsedesc(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
multiple_ca&s
N(RR
R8RqR�(R�tsecerttclcertR�((R�R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_multiple_ca_lists
cswttt�}ttt�}ttt�}|j��|j��|j�����fd�}|j|�dS(s�
If called multiple times, only the X509Names passed to the final
call
of L{Context.set_client_ca_list} are used to configure the CA names
sent to the client.
cs*|j��g�|j�g��gS(N(R�(R�(R�R�R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
changed_ca;sN(RR
R:R8RqR�(R�R|R�R�R�((R�R�R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_reset_ca_list-s
csYttt�}ttt�}|j��|j����fd�}|j|�dS(s�
If the list passed to L{Context.set_client_ca_list} is mutated
afterwards, this does not affect the list of CA names sent to the
client.
cs-�g}|j�g�|j���gS(N(R�R�(R�R�(R�R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
mutated_caNs
N(RR
R:R8RqR�(R�R|R�R�((R�R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_mutated_ca_listBs
cCsatt�}ttt�}|jt|j�|jt|jd�|jt|j||�dS(s�
L{Context.add_client_ca} raises L{TypeError} if called with a
non-X509
object or with a number of arguments other than one.
R�N(R-R
RR
R:R�R�t
add_client_ca(R�R�R|((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_add_client_ca_errorsVs
cs>ttt���j����fd�}|j|�dS(s~
A certificate's subject can be added as a CA to be sent to the
client
with L{Context.add_client_ca}.
cs|j���gS(N(R�(R�(R|R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR�is
N(RR
R:RqR�(R�R�((R|R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_one_add_client_cabs
cs_ttt��ttt���j���j������fd�}|j|�dS(s�
Multiple CA names can be sent to the client by calling
L{Context.add_client_ca} with multiple X509 objects.
cs$|j��|j����gS(N(R�(R�(R|R�R�R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR�zs
N(RR
R:R8RqR�(R�R�((R|R�R�R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_multiple_add_client_caos
cszttt�}ttt�}ttt��|j��|j���j������fd�}|j|�dS(s�
A call to L{Context.set_client_ca_list} followed by a call to
L{Context.add_client_ca} results in using the CA names from the
first
call and the CA name from the second call.
cs-|j��g�|j�����gS(N(R�R�(R�(R�R�R�R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytmixed_set_add_ca�s
N(RR
R:R8RqR�(R�R|R�R�((R�R�R�R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_and_add_client_ca�s
csnttt�}ttt��ttt��|j���j������fd�}|j|�dS(s�
A call to L{Context.set_client_ca_list} after a call to
L{Context.add_client_ca} replaces the CA name specified by the
former
call with the names specified by the latter cal.
cs4|j��|j�g�|j����gS(N(R�R�(R�(R�R�R�R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytset_replaces_add_ca�s
N(RR
R:R8RqR�(R�R|R�((R�R�R�R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_set_after_add_client_ca�s
(R�R�R�R|RR�R�R�R�RGR�R�R�R�R�R�R�R�R�R�R�R�(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRu1s( ,
tInfoConstantTestscBseZdZd�ZRS(sI
Tests for assorted constants exposed for use in info callbacks.
cCsgx`tttttttttt t
t
t
t
ttttttgD]
}|jt|t��qCWdS(s
All of the info constants are integers.
This is a very weak test. It would be nice to have one that
actually
verifies that as certain info events happen, the value passed to
the
info callback matches up with the constant exposed by OpenSSL.SSL.
N(R>R?R@RARBRCRDRERFRGRHRIRJRKRLRMRNRORPRQR�R�R�(R�tconst((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_integers�s
(R�R�R�R�(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��st__main__N(sR�tgcRR�RRRtsysRRRRtosRtos.pathR tunittestR
tweakrefR
tOpenSSL.cryptoR
R
RRRRRRRt
OpenSSL.SSLRRRRRRRR
R
R
R R
R!R"R#R$R%R&R'R(R)R*R+R,R-R.R/R0tOpenSSL.test.utilR1R2R3tOpenSSL.test.test_cryptoR4R5R6R7R8R9R:R;t
ImportErrorR�R<R=R>R?R@RARBRCRDRERFRGRHRIRJRKRLRMRNRORPRQRRWRgRkR�R�R�R�RR(RQRWR_RhRnRqRuR�R�(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt<module>sx
"
"("
(
�
6G
��ad�g+G5
+�{