Pc@`s%dZddlmZmZddlmZddlmZddlm Z m Z m Z m Z ddl mZddlmZddlmZdd lmZdd lZdd lZy@dd lmamZdd lmadd lmZmZWn!ek rdZenXyddlm Z!Wnek rGd Z!nXdej#fdYZ$dej#fdYZ%de j&fdYZ'de j&fdYZ(de j&fdYZ)dZ*dZ+dd1dYZ,td k rdtj-fdYZ.nd eej/fd!YZ0d"ej/fd#YZ1d$e1fd%YZ2d&ej/fd'YZ3d(ej/e,fd)YZ4d*d2d+YZ5d,ej/fd-YZ6d.ej/fd/YZ7e j8e d d kr!x/e0e1e2e3e4e6e7gD]Z9d0e9_:q Wnd S(3s Tests for twisted SSL support. i(tdivisiontabsolute_import(tFilePath(tunittest(tprotocoltreactort interfacestdefer(tConnectionDone(tbasic(tplatform(tProperlyCloseFilesMixinN(tSSLtcrypto(tssl(tClientTLSContexttcertPathcC`sdaadS(N(tNoneR R(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyt_noSSLs(ttlstUnintelligentProtocolcB`sMeZdZdddgZddgZdZdZdZd ZRS( s @ivar deferred: a deferred that will fire at connection lost. @type deferred: L{defer.Deferred} @cvar pretext: text sent before TLS is set up. @type pretext: C{bytes} @cvar posttext: text sent after TLS is set up. @type posttext: C{bytes} s first lineslast thing before tls startstSTARTTLSsfirst thing after tls startedslast thing evercC`stj|_dS(N(RtDeferredtdeferred(tself((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyt__init__:scC`s%x|jD]}|j|q WdS(N(tpretexttsendLine(Rtl((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pytconnectionMade>scC`s]|dkrY|jjt|jjx|jD]}|j|q2W|jjndS(NtREADY(t transporttstartTLSRtfactorytclienttposttextRtloseConnection(RtlineR((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyt lineReceivedCs  cC`s|jjddS(N(RtcallbackR(Rtreason((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pytconnectionLostKs( t__name__t __module__t__doc__RR#RRR&R)(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyR&s      t LineCollectorcB`s>eZdZedZdZdZdZdZRS(sJ @ivar deferred: a deferred that will fire at connection lost. @type deferred: L{defer.Deferred} @ivar doTLS: whether the protocol is initiate TLS or not. @type doTLS: C{bool} @ivar fillBuffer: if set to True, it will send lots of data once C{STARTTLS} is received. @type fillBuffer: C{bool} cC`s%||_||_tj|_dS(N(tdoTLSt fillBufferRRR(RR.R/((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyR]s  cC`sd|j_g|j_dS(Nt(R!trawdatatlines(R((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRcs cC`s|jjj||dkr|jrSx(tdD]}|jddq5Wn|jd|jrtdtdt}|j j ||jj q|j ndS(NRitXiRtprivateKeyFileNametcertificateFileName( R!R2tappendR/trangeRR.tServerTLSContextRRR tservert setRawMode(RR%txtctx((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyR&hs     cC`s#|jj|7_|jjdS(N(R!R1RR$(Rtdata((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pytrawDataReceivedyscC`s|jjddS(N(RR'R(RR(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyR)~s( R*R+R,tFalseRRR&R>R)(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyR-Ps      tSingleLineServerProtocolcB`seZdZdZRS(sK A protocol that sends a single line of data at C{connectionMade}. cC`s!|jjd|jjdS(Ns+OK (RtwritetgetPeerCertificate(R((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRs(R*R+R,R(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyR@stRecordingClientProtocolcB`s)eZdZdZdZdZRS(sv @ivar deferred: a deferred that will fire with first received content. @type deferred: L{defer.Deferred} cC`stj|_dS(N(RRR(R((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRscC`s|jjdS(N(RRB(R((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRscC`s|jj|dS(N(RR'(RR=((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyt dataReceiveds(R*R+R,RRRD(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRCs  t ImmediatelyDisconnectingProtocolcB`s eZdZdZdZRS(s A protocol that disconnect immediately on connection. It fires the C{connectionDisconnected} deferred of its factory on connetion lost. cC`s|jjdS(N(RR$(R((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRscC`s|jjjddS(N(R!tconnectionDisconnectedR'R(RR(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyR)s(R*R+R,RR)(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyREs cC`stj}|jtjdtj}|j}||_||_|j||j |dtj }|j d|j d|j d|j|j|j|j|j|j|j |d|||fS(s Create a certificate for given C{organization} and C{organizationalUnit}. @return: a tuple of (key, request, certificate) objects. itmd5iii<(R tPKeyt generate_keytTYPE_RSAtX509Reqt get_subjecttOtOUt set_pubkeytsigntX509tset_serial_numbertgmtime_adj_notBeforetgmtime_adj_notAftert set_issuert set_subjectt get_pubkey(t organizationtorganizationalUnittpkeytreqtsubjecttcert((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pytgenerateCertificateObjectss"          c C`st||\}}}xd|tjfd|tjfd|tjfgD]O\}}}tjj||fjd} t | j |tj |qLWdS(s Create certificate files key, req and cert prefixed by C{basename} for given C{organization} and C{organizationalUnit}. tkeyR[R]sutf-8N( R^R tdump_privatekeytdump_certificate_requesttdump_certificatetostextseptjointencodeRt setContentt FILETYPE_PEM( tbasenameRXRYRZR[R]texttobjtdumpFunctfName((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pytgenerateCertificateFiless"!tContextGeneratingMixincB`s eZdZdZdZRS(s` Offer methods to create L{ssl.DefaultOpenSSLContextFactory} for both client and server. @ivar clientBase: prefix of client certificate files. @type clientBase: C{str} @ivar serverBase: prefix of server certificate files. @type serverBase: C{str} @ivar clientCtxFactory: a generated context factory to be used in C{reactor.connectSSL}. @type clientCtxFactory: L{ssl.DefaultOpenSSLContextFactory} @ivar serverCtxFactory: a generated context factory to be used in C{reactor.listenSSL}. @type serverCtxFactory: L{ssl.DefaultOpenSSLContextFactory} cO`sb|j}t|||tjtjj|dftjj|df||}||fS(NR_R](tmktempRnRtDefaultOpenSSLContextFactoryRcRdRe(RtorgtorgUnittargstkwArgstbasetserverCtxFactory((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pytmakeContextFactorys  cC`s@|j||\|_|_|j||\|_|_dS(N(Rxt clientBasetclientCtxFactoryt serverBaseRw(Rt clientArgst clientKwArgst serverArgst serverKwArgs((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pytsetupServerAndClients(R*R+R,RxR(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRos R8cB`seZdZeZdZRS(sU A context factory with a default method set to L{SSL.TLSv1_METHOD}. cO`s'tj|dwsc`sS(N(((R(s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRsiRs 127.0.0.1(RRt ClientFactoryt clientFactoryR?R9tTrueR"Rt ServerFactoryt serverFactoryRt listenTCPt addCleanupt stopListeningt connectTCPtgetHosttportRt gatherResultsR(RRRtclientIsServertcftsfR((RRs9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyt_runTestgs       c`s=fd}jtttj}|j|S(s~ Test for server and client startTLS: client should received data both before and after the startTLS. c`s$jjjtjtjdS(N(t assertEqualRR2RRR#(tignore(R(s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pytchecks (RRR-RR/t addCallback(RRtd((Rs9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyttest_TLSs c`s=fd}jtttj}|j|S(s Test for server startTLS not followed by a startTLS in client: the data received after server startTLS should be received as raw. c`s3jjjtjjjjddS(NsNo encrypted bytes received(RRR2RRt failUnlessR1(tignored(R(s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRs   (RRR-R?R/R(RRR((Rs9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyt test_unTLSs c`s@fd}jttjtt}|j|S(s: Test startTLS first initiated by client. c`s$jjjtjtjdS(N(RRR2RRR#(R(R(s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRs (RR-RR/RR(RRR((Rs9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyttest_backwardsTLSsN( R*R+R,R?R/RRRRRRRR(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRSs  &  tSpammyTLSTestCasecB`seZdZeZRS(sA Test TLS features with bytes sitting in the out buffer. (R*R+R,RR/(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRstBufferingTestCasecB`s&eZdZdZdZdZRS(cC`sN|jjdk r%|jjjn|jjdk rJ|jjjndS(N(RRRR$R(R((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRsc`st|_t|_tj}tj}|_fd|_fd|_tj t t }tj }t j d||dd}|j|jt jd|jj||jj|jdS(Nc`sS(N(((R(s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRsc`sS(N(((R(s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRsiRs 127.0.0.1s+OK (R@RRCRRRRR"RRqRtClientContextFactoryRRRRRRRRRR(RR9R"tsCTXtcCTXR((RRs9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyttest_openSSLBufferings   N(R*R+RRRRR(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRs tConnectionLostTestCasecB`sJeZdZdZdZedkr6de_ndZdZ RS(s' SSL connection closing tests. c`sd}j||dfi||dfitj}tj|_tjd|j_}tj}t |_t j |_ tj d|jj|j}|j jfdS(Nstwisted.test.test_ssls, clients, serveris 127.0.0.1c`s jjS(N(t serverPortR(t ignoredResult(R(s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRs(RRRtProtocolRRRwRRRERRRFRRRRzR(RRrtserverProtocolFactoryRtclientProtocolFactorytclientConnector((Rs9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyttestImmediateDisconnects       c`sdtjfdY}d}|j||dfi||dfi|tj}fd|_tjd||j}|j|j|tj }fd|_tj d |j j ||j }d }tjjj|jj|gS( s Both sides of SSL connection close connection; the connections should close cleanly, and only after the underlying TCP connection has disconnected. tCloseAfterHandshakecB`s2eZeZdZdZdZdZRS(cS`stj|_dS(N(RRtdone(R((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyR scS`s|jjddS(Nta(RRA(R((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRscS`st|_|jjdS(N(RtgotDataRR$(RR=((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRDs cS`s2|jstd}n|jj||`dS(NsWe never received the data!(Rt RuntimeErrorRterrback(RR(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyR)s (R*R+R?RRRRDR)(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyR s    stwisted.test.test_ssls, clients, serverc`sS(N(((tserverProtocol(s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyR$sic`sS(N(((tclientProtocol(s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyR+ss 127.0.0.1cS`s|jtdS(N(ttrapR(tfailure((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyt checkResult/s(RRRRRRRwRRRRRRRzRRRt addErrback(RRRrRRRRR((RRs9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyttest_bothSidesLoseConnections(       s*Old SSL code doesn't always close cleanly.c `sGd}|j||dfi||dfid}|jjjtj|tj}tj |j _ tj }fd|_t jd||j|_}tj}tj |j _ tj}fd|_t jd|jj||j}tj||gd t} | j|jS( Nstwisted.test.test_ssls, clients, servercW`stS(N(R?(R((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pytverify?sc`sS(N(((R(s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRGsic`sS(N(((R(s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyROss 127.0.0.1t consumeErrors(RRzt getContextt set_verifyR t VERIFY_PEERRRRRR'R)RRRRwRRRRRt DeferredListRRt _cbLostConns( RRrRtserverConnLostRRtclientConnLostRRtdl((RRs9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyttestFailedVerify9s,           cC`s|\\}}\}}|j||j|tjg}tjrjddlm}|j|n|j||j||j j S(Ni(tConnectionLost( tfailIfR RR t isWindowsttwisted.internet.errorRR6RRR(RtresultstsSuccesstsResulttcSuccesstcResulttacceptableErrorsR((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRWs     N( R*R+R,RRtnewTLSRtskipRR(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRs  2   t FakeContextcB`s2eZdZdZdZdZdZRS(sK L{OpenSSL.SSL.Context} double which can more easily be inspected. cC`s||_d|_dS(Ni(t_methodt_options(Rtmethod((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRvs cC`s|j|O_dS(N(R(RR((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyt set_options{scC`sdS(N((RtfileName((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pytuse_certificate_filescC`sdS(N((RR((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pytuse_privatekey_files(R*R+R,RRRR(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRrs    t!DefaultOpenSSLContextFactoryTestscB`s2eZdZdZdZdZdZRS(s8 Tests for L{ssl.DefaultOpenSSLContextFactory}. cC`s1tjttdt|_|jj|_dS(Nt_contextFactory(RRqRRRRtcontext(R((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pytsetUpscC`sk|j|jjtj|j|jjtj@|j|jjtj @|j|jjtj @dS(s L{ssl.DefaultOpenSSLContextFactory.getContext} returns an SSL context which can use SSLv3 or TLSv1 but not SSLv2. N( RRRR t SSLv23_METHODt assertTrueRt OP_NO_SSLv2t assertFalset OP_NO_SSLv3t OP_NO_TLSv1(R((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyt test_methodscC`s&|jtjtjt|jdS(s Instantiating L{ssl.DefaultOpenSSLContextFactory} with a certificate filename which does not identify an existing file results in the initializer raising L{OpenSSL.SSL.Error}. N(t assertRaisesR RRRqRRp(R((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyttest_missingCertificateFilescC`s&|jtjtj|jtdS(s Instantiating L{ssl.DefaultOpenSSLContextFactory} with a private key filename which does not identify an existing file results in the initializer raising L{OpenSSL.SSL.Error}. N(RR RRRqRpR(R((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyttest_missingPrivateKeyFiles(R*R+R,RRRR(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRs    tClientContextFactoryTestscB`s eZdZdZdZRS(s0 Tests for L{ssl.ClientContextFactory}. cC`s1tj|_t|j_|jj|_dS(N(RRRRRRR(R((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRs cC`sk|j|jjtj|j|jjtj@|j|jjtj @|j|jjtj @dS(s~ L{ssl.ClientContextFactory.getContext} returns a context which can use SSLv3 or TLSv1 but not SSLv2. N( RRRR RRRRRRR(R((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRs(R*R+R,RR(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pyRs s2Reactor does not support SSL, cannot run SSL tests(((;R,t __future__RRttwisted.python.filepathRt twisted.trialRttwisted.internetRRRRRRttwisted.protocolsR ttwisted.python.runtimeR ttwisted.test.test_tcpR RcRtOpenSSLR R Rttwisted.test.ssl_helpersRRRRRRRt LineReceiverRR-RR@RCRER^RnRoRqR8tTestCaseRRRRRRRRt IReactorSSLttCaseR(((s9/usr/lib/python2.7/dist-packages/twisted/test/test_ssl.pytsX"     *3   (  Ai#3