def testConnect(self):
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
cert_reqs=ssl.CERT_NONE)
s.connect(("svn.python.org", 443))
c = s.getpeercert()
if c:
raise support.TestFailed("Peer cert %s shouldn't be here!")
s.close()
# this should fail because we have no verification certs
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
cert_reqs=ssl.CERT_REQUIRED)
try:
s.connect(("svn.python.org", 443))
except ssl.SSLError:
pass
finally:
s.close()
# this should succeed because we specify the root cert
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
cert_reqs=ssl.CERT_REQUIRED,
ca_certs=SVN_PYTHON_ORG_ROOT_CERT)
try:
s.connect(("svn.python.org", 443))
except ssl.SSLError as x:
raise support.TestFailed("Unexpected exception %s" % x)
finally:
s.close()
def serverParamsTest (certfile, protocol, certreqs, cacertsfile,
client_certfile, client_protocol=None,
indata="FOO\n",
chatty=False, connectionchatty=False):
server = ThreadedEchoServer(certfile,
certreqs=certreqs,
ssl_version=protocol,
cacerts=cacertsfile,
chatty=chatty,
connectionchatty=False)
flag = threading.Event()
server.start(flag)
# wait for it to start
flag.wait()
# try to connect
if client_protocol is None:
client_protocol = protocol
try:
s = ssl.wrap_socket(socket.socket(),
server_side=False,
certfile=client_certfile,
ca_certs=cacertsfile,
cert_reqs=certreqs,
ssl_version=client_protocol)
s.connect((HOST, server.port))
except ssl.SSLError as x:
raise support.TestFailed("Unexpected SSL error: " + str(x))
except Exception as x:
raise support.TestFailed("Unexpected exception: " + str(x))
else:
if connectionchatty:
if support.verbose:
sys.stdout.write(
" client: sending %s...\n" % (repr(indata)))
s.write(indata.encode('ASCII', 'strict'))
outdata = s.read()
if connectionchatty:
if support.verbose:
sys.stdout.write(" client: read %s\n" % repr(outdata))
outdata = str(outdata, 'ASCII', 'strict')
if outdata != indata.lower():
raise support.TestFailed(
"bad data <<%s>> (%d) received; expected <<%s>> (%d)\n"
% (repr(outdata[:min(len(outdata),20)]), len(outdata),
repr(indata[:min(len(indata),20)].lower()), len(indata)))
s.write("over\n".encode("ASCII", "strict"))
if connectionchatty:
if support.verbose:
sys.stdout.write(" client: closing connection.\n")
s.close()
finally:
server.stop()
server.join()
def _apply_failure(self,
fn,
filename,
expected_exception,
check_fn_in_exception=True):
try:
fn(filename)
raise support.TestFailed("Expected to fail calling '%s(%r)'" %
(fn.__name__, filename))
except expected_exception as details:
if check_fn_in_exception and details.filename != filename:
raise support.TestFailed(
"Function '%s(%r) failed with "
"bad filename in the exception: %r" %
(fn.__name__, filename, details.filename))
def badCertTest (certfile):
server = ThreadedEchoServer(CERTFILE,
certreqs=ssl.CERT_REQUIRED,
cacerts=CERTFILE, chatty=False,
connectionchatty=False)
flag = threading.Event()
server.start(flag)
# wait for it to start
flag.wait()
# try to connect
try:
try:
s = ssl.wrap_socket(socket.socket(),
certfile=certfile,
ssl_version=ssl.PROTOCOL_TLSv1)
s.connect((HOST, server.port))
except ssl.SSLError as x:
if support.verbose:
sys.stdout.write("\nSSLError is %s\n" % x)
except socket.error as x:
if support.verbose:
sys.stdout.write("\nsocket.error is %s\n" % x)
else:
raise support.TestFailed(
"Use of invalid cert should have failed!")
finally:
server.stop()
server.join()
def tryProtocolCombo (server_protocol,
client_protocol,
expectedToWork,
certsreqs=None):
if certsreqs is None:
certsreqs = ssl.CERT_NONE
if certsreqs == ssl.CERT_NONE:
certtype = "CERT_NONE"
elif certsreqs == ssl.CERT_OPTIONAL:
certtype = "CERT_OPTIONAL"
elif certsreqs == ssl.CERT_REQUIRED:
certtype = "CERT_REQUIRED"
if support.verbose:
formatstr = (expectedToWork and " %s->%s %s\n") or " {%s->%s} %s\n"
sys.stdout.write(formatstr %
(ssl.get_protocol_name(client_protocol),
ssl.get_protocol_name(server_protocol),
certtype))
try:
serverParamsTest(CERTFILE, server_protocol, certsreqs,
CERTFILE, CERTFILE, client_protocol,
chatty=False, connectionchatty=False)
except support.TestFailed:
if expectedToWork:
raise
else:
if not expectedToWork:
raise support.TestFailed(
"Client protocol %s succeeded with server protocol %s!"
% (ssl.get_protocol_name(client_protocol),
ssl.get_protocol_name(server_protocol)))
def test_main():
from test import test_doctest2
EXPECTED = 19
f, t = support.run_doctest(test_doctest2)
if t != EXPECTED:
raise support.TestFailed("expected %d tests to run, not %d" %
(EXPECTED, t))
def test_main(verbose=False):
if skip_expected:
raise unittest.SkipTest("No SSL support")
global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT
CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
"keycert.pem")
SVN_PYTHON_ORG_ROOT_CERT = os.path.join(
os.path.dirname(__file__) or os.curdir,
"https_svn_python_org_root.pem")
if (not os.path.exists(CERTFILE) or
not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT)):
raise support.TestFailed("Can't read certificate files!")
tests = [BasicTests]
if support.is_resource_enabled('network'):
tests.append(NetworkedTests)
if _have_threads:
thread_info = support.threading_setup()
if thread_info and support.is_resource_enabled('network'):
tests.append(ThreadedTests)
support.run_unittest(*tests)
if _have_threads:
support.threading_cleanup(*thread_info)
def testDERtoPEM(self):
pem = open(SVN_PYTHON_ORG_ROOT_CERT, 'r').read()
d1 = ssl.PEM_cert_to_DER_cert(pem)
p2 = ssl.DER_cert_to_PEM_cert(d1)
d2 = ssl.PEM_cert_to_DER_cert(p2)
if (d1 != d2):
raise support.TestFailed("PEM-to-DER or DER-to-PEM translation failed")
def raises(exc, expected, callable, *args):
"""Ensure the expected exception is raised"""
try:
callable(*args)
except exc as msg:
if expected is not None:
if isinstance(expected, str):
if str(msg) != expected:
raise support.TestFailed("Message %r, expected %r" %
(str(msg), expected))
elif isinstance(expected, int):
if msg.errno != expected:
raise support.TestFailed("errno %r, expected %r" %
(msg, expected))
else:
raise support.TestFailed("Expected %s" % exc)
def test_main():
# # used by regrtest
# support.run_unittest(unittest.test.suite())
# support.reap_children()
res = unittest.main(module=None, verbosity=support.verbose, start='/lib/unittest/test', separate=True) ###
errors = len(res.result.errors) ###
failures = len(res.result.failures) ###
if errors or failures: ###
raise support.TestFailed('Errors {}, Failures {}'.format(errors, failures)) ###
def test_main():
if cosmo.MODE == 'tiny':
return
from test import test_doctest2
EXPECTED = 19
f, t = support.run_doctest(test_doctest2)
if t != EXPECTED:
raise support.TestFailed("expected %d tests to run, not %d" %
(EXPECTED, t))
def testSocketServer(self):
server = OurHTTPSServer(CERTFILE)
flag = threading.Event()
server.start(flag)
# wait for it to start
flag.wait()
# try to connect
try:
if support.verbose:
sys.stdout.write('\n')
d1 = open(CERTFILE, 'rb').read()
d2 = ''
# now fetch the same data from the HTTPS server
url = 'https://%s:%d/%s' % (
HOST, server.port, os.path.split(CERTFILE)[1])
f = urllib.request.urlopen(url)
dlen = f.info().get("content-length")
if dlen and (int(dlen) > 0):
d2 = f.read(int(dlen))
if support.verbose:
sys.stdout.write(
" client: read %d bytes from remote server '%s'\n"
% (len(d2), server))
f.close()
except:
msg = ''.join(traceback.format_exception(*sys.exc_info()))
if support.verbose:
sys.stdout.write('\n' + msg)
raise support.TestFailed(msg)
else:
if not (d1 == d2):
print("d1 is", len(d1), repr(d1))
print("d2 is", len(d2), repr(d2))
raise support.TestFailed(
"Couldn't fetch data from HTTPS server")
finally:
if support.verbose:
sys.stdout.write('stopping server\n')
server.stop()
if support.verbose:
sys.stdout.write('joining thread\n')
server.join()
def expect(got_this, expect_this):
if support.verbose:
print('%r =?= %r ...' % (got_this, expect_this), end=' ')
if got_this != expect_this:
if support.verbose:
print('no')
raise support.TestFailed('got %r, but expected %r' %\
(got_this, expect_this))
else:
if support.verbose:
print('yes')
def load_tests(*args):
tests = [TestImaplib]
if support.is_resource_enabled('network'):
if ssl:
global CERTFILE, CAFILE
CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
"keycert3.pem")
if not os.path.exists(CERTFILE):
raise support.TestFailed("Can't read certificate files!")
CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
"pycacert.pem")
if not os.path.exists(CAFILE):
raise support.TestFailed("Can't read CA file!")
tests.extend([
ThreadedNetworkedTests, ThreadedNetworkedTestsSSL,
RemoteIMAPTest, RemoteIMAP_SSLTest, RemoteIMAP_STARTTLSTest,
])
return unittest.TestSuite([unittest.makeSuite(test) for test in tests])
def connector():
listener_ready.wait()
s = socket.socket()
s.connect((HOST, port))
listener_gone.wait()
try:
ssl_sock = ssl.wrap_socket(s)
except IOError:
pass
else:
raise support.TestFailed(
'connecting to closed SSL socket should have failed')
def testAsyncoreServer(self):
if support.verbose:
sys.stdout.write("\n")
indata="FOO\n"
server = AsyncoreEchoServer(CERTFILE)
flag = threading.Event()
server.start(flag)
# wait for it to start
flag.wait()
# try to connect
try:
s = ssl.wrap_socket(socket.socket())
s.connect((HOST, server.port))
except ssl.SSLError as x:
raise support.TestFailed("Unexpected SSL error: " + str(x))
except Exception as x:
raise support.TestFailed("Unexpected exception: " + str(x))
else:
if support.verbose:
sys.stdout.write(
" client: sending %s...\n" % (repr(indata)))
s.sendall(indata.encode('ASCII', 'strict'))
outdata = s.recv()
if support.verbose:
sys.stdout.write(" client: read %s\n" % repr(outdata))
outdata = str(outdata, 'ASCII', 'strict')
if outdata != indata.lower():
raise support.TestFailed(
"bad data <<%s>> (%d) received; expected <<%s>> (%d)\n"
% (repr(outdata[:min(len(outdata),20)]), len(outdata),
repr(indata[:min(len(indata),20)].lower()), len(indata)))
s.write("over\n".encode("ASCII", "strict"))
if support.verbose:
sys.stdout.write(" client: closing connection.\n")
s.close()
finally:
server.stop()
server.join()
def testFetchServerCert(self):
pem = ssl.get_server_certificate(("svn.python.org", 443))
if not pem:
raise support.TestFailed("No server certificate on svn.python.org:443!")
return
try:
pem = ssl.get_server_certificate(("svn.python.org", 443), ca_certs=CERTFILE)
except ssl.SSLError as x:
#should fail
if support.verbose:
sys.stdout.write("%s\n" % x)
else:
raise support.TestFailed("Got server certificate %s for svn.python.org!" % pem)
pem = ssl.get_server_certificate(("svn.python.org", 443), ca_certs=SVN_PYTHON_ORG_ROOT_CERT)
if not pem:
raise support.TestFailed("No server certificate on svn.python.org:443!")
if support.verbose:
sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem)
def capture_events(callable, p=None):
try:
sys.setprofile()
except TypeError:
pass
else:
raise support.TestFailed('sys.setprofile() did not raise TypeError')
if p is None:
p = HookWatcher()
sys.setprofile(p.callback)
protect(callable, p)
sys.setprofile(None)
return p.get_events()[1:-1]
def raises(exc, expected, callable, *args):
"""Ensure the specified call raises exc.
expected is compared against the exception message if not None. It
can be a str, an errno or a 2 item tuple of errno/filename. The
latter two being for comparison against EnvironmentErrors.
"""
if expected:
if isinstance(expected, str):
msg = expected
else:
errno = expected[0] if isinstance(expected, tuple) else expected
msg = '[Errno %d] %s' % (errno, os.strerror(errno))
if isinstance(expected, tuple):
msg += ': %r' % expected[1]
try:
callable(*args)
except exc as val:
if expected and str(val) != msg:
raise support.TestFailed("Message %r, expected %r" %
(str(val), msg))
else:
raise support.TestFailed("Expected %s" % exc)
def TestThreadState():
if support.verbose:
print("auto-thread-state")
idents = []
def callback():
idents.append(threading.get_ident())
_testcapi._test_thread_state(callback)
a = b = callback
time.sleep(1)
# Check our main thread is in the list exactly 3 times.
if idents.count(threading.get_ident()) != 3:
raise support.TestFailed(
"Couldn't find main thread correctly in the list")
def test_main():
tests = [TestImaplib]
if support.is_resource_enabled('network'):
if ssl:
global CERTFILE
CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
"keycert.pem")
if not os.path.exists(CERTFILE):
raise support.TestFailed("Can't read certificate files!")
tests.extend([
ThreadedNetworkedTests, ThreadedNetworkedTestsSSL,
RemoteIMAPTest, RemoteIMAP_SSLTest, RemoteIMAP_STARTTLSTest,
])
support.run_unittest(*tests)
def testReadCert(self):
if support.verbose:
sys.stdout.write("\n")
s2 = socket.socket()
server = ThreadedEchoServer(CERTFILE,
certreqs=ssl.CERT_NONE,
ssl_version=ssl.PROTOCOL_SSLv23,
cacerts=CERTFILE,
chatty=False)
flag = threading.Event()
server.start(flag)
# wait for it to start
flag.wait()
# try to connect
try:
try:
s = ssl.wrap_socket(socket.socket(),
certfile=CERTFILE,
ca_certs=CERTFILE,
cert_reqs=ssl.CERT_REQUIRED,
ssl_version=ssl.PROTOCOL_SSLv23)
s.connect((HOST, server.port))
except ssl.SSLError as x:
raise support.TestFailed(
"Unexpected SSL error: " + str(x))
except Exception as x:
raise support.TestFailed(
"Unexpected exception: " + str(x))
else:
if not s:
raise support.TestFailed(
"Can't SSL-handshake with test server")
cert = s.getpeercert()
if not cert:
raise support.TestFailed(
"Can't get peer certificate.")
cipher = s.cipher()
if support.verbose:
sys.stdout.write(pprint.pformat(cert) + '\n')
sys.stdout.write("Connection cipher is " + str(cipher) + '.\n')
if 'subject' not in cert:
raise support.TestFailed(
"No subject field in certificate: %s." %
pprint.pformat(cert))
if ((('organizationName', 'Python Software Foundation'),)
not in cert['subject']):
raise support.TestFailed(
"Missing or invalid 'organizationName' field in certificate subject; "
"should be 'Python Software Foundation'.")
s.close()
finally:
server.stop()
server.join()
def testSSLconnect(self):
if not support.is_resource_enabled('network'):
return
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
cert_reqs=ssl.CERT_NONE)
s.connect(("svn.python.org", 443))
c = s.getpeercert()
if c:
raise support.TestFailed("Peer cert %s shouldn't be here!")
s.close()
# this should fail because we have no verification certs
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
cert_reqs=ssl.CERT_REQUIRED)
try:
s.connect(("svn.python.org", 443))
except ssl.SSLError:
pass
finally:
s.close()
def __reduce__(self):
raise support.TestFailed("shouldn't call this")
def __cmp__(self, other):
raise support.TestFailed("Vector.__cmp__() should not be called")
def __cmp__(self, other):
raise support.TestFailed('Number.__cmp__() should not be called')
def testAllRecvAndSendMethods(self):
if support.verbose:
sys.stdout.write("\n")
server = ThreadedEchoServer(CERTFILE,
certreqs=ssl.CERT_NONE,
ssl_version=ssl.PROTOCOL_TLSv1,
cacerts=CERTFILE,
chatty=True,
connectionchatty=False)
flag = threading.Event()
server.start(flag)
# wait for it to start
flag.wait()
# try to connect
try:
s = ssl.wrap_socket(socket.socket(),
server_side=False,
certfile=CERTFILE,
ca_certs=CERTFILE,
cert_reqs=ssl.CERT_NONE,
ssl_version=ssl.PROTOCOL_TLSv1)
s.connect((HOST, server.port))
except ssl.SSLError as x:
raise support.TestFailed("Unexpected SSL error: " + str(x))
except Exception as x:
raise support.TestFailed("Unexpected exception: " + str(x))
else:
# helper methods for standardising recv* method signatures
def _recv_into():
b = bytearray(b"\0"*100)
count = s.recv_into(b)
return b[:count]
def _recvfrom_into():
b = bytearray(b"\0"*100)
count, addr = s.recvfrom_into(b)
return b[:count]
# (name, method, whether to expect success, *args)
send_methods = [
('send', s.send, True, []),
('sendto', s.sendto, False, ["some.address"]),
('sendall', s.sendall, True, []),
]
recv_methods = [
('recv', s.recv, True, []),
('recvfrom', s.recvfrom, False, ["some.address"]),
('recv_into', _recv_into, True, []),
('recvfrom_into', _recvfrom_into, False, []),
]
data_prefix = "PREFIX_"
for meth_name, send_meth, expect_success, args in send_methods:
indata = data_prefix + meth_name
try:
send_meth(indata.encode('ASCII', 'strict'), *args)
outdata = s.read()
outdata = str(outdata, 'ASCII', 'strict')
if outdata != indata.lower():
raise support.TestFailed(
"While sending with <<{name:s}>> bad data "
"<<{outdata:s}>> ({nout:d}) received; "
"expected <<{indata:s}>> ({nin:d})\n".format(
name=meth_name, outdata=repr(outdata[:20]),
nout=len(outdata),
indata=repr(indata[:20]), nin=len(indata)
)
)
except ValueError as e:
if expect_success:
raise support.TestFailed(
"Failed to send with method <<{name:s}>>; "
"expected to succeed.\n".format(name=meth_name)
)
if not str(e).startswith(meth_name):
raise support.TestFailed(
"Method <<{name:s}>> failed with unexpected "
"exception message: {exp:s}\n".format(
name=meth_name, exp=e
)
)
for meth_name, recv_meth, expect_success, args in recv_methods:
indata = data_prefix + meth_name
try:
s.send(indata.encode('ASCII', 'strict'))
outdata = recv_meth(*args)
outdata = str(outdata, 'ASCII', 'strict')
if outdata != indata.lower():
raise support.TestFailed(
"While receiving with <<{name:s}>> bad data "
"<<{outdata:s}>> ({nout:d}) received; "
"expected <<{indata:s}>> ({nin:d})\n".format(
name=meth_name, outdata=repr(outdata[:20]),
nout=len(outdata),
indata=repr(indata[:20]), nin=len(indata)
)
)
except ValueError as e:
if expect_success:
raise support.TestFailed(
"Failed to receive with method <<{name:s}>>; "
"expected to succeed.\n".format(name=meth_name)
)
if not str(e).startswith(meth_name):
raise support.TestFailed(
"Method <<{name:s}>> failed with unexpected "
"exception message: {exp:s}\n".format(
name=meth_name, exp=e
)
)
# consume data
s.read()
s.write("over\n".encode("ASCII", "strict"))
s.close()
finally:
server.stop()
server.join()
def testSTARTTLS (self):
msgs = ("msg 1", "MSG 2", "STARTTLS", "MSG 3", "msg 4", "ENDTLS", "msg 5", "msg 6")
server = ThreadedEchoServer(CERTFILE,
ssl_version=ssl.PROTOCOL_TLSv1,
starttls_server=True,
chatty=True,
connectionchatty=True)
flag = threading.Event()
server.start(flag)
# wait for it to start
flag.wait()
# try to connect
wrapped = False
try:
try:
s = socket.socket()
s.setblocking(1)
s.connect((HOST, server.port))
except Exception as x:
raise support.TestFailed("Unexpected exception: " + str(x))
else:
if support.verbose:
sys.stdout.write("\n")
for indata in msgs:
msg = indata.encode('ASCII', 'replace')
if support.verbose:
sys.stdout.write(
" client: sending %s...\n" % repr(msg))
if wrapped:
conn.write(msg)
outdata = conn.read()
else:
s.send(msg)
outdata = s.recv(1024)
if (indata == "STARTTLS" and
str(outdata, 'ASCII', 'replace').strip().lower().startswith("ok")):
if support.verbose:
msg = str(outdata, 'ASCII', 'replace')
sys.stdout.write(
" client: read %s from server, starting TLS...\n"
% repr(msg))
conn = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1)
wrapped = True
elif (indata == "ENDTLS" and
str(outdata, 'ASCII', 'replace').strip().lower().startswith("ok")):
if support.verbose:
msg = str(outdata, 'ASCII', 'replace')
sys.stdout.write(
" client: read %s from server, ending TLS...\n"
% repr(msg))
s = conn.unwrap()
wrapped = False
else:
if support.verbose:
msg = str(outdata, 'ASCII', 'replace')
sys.stdout.write(
" client: read %s from server\n" % repr(msg))
if support.verbose:
sys.stdout.write(" client: closing connection.\n")
if wrapped:
conn.write("over\n".encode("ASCII", "strict"))
else:
s.send("over\n".encode("ASCII", "strict"))
if wrapped:
conn.close()
else:
s.close()
finally:
server.stop()
server.join()
def test_main():
res = unittest.main(module=None, verbosity=support.verbose, start='/lib/unittest/test', separate=True) ###
errors = len(res.result.errors) ###
failures = len(res.result.failures) ###
if errors or failures: ###
raise support.TestFailed('Errors {}, Failures {}'.format(errors, failures)) ###
