def testConnect(self): s = ssl.wrap_socket(socket.socket(socket.AF_INET), cert_reqs=ssl.CERT_NONE) s.connect(("svn.python.org", 443)) c = s.getpeercert() if c: raise support.TestFailed("Peer cert %s shouldn't be here!") s.close() # this should fail because we have no verification certs s = ssl.wrap_socket(socket.socket(socket.AF_INET), cert_reqs=ssl.CERT_REQUIRED) try: s.connect(("svn.python.org", 443)) except ssl.SSLError: pass finally: s.close() # this should succeed because we specify the root cert s = ssl.wrap_socket(socket.socket(socket.AF_INET), cert_reqs=ssl.CERT_REQUIRED, ca_certs=SVN_PYTHON_ORG_ROOT_CERT) try: s.connect(("svn.python.org", 443)) except ssl.SSLError as x: raise support.TestFailed("Unexpected exception %s" % x) finally: s.close()
def serverParamsTest (certfile, protocol, certreqs, cacertsfile, client_certfile, client_protocol=None, indata="FOO\n", chatty=False, connectionchatty=False): server = ThreadedEchoServer(certfile, certreqs=certreqs, ssl_version=protocol, cacerts=cacertsfile, chatty=chatty, connectionchatty=False) flag = threading.Event() server.start(flag) # wait for it to start flag.wait() # try to connect if client_protocol is None: client_protocol = protocol try: s = ssl.wrap_socket(socket.socket(), server_side=False, certfile=client_certfile, ca_certs=cacertsfile, cert_reqs=certreqs, ssl_version=client_protocol) s.connect((HOST, server.port)) except ssl.SSLError as x: raise support.TestFailed("Unexpected SSL error: " + str(x)) except Exception as x: raise support.TestFailed("Unexpected exception: " + str(x)) else: if connectionchatty: if support.verbose: sys.stdout.write( " client: sending %s...\n" % (repr(indata))) s.write(indata.encode('ASCII', 'strict')) outdata = s.read() if connectionchatty: if support.verbose: sys.stdout.write(" client: read %s\n" % repr(outdata)) outdata = str(outdata, 'ASCII', 'strict') if outdata != indata.lower(): raise support.TestFailed( "bad data <<%s>> (%d) received; expected <<%s>> (%d)\n" % (repr(outdata[:min(len(outdata),20)]), len(outdata), repr(indata[:min(len(indata),20)].lower()), len(indata))) s.write("over\n".encode("ASCII", "strict")) if connectionchatty: if support.verbose: sys.stdout.write(" client: closing connection.\n") s.close() finally: server.stop() server.join()
def _apply_failure(self, fn, filename, expected_exception, check_fn_in_exception=True): try: fn(filename) raise support.TestFailed("Expected to fail calling '%s(%r)'" % (fn.__name__, filename)) except expected_exception as details: if check_fn_in_exception and details.filename != filename: raise support.TestFailed( "Function '%s(%r) failed with " "bad filename in the exception: %r" % (fn.__name__, filename, details.filename))
def badCertTest (certfile): server = ThreadedEchoServer(CERTFILE, certreqs=ssl.CERT_REQUIRED, cacerts=CERTFILE, chatty=False, connectionchatty=False) flag = threading.Event() server.start(flag) # wait for it to start flag.wait() # try to connect try: try: s = ssl.wrap_socket(socket.socket(), certfile=certfile, ssl_version=ssl.PROTOCOL_TLSv1) s.connect((HOST, server.port)) except ssl.SSLError as x: if support.verbose: sys.stdout.write("\nSSLError is %s\n" % x) except socket.error as x: if support.verbose: sys.stdout.write("\nsocket.error is %s\n" % x) else: raise support.TestFailed( "Use of invalid cert should have failed!") finally: server.stop() server.join()
def tryProtocolCombo (server_protocol, client_protocol, expectedToWork, certsreqs=None): if certsreqs is None: certsreqs = ssl.CERT_NONE if certsreqs == ssl.CERT_NONE: certtype = "CERT_NONE" elif certsreqs == ssl.CERT_OPTIONAL: certtype = "CERT_OPTIONAL" elif certsreqs == ssl.CERT_REQUIRED: certtype = "CERT_REQUIRED" if support.verbose: formatstr = (expectedToWork and " %s->%s %s\n") or " {%s->%s} %s\n" sys.stdout.write(formatstr % (ssl.get_protocol_name(client_protocol), ssl.get_protocol_name(server_protocol), certtype)) try: serverParamsTest(CERTFILE, server_protocol, certsreqs, CERTFILE, CERTFILE, client_protocol, chatty=False, connectionchatty=False) except support.TestFailed: if expectedToWork: raise else: if not expectedToWork: raise support.TestFailed( "Client protocol %s succeeded with server protocol %s!" % (ssl.get_protocol_name(client_protocol), ssl.get_protocol_name(server_protocol)))
def test_main(): from test import test_doctest2 EXPECTED = 19 f, t = support.run_doctest(test_doctest2) if t != EXPECTED: raise support.TestFailed("expected %d tests to run, not %d" % (EXPECTED, t))
def test_main(verbose=False): if skip_expected: raise unittest.SkipTest("No SSL support") global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "keycert.pem") SVN_PYTHON_ORG_ROOT_CERT = os.path.join( os.path.dirname(__file__) or os.curdir, "https_svn_python_org_root.pem") if (not os.path.exists(CERTFILE) or not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT)): raise support.TestFailed("Can't read certificate files!") tests = [BasicTests] if support.is_resource_enabled('network'): tests.append(NetworkedTests) if _have_threads: thread_info = support.threading_setup() if thread_info and support.is_resource_enabled('network'): tests.append(ThreadedTests) support.run_unittest(*tests) if _have_threads: support.threading_cleanup(*thread_info)
def testDERtoPEM(self): pem = open(SVN_PYTHON_ORG_ROOT_CERT, 'r').read() d1 = ssl.PEM_cert_to_DER_cert(pem) p2 = ssl.DER_cert_to_PEM_cert(d1) d2 = ssl.PEM_cert_to_DER_cert(p2) if (d1 != d2): raise support.TestFailed("PEM-to-DER or DER-to-PEM translation failed")
def raises(exc, expected, callable, *args): """Ensure the expected exception is raised""" try: callable(*args) except exc as msg: if expected is not None: if isinstance(expected, str): if str(msg) != expected: raise support.TestFailed("Message %r, expected %r" % (str(msg), expected)) elif isinstance(expected, int): if msg.errno != expected: raise support.TestFailed("errno %r, expected %r" % (msg, expected)) else: raise support.TestFailed("Expected %s" % exc)
def test_main(): # # used by regrtest # support.run_unittest(unittest.test.suite()) # support.reap_children() res = unittest.main(module=None, verbosity=support.verbose, start='/lib/unittest/test', separate=True) ### errors = len(res.result.errors) ### failures = len(res.result.failures) ### if errors or failures: ### raise support.TestFailed('Errors {}, Failures {}'.format(errors, failures)) ###
def test_main(): if cosmo.MODE == 'tiny': return from test import test_doctest2 EXPECTED = 19 f, t = support.run_doctest(test_doctest2) if t != EXPECTED: raise support.TestFailed("expected %d tests to run, not %d" % (EXPECTED, t))
def testSocketServer(self): server = OurHTTPSServer(CERTFILE) flag = threading.Event() server.start(flag) # wait for it to start flag.wait() # try to connect try: if support.verbose: sys.stdout.write('\n') d1 = open(CERTFILE, 'rb').read() d2 = '' # now fetch the same data from the HTTPS server url = 'https://%s:%d/%s' % ( HOST, server.port, os.path.split(CERTFILE)[1]) f = urllib.request.urlopen(url) dlen = f.info().get("content-length") if dlen and (int(dlen) > 0): d2 = f.read(int(dlen)) if support.verbose: sys.stdout.write( " client: read %d bytes from remote server '%s'\n" % (len(d2), server)) f.close() except: msg = ''.join(traceback.format_exception(*sys.exc_info())) if support.verbose: sys.stdout.write('\n' + msg) raise support.TestFailed(msg) else: if not (d1 == d2): print("d1 is", len(d1), repr(d1)) print("d2 is", len(d2), repr(d2)) raise support.TestFailed( "Couldn't fetch data from HTTPS server") finally: if support.verbose: sys.stdout.write('stopping server\n') server.stop() if support.verbose: sys.stdout.write('joining thread\n') server.join()
def expect(got_this, expect_this): if support.verbose: print('%r =?= %r ...' % (got_this, expect_this), end=' ') if got_this != expect_this: if support.verbose: print('no') raise support.TestFailed('got %r, but expected %r' %\ (got_this, expect_this)) else: if support.verbose: print('yes')
def load_tests(*args): tests = [TestImaplib] if support.is_resource_enabled('network'): if ssl: global CERTFILE, CAFILE CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "keycert3.pem") if not os.path.exists(CERTFILE): raise support.TestFailed("Can't read certificate files!") CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "pycacert.pem") if not os.path.exists(CAFILE): raise support.TestFailed("Can't read CA file!") tests.extend([ ThreadedNetworkedTests, ThreadedNetworkedTestsSSL, RemoteIMAPTest, RemoteIMAP_SSLTest, RemoteIMAP_STARTTLSTest, ]) return unittest.TestSuite([unittest.makeSuite(test) for test in tests])
def connector(): listener_ready.wait() s = socket.socket() s.connect((HOST, port)) listener_gone.wait() try: ssl_sock = ssl.wrap_socket(s) except IOError: pass else: raise support.TestFailed( 'connecting to closed SSL socket should have failed')
def testAsyncoreServer(self): if support.verbose: sys.stdout.write("\n") indata="FOO\n" server = AsyncoreEchoServer(CERTFILE) flag = threading.Event() server.start(flag) # wait for it to start flag.wait() # try to connect try: s = ssl.wrap_socket(socket.socket()) s.connect((HOST, server.port)) except ssl.SSLError as x: raise support.TestFailed("Unexpected SSL error: " + str(x)) except Exception as x: raise support.TestFailed("Unexpected exception: " + str(x)) else: if support.verbose: sys.stdout.write( " client: sending %s...\n" % (repr(indata))) s.sendall(indata.encode('ASCII', 'strict')) outdata = s.recv() if support.verbose: sys.stdout.write(" client: read %s\n" % repr(outdata)) outdata = str(outdata, 'ASCII', 'strict') if outdata != indata.lower(): raise support.TestFailed( "bad data <<%s>> (%d) received; expected <<%s>> (%d)\n" % (repr(outdata[:min(len(outdata),20)]), len(outdata), repr(indata[:min(len(indata),20)].lower()), len(indata))) s.write("over\n".encode("ASCII", "strict")) if support.verbose: sys.stdout.write(" client: closing connection.\n") s.close() finally: server.stop() server.join()
def testFetchServerCert(self): pem = ssl.get_server_certificate(("svn.python.org", 443)) if not pem: raise support.TestFailed("No server certificate on svn.python.org:443!") return try: pem = ssl.get_server_certificate(("svn.python.org", 443), ca_certs=CERTFILE) except ssl.SSLError as x: #should fail if support.verbose: sys.stdout.write("%s\n" % x) else: raise support.TestFailed("Got server certificate %s for svn.python.org!" % pem) pem = ssl.get_server_certificate(("svn.python.org", 443), ca_certs=SVN_PYTHON_ORG_ROOT_CERT) if not pem: raise support.TestFailed("No server certificate on svn.python.org:443!") if support.verbose: sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem)
def capture_events(callable, p=None): try: sys.setprofile() except TypeError: pass else: raise support.TestFailed('sys.setprofile() did not raise TypeError') if p is None: p = HookWatcher() sys.setprofile(p.callback) protect(callable, p) sys.setprofile(None) return p.get_events()[1:-1]
def raises(exc, expected, callable, *args): """Ensure the specified call raises exc. expected is compared against the exception message if not None. It can be a str, an errno or a 2 item tuple of errno/filename. The latter two being for comparison against EnvironmentErrors. """ if expected: if isinstance(expected, str): msg = expected else: errno = expected[0] if isinstance(expected, tuple) else expected msg = '[Errno %d] %s' % (errno, os.strerror(errno)) if isinstance(expected, tuple): msg += ': %r' % expected[1] try: callable(*args) except exc as val: if expected and str(val) != msg: raise support.TestFailed("Message %r, expected %r" % (str(val), msg)) else: raise support.TestFailed("Expected %s" % exc)
def TestThreadState(): if support.verbose: print("auto-thread-state") idents = [] def callback(): idents.append(threading.get_ident()) _testcapi._test_thread_state(callback) a = b = callback time.sleep(1) # Check our main thread is in the list exactly 3 times. if idents.count(threading.get_ident()) != 3: raise support.TestFailed( "Couldn't find main thread correctly in the list")
def test_main(): tests = [TestImaplib] if support.is_resource_enabled('network'): if ssl: global CERTFILE CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "keycert.pem") if not os.path.exists(CERTFILE): raise support.TestFailed("Can't read certificate files!") tests.extend([ ThreadedNetworkedTests, ThreadedNetworkedTestsSSL, RemoteIMAPTest, RemoteIMAP_SSLTest, RemoteIMAP_STARTTLSTest, ]) support.run_unittest(*tests)
def testReadCert(self): if support.verbose: sys.stdout.write("\n") s2 = socket.socket() server = ThreadedEchoServer(CERTFILE, certreqs=ssl.CERT_NONE, ssl_version=ssl.PROTOCOL_SSLv23, cacerts=CERTFILE, chatty=False) flag = threading.Event() server.start(flag) # wait for it to start flag.wait() # try to connect try: try: s = ssl.wrap_socket(socket.socket(), certfile=CERTFILE, ca_certs=CERTFILE, cert_reqs=ssl.CERT_REQUIRED, ssl_version=ssl.PROTOCOL_SSLv23) s.connect((HOST, server.port)) except ssl.SSLError as x: raise support.TestFailed( "Unexpected SSL error: " + str(x)) except Exception as x: raise support.TestFailed( "Unexpected exception: " + str(x)) else: if not s: raise support.TestFailed( "Can't SSL-handshake with test server") cert = s.getpeercert() if not cert: raise support.TestFailed( "Can't get peer certificate.") cipher = s.cipher() if support.verbose: sys.stdout.write(pprint.pformat(cert) + '\n') sys.stdout.write("Connection cipher is " + str(cipher) + '.\n') if 'subject' not in cert: raise support.TestFailed( "No subject field in certificate: %s." % pprint.pformat(cert)) if ((('organizationName', 'Python Software Foundation'),) not in cert['subject']): raise support.TestFailed( "Missing or invalid 'organizationName' field in certificate subject; " "should be 'Python Software Foundation'.") s.close() finally: server.stop() server.join()
def testSSLconnect(self): if not support.is_resource_enabled('network'): return s = ssl.wrap_socket(socket.socket(socket.AF_INET), cert_reqs=ssl.CERT_NONE) s.connect(("svn.python.org", 443)) c = s.getpeercert() if c: raise support.TestFailed("Peer cert %s shouldn't be here!") s.close() # this should fail because we have no verification certs s = ssl.wrap_socket(socket.socket(socket.AF_INET), cert_reqs=ssl.CERT_REQUIRED) try: s.connect(("svn.python.org", 443)) except ssl.SSLError: pass finally: s.close()
def __reduce__(self): raise support.TestFailed("shouldn't call this")
def __cmp__(self, other): raise support.TestFailed("Vector.__cmp__() should not be called")
def __cmp__(self, other): raise support.TestFailed('Number.__cmp__() should not be called')
def testAllRecvAndSendMethods(self): if support.verbose: sys.stdout.write("\n") server = ThreadedEchoServer(CERTFILE, certreqs=ssl.CERT_NONE, ssl_version=ssl.PROTOCOL_TLSv1, cacerts=CERTFILE, chatty=True, connectionchatty=False) flag = threading.Event() server.start(flag) # wait for it to start flag.wait() # try to connect try: s = ssl.wrap_socket(socket.socket(), server_side=False, certfile=CERTFILE, ca_certs=CERTFILE, cert_reqs=ssl.CERT_NONE, ssl_version=ssl.PROTOCOL_TLSv1) s.connect((HOST, server.port)) except ssl.SSLError as x: raise support.TestFailed("Unexpected SSL error: " + str(x)) except Exception as x: raise support.TestFailed("Unexpected exception: " + str(x)) else: # helper methods for standardising recv* method signatures def _recv_into(): b = bytearray(b"\0"*100) count = s.recv_into(b) return b[:count] def _recvfrom_into(): b = bytearray(b"\0"*100) count, addr = s.recvfrom_into(b) return b[:count] # (name, method, whether to expect success, *args) send_methods = [ ('send', s.send, True, []), ('sendto', s.sendto, False, ["some.address"]), ('sendall', s.sendall, True, []), ] recv_methods = [ ('recv', s.recv, True, []), ('recvfrom', s.recvfrom, False, ["some.address"]), ('recv_into', _recv_into, True, []), ('recvfrom_into', _recvfrom_into, False, []), ] data_prefix = "PREFIX_" for meth_name, send_meth, expect_success, args in send_methods: indata = data_prefix + meth_name try: send_meth(indata.encode('ASCII', 'strict'), *args) outdata = s.read() outdata = str(outdata, 'ASCII', 'strict') if outdata != indata.lower(): raise support.TestFailed( "While sending with <<{name:s}>> bad data " "<<{outdata:s}>> ({nout:d}) received; " "expected <<{indata:s}>> ({nin:d})\n".format( name=meth_name, outdata=repr(outdata[:20]), nout=len(outdata), indata=repr(indata[:20]), nin=len(indata) ) ) except ValueError as e: if expect_success: raise support.TestFailed( "Failed to send with method <<{name:s}>>; " "expected to succeed.\n".format(name=meth_name) ) if not str(e).startswith(meth_name): raise support.TestFailed( "Method <<{name:s}>> failed with unexpected " "exception message: {exp:s}\n".format( name=meth_name, exp=e ) ) for meth_name, recv_meth, expect_success, args in recv_methods: indata = data_prefix + meth_name try: s.send(indata.encode('ASCII', 'strict')) outdata = recv_meth(*args) outdata = str(outdata, 'ASCII', 'strict') if outdata != indata.lower(): raise support.TestFailed( "While receiving with <<{name:s}>> bad data " "<<{outdata:s}>> ({nout:d}) received; " "expected <<{indata:s}>> ({nin:d})\n".format( name=meth_name, outdata=repr(outdata[:20]), nout=len(outdata), indata=repr(indata[:20]), nin=len(indata) ) ) except ValueError as e: if expect_success: raise support.TestFailed( "Failed to receive with method <<{name:s}>>; " "expected to succeed.\n".format(name=meth_name) ) if not str(e).startswith(meth_name): raise support.TestFailed( "Method <<{name:s}>> failed with unexpected " "exception message: {exp:s}\n".format( name=meth_name, exp=e ) ) # consume data s.read() s.write("over\n".encode("ASCII", "strict")) s.close() finally: server.stop() server.join()
def testSTARTTLS (self): msgs = ("msg 1", "MSG 2", "STARTTLS", "MSG 3", "msg 4", "ENDTLS", "msg 5", "msg 6") server = ThreadedEchoServer(CERTFILE, ssl_version=ssl.PROTOCOL_TLSv1, starttls_server=True, chatty=True, connectionchatty=True) flag = threading.Event() server.start(flag) # wait for it to start flag.wait() # try to connect wrapped = False try: try: s = socket.socket() s.setblocking(1) s.connect((HOST, server.port)) except Exception as x: raise support.TestFailed("Unexpected exception: " + str(x)) else: if support.verbose: sys.stdout.write("\n") for indata in msgs: msg = indata.encode('ASCII', 'replace') if support.verbose: sys.stdout.write( " client: sending %s...\n" % repr(msg)) if wrapped: conn.write(msg) outdata = conn.read() else: s.send(msg) outdata = s.recv(1024) if (indata == "STARTTLS" and str(outdata, 'ASCII', 'replace').strip().lower().startswith("ok")): if support.verbose: msg = str(outdata, 'ASCII', 'replace') sys.stdout.write( " client: read %s from server, starting TLS...\n" % repr(msg)) conn = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1) wrapped = True elif (indata == "ENDTLS" and str(outdata, 'ASCII', 'replace').strip().lower().startswith("ok")): if support.verbose: msg = str(outdata, 'ASCII', 'replace') sys.stdout.write( " client: read %s from server, ending TLS...\n" % repr(msg)) s = conn.unwrap() wrapped = False else: if support.verbose: msg = str(outdata, 'ASCII', 'replace') sys.stdout.write( " client: read %s from server\n" % repr(msg)) if support.verbose: sys.stdout.write(" client: closing connection.\n") if wrapped: conn.write("over\n".encode("ASCII", "strict")) else: s.send("over\n".encode("ASCII", "strict")) if wrapped: conn.close() else: s.close() finally: server.stop() server.join()
def test_main(): res = unittest.main(module=None, verbosity=support.verbose, start='/lib/unittest/test', separate=True) ### errors = len(res.result.errors) ### failures = len(res.result.failures) ### if errors or failures: ### raise support.TestFailed('Errors {}, Failures {}'.format(errors, failures)) ###