def serverParamsTest (certfile, protocol, certreqs, cacertsfile,
client_certfile, client_protocol=None, indata="FOO\n",
chatty=True, connectionchatty=False,
wrap_accepting_socket=False):
server = ThreadedEchoServer(certfile,
certreqs=certreqs,
ssl_version=protocol,
cacerts=cacertsfile,
chatty=chatty,
connectionchatty=connectionchatty,
wrap_accepting_socket=wrap_accepting_socket)
flag = threading.Event()
server.start(flag)
# wait for it to start
flag.wait()
# try to connect
if client_protocol is None:
client_protocol = protocol
try:
try:
s = ssl.wrap_socket(socket.socket(),
certfile=client_certfile,
ca_certs=cacertsfile,
cert_reqs=certreqs,
ssl_version=client_protocol)
s.connect((HOST, server.port))
except ssl.SSLError, x:
raise test_support.TestFailed("Unexpected SSL error: " + str(x))
except Exception, x:
raise test_support.TestFailed("Unexpected exception: " + str(x))
def testFetchServerCert(self):
pem = ssl.get_server_certificate(("svn.python.org", 443))
if not pem:
raise test_support.TestFailed(
"No server certificate on svn.python.org:443!")
try:
pem = ssl.get_server_certificate(("svn.python.org", 443),
ca_certs=CERTFILE)
except ssl.SSLError:
#should fail
pass
else:
raise test_support.TestFailed(
"Got server certificate %s for svn.python.org!" % pem)
pem = ssl.get_server_certificate(("svn.python.org", 443),
ca_certs=SVN_PYTHON_ORG_ROOT_CERT)
if not pem:
raise test_support.TestFailed(
"No server certificate on svn.python.org:443!")
if test_support.verbose:
sys.stdout.write(
"\nVerified certificate for svn.python.org:443 is\n%s\n" % pem)
def test_main(verbose=False):
if skip_expected:
raise test_support.TestSkipped("No SSL support")
global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT
CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
"keycert.pem")
SVN_PYTHON_ORG_ROOT_CERT = os.path.join(
os.path.dirname(__file__) or os.curdir,
"https_svn_python_org_root.pem")
if (not os.path.exists(CERTFILE) or
not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT)):
raise test_support.TestFailed("Can't read certificate files!")
TESTPORT = test_support.find_unused_port()
if not TESTPORT:
raise test_support.TestFailed("Can't find open port to test servers on!")
tests = [BasicTests]
if test_support.is_resource_enabled('network'):
tests.append(NetworkedTests)
if _have_threads:
thread_info = test_support.threading_setup()
if thread_info and test_support.is_resource_enabled('network'):
tests.append(ThreadedTests)
test_support.run_unittest(*tests)
if _have_threads:
test_support.threading_cleanup(*thread_info)
def testConnect(self):
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
cert_reqs=ssl.CERT_NONE)
s.connect(("pop.gmail.com", 995))
c = s.getpeercert()
if c:
raise test_support.TestFailed("Peer cert %s shouldn't be here!")
s.close()
# this should fail because we have no verification certs
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
cert_reqs=ssl.CERT_REQUIRED)
try:
try:
s.connect(("pop.gmail.com", 995))
except ssl.SSLError:
pass
finally:
s.close()
# this should succeed because we specify the root cert
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
cert_reqs=ssl.CERT_REQUIRED,
ca_certs=SVN_PYTHON_ORG_ROOT_CERT)
try:
try:
s.connect(("svn.python.org", 443))
except ssl.SSLError, x:
raise test_support.TestFailed("Unexpected exception %s" % x)
finally:
s.close()
def testReadCert(self):
if test_support.verbose:
sys.stdout.write("\n")
s2 = socket.socket()
server = ThreadedEchoServer(TESTPORT,
CERTFILE,
certreqs=ssl.CERT_NONE,
ssl_version=ssl.PROTOCOL_SSLv23,
cacerts=CERTFILE,
chatty=False)
flag = threading.Event()
server.start(flag)
# wait for it to start
flag.wait()
# try to connect
try:
try:
s = ssl.wrap_socket(socket.socket(),
certfile=CERTFILE,
ca_certs=CERTFILE,
cert_reqs=ssl.CERT_REQUIRED,
ssl_version=ssl.PROTOCOL_SSLv23)
s.connect(('127.0.0.1', TESTPORT))
except ssl.SSLError, x:
raise test_support.TestFailed("Unexpected SSL error: " +
str(x))
except Exception, x:
raise test_support.TestFailed("Unexpected exception: " +
str(x))
def test_main(verbose=False):
if skip_expected:
raise test_support.TestSkipped("No SSL support")
global CERTFILE, TESTPORT, SVN_PYTHON_ORG_ROOT_CERT
CERTFILE = os.path.join(
os.path.dirname(__file__) or os.curdir, "keycert.pem")
SVN_PYTHON_ORG_ROOT_CERT = os.path.join(
os.path.dirname(__file__) or os.curdir, "root.crt")
if (not os.path.exists(CERTFILE)
or not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT)):
raise test_support.TestFailed("Can't read certificate files!")
TESTPORT = findtestsocket(10025, 12000)
if not TESTPORT:
raise test_support.TestFailed(
"Can't find open port to test servers on!")
tests = [BasicTests]
if test_support.is_resource_enabled('network'):
tests.append(NetworkedTests)
if _have_threads:
if CERTFILE and test_support.is_resource_enabled('network'):
tests.append(ThreadedTests)
test_support.run_unittest(*tests)
def _apply_failure(self, fn, filename, expected_exception,
check_fn_in_exception = True):
try:
fn(filename)
raise test_support.TestFailed("Expected to fail calling '%s(%r)'"
% (fn.__name__, filename))
except expected_exception, details:
if check_fn_in_exception and details.filename != filename:
raise test_support.TestFailed("Function '%s(%r) failed with "
"bad filename in the exception: %r"
% (fn.__name__, filename,
details.filename))
def raises(exc, expected, callable, *args):
"""Ensure the expected exception is raised"""
try:
callable(*args)
except exc, msg:
if expected is not None:
if isinstance(expected, str):
if str(msg) != expected:
raise test_support.TestFailed("Message %r, expected %r" %
(str(msg), expected))
elif isinstance(expected, int):
if msg.errno != expected:
raise test_support.TestFailed("errno %r, expected %r" %
(msg, expected))
def testSTARTTLS(self):
msgs = ("msg 1", "MSG 2", "STARTTLS", "MSG 3", "msg 4", "ENDTLS",
"msg 5", "msg 6")
server = ThreadedEchoServer(TESTPORT,
CERTFILE,
ssl_version=ssl.PROTOCOL_TLSv1,
starttls_server=True,
chatty=True,
connectionchatty=True)
flag = threading.Event()
server.start(flag)
# wait for it to start
flag.wait()
# try to connect
wrapped = False
try:
try:
s = socket.socket()
s.setblocking(1)
s.connect(('127.0.0.1', TESTPORT))
except Exception, x:
raise test_support.TestFailed("Unexpected exception: " +
str(x))
else:
def test_main():
from test import test_doctest2
EXPECTED = 19
f, t = test_support.run_doctest(test_doctest2)
if t != EXPECTED:
raise test_support.TestFailed("expected %d tests to run, not %d" %
(EXPECTED, t))
def tryProtocolCombo (server_protocol,
client_protocol,
expectedToWork,
certsreqs=None):
if certsreqs is None:
certsreqs = ssl.CERT_NONE
if certsreqs == ssl.CERT_NONE:
certtype = "CERT_NONE"
elif certsreqs == ssl.CERT_OPTIONAL:
certtype = "CERT_OPTIONAL"
elif certsreqs == ssl.CERT_REQUIRED:
certtype = "CERT_REQUIRED"
if test_support.verbose:
formatstr = (expectedToWork and " %s->%s %s\n") or " {%s->%s} %s\n"
sys.stdout.write(formatstr %
(ssl.get_protocol_name(client_protocol),
ssl.get_protocol_name(server_protocol),
certtype))
try:
serverParamsTest(CERTFILE, server_protocol, certsreqs,
CERTFILE, CERTFILE, client_protocol, chatty=False)
except test_support.TestFailed:
if expectedToWork:
raise
else:
if not expectedToWork:
raise test_support.TestFailed(
"Client protocol %s succeeded with server protocol %s!"
% (ssl.get_protocol_name(client_protocol),
ssl.get_protocol_name(server_protocol)))
def testDERtoPEM(self):
pem = open(SVN_PYTHON_ORG_ROOT_CERT, 'r').read()
d1 = ssl.PEM_cert_to_DER_cert(pem)
p2 = ssl.DER_cert_to_PEM_cert(d1)
d2 = ssl.PEM_cert_to_DER_cert(p2)
if (d1 != d2):
raise test_support.TestFailed(
"PEM-to-DER or DER-to-PEM translation failed")
def testAsyncoreServer (self):
indata = "TEST MESSAGE of mixed case\n"
if test_support.verbose:
sys.stdout.write("\n")
server = AsyncoreEchoServer(CERTFILE)
flag = threading.Event()
server.start(flag)
# wait for it to start
flag.wait()
# try to connect
try:
try:
s = ssl.wrap_socket(socket.socket())
s.connect(('127.0.0.1', server.port))
except ssl.SSLError, x:
raise test_support.TestFailed("Unexpected SSL error: " + str(x))
except Exception, x:
raise test_support.TestFailed("Unexpected exception: " + str(x))
def connector():
listener_ready.wait()
s = socket.socket()
s.connect((HOST, port))
listener_gone.wait()
try:
ssl_sock = ssl.wrap_socket(s)
except IOError:
pass
else:
raise test_support.TestFailed(
'connecting to closed SSL socket should have failed')
def connector():
listener_ready.wait()
s = socket.socket()
s.connect(('localhost', PORT[0]))
listener_gone.wait()
try:
ssl_sock = socket.ssl(s)
except socket.sslerror:
pass
else:
raise test_support.TestFailed(
'connecting to closed SSL socket should have failed')
def connector():
listener_ready.wait()
s = socket.socket()
s.connect(('127.0.0.1', TESTPORT))
listener_gone.wait()
try:
ssl.wrap_socket(s)
except socket.error:
pass
else:
raise test_support.TestFailed(
'connecting to closed SSL socket should have failed')
def test_main():
from test import test_doctest2
if sys.flags.optimize >= 2:
print >> sys.stderr, "test_doctest2 --",
print >> sys.stderr, "skipping some tests due to -O flag."
sys.stderr.flush()
EXPECTED = 3
else:
EXPECTED = 19
f, t = test_support.run_doctest(test_doctest2)
if t != EXPECTED:
raise test_support.TestFailed("expected %d tests to run, not %d" %
(EXPECTED, t))
def test_main():
tests = [TestImaplib]
if support.is_resource_enabled('network'):
if ssl:
global CERTFILE
CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
"keycert.pem")
if not os.path.exists(CERTFILE):
raise support.TestFailed("Can't read certificate files!")
tests.extend([ThreadedNetworkedTests, ThreadedNetworkedTestsSSL])
support.run_unittest(*tests)
def testSocketServer(self):
server = SocketServerHTTPSServer(CERTFILE)
flag = threading.Event()
server.start(flag)
# wait for it to start
flag.wait()
# try to connect
try:
if test_support.verbose:
sys.stdout.write('\n')
d1 = open(CERTFILE, 'rb').read()
d2 = ''
# now fetch the same data from the HTTPS server
url = 'https://127.0.0.1:%d/%s' % (
server.port, os.path.split(CERTFILE)[1])
f = urllib.urlopen(url)
dlen = f.info().getheader("content-length")
if dlen and (int(dlen) > 0):
d2 = f.read(int(dlen))
if test_support.verbose:
sys.stdout.write(
" client: read %d bytes from remote server '%s'\n"
% (len(d2), server))
f.close()
except:
msg = ''.join(traceback.format_exception(*sys.exc_info()))
if test_support.verbose:
sys.stdout.write('\n' + msg)
raise test_support.TestFailed(msg)
else:
if not (d1 == d2):
raise test_support.TestFailed(
"Couldn't fetch data from HTTPS server")
finally:
server.stop()
server.join()
def capture_events(callable, p=None):
try:
sys.setprofile()
except TypeError:
pass
else:
raise test_support.TestFailed(
'sys.setprofile() did not raise TypeError')
if p is None:
p = HookWatcher()
sys.setprofile(p.callback)
protect(callable, p)
sys.setprofile(None)
return p.get_events()[1:-1]
def test_nameprep(self):
from encodings.idna import nameprep
for pos, (orig, prepped) in enumerate(nameprep_tests):
if orig is None:
# Skipped
continue
# The Unicode strings are given in UTF-8
orig = unicode(orig, "utf-8")
if prepped is None:
# Input contains prohibited characters
self.assertRaises(UnicodeError, nameprep, orig)
else:
prepped = unicode(prepped, "utf-8")
try:
self.assertEquals(nameprep(orig), prepped)
except Exception,e:
raise test_support.TestFailed("Test 3.%d: %s" % (pos+1, str(e)))
def testSSLconnect(self):
if not test_support.is_resource_enabled('network'):
return
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
cert_reqs=ssl.CERT_NONE)
s.connect(("svn.python.org", 443))
c = s.getpeercert()
if c:
raise test_support.TestFailed("Peer cert %s shouldn't be here!")
s.close()
# this should fail because we have no verification certs
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
cert_reqs=ssl.CERT_REQUIRED)
try:
s.connect(("svn.python.org", 443))
except ssl.SSLError:
pass
finally:
s.close()
def raises(exc, expected, callable, *args):
"""Ensure the specified call raises exc.
expected is compared against the exception message if not None. It
can be a str, an errno or a 2 item tuple of errno/filename. The
latter two being for comparison against EnvironmentErrors.
"""
if expected:
if isinstance(expected, str):
msg = expected
else:
errno = expected[0] if isinstance(expected, tuple) else expected
msg = '[Errno %d] %s' % (errno, os.strerror(errno))
if isinstance(expected, tuple):
msg += ': %r' % expected[1]
try:
callable(*args)
except exc, val:
if expected and str(val) != msg:
raise test_support.TestFailed("Message %r, expected %r" %
(str(val), msg))
"""Ensure the expected exception is raised"""
try:
callable(*args)
except exc, msg:
if expected is not None:
if isinstance(expected, str):
if str(msg) != expected:
raise test_support.TestFailed("Message %r, expected %r" %
(str(msg), expected))
elif isinstance(expected, int):
if msg.errno != expected:
raise test_support.TestFailed("errno %r, expected %r" %
(msg, expected))
else:
raise test_support.TestFailed("Expected %s" % exc)
def read(filename):
"""Read data from filename"""
fp = open(filename)
data = fp.read()
fp.close()
return data
def write(filename, data):
"""Write data to filename"""
fp = open(filename, 'wb')
fp.write(data)
fp.close()
flag = threading.Event()
server.start(flag)
# wait for it to start
flag.wait()
# try to connect
try:
try:
s = ssl.wrap_socket(socket.socket(),
certfile=certfile,
ssl_version=ssl.PROTOCOL_TLSv1)
s.connect(('127.0.0.1', TESTPORT))
except ssl.SSLError, x:
if test_support.verbose:
sys.stdout.write("\nSSLError is %s\n" % x[1])
else:
raise test_support.TestFailed(
"Use of invalid cert should have failed!")
finally:
server.stop()
server.join()
def serverParamsTest(certfile,
protocol,
certreqs,
cacertsfile,
client_certfile,
client_protocol=None,
indata="FOO\n",
chatty=True,
connectionchatty=False,
wrap_accepting_socket=False):