def test_simple_ssl(self):
""" Server uses its cert, client uses none.
"""
server_port = 9001
with TestSSL._ClientServerContextManager(server_port):
client = SSLClient("https://localhost:%d/RPC2" % server_port, ca_certs)
self.assertEqual(client.test_server(), RESULT_OK)
def test_simple_ssl(self):
""" Server uses its cert, client uses none.
"""
server_port = 9001
with TestSSL._ClientServerContextManager(server_port):
client = SSLClient("https://localhost:%d/RPC2" % server_port,
ca_certs)
self.assertEqual(client.test_server(), RESULT_OK)
def test_client_cert(self):
""" Server & client use certs.
"""
server_port = 9002
with TestSSL._ClientServerContextManager(server_port, ssl.CERT_REQUIRED):
client = SSLClient("https://localhost:%d/RPC2" % server_port, ca_certs,
client_key, client_cert)
self.assertEqual(client.test_server(), RESULT_OK)
def test_client_cert(self):
""" Server & client use certs.
"""
server_port = 9002
with TestSSL._ClientServerContextManager(server_port,
ssl.CERT_REQUIRED):
client = SSLClient("https://localhost:%d/RPC2" % server_port,
ca_certs, client_key, client_cert)
self.assertEqual(client.test_server(), RESULT_OK)
def test_client_cert_verify_ok(self):
""" Server & client use certs. Server succesfully validates client certificate's fields.
"""
server_port = 9003
verify_fields = {"commonName":"My Client", "countryName":"US",
"organizationalUnitName":"My Unit", "organizationName":"My Company",
"stateOrProvinceName":"My State"}
with TestSSL._ClientServerContextManager(server_port, ssl.CERT_REQUIRED, verify_fields):
client = SSLClient("https://localhost:%d/RPC2" % server_port, ca_certs,
client_key, client_cert)
self.assertEqual(client.test_server(), RESULT_OK)
def _get_server(self):
if self._IM_VIRTUAL_CLUSTER_XMLRCP_SSL:
from springpython.remoting.xmlrpc import SSLClient
return SSLClient(self._IM_VIRTUAL_CLUSTER_XMLRPC,
self._IM_VIRTUAL_CLUSTER_XMLRCP_SSL_CA_CERTS)
else:
return xmlrpclib.ServerProxy(self._IM_VIRTUAL_CLUSTER_XMLRPC,
allow_none=True)
def test_cert_required_no_client_cert(self):
""" Server requires a client to send the certificate but client sends none.
"""
server_port = 9007
with TestSSL._ClientServerContextManager(server_port,
ssl.CERT_REQUIRED):
client = SSLClient("https://localhost:%d/RPC2" % server_port,
ca_certs)
self.assertRaises(ssl.SSLError, client.test_server)
def test_client_cert_verify_ok(self):
""" Server & client use certs. Server succesfully validates client certificate's fields.
"""
server_port = 9003
verify_fields = {
"commonName": "My Client",
"countryName": "US",
"organizationalUnitName": "My Unit",
"organizationName": "My Company",
"stateOrProvinceName": "My State"
}
with TestSSL._ClientServerContextManager(server_port,
ssl.CERT_REQUIRED,
verify_fields):
client = SSLClient("https://localhost:%d/RPC2" % server_port,
ca_certs, client_key, client_cert)
self.assertEqual(client.test_server(), RESULT_OK)
def test_client_cert_verify_failure_cert_optional_no_client_cert(self):
""" Server optionally requires a client to send the certificate
and validates its fields but client sends none.
"""
server_port = 9006
verify_fields = {"commonName": "My Client"}
with TestSSL._ClientServerContextManager(server_port,
ssl.CERT_OPTIONAL,
verify_fields):
client = SSLClient("https://localhost:%d/RPC2" % server_port,
ca_certs)
self.assertRaises(Exception, client.test_server)
def test_client_cert_failure_field_incorrect_value(self):
""" Server & client use certs. Server fails to validate client certificate's fields
(all fields are in place, but commonName has an incorrect value).
"""
server_port = 9005
verify_fields = {"commonName": "Invalid"}
with TestSSL._ClientServerContextManager(server_port,
ssl.CERT_REQUIRED,
verify_fields):
client = SSLClient("https://localhost:%d/RPC2" % server_port,
ca_certs, client_key, client_cert)
self.assertRaises(Exception, client.test_server)
def test_client_cert_verify_failure_missing_field(self):
""" Server & client use certs. Server fails to validate client certificate's fields
(a field is missing).
"""
server_port = 9004
verify_fields = {
"commonName": "My Client",
"countryName": "US",
"organizationalUnitName": "My Unit",
"organizationName": "My Company",
"stateOrProvinceName": "My State",
"FOO": "BAR"
}
with TestSSL._ClientServerContextManager(server_port,
ssl.CERT_REQUIRED,
verify_fields):
client = SSLClient("https://localhost:%d/RPC2" % server_port,
ca_certs, client_key, client_cert)
self.assertRaises(Exception, client.test_server)
def test_init_default_arguments(self):
""" Tests various defaults various and those passed to __init__'s.
"""
self.assertTrue(issubclass(VerificationException, Exception))
self.assertEqual(RequestHandler.rpc_paths, ("/", "/RPC2"))
self.assertEqual(
SSLClientTransport.user_agent,
"SSL XML-RPC Client (by http://springpython.webfactional.com)")
server1 = MySSLServer("127.0.0.1", 8001)
self.assertEqual(server1.keyfile, None)
self.assertEqual(server1.certfile, None)
self.assertEqual(server1.ca_certs, None)
self.assertEqual(server1.cert_reqs, ssl.CERT_NONE)
self.assertEqual(server1.ssl_version, ssl.PROTOCOL_TLSv1)
self.assertEqual(server1.do_handshake_on_connect, True)
self.assertEqual(server1.suppress_ragged_eofs, True)
self.assertEqual(server1.ciphers, None)
self.assertEqual(server1.logRequests, True)
self.assertEqual(server1.verify_fields, None)
server_host = "127.0.0.1"
server_port = 8002
server_keyfile = "server_keyfile"
server_certfile = "server_certfile"
server_ca_certs = "server_ca_certs"
server_cert_reqs = ssl.CERT_OPTIONAL
server_ssl_version = ssl.PROTOCOL_SSLv3
server_do_handshake_on_connect = False
server_suppress_ragged_eofs = False
server_ciphers = "ALL"
server_log_requests = False
server_verify_fields = {"commonName": "Foo", "organizationName": "Baz"}
server2 = MySSLServer(server_host,
server_port,
server_keyfile,
server_certfile,
server_ca_certs,
server_cert_reqs,
server_ssl_version,
server_do_handshake_on_connect,
server_suppress_ragged_eofs,
server_ciphers,
server_log_requests,
verify_fields=server_verify_fields)
# inherited from SocketServer.BaseServer
self.assertEqual(server2.server_address, (server_host, server_port))
self.assertEqual(server2.keyfile, server_keyfile)
self.assertEqual(server2.certfile, server_certfile)
self.assertEqual(server2.ca_certs, server_ca_certs)
self.assertEqual(server2.cert_reqs, server_cert_reqs)
self.assertEqual(server2.ssl_version, server_ssl_version)
self.assertEqual(server2.do_handshake_on_connect,
server_do_handshake_on_connect)
self.assertEqual(server2.suppress_ragged_eofs,
server_suppress_ragged_eofs)
self.assertEqual(server2.ciphers, server_ciphers)
self.assertEqual(server2.logRequests, server_log_requests)
self.assertEqual(sorted(server2.verify_fields),
sorted(server_verify_fields))
client_uri = "https://127.0.0.1:8000/RPC2"
client_ca_certs = "client_ca_certs"
client_keyfile = "client_keyfile"
client_certfile = "client_certfile"
client_cert_reqs = ssl.CERT_OPTIONAL
client_ssl_version = ssl.PROTOCOL_SSLv23
client_transport = _MyClientTransport
client_encoding = "utf-16"
client_verbose = 1
client_allow_none = False
client_use_datetime = False
client_timeout = 13
client_strict = True
client2 = SSLClient(client_uri, client_ca_certs, client_keyfile,
client_certfile, client_cert_reqs,
client_ssl_version, client_transport,
client_encoding, client_verbose, client_allow_none,
client_use_datetime, client_timeout, client_strict)
self.assertEqual(client2._ServerProxy__host, "127.0.0.1:8000")
self.assertEqual(client2._ServerProxy__transport.ca_certs,
client_ca_certs)
self.assertEqual(client2._ServerProxy__transport.keyfile,
client_keyfile)
self.assertEqual(client2._ServerProxy__transport.certfile,
client_certfile)
self.assertEqual(client2._ServerProxy__transport.cert_reqs,
client_cert_reqs)
self.assertEqual(client2._ServerProxy__transport.ssl_version,
client_ssl_version)
self.assertTrue(
isinstance(client2._ServerProxy__transport, _MyClientTransport))
self.assertEqual(client2._ServerProxy__encoding, client_encoding)
self.assertEqual(client2._ServerProxy__verbose, client_verbose)
self.assertEqual(client2._ServerProxy__allow_none, client_allow_none)
self.assertEqual(client2._ServerProxy__transport.timeout,
client_timeout)
self.assertEqual(client2._ServerProxy__transport.strict, client_strict)
self.assertRaises(NotImplementedError, _DummyServer, "127.0.0.1", 8003)
