def test_catchesMissingKey(self, tmpdir): pytest.importorskip('twisted') certFile = tmpdir.join('cert_and_chain.pem') certFile.write(''.join(CERT_PEMS)) with pytest.raises(ValueError): pem.certificateOptionsFromFiles( str(certFile) )
def test_catchesMissingCertificate(self, tmpdir): pytest.importorskip('twisted') keyFile = tmpdir.join('key.pem') keyFile.write(KEY_PEM) with pytest.raises(ValueError): pem.certificateOptionsFromFiles( str(keyFile) )
def test_catchesMultipleKeys(self, tmpdir): pytest.importorskip('twisted') allFile = tmpdir.join('key_cert_and_chain.pem') allFile.write(KEY_PEM + ''.join(CERT_PEMS) + KEY_PEM2) with pytest.raises(ValueError): pem.certificateOptionsFromFiles( str(allFile) )
def test_catchesMissingCertificate(self, tmpdir): pytest.importorskip('twisted') keyFile = tmpdir.join('key.pem') keyFile.write(KEY_PEM) with pytest.raises(ValueError): pem.certificateOptionsFromFiles( str(keyFile) )
def test_catchesMultipleKeys(self, tmpdir): pytest.importorskip('twisted') allFile = tmpdir.join('key_cert_and_chain.pem') allFile.write(KEY_PEM + ''.join(CERT_PEMS) + KEY_PEM2) with pytest.raises(ValueError): pem.certificateOptionsFromFiles( str(allFile) )
def test_catchesMissingKey(self, tmpdir): pytest.importorskip('twisted') certFile = tmpdir.join('cert_and_chain.pem') certFile.write(''.join(CERT_PEMS)) with pytest.raises(ValueError): pem.certificateOptionsFromFiles( str(certFile) )
def test_certificateOptionsFromFiles(self, monkeypatch, recwarn): """ pem.certificateOptionsFromFiles raises a deprecation warning and calls the original method with the same arguments. """ cr = call_recorder(lambda *a, **kw: None) monkeypatch.setattr(pem, "certificateOptionsFromFilesOriginal", cr) pem.certificateOptionsFromFiles("foo", bar="baz") assert [call("foo", bar="baz")] == cr.calls w = recwarn.pop(DeprecationWarning) assert "certificateOptionsFromFiles" in str(w.message)
def test_certificateOptionsFromFiles(self, monkeypatch, recwarn): """ pem.certificateOptionsFromFiles raises a deprecation warning and calls the original method with the same arguments. """ cr = call_recorder(lambda *a, **kw: None) monkeypatch.setattr(pem, "certificateOptionsFromFilesOriginal", cr) pem.certificateOptionsFromFiles("foo", bar="baz") assert [call("foo", bar="baz")] == cr.calls w = recwarn.pop(DeprecationWarning) assert "certificateOptionsFromFiles" in str(w.message)
def test_catchesKeyCertificateMismatch(self, tmpdir): """ A ValueError is raised when some certificates are present in the pem, but no certificate in the pem matches the key. """ pytest.importorskip('twisted') keyFile = tmpdir.join('key.pem') keyFile.write(KEY_PEM + "".join(CERT_PEMS[1:])) with pytest.raises(ValueError) as excinfo: pem.certificateOptionsFromFiles(str(keyFile)) assert str(excinfo.value) == ("No certificate matching " + KEY_PEM_HASH + " found.")
def test_catchesKeyCertificateMismatch(self, tmpdir): """ A ValueError is raised when some certificates are present in the pem, but no certificate in the pem matches the key. """ pytest.importorskip('twisted') keyFile = tmpdir.join('key.pem') keyFile.write(KEY_PEM + "".join(CERT_PEMS[1:])) with pytest.raises(ValueError) as excinfo: pem.certificateOptionsFromFiles( str(keyFile) ) assert str(excinfo.value) == ("No certificate matching " + KEY_PEM_HASH + " found.")
def test_certificateOptionsFromFiles(self, tmpdir, recwarn): """ pem.certificateOptionsFromFiles raises a deprecation warning. """ keyFile = tmpdir.join("key.pem") keyFile.write(KEY_PEM) certFile = tmpdir.join("cert.pem") certFile.write(CERT_PEMS[0]) with pytest.warns(DeprecationWarning) as ws: pem.certificateOptionsFromFiles( str(keyFile), str(certFile), ) assert "certificateOptionsFromFiles" in str(ws[0].message)
def test_certificateOptionsFromFiles(self, tmpdir, recwarn): """ pem.certificateOptionsFromFiles raises a deprecation warning. """ keyFile = tmpdir.join("key.pem") keyFile.write(KEY_PEM) certFile = tmpdir.join("cert.pem") certFile.write(CERT_PEMS[0]) with pytest.warns(DeprecationWarning) as ws: pem.certificateOptionsFromFiles( str(keyFile), str(certFile), ) assert "certificateOptionsFromFiles" in str(ws[0].message)
def createSSLContext_(**kwargs): privateKey = kwargs.get('privateKey', None) assert privateKey is not None, '`tls:` endpoint requires `privateKey` option.' certKey = kwargs.get('certKey', privateKey) extraCertChain = kwargs.get('extraCertChain', None) sslmethod = kwargs.get('sslmethod', None) dhParameters = kwargs.get('dhParameters', None) authorities_file = kwargs.get('authorities', None) if authorities_file is not None: verify_client = True else: verify_client = False pem_files = [privateKey, certKey] if extraCertChain is not None: pem_files.append(extraCertChain) kwds = {'method': SSL.SSLv23_METHOD} if verify_client: authorities = [ pem_cert_to_x509(cert) for cert in pem.parse_file(authorities_file) ] kwds['caCerts'] = authorities kwds['verify'] = verify_client if dhParameters is not None: kwds['dhParameters'] = pem.DiffieHellmanParameters.fromFile( dhParameters) ctxFactory = pem.certificateOptionsFromFiles(*pem_files, **kwds) ssl_context = ctxFactory.getContext() ssl_context.set_options(SSL.OP_NO_SSLv2) if sslmethod is not None: ssl_method_options = sslmethod.split('+') for ssl_opt in ssl_method_options: ssl_context.set_options(ssl_opt) return (verify_client, ctxFactory)
def createSSLContext_(**kwargs): privateKey = kwargs.get('privateKey', None) assert privateKey is not None, '`tls:` endpoint requires `privateKey` option.' certKey = kwargs.get('certKey', privateKey) extraCertChain = kwargs.get('extraCertChain', None) sslmethod = kwargs.get('sslmethod', None) dhParameters = kwargs.get('dhParameters', None) authorities_file = kwargs.get('authorities', None) if authorities_file is not None: verify_client = True else: verify_client = False pem_files = [privateKey, certKey] if extraCertChain is not None: pem_files.append(extraCertChain) kwds = {'method': SSL.SSLv23_METHOD} if verify_client: authorities = [pem_cert_to_x509(cert) for cert in pem.parse_file(authorities_file)] kwds['caCerts'] = authorities kwds['verify'] = verify_client if dhParameters is not None: kwds['dhParameters'] = pem.DiffieHellmanParameters.fromFile(dhParameters) ctxFactory = pem.certificateOptionsFromFiles( *pem_files, **kwds) ssl_context = ctxFactory.getContext() ssl_context.set_options(SSL.OP_NO_SSLv2) if sslmethod is not None: ssl_method_options = sslmethod.split('+') for ssl_opt in ssl_method_options: ssl_context.set_options(ssl_opt) return (verify_client, ctxFactory)
def test_forwardsKWargs(self, allFile): pytest.importorskip('twisted') ssl = pytest.importorskip('OpenSSL.SSL') ctxFactory = pem.certificateOptionsFromFiles( str(allFile), method=ssl.SSLv2_METHOD, ) assert ssl.SSLv2_METHOD == ctxFactory.method
def test_forwardsKWargs(self, allFile): pytest.importorskip('twisted') ssl = pytest.importorskip('OpenSSL.SSL') ctxFactory = pem.certificateOptionsFromFiles( str(allFile), method=ssl.SSLv2_METHOD, ) assert ssl.SSLv2_METHOD == ctxFactory.method
def test_passesCertsInCorrectFormat(self, allFile): pytest.importorskip('twisted') crypto = pytest.importorskip('OpenSSL.crypto') ctxFactory = pem.certificateOptionsFromFiles(str(allFile)) assert isinstance(ctxFactory.privateKey, crypto.PKey) assert isinstance(ctxFactory.certificate, crypto.X509) assert all(isinstance(cert, crypto.X509) for cert in ctxFactory.extraCertChain)
def test_passesCertsInCorrectFormat(self, allFile): pytest.importorskip('twisted') crypto = pytest.importorskip('OpenSSL.crypto') ctxFactory = pem.certificateOptionsFromFiles(str(allFile)) assert isinstance(ctxFactory.privateKey, crypto.PKey) assert isinstance(ctxFactory.certificate, crypto.X509) assert all(isinstance(cert, crypto.X509) for cert in ctxFactory.extraCertChain)
def _getCtxFactory(self): dhParamPath = FilePath(self._environ["DH_PARAMETERS_PATH"]) dhParameters = DiffieHellmanParameters.fromFile(dhParamPath) ctxFactory = certificateOptionsFromFiles( self._environ["CERTIFICATE_PATH"], dhParameters=dhParameters) return ctxFactory
def test_worksWithChainInSameFile(self, tmpdir): pytest.importorskip('twisted') keyFile = tmpdir.join('key.pem') keyFile.write(KEY_PEM) certFile = tmpdir.join('cert_and_chain.pem') certFile.write(''.join(CERT_PEMS)) ctxFactory = pem.certificateOptionsFromFiles(str(keyFile), str(certFile)) assert 2 == len(ctxFactory.extraCertChain)
def test_worksWithoutChain(self, tmpdir): pytest.importorskip('twisted') keyFile = tmpdir.join('key.pem') keyFile.write(KEY_PEM) certFile = tmpdir.join('cert.pem') certFile.write(CERT_PEMS[0]) ctxFactory = pem.certificateOptionsFromFiles( str(keyFile), str(certFile), ) assert [] == ctxFactory.extraCertChain
def test_worksWithoutChain(self, tmpdir): pytest.importorskip('twisted') keyFile = tmpdir.join('key.pem') keyFile.write(KEY_PEM) certFile = tmpdir.join('cert.pem') certFile.write(CERT_PEMS[0]) ctxFactory = pem.certificateOptionsFromFiles( str(keyFile), str(certFile), ) assert [] == ctxFactory.extraCertChain
def test_worksWithChainInSameFile(self, tmpdir): pytest.importorskip('twisted') keyFile = tmpdir.join('key.pem') keyFile.write(KEY_PEM) certFile = tmpdir.join('cert_and_chain.pem') certFile.write(''.join(CERT_PEMS)) ctxFactory = pem.certificateOptionsFromFiles( str(keyFile), str(certFile) ) assert 2 == len(ctxFactory.extraCertChain)
def test_useTypesNotOrdering(self, tmpdir): """ L{pem.certificateOptionsFromFiles} identifies the chain, key, and certificate for Twisted's L{CertificateOptions} based on their types and certificate fingerprints, not their order within the file. """ pytest.importorskip('twisted') keyFile = tmpdir.join('key.pem') keyFile.write(KEY_PEM) certFile = tmpdir.join('cert_and_chain.pem') certFile.write(''.join(reversed(CERT_PEMS))) ctxFactory = pem.certificateOptionsFromFiles(str(keyFile), str(certFile)) assert 2 == len(ctxFactory.extraCertChain)
def test_useTypesNotOrdering(self, tmpdir): """ L{pem.certificateOptionsFromFiles} identifies the chain, key, and certificate for Twisted's L{CertificateOptions} based on their types and certificate fingerprints, not their order within the file. """ pytest.importorskip('twisted') keyFile = tmpdir.join('key.pem') keyFile.write(KEY_PEM) certFile = tmpdir.join('cert_and_chain.pem') certFile.write(''.join(reversed(CERT_PEMS))) ctxFactory = pem.certificateOptionsFromFiles( str(keyFile), str(certFile) ) assert 2 == len(ctxFactory.extraCertChain)
def test_realDHParameterSupport(self, monkeypatch, allFile): """ Pass DH parameters directly to CertificateOptions if the installed version of Twisted supports it. """ ssl = pytest.importorskip('twisted.internet.ssl') fakeCtxFactory = object() recorder = call_recorder(lambda *a, **kw: fakeCtxFactory) monkeypatch.setattr(ssl, "CertificateOptions", recorder) monkeypatch.setattr(pem, "_DH_PARAMETERS_SUPPORTED", True) fakeParameters = object() ctxFactory = pem.certificateOptionsFromFiles( str(allFile), dhParameters=fakeParameters) assert ctxFactory is fakeCtxFactory assert recorder.calls[0].kwargs["dhParameters"] == fakeParameters
def test_fakeDHParameterSupport(self, monkeypatch, allFile): """ Fake DH parameter support if Twisted doesn't support it. """ ssl = pytest.importorskip('twisted.internet.ssl') fakeCtxFactory = object() recorder = call_recorder(lambda *a, **kw: fakeCtxFactory) monkeypatch.setattr(ssl, "CertificateOptions", recorder) monkeypatch.setattr(pem, "_DH_PARAMETERS_SUPPORTED", False) fakeParameters = object() ctxFactory = pem.certificateOptionsFromFiles( str(allFile), dhParameters=fakeParameters) assert isinstance(ctxFactory, pem._DHParamContextFactory) assert ctxFactory.ctxFactory is fakeCtxFactory assert "dhParameters" not in recorder.calls[0].kwargs
def test_realDHParameterSupport(self, monkeypatch, allFile): """ Pass DH parameters directly to CertificateOptions if the installed version of Twisted supports it. """ ssl = pytest.importorskip('twisted.internet.ssl') fakeCtxFactory = object() recorder = call_recorder(lambda *a, **kw: fakeCtxFactory) monkeypatch.setattr(ssl, "CertificateOptions", recorder) monkeypatch.setattr(pem, "_DH_PARAMETERS_SUPPORTED", True) fakeParameters = object() ctxFactory = pem.certificateOptionsFromFiles( str(allFile), dhParameters=fakeParameters ) assert ctxFactory is fakeCtxFactory assert recorder.calls[0].kwargs["dhParameters"] == fakeParameters
def test_fakeDHParameterSupport(self, monkeypatch, allFile): """ Fake DH parameter support if Twisted doesn't support it. """ ssl = pytest.importorskip('twisted.internet.ssl') fakeCtxFactory = object() recorder = call_recorder(lambda *a, **kw: fakeCtxFactory) monkeypatch.setattr(ssl, "CertificateOptions", recorder) monkeypatch.setattr(pem, "_DH_PARAMETERS_SUPPORTED", False) fakeParameters = object() ctxFactory = pem.certificateOptionsFromFiles( str(allFile), dhParameters=fakeParameters ) assert isinstance(ctxFactory, pem._DHParamContextFactory) assert ctxFactory.ctxFactory is fakeCtxFactory assert "dhParameters" not in recorder.calls[0].kwargs
def test_worksWithEverythingInOneFile(self, allFile): pytest.importorskip('twisted') ctxFactory = pem.certificateOptionsFromFiles(str(allFile)) assert 2 == len(ctxFactory.extraCertChain)
def test_worksWithEverythingInOneFile(self, allFile): pytest.importorskip('twisted') ctxFactory = pem.certificateOptionsFromFiles(str(allFile)) assert 2 == len(ctxFactory.extraCertChain)