예제 #1
0
    def setUp(self):
        self.reactor = ThreadedMemoryReactorClock()

        self.mock_resolver = Mock()

        config_dict = default_config("test", parse=False)
        config_dict["federation_custom_ca_list"] = [get_test_ca_cert_file()]

        self._config = config = HomeServerConfig()
        config.parse_config_dict(config_dict, "", "")

        self.tls_factory = ClientTLSOptionsFactory(config)

        self.well_known_cache = TTLCache("test_cache",
                                         timer=self.reactor.seconds)
        self.had_well_known_cache = TTLCache("test_cache",
                                             timer=self.reactor.seconds)
        self.well_known_resolver = WellKnownResolver(
            self.reactor,
            Agent(self.reactor, contextFactory=self.tls_factory),
            well_known_cache=self.well_known_cache,
            had_well_known_cache=self.had_well_known_cache,
        )

        self.agent = MatrixFederationAgent(
            reactor=self.reactor,
            tls_client_options_factory=self.tls_factory,
            _srv_resolver=self.mock_resolver,
            _well_known_resolver=self.well_known_resolver,
        )
예제 #2
0
    def test_whitelist_idna_result(self):
        """
        The federation certificate whitelist will match on IDNA encoded names.
        """
        config = {
            "federation_certificate_verification_whitelist": [
                "example.com",
                "*.xn--eckwd4c7c.xn--zckzah",
            ]
        }
        t = TestConfig()
        t.read_config(config, config_dir_path="", data_dir_path="")

        cf = ClientTLSOptionsFactory(t)

        # Not in the whitelist
        opts = cf.get_options(b"notexample.com")
        self.assertTrue(opts._verifier._verify_certs)

        # Caught by the wildcard
        opts = cf.get_options(idna.encode("テスト.ドメイン.テスト"))
        self.assertFalse(opts._verifier._verify_certs)
예제 #3
0
    def test_tls_client_minimum_set_passed_through_1_0(self):
        """
        The configured TLS version is correctly configured by the ContextFactory.
        """
        config = {"federation_client_minimum_tls_version": 1}
        t = TestConfig()
        t.read_config(config, config_dir_path="", data_dir_path="")

        cf = ClientTLSOptionsFactory(t)

        # The context has not had any of the NO_TLS set.
        self.assertEqual(cf._verify_ssl._options & SSL.OP_NO_TLSv1, 0)
        self.assertEqual(cf._verify_ssl._options & SSL.OP_NO_TLSv1_1, 0)
        self.assertEqual(cf._verify_ssl._options & SSL.OP_NO_TLSv1_2, 0)
예제 #4
0
    def test_get_well_known_unsigned_cert(self):
        """Test the behaviour when the .well-known server presents a cert
        not signed by a CA
        """

        # we use the same test server as the other tests, but use an agent with
        # the config left to the default, which will not trust it (since the
        # presented cert is signed by a test CA)

        self.mock_resolver.resolve_service.side_effect = lambda _: []
        self.reactor.lookups["testserv"] = "1.2.3.4"

        config = default_config("test", parse=True)

        # Build a new agent and WellKnownResolver with a different tls factory
        tls_factory = ClientTLSOptionsFactory(config)
        agent = MatrixFederationAgent(
            reactor=self.reactor,
            tls_client_options_factory=tls_factory,
            _srv_resolver=self.mock_resolver,
            _well_known_resolver=WellKnownResolver(
                self.reactor,
                Agent(self.reactor, contextFactory=tls_factory),
                well_known_cache=self.well_known_cache,
                had_well_known_cache=self.had_well_known_cache,
            ),
        )

        test_d = agent.request(b"GET", b"matrix://testserv/foo/bar")

        # Nothing happened yet
        self.assertNoResult(test_d)

        # there should be an attempt to connect on port 443 for the .well-known
        clients = self.reactor.tcpClients
        self.assertEqual(len(clients), 1)
        (host, port, client_factory, _timeout, _bindAddress) = clients[0]
        self.assertEqual(host, "1.2.3.4")
        self.assertEqual(port, 443)

        http_proto = self._make_connection(client_factory,
                                           expected_sni=b"testserv")

        # there should be no requests
        self.assertEqual(len(http_proto.requests), 0)

        # and there should be a SRV lookup instead
        self.mock_resolver.resolve_service.assert_called_once_with(
            b"_matrix._tcp.testserv")
예제 #5
0
    def setUp(self):
        self.reactor = ThreadedMemoryReactorClock()

        self.mock_resolver = Mock()

        self.well_known_cache = TTLCache("test_cache",
                                         timer=self.reactor.seconds)

        self.agent = MatrixFederationAgent(
            reactor=self.reactor,
            tls_client_options_factory=ClientTLSOptionsFactory(None),
            _well_known_tls_policy=TrustingTLSPolicyForHTTPS(),
            _srv_resolver=self.mock_resolver,
            _well_known_cache=self.well_known_cache,
        )
예제 #6
0
    def setUp(self):
        self.reactor = ThreadedMemoryReactorClock()

        self.mock_resolver = Mock()

        self.well_known_cache = TTLCache("test_cache",
                                         timer=self.reactor.seconds)

        config_dict = default_config("test", parse=False)
        config_dict["federation_custom_ca_list"] = [get_test_ca_cert_file()]
        # config_dict["trusted_key_servers"] = []

        self._config = config = HomeServerConfig()
        config.parse_config_dict(config_dict)

        self.agent = MatrixFederationAgent(
            reactor=self.reactor,
            tls_client_options_factory=ClientTLSOptionsFactory(config),
            _well_known_tls_policy=TrustingTLSPolicyForHTTPS(),
            _srv_resolver=self.mock_resolver,
            _well_known_cache=self.well_known_cache,
        )