def test_parse_with_missing_data(self):
alert = Alert()
parser = Parser(bytearray(b'\x01')) # level
with self.assertRaises(SyntaxError):
alert.parse(parser)
def process(self, state, msg):
assert msg.contentType == ContentType.alert
parser = Parser(msg.write())
alert = Alert()
alert.parse(parser)
problem_desc = ""
if self.level is not None and alert.level != self.level:
problem_desc += "Alert level {0} != {1}".format(
alert.level, self.level)
if self.description is not None:
# allow for multiple choice for description
if not isinstance(self.description, collections.Iterable):
self.description = tuple([self.description])
if alert.description not in self.description:
if problem_desc:
problem_desc += ", "
descriptions = [
"\"{0}\"".format(AlertDescription.toStr(i))
for i in self.description
]
expected = ", ".join(
itertools.chain(
(i for i in descriptions[:-2]),
[" or ".join(i for i in descriptions[-2:])]))
received = AlertDescription.toStr(alert.description)
problem_desc += ("Expected alert description {0} does not "
"match received \"{1}\"".format(
expected, received))
if problem_desc:
raise AssertionError(problem_desc)
def test_parse_with_missing_data(self):
alert = Alert()
parser = Parser(bytearray(
b'\x01')) # level
with self.assertRaises(SyntaxError):
alert.parse(parser)
def test_parse(self):
alert = Alert()
parser = Parser(bytearray(b'\x01' + # level
b'\x02' # description
))
alert = alert.parse(parser)
self.assertEqual(alert.level, 1)
self.assertEqual(alert.description, 2)
def process(self, state, msg):
assert msg.contentType == ContentType.alert
parser = Parser(msg.write())
alert = Alert()
alert.parse(parser)
if self.level is not None:
assert alert.level == self.level
if self.description is not None:
assert alert.description == self.description
def test_parse(self):
alert = Alert()
parser = Parser(bytearray(
b'\x01' + # level
b'\x02' # description
))
alert = alert.parse(parser)
self.assertEqual(alert.level, 1)
self.assertEqual(alert.description, 2)
def process(self, state, msg):
assert msg.contentType == ContentType.alert
parser = Parser(msg.write())
alert = Alert()
alert.parse(parser)
problem_desc = ""
if self.level is not None and alert.level != self.level:
problem_desc += "Alert level {0} != {1}".format(alert.level,
self.level)
if self.description is not None \
and alert.description != self.description:
if problem_desc:
problem_desc += ", "
problem_desc += "Alert description {0} != {1}".format(\
alert.description, self.description)
if problem_desc:
raise AssertionError(problem_desc)
def process(self, state, msg):
assert msg.contentType == ContentType.alert
parser = Parser(msg.write())
alert = Alert()
alert.parse(parser)
problem_desc = ""
if self.level is not None and alert.level != self.level:
problem_desc += "Alert level {0} != {1}".format(
alert.level, self.level)
if self.description is not None \
and alert.description != self.description:
if problem_desc:
problem_desc += ", "
problem_desc += ("Alert description {0} != {1}".format(
alert.description, self.description))
if problem_desc:
raise AssertionError(problem_desc)
def process(self, state, msg):
assert msg.contentType == ContentType.alert
parser = Parser(msg.write())
alert = Alert()
alert.parse(parser)
problem_desc = ""
if self.level is not None and alert.level != self.level:
problem_desc += "Alert level {0} != {1}".format(
alert.level, self.level)
if self.description is not None:
# allow for multiple choice for description
if not isinstance(self.description, collections.Iterable):
self.description = tuple([self.description])
if alert.description not in self.description:
if problem_desc:
problem_desc += ", "
problem_desc += ("Alert description {0} != {1}".format(
alert.description, self.description))
if problem_desc:
raise AssertionError(problem_desc)
def test___repr__(self):
alert = Alert().create(AlertDescription.record_overflow,
AlertLevel.fatal)
self.assertEqual("Alert(level=2, description=22)", repr(alert))
def generate(self, status):
alert = Alert().create(self.description, self.level)
return alert
def scan(self):
"""Perform a scan on server."""
defragger = Defragmenter()
defragger.addStaticSize(ContentType.change_cipher_spec, 1)
defragger.addStaticSize(ContentType.alert, 2)
defragger.addDynamicSize(ContentType.handshake, 1, 3)
try:
raw_sock = socket.create_connection((self.host, self.port), 5)
except socket.error as e:
return [e]
sock = MessageSocket(raw_sock, defragger)
if self.hostname is not None:
client_hello = self.hello_gen(bytearray(self.hostname, 'utf-8'))
else:
client_hello = self.hello_gen(None)
# record layer version - TLSv1.x
# use the version from configuration, if present, or default to the
# RFC recommended (3, 1) for TLS and (3, 0) for SSLv3
if hasattr(client_hello, 'record_version'):
sock.version = client_hello.record_version
elif hasattr(self.hello_gen, 'record_version'):
sock.version = self.hello_gen.record_version
elif client_hello.client_version > (3, 1): # TLS1.0
sock.version = (3, 1)
else:
sock.version = client_hello.client_version
# we don't want to send invalid messages (SSLv2 hello in SSL record
# layer), so set the record layer version to SSLv2 if the hello is
# of SSLv2 format
if client_hello.ssl2:
sock.version = (0, 2)
# save the record version used in the end for later analysis
client_hello.record_version = sock.version
messages = [client_hello]
handshake_parser = HandshakeParser()
try:
sock.sendMessageBlocking(client_hello)
except socket.error as e:
messages.append(e)
return messages
except TLSAbruptCloseError as e:
sock.sock.close()
messages.append(e)
return messages
# get all the server messages that affect connection, abort as soon
# as they've been read
try:
while True:
header, parser = sock.recvMessageBlocking()
if header.type == ContentType.alert:
alert = Alert()
alert.parse(parser)
alert.record_version = header.version
messages += [alert]
elif header.type == ContentType.handshake:
msg = handshake_parser.parse(parser)
msg.record_version = header.version
messages += [msg]
if isinstance(msg, ServerHelloDone):
return messages
else:
raise TypeError("Unknown content type: {0}".format(
header.type))
except (TLSAbruptCloseError, TLSIllegalParameterException, ValueError,
TypeError, socket.error, SyntaxError) as e:
messages += [e]
return messages
finally:
try:
sock.sock.close()
except (socket.error, OSError):
pass
def process(self, state, msg):
assert msg.contentType == ContentType.alert
parser = Parser(msg.write())
alert = Alert()
alert.parse(parser)
def process(self, state, msg):
assert msg.contentType == ContentType.alert
parser = Parser(msg.write())
alert = Alert()
alert.parse(parser)
def test_write(self):
alert = Alert().create(AlertDescription.record_overflow)
self.assertEqual(bytearray(
b'\x02\x16'), alert.write())
def test_write(self):
alert = Alert().create(AlertDescription.record_overflow)
self.assertEqual(bytearray(b'\x02\x16'), alert.write())
def test___init__(self):
alert = Alert()
self.assertEqual(alert.contentType, ContentType.alert)
self.assertEqual(alert.level, 0)
self.assertEqual(alert.description, 0)
def prepare_mock_socket_with_handshake_failure(self):
alertObj = Alert().create(AlertDescription.handshake_failure)
alert = alertObj.write()
header = RecordHeader3().create((3, 3), ContentType.alert, len(alert))
return MockSocket(header.write() + alert)
def test_levelName_with_wrong_level(self):
alert = Alert().create(AlertDescription.close_notify, 11)
self.assertEqual("unknown(11)", alert.levelName)
def test_descriptionName(self):
alert = Alert().create(AlertDescription.record_overflow,
AlertLevel.fatal)
self.assertEqual("record_overflow", alert.descriptionName)
def test_descriptionName_with_wrong_id(self):
alert = Alert().create(1)
self.assertEqual("unknown(1)", alert.descriptionName)
def generate(self, status):
"""Send the Alert to server."""
alert = Alert().create(self.description, self.level)
return alert
def test___str__(self):
alert = Alert().create(AlertDescription.record_overflow,
AlertLevel.fatal)
self.assertEqual("Alert, level:fatal, description:record_overflow",
str(alert))
def prepare_mock_socket_with_handshake_failure(self):
alertObj = Alert().create(AlertDescription.handshake_failure)
alert = alertObj.write()
header = RecordHeader3().create((3, 3), ContentType.alert, len(alert))
return MockSocket(header.write() + alert)
def scan(self):
"""Perform a scan on server."""
defragger = Defragmenter()
defragger.addStaticSize(ContentType.change_cipher_spec, 1)
defragger.addStaticSize(ContentType.alert, 2)
defragger.addDynamicSize(ContentType.handshake, 1, 3)
try:
raw_sock = socket.create_connection((self.host, self.port), 5)
except socket.error as e:
return [e]
sock = MessageSocket(raw_sock, defragger)
if self.hostname is not None:
client_hello = self.hello_gen(bytearray(self.hostname,
'utf-8'))
else:
client_hello = self.hello_gen(None)
# record layer version - TLSv1.x
# use the version from configuration, if present, or default to the
# RFC recommended (3, 1) for TLS and (3, 0) for SSLv3
if hasattr(client_hello, 'record_version'):
sock.version = client_hello.record_version
elif hasattr(self.hello_gen, 'record_version'):
sock.version = self.hello_gen.record_version
elif client_hello.client_version > (3, 1): # TLS1.0
sock.version = (3, 1)
else:
sock.version = client_hello.client_version
# we don't want to send invalid messages (SSLv2 hello in SSL record
# layer), so set the record layer version to SSLv2 if the hello is
# of SSLv2 format
if client_hello.ssl2:
sock.version = (0, 2)
# save the record version used in the end for later analysis
client_hello.record_version = sock.version
messages = [client_hello]
handshake_parser = HandshakeParser()
try:
sock.sendMessageBlocking(client_hello)
except socket.error as e:
messages.append(e)
return messages
except TLSAbruptCloseError as e:
sock.sock.close()
messages.append(e)
return messages
# get all the server messages that affect connection, abort as soon
# as they've been read
try:
while True:
header, parser = sock.recvMessageBlocking()
if header.type == ContentType.alert:
alert = Alert()
alert.parse(parser)
alert.record_version = header.version
messages += [alert]
elif header.type == ContentType.handshake:
msg = handshake_parser.parse(parser)
msg.record_version = header.version
messages += [msg]
if isinstance(msg, ServerHelloDone):
return messages
else:
raise TypeError("Unknown content type: {0}"
.format(header.type))
except (TLSAbruptCloseError, TLSIllegalParameterException,
ValueError, TypeError, socket.error, SyntaxError) as e:
messages += [e]
return messages
finally:
try:
sock.sock.close()
except (socket.error, OSError):
pass