Python TLSConnection.handshakeClientCert 예제들

예제 #1

    def test_client_with_server_responing_with_SHA256_on_TLSv1_1(self):
        # socket to generate the faux response
        gen_sock = MockSocket(bytearray(0))

        gen_record_layer = RecordLayer(gen_sock)
        gen_record_layer.version = (3, 2)

        server_hello = ServerHello().create(
            version=(3, 2),
            random=bytearray(32),
            session_id=bytearray(0),
            cipher_suite=CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
            certificate_type=None,
            tackExt=None,
            next_protos_advertised=None)

        for res in gen_record_layer.sendRecord(server_hello):
            if res in (0, 1):
                self.assertTrue(False, "Blocking socket")
            else:
                break

        # test proper
        sock = MockSocket(gen_sock.sent[0])

        conn = TLSConnection(sock)

        with self.assertRaises(TLSLocalAlert) as err:
            conn.handshakeClientCert()

        self.assertEqual(err.exception.description,
                         AlertDescription.illegal_parameter)

예제 #2

    def test_padding_extension_with_hello_over_256(self):
        sock = self.prepare_mock_socket_with_handshake_failure()

        conn = TLSConnection(sock)
        # create hostname extension
        with self.assertRaises(TLSRemoteAlert):
            # use serverName with 252 bytes
            settings = HandshakeSettings()
            settings.maxVersion = (3, 3)
            settings.keyShares = []
            conn.handshakeClientCert(
                settings=settings,
                serverName='aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd.' +
                'eeeeeeeeeeffffffffffgggggggggghhhhhhhhhh.' +
                'iiiiiiiiiijjjjjjjjjjkkkkkkkkkkllllllllll.' +
                'mmmmmmmmmmnnnnnnnnnnoooooooooopppppppppp.' +
                'qqqqqqqqqqrrrrrrrrrrsssssssssstttttttttt.' +
                'uuuuuuuuuuvvvvvvvvvvwwwwwwwwwwxxxxxxxxxx.' + 'y.com')

        self.assertEqual(len(sock.sent), 1)
        # check for version and content type (handshake)
        self.assertEqual(sock.sent[0][0:3], bytearray(b'\x16' + b'\x03\x03'))
        # check for handshake message type (client_hello)
        self.assertEqual(sock.sent[0][5:6], bytearray(b'\x01'))
        self.assertEqual(sock.sent[0][5:9], bytearray(b'\x01\x00\x02\x00'))
        # 5 bytes is record layer header, 4 bytes is handshake protocol header
        self.assertEqual(len(sock.sent[0]) - 5 - 4, 512)

예제 #3

파일: test_tlslite_tlsconnection.py 프로젝트: mrniranjan/tlslite-ng

    def test_client_with_server_responing_with_SHA256_on_TLSv1_1(self):
        # socket to generate the faux response
        gen_sock = MockSocket(bytearray(0))

        gen_record_layer = RecordLayer(gen_sock)
        gen_record_layer.version = (3, 2)

        server_hello = ServerHello().create(
            version=(3, 2),
            random=bytearray(32),
            session_id=bytearray(0),
            cipher_suite=CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
            certificate_type=None,
            tackExt=None,
            next_protos_advertised=None,
        )

        for res in gen_record_layer.sendRecord(server_hello):
            if res in (0, 1):
                self.assertTrue(False, "Blocking socket")
            else:
                break

        # test proper
        sock = MockSocket(gen_sock.sent[0])

        conn = TLSConnection(sock)

        with self.assertRaises(TLSLocalAlert) as err:
            conn.handshakeClientCert()

        self.assertEqual(err.exception.description, AlertDescription.illegal_parameter)

예제 #4

파일: test_tlslite_tlsconnection.py 프로젝트: RedHatLab/tlslite-ng

    def test_padding_extension_with_hello_over_256(self):
        sock = self.prepare_mock_socket_with_handshake_failure()

        conn = TLSConnection(sock)
        # create hostname extension
        with self.assertRaises(TLSRemoteAlert):
            # use serverName with 254 bytes
            conn.handshakeClientCert(
                serverName='aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd' +
                           'eeeeeeeeeeffffffffffgggggggggghhhhhhhhhh' +
                           'iiiiiiiiiijjjjjjjjjjkkkkkkkkkkllllllllll' +
                           'mmmmmmmmmmnnnnnnnnnnoooooooooopppppppppp' +
                           'qqqqqqqqqqrrrrrrrrrrsssssssssstttttttttt' +
                           'uuuuuuuuuuvvvvvvvvvvwwwwwwwwwwxxxxxxxxxx' +
                           'yyyyyyyyyy.com')

        self.assertEqual(len(sock.sent), 1)
        # check for version and content type (handshake)
        self.assertEqual(sock.sent[0][0:3], bytearray(
            b'\x16' +
            b'\x03\x03'))
        # check for handshake message type (client_hello)
        self.assertEqual(sock.sent[0][5:6], bytearray(
            b'\x01'))
        self.assertEqual(sock.sent[0][5:9], bytearray(
            b'\x01\x00\x02\x00'))
        # 5 bytes is record layer header, 4 bytes is handshake protocol header
        self.assertEqual(len(sock.sent[0]) - 5 - 4, 512)

예제 #5

 def test_connection_no_rsa_pss(self):
     settings = HandshakeSettings()
     settings.maxVersion = (3, 3)
     # exclude pss as the keys in this module are too small for
     # the needed salt size for sha512 hash
     settings.rsaSchemes = ["pkcs1"]
     conn = TLSConnection(self.client_socket)
     conn.handshakeClientCert(serverName="localhost", settings=settings)
     self.assertIn(conn.session.cipherSuite, CipherSuite.aeadSuites)
     conn.write(bytearray(b"client hello"))
     ret = conn.read(min=len("Conn OK"))
     self.assertEqual(ret, bytearray(b"Conn OK"))

예제 #6

    def test_client_with_server_responing_with_wrong_session_id_in_TLS1_3(
            self):
        # socket to generate the faux response
        gen_sock = MockSocket(bytearray(0))

        gen_record_layer = RecordLayer(gen_sock)
        gen_record_layer.version = (3, 3)

        srv_ext = []
        srv_ext.append(SrvSupportedVersionsExtension().create((3, 4)))
        srv_ext.append(ServerKeyShareExtension().create(KeyShareEntry().create(
            GroupName.secp256r1, bytearray(b'\x03' + b'\x01' * 32))))

        server_hello = ServerHello().create(
            version=(3, 3),
            random=bytearray(32),
            session_id=bytearray(b"test"),
            cipher_suite=CipherSuite.TLS_AES_128_GCM_SHA256,
            certificate_type=None,
            tackExt=None,
            next_protos_advertised=None,
            extensions=srv_ext)

        for res in gen_record_layer.sendRecord(server_hello):
            if res in (0, 1):
                self.assertTrue(False, "Blocking socket")
            else:
                break

        # test proper
        sock = MockSocket(gen_sock.sent[0])

        conn = TLSConnection(sock)

        with self.assertRaises(TLSLocalAlert) as err:
            conn.handshakeClientCert()

        self.assertEqual(err.exception.description,
                         AlertDescription.illegal_parameter)