def test_well_known_endpoints(managed_process, protocol, endpoint, provider, cipher): port = "443" client_options = ProviderOptions(mode=Provider.ClientMode, host=endpoint, port=port, insecure=False, trust_store=TRUST_STORE_BUNDLE, protocol=protocol, cipher=cipher) if get_flag(S2N_FIPS_MODE) is True: client_options.trust_store = "../integration/trust-store/ca-bundle.trust.crt" else: client_options.trust_store = "../integration/trust-store/ca-bundle.crt" client = managed_process(provider, client_options, timeout=5) expected_result = EXPECTED_RESULTS.get((endpoint, cipher), None) for results in client.get_results(): assert results.exception is None assert results.exit_code == 0 if expected_result is not None: assert bytes( expected_result['cipher'].encode('utf-8')) in results.stdout assert bytes( expected_result['kem'].encode('utf-8')) in results.stdout
def test_well_known_endpoints(managed_process, protocol, endpoint, provider, cipher): port = "443" client_options = ProviderOptions(mode=Provider.ClientMode, host=endpoint, port=port, insecure=False, trust_store=TRUST_STORE_BUNDLE, protocol=protocol, cipher=cipher) if get_flag(S2N_FIPS_MODE) is True: client_options.trust_store = "../integration/trust-store/ca-bundle.trust.crt" else: client_options.trust_store = "../integration/trust-store/ca-bundle.crt" # expect_stderr=True because S2N sometimes receives OCSP responses: # https://github.com/aws/s2n-tls/blob/14ed186a13c1ffae7fbb036ed5d2849ce7c17403/bin/echo.c#L180-L184 client = managed_process(provider, client_options, timeout=5, expect_stderr=True) expected_result = EXPECTED_RESULTS.get((endpoint, cipher), None) for results in client.get_results(): results.assert_success() if expected_result is not None: assert to_bytes(expected_result['cipher']) in results.stdout assert to_bytes(expected_result['kem']) in results.stdout
def test_s2n_client_signature_algorithms(managed_process, cipher, provider, protocol, certificate, signature, client_auth): port = next(available_ports) random_bytes = data_bytes(64) client_options = ProviderOptions(mode=Provider.ClientMode, host="localhost", port=port, cipher=cipher, data_to_send=random_bytes, insecure=True, use_client_auth=client_auth, key=certificate.key, cert=certificate.cert, protocol=protocol) server_options = copy.copy(client_options) server_options.data_to_send = None server_options.mode = Provider.ServerMode server_options.key = certificate.key server_options.cert = certificate.cert server_options.trust_store = certificate.cert server_options.extra_flags = ['-sigalgs', signature.name] if client_auth is True: client_options.trust_store = Certificates.RSA_2048_SHA256_WILDCARD.cert server_options.key = Certificates.RSA_2048_SHA256_WILDCARD.key server_options.cert = Certificates.RSA_2048_SHA256_WILDCARD.cert if signature.sig_type == 'RSA-PSS': client_options.trust_store = Certificates.RSA_PSS_2048_SHA256.cert server_options.key = Certificates.RSA_PSS_2048_SHA256.key server_options.cert = Certificates.RSA_PSS_2048_SHA256.cert elif signature.sig_type == 'ECDSA': client_options.trust_store = Certificates.ECDSA_256.cert server_options.key = Certificates.ECDSA_256.key server_options.cert = Certificates.ECDSA_256.cert server = managed_process(provider, server_options, timeout=5) client = managed_process(S2N, client_options, timeout=5) for results in server.get_results(): assert results.exception is None assert results.exit_code == 0 assert bytes('Shared Signature Algorithms: {}+{}'.format( signature.sig_type, signature.sig_digest).encode('utf-8')) in results.stdout assert random_bytes in results.stdout expected_version = get_expected_s2n_version(protocol, provider) for results in client.get_results(): assert results.exception is None assert results.exit_code == 0 assert bytes("Actual protocol version: {}".format( expected_version).encode('utf-8')) in results.stdout
def setup_provider_options(mode, port, cipher, curve, certificate, data_to_send, client_psk_params): options = ProviderOptions(host="localhost", port=port, cipher=cipher, curve=curve, insecure=True, protocol=Protocols.TLS13, data_to_send=data_to_send, mode=mode, extra_flags=client_psk_params) if certificate: options.key = certificate.key options.cert = certificate.cert options.trust_store = certificate.cert return options