{G_Tc@saddlZddlZddlmZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddl Z ddlZddlZddlZddlZddlmZddlmZejdZejZeaeaeadZdejfdYZd Z d ejfd YZ!d ejfd YZ"yddl#Z#Wne$k re%Z&nXe'Z&de#j(fdYZ)de#j(fdYZ*de#j(fdYZ+dZ,edee'e%e%dZ-edZ.dejfdYZ/e%dZ0e1dkr]e0ndS(iN(t test_support(t HTTPServer(tSimpleHTTPRequestHandlertsslcCsBdjtjtj}tjr>tjj||ndS(Nt ( tjoint tracebacktformat_exceptiontsystexc_infoRtverbosetstdouttwrite(tprefixt exc_format((s)/usr/local/lib/python2.7/test/test_ssl.pyt handle_errors t BasicTestscBseZdZRS(cCsytjtjtjWn(tk rG}|jdkrAqHnXy tjtjtjjWn(tk r}|jdkrqnXdS(Ni (Rtsslwrap_simpletsockettAF_INETtIOErrorterrnot_sock(tselfte((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_sslwrap_simple&s (t__name__t __module__R(((s)/usr/local/lib/python2.7/test/test_ssl.pyR$scs`ttdrXyddlWntk r2nXtjfd}|SSdS(NtPROTOCOL_SSLv2ic syAtjtj}j|jdddtjtjddWn[tjk r}tj d krt j d krdt |krt jd qnX||S( Nii iitdebians squeeze/sidts&Invalid SSL protocol variant specifieds'Patched Ubuntu OpenSSL breaks behaviour(ii iii(Rs squeeze/sidR(RRtsslwrapRtNoneRt CERT_NONERtSSLErrortOPENSSL_VERSION_INFOtplatformtlinux_distributiontstrtunittesttSkipTest(targstkwargstsR(t_ssltfunc(s)/usr/local/lib/python2.7/test/test_ssl.pytfAs(thasattrRR,t ImportErrort functoolstwraps(R-R.((R,R-s)/usr/local/lib/python2.7/test/test_ssl.pytskip_if_broken_ubuntu_ssl8s ! tBasicSocketTestscBszeZdZdZdZdZdZdZej ddZ ej dZ d Z d ZRS( cCs.tjtjtjtjtjtjdS(N(RtPROTOCOL_SSLv23tPROTOCOL_SSLv3tPROTOCOL_TLSv1R!t CERT_OPTIONALt CERT_REQUIRED(R((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_constantsTs cCstj}tjr>tjjd||r0dp3dfn|jttj d|jttj ddtj dddS(Ns RAND_status is %d (%s) ssufficient randomnesssinsufficient randomnessitfoosthis is a random stringgR@( Rt RAND_statusRR RR R t assertRaisest TypeErrortRAND_egdtRAND_add(Rtv((s)/usr/local/lib/python2.7/test/test_ssl.pyt test_random]s   cCstjjtt}tjrBtjj dt j |dn|j |dddddf|j |d dtjjt }tjrtjj dt j |dn|j |d ddfdS(Ns tsubjectt countryNametXYt localityNamesCastle AnthraxtorganizationNamesPython Software Foundationt commonNamet localhosttsubjectAltNametDNSsprojects.developer.nokia.comsprojects.forum.nokia.com(RDRE((RDRE(RFsCastle Anthrax((RFsCastle Anthrax(RGsPython Software Foundation((RGsPython Software Foundation(RHRI((RHRI(RKRI((RKRI(RKsprojects.developer.nokia.com(RKsprojects.forum.nokia.com(RR,t_test_decode_certtCERTFILEtFalseRR RR R tpprinttpformatt assertEqualt NOKIACERT(Rtp((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_parse_certgs $   $ cCstjjt}tjr?tjjdt j |dnd!d#d%d'd)d+d-f}|j |d||j |d|tj d.krd/d0d1d2d3f}nd4d5d6d7d8f}|j |d|dS(9Ns RDtUStstateOrProvinceNametOregonRFt BeavertonRGsPython Software FoundationtorganizationalUnitNamesPython Core DevelopmentRHsnull.python.orgexample.orgt emailAddressspython-dev@python.orgRCtissuerii iRKsaltnull.python.orgexample.comtemails null@python.orguser@example.orgtURIs)http://null.python.orghttp://example.orgs IP Addresss 192.0.2.1s2001:DB8:0:0:0:0:0:1 s RJ(s countryNameRU((s countryNameRU(RVRW((RVRW(s localityNameRX((s localityNameRX(sorganizationNamesPython Software Foundation((sorganizationNamesPython Software Foundation(RYsPython Core Development((RYsPython Core Development(s commonNamesnull.python.orgexample.org((s commonNamesnull.python.orgexample.org(RZspython-dev@python.org((RZspython-dev@python.org(ii i(sDNSsaltnull.python.orgexample.com(R\s null@python.orguser@example.org(R]s)http://null.python.orghttp://example.org(s IP Addresss 192.0.2.1(s IP Addresss2001:DB8:0:0:0:0:0:1 (sDNSsaltnull.python.orgexample.com(R\s null@python.orguser@example.org(R]s)http://null.python.orghttp://example.org(s IP Addresss 192.0.2.1(s IP Addresss ( RR,RLt NULLBYTECERTRR RR R RORPRQR#(RRSRCtsan((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_parse_cert_CVE_2013_4238s0 $   cCsttd}|j}WdQXtj|}tj|}tj|}|j|||jtjds|j d|n|j dtj ds|j d|ndS(Ntrs s-DER-to-PEM didn't include correct header: %r s-DER-to-PEM didn't include correct footer: %r ( topentSVN_PYTHON_ORG_ROOT_CERTtreadRtPEM_cert_to_DER_certtDER_cert_to_PEM_certRQt startswitht PEM_HEADERtfailtendswitht PEM_FOOTER(RR.tpemtd1tp2td2((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_DER_to_PEMsc CsXtj}tj}tj}|j|ttf|j|t|j|t|j |d|j |d|\}}}}}|j |d|j |d|j |d|j |d|j |d|j |d|j |d|j |d|j |d|j |d|j |j dj|||||fdS( Nii iiiiisOpenSSL {:d}.{:d}.{:d}(RtOPENSSL_VERSION_NUMBERR#tOPENSSL_VERSIONtassertIsInstancetinttlongttupleR&tassertGreaterEqualt assertLesstassertLessEqualt assertTrueRgtformat( RtnttR+tmajortminortfixtpatchtstatus((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_openssl_versions*   !tnetworkc Csd }tj|dtjtjtjdtjdd}|j|tjtjtjdtjdd}|j|tjtjtjdtjdd}|jtj d |j|WdQXWdQXdS( Nssvn.python.orgiit cert_reqstcipherstALLtDEFAULTs^$:,;?*'dorothyxsNo cipher can be selected(ssvn.python.orgi( Rttransient_internetRt wrap_socketRRR!tconnecttassertRaisesRegexpR"(RtremoteR+((s)/usr/local/lib/python2.7/test/test_ssl.pyt test_cipherss  cCsJtjtj}tj|}tj|}~|j|ddS(N(RRRRtweakreftrefRQR (RR+tsstwr((s)/usr/local/lib/python2.7/test/test_ssl.pyt test_refcycles cCstjtj}tj|}|jtj|jd|jtj|jtd|jtj|j d|jtj|j tdd|jtj|j d|jtj|j dddS(Nitxs0.0.0.0i(s0.0.0.0i( RRRRR=terrortrecvt recv_intot bytearraytrecvfromt recvfrom_intotsendtsendto(RR+R((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_wrapped_unconnecteds"cCsstjtjtj}|j|j|jt}tj|dtj WdQX|j t |j ddS(NRs!only stream sockets are supported( RRt SOCK_DGRAMt addCleanuptcloseR=tNotImplementedErrorRRR!RQR&t exception(RR+tcx((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_unsupported_dtlss (RRR:RBRTR`RpRRtrequires_resourceRt cpython_onlyRRR(((s)/usr/local/lib/python2.7/test/test_ssl.pyR4Rs    tNetworkedTestscBsteZdZdZdZdZdZeje j dkddZ dZ d Z d ZRS( c Cstjd tjtjtjdtj}|jd|j}|rc|j dn|j tjtjtjdtj }z,y|jdWntj k rnXWd|j Xtjtjtjdtj dt }z|jdWd|j XWdQXdS( Nssvn.python.orgRisPeer cert %s shouldn't be here!tca_certs(ssvn.python.orgi(ssvn.python.orgi(ssvn.python.orgi(RRRRRRR!Rt getpeercertRiRR9R"Rc(RR+tc((s)/usr/local/lib/python2.7/test/test_ssl.pyt test_connects,        c Cstjdmtjtjtjdtjdt}z0|jd|j d|j |j Wd|j XWdQXdS(Nssvn.python.orgRRii(ssvn.python.orgi( RRRRRRR9RcRQt connect_exRzRR(RR+((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_connect_exs  c Cs_tjdJtjtjtjdtjdtdt}z|j t|j d}|j |dt j t jftjg|ggdxtr2y|jPWqtjk r.}|jdtjkrtj|gggdq/|jdtjkr(tjg|ggdq/qXqW|j|jWd|jXWdQXdS( Nssvn.python.orgRRtdo_handshake_on_connectiig@(ssvn.python.orgi(RRRRRRR9RcRNt setblockingRtassertInRt EINPROGRESSt EWOULDBLOCKtselecttTruet do_handshakeR"R)tSSL_ERROR_WANT_READtSSL_ERROR_WANT_WRITERzRR(RR+trcterr((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_non_blocking_connect_exs,      c Cstjdtjtjtjdtjdtdt}zX|j d|j d }|dkr{|j dn|j |t jt jfWd|jXWdQXdS( Nssvn.python.orgRRRgHz>iis$svn.python.org responded too quickly(ssvn.python.orgi(RRRRRRR9RcRNt settimeoutRtskipTestRRtEAGAINRR(RR+R((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_timeout_connect_ex>s     c Csrtjd]tjtjtjdtjdt}z |jt j |j dWd|j XWdQXdS(Nssvn.python.orgRRi(ssvn.python.orgi( RRRRRRR9RcRQRt ECONNREFUSEDRR(RR+((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_connect_ex_errorOs   tnts*Can't use a socket as a file under Windowsc Cstjdtjtjtj}|jd|j}|j}|j t j |d|j t j |jt}t j |dWdQX|j|jjtjWdQXdS(Nssvn.python.orgii(ssvn.python.orgi(RRRRRRRtfilenotmakefileRtosRdtgctcollectR=tOSErrorRQRRtEBADF(RRtfdR.R((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_makefile_closeZs      c Cs4tjdtjtj}|jd|jttj|dtj dt}d}xt ry|d7}|j PWqctj k r}|j dtjkrtj|gggq|j dtjkrtjg|ggqqcXqcW|jtjr*tjjd|nWdQXdS( Nssvn.python.orgiRRiis9 Needed %d calls to do_handshake() to establish session. (ssvn.python.orgi(RRRRRRRNRRR!RRR"R)RRRRR RR R (RR+tcountR((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_non_blocking_handshakens,           c Cstjdtjdtj}|s;|jdnytjdtjdt}Wntjk rpnX|jd|tjd tjdt}|s|jdntj rt j j d|nWdQXdS( Nssvn.python.orgis,No server certificate on svn.python.org:443!Rs-Got server certificate %s for svn.python.org!s3 Verified certificate for svn.python.org:443 is %s (ssvn.python.orgi(ssvn.python.orgi(ssvn.python.orgi( RRRtget_server_certificateR5RiRMR"RcR RR R (RRl((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_get_server_certificates&         c Cs tjdkr&|jdtjn|jdd}tjjtjjtd }t j dtj t j t j d tjd |}z`|j|t jrtjjd ||jftjjd tj|jnWd|jXWdQXdS(Nii iisSHA256 not available on %rs4remote host needs SNI, only available on Python 3.2+ssha256.tbs-internet.comis sha256.pemRRs Cipher with %r is %r sCertificate is: %s (ii iii(ssha256.tbs-internet.comi(RR#RRrRtpathRtdirnamet__file__RRRRRR9RR RR R tcipherRORPRR(RRt sha256_certR+((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_algorithmss" !      (RRRRRRRR'tskipIfRtnameRRRR(((s)/usr/local/lib/python2.7/test/test_ssl.pyRs   $  tThreadedEchoServerc BsreZdejfdYZdddeeeeddZdZ dZ ddZ dZ dZ RS( tConnectionHandlercBsMeZdZdZdZdZdZdZdZdZ RS(sA mildly complicated class, because we want it to work both with and without the SSL wrapper around the socket connection, so that we can test the STARTTLS functionality.cCsQ||_t|_||_|jjdd|_tjj |t |_ dS(Ni( tserverRNtrunningtsockRR tsslconnt threadingtThreadt__init__Rtdaemon(RRtconnsock((s)/usr/local/lib/python2.7/test/test_ssl.pyRs    cCs|jjtjkr|jj}tjr]|jjr]t j j dt j |dn|jjt}tjr|jjrt j j dtt|dqn|jj}tjr|jjrt j j dt|dndS(Ns client cert is s s cert binary is s bytes s" server: connection cipher is now (RtcertreqsRR9RRRR tchattyRR R RORPRR&tlenR(Rtcertt cert_binaryR((s)/usr/local/lib/python2.7/test/test_ssl.pytshow_conn_detailss$*cCsy[tj|jdtd|jjd|jjd|jjd|jjd|jj |_ Wnztj k r}|jj j ||jjrtdt|jjdn|jt|_|jjtSXtSdS( Nt server_sidetcertfilet ssl_versionRRRs' server: bad connection attempt from s: (RRRRRt certificatetprotocoltcacertsRRRR"t conn_errorstappendRRR&t getpeernameRRNRtstop(RR((s)/usr/local/lib/python2.7/test/test_ssl.pyt wrap_conns"     !   cCs*|jr|jjS|jjdSdS(Ni(RRdRR(R((s)/usr/local/lib/python2.7/test/test_ssl.pyRds  cCs-|jr|jj|S|jj|SdS(N(RR RR(Rtbytes((s)/usr/local/lib/python2.7/test/test_ssl.pyR s cCs-|jr|jjn|jjjdS(N(RRRR(R((s)/usr/local/lib/python2.7/test/test_ssl.pyRs cCst|_|jjsVt|jtjr9|j|_n|j sIdS|j nxF|jry|j }|st |_|j n|jdkrtjr|jjrtjjdn|j dS|jjr;|jdkr;tjr|jjrtjjdn|jd|j sJdSn|jjr|jr|jdkrtjr|jjrtjjdn|jd|jjd|_tjrJ|jjrJtjjdqJnrtjr7|jjr7|jrd pd }tjjd t||t|j|fn|j|jWqYtjk r|jjrwtd n|j t |_|jjqYXqYWdS( Ntovers" server: client closed connection tSTARTTLSs2 server: read STARTTLS from client, sending OK... sOK tENDTLSs0 server: read ENDTLS from client, sending OK... s* server: connection is now unencrypted... t encryptedt unencrypteds/ server: read %s (%s), sending back %s (%s)... sTest server failure: (RRRtstarttls_servert isinstanceRRt SSLSocketRRRRdRNRtstripRR tconnectionchattyRR R tunwrapR treprtlowerR"RRR(Rtmsgtctype((s)/usr/local/lib/python2.7/test/test_ssl.pytrunsX           '      )    ( RRt__doc__RRRRdR RR(((s)/usr/local/lib/python2.7/test/test_ssl.pyRs    c CsW|dkrtj}n|dkr0tj}n||_||_||_||_| |_||_ ||_ ||_ t j |_ d|_|rtj|j dtd|jd|jd|jd|jd|j|_ tjr|j rtjjdt|j qntj|j |_t|_g|_tjj|t|_dS(NRRRRRRs& server: wrapped server socket as %s ( R RR7R!RRRRRRRRRRtflagRRRR RR R R&t bind_porttportRNtactiveRRRRR( RRRRRRRRtwrap_accepting_socketR((s)/usr/local/lib/python2.7/test/test_ssl.pyR8s8                 #  cCs$|jtj|jj|S(N(tstartRtEventRtwait(R((s)/usr/local/lib/python2.7/test/test_ssl.pyt __enter__Zs cGs|j|jdS(N(RR(RR)((s)/usr/local/lib/python2.7/test/test_ssl.pyt__exit___s cCs||_tjj|dS(N(RRRR (RR((s)/usr/local/lib/python2.7/test/test_ssl.pyR cs cCs|jjd|jjdt|_|jrB|jjnx|jryr|jj\}}tj r|j rt j j dt|dn|j||}|j|jWqEtjk rqEtk r|jqEXqEW|jjdS(Ng?is server: new connection from s (RRtlistenRRRtsettacceptRR RRR R R&RR RRttimeouttKeyboardInterruptRR(Rtnewconntconnaddrthandler((s)/usr/local/lib/python2.7/test/test_ssl.pyRgs&      cCs t|_dS(N(RNR(R((s)/usr/local/lib/python2.7/test/test_ssl.pyR}sN(RRRRRR RRNRR RR RR(((s)/usr/local/lib/python2.7/test/test_ssl.pyRsv     tAsyncoreEchoServercBsceZdejfdYZdZdZdZdZd dZ dZ dZ RS( t EchoServercBs<eZdejfdYZdZdZdZRS(RcBs>eZdZdZdZdZdZdZRS(cCsDtjj||tj|dtd|dt|_t|_dS(NRRR( tasyncoretdispatcher_with_sendRRRRRNRt_ssl_accepting(RtconnR((s)/usr/local/lib/python2.7/test/test_ssl.pyRs  cCsBt|jtjr>x&|jjdkr:|jqWntS(Ni(RRRRtpendingthandle_read_eventR(R((s)/usr/local/lib/python2.7/test/test_ssl.pytreadablescCsy|jjWntjk ro}|jdtjtjfkrIdS|jdtjkri|jSn?tj k r}|jdt j kr|jSn Xt |_ dS(Ni(RRRR"R)RRt SSL_ERROR_EOFt handle_closeRRt ECONNABORTEDRNR(RR((s)/usr/local/lib/python2.7/test/test_ssl.pyt_do_ssl_handshakes cCsW|jr|jn=|jd}|rS|jdkrS|j|jndS(NiR(RR#RRRR(Rtdata((s)/usr/local/lib/python2.7/test/test_ssl.pyt handle_reads   cCs1|jtjr-tjjd|jndS(Ns server: closed connection %s (RRR RR R R(R((s)/usr/local/lib/python2.7/test/test_ssl.pyR!s  cCsdS(N((R((s)/usr/local/lib/python2.7/test/test_ssl.pyRs(RRRRR#R%R!R(((s)/usr/local/lib/python2.7/test/test_ssl.pyRs      cCsU||_tjj||jtjtjtj |j|_ |j ddS(Ni( RRt dispatcherRt create_socketRRt SOCK_STREAMRRRR(RR((s)/usr/local/lib/python2.7/test/test_ssl.pyRs  cCsI|j\}}tjr2tjjd|n|j||jdS(Ns$ server: new connection from %s:%s (RRR RR R RR(Rtsock_objtaddr((s)/usr/local/lib/python2.7/test/test_ssl.pyt handle_accepts cCsdS(N((R((s)/usr/local/lib/python2.7/test/test_ssl.pyRs(RRRRRRR+R(((s)/usr/local/lib/python2.7/test/test_ssl.pyRs/  cCsPd|_t|_|j||_|jj|_tjj |t |_ dS(N( R RRNRRRRRRRRR(RR((s)/usr/local/lib/python2.7/test/test_ssl.pyRs   cCsd|jj|jfS(Ns<%s %s>(t __class__RR(R((s)/usr/local/lib/python2.7/test/test_ssl.pyt__str__scCs$|jtj|jj|S(N(R RR RR (R((s)/usr/local/lib/python2.7/test/test_ssl.pyR s cGsltjrtjjdn|jtjrBtjjdn|jtjrhtjjdndS(Ns cleanup: stopping server. s! cleanup: joining server thread. s cleanup: successfully joined. (RR RR R RR(RR)((s)/usr/local/lib/python2.7/test/test_ssl.pyRs     cCs||_tjj|dS(N(RRRR (RR((s)/usr/local/lib/python2.7/test/test_ssl.pyR s cCsCt|_|jr"|jjnx|jr>tjdq%WdS(Ng?(RRRRRtloop(R((s)/usr/local/lib/python2.7/test/test_ssl.pyRs    cCst|_|jjdS(N(RNRRR(R((s)/usr/local/lib/python2.7/test/test_ssl.pyRs N( RRRR&RRR-R RR R RR(((s)/usr/local/lib/python2.7/test/test_ssl.pyRsA     tSocketServerHTTPSServercBsdeZdefdYZdefdYZdZdZd dZ dZ dZ RS( t HTTPSServercBs#eZdZdZdZRS(cCs)tj|||||_t|_dS(N(RRRRtallow_reuse_address(Rtserver_addresstRequestHandlerClassR((s)/usr/local/lib/python2.7/test/test_ssl.pyRs cCsd|jj|j|jfS(Ns <%s %s:%s>(R,Rt server_namet server_port(R((s)/usr/local/lib/python2.7/test/test_ssl.pyR-s cCs=|jj\}}tj|dtd|j}||fS(NRR(RRRRRR(RRR*R((s)/usr/local/lib/python2.7/test/test_ssl.pyt get_requests (RRRR-R6(((s)/usr/local/lib/python2.7/test/test_ssl.pyR0s  tRootedHTTPRequestHandlercBs&eZdZdZdZdZRS(s TestHTTPS/1.0cCstj|d}tjjtj|}|jd}td|}|j }xh|D]`}tjj |\}}tjj|\}}||j krq\ntjj ||}q\W|S(sTranslate a /-separated PATH to the local filename syntax. Components that mean special things to the local file system (e.g. drive or directory names) are ignored. (XXX They should probably be diagnosed.) it/N( turlparseRRtnormpathturllibtunquotetsplittfilterR troott splitdriveR(RRtwordstwordtdrivethead((s)/usr/local/lib/python2.7/test/test_ssl.pyttranslate_path s   cGsRtjrNtjjd|jj|jj|jj |j ||fndS(Ns server (%s:%d %s): [%s] %s ( RR RR R RR2R5trequestRtlog_date_time_string(RR{R)((s)/usr/local/lib/python2.7/test/test_ssl.pyt log_message!s      N(RRtserver_versionR R?RERH(((s)/usr/local/lib/python2.7/test/test_ssl.pyR7s cCsrd|_tjjtd|j_|jt df|j||_ |j j |_ t jj|t|_dS(Ni(R RRRR=RMR7R?R0tHOSTRR5RRRRRR(RR((s)/usr/local/lib/python2.7/test/test_ssl.pyR.s cCsd|jj|jfS(Ns<%s %s>(R,RR(R((s)/usr/local/lib/python2.7/test/test_ssl.pyR-7scCs||_tjj|dS(N(RRRR (RR((s)/usr/local/lib/python2.7/test/test_ssl.pyR :s cCs-|jr|jjn|jjddS(Ng?(RRRt serve_forever(R((s)/usr/local/lib/python2.7/test/test_ssl.pyR>s cCs|jjdS(N(Rtshutdown(R((s)/usr/local/lib/python2.7/test/test_ssl.pyRCsN( RRRR0RR7RR-R R RR(((s)/usr/local/lib/python2.7/test/test_ssl.pyR/s+   c Csttdtjdtdt}|y>tjtjd|dtj}|jt |j fWnstj k r}t j rtjjd|dqnFtjk r}t j rtjjd|dqn Xtd Wd QXd S( s Launch a server with CERT_REQUIRED, and check that trying to connect to it with the given client certificate fails. RRRRRs SSLError is %s is socket.error is %s s'Use of invalid cert should have failed!N(RRMRR9RNRRR7RRJRR"RR RR R RtAssertionError(RRR+R((s)/usr/local/lib/python2.7/test/test_ssl.pyt bad_cert_testGs      sFOO c Cst|d|d|d|d|d|d| d| } | |dkrR|}ntjtjd|d |d|d |d|} | jt| jfx|t|t |gD]} | rt j rt j jd t| qn| j| | j}| r4t j r4t j jd t|q4n||jkrtd |tt|d t||tt|d jt|fqqW| jd| rt j rt j jdqn| jWdQXdS(sc Launch a server, connect a client to it and try various reads and writes. RRRRRRR RRRs client: sending %s... s client: read %s s4bad data <<%s>> (%d) received; expected <<%s>> (%d) isover s client: closing connection. N(RR RRRRRJRRt memoryviewRR RR R RRdRRMtminRR(RRRt cacertsfiletclient_certfiletclient_protocoltindataRRRR RR+targtoutdata((s)/usr/local/lib/python2.7/test/test_ssl.pytserver_params_test^sL     "      6  c CsA|dkrtj}nidtj6dtj6dtj6|}tjr|rUdpXd}tjj |tj |tj ||fny)t t ||t t |dddt WnStjk r|r=q=netjk r }|s|jtjkr=q=n2X|s=td tj |tj |fndS( NR!R8R9s %s->%s %s s {%s->%s} %s RRRs5Client protocol %s succeeded with server protocol %s!(R RR!R8R9RR RR R tget_protocol_nameRWRMRNR"RRRt ECONNRESETRM(tserver_protocolRStexpect_successt certsreqstcerttypet formatstrR((s)/usr/local/lib/python2.7/test/test_ssl.pyttry_protocol_combos8              t ThreadedTestscBseZdZedZdZdZdZdZdZ edZ edZ ed Z ed Z d Zd Zd ZdZdZdZdZRS(cstjtjtjtjtfd}fd}tjd|}|jz |Wd|jXdS(s|A brutal shutdown of an SSL server should raise an IOError in the client when attempting handshake. cs9jdjjjjdS(Ni(RRRR((t listener_gonetlistener_readyR+(s)/usr/local/lib/python2.7/test/test_ssl.pytlisteners     cskjtj}|jtfjytj|}Wntk rYnXjddS(Ns2connecting to closed SSL socket should have failed(R RRRJRRRRi(Rtssl_sock(RaRbRR(s)/usr/local/lib/python2.7/test/test_ssl.pyt connectors    ttargetN( RR RRRRJRR R(RRcReR}((RaRbRR+Rs)/usr/local/lib/python2.7/test/test_ssl.pyttest_rude_shutdowns      c CsNtjrtjjdntttjtj tttjdt dt dS(s2Basic test of an SSL client connecting to a servers RRN( RR RR R RWRMRR7R!R(R((s)/usr/local/lib/python2.7/test/test_ssl.pyt test_echos  cCsntjrtjjdntj}ttdtj dtj dtdt }|tj tjdtdtdtj dtj }|jt|jf|j}|j|d |j}tjrtjjtj|dtjjd t|d nd |kr:|jd tj|nd|d krZ|jdn|jWdQXdS(Ns RRRRRRRsCan't get peer certificate.sConnection cipher is s. RCs$No subject field in certificate: %s.RGsPython Software FoundationskMissing or invalid 'organizationName' field in certificate subject; should be 'Python Software Foundation'.(sorganizationNamesPython Software Foundation((sorganizationNamesPython Software Foundation(RR RR R RRRMRR!R5RNRR9RRJRRRzRRORPR&RiR(Rts2RR+RR((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_getpeercerts:           !    cCs2ttjjtjjtp$tjddS(s"Connecting with an empty cert files nullcert.pemN(RNRRRRRtcurdir(R((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_empty_cert s$cCs2ttjjtjjtp$tjddS(s<Connecting with a badly formatted certificate (syntax error)s badcert.pemN(RNRRRRRRk(R((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_malformed_cert s$cCs2ttjjtjjtp$tjddS(s(Connecting with a non-existing cert files wrongcert.pemN(RNRRRRRRk(R((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_nonexisting_certs$cCs2ttjjtjjtp$tjddS(s4Connecting with a badly formatted key (syntax error)s badkey.pemN(RNRRRRRRk(R((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_malformed_keys$cCstjrtjjdnttds;|jdnttj tj t ttj tj t tj ttj tj t tj ttj tj tttj tjtttj tjtdS(s9Connecting to an SSLv2 server with various client optionss RsPROTOCOL_SSLv2 neededN(RR RR R R/RRR_RRR8R9R5RNR6R7(R((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_protocol_sslv2s cCs tjrtjjdnttjtjt ttjtjt ttjtj t ttjtjt tj ttjtjt tj ttjtj t tj ttjtjt tj ttjtjt tj ttjtj t tj dS(s:Connecting to an SSLv23 server with various client optionss N( RR RR R R_RR5R6RR7R8R9(R((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_protocol_sslv23(s cCstjrtjjdnttjtjtttjtjttj ttjtjttj t tdrttjtj t nttjtjt dS(s9Connecting to an SSLv3 server with various client optionss RN(RR RR R R_RR6RR8R9R/RRNR7(R((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_protocol_sslv39s cCstjrtjjdnttjtjtttjtjttj ttjtjttj t tdrttjtj t nttjtjt dS(s8Connecting to a TLSv1 server with various client optionss RN(RR RR R R_RR7RR8R9R/RRNR6(R((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_protocol_tlsv1Es c CsCd}ttd tjd td td t}t}|tj}|jd |jt |j ft j rt jjdnxh|D]`}t j rt jjdt|n|r|j||j}n|j||jd}|dkrd|jjjdrdt j rCt jjdt|ntj|d tj}t}q|dkr|jjjdrt j rt jjdt|n|j}t}qt j rt jjdt|qqWt j r t jjdn|r"|jdn |jd|jWdQXdS(s6Switching from clear text to encrypted and back again.smsg 1sMSG 2RsMSG 3smsg 4Rsmsg 5smsg 6RRRRis s client: sending %s... itoks/ client: read %s from server, starting TLS... s- client: read %s from server, ending TLS... s client: read %s from server s client: closing connection. sover N(smsg 1sMSG 2sSTARTTLSsMSG 3smsg 4sENDTLSsmsg 5smsg 6(RRMRR7RRNRRRRJRRR RR R RRdRRRRRgRRR(RtmsgsRtwrappedR+RTRRV((s)/usr/local/lib/python2.7/test/test_ssl.pyt test_starttlsQs^                        cCsett}tj}|j||jztjrNtj j dnt td}|j }WdQXd}d|j tjjtdf}tjtj|}WdQX|jjd}|r.t|dkr.|j t|}tjr.tj j d t||fq.n|j|j||Wd|j|jXdS( s:Using a SocketServer to create and manage SSL connections.s trbNRshttps://127.0.0.1:%d/%siscontent-lengthis/ client: read %d bytes from remote server '%s' (R/RMRR R R RR RR R RbRdRRRR=tcheck_py3k_warningsR;turlopentinfot getheaderRtRRRQRR(RRRR.RmRoturltdlen((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_socketservers2           c CsTtjrtjjdntttjtj tttjdt dt dt dS(s)Check the accept() method on SSL sockets.s RRR N( RR RR R RWRMRR5R9R(R((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_wrapped_accepts   c Csld}tjr"tjjdntt}|2tjt j }|j d|j ftjrtjjdt |n|j||j }tjrtjjdt |n||jkr/|jd|tt|d t||tt|d jt|fn|jdtjrXtjjd n|jWd QXd S( s'Check the example asyncore integration.sTEST MESSAGE of mixed case s s 127.0.0.1s client: sending %s... s client: read %s s4bad data <<%s>> (%d) received; expected <<%s>> (%d) isover s client: closing connection. N(RR RR R RRMRRRRRRRdRRiRPRR(RRTRR+RV((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_asyncore_servers.       0  cstjrtjjdnttdtjdtj dtdt dt }|Itj t j dt dtd td tjdtj jt|jffd }fd }d jt gfdjt dgfdjt gfg}djt gfdjt dgfd|t gfd|t gfg}d}x |D]\}}} } ||} y|| jdd| j} | jdd} | | jkr|jd|| d t| | d t| fnWqWtk rX} | r&|jd|fnt| j|sY|jd|| fqYqWXqWWx|D] \}}} } ||} yj| jdd|| } | jdd} | | jkr|jd|| d t| | d t| fnWqdtk ro} | r3|jd|fnt| j|sb|jd|| fnjqdXqdWjdjddjWdQXdS( s Test recv(), send() and friends.s RRRRRRRRRcs'tdd}j|}|| S(Ntid(RR(tbR(R+(s)/usr/local/lib/python2.7/test/test_ssl.pyt _recv_intoscs-tdd}j|\}}|| S(NRid(RR(RRR*(R+(s)/usr/local/lib/python2.7/test/test_ssl.pyt_recvfrom_intosRRs some.addresstsendallRRRRuPREFIX_tASCIItstrictsNWhile sending with <<%s>> bad data <<%r>> (%d) received; expected <<%r>> (%d) is8Failed to send with method <<%s>>; expected to succeed. s;Method <<%s>> failed with unexpected exception message: %s sPWhile receiving with <<%s>> bad data <<%r>> (%d) received; expected <<%r>> (%d) s;Failed to receive with method <<%s>>; expected to succeed. sover N( RR RR R RRMRR!R7RRNRRRRJRRRRRRtencodeRdtdecodeRRiRt ValueErrorR&RgR(RRRRt send_methodst recv_methodst data_prefixt meth_namet send_methR[R)RTRVRt recv_meth((R+s)/usr/local/lib/python2.7/test/test_ssl.pyttest_recv_sends           cs\tjtjd}tj}tjtfd}tjd|}|jj zzRtjtj}|j d|j ||f|j t jdt j|Wd|jXzTtjtj}|j dt j|}|j t jd|j ||fWd|jXWdt|jjXdS(Ns 127.0.0.1csxjdjg}xTsstjgggd\}}}|kr |jjdq q WdS(Nig?i(RRRRR(tconnsRatwR(tfinishRtstarted(s)/usr/local/lib/python2.7/test/test_ssl.pytserve@s   $ Rfg?s timed out(RRRRRR RNRR R RRRRR"RRRR(RthostRRR}R((RRRs)/usr/local/lib/python2.7/test/test_ssl.pyttest_handshake_timeout8s6        c Csttdtjdt}tj}zy"tj|dtjdd}Wn!tjk rr|jdnX|j t tjf|j t |j fWdQXWd|jXWdQX|jdt|jddS(NRRRtDESsno DES cipher availablesno shared cipheri(RRMRR5RNRRR"RR=RRRJRRRR&R(RRRR+((s)/usr/local/lib/python2.7/test/test_ssl.pyttest_default_ciphersgs        (RRRgR3RhRjRlRmRnRoRpRqRrRsRwRRRRRR(((s)/usr/local/lib/python2.7/test/test_ssl.pyR`s$ (      8  k /cCstjjtjjtp!tjdatjjtjjtpKtjdatjjtjjtputjdatjjtjjtptjda tjj t stjj t stjj t stjj t  rt j dnt tg}t jdr1|jtntrkt j}|rkt jdrk|jtqknzt j|Wdtrt j|nXdS(Ns keycert.pemshttps_svn_python_org_root.pems nokia.pemsnullbytecert.pemsCan't read certificate files!R(RRRRRRkRMRcRRR^texistsRt TestFailedRR4tis_resource_enabledRRt _have_threadstthreading_setupR`t run_unittesttthreading_cleanup(R ttestst thread_info((s)/usr/local/lib/python2.7/test/test_ssl.pyt test_main{s2!   ! !   t__main__(2RR'ttestRRRRttimeRRRROR;R9RRR1R$tBaseHTTPServerRtSimpleHTTPServerRt import_moduleRRJR RMRcR^RtTestCaseRR3R4RRR0RNRRRRRR/RNRWR_R`RR(((s)/usr/local/lib/python2.7/test/test_ssl.pytsZ                   l[   0 % "