U  W[&]@sdZddlmZmZddlmZddlmZddlm Z m Z m Z m Z ddl mZddlmZddlmZdd lmZdd lmZdd lmZdd lZdd lZz0dd lmamZddlmaddlm Z m!Z!Wn"e"k rddZ#e#YnXzddlm$Z%Wne"k rd Z%YnXddl&m'Z'Gdddej(Z)Gdddej(Z*Gddde j+Z,Gddde j+Z-e'e j.Gddde j+Z/ddZ0d d!Z1Gd"d#d#Z2td k rGd$d%d%tj3Z4Gd&d'd'eej5Z6Gd(d)d)ej5Z7Gd*d+d+e7Z8Gd,d-d-ej5Z9Gd.d/d/ej5e2Z:Gd0d1d1Z;Gd2d3d3ej5Ze d d kre6e7e8e9e:eappendr;ranger$r:ServerTLSContextrr(r)serverZ setRawMode)r!r.xZctxrrrr/ks   zLineCollector.lineReceivedcCs|jj|7_|jdSr)r*r=r(r-r!datarrrrawDataReceived|szLineCollector.rawDataReceivedcCs|jddSrr0r2rrrr4szLineCollector.connectionLostN)F) r5r6r7r8r"r&r/rFr4rrrrr9Ss  r9c@seZdZdZddZdS)SingleLineServerProtocolzK A protocol that sends a single line of data at C{connectionMade}. cCs|jd|jdS)N+OK )r(writegetPeerCertificater rrrr&s z'SingleLineServerProtocol.connectionMadeN)r5r6r7r8r&rrrrrGsrGc@s(eZdZdZddZddZddZdS) RecordingClientProtocolzv @ivar deferred: a deferred that will fire with first received content. @type deferred: L{defer.Deferred} cCst|_dSrrr rrrr"sz RecordingClientProtocol.__init__cCs|jdSr)r(rJr rrrr&sz&RecordingClientProtocol.connectionMadecCs|j|dSrr0rDrrr dataReceivedsz$RecordingClientProtocol.dataReceivedN)r5r6r7r8r"r&rLrrrrrKsrKc@s eZdZdZddZddZdS) ImmediatelyDisconnectingProtocolz A protocol that disconnect immediately on connection. It fires the C{connectionDisconnected} deferred of its factory on connetion lost. cCs|jdSrr(r-r rrrhandshakeCompletedsz3ImmediatelyDisconnectingProtocol.handshakeCompletedcCs|jjddSr)r*connectionDisconnectedr1r2rrrr4sz/ImmediatelyDisconnectingProtocol.connectionLostN)r5r6r7r8rOr4rrrrrMsrMcCst}|tjdt}|}||_||_||| |dt }| d| d| d||||||| |d|||fS)z Create a certificate for given C{organization} and C{organizationalUnit}. @return: a tuple of (key, request, certificate) objects. iZmd5r<)rZPKeyZ generate_keyZTYPE_RSAZX509ReqZ get_subjectOZOUZ set_pubkeyZsignZX509Zset_serial_numberZgmtime_adj_notBeforeZgmtime_adj_notAfterZ set_issuerZ set_subjectZ get_pubkey) organizationorganizationalUnitpkeyreqZsubjectcertrrrgenerateCertificateObjectss"      rYc Csnt||\}}}d|tjfd|tjfd|tjffD]6\}}}tj||fd} t |  |tj |q2dS)z Create certificate files key, req and cert prefixed by C{basename} for given C{organization} and C{organizationalUnit}. keyrWrXzutf-8N) rYrZdump_privatekeyZdump_certificate_requestZdump_certificateosextsepjoinencoderZ setContentZ FILETYPE_PEM) basenamerTrUrVrWrXZextobjZdumpFuncZfNamerrrgenerateCertificateFiless   rac@s eZdZdZddZddZdS)ContextGeneratingMixinah Offer methods to create L{ssl.DefaultOpenSSLContextFactory} for both client and server. @ivar clientBase: prefix of client certificate files. @type clientBase: C{str} @ivar serverBase: prefix of server certificate files. @type serverBase: C{str} @ivar clientCtxFactory: a generated context factory to be used in L{IReactorSSL.connectSSL}. @type clientCtxFactory: L{ssl.DefaultOpenSSLContextFactory} @ivar serverCtxFactory: a generated context factory to be used in L{IReactorSSL.listenSSL}. @type serverCtxFactory: L{ssl.DefaultOpenSSLContextFactory} cOsH|}t|||tjtj|dftj|dff||}||fS)NrZrX)mktemprarDefaultOpenSSLContextFactoryr[r\r])r!orgZorgUnitargsZkwArgsbaseserverCtxFactoryrrrmakeContextFactorys z)ContextGeneratingMixin.makeContextFactorycCs,|j||\|_|_|j||\|_|_dSr)riZ clientBaseclientCtxFactoryZ serverBaserh)r!Z clientArgsZ clientKwArgsZ serverArgsZ serverKwArgsrrrsetupServerAndClients z+ContextGeneratingMixin.setupServerAndClientN)r5r6r7r8rirkrrrrrbs rbc@seZdZdZdZddZdS)rAze A context factory with a default method set to L{OpenSSL.SSL.TLSv1_METHOD}. FcOs"tj|d<tjj|f||dS)NZ sslmethod)rZ TLSv1_METHODrrdr")r!rfkwrrrr"s zServerTLSContext.__init__N)r5r6r7r8ZisClientr"rrrrrA srAc@s0eZdZdZddZddZddZdd Zd S) StolenTCPTestszc For SSL transports, test many of the same things which are tested for TCP transports. cCs.tjtt}|}tj||||dS)zY Create an SSL server with a certificate using L{IReactorSSL.listenSSL}. Z interface) rZPrivateCertificateZloadPEMrrZ getContentoptionsr listenSSL)r!address portNumberr*rXcontextFactoryrrr createServerszStolenTCPTests.createServercCst}||||S)zG Create an SSL client using L{IReactorSSL.connectSSL}. )rZCertificateOptions connectSSL)r!rqrrZ clientCreatorrsrrr connectClient'szStolenTCPTests.connectClientcCstjS)z Return L{OpenSSL.SSL.Error} as the expected error type which will be raised by a write to the L{OpenSSL.SSL.Connection} object after it has been closed. )rErrorr rrrgetHandleExceptionType/sz%StolenTCPTests.getHandleExceptionTypecCs$tddkrtdkrtjSdgS)a Return the argument L{OpenSSL.SSL.Error} will be constructed with for this case. This is basically just a random OpenSSL implementation detail. It would be better if this test worked in a way which did not require this. ztwisted.protocols.tlsNZwin32)z SSL routinesZ SSL_writezprotocol is shutdown)r r ZgetTypeerrnoZ WSAENOTSOCKr rrrgetHandleErrorCode8s  z!StolenTCPTests.getHandleErrorCodeN)r5r6r7r8rtrvrxrzrrrrrms   rmc@sFeZdZdZdZdZdZddZdddZdd Z d d Z d d Z dS)TLSTestsz Tests for startTLS support. @ivar fillBuffer: forwarded to L{LineCollector.fillBuffer} @type fillBuffer: C{bool} FNcCs4|jjdk r|jj|jjdk r0|jjdSr) clientProtor(r- serverProtor rrrtearDowncs   zTLSTests.tearDowncs|_t}|_fdd|_|r.d|_nd|_|_t}|_fdd|_|rbd|_nd|_t j d|dd}| |j t d|j|tjjgS) a Helper method to run TLS tests. @param clientProto: protocol instance attached to the client connection. @param serverProto: protocol instance attached to the server connection. @param clientIsServer: flag indicated if client should initiate startTLS instead of server. @return: a L{defer.Deferred} that will fire when both connections are lost. csSrrrr|rrzr<z#TLSTests._runTest..FTcsSrrrr}rrrr<r 127.0.0.1rn)r|r ClientFactory clientFactoryrBr+r} ServerFactory serverFactoryrZ listenTCP addCleanup stopListeningZ connectTCPgetHostportr gatherResultsr)r!r|r}ZclientIsServerZcfZsfrrr|r}r_runTestjs  zTLSTests._runTestcs,fdd}ttdj}||S)z~ Test for server and client startTLS: client should received data both before and after the startTLS. csjjtjtjdSr) assertEqualrr>rr#r,)ignorer rrchecks z TLSTests.test_TLS..checkTrrr9r; addCallbackr!rdrr rtest_TLSs   zTLSTests.test_TLScs,fdd}ttdj}||S)z Test for server startTLS not followed by a startTLS in client: the data received after server startTLS should be received as raw. cs&jjtjjjddS)NzNo encrypted bytes received)rrr>rr#Z assertTruer=Zignoredr rrrs z"TLSTests.test_unTLS..checkFrrrr r test_unTLSs   zTLSTests.test_unTLScs.fdd}tdjtd}||S)z: Test startTLS first initiated by client. csjjtjtjdSr)rrr>rr#r,rr rrrs z)TLSTests.test_backwardsTLS..checkT)rr9r;rrrrr rtest_backwardsTLSs  zTLSTests.test_backwardsTLS)F) r5r6r7r8r;r|r}r~rrrrrrrrr{Vs &r{c@seZdZdZdZdS)SpammyTLSTestszA Test TLS features with bytes sitting in the out buffer. TN)r5r6r7r8r;rrrrrsrc@s$eZdZdZdZddZddZdS)BufferingTestsNcCsB|jjdk r|jj|jjdk r0|jjtt|j|jgSr)r}r(r-r|rrr rrrr~s     zBufferingTests.tearDowncst|_t|_t}t}|_fdd|_fdd|_t t t }t }t j d||dd}||jt d|j||}||jj|jdS)NcsSrrrrrrrr<z6BufferingTests.test_openSSLBuffering..csSrrrrrrrr<rrrnrH)rGr}rKr|rrrr+rrdrClientContextFactoryrrprrrurrZ disconnectrrr)r!rBr+ZsCTXZcCTXrZclientConnectorrrrtest_openSSLBufferings&     z$BufferingTests.test_openSSLBuffering)r5r6r7r}r|r~rrrrrrs rc@s>eZdZdZddZddZedkr*de_dd Zd d Z dS) ConnectionLostTestsz' SSL connection closing tests. csd}||dfi||dfit}tj|_td|j_}t}t |_t |_ t d|j|j|j fddS)Ntwisted.test.test_ssl, client, serverrrcs jSr) serverPortr)Z ignoredResultr rrrr<z=ConnectionLostTests.testImmediateDisconnect..)rkrrProtocolrrprhrrrMr rrPrurrrjr)r!reserverProtocolFactoryrclientProtocolFactoryrr rtestImmediateDisconnects0     z+ConnectionLostTests.testImmediateDisconnectcsttjGdddtj}d}|||dfi||dfi|t}fdd|_td||j }| |j |t }fd d|_t d |j||jd d }tj|j|gS) z Both sides of SSL connection close connection; the connections should close cleanly, and only after the underlying TCP connection has disconnected. c@s(eZdZdZddZddZddZdS) zMConnectionLostTests.test_bothSidesLoseConnection..CloseAfterHandshakeFcSst|_dSr)r rdoner rrrr"szVConnectionLostTests.test_bothSidesLoseConnection..CloseAfterHandshake.__init__cSs|jdSrrNr rrrrOsz`ConnectionLostTests.test_bothSidesLoseConnection..CloseAfterHandshake.handshakeCompletedcSs|j||`dSr)rZerrbackr2rrrr4s z\ConnectionLostTests.test_bothSidesLoseConnection..CloseAfterHandshake.connectionLostN)r5r6r7ZgotDatar"rOr4rrrrCloseAfterHandshakesrrrrcsSrrrserverProtocolrrr&r<zBConnectionLostTests.test_bothSidesLoseConnection..rcsSrrrclientProtocolrrr-r<rcSs|tdSr)trapr )Zfailurerrr checkResult1szEConnectionLostTests.test_bothSidesLoseConnection..checkResult)rrIHandshakeListenerrrrkrrrprhrrrrurrrjr rrZ addErrback)r!rrerrrrrrrrtest_bothSidesLoseConnection s>      z0ConnectionLostTests.test_bothSidesLoseConnectionNz*Old SSL code doesn't always close cleanly.c sd}|||dfi||dfidd}|jtj|t}t |j _ t }fdd|_t d||j|_}t}t |j _ t}fd d|_t d |j||jtj||gd d }||jS) NrrrcWsdS)NFr)arrrverifyAsz4ConnectionLostTests.testFailedVerify..verifycsSrrrrrrrIr<z6ConnectionLostTests.testFailedVerify..rcsSrrrrrrrQr<rT)Z consumeErrors)rkrj getContextZ set_verifyrZ VERIFY_PEERr rrrr1r4rrrprhrrrurrZ DeferredListr _cbLostConns) r!rerZserverConnLostrrZclientConnLostrZdlrrrtestFailedVerify;s<   z$ConnectionLostTests.testFailedVerifycCsh|\\}}\}}||||tjg}trJddlm}|||j||j||j S)Nr)ConnectionLost) assertFalserrwr Z isWindowstwisted.internet.errorrr?rrr)r!ZresultsZsSuccessZsResultZcSuccessZcResultZacceptableErrorsrrrrrYs       z ConnectionLostTests._cbLostConns) r5r6r7r8rrnewTLSskiprrrrrrrs,rc@s0eZdZdZddZddZddZdd Zd S) FakeContextzK L{OpenSSL.SSL.Context} double which can more easily be inspected. cCs||_d|_dS)Nr)_method_options)r!methodrrrr"xszFakeContext.__init__cCs|j|O_dSr)r)r!rorrr set_options}szFakeContext.set_optionscCsdSrrr!ZfileNamerrruse_certificate_filesz FakeContext.use_certificate_filecCsdSrrrrrruse_privatekey_fileszFakeContext.use_privatekey_fileN)r5r6r7r8r"rrrrrrrrts rc@s0eZdZdZddZddZddZdd Zd S) !DefaultOpenSSLContextFactoryTestsz8 Tests for L{ssl.DefaultOpenSSLContextFactory}. cCs"tjtttd|_|j|_dS)N)_contextFactory)rrdrrrsrcontextr rrrsetUps z'DefaultOpenSSLContextFactoryTests.setUpcCsV||jjtj||jjtj@tj||jjtj@||jjtj @dS)z L{ssl.DefaultOpenSSLContextFactory.getContext} returns an SSL context which can use SSLv3 or TLSv1 but not SSLv2. N rrrrZ SSLv23_METHODrZ OP_NO_SSLv2rZ OP_NO_SSLv3Z OP_NO_TLSv1r rrr test_methods z-DefaultOpenSSLContextFactoryTests.test_methodcCs|tjtjt|dS)z Instantiating L{ssl.DefaultOpenSSLContextFactory} with a certificate filename which does not identify an existing file results in the initializer raising L{OpenSSL.SSL.Error}. N) assertRaisesrrwrrdrrcr rrrtest_missingCertificateFiles z=DefaultOpenSSLContextFactoryTests.test_missingCertificateFilecCs|tjtj|tdS)z Instantiating L{ssl.DefaultOpenSSLContextFactory} with a private key filename which does not identify an existing file results in the initializer raising L{OpenSSL.SSL.Error}. N)rrrwrrdrcrr rrrtest_missingPrivateKeyFiles zsf            *3 (  ?i(4