Ϫf)2 XdZddlmZmZmZddlmZmZddlm Z m Z ddl m Z m Z mZddlmZddlmZmZmZddlmZmZmZdd lmZmZmZdd lmZdd lm Z m!Z!m"Z"dd l#m$Z$dd l%m&Z&ddl'm(Z(ddl)m*Z* ddl+m,Z,ddl-m.Z.m/Z/m0Z0GddZ2GddZ3eeGddZ4Gddee3Z5GddZ6Gdde2eeZ7Gdd ee3Z8Gd!d"e2ee3ee6Z9Gd#d$e2e3e6e!e"eZ:e;jye9j{e;jye7j{e;jye:j{Gd%d&ee e3Z>e;jye>j{y#e1$rdZ,Y$wxYw)'z0 Tests for implementations of L{ITLSTransport}. )OptionalSequenceType) Interface implementer)Deferred DeferredList)SSL4ClientEndpointSSL4ServerEndpointTCP4ClientEndpoint)ConnectionClosed) IReactorSSLIStreamClientEndpoint ITLSTransport) ClientFactoryProtocol ServerFactory)BrokenContextFactoryConnectionTestsMixinEndpointCreator)ReactorBuilder)AbortConnectionMixinConnectToTCPListenerMixinStreamTransportTestsMixin) networkString)FilePath)platform)SkipTest) FILETYPE_PEM)ClientContextFactoryKeyPairPrivateCertificateNcbeZdZUegZeeeee d<e jrdZ e e dZ yy)TLSMixinrequiredInterfaceszcFor some reason, these reactors don't deal with SSL disconnection correctly on Windows. See #3371.)z*twisted.internet.glib2reactor.Glib2Reactorz(twisted.internet.gtk2reactor.Gtk2ReactorN)__name__ __module__ __qualname__rr%rrrr__annotations__r isWindowsmsgskippedReactors@/usr/lib/python3/dist-packages/twisted/internet/test/test_tls.pyr$r$2sI?Jm$y/!:;Kx > ;>8;  r.r$ceZdZddlZeeej jdjdZ [dZ dZ y)ContextGeneratingMixinrNstests server.pemc|jj}tj|t j|t t }|j S)zM Return a new SSL context suitable for use in a test server. )_pem getContentr"loadr!roptions)selfpemcerts r/getServerContextz'ContextGeneratingMixin.getServerContextHsFii""$!&& c<0, ||~r.ctSN)r r7s r/getClientContextz'ContextGeneratingMixin.getClientContextRs #%%r.) r&r'r(twistedrr__file__siblingchildr3r:r>r-r.r/r1r1@sD w//0199'BHHW  &r.r1ceZdZdZdZdZy)StartTLSClientEndpointa! An endpoint which wraps another one and adds a TLS layer immediately when connections are set up. @ivar wrapped: A L{IStreamClientEndpoint} provider which will be used to really set up connections. @ivar contextFactory: A L{ContextFactory} to use to do TLS. c ||_||_yr<)wrappedcontextFactory)r7rFrGs r/__init__zStartTLSClientEndpoint.__init__bs ,r.cjGfddt}jj|S)z Establish a connection using a protocol build by C{factory} and immediately start TLS on it. Return a L{Deferred} which fires with the protocol instance. ceZdZfdZy)6StartTLSClientEndpoint.connect..WrapperFactoryc^j|jffd }|_S)Nc^jjj|yr<) transportstartTLSrG)origprotocolr7s r/connectionMadez\StartTLSClientEndpoint.connect..WrapperFactory.buildProtocol..connectionMadess"&&//0C0CDFr.) buildProtocolrR) wrapperSelfaddrrRrQfactoryr7s @r/rSzDStartTLSClientEndpoint.connect..WrapperFactory.buildProtocolps0"006(0(?(?+9'r.N)r&r'r(rS)rVr7sr/WrapperFactoryrKos r.rW)rrFconnect)r7rVrWs`` r/rXzStartTLSClientEndpoint.connectfs) ] ||##N$455r.N)r&r'r(__doc__rHrXr-r.r/rDrDVs-6r.rDceZdZdZdZdZy)StartTLSClientCreatorz{ Create L{ITLSTransport.startTLS} endpoint for the client, and normal SSL for server just because it's easier. c8t|d|jS)z Construct an SSL server endpoint. This should be constructing a TCP server endpoint which immediately calls C{startTLS} instead, but that is hard. rr r:r7reactors r/serverzStartTLSClientCreator.servers "'1d.C.C.EFFr.cTtt|d|jtS)zS Construct a TCP client endpoint wrapped to immediately start TLS. 127.0.0.1)rDr portr r7r_ serverAddresss r/clientzStartTLSClientCreator.clients)& w ]5G5G H "  r.Nr&r'r(rYr`rfr-r.r/r[r[}s G r.r[ceZdZdZdZy)BadContextTestsMixinz Mixin for L{ReactorBuilder} subclasses which defines a helper for testing the handling of broken context factories. c|j}|jt||t}|j tj t |y)a Assert that the exception raised by a broken context factory's C{getContext} method is raised by some reactor method. If it is not, an exception will be raised to fail the test. @param useIt: A two-argument callable which will be called with a reactor and a broken context factory and which is expected to raise the same exception as the broken context factory's C{getContext} method. N) buildReactor assertRaises ValueErrorr assertEqualmessagestr)r7useItr_excs r/_testBadContextz$BadContextTestsMixin._testBadContextsG##% E7.useIts %%T=?N r.Nrsr7rqs r/test_badContextz#SSLClientTestsMixin.test_badContexts  U#r.c Gddt}|j t}t|_||_|j |_t}t|_||_|j|_|jj|j_ gt|j|jgd}fd}|j| jd|d}|j|j j!|j#j$|j#j&|}|j|j(|j fd |j+ dj-t.d j-t.y ) aO L{ITCPTransport.loseConnection} ends a connection which was set up with L{ITLSTransport.startTLS} and which has recently been written to. This is intended to verify that a socket send error masked by the TLS implementation doesn't prevent the connection from being reported as closed. ceZdZdZdZdZy)QSSLClientTestsMixin.test_disconnectAfterWriteAfterStartTLS..ShortProtocolcZtj|jsB|jj}d|j_|j t dy|jj|jj|jjdy)NzNo ITLSTransport supportx) r providedByrNrVfinishederrbackrrOcontextwrite)r7rs r/rRz`SSLClientTestsMixin.test_disconnectAfterWriteAfterStartTLS..ShortProtocol.connectionMadesx$//?#||44H,0DLL)$$X.H%IJ'' (<(<=$$T*r.cn|jjd|jjy)Ny)rNrloseConnection)r7datas r/ dataReceivedz^SSLClientTestsMixin.test_disconnectAfterWriteAfterStartTLS..ShortProtocol.dataReceiveds( $$T*--/r.cz|jj}|#d|j_|j|yyr<)rVrcallback)r7reasonrs r/connectionLostz`SSLClientTestsMixin.test_disconnectAfterWriteAfterStartTLS..ShortProtocol.connectionLosts8 <<00',0DLL)%%f-(r.N)r&r'r(rRrrr-r.r/ ShortProtocolrs + 0 .r.rT) consumeErrorscDj|dd|ddgy)Nr)extend)resultslostConnectionResultss r/ cbFinishedzNSSLClientTestsMixin.test_disconnectAfterWriteAfterStartTLS..cbFinished"s& ! ( ('!*Q-A)G Hr.rrb) interfacec$jSr<)stop)ignr_s r/zLSSLClientTestsMixin.test_disconnectAfterWriteAfterStartTLS../s r.rN)rrkrrrrQr:rrr>methodr addCallback listenTCP addCleanup stopListening connectTCPgetHosthostrc disconnect runReactortrapr ) r7r serverFactory clientFactoryrrrc connectorrr_s @@r/&test_disconnectAfterWriteAfterStartTLSz:SSLClientTestsMixin.test_disconnectAfterWriteAfterStartTLSsy .H .B##%% !) !.  $ 5 5 7 % !) !.  $ 5 5 7 '4'<'<'C'C $ "  # #]%;%; d|jjdS)zJ Get the expected connection lost message for a TLS port. z (TLS Port z Closed)r)r7rcs r/getExpectedConnectionLostLogMsgz3TLSPortTestsBuilder.getExpectedConnectionLostLogMsgMs DLLN//099r.c,d}|j|y)z If the context factory passed to L{IReactorSSL.listenSSL} raises an exception from its C{getContext} method, that exception is raised by L{IReactorSSL.listenSSL}. c8|jdt|S)Nr)rrrs r/rqz2TLSPortTestsBuilder.test_badContext..useItZs$$Q H Hr.Nrrs r/rz#TLSPortTestsBuilder.test_badContextSs I U#r.cn|j|j|j||jS)a Connect to the given listening TLS port, assuming the underlying transport is TCP. @param reactor: The reactor under test. @type reactor: L{IReactorSSL} @param address: The listening's address. Only the C{port} component is used; see L{ConnectToTCPListenerMixin.LISTENER_HOST}. @type address: L{IPv4Address} or L{IPv6Address} @param factory: The client factory. @type factory: L{ClientFactory} @return: The connector )r LISTENER_HOSTrcr>)r7r_addressrVs r/connectToListenerz%TLSPortTestsBuilder.connectToListener_s6$!!    LL   ! ! #   r.N) r&r'r(rYrrrrrr-r.r/rr5s"F J : $ r.rc*eZdZdZefZeZdZy)AbortSSLConnectionTestsz- C{abortConnection} tests using SSL. c&t tdy)NzOpenSSL not available.)rrr=s r/setUpzAbortSSLConnectionTests.setUps  34 4 r.N) r&r'r(rYrr%rxrvrr-r.r/rr~s& I5r.r)?rYtypingrrrzope.interfacerrtwisted.internet.deferrr twisted.internet.endpointsr r r twisted.internet.errorr twisted.internet.interfacesrrrtwisted.internet.protocolrrr&twisted.internet.test.connectionmixinsrrr#twisted.internet.test.reactormixinsrtwisted.internet.test.test_tcprrrtwisted.python.compatrtwisted.python.filepathrtwisted.python.runtimertwisted.trial.unittestrOpenSSL.cryptortwisted.internet.sslr r!r" ImportErrorr$r1rDr[rirurxr|rglobalsupdatemakeTestCaseClassesrr-r.r/rs ,+19 4 ML ? 0,++W+WV   &&, "##6#6$#6L O-C 0AA,(x9M( "8 .g8  g8TA   A H $88:; )==?@ $&::<= 5(*@ 5 (<<>?C Ls4FF)(F)