ÿØÿàJFIFÿþ ÿÛC       ÿÛC ÿÀÿÄÿÄ"#QrÿÄÿÄ&1!A"2qQaáÿÚ ?Øy,æ/3JæݹÈ߲؋5êXw²±ÉyˆR”¾I0ó2—PI¾IÌÚiMö¯–þrìN&"KgX:Šíµ•nTJnLK„…@!‰-ý ùúmë;ºgµŒ&ó±hw’¯Õ@”Ü— 9ñ-ë.²1<yà‚¹ïQÐU„ہ?.’¦èûbß±©Ö«Âw*VŒ) `$‰bØԟ’ëXÖ-ËTÜíGÚ3ð«g Ÿ§¯—Jx„–’U/ÂÅv_s(Hÿ@TñJÑãõçn­‚!ÈgfbÓc­:él[ðQe 9ÀPLbÃãCµm[5¿ç'ªjglå‡Ûí_§Úõl-;"PkÞÞÁQâ¼_Ñ^¢SŸx?"¸¦ùY騐ÒOÈ q’`~~ÚtËU¹CڒêV  I1Áß_ÿÙ |Jc@s~dZddlmZddlmZddlmZddlmZddlm Z ddl m Z m Z m Z mZmZmZddlmZmZmZmZmZmZdd lmZmZmZmZdd lmZmZmZdd lmZm Z m!Z!dd l"m#Z#dd l$m%Z%m&Z&ddl$m'Z'm(Z(m)Z)m*Z*m+Z+yddlm,Z,Wne-k re.Z,nXyddlm/Z/Wne-k re.Z/nXyddlm0Z0Wne-k re.Z0nXdZ1de#fdYZ2de#fdYZ3de#fdYZ4de#fdYZ5dZ6de#fdYZ7e8dkrze ndS( s Unit tests for L{OpenSSL.SSL}. i(tplatform(tsocket(tmakedirs(tjoin(tmain(tTYPE_RSAt FILETYPE_PEMtPKeytdump_privatekeytload_certificatetload_privatekey(t WantReadErrortContextt ContextTypet ConnectiontConnectionTypetError(t SSLv2_METHODt SSLv3_METHODt SSLv23_METHODt TLSv1_METHOD(t OP_NO_SSLv2t OP_NO_SSLv3tOP_SINGLE_DH_USE(t VERIFY_PEERtVERIFY_FAIL_IF_NO_PEER_CERTtVERIFY_CLIENT_ONCE(tTestCase(tcleartextCertificatePEMtcleartextPrivateKeyPEM(tclient_cert_pemtclient_key_pemtserver_cert_pemtserver_key_pemt root_cert_pem(tOP_NO_QUERY_MTU(tOP_COOKIE_EXCHANGE(t OP_NO_TICKETcCst}|jd|jdt}|jt|jd|jdf|jt|jd}|j d|j ddkst |j d|j ddkst |jt|jt||fS( sQ Establish and return a pair of network sockets connected to each other. tiis 127.0.0.1txity(R&i( Rtbindtlistent setblockingtFalset connect_ext getsocknametTruetaccepttsendtrecvtAssertionError(tporttclienttserver((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt socket_pair#s          t ContextTestscBseZdZdZdZdZdZdZdZdZ dZ d Z e dkrln d Z d ZdZdZRS(s0 Unit tests for L{OpenSSL.SSL.Context}. cCsQx$ttttgD]}t|qW|jttd|jttddS(s L{Context} can be instantiated with one of L{SSLv2_METHOD}, L{SSLv3_METHOD}, L{SSLv23_METHOD}, or L{TLSv1_METHOD}. R&i N(RRRRR t assertRaisest TypeErrort ValueError(tselftmeth((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt test_methodEscCs'|jtt|jtdtdS(s L{Context} and L{ContextType} refer to the same type object and can be used to create instances of that type. R N(tassertIdenticalR R tassertConsistentTypeR(R<((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt test_typePscCsLt}|jtdtt}|j||jt|jddS(sU L{Context.use_privatekey} takes an L{OpenSSL.crypto.PKey} instance. iR&N(Rt generate_keyRR Rtuse_privatekeyR9R:(R<tkeytctx((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_use_privatekeyYs    cs t}|jtd|j}t|d}d|jtt|d|jgfd}t t }|j ||j ||j td|j tddt|j tddt|jddd d S( s L{Context.set_passwd_cb} accepts a callable which will be invoked when a private key is loaded from an encrypted PEM. itwtfoobartblowfishcsj|||fS(N(tappend(tmaxlentverifytextra(t calledWitht passphrase(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytpassphraseCallbackrsiiiN(RRBRtmktemptfiletwriteRRtcloseR Rt set_passwd_cbtuse_privatekey_filet assertTruetlent isinstancetintt assertEqualtNone(R<RDtpemFiletfObjRPtcontext((RNROsH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_passwd_cbds       cst\}}ttt|}|jgfd}tt}|j||jttt |j t tt t||}|j xCsx6||fD](}y|jWqtk rqXqWqW|jdS(s L{Context.set_info_callback} accepts a callable which will be invoked when certain information about an SSL connection is available. csj|||fdS(N(RJ(tconntwheretret(tcalled(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytinfosN(R7RR Rtset_connect_statetset_info_callbacktuse_certificateR RRRCR Rtset_accept_statet do_handshakeR RW(R<R6R5t clientSSLReR_t serverSSLtssl((RdsH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_info_callback~s(       c Gst\}}tt}|j||jtdt||}|jtt}|jt t t |j t t tt||}|jxMtdD]?}x6||fD](} y| jWqtk rqXqWqW|j} |j| jjddS(NcSs|S(N((Ratcertterrnotdeptht preverify_ok((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytR&isTesting Root CA(R7R Rtload_verify_locationst set_verifyRRRfRhR RRRCR RRitrangeRjR tget_peer_certificateR[t get_subjecttCN( R<targsR6R5t clientContextRkt serverContextRltiRmRo((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_load_verify_locations_tests.         cCsC|j}t|d}|jt|j|j|dS(s L{Context.load_verify_locations} accepts a file name and uses the certificates within for verification purposes. RGN(RQRRRSRRTR~(R<tcafileR^((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_load_verify_files    cCs,tt}|jt|j|jdS(sm L{Context.load_verify_locations} raises L{Error} when passed a non-existent cafile. N(R RR9RRtRQ(R<R{((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_load_verify_invalid_files cCs_|j}t|t|d}t|d}|jt|j|jd|dS(s L{Context.load_verify_locations} accepts a directory name and uses the certificates within for verification purposes. s c7adac82.0RGN( RQRRRRRSRRTR~R\(R<tcapathRR^((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_load_verify_directorys    tdarwintwin32cCstt}|j|jtdt}|jdt||}|j|j |j d|j |j ddS(s L{Context.set_default_verify_paths} causes the platform-specific CA certificate locations to be used for verification purposes. cSs|S(N((RaRoRpRqRr((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRsR&s verisign.comisGET / HTTP/1.0 iN(s verisign.comi( R Rtset_default_verify_pathsRuRRtconnectRRfRjR1RWR2(R<R_R5Rk((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_default_verify_pathss        cCsRtt}|jt|jd|jt|jd|jt|jddS(sv L{Context.set_default_verify_paths} takes no arguments and raises L{TypeError} if given any. iR&N(R RR9R:RR\(R<R_((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt'test_set_default_verify_paths_signatures cCs[tt}|jt|j|jt|jt|jt|jttdS(s L{Context.add_extra_chain_cert} raises L{TypeError} if called with other than one argument or if called with an object which is not an instance of L{X509}. N(R RR9R:tadd_extra_chain_certtobject(R<R_((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt&test_add_extra_chain_cert_invalid_certs cCs&tt}|jtttdS(sv L{Context.add_extra_chain_cert} accepts an L{X509} instance to add to the certificate chain. N(R RRR RR(R<R_((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_add_extra_chain_cert%s (RR(t__name__t __module__t__doc__R>RARFR`RnR~RRRRRRRR(((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR8As   " &    tConnectionTestscBseZdZdZRS(s3 Unit tests for L{OpenSSL.SSL.Connection}. cCs6|jtttt}|jtd|ddS(s L{Connection} and L{ConnectionType} refer to the same type object and can be used to create instances of that type. RN(R?RRR RR@R\(R<RE((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRA5s (RRRRA(((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR1st ErrorTestscBseZdZdZRS(s. Unit tests for L{OpenSSL.SSL.Error}. cCs-|jttt|jtjddS(s0 L{Error} is an exception type. RN(RWt issubclassRt ExceptionR[R(R<((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRADs(RRRRA(((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR@stConstantsTestscBsVeZdZedk r$dZnedk r<dZnedk rTdZ nRS(s Tests for the values of constants exposed in L{OpenSSL.SSL}. These are values defined by OpenSSL intended only to be used as flags to OpenSSL APIs. The only assertions it seems can be made about them is their values. cCs|jtddS(s The value of L{OpenSSL.SSL.OP_NO_QUERY_MTU} is 0x1000, the value of I{SSL_OP_NO_QUERY_MTU} defined by I{openssl/ssl.h}. iN(R[R#(R<((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_op_no_query_mtuWscCs|jtddS(s The value of L{OpenSSL.SSL.OP_COOKIE_EXCHANGE} is 0x2000, the value of I{SSL_OP_COOKIE_EXCHANGE} defined by I{openssl/ssl.h}. i N(R[R$(R<((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_op_cookie_exchangebscCs|jtddS(s The value of L{OpenSSL.SSL.OP_NO_TICKET} is 0x4000, the value of I{SSL_OP_NO_TICKET} defined by I{openssl/ssl.h}. i@N(R[R%(R<((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_op_no_ticketmsN( RRRR#R\RR$RR%R(((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRMs    cCs|S(N((RaRoterrnumRqtok((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt verify_cbxstMemoryBIOTestscBseZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdZdZdZdZRS(sA Tests for L{OpenSSL.SSL.Connection} using a memory BIO. cCstt}|jttBtB|jttBt Bt |j }|j t tt|jttt|j|jtttt||}|j|S(sc Create a new server-side SSL L{Connection} object wrapped around C{sock}. (R Rt set_optionsRRRRuRRRRtget_cert_storeRCR RR!RhR R tcheck_privatekeytadd_certR"RRi(R<tsockt server_ctxt server_storet server_conn((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_servers    cCstt}|jttBtB|jttBt Bt |j }|j t tt|jttt|j|jtttt||}|j|S(sc Create a new client-side SSL L{Connection} object wrapped around C{sock}. (R RRRRRRuRRRRRRCR RRRhR RRRR"RRf(R<Rt client_ctxt client_storet client_conn((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_clients    cCst}x|rt}x||f||fgD]\}}y|jd}Wntk r`n X||fSxEtry|jd}Wntk rPqnXt}|j|qnWq.Wq WdS(s Try to read application bytes from each of the two L{Connection} objects. Copy bytes back and forth between their send/receive buffers for as long as there is anything to copy. When there is nothing more to copy, return C{None}. If one of them actually manages to deliver some application bytes, return a two-tuple of the connection from which the bytes were read and the bytes themselves. iiiNi(R/R,R2R tbio_readt bio_write(R<RRtwrotetreadRStbytestdirty((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt _loopbacks"       cCs|jd}|jd}|j|jd|j|jd|j|jd|j|j||d|j|jd|j|jd|j|jd|j |j|j|j |j|j|j |j|j|j |j|jd}|j ||j |j||||f|j |ddd|j |j||||dddfdS(s Two L{Connection}s which use memory BIOs can be manually connected by reading from the output of each and writing those bytes to the input of the other and in this way establish a connection and exchange application-level bytes with each other. sOne if by land, two if by sea.Ni( RR\RR?t master_keyt client_randomt server_randomRtassertNotIdenticalt assertEqualstassertNotEqualsRS(R<RRtimportant_message((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_memoryConnects,  c Cst\}}|j|}|j|}t}xO|st}x<||fD].}y|jWqOtk r|t}qOXqOWq6Wd}|j||jd}|j |||ddd}|j||jd}|j ||dS(s Just like L{test_memoryConnect} but with an actual socket. This is primarily to rule out the memory BIO code as the source of any problems encountered while passing data over a L{Connection} (if this test fails, there must be a problem outside the memory BIO code, as no memory BIO is involved here). Even though this isn't a memory BIO test, it's convenient to have it here. s,Help me Obi Wan Kenobi, you're my only hope.iNi( R7RRR,R/RjR R1R2R[( R<R6R5RRt establishedRmRtmsg((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_socketConnects&     cCsgtt}t}t||}|jt|jd|jt|jd|jt|jdS(s Test that L{OpenSSL.SSL.bio_read} and L{OpenSSL.SSL.bio_write} don't work on L{OpenSSL.SSL.Connection}() that use sockets. idtfooN( R RRRR9R:RRt bio_shutdown(R<R_R5Rk((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_socketOverridesMemory,s   cCs|jd}|jd}|j||d}|jd|}|j||k|j||\}}|j|||jt||dS(s  If more bytes than can be written to the memory BIO are passed to L{Connection.send} at once, the number of bytes which were written is returned and that many bytes from the beginning of the input can be read from the other end of the connection. iiR'Ni( RR\RRR1RWR?RRX(R<R6R5tsizetsenttreceivertreceived((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_outgoingOverflow9scCsH|jd}|j|jt|jd}|j|jtdS(s{ L{Connection.bio_shutdown} signals the end of the data stream from which the L{Connection} reads. iN(RR\RR9RR2Rt __class__(R<R6te((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt test_shutdownTs cCs|jd}|jd}|j|jg|j|jg|j}||}|j|jg|j|j||j|||j|j||j|j|dS(s Verify the return value of the C{get_client_ca_list} method for server and client connections. @param func: A function which will be called with the server context before the client and server are connected to each other. This function should specify a list of CAs for the server to send to the client and return that same list. The list will be used to verify that C{get_client_ca_list} returns the proper value at various times. N(RR\RR[tget_client_ca_listt get_contextR(R<tfuncR6R5REtexpected((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_check_client_ca_listas   cCsXtt}|jt|jd|jt|jdg|j|jgddS(s L{Context.set_client_ca_list} raises a L{TypeError} if called with a non-list or a list that contains objects other than X509Names. tspamN(R RR9R:tset_client_ca_listR?R\(R<RE((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_client_ca_list_errorsys cCsd}|j|dS(s If passed an empty list, L{Context.set_client_ca_list} configures the context to send no CA names to the client and, on both the server and client sides, L{Connection.get_client_ca_list} returns an empty list after the connection is set up. cSs|jggS(N(R(RE((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytno_cas N(R(R<R((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_empty_ca_lists cs;ttt}|jfd}|j|dS(sK If passed a list containing a single X509Name, L{Context.set_client_ca_list} configures the context to send that CA name to the client and, on both the server and client sides, L{Connection.get_client_ca_list} returns a list containing that X509Name after the connection is set up. cs|jggS(N(R(RE(tcadesc(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt single_casN(R RR"RxR(R<tcacertR((RsH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_one_ca_lists csYttt}ttt}|j|jfd}|j|dS(sW If passed a list containing multiple X509Name objects, L{Context.set_client_ca_list} configures the context to send those CA names to the client and, on both the server and client sides, L{Connection.get_client_ca_list} returns a list containing those X509Names after the connection is set up. csg}|j||S(N(R(REtL(tcldesctsedesc(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt multiple_cas  N(R RR RxR(R<tsecerttclcertR((RRsH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_multiple_ca_lists   cswttt}ttt}ttt}|j|j|jfd}|j|dS(s If called multiple times, only the X509Names passed to the final call of L{Context.set_client_ca_list} are used to configure the CA names sent to the client. cs*|jg|jggS(N(R(RE(RRR(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt changed_casN(R RR"R RxR(R<RRRR((RRRsH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_reset_ca_lists   csYttt}ttt}|j|jfd}|j|dS(s If the list passed to L{Context.set_client_ca_list} is mutated afterwards, this does not affect the list of CA names sent to the client. cs-g}|jg|jgS(N(RRJ(RER(RR(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt mutated_cas  N(R RR"R RxR(R<RRR((RRsH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_mutated_ca_lists   cCsatt}ttt}|jt|j|jt|jd|jt|j||dS(s L{Context.add_client_ca} raises L{TypeError} if called with a non-X509 object or with a number of arguments other than one. RN(R RR RR"R9R:t add_client_ca(R<RER((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_add_client_ca_errorss  cs>tttjfd}|j|dS(s~ A certificate's subject can be added as a CA to be sent to the client with L{Context.add_client_ca}. cs|jgS(N(R(RE(RR(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRs N(R RR"RxR(R<R((RRsH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_one_add_client_cas cs_ttttttjjfd}|j|dS(s Multiple CA names can be sent to the client by calling L{Context.add_client_ca} with multiple X509 objects. cs$|j|jgS(N(R(RE(RRRR(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRs  N(R RR"R RxR(R<R((RRRRsH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_multiple_add_client_cas   cszttt}ttt}ttt|j|jjfd}|j|dS(s A call to L{Context.set_client_ca_list} followed by a call to L{Context.add_client_ca} results in using the CA names from the first call and the CA name from the second call. cs-|jg|jgS(N(RR(RE(RRRR(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytmixed_set_add_cas N(R RR"R RxR(R<RRR((RRRRsH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_and_add_client_ca s   cszttt}tttttt|jjj}fd}|j|dS(s A call to L{Context.set_client_ca_list} after a call to L{Context.add_client_ca} replaces the CA name specified by the former call with the names specified by the latter cal. cs4|j|jg|jgS(N(RR(RE(RRRR(sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytset_replaces_add_ca-s  N(R RR"R RxR(R<RRR((RRRRsH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_after_add_client_cas   (RRRRRRRRRRRRRRRRRRRRRRR(((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR{s*   / + )        t__main__N(9RtsysRRtosRtos.pathRtunittestRtOpenSSL.cryptoRRRRR R t OpenSSL.SSLR R R RRRRRRRRRRRRRtOpenSSL.test.utilRtOpenSSL.test.test_cryptoRRRRR R!R"R#t ImportErrorR\R$R%R7R8RRRRRR(((sH/opt/alt/python27/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytsF.."(        +