Your IP : 3.15.208.109

Current Path : /lib64/python2.7/site-packages/OpenSSL/test/
Upload File :
Current File : //lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyo

�
o�[c@s�dZddlmZddlmZmZmZddlmZm	Z	ddl
mZm
Z
ddlm
Z
ddlmZddlmZdd	lmZdd
lmZmZddlmZmZmZddlmZmZdd
lmZmZddlmZm Z m!Z!ddlm"Z"m#Z#m$Z$ddlm%Z%m&Z&ddlm'Z'm(Z(m)Z)m*Z*ddlm+Z+m,Z,m-Z-ddlm.Z.m/Z/m0Z0m1Z1ddlm2Z2m3Z3m4Z4m5Z5m6Z6ddlm7Z7m8Z8m9Z9m:Z:ddl;m<Z<m=Z=m>Z>ddl?m@Z@mAZAddl?mBZBmCZCmDZDmEZEmFZFyddlmGZGWneHk
r{eIZGnXyddlmJZJWneHk
r�eIZJnXyddlmKZKWneHk
r�eIZKnXddlmLZLmMZMmNZNmOZOmPZPmQZQmRZRmSZSmTZTmUZUmVZVmWZWmXZXmYZYmZZZm[Z[m\Z\m]Z]m^Z^m_Z_dZ`d�Zad�Zbd �Zcd!�Zdd"fd#��YZed$e<fd%��YZfd&e<eefd'��YZgd(e<eefd)��YZhd*e<eefd+��YZid,e<fd-��YZjd.e<eefd/��YZkd0e<eefd1��YZld2e<eefd3��YZmd4e<fd5��YZnd6e<fd7��YZod8e<eefd9��YZpd:e<fd;��YZqerd<kr�e�nd=S(>s 
Unit tests for L{OpenSSL.SSL}.
i����(tcollect(tECONNREFUSEDtEINPROGRESStEWOULDBLOCK(tplatformtversion_info(terrortsocket(tmakedirs(tjoin(tmain(tref(tTYPE_RSAtFILETYPE_PEM(tPKeytX509t
X509Extension(tdump_privatekeytload_privatekey(tdump_certificatetload_certificate(tOPENSSL_VERSION_NUMBERtSSLEAY_VERSIONt
SSLEAY_CFLAGS(tSSLEAY_PLATFORMt
SSLEAY_DIRtSSLEAY_BUILT_ON(t
SENT_SHUTDOWNtRECEIVED_SHUTDOWN(tSSLv2_METHODtSSLv3_METHODt
SSLv23_METHODtTLSv1_METHOD(tOP_NO_SSLv2tOP_NO_SSLv3tOP_SINGLE_DH_USE(tVERIFY_PEERtVERIFY_FAIL_IF_NO_PEER_CERTtVERIFY_CLIENT_ONCEtVERIFY_NONE(tErrortSysCallErrort
WantReadErrortZeroReturnErrortSSLeay_version(tContexttContextTypet
ConnectiontConnectionType(tTestCasetbytestb(tcleartextCertificatePEMtcleartextPrivateKeyPEM(tclient_cert_pemtclient_key_pemtserver_cert_pemtserver_key_pemt
root_cert_pem(tOP_NO_QUERY_MTU(tOP_COOKIE_EXCHANGE(tOP_NO_TICKET(tSSL_ST_CONNECTt
SSL_ST_ACCEPTtSSL_ST_MASKtSSL_ST_INITt
SSL_ST_BEFOREt	SSL_ST_OKtSSL_ST_RENEGOTIATEtSSL_CB_LOOPtSSL_CB_EXITtSSL_CB_READtSSL_CB_WRITEtSSL_CB_ALERTtSSL_CB_READ_ALERTtSSL_CB_WRITE_ALERTtSSL_CB_ACCEPT_LOOPtSSL_CB_ACCEPT_EXITtSSL_CB_CONNECT_LOOPtSSL_CB_CONNECT_EXITtSSL_CB_HANDSHAKE_STARTtSSL_CB_HANDSHAKE_DONEs[-----BEGIN DH PARAMETERS-----
MBYCEQCobsg29c9WZP/54oAPcwiDAgEC
-----END DH PARAMETERS-----
cCs|S(N((tconntcertterrnumtdepthtok((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt	verify_cbFscCs�t�}|jd�|jd�t�}|jt�|jd|j�df�|jt�|j�d}|j	t
d��|j	t
d��|jt�|jt�||fS(sQ
    Establish and return a pair of network sockets connected to each other.
    tiis	127.0.0.1txty(RXi(RtbindtlistentsetblockingtFalset
connect_extgetsocknametTruetaccepttsendR3(tporttclienttserver((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytsocket_pairJs	

	



cCs]||g}xJ|rXx=|D]5}y|j�Wntk
rCqX|j|�qWqWdS(N(tdo_handshakeR*tremove(ReRftconnsRR((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt	handshakehs	

cCsAttd�ttd��}t�}|jtd�t�}d|j�_|j	|j��|j
|�|jtd��|jtd��|j
|g�|jd�|j|d�t�}|jtd�t�}d	|j�_|j	|j��|j
|�|jtd��|jtd��|j
|g�|jd�|j|d�t�}|jtd�t�}d
|j�_|j	|j��|j
|�|jtd��|jtd��|j
ttd�ttd��g�|jd�|j|d�||f||f||fgS(s�
    Construct and return a chain of certificates.

        1. A new self-signed certificate authority certificate (cacert)
        2. A new intermediate certificate signed by cacert (icert)
        3. A new server certificate signed by icert (scert)
    tbasicConstraintssCA:trueisAuthority Certificatet20000101000000Zt20200101000000Zitsha1sIntermediate CertificatesServer CertificatesCA:false(RR3R^Rtgenerate_keyRRtget_subjectt
commonNamet
set_issuert
set_pubkeyt
set_notBeforetset_notAftertadd_extensionstset_serial_numbertsignRa(tcaexttcakeytcacerttikeyticerttskeytscert((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_create_certificate_chaintsH		

		

		
"
t_LoopbackMixincBs eZdZd�Zd�ZRS(s�
    Helper mixin which defines methods for creating a connected socket pair and
    for forcing two connected SSL sockets to talk to each other via memory BIOs.
    cCs�t�\}}tt�}|jttt��|jttt	��t
||�}|j�t
tt�|�}|j�t
||�|jt�|jt�||fS(N(RgR-R tuse_privatekeyRR
R9tuse_certificateRR8R/tset_accept_statetset_connect_stateRkR]Ra(tselfRfRetctx((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt	_loopback�s




cCs�t}x�|r�t}x�||f||fgD]�\}}y|jd�}Wntk
r`nX||fSxEtr�y|jd�}Wntk
r�PqnXt}|j|�qnWq.Wq	WdS(s�
        Try to read application bytes from each of the two L{Connection}
        objects.  Copy bytes back and forth between their send/receive buffers
        for as long as there is anything to copy.  When there is nothing more
        to copy, return C{None}.  If one of them actually manages to deliver
        some application bytes, return a two-tuple of the connection from which
        the bytes were read and the bytes themselves.
        iiiNi(RaR^trecvR*tbio_readt	bio_write(R�tclient_conntserver_conntwrotetreadtwritetdatatdirty((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_interactInMemory�s"		

	
(t__name__t
__module__t__doc__R�R�(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��s	tVersionTestscBs eZdZd�Zd�ZRS(s�
    Tests for version information exposed by
    L{OpenSSL.SSL.SSLeay_version} and
    L{OpenSSL.SSL.OPENSSL_VERSION_NUMBER}.
    cCs|jttt��dS(s�
        L{OPENSSL_VERSION_NUMBER} is an integer with status in the low
        byte and the patch, fix, minor, and major versions in the
        nibbles above that.
        N(t
assertTruet
isinstanceRtint(R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_OPENSSL_VERSION_NUMBER�scCsli}xItttttgD]2}t|�}|||<|jt|t��qW|j	t
|�d�dS(s�
        L{SSLeay_version} takes a version type indicator and returns
        one of a number of version strings based on that indicator.
        iN(RRRRRR,R�R�R2tassertEqualtlen(R�tversionstttversion((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_SSLeay_versions
(R�R�R�R�R�(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��s		tContextTestscBsmeZdZd�Zd�Zd�Zd�Zd�Zd�Zd�Z	d�Z
d	�Zd
�Zd�Z
d�Zd
�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zer�n	d�Zd�Zd�Z d�Z!d�Z"d �Z#d!�Z$d"�Z%d#�Z&d$�Z'd%�Z(d&�Z)RS('s0
    Unit tests for L{OpenSSL.SSL.Context}.
    cCsvx!tttgD]}t|�qWytt�Wnttfk
rKnX|jttd�|jttd�dS(s�
        L{Context} can be instantiated with one of L{SSLv2_METHOD},
        L{SSLv3_METHOD}, L{SSLv23_METHOD}, or L{TLSv1_METHOD}.
        RXi
N(	RRR R-Rt
ValueErrorR(tassertRaisest	TypeError(R�tmeth((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_methodscCs'|jtt�|jtdt�dS(s�
        L{Context} and L{ContextType} refer to the same type object and can be
        used to create instances of that type.
        R-N(tassertIdenticalR-R.tassertConsistentTypeR (R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt	test_type&scCsLt�}|jtd�tt�}|j|�|jt|jd�dS(sU
        L{Context.use_privatekey} takes an L{OpenSSL.crypto.PKey} instance.
        i�RXN(RRpRR-R R�R�R�(R�tkeyR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_use_privatekey/s
	
cCs<tt�}|jt|j�|jt|jdd�dS(sm
        L{Context.set_app_data} raises L{TypeError} if called with other than
        one argument.
        N(R-R R�R�tset_app_datatNone(R�tcontext((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_app_data_wrong_args:scCs&tt�}|jt|jd�dS(sc
        L{Context.get_app_data} raises L{TypeError} if called with any
        arguments.
        N(R-R R�R�tget_app_dataR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_get_app_data_wrong_argsDscCs<t�}tt�}|j|�|j|j�|�dS(su
        L{Context.set_app_data} stores an object for later retrieval using
        L{Context.get_app_data}.
        N(tobjectR-R R�R�R�(R�tapp_dataR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_app_dataMs	
cCsRtt�}|jt|j�|jt|jd�|jt|jdd�dS(s�
        L{Context.set_options} raises L{TypeError} if called with the wrong
        number of arguments or a non-C{int} argument.
        iN(R-R R�R�tset_optionsR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_options_wrong_argsXscCsRtt�}|jt|j�|jt|jd�|jt|jdd�dS(s�
        L{Context.set_timeout} raises L{TypeError} if called with the wrong
        number of arguments or a non-C{int} argument.
        iN(R-R R�R�tset_timeoutR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_timeout_wrong_argscscCs&tt�}|jt|jd�dS(sZ
        L{Context.get_timeout} raises L{TypeError} if called with any arguments.
        N(R-R R�R�tget_timeoutR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_get_timeout_wrong_argsnscCs3tt�}|jd�|j|j�d�dS(s�
        L{Context.set_timeout} sets the session timeout for all connections
        created using the context object.  L{Context.get_timeout} retrieves this
        value.
        i�N(R-R R�tassertEqualsR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_timeoutvs
cCsRtt�}|jt|j�|jt|jd�|jt|jdd�dS(s�
        L{Context.set_verify_depth} raises L{TypeError} if called with the wrong
        number of arguments or a non-C{int} argument.
        iN(R-R R�R�tset_verify_depthR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt test_set_verify_depth_wrong_args�scCs&tt�}|jt|jd�dS(s_
        L{Context.get_verify_depth} raises L{TypeError} if called with any arguments.
        N(R-R R�R�tget_verify_depthR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt test_get_verify_depth_wrong_args�scCs3tt�}|jd�|j|j�d�dS(s�
        L{Context.set_verify_depth} sets the number of certificates in a chain
        to follow before giving up.  The value can be retrieved with
        L{Context.get_verify_depth}.
        iN(R-R R�R�R�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_verify_depth�s
cCsmt�}|jtd�|j�}t|d�}tt|d|�}|j|jd��|j	�|S(s�
        Write a new private key out to a new file, encrypted using the given
        passphrase.  Return the path to the new file.
        i�twtblowfishtascii(
RRpRtmktemptopenRR
R�tdecodetclose(R�t
passphraseR�tpemFiletfObjtpem((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_write_encrypted_pem�s	
cCsXtt�}|jt|j�|jt|jd�|jt|jd�dd�dS(s�
        L{Context.set_passwd_cb} raises L{TypeError} if called with the
        wrong arguments or with a non-callable first argument.
        cSsdS(N(R�(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt<lambda>�sN(R-R R�R�t
set_passwd_cbR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_passwd_cb_wrong_args�scs�td��|j��}g���fd�}tt�}|j|�|j|�|jt��d�|jt�ddt	��|jt�ddt	��|j
�ddd�dS(s�
        L{Context.set_passwd_cb} accepts a callable which will be invoked when
        a private key is loaded from an encrypted PEM.
        tfoobarcs�j|||f��S(N(tappend(tmaxlentverifytextra(t
calledWithR�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytpassphraseCallback�siiiN(R3R�R-R R�tuse_privatekey_fileR�R�R�R�R�R�(R�R�R�R�((R�R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_passwd_cb�s

cCsQ|jtd��}d�}tt�}|j|�|jt|j|�dS(st
        L{Context.use_privatekey_file} propagates any exception raised by the
        passphrase callback.
        smonkeys are nicecSstd��dS(NsSorry, I am a fail.(tRuntimeError(R�R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��sN(R�R3R-R R�R�R�R�(R�R�R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_passwd_callback_exception�s
	
cCsQ|jtd��}d�}tt�}|j|�|jt|j|�dS(s�
        L{Context.use_privatekey_file} raises L{OpenSSL.SSL.Error} if the
        passphrase callback returns a false value.
        smonkeys are nicecSsdS(N(R�(R�R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��sN(R�R3R-R R�R�R(R�(R�R�R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_passwd_callback_false�s
	
cCsQ|jtd��}d�}tt�}|j|�|jt|j|�dS(s�
        L{Context.use_privatekey_file} raises L{OpenSSL.SSL.Error} if the
        passphrase callback returns a true non-string value.
        smonkeys are nicecSsdS(Ni
((R�R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��sN(R�R3R-R R�R�R(R�(R�R�R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_passwd_callback_non_string�s
	
csXtd�d�|j��}�fd�}tt�}|j|�|j|�dS(s�
        If the passphrase returned by the passphrase callback returns a string
        longer than the indicated maximum length, it is truncated.
        RYics�td�S(NRZ(R3(R�R�R�(R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��sN(R3R�R-R R�R�(R�R�R�R�((R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_passwd_callback_too_long�s
cs�t�\}}ttt�|�}|j�g��fd�}tt�}|j|�|jttt	��|j
ttt��t||�}|j
�xC�s�x6||fD](}y|j�Wq�tk
r�q�Xq�Wq�W|j��dS(s�
        L{Context.set_info_callback} accepts a callable which will be invoked
        when certain information about an SSL connection is available.
        cs�j|||f�dS(N(R�(RRtwheretret(tcalled(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytinfosN(RgR/R-R R�tset_info_callbackR�RR
R4R�RR5R�RhR*R�(R�RfRet	clientSSLR�R�t	serverSSLtssl((R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_info_callback
s(


	
c	Gs�t�\}}tt�}|j|�|jtd��t||�}|j�tt�}|jt	t
t��|jt
t
t��t||�}|j�t||�|j�}|j|j�jd�dS(s�
        Create a client context which will verify the peer certificate and call
        its C{load_verify_locations} method with C{*args}.  Then connect it to a
        server and ensure that the handshake succeeds.
        cSs|S(N((RRRSterrnoRUtpreverify_ok((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR�:ssTesting Root CAN(RgR-R tload_verify_locationst
set_verifyR$R/R�R�RR
R4R�RR5R�Rktget_peer_certificateR�RqtCN(	R�targsRfRet
clientContextR�t
serverContextR�RS((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_load_verify_locations_test,s$




cCsL|j�}t|d�}|jtjd��|j�|j|�dS(s�
        L{Context.load_verify_locations} accepts a file name and uses the
        certificates within for verification purposes.
        R�R�N(R�R�R�R4R�R�R�(R�tcafileR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_load_verify_fileRs

cCs,tt�}|jt|j|j��dS(sm
        L{Context.load_verify_locations} raises L{Error} when passed a
        non-existent cafile.
        N(R-R R�R(R�R�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_load_verify_invalid_file_scCs|j�}t|�xRddgD]D}t||�}t|d�}|jtjd��|j�q#W|jd|�dS(s�
        L{Context.load_verify_locations} accepts a directory name and uses
        the certificates within for verification purposes.
        s
c7adac82.0s
c3705638.0R�R�N(
R�RR	R�R�R4R�R�R�R�(R�tcapathtnameR�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_load_verify_directoryis
cCswtt�}|jt|j�|jt|jt��|jt|jt�t��|jt|jddd�dS(s�
        L{Context.load_verify_locations} raises L{TypeError} if called with
        the wrong number of arguments or with non-C{str} arguments.
        N(R-R R�R�R�R�R�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt%test_load_verify_locations_wrong_args|s
cCs�tt�}|j�|jtd��t�}|jd�t||�}|j�|j	�|j
d�|j|jd��dS(s�
            L{Context.set_default_verify_paths} causes the platform-specific CA
            certificate locations to be used for verification purposes.
            cSs|S(N((RRRSR�RUR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��ssverisign.comi�sGET / HTTP/1.0

iN(sverisign.comi�(
R-Rtset_default_verify_pathsR�R$RtconnectR/R�RhRcR�R�(R�R�ReR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_default_verify_paths�s

	



cCsRtt�}|jt|jd�|jt|jd�|jt|jd�dS(sv
        L{Context.set_default_verify_paths} takes no arguments and raises
        L{TypeError} if given any.
        iRXN(R-R R�R�R�R�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt'test_set_default_verify_paths_signature�scCs[tt�}|jt|j�|jt|jt��|jt|jt�t��dS(s�
        L{Context.add_extra_chain_cert} raises L{TypeError} if called with
        other than one argument or if called with an object which is not an
        instance of L{X509}.
        N(R-R R�R�tadd_extra_chain_certR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt&test_add_extra_chain_cert_invalid_cert�sc	Cs�t�\}}t||�}|j�t||�}|j�xMtd�D]?}x6||gD](}y|j�Wqatk
r�qaXqaWqNWdS(s�
        Verify that a client and server created with the given contexts can
        successfully handshake and communicate.
        iN(RgR/R�R�trangeRhR*(	R�R�R�tserverSockettclientSocketRfRetits((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_handshake_test�s


cCsrt�}|\\}}\}}\}}xg|df|df|dfgD]D\}}	t|	d�}
|
jtt|�jd��|
j�qLWxg|df|df|dfgD]D\}}	t|	d�}
|
jtt|�jd��|
j�q�Wtt	�}|j
|�|j|�|j|�tt	�}
|
j
ttBt�|
jd�|j||
�d	S(
s�
        L{Context.add_extra_chain_cert} accepts an L{X509} instance to add to
        the certificate chain.

        See L{_create_certificate_chain} for the details of the certificate
        chain tested.

        The chain is tested by starting a server with scert and connecting
        to it with a client which trusts cacert and requires verification to
        succeed.
        sca.pemsi.pemss.pemR�R�sca.keysi.keyss.keyN(R�R�R�RR
R�R�RR-R R�R�R�R�R$R%RWR�R(R�tchainR{R|R}R~RR�RSR�R�R�R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_add_extra_chain_cert�s&	!..



cCsKt�}|\\}}\}}\}}|j�}t|d�}	|	jtt|�jd��|	jtt|�jd��|	jtt|�jd��|	j�tt	�}
|
j
|�|
j|�tdd�}	|	jtt|�jd��|	j�tt	�}|jt
tBt�|jd�|j|
|�dS(s
        L{Context.use_certificate_chain_file} reads a certificate chain from
        the specified file.

        The chain is tested by starting a server with scert and connecting
        to it with a client which trusts cacert and requires verification to
        succeed.
        R�R�sca.pemN(R�R�R�R�RR
R�R�R-R tuse_certificate_chain_fileR�R�R$R%RWR�R(R�RR{R|R}R~RR�t	chainFileR�R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_use_certificate_chain_files&		!




cCs&tt�}|jt|jd�dS(sf
        L{Context.get_verify_mode} raises L{TypeError} if called with any
        arguments.
        N(R-R R�R�tget_verify_modeR�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_get_verify_mode_wrong_args*scCsWtt�}|j|j�d�|jttBd��|j|j�ttB�dS(s~
        L{Context.get_verify_mode} returns the verify mode flags previously
        passed to L{Context.set_verify}.
        icWsdS(N(R�(R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR�;sN(R-R R�RR�R$R&(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_get_verify_mode3scCsUtt�}|jt|j�|jt|jdd�|jt|jt��dS(s�
        L{Context.load_tmp_dh} raises L{TypeError} if called with the wrong
        number of arguments or with a non-C{str} argument.
        tfooN(R-R R�R�tload_tmp_dhR�R�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_load_tmp_dh_wrong_args@scCs&tt�}|jt|jd�dS(sr
        L{Context.load_tmp_dh} raises L{OpenSSL.SSL.Error} if the specified file
        does not exist.
        thelloN(R-R R�R(R(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_load_tmp_dh_missing_fileKscCsOtt�}|j�}t|d�}|jt�|j�|j|�dS(si
        L{Context.load_tmp_dh} loads Diffie-Hellman parameters from the
        specified file.
        R�N(R-R R�R�R�tdhparamR�R(R�R�t
dhfilenametdhfile((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_load_tmp_dhTs

cCsEtt�}|jd�t|d�}|j|j�dg�dS(s�
        L{Context.set_cipher_list} accepts a C{str} naming the ciphers which
        connections created with the context object will be able to choose from.
        shello world:AES128-SHA256s
AES128-SHA256N(R-R tset_cipher_listR/R�R�tget_cipher_list(R�R�RR((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_cipher_listbs
(*R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�RaR�R�RRRRR
RRRRR(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR�sR					
																		"	&	
	
							,	'			
				tServerNameCallbackTestscBs2eZdZd�Zd�Zd�Zd�ZRS(si
    Tests for L{Context.set_tlsext_servername_callback} and its interaction with
    L{Connection}.
    cCs<tt�}|jt|j�|jt|jdd�dS(s
        L{Context.set_tlsext_servername_callback} raises L{TypeError} if called
        with other than one argument.
        iiN(R-R R�R�tset_tlsext_servername_callback(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_wrong_argssscCsed�}d�}tt�}|j|�t|�}~|j|�t�|jd|��dS(s�
        If L{Context.set_tlsext_servername_callback} is used to specify a new
        callback, the one it replaces is dereferenced.
        cSsdS(N((t
connection((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytcallback�scSsdS(N((R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytreplacement�sN(R-R RRRR�R�(R�RR R�ttracker((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_old_callback_forgotten}s		

cs�g��fd�}tt�}|j|�~t�|jttt��|jt	tt
��t|d�}|j
�ttt�d�}|j�|j||�|j|dfg��dS(s�
        When a client specifies no server name, the callback passed to
        L{Context.set_tlsext_servername_callback} is invoked and the result of
        L{Connection.get_servername} is C{None}.
        cs�j||j�f�dS(N(R�tget_servername(RR(R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
servername�sN(R-R RRR�RR
R9R�RR8R/R�R�R�R�R�(R�R$R�RfRe((R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_no_servername�s


cs�g��fd�}tt�}|j|�|jttt��|jttt	��t
|d�}|j�t
tt�d�}|j
�|jtd��|j||�|j|td�fg��dS(s�
        When a client specifies a server name in its hello message, the callback
        passed to L{Contexts.set_tlsext_servername_callback} is invoked and the
        result of L{Connection.get_servername} is that server name.
        cs�j||j�f�dS(N(R�R#(RR(R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR$�ssfoo1.example.comN(R-R RR�RR
R9R�RR8R/R�R�R�tset_tlsext_host_nameR3R�R�(R�R$R�RfRe((R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_servername�s


(R�R�R�RR"R%R'(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRns
	
		!tConnectionTestscBs�eZdZd�Zd�Zd�Zd�Zd�Zd�Zd�Z	d�Z
d	�Zd
�Zd�Z
d�Zed
kr�n	d�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�ZRS(s3
    Unit tests for L{OpenSSL.SSL.Connection}.
    cCs6|jtt�tt�}|jtd|d�dS(s�
        L{Connection} and L{ConnectionType} refer to the same type object and
        can be used to create instances of that type.
        R/N(R�R/R0R-R R�R�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��scCs5tt�}t|d�}|j|j�|�dS(s�
        L{Connection.get_context} returns the L{Context} instance used to
        construct the L{Connection} instance.
        N(R-R R/R�R�tget_context(R�R�R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_get_context�scCs/ttt�d�}|jt|jd�dS(se
        L{Connection.get_context} raises L{TypeError} if called with any
        arguments.
        N(R/R-R R�R�R�R)(R�R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_get_context_wrong_args�scCs�tt�}t|d�}|jt|j�|jt|jt��|jt|jd�|jt|jd�|jt|jdd�|jt|jtt�d�|j||j	��dS(s�
        L{Connection.set_context} raises L{TypeError} if called with a
        non-L{Context} instance argument or with any number of arguments other
        than 1.
        RiiN(
R-R R/R�R�R�tset_contextR�R�R)(R�R�R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_context_wrong_argsscCs[tt�}tt�}t|d�}|j|�|j||j��~~t�dS(sv
        L{Connection.set_context} specifies a new L{Context} instance to be used
        for the connection.
        N(	R-RR R/R�R,R�R)R(R�toriginalR R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_contexts
cCs�ttt�d�}|jt|j�|jt|jt��|jt|jdd�|jt|jtd��t	dkr�|jt|jtd�j
d��ndS(	s�
        If L{Connection.set_tlsext_host_name} is called with a non-byte string
        argument or a byte string with an embedded NUL or other than one
        argument, L{TypeError} is raised.
        i{i�t	withnullisexample.comR�N(i(R/R-R R�R�R�R&R�R3RR�(R�RR((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt$test_set_tlsext_host_name_wrong_args'scCs^ttt�d�}|jt|jt��|jt|jd�|jt|jd�dS(sh
        L{Connection.get_servername} raises L{TypeError} if called with any
        arguments.
        iRN(R/R-R R�R�R�R#R�(R�R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_get_servername_wrong_args;scCs/ttt�d�}|j|j�d�dS(si
        L{Connection.pending} returns the number of bytes available for
        immediate read.
        iN(R/R-R R�R�tpending(R�R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_pendingFscCs/ttt�d�}|jt|jd�dS(sY
        L{Connection.pending} raises L{TypeError} if called with any arguments.
        N(R/R-R R�R�R�R3(R�R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_pending_wrong_argsOscCs^ttt�t��}|jt|jd�|jt|j�|jt|jdd�dS(s�
        L{Connection.connect} raises L{TypeError} if called with a non-address
        argument or with the wrong number of arguments.
        s	127.0.0.1iN(s	127.0.0.1i(R/R-R RR�R�R�R�(R�R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_connect_wrong_argsWscCsWt�}tt�}t||�}|jt|jd�}|j|jdt	�dS(sy
        L{Connection.connect} raises L{socket.error} if the underlying socket
        connect method raises it.
        s	127.0.0.1iiN(s	127.0.0.1i(
RR-R R/R�RR�R�R�R(R�ReR�R�texc((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_connect_refusedbs
	cCs\t�}|jd�|jd�ttt�t��}|jd|j�df�dS(sZ
        L{Connection.connect} establishes a connection to the specified address.
        RXiis	127.0.0.1iN(RXi(RR[R\R/R-R R�R`(R�RdR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_connectns
	

tdarwincCs�t�}|jd�|jd�ttt�t��}|jt�|j|j	��}t
tf}|j||kd||f�dS(s�
            If there is a connection error, L{Connection.connect_ex} returns the
            errno instead of raising an exception.
            RXiis%r not in %rN(RXi(
RR[R\R/R-R R]R^R_R`RRR�(R�RdR�tresulttexpected((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_connect_ex~s	


cCs2ttt�t��}|jt|jd�dS(sX
        L{Connection.accept} raises L{TypeError} if called with any arguments.
        N(R/R-R RR�R�RbR�(R�R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_accept_wrong_args�scCs�tt�}|jttt��|jttt��t	�}t
||�}|jd�|jd�t
tt�t	��}|j
d|j�df�|j�\}}|jt|t
��|j|j�|�|j||j��dS(s�
        L{Connection.accept} accepts a pending connection attempt and returns a
        tuple of a new L{Connection} (the accepted client) and the address the
        connection originated from.
        RXiis	127.0.0.1iN(RXi(R-R R�RR
R9R�RR8RR/R[R\R�R`RbR�R�R�R)R�(R�R�RdtportSSLR�R�taddress((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_accept�s	

cCs�ttt�d�}|jt|jd�|jt|jd�|jt|j�|jt|jd�|jt|jdd�dS(s�
        L{Connection.shutdown} raises L{TypeError} if called with the wrong
        number of arguments or with arguments other than integers.
        iiN(	R/R-R R�R�R�tshutdowntget_shutdowntset_shutdown(R�R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_shutdown_wrong_args�scCs�|j�\}}|j|j��|j|j�t�|jt|jd�|j|j�t	�|j�|j|j�tt	B�|jt|jd�|j|j�tt	B�dS(sS
        L{Connection.shutdown} performs an SSL-level connection shutdown.
        iN(
R�tassertFalseRBR�RCRR�R+R�R(R�RfRe((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_shutdown�s
cCs?ttt�t��}|jt�|j|j�t�dS(sk
        L{Connection.set_shutdown} sets the state of the SSL connection shutdown
        process.
        N(R/R-R RRDRR�RC(R�R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_shutdown�s
cCs[ttt�d�}|jt|jd�|jt|j�|jt|jdd�dS(s�
        L{Connection.set_app_data} raises L{TypeError} if called with other than
        one argument.  L{Connection.get_app_data} raises L{TypeError} if called
        with any arguments.
        N(R/R-R R�R�R�R�R�(R�RR((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_app_data_wrong_args�scCsEttt�d�}t�}|j|�|j|j�|�dS(s�
        Any object can be set as app data by passing it to
        L{Connection.set_app_data} and later retrieved with
        L{Connection.get_app_data}.
        N(R/R-R R�R�R�R�R�(R�RRR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��s	
cCs,ttt�d�}|jt|j�dS(sz
        L{Connection.makefile} is not implemented and calling that method raises
        L{NotImplementedError}.
        N(R/R-R R�R�tNotImplementedErrortmakefile(R�RR((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_makefile�scCstttt�d�}|jt|jd�|jt|jd�|jt|jt��|jt|jg�dS(sm
        L{Connection.get_peer_cert_chain} raises L{TypeError} if called with any
        arguments.
        iRN(R/R-R R�R�R�tget_peer_cert_chainR�(R�RR((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt#test_get_peer_cert_chain_wrong_args�s
cCsEt�}|\\}}\}}\}}tt�}|j|�|j|�|j|�|j|�t|d�}	|	j�tt�}
|
j	t
t�t|
d�}|j�|j
||	�|j�}|jt|�d�|jd|dj�j�|jd|dj�j�|jd|dj�j�dS(	s�
        L{Connection.get_peer_cert_chain} returns a list of certificates which
        the connected server returned for the certification verification.
        isServer CertificateisIntermediate CertificateisAuthority CertificateiN(R�R-R R�R�R�R/R�R�R�R'RWR�R�RMR�R�RqR�(R�RR{R|R}R~RR�R�RfR�Re((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_get_peer_cert_chains,	!





cCs�tt�}|jttt��|jttt��t	|d�}|j�t	tt�d�}|j�|j
||�|jd|j��dS(ss
        L{Connection.get_peer_cert_chain} returns C{None} if the peer sends no
        certificate chain.
        N(R-R R�RR
R9R�RR8R/R�R�R�R�R�RM(R�R�RfRe((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_get_peer_cert_chain_none's

(R�R�R�R�R*R+R-R/R1R2R4R5R6R8R9RR=R>RARERGRHRIR�RLRNRORP(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR(�s6	
	
												
				
		
						"tConnectionGetCipherListTestscBs eZdZd�Zd�ZRS(s2
    Tests for L{Connection.get_cipher_list}.
    cCs/ttt�d�}|jt|jd�dS(si
        L{Connection.get_cipher_list} raises L{TypeError} if called with any
        arguments.
        N(R/R-R R�R�R�R(R�R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR<scCsbttt�d�}|j�}|jt|t��x$|D]}|jt|t��q>WdS(s�
        L{Connection.get_cipher_list} returns a C{list} of C{str} giving the
        names of the ciphers which might be used.
        N(	R/R-R R�RR�R�tlisttstr(R�Rtcipherstcipher((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_resultEs

(R�R�R�RRV(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRQ8s		tConnectionSendTestscBsEeZdZd�Zd�ZyeWnek
r9n
Xd�ZRS(s&
    Tests for L{Connection.send}
    cCs^ttt�d�}|jt|j�|jt|jt��|jt|jdd�dS(sx
        When called with arguments other than a single string,
        L{Connection.send} raises L{TypeError}.
        RtbarN(R/R-R R�R�R�RcR�(R�R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRVscCsZ|j�\}}|jtd��}|j|d�|j|jd�td��dS(s�
        When passed a short byte string, L{Connection.send} transmits all of it
        and returns the number of bytes sent.
        txyiN(R�RcR3R�R�(R�RfRetcount((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_short_bytesascCs`|j�\}}|jttd���}|j|d�|j|jd�td��dS(s�
            When passed a memoryview onto a small number of bytes,
            L{Connection.send} transmits all of them and returns the number of
            bytes sent.
            RYiN(R�Rct
memoryviewR3R�R�(R�RfReRZ((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_short_memoryviewps(R�R�R�RR[R\t	NameErrorR](((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRWRs		

tConnectionSendallTestscBsWeZdZd�Zd�ZyeWnek
r9n
Xd�Zd�Zd�Z	RS(s*
    Tests for L{Connection.sendall}.
    cCs^ttt�d�}|jt|j�|jt|jt��|jt|jdd�dS(s{
        When called with arguments other than a single string,
        L{Connection.sendall} raises L{TypeError}.
        RRXN(R/R-R R�R�R�tsendallR�(R�R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR�scCsH|j�\}}|jtd��|j|jd�td��dS(sf
        L{Connection.sendall} transmits all of the bytes in the string passed to
        it.
        RYiN(R�R`R3R�R�(R�RfRe((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_short�scCsN|j�\}}|jttd���|j|jd�td��dS(s�
            When passed a memoryview onto a small number of bytes,
            L{Connection.sendall} transmits all of them.
            RYiN(R�R`R\R3R�R�(R�RfRe((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR]�scCs�|j�\}}td�d
td�}|j|�g}d}xB|t|�kr�|jd�}|j|�|t|�7}qHW|j|td�j|��dS(s�
        L{Connection.sendall} transmits all of the bytes in the string passed to
        it even if this requires multiple calls of an underlying write function.
        RYii iRZiRXNi�i�(R�R3R`R�R�R�R�R	(R�RfRetmessagetaccumtreceivedR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt	test_long�s

cCs9|j�\}}|jd�|jt|jd�dS(s�
        If the underlying socket is closed, L{Connection.sendall} propagates the
        write error from the low level write call.
        ishello, worldN(R�t
sock_shutdownR�R)R`(R�RfRe((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_closed�s
(
R�R�R�RRaR\R^R]ReRg(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR_}s		

	
	tConnectionRenegotiateTestscBs)eZdZd�Zd�Zd�ZRS(s+
    Tests for SSL renegotiation APIs.
    cCs/ttt�d�}|jt|jd�dS(se
        L{Connection.renegotiate} raises L{TypeError} if called with any
        arguments.
        N(R/R-R R�R�R�trenegotiate(R�R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_renegotiate_wrong_args�scCs/ttt�d�}|jt|jd�dS(sn
        L{Connection.total_renegotiations} raises L{TypeError} if called with
        any arguments.
        N(R/R-R R�R�R�ttotal_renegotiations(R�R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt$test_total_renegotiations_wrong_args�scCs/ttt�d�}|j|j�d�dS(sr
        L{Connection.total_renegotiations} returns C{0} before any
        renegotiations have happened.
        iN(R/R-R R�R�Rk(R�R((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_total_renegotiations�s(R�R�R�RjRlRm(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRh�s				t
ErrorTestscBseZdZd�ZRS(s.
    Unit tests for L{OpenSSL.SSL.Error}.
    cCs-|jttt��|jtjd�dS(s0
        L{Error} is an exception type.
        R(N(R�t
issubclassR(t	ExceptionR�R�(R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��s(R�R�R�R�(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRn�stConstantsTestscBsVeZdZedk	r$d�Znedk	r<d�Znedk	rTd�Z	nRS(s�
    Tests for the values of constants exposed in L{OpenSSL.SSL}.

    These are values defined by OpenSSL intended only to be used as flags to
    OpenSSL APIs.  The only assertions it seems can be made about them is
    their values.
    cCs|jtd�dS(s�
            The value of L{OpenSSL.SSL.OP_NO_QUERY_MTU} is 0x1000, the value of
            I{SSL_OP_NO_QUERY_MTU} defined by I{openssl/ssl.h}.
            iN(R�R;(R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_op_no_query_mtuscCs|jtd�dS(s�
            The value of L{OpenSSL.SSL.OP_COOKIE_EXCHANGE} is 0x2000, the value
            of I{SSL_OP_COOKIE_EXCHANGE} defined by I{openssl/ssl.h}.
            i N(R�R<(R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_op_cookie_exchangescCs|jtd�dS(s�
            The value of L{OpenSSL.SSL.OP_NO_TICKET} is 0x4000, the value of
            I{SSL_OP_NO_TICKET} defined by I{openssl/ssl.h}.
            i@N(R�R=(R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_op_no_ticket&sN(
R�R�R�R;R�RrR<RsR=Rt(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRqs

tMemoryBIOTestscBs�eZdZd�Zd�Zd�Zd�Zd�Zd�Zd�Z	d�Z
d	�Zd
�Zd�Z
d�Zd
�Zd�Zd�Zd�Zd�Zd�Zd�ZRS(sA
    Tests for L{OpenSSL.SSL.Connection} using a memory BIO.
    cCs�tt�}|jttBtB�|jttBt	Bt
�|j�}|jt
tt��|jttt��|j�|jttt��t||�}|j�|S(sc
        Create a new server-side SSL L{Connection} object wrapped around
        C{sock}.
        (R-R R�R!R"R#R�R$R%R&RWtget_cert_storeR�RR
R9R�RR8tcheck_privatekeytadd_certR:R/R�(R�tsockt
server_ctxtserver_storeR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_server5s

cCs�tt�}|jttBtB�|jttBt	Bt
�|j�}|jt
tt��|jttt��|j�|jttt��t||�}|j�|S(sc
        Create a new client-side SSL L{Connection} object wrapped around
        C{sock}.
        (R-R R�R!R"R#R�R$R%R&RWRvR�RR
R7R�RR6RwRxR:R/R�(R�Ryt
client_ctxtclient_storeR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_clientKs

cCs�|jd�}|jd�}|j|j�d�|j|j�d�|j|j�d�|j|j||�d�|j|j�d�|j|j�d�|j|j�d�|j	|j�|j��|j	|j�|j��|j
|j�|j��|j
|j�|j��td�}|j|�|j	|j||�||f�|j|ddd��|j	|j||�||ddd�f�dS(s
        Two L{Connection}s which use memory BIOs can be manually connected by
        reading from the output of each and writing those bytes to the input of
        the other and in this way establish a connection and exchange
        application-level bytes with each other.
        sOne if by land, two if by sea.Ni����(
R|R�RR�t
master_keyt
client_randomt
server_randomR�tassertNotIdenticalR�tassertNotEqualsR3R�(R�R�R�timportant_message((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_memoryConnect_s.

cCs�|j�\}}td�}|j|�|jd�}|j||�|ddd�}|j|�|jd�}|j||�dS(s�
        Just like L{test_memoryConnect} but with an actual socket.

        This is primarily to rule out the memory BIO code as the source of
        any problems encountered while passing data over a L{Connection} (if
        this test fails, there must be a problem outside the memory BIO
        code, as no memory BIO is involved here).  Even though this isn't a
        memory BIO test, it's convenient to have it here.
        s,Help me Obi Wan Kenobi, you're my only hope.iNi����(R�R3RcR�R�(R�R�R�R�tmsg((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_socketConnect�s


cCsgtt�}t�}t||�}|jt|jd�|jt|jd�|jt|j�dS(s�
        Test that L{OpenSSL.SSL.bio_read} and L{OpenSSL.SSL.bio_write} don't
        work on L{OpenSSL.SSL.Connection}() that use sockets.
        idRN(	R-RRR/R�R�R�R�tbio_shutdown(R�R�ReR�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_socketOverridesMemory�s	cCs�|jd�}|jd�}|j||�d}|jd|�}|j||k�|j||�\}}|j||�|jt|�|�dS(s 
        If more bytes than can be written to the memory BIO are passed to
        L{Connection.send} at once, the number of bytes which were written is
        returned and that many bytes from the beginning of the input can be
        read from the other end of the connection.
        iiRYNi�(	R|R�RR�RcR�R�R�R�(R�RfRetsizetsenttreceiverRd((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_outgoingOverflow�scCsH|jd�}|j�|jt|jd�}|j|jt�dS(s{
        L{Connection.bio_shutdown} signals the end of the data stream from
        which the L{Connection} reads.
        iN(R|R�R�R�R(R�R�t	__class__(R�Rfte((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRG�s
cCs�|jd�}|jd�}|j|j�g�|j|j�g�|j�}||�}|j|j�g�|j|j�|�|j||�|j|j�|�|j|j�|�dS(s
        Verify the return value of the C{get_client_ca_list} method for server and client connections.

        @param func: A function which will be called with the server context
            before the client and server are connected to each other.  This
            function should specify a list of CAs for the server to send to the
            client and return that same list.  The list will be used to verify
            that C{get_client_ca_list} returns the proper value at various
            times.
        N(R|R�RR�tget_client_ca_listR)R�(R�tfuncRfReR�R<((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt_check_client_ca_list�scCsXtt�}|jt|jd�|jt|jdg�|j|jg�d�dS(s�
        L{Context.set_client_ca_list} raises a L{TypeError} if called with a
        non-list or a list that contains objects other than X509Names.
        tspamN(R-R R�R�tset_client_ca_listR�R�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_client_ca_list_errors�scCsd�}|j|�dS(s
        If passed an empty list, L{Context.set_client_ca_list} configures the
        context to send no CA names to the client and, on both the server and
        client sides, L{Connection.get_client_ca_list} returns an empty list
        after the connection is set up.
        cSs|jg�gS(N(R�(R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytno_cas
N(R�(R�R�((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_empty_ca_list�s	cs;ttt�}|j���fd�}|j|�dS(sK
        If passed a list containing a single X509Name,
        L{Context.set_client_ca_list} configures the context to send that CA
        name to the client and, on both the server and client sides,
        L{Connection.get_client_ca_list} returns a list containing that
        X509Name after the connection is set up.
        cs|j�g��gS(N(R�(R�(tcadesc(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt	single_casN(RR
R:RqR�(R�R|R�((R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_one_ca_listscsYttt�}ttt�}|j��|j����fd�}|j|�dS(sW
        If passed a list containing multiple X509Name objects,
        L{Context.set_client_ca_list} configures the context to send those CA
        names to the client and, on both the server and client sides,
        L{Connection.get_client_ca_list} returns a list containing those
        X509Names after the connection is set up.
        cs��g}|j|�|S(N(R�(R�tL(tcldesctsedesc(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytmultiple_ca&s
N(RR
R8RqR�(R�tsecerttclcertR�((R�R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_multiple_ca_listscswttt�}ttt�}ttt�}|j��|j��|j�����fd�}|j|�dS(s�
        If called multiple times, only the X509Names passed to the final call
        of L{Context.set_client_ca_list} are used to configure the CA names
        sent to the client.
        cs*|j��g�|j�g��gS(N(R�(R�(R�R�R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
changed_ca;sN(RR
R:R8RqR�(R�R|R�R�R�((R�R�R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_reset_ca_list-scsYttt�}ttt�}|j��|j����fd�}|j|�dS(s�
        If the list passed to L{Context.set_client_ca_list} is mutated
        afterwards, this does not affect the list of CA names sent to the
        client.
        cs-�g}|j�g�|j���gS(N(R�R�(R�R�(R�R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
mutated_caNs	
N(RR
R:R8RqR�(R�R|R�R�((R�R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_mutated_ca_listBscCsatt�}ttt�}|jt|j�|jt|jd�|jt|j||�dS(s�
        L{Context.add_client_ca} raises L{TypeError} if called with a non-X509
        object or with a number of arguments other than one.
        R�N(R-R RR
R:R�R�t
add_client_ca(R�R�R|((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_add_client_ca_errorsVs
cs>ttt���j����fd�}|j|�dS(s~
        A certificate's subject can be added as a CA to be sent to the client
        with L{Context.add_client_ca}.
        cs|j���gS(N(R�(R�(R|R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR�is
N(RR
R:RqR�(R�R�((R|R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_one_add_client_cabscs_ttt��ttt���j���j������fd�}|j|�dS(s�
        Multiple CA names can be sent to the client by calling
        L{Context.add_client_ca} with multiple X509 objects.
        cs$|j��|j����gS(N(R�(R�(R|R�R�R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR�zs

N(RR
R:R8RqR�(R�R�((R|R�R�R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_multiple_add_client_caoscszttt�}ttt�}ttt��|j��|j���j������fd�}|j|�dS(s�
        A call to L{Context.set_client_ca_list} followed by a call to
        L{Context.add_client_ca} results in using the CA names from the first
        call and the CA name from the second call.
        cs-|j��g�|j�����gS(N(R�R�(R�(R�R�R�R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytmixed_set_add_ca�s
N(RR
R:R8RqR�(R�R|R�R�((R�R�R�R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_and_add_client_ca�scsnttt�}ttt��ttt��|j���j������fd�}|j|�dS(s�
        A call to L{Context.set_client_ca_list} after a call to
        L{Context.add_client_ca} replaces the CA name specified by the former
        call with the names specified by the latter cal.
        cs4|j��|j�g�|j����gS(N(R�R�(R�(R�R�R�R�(s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pytset_replaces_add_ca�s

N(RR
R:R8RqR�(R�R|R�((R�R�R�R�s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyttest_set_after_add_client_ca�s(R�R�R�R|RR�R�R�R�RGR�R�R�R�R�R�R�R�R�R�R�R�(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyRu1s(			,		
		
			
						
		tInfoConstantTestscBseZdZd�ZRS(sI
    Tests for assorted constants exposed for use in info callbacks.
    cCsgx`tttttttttt	t
ttt
ttttttgD]}|jt|t��qCWdS(s 
        All of the info constants are integers.

        This is a very weak test.  It would be nice to have one that actually
        verifies that as certain info events happen, the value passed to the
        info callback matches up with the constant exposed by OpenSSL.SSL.
        N(R>R?R@RARBRCRDRERFRGRHRIRJRKRLRMRNRORPRQR�R�R�(R�tconst((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt
test_integers�s			(R�R�R�R�(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyR��st__main__N(sR�tgcRR�RRRtsysRRRRtosRtos.pathR	tunittestR
tweakrefRtOpenSSL.cryptoRR
RRRRRRRtOpenSSL.SSLRRRRRRRRRRRR R!R"R#R$R%R&R'R(R)R*R+R,R-R.R/R0tOpenSSL.test.utilR1R2R3tOpenSSL.test.test_cryptoR4R5R6R7R8R9R:R;tImportErrorR�R<R=R>R?R@RARBRCRDRERFRGRHRIRJRKRLRMRNRORPRQRRWRgRkR�R�R�R�RR(RQRWR_RhRnRqRuR�R�(((s;/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.pyt<module>sx""("(





�				6G��ad�g+G5
+�{