HEX
Server: Apache
System: Linux zacp120.webway.host 4.18.0-553.50.1.lve.el8.x86_64 #1 SMP Thu Apr 17 19:10:24 UTC 2025 x86_64
User: govancoz (1003)
PHP: 8.3.26
Disabled: exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
$ pwd: /usr/local/lib/python3.10/test/__pycache__/
Upload Files
File: //usr/local/lib/python3.10/test/__pycache__/test_ssl.cpython-310.pyc
o

�i
e�@s�ddlZddlZddlZddlmZddlmZddlmZddlmZddlm	Z	ddlm
Z
ddlZddlZddl
Z
ddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZzddlZWne y�dZYnwddl!Z!e!�"��e!�#de$�ddl%Z%Wd�n1s�wYe�&d	�Z'ddl(Z(dd
l'm)Z)m*Z*m+Z+m,Z,e-ed�Z.e.o�ejdkZ/e0e'j1�Z2ej3Z3e'j4d
kZ5e�6d�Z7iZ8dD]\Z9Z:z
e;e'e9�Z9e;e'j)e:�Z:Wn	e<y�Yq�we:e8e9<q�dd�Z=e=d�Z>e�?e>�Z@e=d�ZAe=d�ZBe�?eA�ZCe�?eB�ZDe=d�ZEe=d�ZFdZGe=d�ZHe�?eH�ZIe=dd�ZJe=dd�ZKddddddd d!�ZLe=d"�ZMe=d#�ZNd$ZOd%d&d'd(d)d*d+ddd d,�
ZPe=d-�ZQd.ZRe=d/�ZSd0ZTe=dd1�ZUe=d2�ZVe=d3�ZWe=d4�ZXd$ZYd5ZZe=d6�Z[e=d7�Z\e=d8�Z]e=d9�Z^e=d:�Z_e=d;�Z`e=d<�Zae=d=�Zbe�?eb�Zce;e'd>d�Zde;e'd?d�Zee;e'd@d�Zfe;e'dAd�Zge;e'dBd�ZhdCdD�Ziei��r�dEdF�ZjndGdF�ZjdHdI�ZkejldJdK��ZmdLdM�ZndNdO�ZodPdQ�Zpe
jqe$dR�Zre'jsdddddS�dTdU�ZteNfdVdW�dXdY�ZuGdZd[�d[ejv�ZwGd\d]�d]ejv�ZxGd^d_�d_ejv�ZyGd`da�daejv�ZzGdbdc�dcejv�Z{Gddde�deejv�Z|e�}df�Gdgdh�dhejv��Z~d�didj�Zdkdl�Z�ddml�m�Z�Gdndo�doej��Z�Gdpdq�dqej��Z�	r		d�dtdu�Z�	d�dvdw�Z�Gdxdy�dyejv�Z�e��emdz�d{�Gd|d}�d}ejv��Z�e-e'j�d~�Z�e��e�d�Z�Gd�d��d�ejv�Z�d�d��Z�Gd�d��d�ejv�Z�d�d��Z�e�d�k�r�e���dSdS)��N)�support)�
import_helper)�	os_helper)�
socket_helper)�threading_helper)�warnings_helper�ignore�ssl)�
TLSVersion�_TLSContentType�_TLSMessageType�
_TLSAlertType�gettotalrefcount�win32)�rr�PY_SSL_DEFAULT_CIPHERS))�PROTOCOL_SSLv23�SSLv3)�PROTOCOL_TLSv1�TLSv1)�PROTOCOL_TLSv1_1�TLSv1_1cGstjjtj�t�g|�R�S�N)�os�path�join�dirname�__file__��name�r �*/usr/local/lib/python3.10/test/test_ssl.py�	data_fileB�r"zkeycert.pemzssl_cert.pemzssl_key.pemzkeycert.passwd.pemzssl_key.passwd.pemZsomepass�capathz
4e1295a3.0z
5ed36f99.0)�)�countryNameZXY�)�localityNamezCastle Anthrax�)�organizationNamezPython Software Foundation))�
commonName�	localhostzAug 26 14:23:15 2028 GMTzAug 29 14:23:15 2018 GMTZ98A7CF88C74A32ED))�DNSr,r��issuer�notAfter�	notBefore�serialNumber�subject�subjectAltName�versionzrevocation.crlzkeycert3.pemr,)z)http://testca.pythontest.net/testca/ocsp/)z0http://testca.pythontest.net/testca/pycacert.cer)z2http://testca.pythontest.net/testca/revocation.crl)r%))r*�Python Software Foundation CA))r+z
our-ca-serverzOct 28 14:23:16 2037 GMTzAug 29 14:23:16 2018 GMTZCB2D80995A69525C)
�OCSP�	caIssuers�crlDistributionPointsr/r0r1r2r3r4r5zkeycert4.pem�fakehostnamezkeycertecc.pemz
localhost-eccz
ceff1710.0zallsans.pemzidnsans.pemz	nosan.pemzself-signed.pythontest.net�nullcert.pem�badcert.pemzXXXnonexisting.pem�
badkey.pemz	nokia.pemznullbytecert.pemztalos-2019-0758.pemzffdh3072.pem�OP_NO_COMPRESSION�OP_SINGLE_DH_USE�OP_SINGLE_ECDH_USE�OP_CIPHER_SERVER_PREFERENCE�OP_ENABLE_MIDDLEBOX_COMPATcCsVz tddd��}d|��vWd�WS1swYWdSty*YdSw)Nz/etc/os-releasezutf-8)�encodingZubuntuF)�open�read�FileNotFoundError)�fr r r!�	is_ubuntu�s
(��rHcGs0|D]}t|d�r|jtjjkr|�d�qdS)z@"Lower security level to '1' and allow all ciphers for TLS 1.0/1�minimum_versionz@SECLEVEL=1:ALLN)�hasattrrIr	r
r�set_ciphers)�ctxs�ctxr r r!�seclevel_workaround�s�
��rNcG�dSrr )rLr r r!rN��cCsbt|t�r|�d�sJ�tt|d�}|durdS|tjtjtjhvr$dS|j}t	|t
d�d��S)z�Check if a TLS protocol is available and enabled

    :param protocol: enum ssl._SSLMethod member or name
    :return: bool
    Z	PROTOCOL_NFT)�
isinstance�str�
startswith�getattrr	�PROTOCOL_TLS�PROTOCOL_TLS_SERVER�PROTOCOL_TLS_CLIENTr�has_tls_version�len)�protocolrr r r!�has_tls_protocol�s
�r[cCs�|dkrdSt|t�rtjj|}ttd|j���sdStr&|tjjkr&dSt�	tj
�}t|d�r?|jtjj
kr?||jkr?dSt|d�rR|jtjjkrR||jkrRdSdS)z{Check if a TLS/SSL version is enabled

    :param version: TLS version name or ssl.TLSVersion member
    :return: bool
    �SSLv2FZHAS_rI�maximum_versionT)rQrRr	r
�__members__rTr�IS_OPENSSL_3_0_0�TLSv1_2�
SSLContextrWrJrI�MINIMUM_SUPPORTEDr]�MAXIMUM_SUPPORTED)r5rMr r r!rX�s(
�
�
rXcs�fdd�}|S)z�Decorator to skip tests when a required TLS version is not available

    :param version: TLS version name or ssl.TLSVersion member
    :return:
    cst�����fdd��}|S)Ncs&t��st���d����|i|��S)Nz is not available.)rX�unittestZSkipTest)�args�kw)�funcr5r r!�wrappersz8requires_tls_version.<locals>.decorator.<locals>.wrapper)�	functools�wraps)rgrh�r5)rgr!�	decorator�sz'requires_tls_version.<locals>.decoratorr )r5rlr rkr!�requires_tls_version�srmcCs2d�tjt����}tjrtj�||�dSdS)N� )	r�	traceback�format_exception�sys�exc_infor�verbose�stdout�write)�prefixZ
exc_formatr r r!�handle_error
s�rwcCs$tjrt��jdkrtjStjS�Nr)�time�daylight�	localtime�tm_isdst�altzone�timezoner r r r!�
utc_offsetsr)�category)�	cert_reqs�ca_certs�ciphers�certfile�keyfilecKs�|�d�st|d<t�tj�}nt�tj�}|dur%|tjkr"d|_||_|dur.|�	|�|dus6|dur<|�
||�|durE|�|�|j|fi|��S)N�server_side�server_hostnameF)
�get�SIGNED_CERTFILE_HOSTNAMEr	rarWrV�	CERT_NONE�check_hostname�verify_mode�load_verify_locations�load_cert_chainrK�wrap_socket)�sockr�r�r�r�r��kwargs�contextr r r!�test_wrap_sockets



r�T��server_chaincCsv|tkrt}n|tkrt}n|tkrt}nt|��t�tj	�}|�
t�t�tj�}|�
|�|r6|�
t�|||fS)zUCreate context

    client_context, server_context, hostname = testing_context()
    )�SIGNED_CERTFILEr��SIGNED_CERTFILE2�SIGNED_CERTFILE2_HOSTNAME�	NOSANFILE�NOSAN_HOSTNAME�
ValueErrorr	rarWr��
SIGNING_CArVr�)Zserver_certr��hostname�client_context�server_contextr r r!�testing_context2s



r�c@s�eZdZdd�Zdd�Zdd�Zdd�Zd	d
�Zdd�Zd
d�Z	dd�Z
dd�Zdd�Zdd�Z
ejdd��Zdd�Zdd�Zdd�Zedd ��Zd!d"�Zd#d$�Zd%d&�Zd'd(�Zed)d*��Zd+d,�Zd-d.�Ze�d/ej vd0�d1d2��Z!d3d4�Z"d5d6�Z#e�e$j%d7kd8�d9d:��Z&e�e$j%d7kd8�d;d<��Z'd=d>�Z(d?d@�Z)dAdB�Z*dCdD�Z+dEdF�Z,e�e-�dG�dHdI��Z.dJdK�Z/e�0dLdM�dNdO��Z1dPdQ�Z2dRdS�Z3dTS)U�BasicSocketTestscCs�tjtjtjtjtjtjtj|�tj	d�|�tj
d�|�tjd�|�tjd�tj
tjtjtjtjtj|�tjtj�dS)NT)r	r��
CERT_OPTIONAL�
CERT_REQUIREDrAr?r@r>�assertEqual�HAS_SNI�HAS_ECDHZHAS_TLSv1_2ZHAS_TLSv1_3�OP_NO_SSLv2�OP_NO_SSLv3�OP_NO_TLSv1�
OP_NO_TLSv1_3�
OP_NO_TLSv1_1�
OP_NO_TLSv1_2rUr��selfr r r!�test_constantsMs$zBasicSocketTests.test_constantsc
Cs�tjtjtjtjtjtjg}|D]1}|j|d��!|�t	d��d|_
Wd�n1s-wYWd�n1s<wYqt�|tj�dS)N)�ssl_typezimmutable type)
�_sslZ_SSLContextZ
_SSLSocket�	MemoryBIOZCertificateZ
SSLSession�SSLError�subTest�assertRaisesRegex�	TypeError�valuerZcheck_disallow_instantiation)r�Z	ssl_typesr�r r r!�test_ssl_typesas �����zBasicSocketTests.test_ssl_typesc	Cst|�td��*t���
}t�|�Wd�n1swYWd�dSWd�dS1s3wYdS�Nzpublic constructor)r�r��socketr	�	SSLSocket�r��sr r r!�test_private_initps
��"�z"BasicSocketTests.test_private_initcCs2tj}|�t|�d�t�|�}|�|j|�dS)Nz_SSLMethod.PROTOCOL_TLS_CLIENT)r	rWr�rRra�assertIsrZ�r��protorMr r r!�test_str_for_enumsus
z#BasicSocketTests.test_str_for_enumscCs&t��}tjrtj�d||rdpdf�t���t�	d�\}}Wd�n1s+wY|�
t|�d�|�
||dk�|rPt�d�}|�
t|�d�n	|�
tjtjd�|�
ttjd�t���|�
ttj	d�Wd�n1sxwYt�dd�t�d	d�t�td
�d�dS)Nz
 RAND_status is %d (%s)
zsufficient randomnesszinsufficient randomness�����zthis is a random stringg�R@sthis is a random bytes objects!this is a random bytearray object)r	ZRAND_statusrrsrqrtrur�check_warningsZRAND_pseudo_bytesr�rYZ
RAND_bytes�assertRaisesr�r�ZRAND_add�	bytearray)r��v�dataZis_cryptographicr r r!�test_random}s.
��
�

�zBasicSocketTests.test_randomcCs�|�tj�t�t�|�tj�t�t�tj�t�}t	j
r*tj�
dt�|�d�|�|dd�|�|dd�|�|dd�|�|dd	�dS)
N�
r4))r-zprojects.developer.nokia.com)r-zprojects.forum.nokia.comr7)zhttp://ocsp.verisign.comr8)z0http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cerr9)z0http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl)r�r	r��_test_decode_cert�CERTFILE�
CERTFILE_INFOr��SIGNED_CERTFILE_INFO�	NOKIACERTrrsrqrtru�pprint�pformat�r��pr r r!�test_parse_cert�s*
�
�
�
�
�z BasicSocketTests.test_parse_certcCsLtj�t�}tjrtj�dt	�
|�d�|�|dddddddd	��dS)
Nr�)�)r&ZUK))r+zcody-cazJun 14 18:00:58 2028 GMTzJun 18 18:00:58 2018 GMTZ02)r�))r+�#codenomicon-vm-2.test.lal.cisco.com))r-r�rr.)r	r�r��TALOS_INVALID_CRLDPrrsrqrtrur�r�r�r�r r r!�test_parse_cert_CVE_2019_5010�s��z.BasicSocketTests.test_parse_cert_CVE_2019_5010cCsxtj�t�}tjrtj�dt	�
|�d�d}|�|d|�|�|d|�tjdkr0d}nd}|�|d|�dS)	Nr�)�)r&ZUS))�stateOrProvinceNameZOregon))r(Z	Beavertonr)))�organizationalUnitNamezPython Core Development�)r+�null.python.orgexample.org))�emailAddresszpython-dev@python.orgr3r/)r�	�)�r-zaltnull.python.orgexample.com��emailz null@python.orguser@example.org��URIz)http://null.python.orghttp://example.org��
IP Addressz	192.0.2.1)r�z2001:DB8:0:0:0:0:0:1)r�r�r�r�)r�z	<invalid>r4)
r	r�r��NULLBYTECERTrrsrqrtrur�r�r�Z_OPENSSL_API_VERSION)r�r�r3Zsanr r r!�test_parse_cert_CVE_2013_4238�s
z.BasicSocketTests.test_parse_cert_CVE_2013_4238cCs tj�t�}|�|dd�dS)Nr4)
)r-Zallsans��	othername�
<unsupported>r�)r�zuser@example.org)r-zwww.example.org)ZDirName)r%r'r)))r+zdirname example)r�zhttps://www.python.org/�r��	127.0.0.1)r�z0:0:0:0:0:0:0:1)z
Registered IDz	1.2.3.4.5)r	r�r��
ALLSANFILEr�r�r r r!�test_parse_all_sans�s
�z$BasicSocketTests.test_parse_all_sanscCs�ttd��}|��}Wd�n1swYt�|�}t�|�}t�|�}|�||�|�tjd�s=|�	d|�|�
dtjd�sP|�	d|�dSdS)N�rr�z-DER-to-PEM didn't include correct header:
%r
z-DER-to-PEM didn't include correct footer:
%r
)rD�
CAFILE_CACERTrEr	�PEM_cert_to_DER_certZDER_cert_to_PEM_certr�rSZ
PEM_HEADER�fail�endswithZ
PEM_FOOTER)r�rG�pem�d1Zp2�d2r r r!�test_DER_to_PEM�s
�


�z BasicSocketTests.test_DER_to_PEMcCsFtj}tj}tj}|�|t�|�|t�|�|t�|�|d�|�	|d�|\}}}}}|�|d�|�	|d�|�|d�|�	|d�|�|d�|�	|d�|�|d�|�
|d�|�|d�|�
|d�d	|d
��}	|dkr�d|d
�d
|d
�d
|d
��}
nd|d
�d
|d
�d
|d
��}
|�|�|
|	f�||t
|�f�dS)Nii@r��r��?�z	LibreSSL �drzOpenSSL �.)r	ZOPENSSL_VERSION_NUMBER�OPENSSL_VERSION_INFO�OPENSSL_VERSION�assertIsInstance�int�tuplerR�assertGreaterEqual�
assertLessZassertLessEqual�
assertTruerS�hex)r��n�tr��major�minorZfix�patch�statusZlibressl_verZopenssl_verr r r!�test_openssl_versions6�z%BasicSocketTests.test_openssl_versioncCs`t�tj�}t|�}t�|�}t�dtf��	~Wd�n1s"wY|�|�d�dS)N�)	r��AF_INETr��weakref�refrr��ResourceWarningr�)r�r��ss�wrr r r!�
test_refcycle*s
�zBasicSocketTests.test_refcyclec	Cs�t�tj�}t|��e}|�t|jd�|�t|jtd��|�t|jd�|�t|j	td�d�|�t|j
d�|�t|jdd�|�t|j
�|�t|jdgddd�|�t|jd�|�t|jtd�g�Wd�dS1srwYdS)Nr��x)z0.0.0.0rr r�d)r�rr�r��OSError�recv�	recv_intor��recvfrom�
recvfrom_into�send�sendto�NotImplementedError�dup�sendmsg�recvmsg�recvmsg_into�r�r�rr r r!�test_wrapped_unconnected5s"


�
�"�z)BasicSocketTests.test_wrapped_unconnectedc	Cs\dD])}t�tj�}|�|�t|��}|�||���Wd�n1s&wYqdS)N)Ng�@)r�r�
settimeoutr�r��
gettimeout)r��timeoutr�rr r r!�test_timeoutGs

���zBasicSocketTests.test_timeoutc	
Cs�tjtjtjtjg}tjtjtjtjg}tj	j
tj	jtj	jg}|D]C}|j
|d��3t�tj�}|�t��}|j|O_Wd�n1sGwY|�dt|j��Wd�n1s_wYq!|D]E}t|�snqg|j
|d��0|�t��
}t�|�Wd�n1s�wY|�d|j�d�t|j��Wd�n1s�wYqg|D]H}t|�s�q�|j
|d��3t�tj�}|�t��}||_Wd�n1s�wY|�d|�d�t|j��Wd�n1s�wYq�dS)N)�optionz4ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated)rZzssl.z is deprecatedrk)r	r�r�r�r�rr�PROTOCOL_TLSv1_2rUr
rrrr�rarW�assertWarns�DeprecationWarning�optionsr�rR�warningr[rrXrI)	r�r3�	protocolsZversionsr/rM�cmrZr5r r r!�test_openssl111_deprecationsPsl�������	�����
����z-BasicSocketTests.test_openssl111_deprecationsc	Cs�t��}|jtdtj|td�|jtdtj|dd�|jtdtj|ddd�tj|dtd��}|�td|jtd	f�Wd�n1sDwY|�t	��#}t���}tj|t
d
�Wd�n1sewYWd�n1stwY|�|jj
t
j�|�t	��$}t���}tj|tt
d�Wd�n1s�wYWd�n1s�wY|�|jj
t
j�|�t	��$}t���}tj|t
t
d�Wd�n1s�wYWd�n1s�wY|�|jj
t
j�dS)Nzcertfile must be specified�r�z5certfile must be specified for server-side operationsT�r�r�r�r�z!can't connect in server-side modei��r��r�r�)r�r�r�r	r�r��connect�HOSTr�r�NONEXISTINGCERTr��	exception�errno�ENOENT)r�r�r�r6r r r!�test_errors_sslwrap�sV��
�
��
���
����
����z$BasicSocketTests.test_errors_sslwrapcCsntj�tj�t�ptj|�}t��}|�|j�|�	t
j��t||d�Wd�dS1s0wYdS)z;Check that trying to use the given client certificate failsr;N)
rrrrr�curdirr��
addCleanup�closer�r	r�r��r�r�r�r r r!�
bad_cert_test�s��"�zBasicSocketTests.bad_cert_testcC�|�d�dS)z Wrapping with an empty cert filer;N�rHr�r r r!�test_empty_cert��z BasicSocketTests.test_empty_certcCrI)z:Wrapping with a badly formatted certificate (syntax error)r<NrJr�r r r!�test_malformed_cert�rLz$BasicSocketTests.test_malformed_certcCrI)z2Wrapping with a badly formatted key (syntax error)r=NrJr�r r r!�test_malformed_key�rLz#BasicSocketTests.test_malformed_keyc	sJdd�}�fdd�}ddi}||d�||d�||d	�||d
�||d�||d�dd
i}||d�||d�||d�||d�||d�ddi}||d�||d�||d�||d�||d�ddi}||d�||d�||d�ddi}||d�||d�||d�||d�ddi}||d�||d�||d�d�d ��d!�}dd"|fffi}|||�dd#i}|||�dd$i}|||�d%�d ��d!�}dd"|fffi}||d&�d ��d!��||d'�d ��d!��||d(�d ��d!��||d)�d ��d!��d*d+d,d-�}||d.�||d/�||d0�||d1�d2d3d4�}||d5�||d6�||d7�dd8d9�}||d:�||d;�||d<�||d=�||d>�||d?�||d@�tj�r�ddAd9�}||dB�||dC�||dD�||dE�||dF�||d@�d2dGd4�}||d5�dHdIdJd-�}||d5�dHdGdJd-�}||dK���ttjdd���ttjid�ddLi}��tj	dM��t�|dN�Wd�n	1�s�wYddOi}��tj	dP��t�|dQ�Wd�n	1�s�wYddRi}��tj	dS��t�|dT�Wd�n	1�swYddUi}��tj	dV��t�|dW�Wd�n	1�s9wYddXi}��tj	dY��t�|dZ�Wd�n	1�s[wYd[D]}��t��
t�
|�Wd�n	1�szwY�qbd\D]}��t�
|���q�tj�r�d]D]
}��t�
|���q�dSdS)^NcSst�||�dSr)r	�match_hostname��certr�r r r!�ok�sz0BasicSocketTests.test_match_hostname.<locals>.okcs��tjtj||�dSr)r�r	�CertificateErrorrOrPr�r r!r��s�z2BasicSocketTests.test_match_hostname.<locals>.failr3)))r+�example.comrTzExAmple.cOmzwww.example.comz.example.comzexample.orgZexampleXcom)))r+z*.a.comz	foo.a.comz
bar.foo.a.comza.comzXa.comz.a.com)))r+zf*.comzfoo.comzf.comzbar.comzbar.foo.com)r�r�znull.python.org)))r+z	*.*.a.com)))r+za.*.comz	a.foo.comza..comupüthon.python.org�idna�asciir+)))r+z
x*.python.org)))r+zxn--p*.python.orguwww*.pythön.orguwww.pythön.orguwww1.pythön.orguftp.pythön.orgupythön.orgzJun 26 21:41:46 2011 GMT)))r+�linuxfrz.org))r-�linuxfr.org)r-�linuxfr.comr�)r0r3r4rXrYr�rWzDec 18 23:59:59 2011 GMT)r��)r��
California�)r(z
Mountain View�)r*z
Google Inc�)r+�mail.google.com)r0r3r_z	gmail.comr[)�r-rT)r��10.11.12.13)r��14.15.16.17r�)r3r4rarbz127.1z14.15.16.17 z14.15.16.17 extra dataz14.15.16.18zexample.net)r`)r�z2001:0:0:0:0:0:0:CAFE
)r�z2003:0:0:0:0:0:0:BABA
z
2001::cafez
2003::babaz2003::baba z2003::baba extra dataz
2003::bebe)r�rZr\r]zDec 18 23:59:59 2099 GMT)r�rZr\r^))r�Zblablaz
google.com)))r+za*b.example.comz5partial wildcards in leftmost label are not supportedzaxxb.example.com)))r+zwww.*.example.comz2wildcard can only be present in the leftmost labelzwww.sub.example.com)))r+za*b*.example.comztoo many wildcardszaxxbxxc.example.com)))r+�*z7sole wildcard without additional labels are not support�host)))r+z*.comz%hostname 'com' doesn't match '\*.com'Zcom)�1rz1.2.3z	256.0.0.1z127.0.0.1/24)r�z192.168.0.1)z::1z2001:db8:85a3::8a2e:370:7334)�encode�decoder�IPV6_ENABLEDr�r�r	rOr�rSZ_inet_patonr	)r�rRr�rQrU�invalidZipaddrr r�r!�test_match_hostname�s 




























�



�


�






�





�
�
�
�������������z$BasicSocketTests.test_match_hostnamecCsPt�tj�}t���}|jt|j|ddd�Wd�dS1s!wYdS)NTz
some.hostname�r�)r	rarVr�r�r�r�)r�rMr�r r r!�test_server_sides
�"�z!BasicSocketTests.test_server_sidec	Cs�t�d�}t�tj�}|�|���t|dd��"}|�t��
|�d�Wd�n1s.wYWd�n1s=wY|�	�dS)N�r�rF��do_handshake_on_connectzunknown-type)
r��
create_serverrr=�getsocknamer�r�r��get_channel_bindingrF)r�r��crr r r!�test_unknown_channel_binding�s
���z-BasicSocketTests.test_unknown_channel_binding�
tls-unique�*'tls-unique' channel binding not availablecCs�t�tj�}t|��}|�|�d��Wd�n1swYt�tj�}t|dtd��}|�|�d��Wd�dS1sCwYdS)NruTr:)r�rr��assertIsNonerrr�r(r r r!�test_tls_unique_channel_binding�s
�"�z0BasicSocketTests.test_tls_unique_channel_bindingcCsjtt�tj��}t|�}|�t��}d}t��Wd�n1s"wY|�|t	|j
jd��dSrx)r�r�r�reprr1rr�
gc_collect�assertInrRr4re)r�rr�r6r r r!�test_dealloc_warn�s
�z"BasicSocketTests.test_dealloc_warncCs�t��}|�t|�d�|�|tj�t���#}t|d<t	|d<t��}|�|j
t	�|�|jt�Wd�dS1s=wYdS)N��SSL_CERT_DIR�
SSL_CERT_FILE)r	Zget_default_verify_pathsr�rYrZDefaultVerifyPathsr�EnvironmentVarGuard�CAPATHr��cafiler$)r��paths�envr r r!�test_get_default_verify_paths�s
"�z.BasicSocketTests.test_get_default_verify_pathsr�Windows specificc	Cs�|�t�d��|�t�d��|�ttj�|�ttjd�t�}dD]H}t�|�}|�|t�|D]8}|�|t	�|�
t|�d�|\}}}|�|t�|�
|ddh�|�|tttf�t|ttf�rk|�|�q3q$d}|�
||�dS)	N�CA�ROOTr)r�r�r�x509_asn�
pkcs_7_asn�1.3.6.1.5.5.7.3.1)r	r	Zenum_certificatesr�r��WindowsError�setr�listrr�rY�bytesr{�	frozenset�boolrQ�update)	r�Z
trust_oidsZ	storename�store�elementrQ�encZtrust�
serverAuthr r r!�test_enum_certificates�s*


��
z'BasicSocketTests.test_enum_certificatescCs�|�t�d��|�ttj�|�ttjd�t�d�}|�|t�|D]"}|�|t�|�	t
|�d�|�|dt�|�|dddh�q$dS)Nr�r�rr�r�r�)
r	r	Z	enum_crlsr�r�r�rr�rr�rYr�r{)r�Zcrlsr�r r r!�test_enum_crls�s
�zBasicSocketTests.test_enum_crlsc	Cs�d}t�d�}|�||�|�|jd�|�|jd�|�|jd�|�|jd�|�|tj�|�t	tjd�tj�
d�}|�||�|�|tj�|�t	tjj
d�|�t	d��tj�
d�Wd�n1skwYtd	�D]4}ztj�
|�}Wn	t	y�Yqtw|�|jt
�|�|jt�|�|jt�|�|jttd�f�qttj�d�}|�||�|�|tj�|�tj�d�|�|�tj�d�|�|�t	d
��tj�d�Wd�dS1s�wYdS)N)�r��TLS Web Server Authenticationr�r�r�r�r����zunknown NID 100000i����zunknown object 'serverauth'Z
serverauth)r	�_ASN1Objectr��nid�	shortnameZlongname�oidrr�r�Zfromnidr��rangerrR�typeZfromname)r��expected�val�i�objr r r!�test_asn1object�sH
���"�z BasicSocketTests.test_asn1objectcCs�t�d�}|�tjjtj�|�tjj|�|�tjjjd�|�tjjjd�|�tjjjd�t�d�}|�tjj	tj�|�tjj	|�|�tjj	jd�|�tjj	jd�|�tjj	jd�dS)Nr�r�r�z1.3.6.1.5.5.7.3.2�Z
clientAuth)
r	r�r�Purpose�SERVER_AUTHr�r�r�r��CLIENT_AUTH)r�r�r r r!�test_purpose_enum�s 
�
�z"BasicSocketTests.test_purpose_enumcCs�t�tjtj�}|�|j�|�t��}t|tj	d�Wd�n1s%wY|�
t|j�d�t�
tj�}|�t��
}|�|�Wd�n1sNwY|�
t|j�d�dS)N�r�z!only stream sockets are supported)r�r�
SOCK_DGRAMrErFr�r#r�r	r�r�rRr@rarWr�)r�r�ZcxrMr r r!�test_unsupported_dtlss��z&BasicSocketTests.test_unsupported_dtlscCs|�t�|�|�dSr)r�r	�cert_time_to_seconds)r��
timestringZ	timestampr r r!�cert_time_okszBasicSocketTests.cert_time_okcCs:|�t��t�|�Wd�dS1swYdSr)r�r�r	r�)r�r�r r r!�cert_time_fails"�zBasicSocketTests.cert_time_failz)local time needs to be different from UTCcCs|�dd�|�dd�dS)NzMay  9 00:00:00 2007 GMTg�C��A�Jan  5 09:34:43 2018 GMT���ѓ�A)r�r�r r r!�"test_cert_time_to_seconds_timezone"sz3BasicSocketTests.test_cert_time_to_seconds_timezonecCs�d}d}|�||�|�tj|d�|�|�d|�|�d|�|�d�|�d�|�d�|�d	�|�d
�|�d�|�d�d
}|�d|�|�d|�|�dd�|�dd�|�dd�|�d�|�dd�dS)Nr�r�)Z	cert_timezJan 05 09:34:43 2018 GMTzJaN  5 09:34:43 2018 GmTzJan  5 09:34 2018 GMTzJan  5 09:34:43 2018zJan  5 09:34:43 2018 UTCzJan 35 09:34:43 2018 GMTzJon  5 09:34:43 2018 GMTzJan  5 24:00:00 2018 GMTzJan  5 09:60:43 2018 GMTg�W�AzDec 31 23:59:60 2008 GMTzJan  1 00:00:00 2009 GMTzJan  5 09:34:59 2018 GMTi�FOZzJan  5 09:34:60 2018 GMTi�FOZzJan  5 09:34:61 2018 GMTi�FOZzJan  5 09:34:62 2018 GMTzDec 31 23:59:59 9999 GMTg�� �MB)r�r�r	r�r�)r�r��tsZ
newyear_tsr r r!�test_cert_time_to_seconds*s*







z*BasicSocketTests.test_cert_time_to_seconds�LC_ALLrcCs@dd�}|���dkr|�d�|�dd�|�|�d�dS)NcSst�dd�S)Nz%b)	r�r�rr��r}rrr)ry�strftimer r r r!�local_february_nameQ�zNBasicSocketTests.test_cert_time_to_seconds_locale.<locals>.local_february_nameZfebz>locale-specific month name needs to be different from C localezFeb  9 00:00:00 2007 GMTg`�r�Az  9 00:00:00 2007 GMT)�lower�skipTestr�r�)r�r�r r r!� test_cert_time_to_seconds_localeMs

z1BasicSocketTests.test_cert_time_to_seconds_localecCsvt�tj�}|�|j�t�|�}tt�tj�tjd�}|�|j�|�	t
|f�}tjtj
tjtjf}|�||�dS)Nr�)r�rrErFr�	bind_portr�r	r��
connect_exr>rAZECONNREFUSEDZEHOSTUNREACHZ	ETIMEDOUT�EWOULDBLOCKr{)r��server�portr��rc�errorsr r r!�test_connect_ex_error\s
��z&BasicSocketTests.test_connect_ex_errorc	Cs�t�\}}}t|d�}|�D|jt��|d��"}|�t|jf�|�|�d�d�|�|�	d�d�Wd�n1s<wYWd�dSWd�dS1sTwYdS)N�r�rkr�)
r��ThreadedEchoServerr�r�r=r>r�r�rr!�r�r�r�r�r�r�r r r!�test_read_write_zerols

���"�z%BasicSocketTests.test_read_write_zeroN)4�__name__�
__module__�__qualname__r�r�r�r�r�r�r�r�r�r�rrZcpython_onlyrr)r.r7�ignore_deprecationrCrHrKrMrNrjrlrtrd�
skipUnlessr	�CHANNEL_BINDING_TYPESrxr|r�rq�platformr�r�r�r�r�r�r�rr�r�Zrun_with_localer�r�r�r r r r!r�Ksh#

	4


G
�



'�

#
r�c@s|eZdZdd�Zdd�Ze�edkd�dd��Zd	d
�Z	dd�Z
d
d�Zdd�Ze
dd��Ze�eejd�d�dd��Zdd�Zdd�Zdd�Zdd�Ze�ed�d d!��Zd"d#�Zd$d%�Ze�ejd&�d'd(��Zd)d*�Zd+d,�Zd-d.�Z d/d0�Z!d1d2�Z"e�e#j$d3kd4�d5d6��Z%e�e#j$d3kd7�e�ee#d8�d9�d:d;���Z&d<d=�Z'd>d?�Z(d@dA�Z)dBdC�Z*dDdE�Z+dFdG�Z,dHdI�Z-dJS)K�ContextTestsc	Cs�tD]&}t|�r(t���
t�|�}Wd�n1swY|�|j|�qt���t��}Wd�n1s<wY|�|jtj�|�	t
tjd�|�	t
tjd�dS)Nr��*)�	PROTOCOLSr[rr�r	rar�rZrUr�r�)r�rZrMr r r!�test_constructorzs
��

�zContextTests.test_constructorcCs^t�tj�}|�d�|�d�|�tjd��|�d�Wd�dS1s(wYdS)N�ALL�DEFAULT�No cipher can be selected�^$:,;?*'dorothyx)r	rarWrKr�r��r�rMr r r!�test_ciphers�s

"�zContextTests.test_ciphersr�z+Test applies only to Python default cipherscCsft�tj�}|��}|D]$}|d}|�d|�|�d|�|�d|�|�d|�|�d|�qdS)NrZPSKZSRPZMD5ZRC4Z3DES)r	rarW�get_ciphersZassertNotIn)r�rMr�Zsuiterr r r!�test_python_ciphers�s�z ContextTests.test_python_ciphersc	Csht�tj�}|�d�tdd�|��D��}hd�}|�|�}|�t|�ddt	|��dt	|����dS)NZAESGCMcss�|]}|dVqdS)rNr )�.0rr r r!�	<genexpr>���z0ContextTests.test_get_ciphers.<locals>.<genexpr>>zAES256-GCM-SHA384zECDHE-RSA-AES128-GCM-SHA256zECDHE-ECDSA-AES128-GCM-SHA256zECDHE-ECDSA-AES256-GCM-SHA384zECDHE-RSA-AES256-GCM-SHA384zDHE-RSA-AES256-GCM-SHA384zDHE-RSA-AES128-GCM-SHA256zAES128-GCM-SHA256r�z
got: z
expected: )
r	rarWrKr�r��intersectionrrY�sorted)r�rM�namesr�r�r r r!�test_get_ciphers�s


�zContextTests.test_get_cipherscCs�t�tj�}tjtjBtjB}|ttBtBt	Bt
BO}|�||j�t
���|jtjO_Wd�n1s9wY|�|tjB|j�t
���|jtj@|_Wd�n1s_wY|�||j�d|_|�d|jtj@�dSrx)r	rarW�OP_ALLr�r�r>rAr?r@rBr�r3rr�r�)r�rM�defaultr r r!�test_options�s(���
�
�zContextTests.test_optionscCs@t���t�tj�}Wd�n1swY|�|jtj�tj|_|�|jtj�tj	|_|�|jtj	�tj|_|�|jtj�|�
t��d|_Wd�n1sYwY|�
t��d|_Wd�n1sqwYt�tj
�}|�|jtj�|�|j�t�tj�}|�|jtj	�|�|j�dS�Nr�)rr�r	rarUr�r�r�r�r�r�r�r�rV�assertFalser�rWr	r�r r r!�test_verify_mode_protocol�s,
���z&ContextTests.test_verify_mode_protocolcCs�t�tj�}|�|j�tjr,d|_|�|j�d|_|�|j�d|_|�|j�dS|�t��d|_Wd�dS1s@wYdS�NTF)	r	rarWr	�hostname_checks_common_name�HAS_NEVER_CHECK_COMMON_NAMEr�r��AttributeErrorr�r r r!� test_hostname_checks_common_name�s"�z-ContextTests.test_hostname_checks_common_namecCst�tj�}tjjtjjtjjh}tjjtjjh}|�	|j
|�|�	|j|�tjj|_
tjj|_|�
|j
tjj�|�
|jtjj�tjj|_
tjj|_|�
|j
tjj�|�
|jtjj�tjj|_|�
|jtjj�tjj|_|�	|jtjjtjjtjjh�tjj|_
|�	|j
tjjtjjh�|�t��d|_
Wd�n1s�wYttj�r�t�tj�}|�	|j
|�|�
|jtjj�|�t��
tjj|_
Wd�n1s�wY|�t��tjj|_Wd�dS1s�wYdSdSr�)r	rarVr
rbrr`rc�TLSv1_3r{rIr]rr�rr�r�r[r)r�rMZ
minimum_rangeZ
maximum_ranger r r!�test_min_max_version�s|�
���


�
�


�
�

�
�
��
�
��"��z!ContextTests.test_min_max_version�security_levelzrequires OpenSSL >= 1.1.0cCs&t�tj�}hd�}|�|j|�dS)N>rr�r�rr�r�)r	rarWr{r�)r�rMZsecurity_level_ranger r r!�test_security_level5sz ContextTests.test_security_levelcCs�t�tj�}ttdd�}|�|jtj|B�tj|_|�|jtj�tj|_|�|jtj�tj|_|�|jtj�tj	|_|�|jtj	�tjtj
B|_|�|jtjtj
B�|�t��d|_Wd�dS1slwYdS)N�VERIFY_X509_TRUSTED_FIRSTr)
r	rarVrTr��verify_flags�VERIFY_DEFAULT�VERIFY_CRL_CHECK_LEAFZVERIFY_CRL_CHECK_CHAINZVERIFY_ALLOW_PROXY_CERTSZVERIFY_X509_STRICTr�r�)r�rM�tfr r r!�test_verify_flagsHs$
�"�zContextTests.test_verify_flagscCs�t�tj�}|jtdd�|jttd�|jt|jtd�|�t��
}|�t�Wd�n1s2wY|�	|j
jtj�|�
tjd��
|�t�Wd�n1sWwY|�
tjd��
|�t�Wd�n1sswYt�tj�}|�tt�|jttd�|jttd�|�
tjd��
|�t�Wd�n1s�wY|�
tjd��
|�t�Wd�n1s�wY|�
tjd��|jttd�Wd�n1s�wYt�tj�}|�
tjd��|�tt�Wd�n	1�swY|jttd�|jtt��d�|jttt���d�|�ttt�|�ttt���|�tttt����|�
td��|jtdd�Wd�n	1�s[wY|�tj��|jtdd�Wd�n	1�sywY|�
td	��|jtd
dd�Wd�n	1�s�wYdd
�}dd�}dd�}dd�}dd�}dd�}dd�}	Gdd�d�}
|jt|d�|jt|d�|jt|d�|jt|
�d�|jt|
�jd�|�tj��|jt|d�Wd�n	1�swY|�
td	��|jt|d�Wd�n	1�swY|�
td��|jt|d�Wd�n	1�s<wY|�
td��|jt|	d�Wd�n	1�sZwY|jt|	d�dS)Nr8�PEM libr<zkey values mismatch)�passwordzshould be a stringT�badpasszcannot be longer�ai�cS�tSr��KEY_PASSWORDr r r r!�getpass_unicode�rPz:ContextTests.test_load_cert_chain.<locals>.getpass_unicodecSst��Sr)rrfr r r r!�
getpass_bytes��z8ContextTests.test_load_cert_chain.<locals>.getpass_bytescSstt���Sr)r�rrfr r r r!�getpass_bytearray�r�z<ContextTests.test_load_cert_chain.<locals>.getpass_bytearraycS�dS)Nrr r r r r!�getpass_badpass�rPz:ContextTests.test_load_cert_chain.<locals>.getpass_badpasscSsddS)Nrir r r r r!�getpass_huge�rz7ContextTests.test_load_cert_chain.<locals>.getpass_hugecSr	)Nr�r r r r r!�getpass_bad_type�rPz;ContextTests.test_load_cert_chain.<locals>.getpass_bad_typecSstd��)N�
getpass error)�	Exceptionr r r r!�getpass_exception�rz<ContextTests.test_load_cert_chain.<locals>.getpass_exceptionc@�eZdZdd�Zdd�ZdS)z:ContextTests.test_load_cert_chain.<locals>.GetPassCallablecSrrrr�r r r!�__call__�rPzCContextTests.test_load_cert_chain.<locals>.GetPassCallable.__call__cSrrrr�r r r!�getpass�rPzBContextTests.test_load_cert_chain.<locals>.GetPassCallable.getpassN)r�r�r�rrr r r r!�GetPassCallable�srzmust return a stringr
)r	rarVr�r�r�r�rr?r�r@rArBr�r��BADCERT�	EMPTYCERT�ONLYCERT�ONLYKEY�BYTES_ONLYCERT�
BYTES_ONLYKEYr��CERTFILE_PROTECTEDrrfr��ONLYKEY_PROTECTEDr�rr)r�rMr6rrrr
rrrrr r r!�test_load_cert_chain\s��������
�
���������z!ContextTests.test_load_cert_chaincCst�tj�}|�t�|jtdd�|�t�|jtdd�|�t|j�|�t|jddd�|�t��
}|�t	�Wd�n1sDwY|�
|jjtj
�|�tjd��
|�t�Wd�n1siwY|�tt�|jttd�|�t|jdd�dS)N)r�r$r��r$T)r	rarVr�r��BYTES_CERTFILEr�r�rr?r�r@rArBr�r�rr��BYTES_CAPATH�r�rMr6r r r!�test_load_verify_locations�s"

��z'ContextTests.test_load_verify_locationscCs�tt��}|��}Wd�n1swYt�|�}tt��}|��}Wd�n1s0wYt�|�}t�tj�}|�|�	�dd�|j
|d�|�|�	�dd�|j
|d�|�|�	�dd�|j
|d�|�|�	�dd�t�tj�}d�||f�}|j
|d�|�|�	�dd�t�tj�}d|d|d	|d
g}|j
d�|�d�|�|�	�dd�t�tj�}|j
|d�|j
|d�|�|�	�dd�|j
|d�|�|�	�dd�t�tj�}d�||f�}|j
|d�|�|�	�dd�t�tj�}|jt
|j
td�|�tjd��|j
d
d�Wd�n	1�s*wY|�tjd��|j
dd�Wd�dS1�sIwYdS)N�x509_car��cadatar�r�r��head�otherZagain�tailr�z4no start line: cadata does not contain a certificate�brokenz6not enough data: cadata does not contain a certificatesbroken)rDr�rEr	r��CAFILE_NEURONIOrarWr��cert_store_statsr�rr�r��objectr�r�)r�rGZ
cacert_pemZ
cacert_derZneuronio_pemZneuronio_derrMZcombinedr r r!�test_load_verify_cadata�sd

�


�

����$�z$ContextTests.test_load_verify_cadata�)Avoid mixing debug/release CRT on WindowscCs�t�tj�}|�t�tjdkr|�t�|�t	|j�|�t	|jd�|�t
��
}|�t�Wd�n1s9wY|�|j
jtj�|�tj��}|�t�Wd�dS1s^wYdS)N�nt)r	rarV�load_dh_params�DHFILErr�BYTES_DHFILEr�r�rFr?r�r@rArBr�r�r r r r!�test_load_dh_paramss


�"�z ContextTests.test_load_dh_paramscCsHtjtjhD]}t�|�}|�|��dddddddddddd��qdS)Nr)Znumberr=Zconnect_goodZconnect_renegotiate�acceptZaccept_goodZaccept_renegotiate�hits�missesZtimeoutsZ
cache_full)r	rWrVrar��
session_statsr�r r r!�test_session_statss 


��zContextTests.test_session_statscCst�tj�}|��dSr)r	rarWZset_default_verify_pathsr�r r r!�test_set_default_verify_paths sz*ContextTests.test_set_default_verify_pathsz#ECDH disabled on this OpenSSL buildcCsbt�tj�}|�d�|�d�|�t|j�|�t|jd�|�t|jd�|�t|jd�dS)N�
prime256v1s
prime256v1�foo�foo)r	rarV�set_ecdh_curver�r�r�r�r r r!�test_set_ecdh_curve&s

z ContextTests.test_set_ecdh_curvecCsjt�tj�}|�t|j�|�t|jd�|�t|jd�|�t|j|�dd�}|�d�|�|�dS)Nr�rcSrOrr �r��
servernamerMr r r!�
dummycallback9rPz5ContextTests.test_sni_callback.<locals>.dummycallback)r	rarVr�r��set_servername_callback)r�rMr@r r r!�test_sni_callback0s
zContextTests.test_sni_callbackcCsJt�tj�}|fdd�}|�|�t�|�}~~t��|�|�d�dS)NcSrOrr )r�r?rM�cycler r r!r@BrPz>ContextTests.test_sni_callback_refcycle.<locals>.dummycallback)	r	rarVrArr�gc�collectr�)r�rMr@rr r r!�test_sni_callback_refcycle>s

z'ContextTests.test_sni_callback_refcyclecCs�t�tj�}|�|��dddd��|�t�|�|��dddd��|�t�|�|��dddd��|�t�|�|��dddd��dS)Nr)r"�crl�x509r�r�)	r	rarWr�r*r�r�r�r�r�r r r!�test_cert_store_statsJs 

�


�


�


�z"ContextTests.test_cert_store_statscCs�t�tj�}|�|��g�|�t�|�|��g�|�t�|�|��dddddddd�g�tt��}|�	�}Wd�n1sDwYt�
|�}|�|�d�|g�dS)	N)))r*zRoot CA))r�zhttp://www.cacert.org))r+zCA Cert Signing Authority))r�zsupport@cacert.orgzMar 29 12:29:49 2033 GMTzMar 30 12:29:49 2003 GMTZ00)z!https://www.cacert.org/revoke.crlr)r/r0r1r2r9r3r5T)r	rarWr��get_ca_certsr�r�r�rDrEr�)r�rMrGr��derr r r!�test_get_ca_certsXs(


��

�
zContextTests.test_get_ca_certscCs�t�tj�}|��t�tj�}|�tjj�|��t�tj�}|�tjj�t�tj�}|�t|jd�|�t|jd�dS)Nr�)	r	rarW�load_default_certsr�r�r�r�r�r�r r r!�test_load_default_certstsz$ContextTests.test_load_default_certsrznot-Windows specificcCsjt�tj�}t���!}t|d<t|d<|��|�|�	�dddd��Wd�dS1s.wYdS)Nr~rrr�)rGrHr")
r	rarWrr�r�r�rMr�r*)r�rMr�r r r!�test_load_default_certs_env�s
"�z(ContextTests.test_load_default_certs_envr�rz3Debug build does not share environment between CRTscCs�t�tj�}|��|��}t�tj�}t���%}t|d<t|d<|��|dd7<|�	|��|�Wd�dS1s@wYdS)Nr~rrHr�)
r	rarWrMr*rr�r�r�r�)r�rM�statsr�r r r!�#test_load_default_certs_env_windows�s
"�z0ContextTests.test_load_default_certs_env_windowscCs�|�|jtj@tj�tdkr|�|jt@t�tdkr%|�|jt@t�tdkr2|�|jt@t�tdkrA|�|jt@t�dSdSrx)r�r3r	r�r>r?r@rAr�r r r!�_assert_context_options�s$�����z$ContextTests._assert_context_optionscCs�t��}|�|jtj�|�|jtj�|�|j�|�	|�t
t��}|��}Wd�n1s2wYtjtt
|d�}|�|jtj�|�|jtj�|�	|�t�tjj�}|�|jtj�|�|jtj�|�	|�dS)N)r�r$r$)r	�create_default_contextr�rZrWr�r�r	r�rRrDr�rEr�r�r�rVr�)r�rMrGr$r r r!�test_create_default_context�s$


��
z(ContextTests.test_create_default_contextcCsVt��}|�|jtj�|�|jtj�|�|j�|�	|�t
tj�rSt�
��t�tj�}Wd�n1s9wY|�|jtj�|�|jtj�|�	|�t�
��tjtjtjdd�}Wd�n1slwY|�|jtj�|�|jtj�|�|j�|�	|�tjtjjd�}|�|jtj�|�|jtj�|�	|�dS)NT)r�r�)Zpurpose)r	�_create_stdlib_contextr�rZrWr�r�r�r�rRr[rrr�r0r�r	r�r�rVr�r r r!�test__create_stdlib_context�s6


�

��
z(ContextTests.test__create_stdlib_contextcCs�t���t�tj�}Wd�n1swY|�|j�|�|jtj	�d|_|�
|j�|�|jtj�d|_tj|_|�|j�|�|jtj�d|_tj	|_d|_|�|j�|�|jtj	�d|_|�
|j�|�|jtj�d|_tj|_d|_|�|j�|�|jtj�d|_|�
|j�|�|jtj�|�
t��tj	|_Wd�n1s�wYd|_|�|j�tj	|_|�|jtj	�dSr�)rr�r	rarUr�r�r�r�r�r	r�r�r�r�r�r r r!�test_check_hostname�sF
�
�z ContextTests.test_check_hostnamecCsTt�tj�}|�|j�|�|jtj�t�tj�}|�	|j�|�|jtj
�dSr)r	rarWr	r�r�r�r�rVr�r�r�r r r!�test_context_client_server	sz'ContextTests.test_context_client_servercCs�Gdd�dtj�}Gdd�dtj�}t�tj�}||_||_|jt��dd��}|�	||�Wd�n1s8wY|j
t��t��dd�}|�	||�dS)Nc@�eZdZdS)z;ContextTests.test_context_custom_class.<locals>.MySSLSocketN�r�r�r�r r r r!�MySSLSocket�r[c@rY)z;ContextTests.test_context_custom_class.<locals>.MySSLObjectNrZr r r r!�MySSLObjectr\r]Tr9)r	r��	SSLObjectrarVZsslsocket_classZsslobject_classr�r�r�wrap_bior�)r�r[r]rMr�r�r r r!�test_context_custom_classs�z&ContextTests.test_context_custom_classcCs�t�tj�}|�|jd�d|_|�|jd�d|_|�|jd�|�t��d|_Wd�n1s4wY|�t��d|_Wd�n1sLwYt�tj�}|�|jd�|�t��d|_Wd�dS1srwYdS)Nr�r�rr�)	r	rarVr�Znum_ticketsr�r�r�rWr�r r r!�test_num_tickest$s"��"�zContextTests.test_num_tickestN).r�r�r�r�r�rdr�rr�r�r�r�r�r�r�rJr	rar�r�rr!r,�skipIf�Py_DEBUG_WIN32r2r7r8r�r=rBrFrIrLrNrqr�rOrQrRrTrVrWrXr`rar r r r!r�xsZ
�

N
�
S
?


	

,r�c@s8eZdZdd�Ze�ed�dd��Zdd�Zdd	�Z	d
S)�
SSLErrorTestscCsXt�dd�}|�t|�d�|�|jd�t�dd�}|�t|�d�|�|jd�dS)Nr�r:)r	r�r�rRrAZSSLZeroReturnError)r��er r r!�test_str8szSSLErrorTests.test_strr-cCs�t�tj�}|�tj��
}|�t�Wd�n1swY|�|jj	d�|�|jj
d�t|j�}|�|�
d�|�dS)NZPEMZ
NO_START_LINEz"[PEM: NO_START_LINE] no start line)r	rarWr�r�r/r�r�r@�library�reasonrRr	rS)r�rMr6r�r r r!�test_lib_reasonBs�
zSSLErrorTests.test_lib_reasonc
Cst�tj�}d|_tj|_t�d��f}t�|�	��}|�
d�|j|ddd��9}|�tj
��}|��Wd�n1s=wYt|j�}|�|�d�|�|�|jjtj�Wd�n1scwYWd�dSWd�dS1s{wYdS)NFrmrnz%The operation did not complete (read))r	rarWr�r�r�r�rp�create_connectionrq�setblockingr�r��SSLWantReadError�do_handshakerRr@r	rSr�rA�SSL_ERROR_WANT_READ)r�rMr�rsr6r r r!�
test_subclassMs"

�
��"�zSSLErrorTests.test_subclasscCs�t��}|�t��|jt��t��dd�Wd�n1s wY|�t��|jt��t��dd�Wd�n1sAwY|�t��|jt��t��dd�Wd�dS1scwYdS)Nrrkz.example.orgzexample.orgevil.com)r	rSr�r�r_r�r�r�r r r!�test_bad_server_hostname_s �����"�z&SSLErrorTests.test_bad_server_hostnameN)
r�r�r�rfrdrbrcrirorpr r r r!rd6s



rdc@s4eZdZdd�Zdd�Zdd�Zdd�Zd	d
�ZdS)�MemoryBIOTestscCs�t��}|�d�|�|��d�|�|��d�|�d�|�d�|�|��d�|�|��d�|�d�|�|�d�d�|�|�d�d	�|�|�d�d�dS)
Nr;r��barsfoobar�bazr�sbar��z)r	r�rur�rE�r��bior r r!�test_read_writens



zMemoryBIOTests.test_read_writecCs�t��}|�|j�|�|��d�|�|j�|�d�|�|j�|��|�|j�|�|�d�d�|�|j�|�|�d�d�|�|j�|�|��d�|�|j�dS)Nr�r;r�sfor��o)	r	r�r��eofr�rEru�	write_eofr	rur r r!�test_eof|s
zMemoryBIOTests.test_eofcCs�t��}|�|jd�|�d�|�|jd�td�D]}|�d�|�|jd|d�qtd�D]}|�d�|�|j|d�q2|��|�|jd�dS)Nrr;rr�r)r	r�r��pendingrur�rE)r�rvr�r r r!�test_pending�s


zMemoryBIOTests.test_pendingcCsbt��}|�d�|�|��d�|�td��|�|��d�|�td��|�|��d�dS)Nr;rrrs)r	r�rur�rEr��
memoryviewrur r r!�test_buffer_types�s
z MemoryBIOTests.test_buffer_typescCsLt��}|�t|jd�|�t|jd�|�t|jd�|�t|jd�dS)Nr:Tr�)r	r�r�r�rurur r r!�test_error_types�s
zMemoryBIOTests.test_error_typesN)r�r�r�rwr{r}rr�r r r r!rqls	rqc@r)�SSLObjectTestscCsFt��}|�td��t�||�Wd�dS1swYdSr�)r	r�r�r�r^rur r r!r��s"�z SSLObjectTests.test_private_initc	Cs:t�\}}}t��}t��}t��}t��}|j|||d�}|j||dd�}	td�D]8}
z|��Wn
tjy<Ynw|jrG|�|�	��z|	��Wn
tjyWYnw|jrb|�|�	��q*|��|	��|�
tj��|��Wd�n1s�wY|�|�	��|	��|�|�	��|��dS)NrkTr9r�)r�r	r�r_r�rmrlr|rurEr��unwrap)r��
client_ctx�
server_ctxr�Zc_inZc_outZs_inZs_out�clientr��_r r r!�test_unwrap�s@���
�zSSLObjectTests.test_unwrapN)r�r�r�r�r�r r r r!r��sr�c@s�eZdZdZdd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Ze
�ejdkd�dd��Zdd�Zdd�Zdd�Zdd�Zd d!�Zd"d#�Zd$d%�Zd&d'�Zd(d)�Zd*d+�Zd,d-�Zd.d/�Zd0S)1�SimpleBackgroundTestsz?Tests that connect to a simple server running in the backgroundcCsPt�tj�|_|j�t�t|jd�}t|jf|_	|�
�|�|jddd�dS)Nr�)
r	rarVr�r�r�r�r>r��server_addr�	__enter__rE�__exit__)r�r�r r r!�setUp�szSimpleBackgroundTests.setUpcCs�tt�tj�tjd��}|�|j�|�i|���|�	|j
�Wd�n1s*wYtt�tj�tjtd��}|�|j�|�
|���|�	|j
�Wd�dS1sZwYdS)Nr��r�r�)r�r�rr	r�r=r�r��getpeercertr�r�r�r�r	r�r r r!�test_connect�s"���"�z"SimpleBackgroundTests.test_connectcCs<tt�tj�tjd�}|�|j�|�tjd|j	|j
�dS)Nr��certificate verify failed)r�r�rr	r�rErFr�r�r=r�r�r r r!�test_connect_fail�s�
�z'SimpleBackgroundTests.test_connect_failcCsJtt�tj�tjtd�}|�|j�|�d|�	|j
��|�|���dS)Nr�r)
r�r�rr	r�r�rErFr�r�r�r	r�r�r r r!�test_connect_ex�s�z%SimpleBackgroundTests.test_connect_exc	Cs�tt�tj�tjtdd�}|�|j�|�d�|�	|j
�}|�|dtj
tjf�t�g|ggd�	z|��Wn&tjyLt�|gggd�Yntjy^t�g|ggd�Ynwq3|�|���dS)NF)r�r�rorr*)r�r�rr	r�r�rErFrkr�r�r{rAZEINPROGRESSr��selectrmrl�SSLWantWriteErrorr	r��r�r�r�r r r!�test_non_blocking_connect_exs*�
��	z2SimpleBackgroundTests.test_non_blocking_connect_excCst�tj�}d|_tj|_|�t�tj���}|�	|j
�|�i|���Wd�n1s/wY|jt�tj�dd��}|�	|j
�Wd�n1sPwYtj
|_|�t�|�t�tj���}|�	|j
�|��}|�|�Wd�dS1s�wYdS)NFZdummyrk)r	rarWr�r�r�r�r�rr=r�r�r�r�r�r�r	�r�rMr�rQr r r!�test_connect_with_context"s(���
"�z/SimpleBackgroundTests.test_connect_with_contextcCsHt�tj�}|jt�tj�td�}|�|j�|�	tj
d|j|j�dS)Nrkr�)
r	rarWr�r�rr�rErFr�r�r=r�)r�rMr�r r r!�test_connect_with_context_fail6s
�
�z4SimpleBackgroundTests.test_connect_with_context_failcCs�t�tj�}|jtd�|jt�tj�td��}|�	|j
�|��}|�|�Wd�n1s1wYt�tj�}|jt
d�|jt�tj�td��}|�	|j
�|��}|�|�Wd�dS1shwYdS)Nrrk)r	rarWr�r�r�r�rr�r=r�r�r	rr�r r r!�test_connect_capathCs(���"�z)SimpleBackgroundTests.test_connect_capathcCstt��}|��}Wd�n1swYt�|�}t�tj�}|j|d�|jt	�	t	j
�td��}|�|j
�|��}|�|�Wd�n1sNwYt�tj�}|j|d�|jt	�	t	j
�td��}|�|j
�|��}|�|�Wd�dS1s�wYdS)Nr#rk)rDr�rEr	r�rarWr�r�r�rr�r=r�r�r	)r�rGr�rKrMr�rQr r r!�test_connect_cadataZs0

�
���"�z)SimpleBackgroundTests.test_connect_cadatar.z*Can't use a socket as a file under WindowscCs�tt�tj��}|�|j�|��}|��}|��t�	|d�|��t
��|�t
��}t�	|d�Wd�n1s>wY|�|jjtj�dSrx)r�r�rr=r��fileno�makefilerFrrErDrEr�rr�r@rA�EBADF)r�r�fdrGrer r r!�test_makefile_closeos�z)SimpleBackgroundTests.test_makefile_closecCs�t�tj�}|�|j�|�d�t|tjdd�}|�|j	�d}	z
|d7}|�
�Wn$tjy>t�|ggg�Yntj
yOt�g|gg�Ynwq"tjr^tj�d|�dSdS)NF�r�rorTr�z9
Needed %d calls to do_handshake() to establish session.
)r�rr=r�rkr�r	r�rErFrmrlr�r�rrsrqrtru)r�r��countr r r!�test_non_blocking_handshake�s.
���	�z1SimpleBackgroundTests.test_non_blocking_handshakecCst|g|j�Rdti�dS)NrQ)�_test_get_server_certificater�r�r�r r r!�test_get_server_certificate�r#z1SimpleBackgroundTests.test_get_server_certificatecs�|j\}}g��fdd�}|j�|�t�||f�}|s%|�d||f�tj||ftd�}|s9|�d||f�tjrGt	j
�d|||f�|��||g�dS)Ncs��|�dSr)�append��ssl_sockZserver_nameZinitial_context�Zserver_namesr r!�
servername_cb��zLSimpleBackgroundTests.test_get_server_certificate_sni.<locals>.servername_cb�No server certificate on %s:%s!�r��&
Verified certificate for %s:%s is
%s
)
r�r�rAr	�get_server_certificater�r�rrsrqrtrur�)r�rdr�r�r�r r�r!�test_get_server_certificate_sni�s
z5SimpleBackgroundTests.test_get_server_certificate_snicCst|g|j�R�dSr)�!_test_get_server_certificate_failr�r�r r r!� test_get_server_certificate_fail�sz6SimpleBackgroundTests.test_get_server_certificate_failcCsXdd�}|j�|�|�tj��tj|jtdd�Wd�dS1s%wYdS)NcSst�d�dS)N皙�����?)ry�sleepr�r r r!r��r�zPSimpleBackgroundTests.test_get_server_certificate_timeout.<locals>.servername_cb皙�����?)r�r-)	r�rAr�r�r-r	r�r�r�)r�r�r r r!�#test_get_server_certificate_timeout�s
�"�z9SimpleBackgroundTests.test_get_server_certificate_timeoutc	Cstt�tj�tjdd��}|�|j�Wd�n1swYtt�tj�tjdd��}|�|j�Wd�n1s?wY|�tjd��5t�tj��}t|tjdd�}|�|j�Wd�n1skwYWd�dSWd�dS1s�wYdS)Nr�)r�r�r�r�r�)	r�r�rr	r�r=r�r�r�)r�r�r�r r r!r��s,�������"�z"SimpleBackgroundTests.test_cipherscCs�t�tj�}|jtd�|�|��g�|jt�tj	�dd��}|�
|j�|��}|�
|�Wd�n1s9wY|�t|���d�dS)Nrr,rkr�)r	rarWr�r�r�rJr�r�rr=r�r�r	rYr�r r r!�test_get_ca_certs_capath�s��z.SimpleBackgroundTests.test_get_ca_certs_capathcCs�t�tj�}|jtd�t�tj�}|jtd�t�tj�}|j|dd��0}|�|j	�|�
|j|�|�
|jj|�||_|�
|j|�|�
|jj|�Wd�dS1sXwYdS)Nrr,rk)
r	rarWr�r�r�rr�r=r�r�r��_sslobj)r�Zctx1Zctx2r�rr r r!�test_context_setget�s"�z)SimpleBackgroundTests.test_context_setgetc
Os�|�dtj�}t��|}d}		t��|kr|�d�d}
|	d7}	z||�}Wn tjyG}z|jtj	tj
fvr:�|j}
WYd}~nd}~ww|��}
|�|
�|
durVn|
tj	krl|�
d�}
|
rh|�|
�n|��qtjr{tj�d|	|jf�|S)Nr-rTr�i�z"Needed %d calls to complete %s().
)r�r�
SHORT_TIMEOUTry�	monotonicr�r	r�rArnZSSL_ERROR_WANT_WRITErE�sendallrrurzrsrqrtr�)r�r��incoming�outgoingrgrer�r-�deadliner�rA�retre�bufr r r!�ssl_io_loop�sB
���


��z!SimpleBackgroundTests.ssl_io_loopcCs~t�tj�}|�|j�|�|j�t��}t��}t�tj	�}|�
|j�|�|j
tj�|�t�|�||dt�}|�|jj|�|�|���|�|���|�|���|�t|j�dtjvrl|�|�d��|�||||j �|�
|���|�|���|�!|���|�
|���dtjvr�|�
|�d��z|�||||j"�Wn
tj#y�Ynw|�tj$|j%d�dS)NFrur;)&r�rrErFr=r�r	r�rarWr	r�r�r�r�r�r�r_r�r�r��ownerrw�cipherr5�shared_ciphersr�r�r�r�rrr�rm�assertIsNotNoner�ZSSLSyscallErrorr�ru)r�r�r�r�rM�sslobjr r r!�test_bio_handshake	s@

�

�z(SimpleBackgroundTests.test_bio_handshakecCs�t�tj�}|�|j�|�|j�t��}t��}t�tj	�}d|_
tj|_|�
||d�}|�||||j�d}|�||||j|�|�||||jd�}|�|d�|�||||j�dS)NF�FOO
�sfoo
)r�rrErFr=r�r	r�rarWr�r�r�r_r�rmrurEr�r�)r�r�r�r�rMr�Zreqr�r r r!�test_bio_read_write_data-	sz.SimpleBackgroundTests.test_bio_read_write_datacCs�t�\}}}t�tj��4}|�|j�t��}t��}|j|||d�}|�||||j	�|�
�|�tj|j
�Wd�dS1sCwYdS)Nrk)r�r�rr=r�r	r�r_r�rmrzr��SSLEOFErrorrE)r�r�r�r�r�r�r�r�r r r!�test_transport_eof>	s�"�z(SimpleBackgroundTests.test_transport_eofN)r�r�r��__doc__r�r�r�r�r�r�r�r�r�rdrbrrr�r�r�r�r�r�r�r�r�r�r�r�r�r r r r!r��s2
	

	%"r�Znetworkc@s*eZdZdd�Ze�ejd�dd��ZdS)�NetworkedTestscCs�t�t��Ett�tj�tjdd�}|�|j	�|�
d�|�tdf�}|dkr.|�d�n
|t
jkr8|�d�|�|t
jt
jf�Wd�dS1sMwYdS)NFr�gH�����z>�rz!REMOTE_HOST responded too quicklyzNetwork unreachable.)r�transient_internet�REMOTE_HOSTr�r�rr	r�rErFr+r�r�rAZENETUNREACHr{�EAGAINr�r�r r r!�test_timeout_connect_exP	s�


"�z&NetworkedTests.test_timeout_connect_exz
Needs IPv6cCsHt�d��t|dd�t|dd�Wd�dS1swYdS)Nzipv6.google.comr�)rr�r�r�r�r r r!� test_get_server_certificate_ipv6`	s"�z/NetworkedTests.test_get_server_certificate_ipv6N)	r�r�r�r�rdr�rrhr�r r r r!r�M	sr�cCspt�||f�}|s|�d||f�tj||f|d�}|s&|�d||f�tjr6tj�d|||f�dSdS)Nr�r�r�)r	r�r�rrsrqrtru)�testrdr�rQr�r r r!r�g	s�r�c
Cs|ztj||ftd�}Wn&tjy1}ztjr&tj�d|�WYd}~dSWYd}~dSd}~ww|�	d|||f�dS)Nr�z%s
z$Got server certificate %s for %s:%s!)
r	r�r�r�rrsrqrtrur�)r�rdr�r��xr r r!r�r	s���r�)�make_https_serverc@sdeZdZGdd�dej�Z					ddd�Zdd	�Zd
d�Zddd
�Z	dd�Z
dd�Zdd�ZdS)r�c@s@eZdZdZdd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dS)z$ThreadedEchoServer.ConnectionHandlerz�A mildly complicated class, because we want it to work both
        with and without the SSL wrapper around the socket connection, so
        that we can test the STARTTLS functionality.cCs@||_d|_||_||_|j�d�d|_tj�|�d|_	dS�NFT)
r��runningr��addrrk�sslconn�	threading�Thread�__init__�daemon)r�r�Zconnsockr�r r r!r��	s
z-ThreadedEchoServer.ConnectionHandler.__init__c
Cs�z|jjj|jdd�|_|jj�|j���Wnytt	t
fyL}z&|jj�t|��|jj
r:tdt|j�d�d|_|��WYd}~dSd}~wtjtfy�}z6|jj�t|��|jj
rntdt|j�d�|jtjkr�tjdkr�d|_|j��|��WYd}~dSd}~ww|jj�|j���|jjjtjkr�|j��}tj r�|jj
r�tj!�"dt#�$|�d�|j�d�}tj r�|jj
r�|dur�tj!�"d	�ntj!�"d
t%|��d��|j�&�}tj r�|jj
r�tj!�"dt|�d�dS)
NTr9z'
 server:  bad connection attempt from z:
F�darwinz client cert is r�z client did not provide a cert
z cert binary is zb
z" server: connection cipher is now )'r�r�r�r�r��selected_alpn_protocolsr��selected_alpn_protocol�ConnectionResetError�BrokenPipeError�ConnectionAbortedError�conn_errorsrR�chattyrwryr�r�rFr	r�rrAZ
EPROTOTYPErqr��stopr�r�r�r�rrsrtrur�r�rYr�)r�rerQZcert_binaryr�r r r!�	wrap_conn�	sL��
��

z.ThreadedEchoServer.ConnectionHandler.wrap_conncCs|jr|j��S|j�d�S)Nr�)r�rEr�rr�r r r!rE�	s
z)ThreadedEchoServer.ConnectionHandler.readcCs|jr	|j�|�S|j�|�Sr)r�rur�r!)r�r�r r r!ru�	sz*ThreadedEchoServer.ConnectionHandler.writecCs"|jr
|j��dS|j��dSr)r�rFr�r�r r r!rF�	sz*ThreadedEchoServer.ConnectionHandler.closecCs�d|_|jjs
|��s
dS|j�r�z�|��}|��}|s;d|_z|j��|_Wn	t	y1Ynwd|_|�
��n\|dkrStjrL|jj
rLtj�d�|�
�WdS|jjrv|dkrvtjrh|jj
rhtj�d�|�d�|��stWdS�n!|jjr�|jr�|dkr�tjr�|jj
r�tj�d	�|�d�|j��|_d|_tjr�|jj
r�tj�d
�n�|dkr�tjr�|jj
r�tj�d�|j�d
�}|�t|��d�d�n�|dk�rtjr�|jj
r�tj�d�z|j��Wn tj�y}z|�t|��d�d�WYd}~n�d}~ww|�d�n�|dk�r'|j��du�r!|�d�nv|�d�np|dk�r>|j��}|�t|��d�d�nY|dk�rW|jj��}|�t|��dd�d�n@|dk�rp|jj��}|�t|��dd�d�n'tj�r�|jj
�r�|j�r�d�p�d}tj�d|||��|f�|�|���WnMt	�y�}z@|jj�r�tj�r�t|t ��r�t!d|j"���nt#d�z|�d�Wn
t	�y�Ynw|�
�d|_|j�$�WYd}~nd}~ww|jsdSdS) NTFsoverz" server: client closed connection
�STARTTLSz2 server: read STARTTLS from client, sending OK...
�OK
�ENDTLSz0 server: read ENDTLS from client, sending OK...
z* server: connection is now unencrypted...
s
CB tls-uniquez@ server: read CB tls-unique from client, sending our CB data...
ru�us-ascii�
�PHAz( server: initiating post handshake auth
�HASCERT�TRUE
�FALSE
�GETCERTs
VERIFIEDCHAINr��bigsUNVERIFIEDCHAINZ	encryptedZunencryptedz/ server: read %r (%s), sending back %r (%s)...
z Connection reset by peer: zTest server failure:
sERROR
)%r�r��starttls_serverr�rE�stripr�r�r�rrFrrs�connectionchattyrqrtrurrryrf�verify_client_post_handshaker	r�r�r��get_verified_chainrY�to_bytes�get_unverified_chainr�r�rQ�ConnectionError�printr�rwr�)r��msg�strippedr�rerQZcertsZctyper r r!�run�	s��
�
�
$��




���
�����z(ThreadedEchoServer.ConnectionHandler.runN)
r�r�r�r�r�r�rErurFrr r r r!�ConnectionHandler�	s
>rNTFcCs�|
r|
|_n8t�|dur|ntj�|_|dur|ntj|j_|r&|j�|�|r.|j�|�|r6|j�|�|	r>|j�	|	�||_
||_||_t
�
�|_t�|j�|_d|_d|_g|_g|_g|_tj�|�d|_dSr�)r�r	rarVr�r�r�r��set_alpn_protocolsrKr�r�r�r�r�rr�r��flag�activer�r�r�r�r�r�r�)r�Zcertificate�ssl_version�certreqs�cacertsr�r�r�Zalpn_protocolsr�r�r r r!r�F
s<���

zThreadedEchoServer.__init__cC�|�t���|j��|Sr��startr��Eventr�waitr�r r r!r�h
�
zThreadedEchoServer.__enter__cGs|��|��dSr)r�r�r�rer r r!r�m
szThreadedEchoServer.__exit__cC�||_tj�|�dSr�rr�r�r�r�rr r r!rq
�zThreadedEchoServer.startc
Cs8|j�d�|j�d�d|_|jr|j��|jr�z*|j��\}}tjr4|j	r4t
j�dt
|�d�|�|||�}|��|��WnNtyc}ztjrYt
j�d|�d��WYd}~n4d}~wtyo|��Yn$ty�}ztjr�|j	r�t
j�dt
|�d�WYd}~nd}~ww|js|��dS)Ng�?r�Tz server:  new connection from r�z connection timeout z connection handling failed: )r�r+�listenrrr�r3rrsr�rqrtruryrrr�TimeoutError�KeyboardInterruptr��
BaseExceptionrF)r�ZnewconnZconnaddr�handlerrer r r!ru
s@
�������zThreadedEchoServer.runcCs"|jdur|j��d|_dSdSr)r�rFr�r r r!rF�
s


�zThreadedEchoServer.closecCs
d|_dS�NF)rr�r r r!r��
�
zThreadedEchoServer.stop)
NNNNTFFNNNr)
r�r�r�r�r�rr�r�r�rrrFr�r r r r!r�	sF
�"
r�c@sXeZdZGdd�dej�Zdd�Zdd�Zdd�Zd	d
�Z	ddd
�Z
dd�Zdd�ZdS)�AsyncoreEchoServerc@s6eZdZGdd�dej�Zdd�Zdd�Zdd�Zd	S)
zAsyncoreEchoServer.EchoServerc@s<eZdZdd�Zdd�Zdd�Zdd�Zd	d
�Zdd�Zd
S)z/AsyncoreEchoServer.EchoServer.ConnectionHandlercCs4t|d|dd�|_tj�||j�d|_|��dS)NTF)r�r�ro)r�r��asyncore�dispatcher_with_sendr��_ssl_accepting�_do_ssl_handshake)r��connr�r r r!r��
s�z8AsyncoreEchoServer.EchoServer.ConnectionHandler.__init__cCs6t|jtj�r|j��dkr|��|j��dksdS)NrT)rQr�r	r�r|Zhandle_read_eventr�r r r!�readable�
s
�z8AsyncoreEchoServer.EchoServer.ConnectionHandler.readablec
Cs�z|j��WnGtjtjfyYdStjy"|��YStjy*�tyN}z|j	dt
jkrC|��WYd}~SWYd}~dSd}~wwd|_dS)NrF)
r�rmr	rlr�r��handle_closer�rrerAZECONNABORTEDr�r��errr r r!r�
s���
zAAsyncoreEchoServer.EchoServer.ConnectionHandler._do_ssl_handshakecCsX|jr	|��dS|�d�}tjrtj�dt|��|s#|�	�dS|�
|���dS)Nr�z server:  read %s from client
)rrrrrsrqrtruryrFr!r�)r�r�r r r!�handle_read�
s
z;AsyncoreEchoServer.EchoServer.ConnectionHandler.handle_readcCs(|��tjrtj�d|j�dSdS)Nz server:  closed connection %s
)rFrrsrqrtrur�r�r r r!r"�
s�z<AsyncoreEchoServer.EchoServer.ConnectionHandler.handle_closecC��rr r�r r r!rw�
�z<AsyncoreEchoServer.EchoServer.ConnectionHandler.handle_errorN)	r�r�r�r�r!rr%r"rwr r r r!r�
srcCs@||_t�tjtj�}t�|d�|_tj�	||�|�
d�dS)Nrr�)r�r�r�SOCK_STREAMrr�r�r�
dispatcherr�rrGr r r!r��
s
z&AsyncoreEchoServer.EchoServer.__init__cCs(tjrtj�d|�|�||j�dS)Nz$ server:  new connection from %s:%s
)rrsrqrtrurr�)r�Zsock_objr�r r r!�handle_accepted�
sz-AsyncoreEchoServer.EchoServer.handle_acceptedcCr&rr r�r r r!rw�
r'z*AsyncoreEchoServer.EchoServer.handle_errorN)	r�r�r�rrrr�r*rwr r r r!�
EchoServer�
s
3r+cCs8d|_d|_|�|�|_|jj|_tj�|�d|_dSr�)	rrr+r�r�r�r�r�r�)r�r�r r r!r��
s

zAsyncoreEchoServer.__init__cCsd|jj|jfS)Nz<%s %s>)�	__class__r�r�r�r r r!�__str__�
szAsyncoreEchoServer.__str__cCr	rr
r�r r r!r��
rzAsyncoreEchoServer.__enter__cGsVtjr	tj�d�|��tjrtj�d�|��tjr#tj�d�tjdd�dS)Nz cleanup: stopping server.
z! cleanup: joining server thread.
z cleanup: successfully joined.
T)Z
ignore_all)	rrsrqrtrur�rrZ	close_allrr r r!r��
szAsyncoreEchoServer.__exit__NcCrrrrr r r!r�
rzAsyncoreEchoServer.startcCsBd|_|jr|j��|jrzt�d�WnY|jsdSdS)NTr�)rrr�rZloopr�r r r!rs
�zAsyncoreEchoServer.runcCsd|_|j��dSr)rr�rFr�r r r!r�szAsyncoreEchoServer.stopr)
r�r�r�rr)r+r�r-r�r�rrr�r r r r!r�
sD

rr�FcCs�i}t||dd�}|��|jt��||d���}	|	�t|jf�|t|�t|�fD]C}
|r7tj	r7t
j�d|�|	�|
�|	�
�}|rMtj	rMt
j�d|�||��krktd|dd�t|�|dd���t|�f��q(|	�d	�|r|tj	r|t
j�d
�|�|	��|	��|	��|	��|	��|	j|	jd��|	��Wd�n1s�wY|j|d<|j|d
<Wd�|S1s�wY|S)zW
    Launch a server, connect a client to it and try various reads
    and writes.
    F�r�r�r�)r��session� client:  sending %r...
� client:  read %r
�4bad data <<%r>> (%d) received; expected <<%r>> (%d)
N��over
� client:  closing connection.
)�compressionr��peercert�client_alpn_protocolr5�session_reusedr/�server_alpn_protocols�server_shared_ciphers)r�r�r�r=r>r�r�r~rrsrqrtrurEr��AssertionErrorrYr�r6r�r�r�r5r9r/rFr�r�)r�r��indatar�r��sni_namer/rPr�r��arg�outdatar r r!�server_params_testsh�
��
����
�
	�
 
�#�#rAc
Cs|durtj}tjdtjdtjdi|}tjr.|rdpd}tj�|t�	|�t�	|�|f�t
��� t�|�}|j
|O_
t�|�}	|	j
|O_
Wd�n1sUwYt�|d�}
|
dur�t|	d�r�|tjkr�|	j|
kr�t
���|
|	_Wd�n1s�wY|jtjkr�|�d�t|	|�||	fD]}||_|�t�|�t�q�z
t||	d	d	d
�}Wn)tjy�|rÂYdSty�}
z|s�|
jtjkrւWYd}
~
dSd}
~
ww|s�t dt�	|�t�	|�f��|du�r||d
k�r
t d||d
f��dSdS)a<
    Try to SSL-connect using *client_protocol* to *server_protocol*.
    If *expect_success* is true, assert that the connection succeeds,
    if it's false, assert that the connection fails.
    Also, if *expect_success* is a string, assert that it is the protocol
    version actually used by the connection.
    Nr�r�r�z %s->%s %s
z
 {%s->%s} %s
rIr�F)r�r�z5Client protocol %s succeeded with server protocol %s!Tr5z%version mismatch: expected %r, got %r)!r	r�r�r�rrsrqrtruZget_protocol_namerr�rar3�PROTOCOL_TO_TLS_VERSIONr�rJrUrIrZrKrNr�r�r�r�r�rAr�rrA�
ECONNRESETr<)Zserver_protocolZclient_protocol�expect_successZ	certsreqs�server_options�client_optionsZcerttypeZ	formatstrr�r�Zmin_versionrMrPrer r r!�try_protocol_combo?s�	����


��


�



��������

��rGc@s~eZdZdd�Zdd�Zdd�Zdd�Ze�e	j
d	�d
d��Zdd
�Zdd�Z
dd�Zdd�Zed�dd��Zdd�Zdd�Zed�dd��Zdd�Zed �d!d"��Zed#�d$d%��Zed&�d'd(��Zed)�d*d+��Zd,d-�Zd.d/�Zd0d1�Zd2d3�Zd4d5�Zd6d7�Zd8d9�Z d:d;�Z!d<d=�Z"d>d?�Z#d@dA�Z$dBdC�Z%ed�dDdE��Z&ed)�ed#�e'dFdG����Z(ed&�e'dHdI���Z)ed)�ed#�e'dJdK����Z*ed �dLdM��Z+dNdO�Z,e�dPe	j-vdQ�dRdS��Z.dTdU�Z/e�e0e	dV�dW�dXdY��Z1e�2e3dZ�d[d\��Z4d]d^�Z5d_d`�Z6dadb�Z7dcdd�Z8dedf�Z9dgdh�Z:didj�Z;dkdl�Z<dmdn�Z=dodp�Z>dqdr�Z?dsdt�Z@dudv�ZAdwdx�ZBdydz�ZCd{d|�ZDd}S)~�
ThreadedTestsc	Cs�tjr	tj�d�t�\}}}|jtjtj	d��t
||dd|d�Wd�n1s,wYd|_|jtj	tjd��0|�tj
��}t
||dd|d�Wd�n1sXwY|�dt|j��Wd�n1spwY|jtj	tj	d��/|�tj
��}t
||ddd�Wd�n1s�wY|�dt|j��Wd�n1s�wY|jtjtjd��0|�tj
��}t
||ddd�Wd�n1s�wY|�dt|j��Wd�dS1s�wYdS)	z2Basic test of an SSL client connecting to a serverr�)r�r�T)r�r�r�r�r>NFz@Cannot create a client socket with a PROTOCOL_TLS_SERVER context)r�r�r�r�)rrsrqrtrur�r�r	rWrVrAr�r�r�r{rRr@)r�r�r�r�rer r r!�	test_echo�s`����������
���"�zThreadedTests.test_echoc

Cs�tjr	tj�d�t�\}}}t|dd�}|��|jt��d|d���}|�	t
|jf�|�t
��|��Wd�n1s?wY|��|��}|�|d�|��}tjrptj�t�|�d�tj�dt|�d�d|vr~|�d	t�|��d
|dvr�|�d�|�d|�|�d
|�t�|d�}t�|d
�}	|�||	�Wd�n1s�wYWd�dSWd�dS1s�wYdS)Nr�F�r�r�)ror��Can't get peer certificate.zConnection cipher is z.
r3z$No subject field in certificate: %s.r)zkMissing or invalid 'organizationName' field in certificate subject; should be 'Python Software Foundation'.r1r0)rrsrqrtrur�r�r�r�r=r>r�r�r�r�rmr	r�r�r�rRr�r{r	r�r)
r�r�r�r�r�r�rQr��beforeZafterr r r!�test_getpeercert�sP
�
������"�zThreadedTests.test_getpeercertc
Cstjr	tj�d�t�\}}}ttdd�}|�|j	tj
|B�t|dd�}|�3|jt
�
�|d��}|�t|jf�|��}|�|d�Wd�n1sNwYWd�n1s]wY|j	tjO_	t|dd�}|�@|jt
�
�|d��'}|�tjd��|�t|jf�Wd�n1s�wYWd�n1s�wYWd�n1s�wY|�t�t|dd�}|�<|jt
�
�|d��}|�t|jf�|��}|�|d�Wd�n1s�wYWd�dSWd�dS1�swYdS)	Nr�r�rTrJrkrKr�)rrsrqrtrur�rTr	r�r�r�r�r�r�r=r>r�r�r	r�r�r�r��CRLFILE)r�r�r�r�r�r�r�rQr r r!�test_crl_check�s^
����
�������

���$�zThreadedTests.test_crl_checkc
Cs�tjr	tj�d�t�\}}}t|dd�}|�3|jt��|d��}|�	t
|jf�|��}|�
|d�Wd�n1s>wYWd�n1sMwYt|dd�}|�@|jt��dd��'}|�tjd��|�	t
|jf�Wd�n1swYWd�n1s�wYWd�n1s�wYt|dd�}|�@t���#}|�td��
|�|�Wd�n1s�wYWd�n1s�wYWd�dSWd�dS1s�wYdS)	Nr�TrJrkrKriz:Hostname mismatch, certificate is not valid for 'invalid'.z'check_hostname requires server_hostname)rrsrqrtrur�r�r�r�r=r>r�r�r	r�r	rSr�)r�r�r�r�r�r�rQr r r!rWsX
����
�������	
�����"�z!ThreadedTests.test_check_hostnamez)test requires hostname_checks_common_namec
CsVt�\}}}|jsJ�d|_t|dd�}|�)|jt��|d��}|�t|jf�Wd�n1s3wYWd�n1sBwYtt�\}}}d|_t|dd�}|�H|jt��|d��&}|�	t
j��|�t|jf�Wd�n1s}wYWd�n1s�wYWd�dSWd�dS1s�wYdS)NFTrJrk)r�r�r�r�r�r=r>r�r�r�r	�SSLCertVerificationErrorr�r r r!r�(s:

����
�����"�z.ThreadedTests.test_hostname_checks_common_namec	Cs�t�tj�}|�t�|�d�t}t�tj�}|�t	�t
|dd�}|�O|jt��|d��-}|�
t|jf�|��}|�|d�|��d�d�}|�|dd�d	�Wd�n1s_wYWd�dSWd�dS1swwYdS�
NzECDHE:ECDSA:!NULL:!aRSATrJrkrKr�-r�)ZECDHEZECDSA)r	rarWr�r�rK�SIGNED_CERTFILE_ECC_HOSTNAMErVr��SIGNED_CERTFILE_ECCr�r�r�r=r>r�r�r	r��split�r�r�r�r�r�r�rQr�r r r!�
test_ecc_cert@s*



���"�zThreadedTests.test_ecc_certc	Cst�tj�}|�t�tjj|_|�d�t	}t�tj
�}|�t�|�t
�t|dd�}|�O|jt��|d��-}|�t|jf�|��}|�|d�|��d�d�}|�|dd�d	�Wd�n1siwYWd�dSWd�dS1s�wYdSrQ)r	rarWr�r�r
r`r]rKrSrVr�rTr�r�r�r�r=r>r�r�r	r�rUrVr r r!�test_dual_rsa_eccUs.





���"�zThreadedTests.test_dual_rsa_eccc	
Cs�tjr	tj�d�t�tj�}|�t	�t�tj
�}tj|_d|_
|�t�gd�}|D]U\}}t|dd�}|�A|jt��|d��(}|�|j|�|�t|jf�|��}|�|j|�|�|d�Wd�n1smwYWd�n1s|wYq,t|dd�}|�H|jt��dd��&}|�tj��|�t|jf�Wd�n1s�wYWd�n1s�wYWd�dSWd�dS1s�wYdS)Nr�T))ukönig.idn.pythontest.net�xn--knig-5qa.idn.pythontest.net)rYrY)sxn--knig-5qa.idn.pythontest.netrY)u(königsgäßchen.idna2003.pythontest.net�.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)rZrZ)s.xn--knigsgsschen-lcb0w.idna2003.pythontest.netrZ)�.xn--knigsgchen-b4a3dun.idna2008.pythontest.netr[)s.xn--knigsgchen-b4a3dun.idna2008.pythontest.netr[rJrkrKzpython.example.org)rrsrqrtrur	rarVr��IDNSANSFILErWr�r�r�r�r�r�r�r�r�r�r=r>r�r�r	r�rS)	r�r�r�Z
idn_hostnamesr�Zexpected_hostnamer�r�rQr r r!�test_check_hostname_idnosN


�����

�����"�z%ThreadedTests.test_check_hostname_idncCsDt�\}}}|�t�tj|_tjj|_t	|ddd�}|�{|j
t��|d��Y}z
|�t
|jf�WnAtjyP}ztjrFtj�d|�WYd}~n-d}~wtys}z|jtjkr^�tjritj�d|�WYd}~n
d}~ww|�d�Wd�n1s�wYWd�dSWd�dS1s�wYdS)z�Connecting when the server rejects the client's certificate

        Launch a server with CERT_REQUIRED, and check that trying to
        connect to it with a wrong client certificate fails.
        Tr.rk�
SSLError is %r
N�
socket.error is %r
�'Use of invalid cert should have failed!)r�r�r�r	r�r�r
r`r]r�r�r�r=r>r�r�rrsrqrtrurrArCr��r�r�r�r�r�r�rer r r!�test_wrong_cert_tls12�s:

�
�����
�P�z#ThreadedTests.test_wrong_cert_tls12r�cCsxt�\}}}|�t�tj|_tjj|_tjj|_t	|ddd�}|��|j
t��|dd��m}|�t
|jf�z|�d�|�d�|�d�|�d�WnAtjyj}ztjr`tj�d|�WYd}~n-d}~wty�}z|jtjkrx�tjr�tj�d	|�WYd}~n
d}~ww|�d
�Wd�n1s�wYWd�dSWd�dS1s�wYdS)NTr.F�r��suppress_ragged_eofs�datar�sshould have failed alreadyr^r_r`)r�r�r�r	r�r�r
r�rIr�r�r�r=r>r�rurEr�rrsrqrtrrArCr�rar r r!�test_wrong_cert_tls13�sF


�
��


���
�P�z#ThreadedTests.test_wrong_cert_tls13cszt���t���t���t��t�����fdd�}����fdd�}tj|d�}|��z
|�W|��dS|��w)ztA brutal shutdown of an SSL server should raise an OSError
        in the client when attempting handshake.
        cs8���������\}}|��������dSr)rr�r3rF)Znewsockr�)�
listener_gone�listener_readyr�r r!�listener�sz2ThreadedTests.test_rude_shutdown.<locals>.listenerc	s����t���1}|�t�f����zt|�}Wn	ty#Ynw��d�Wd�dSWd�dS1s<wYdS)Nz2connecting to closed SSL socket should have failed)r
r�r=r>r�rr�)rsr�)rgrhr�r�r r!�	connector
s
��"�z3ThreadedTests.test_rude_shutdown.<locals>.connector��targetN)	r�rr�rr�r>r�rr)r�rirjrr )rgrhr�r�r�r!�test_rude_shutdown�sz ThreadedTests.test_rude_shutdowncCs6tjr	tj�d�t�tj�}|�t	�t�tj
�}t|dd�}|�o|jt
�
�td��M}z
|�t|jf�Wn:tjyq}z-d}|�|tj�|�|jd�|�|j|�|�|t|��|�dt|��WYd}~nd}~wwWd�n1s|wYWd�dSWd�dS1s�wYdS)Nr�TrJrkz&unable to get local issuer certificater3r�)rrsrqrtrur	rarVr�r�rWr�r�r�r�r=r>r�r�rrPr�Zverify_codeZverify_messager{ry)r�r�r�r�r�rer�r r r!�test_ssl_cert_verify_error
s6

������"�z(ThreadedTests.test_ssl_cert_verify_errorr\cCs�tjr	tj�d�ttjtjd�ttjtjdtj�ttjtjdtj	�ttjtj
d�td�r9ttjtjd�ttjtj
d�ttjtj
dtjd�ttjtj
dtjd�dS)z9Connecting to an SSLv2 server with various client optionsr�TFr�rFN)rrsrqrtrurGr	�PROTOCOL_SSLv2r�r�rUrX�PROTOCOL_SSLv3rr�r�r�r r r!�test_protocol_sslv2.
s�
�z!ThreadedTests.test_protocol_sslv2c
Cs�tjr	tj�d�td�r7z
ttjtj	d�Wnt
y6}ztjr,tj�dt|��WYd}~nd}~wwtd�rCttjtjd�ttjtjd�td�rWttjtj
d�td�rettjtjdtj�ttjtjdtj�td�r}ttjtj
dtj�td�r�ttjtjdtj�ttjtjdtj�td�r�ttjtj
dtj�td�r�ttjtjdtjd	�ttjtjdtjtjBd	�td�r�ttjtj
dtjd	�dSdS)
z:Connecting to an SSLv23 server with various client optionsr�r\Tz; SSL2 client to SSL23 server test unexpectedly failed:
 %s
NrFr)rE)rrsrqrtrurXrGr	rUrprrRrqrr�r�r�r�r�)r�r�r r r!�test_PROTOCOL_TLS@
sR�����
�
��zThreadedTests.test_PROTOCOL_TLSrcCs�tjr	tj�d�ttjtjd�ttjtjdtj�ttjtjdtj	�t
d�r1ttjtjd�ttjtjdtj
d�ttjtjd�dS)z9Connecting to an SSLv3 server with various client optionsr�rr\FroN)rrsrqrtrurGr	rqr�r�rXrprUr�rr�r r r!�test_protocol_sslv3j
s�z!ThreadedTests.test_protocol_sslv3rcCs�tjr	tj�d�ttjtjd�ttjtjdtj�ttjtjdtj	�t
d�r1ttjtjd�t
d�r=ttjtjd�ttjtj
dtjd�dS)z8Connecting to a TLSv1 server with various client optionsr�rr\FrroN)rrsrqrtrurGr	rr�r�rXrprqrUr�r�r r r!�test_protocol_tlsv1x
s
�z!ThreadedTests.test_protocol_tlsv1rcCs�tjr	tj�d�ttjtjd�td�rttjtj	d�td�r)ttjtj
d�ttjtjdtjd�ttjtjd�ttjtj
d�ttj
tjd�dS)zjConnecting to a TLSv1.1 server with various client options.
           Testing against older TLS versions.r��TLSv1.1r\FrroN)rrsrqrtrurGr	rrXrprqrUr�r0r�r r r!�test_protocol_tlsv1_1�
s�z#ThreadedTests.test_protocol_tlsv1_1r`cCs�tjr	tj�d�ttjtjdtjtj	Btjtj	Bd�t
d�r(ttjtjd�t
d�r4ttjtjd�ttjtj
dtjd�ttj
tjd�ttj�r\ttjtjd�ttjtjd�ttj�rsttjtjd�ttjtjd�dSdS)	zjConnecting to a TLSv1.2 server with various client options.
           Testing against older TLS versions.r��TLSv1.2)rErFr\FrroN)rrsrqrtrurGr	r0r�r�rXrprqrUr�r[rrr�r r r!�test_protocol_tlsv1_2�
s*

��

�z#ThreadedTests.test_protocol_tlsv1_2c	Cs�d}ttdddd�}d}|��t��}|�d�|�t|jf�tjr)t	j
�d�|D]j}tjr8t	j
�d|�|rD|�|�|��}n
|�
|�|�d�}|����}|dkro|�d	�rotjrht	j
�d
|�t|�}d}q+|dkr�|�d	�r�tjr�t	j
�d|�|��}d}q+tjr�t	j
�d
|�q+tjr�t	j
�d�|r�|�d�n|�
d�|r�|��n|��Wd�dSWd�dS1s�wYdS)z6Switching from clear text to encrypted and back again.)smsg 1sMSG 2r�sMSG 3smsg 4r�smsg 5smsg 6T)r�r�r�Fr�r0r�r�sokz/ client:  read %r from server, starting TLS...
r�z- client:  read %r from server, ending TLS...
z client:  read %r from server
r5r4N)r�r�r�rkr=r>r�rrsrqrtrurEr!rr�r�rSr�r�rF)	r�Zmsgsr��wrappedr�r=r r@r�r r r!�
test_starttls�
st�
�



������


�,"�zThreadedTests.test_starttlscCs�t|td�}tjrtj�d�ttd��}|�	�}Wd�n1s#wYd}d|j
tj�
t�df}tjtd�}tjj||d	�}z+|���d
�}|rkt|�dkrk|�	t|��}tjrktj�dt|�|f�W|��n|��w|�||�dS)
z8Using socketserver to create and manage SSL connections.r;r��rbNrzhttps://localhost:%d/%sr��r�r�zcontent-lengthrz/ client: read %d bytes from remote server '%s'
)r�r�rrsrqrtrurDr�rEr�rrrUr	rSr��urllib�request�urlopen�infor�rrYrFr�)r�r�rGr�r��urlr�Zdlenr r r!�test_socketserver�
s2
��
���zThreadedTests.test_socketserverc	Cs&tjr	tj�d�d}tt�}|�xtt���}|�	d|j
f�tjr+tj�d|�|�|�|��}tjr?tj�d|�||��kr^|�
d|dd�t|�|dd���t|�f�|�d	�tjrltj�d
�|��tjr�tj�d�Wd�dSWd�dS1s�wYdS)z'Check the example asyncore integration.r�r�r�r0r1r2Nr3r4r5z client:  connection closed.
)rrsrqrtrurr�r�r�r=r�rEr�r�rYrF)r�r=r�r�r@r r r!�test_asyncore_servers@�
���
�"�z"ThreadedTests.test_asyncore_servercs�tjr	tj�d�tttjtj	tddd�}|���t
t��dtttjd����t
|jf��fdd�}�fdd	�}d
�jdgtfd�jddgtfd
�jdgdd�fg}d�jdgfd�jddgfd|dgfd|dgfg}d}|D]x\}}}	}
}||�d�}z<||g|
�R�}
d�|�}|j|
||�|d����}||��kr�|�dj||dd�t|�|dd�t|�d��Wqpty�}z"|	r�|�dj|d��t|��|�s�|�dj||d��WYd}~qpd}~ww|D]m\}}}	}
||�d�}z+��|�||
�}||��k�r"|�d j||dd�t|�|dd�t|�d��Wq�t�yX}z(|	�r8|�d!j|d��t|��|��sJ|�dj||d�����WYd}~q�d}~wwd"}��|�tt|��}|���d#|�t|��|�||�tdu�r�tj t|�}|�!|�}��|�|����|�|�"t#�j$�|�"t#�j%d"g�|�"t#�j&d$�|�"t#�j'td$�g���d%�|�"t�jd#�|�"t�jd#���(�Wd�dS1�s�wYdS)&z Test recv(), send() and friends.r�TF�rrrr�r��r�r�r�r�cstd�}��|�}|d|�S�Nsd)r�r)�br��r�r r!�
_recv_into4s
z0ThreadedTests.test_recv_send.<locals>._recv_intocs"td�}��|�\}}|d|�Sr�)r�r )r�r�r�r�r r!�_recvfrom_into9sz4ThreadedTests.test_recv_send.<locals>._recvfrom_intor!r"zsome.addressr�cSrOrr )r�r r r!�<lambda>Bsz.ThreadedTests.test_recv_send.<locals>.<lambda>rrrr ZPREFIX_rVzsending with {}�r�zpWhile sending with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d})
Nr3)rr@Znoutr=Zninz>Failed to send with method <<{name:s}>>; expected to succeed.
rzFMethod <<{name:s}>> failed with unexpected exception message: {exp:s}
)r�expzrWhile receiving with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d})
zAFailed to receive with method <<{name:s}>>; expected to succeed.
rer�rr4))rrsrqrtrur�r�r	r�rVr�r�r=r>r�r!rYr"r�rrrf�formatr�rEr�r�r�rRrSr��ctypesZc_ubyteZfrom_buffer_copyr�r#r$r%r&r'rF)r�r�r�r�Zsend_methodsZrecv_methodsZdata_prefixZ	meth_nameZ	send_methrDreZret_val_methr=r�r�r@reZ	recv_methr��bufferZubyteZ	bytesliker r�r!�test_recv_send!s����

��
���	������
���	������



�

$�zThreadedTests.test_recv_sendcCs�tt�}|��|�|jdd�t�t|jf�}|�|j	�t
|dd�}|�|j	�|�d�|�|�
d�d�|�|�d�d�|�|��d�|�d�|�|�
d�d�|�|�t��d�dS)NF)rdrerr�)r�r�r�rEr�r�rjr>r�rFr�r!r�rrErkrr�)r�r�r�r r r!�test_recv_zero�s

zThreadedTests.test_recv_zerocs�tttjtjtddd�}|�@tt��dtttjd����t|j	f���
d�td����fdd�}|�tj
tjf|���
d����Wd�dS1sQwYdS)NTFr�r�i cs	����qr)r!r �r�r�r r!�fill_buffer�s
�z8ThreadedTests.test_nonblocking_send.<locals>.fill_buffer)r�r�r	r�rVr�r�r=r>r�rkr�r�r�rlrF)r�r�r�r r�r!�test_nonblocking_send�s4��
��

"�z#ThreadedTests.test_nonblocking_sendcst�tj��d}t���}t���d����fdd�}tj|d�}|�����zYz t�tj�}|�	d�|�
||f�|�tdt
|�W|��n|��wz t�tj�}t
|�}|�	d�|�td|j
||f�W|��n|��wWd�|�����dSd�|�����w)	Nr�Fcsd������g}�s't��gggd�\}}}�|vr%|����d��r|D]}|��q)dS)Nr�r)rr�r�r�r3rF)Zconnsr��wrer��Zfinishr��startedr r!�serve�s�
�z3ThreadedTests.test_handshake_timeout.<locals>.serverkr�z	timed outT)r�rrr�r�rr�rr
r+r=r�rr�rFr)r�rdr�r�rrsr r�r!�test_handshake_timeout�s@


�

��
z$ThreadedTests.test_handshake_timeoutc
s�t�\}}}t�tj��d}t���}|j�dd��|��j�t�	��d�d�����fdd�}tj
|d�}|�����|jt��|d�}|�
||f�|�d�|��|��}	|��|��������|��tj�|��|	�dS)	Nr�Tr9cs0���������\������d��dS)Nr�)rr�r3r!rr �ZevtZpeerZremoter�r r!r�sz/ThreadedTests.test_server_accept.<locals>.serverkrkre)r�r�rrr�r�r	r�r�rr�rr
r=r!rrqrFrrr	r�r�)
r�r�r�r�rdr�r�rr�Zclient_addrr r�r!�test_server_accepts4
�
z ThreadedTests.test_server_acceptc	C�t�tj�}d|_|�t����+}|�t��}|��Wd�n1s%wY|�	|j
jtj�Wd�dS1s>wYdSr)
r	rarWr�r�r�r�rr�r�r@rA�ENOTCONN�r�r�r�r6r r r!�test_getpeercert_enotconn3�
�"�z'ThreadedTests.test_getpeercert_enotconnc	Cr�r)
r	rarWr�r�r�r�rrmr�r@rAr�r�r r r!�test_do_handshake_enotconn;r�z(ThreadedTests.test_do_handshake_enotconnc
Cs�t�\}}}tjj|_|�d�|�d�t|d��>}|jt��|d��%}|�	t
��|�t|j
f�Wd�n1s=wYWd�n1sLwYWd�n1s[wY|�d|jd�dS)NZAES128�AES256r�rkzno shared cipherr)r�r	r
r`r]rKr�r�r�r�rr=r>r�r{r�r�r r r!�test_no_shared_ciphersCs"



������z$ThreadedTests.test_no_shared_ciphersc	Cs�t�tj�}d|_tj|_tttjdd��N}|�	t
�
���'}|�|��d�|�|j
d�|�t|jf�|�|��d�Wd�n1sGwY|�|j
d�|�|��d�Wd�dS1sfwYdS)zt
        Basic tests for SSLSocket.version().
        More tests are done in the test_protocol_*() methods.
        F)rr�N�TLSv1.3)r	rarWr�r�r�r�r�rVr�r�r�r5r�r=r>r�r�)r�r�r�r�r r r!�test_version_basicQs"��"�z ThreadedTests.test_version_basicc	Cs�t�\}}}tjj|_t|d��F}|jt��|d��$}|�t	|j
f�|�|��dhd��|�
|��d�Wd�n1sAwYWd�dSWd�dS1sYwYdS)Nr�rkr>ZTLS_AES_128_GCM_SHA256ZTLS_CHACHA20_POLY1305_SHA256ZTLS_AES_256_GCM_SHA384r�)r�r	r
r�rIr�r�r�r=r>r�r{r�r�r5r�r r r!�test_tls1_3ds

���"�zThreadedTests.test_tls1_3c	Cs�t�\}}}tjj|_tjj|_tjj|_tjj|_t|d��:}|jt	�	�|d��}|�
t|jf�|�
|��d�Wd�n1sDwYWd�dSWd�dS1s\wYdS)Nr�rkrx)r�r	r
rrIr`r]r�r�r�r=r>r�r�r5r�r r r!�test_min_max_version_tlsv1_2ss 




���"�z*ThreadedTests.test_min_max_version_tlsv1_2c	Cs�t�\}}}tjj|_tjj|_tjj|_tjj|_t||�t	|d��:}|j
t��|d��}|�t
|jf�|�|��d�Wd�n1sIwYWd�dSWd�dS1sawYdS)Nr�rkrv)r�r	r
rrIr`r]rrNr�r�r�r=r>r�r�r5r�r r r!�test_min_max_version_tlsv1_1�s"





���"�z*ThreadedTests.test_min_max_version_tlsv1_1c
Cs�t�\}}}tjj|_tjj|_tjj|_tjj|_t||�t|d��Q}|j	t
�
�|d��/}|�tj��}|�
t|jf�Wd�n1sHwY|�dt|j��Wd�n1s`wYWd�dSWd�dS1sxwYdS)Nr�rkZalert)r�r	r
r`r]rIrrNr�r�r�r�r�r=r>r�r{rRr@rar r r!�test_min_max_version_mismatch�s&





����"�z+ThreadedTests.test_min_max_version_mismatchc	Cs�t�\}}}tjj|_tjj|_tjj|_t||�t|d��:}|jt	�	�|d��}|�
t|jf�|�
|��d�Wd�n1sDwYWd�dSWd�dS1s\wYdS)Nr�rkr)r�r	r
rrIr]rNr�r�r�r=r>r�r�r5r�r r r!�test_min_max_version_sslv3�s 




���"�z(ThreadedTests.test_min_max_version_sslv3c	Cs�t�\}}}tjj|_t|d��<}|jt��|d��}|�t	|j
f�|�d|��d�Wd�n1s7wYWd�dSWd�dS1sOwYdS)Nr�rkZECDHr)
r�r	r
r`r]r�r�r�r=r>r�r{r�r�r r r!�test_default_ecdh_curve�s

���"�z%ThreadedTests.test_default_ecdh_curverurvc		Cstjr	tj�d�t�\}}}t|ddd�}|��|jt��|d��S}|�	t
|jf�|�d�}tjr<tj�d�
|��|�|�|��dkrP|�t|�d	�n|�t|�d
�|�d�|����}|�|t|��d��Wd
�n1sxwY|jt��|d��Y}|�	t
|jf�|�d�}tjr�tj�d�
|��|�||�|�|�|��dkr�|�t|�d	�n|�t|�d
�|�d�|����}|�|t|��d��Wd
�n1s�wYWd
�d
SWd
�d
S1s�wYd
S)z Test tls-unique channel binding.r�TFr.rkruz! got channel binding data: {0!r}
r��0�sCB tls-unique
r�Nz(got another channel binding data: {0!r}
)rrsrqrtrur�r�r�r�r=r>r�rrr�r�r5r�rYrEr�ryrf�assertNotEqual)	r�r�r�r�r�r�Zcb_dataZpeer_data_reprZnew_cb_datar r r!rx�sp��
�

���
��

���"�z-ThreadedTests.test_tls_unique_channel_bindingcCsRt�\}}}t||dd|d�}tjrtj�d�|d��|�|dhd��dS)NT�r�r�r>z got compression: {!r}
r6>NZRLEZZLIB)	r�rArrsrqrtrur�r{�r�r�r�r�rPr r r!�test_compressions�zThreadedTests.test_compressionr>z*ssl.OP_NO_COMPRESSION needed for this testcCsRt�\}}}|jtjO_|jtjO_t||dd|d�}|�|dd�dS)NTr�r6)r�r3r	r>rAr�r�r r r!�test_compression_disabled
s�z'ThreadedTests.test_compression_disabledr-cCs�t�\}}}tjj|_|�t�|�d�tjj|_t||dd|d�}|dd}|�	d�}d|vrEd|vrGd	|vrI|�
d
|d�dSdSdSdS)NZkEDHTr�r�rrRZADHZEDHZDHEzNon-DH cipher: )r�r	r
r`r]r/r0rKrArUr�)r�r�r�r�rPr��partsr r r!�test_dh_paramss



�
�zThreadedTests.test_dh_paramscCs�t�\}}}|�d�|�d�tjj|_t||dd|d�}t�\}}}|�d�|�d�tjj|_t||dd|d�}t�\}}}|�d�|�d�|�d�tjj|_|�tj	��t||dd|d�Wd�dS1sqwYdS)NZ	secp384r1zECDHE:!eNULL:!aNULLTr�r9)
r�r<rKr	r
r`rIrAr�r�r�r r r!�test_ecdh_curve)s6


�


�



�"�zThreadedTests.test_ecdh_curvecCs2t�\}}}t||dd|d�}|�|dd�dS)NTr�r8)r�rAr�r�r r r!�test_selected_alpn_protocolHs�z)ThreadedTests.test_selected_alpn_protocolcCs@t�\}}}|�ddg�t||dd|d�}|�|dd�dS)Nr:�barTr�r8)r�rrAr�r�r r r!�/test_selected_alpn_protocol_if_server_uses_alpnPs�z=ThreadedTests.test_selected_alpn_protocol_if_server_uses_alpnc
Csgd�}ddgdfddgdfdgdfddgdfg}|D]j\}}t�\}}}|�|�|�|�zt||dd|d�}WntjyO}	z|	}WYd}	~	nd}	~	wwd	t|�t|�t|�f}
|d
}|�|||
|df�t|d�rx|dd
nd}|�|||
|df�qdS)N)r:r��	milkshaker:r�r�zhttp/3.0zhttp/4.0Tr�zKfailed trying %s (s) and %s (c).
was expecting %s, but got %%s from the %%sr8r�r:r�Znothingr�)r�rrAr	r�rRr�rY)
r�Zserver_protocolsZprotocol_testsZclient_protocolsr�r�r�r�rPrer�Z
client_resultZ
server_resultr r r!�test_alpn_protocolsYsL


�


�����
�
��
��z!ThreadedTests.test_alpn_protocolscCstjrJ�dSr)r	ZHAS_NPNr�r r r!�test_npn_protocols{r�z ThreadedTests.test_npn_protocolscCsLt�tj�}|�t�t�tj�}|�t�t�tj�}|�t�|||fSr)	r	rarVr�r�r�rWr�r�)r�r��
other_contextr�r r r!�sni_contexts~s



zThreadedTests.sni_contextscCs"|d}|�d|ff|d�dS)Nr7r+r3)r{)r�rPrrQr r r!�check_common_name�szThreadedTests.check_common_namecs�g�|��\}�}d|_��fdd�}|�|�t||ddd�}|��d|fg�|�|d�g�t||ddd�}|��d|fg�|�|t�g�|�d�t||ddd�}|�|t�|��g�dS)	NFcs$��||f�|dur�|_dSdSr)r�r�r��Zcallsr�r r!r��s
�z6ThreadedTests.test_sni_callback.<locals>.servername_cbT�supermessage�r�r>r:Znotfunny)r�r�rArAr�r�r�)r�r�r�r�rPr r�r!rB�s4
��
�zThreadedTests.test_sni_callbackcCsp|��\}}}dd�}|�|�|�tj��}t||ddd�}Wd�n1s)wY|�|jjd�dS)NcSstjSr)r	ZALERT_DESCRIPTION_ACCESS_DENIEDr�r r r!�cb_returning_alert�szAThreadedTests.test_sni_callback_alert.<locals>.cb_returning_alertFr�r�ZTLSV1_ALERT_ACCESS_DENIED)	r�rAr�r	r�rAr�r@rh)r�r�r�r�r�r6rPr r r!�test_sni_callback_alert�s
��z%ThreadedTests.test_sni_callback_alertc	C�|��\}}}dd�}|�|�t���7}|�tj��}t||ddd�}Wd�n1s.wY|�|j	j
d�|�|jjt
�Wd�dS1sNwYdS)NcSsdddS)Nr�rr r�r r r!�
cb_raising�r�z;ThreadedTests.test_sni_callback_raising.<locals>.cb_raisingFr�r�ZSSLV3_ALERT_HANDSHAKE_FAILURE)r�rAr�catch_unraisable_exceptionr�r	r�rAr�r@rh�
unraisable�exc_type�ZeroDivisionError)r�r�r�r�r��catchr6rPr r r!�test_sni_callback_raising�s

��
�"�z'ThreadedTests.test_sni_callback_raisingc	Cr�)NcSr	)Nr:r r�r r r!�cb_wrong_return_type�rPzOThreadedTests.test_sni_callback_wrong_return_type.<locals>.cb_wrong_return_typeFr�r�ZTLSV1_ALERT_INTERNAL_ERROR)r�rArr�r�r	r�rAr�r@rhr�r�r�)r�r�r�r�r�r�r6rPr r r!�#test_sni_callback_wrong_return_type�s

��"�z1ThreadedTests.test_sni_callback_wrong_return_typec	s�t�\}}}|�d�|�d�gd�}t|||d�}|dd}|�t|�d�|D]\�}}t�fdd�|D��s@|���q+dS)	Nz
AES128:AES256zAES256:eNULL)r�zAES-256ZTLS_CHACHA20ZTLS_AES�r>r;rc3s�|]}|�vVqdSrr )r�Zalgrr r!r��r�z4ThreadedTests.test_shared_ciphers.<locals>.<genexpr>)r�rKrA�
assertGreaterrY�anyr�)	r�r�r�r�Z
expected_algsrPr�Ztls_version�bitsr rr!�test_shared_ciphers�s

�
��z!ThreadedTests.test_shared_cipherscCs�t�\}}}t|dd�}|�.|jt��|d�}|�t|jf�|��|�t	|j
d�|�t	|jd�Wd�dS1s?wYdS)NFrJrkr�shello)r�r�r�r�r=r>r�rFr�r�rErur�r r r!�,test_read_write_after_close_raises_valuerror�s
�"�z:ThreadedTests.test_read_write_after_close_raises_valuerrorc	
Cs&d}ttjd��
}|�|�Wd�n1swY|�tjtj�t�\}}}t|dd�}|�V|jt	�	�|d��4}|�
t|jf�ttjd��}|�
|�|�|�d�|�Wd�n1sewYWd�n1stwYWd�dSWd�dS1s�wYdS)Nsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx�wbFrJrkr|r�)rDr�TESTFNrurE�unlinkr�r�r�r�r=r>r��sendfiler�r)	r�Z	TEST_DATArGr�r�r�r�r��filer r r!�
test_sendfiles,�
�
����"�zThreadedTests.test_sendfilec
Cs0t�\}}}tjj|_t|||d�}|d}|�|j�|�|j	d�|�|j
d�|�|j�|�|jd�|�
|d�|��}|�|dd�|�|dd�t||||d�}|��}|�|dd	�|�|dd�|�|d�|d}|�|j|j�|�||�|�||�|�|j	|j	�|�|j
|j
�t|||d�}|�
|d�|d}|�|j|j�|�||�|��}|�|dd
�|�|dd�t||||d�}|�|d�|d}	|�|	j|j�|�|	|�|�|	j	|j	�|�|	j
|j
�|��}|�|dd�|�|dd	�dS)Nr�r/rr9r3r�r4)r/r>r�rr�)r�r	r
r`r]rAr	�idr�ryr-Z
has_ticketZticket_lifetime_hintr�r6r�ZassertIsNotrr�)
r�r�r�r�rPr/Z	sess_statZsession2Zsession3Zsession4r r r!�test_sessionsd
����zThreadedTests.test_sessionc

Cs�t�\}}}t�\}}}tjj|_tjj|_t|dd�}|��*|jt��|d��G}|�|j	d�|�|j
d�|�t|j
f�|j	}|�|�|�t��}	t|_	Wd�n1s[wY|�t|	j�d�Wd�n1sswY|jt��|d��1}|�t|j
f�|�t��}	||_	Wd�n1s�wY|�t|	j�d�Wd�n1s�wY|jt��|d��*}||_	|�t|j
f�|�|j	j|j�|�|j	|�|�|j
d�Wd�n1s�wY|jt��|d��2}|�t��}	||_	|�t|j
f�Wd�n	1�swY|�t|	j�d�Wd�n1�s4wYWd�dSWd�dS1�sMwYdS)NFrJrkzValue is not a SSLSession.z#Cannot set session after handshake.Tz)Session refers to a different SSLContext.)r�r	r
r`r]r�r�r�r�r/r9r=r>r�r	r�r�r+rRr@r�r�)
r�r�r�r�Zclient_context2r�r�r�r/rer r r!�test_session_handlingLsr


�
��
����
	��

��� �� $�z#ThreadedTests.test_session_handlingN)Er�r�r�rIrMrOrWrdr�r	r�r�rWrXr]rbrmrfrmrnrrrsrtrurwryr{r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rxr�rJr�rbrcr�r�r�r�r�r�r�r�rBr�r�r�r�r�r�r�r�r r r r!rH�s�,$(!�
8%
!)
*



9	1(


�
:	�

	
	"	(

9rHr�zTest needs TLS 1.3c@sdeZdZdd�Zdd�Zdd�Zdd�Zd	d
�Zdd�Zd
d�Z	dd�Z
dd�Zdd�Zdd�Z
dS)�TestPostHandshakeAuthcCs�tjtjg}|D]S}t�|�}|�|jd�d|_|�|jd�tj|_|�|jtj�|�|jd�d|_|�|jtj�|�|jd�tj|_d|_|�|jtj�|�|jd�qdSr�)	r	rVrWrar��post_handshake_authr�r�r�)r�r5rZrMr r r!�test_pha_setter�s$�
�z%TestPostHandshakeAuth.test_pha_setterc	CsHt�\}}}d|_tj|_d|_|�t�t|dd�}|�}|jt	�	�|d��[}|�
t|jf�|�
d�|�|�d�d�|�
d�|�|�d�d	�|�
d�|�|�d�d
�|�
d�|�|�d�d	�|�
d�|�d��d
�}|�d|�Wd�n1s�wYWd�dSWd�dS1s�wYdS)NTFrJrkr�r�r�r�r�r�r�ir�r6)r�r�r	r�r�r�r�r�r�r�r=r>r�rur�rrgr{)r�r�r�r�r�r�Z	cert_textr r r!�test_pha_required�s6

�




��"�z'TestPostHandshakeAuth.test_pha_requiredc
Cs t�\}}}d|_tj|_d|_dd�}||_||_t|dd�}|�d|jt��|dd��A}|�	t
|jf�|�d�|�
tjd��|�d	�}|�|d
�|�d�|�d	�Wd�n1sbwYWd�n1sqwYWd�dSWd�dS1s�wYdS)NTcSs@tjr|tjkr||||||f}tj�d|�d��dSdSdS)NzTLS: r�)rrsrZALERTrqrtru)r �	directionr5�content_type�msg_typer�r�r r r!�msg_cb�s�z>TestPostHandshakeAuth.test_pha_required_nocert.<locals>.msg_cbrJFrcr�z#(certificate required|EOF occurred)r�r�r�)r�r�r	r�r��
_msg_callbackr�r�r�r=r>r�rur�r�rr�)r�r�r�r�r�r�r�r�r r r!�test_pha_required_nocert�s<
�
�

����"�z.TestPostHandshakeAuth.test_pha_required_nocertc	Cs tjr	tj�d�t�\}}}d|_tj|_	d|_|�
t�tj|_	t
|dd�}|�\|jt��|d��:}|�t|jf�|�d�|�|�d�d�|�d	�|�|�d�d
�|�d�|�|�d�d�Wd�n1sqwYWd�dSWd�dS1s�wYdS)Nr�TFrJrkr�r�r�r�r�r�)rrsrqrtrur�r�r	r�r�r�r�r�r�r�r�r=r>r�r�rr�r r r!�test_pha_optional�s2

�


��"�z'TestPostHandshakeAuth.test_pha_optionalc	Cstjr	tj�d�t�\}}}d|_tj|_	d|_t
|dd�}|�\|jt��|d��:}|�
t|jf�|�d�|�|�d�d�|�d	�|�|�d�d
�|�d�|�|�d�d�Wd�n1shwYWd�dSWd�dS1s�wYdS)Nr�TFrJrkr�r�r�r�r�)rrsrqrtrur�r�r	r�r�r�r�r�r=r>r�r�rr�r r r!�test_pha_optional_nocert�s.
�


��"�z.TestPostHandshakeAuth.test_pha_optional_nocertc
Cs�t�\}}}d|_tj|_|�t�t|dd�}|�[|jt	�	�|d��9}|�
t|jf�|�
tjd��|��Wd�n1sCwY|�d�|�d|�d��Wd�n1s`wYWd�dSWd�dS1sxwYdS)	NTFrJrkz
not serverr�sextension not receivedr�)r�r�r	r�r�r�r�r�r�r�r=r>r�r�r�r�rur{rr�r r r!�test_pha_no_pha_clients(

�
�
��"�z,TestPostHandshakeAuth.test_pha_no_pha_clientc	Cst�\}}}tj|_d|_|�t�t|dd�}|�\|jt	�	�|d��:}|�
t|jf�|�
d�|�|�d�d�|�
d�|�|�d�d	�|�
d�|�|�d�d�Wd�n1sawYWd�dSWd�dS1sywYdS)
NTFrJrkr�r�r�r�r�)r�r	r�r�r�r�r�r�r�r�r=r>r�rur�rr�r r r!�test_pha_no_pha_servers*

�


��"�z,TestPostHandshakeAuth.test_pha_no_pha_serverc	Cs�t�\}}}tj|_tjj|_d|_|�t	�t
|dd�}|�@|jt��|d��}|�
t|jf�|�d�|�d|�d��Wd�n1sJwYWd�dSWd�dS1sbwYdS)NTFrJrkr�sWRONG_SSL_VERSIONr�)r�r	r�r�r
r`r]r�r�r�r�r�r�r=r>r�rur{rr�r r r!�test_pha_not_tls13)s$


�
��"�z(TestPostHandshakeAuth.test_pha_not_tls13c	CsHt}t�tj�}d|_|�t�d|_tj|_	t�tj
�}|�t�|�t�d|_tj
|_	t|dd�}|�d|jt��|d��B}|�t|jf�|�d�|�|�d�d�|�d�|�|�d�d	�|�d�|�|�d�d
�|�|��i�Wd�n1s�wYWd�dSWd�dS1s�wYdS)NTFrJrkr�r�r�r�r�r�)r�r	rarWr�r�r�r�r�r�rVr�r�r�r�r�r�r=r>r�rur�rr�)r�r�r�r�r�r�r r r!�test_bpo37428_pha_cert_none:s:



�


��"�z1TestPostHandshakeAuth.test_bpo37428_pha_cert_nonec	Cs�tdd�\}}}t|dd�}|��|jt��|d���}|�t|jf�|j��}|�	t
|�d�|\}}|j��}	|�	t
|	�d�|�	||	d�|�	t|�t|	d��|�	t
|�t
|	d��|�||�|�t|�t|��|�t
|�t
|��|�|��|���|�dt
|��|�d	t
|��|�tj�}
|�tj�}|�|
t�|�d
|
�|�|t�|�	t�|
�|�Wd�n1s�wYWd�dSWd�dS1s�wYdS)NFr�rJrkr�r�rzCN=localhostzCN=our-ca-serverz-----BEGIN CERTIFICATE-----)r�r�r�r�r=r>r�r�r�r�rYr��hashryr�Zget_infor{Zpublic_bytesr�ZENCODING_PEMZENCODING_DERrrRr�r	r�)r�r�r�r�r�r�Zvc�ee�caZuvcr�rKr r r!�test_internal_chain_clientYsJ��


���"�z0TestPostHandshakeAuth.test_internal_chain_clientc	Cs�t�\}}}|�t�tj|_tjj|_t	|dd�}|�R|j
t��|d��0}|�t
|jf�|�d�|�d�}|�|d�|�d�|�d�}|�|d�Wd�n1sYwYWd�dSWd�dS1sqwYdS)NFrJrksVERIFIEDCHAIN
r�s
sUNVERIFIEDCHAIN
)r�r�r�r	r�r�r
r`r]r�r�r�r=r>r�rurr�)r�r�r�r�r�r��resr r r!�test_internal_chain_server~s,

�



��"�z0TestPostHandshakeAuth.test_internal_chain_serverN)r�r�r�r�r�r�r�r�r�r�r�r�r�r�r r r r!r�s%%r��keylog_filenamez0test requires OpenSSL 1.1.1 with keylog callbackc@s�eZdZejfdd�Zee�e	d�dd���Z
ee�e	d�dd���Zee�ej
jd�e�e	d�d	d
����Zdd�Zd
d�Zdd�ZdS)�TestSSLDebugcCs8t|��}tt|��Wd�S1swYdSr)rDrYr�)r�ZfnamerGr r r!�keylog_lines�s

$�zTestSSLDebug.keylog_linesr-cCs
|�tjtj�t�tj�}|�|jd�|�	t
j�tj��tj|_|�|jtj�|�
t
j�tj��|�|��d�d|_|�|jd�|�ttf��t
j�t
j�tj��|_Wd�n1sewY|�t��d|_Wd�dS1s~wYdS)Nr�)rErr�r�r	rarWr�r�r�rr�isfiler	r�r��IsADirectoryError�PermissionErrorr�abspathr�r�r r r!�test_keylog_defaults�s$��"�z!TestSSLDebug.test_keylog_defaultsc	Cs�|�tjtj�t�\}}}tj|_t|dd�}|�)|jt��|d��}|�	t
|jf�Wd�n1s7wYWd�n1sFwY|�|�
�d�d|_tj|_t|dd�}|�)|jt��|d��}|�	t
|jf�Wd�n1swYWd�n1s�wY|�|�
�d�tj|_tj|_t|dd�}|�)|jt��|d��}|�	t
|jf�Wd�n1s�wYWd�n1s�wY|�|�
�d�d|_d|_dS)NFrJrkr}��)rErr�r�r�r�r�r�r�r=r>r�r�r�rr�r r r!�test_keylog_filename�sT
����
����
����
z!TestSSLDebug.test_keylog_filenamez.test is not compatible with ignore_environmentcCs�|�tjtj�tjj�tj	��>tjtj	d<|�
tj	dtj�t�tj
�}|�
|jd�t��}|�
|jtj�t��}|�
|jtj�Wd�dS1sQwYdS)NZ
SSLKEYLOGFILE)rErr�r�rdZmockr�dictr�environr�r	rarWr�rSrUr�r r r!�test_keylog_env�s"�zTestSSLDebug.test_keylog_envcCsnt�\}}}dd�}|�|jd�||_|�|j|�|�t��
t�|_Wd�dS1s0wYdS)NcSrOrr �r r�r5r�r�r�r r r!r��rPz.TestSSLDebug.test_msg_callback.<locals>.msg_cb)r�r�r�r�r�r+)r�r�r�r�r�r r r!�test_msg_callback�s
"�zTestSSLDebug.test_msg_callbackc	s�t�\}}}tjj|_g���fdd�}||_t|dd�}|�)|jt��|d��}|�	t
|jf�Wd�n1s<wYWd�n1sKwY��dtjt
jtjf����dtjt
jtjf��dS)Ncs@��|tj���|t���|ddh���||||f�dS)NrEru)rr	r�r�r{r�r�r�r�r r!r��sz4TestSSLDebug.test_msg_callback_tls12.<locals>.msg_cbFrJrkrEru)r�r	r
r`r]r�r�r�r�r=r>r�r{rZ	HANDSHAKErZSERVER_KEY_EXCHANGEZCHANGE_CIPHER_SPEC)r�r�r�r�r�r�r�r rr!�test_msg_callback_tls12�s6

����
��
��z$TestSSLDebug.test_msg_callback_tls12c	st�\}}}t�d�dd�}�fdd�}||_||_t|dd�}|�S|jt��|d��}|�t|jf�Wd�n1s@wY|jt��|d��}|�t|jf�Wd�n1sawYWd�dSWd�dS1sywYdS)	Nr�cSrOrr rr r r!r�rPz@TestSSLDebug.test_msg_callback_deadlock_bpo43577.<locals>.msg_cbcs
�|_dSrr�r>�Zserver_context2r r!�sni_cbrz@TestSSLDebug.test_msg_callback_deadlock_bpo43577.<locals>.sni_cbFrJrk)	r�r�Zsni_callbackr�r�r�r=r>r�)r�r�r�r�r�rr�r�r rr!�#test_msg_callback_deadlock_bpo43577s.

��
���"�z0TestSSLDebug.test_msg_callback_deadlock_bpo43577N)r�r�r�rr�r��requires_keylogrdrbrcr�r�rq�flags�ignore_environmentrrrr	r r r r!r��s"

"
�
r�c	Cs |�tjtjt�ddd��dS)N�iir�r)�
setsockoptr��
SOL_SOCKET�	SO_LINGER�struct�pack)r�r r r!�)set_socket_so_linger_on_with_zero_timeout.s rc@sBeZdZdZGdd�dej�Zdd�Zdd�Zdd	�Z	d
d�Z
dS)
�TestPreHandshakeClosezQVerify behavior of close sockets with received data before to the handshake.
    csFeZdZdd��fdd�
Zdd�Zdd�Z�fd	d
�Zdd�Z�ZS)
z6TestPreHandshakeClose.SingleConnectionTestServerThreadN)r-csH||_d|_d|_d|_d|_|durtj|_n||_t�j	|d�dS)Nr�r)
�call_after_accept�
received_data�
wrap_errorrir�rr�r-�superr�)r�rrr-�r,r r!r�8s
z?TestPreHandshakeClose.SingleConnectionTestServerThread.__init__cCs|��|Sr)rr�r r r!r�Dsz@TestPreHandshakeClose.SingleConnectionTestServerThread.__enter__cGs:z
|jr	|j��Wn	tyYnw|��d|_dSr)rirFrrrrr r r!r�Hs
��
z?TestPreHandshakeClose.SingleConnectionTestServerThread.__exit__csxt�tjj�|_tj|j_|jjtd�|jj	tt
d�t��|_t
�|j�|_|j�|j�|j�d�t���dS)Nr}r<r�)r	rSr�r��ssl_ctxr�r�r�rr�rr�rirr�r�r+r-rrrr�rr r!rQs

z<TestPreHandshakeClose.SingleConnectionTestServerThread.startcCsz!z	|j��\}}WntyYW|j��dSwW|j��n|j��w|�Y|�|�r9	Wd�dSz
|jj|dd�}WntyX}z	||_WYd}~nd}~wwz|�	d�|_
WntyjYnwWd�dSWd�dSWd�dS1s�wYdS)NTr9�)rir3rrFrrr�rrrr)r�r �addressZ
tls_socketr$r r r!r\s:��
������	�"�z:TestPreHandshakeClose.SingleConnectionTestServerThread.run)	r�r�r�r�r�r�rr�
__classcell__r r rr!� SingleConnectionTestServerThread6s	rcCsttjdkrdSt|t�s#t|t�r|jtjks#t�dt	|dd�tj
�r8z|�dtj�d|���Wd}dSd}wdS)N�linuxzwrong.version.numberrhrz!Could not recreate conditions on z: err=)rqr�rQr�rrA�EINVAL�re�searchrT�Ir�r#r r r!�"non_linux_skip_if_other_okay_errorrs

��

��z8TestPreHandshakeClose.non_linux_skip_if_other_okay_errorcsNt���t�����fdd�}|j|dd�}|��|�|j�t���&}|�|j�	��t
|�|�d����|�
d�|��Wd�n1sMwY���|��|j}d|_zA|�d|j�|�|t�|�|�|�|tj�|�d|jd	�|�d|j�|�d
|jd
�|j|jdd�Wd}d}dSd}d}w)
Ncs �����tj�std��dS)Nz+wrap_socket event never set, test may fail.F)r�r
rr��RuntimeError)Zunused�Zready_for_server_wrap_socketZserver_accept_calledr r!r�szPTestPreHandshakeClose.test_preauth_data_to_tls_server.<locals>.call_after_acceptZpreauth_data_to_tls_server�rrFsDELETE /data HTTP/1.0

r��before TLS handshake with datar�r�attr must existr�)r�rrr�rEr�r�r=rirqrrkr
r!rFr�rrr�rrrr$r	r�r{rerhr�rwrg)r�rr�r�rr r&r!�test_preauth_data_to_tls_server�sD�



�

�z5TestPreHandshakeClose.test_preauth_data_to_tls_serverc	s�t���t�����fdd�}|j|dd�}|��|�|j�t|j�t���N}|�	|j�
�������t
j�sA|�d�t��}z	|j|dd�}Wntyd}z
|}d}WYd}~nd}~wwd}|�d	�}|��Wd�n1szwY|��z@|�d|�|�|t�|�|�|�|tj�|�d
|jd�|�d
|j�|�d|jd�|j|j d
d�Wd}d}dSd}d}w)Ncs:��tj�s
td�t|�|�d�|�����dS)Nz ERROR: test client took too longsWHTTP/1.0 307 Temporary Redirect
Location: https://example.com/someone-elses-server

T)r
rr�r�rr!rFr��Zconn_to_client�Z$client_can_continue_with_wrap_socketZ$server_can_continue_with_wrap_socketr r!r�s�zPTestPreHandshakeClose.test_preauth_data_to_tls_client.<locals>.call_after_acceptZpreauth_data_to_tls_clientr'ztest server took too longr,rkr�rr(r�rr)r�)!r�rrr�rEr�rrir�r=rqr�r
rr�r�r	rSr�rrrFrr�rr$r�r{rerhr�rwrg)	r�rr�r�rZ
tls_clientr$rrr r,r!�test_preauth_data_to_tls_client�sX�



���
��
�z5TestPreHandshakeClose.test_preauth_data_to_tls_clientcs�t���G�fdd�dtjj�}�fdd�}d}|j|d|d�}|��|�|j�t	|j
�||j
��d|jt
��|d	�}|�t��|jd
ddd
id�|��}Wd�n1s]wY|��dS)NcseZdZ�fdd�ZdS)zeTestPreHandshakeClose.test_https_client_non_tls_response_ignored.<locals>.SynchronizedHTTPSConnectioncsFtjj�|���tj�stjrtj	�
d�|jj|j
|jd�|_
dS)Nz"server_responding event never set.rk)�httpr�ZHTTPConnectionr=r
rr�rsrqrtruZ_contextr�r�rdr��Zserver_respondingr r!r=�s�zmTestPreHandshakeClose.test_https_client_non_tls_response_ignored.<locals>.SynchronizedHTTPSConnection.connectN)r�r�r�r=r r/r r!�SynchronizedHTTPSConnection�sr0cs&t|�|�d�|�����dS)Ns!HTTP/1.0 402 Payment Required

T)rr!rFr�r+r/r r!rs�z[TestPreHandshakeClose.test_https_client_non_tls_response_ignored.<locals>.call_after_acceptg@Znon_tls_http_RST_responder)rrr-r)r�r�r-ZHEADz/testZHostr,)Zheaders)r�rr.r�ZHTTPSConnectionrr�rEr�rrirqr�r	rSr�rrZgetresponser)r�r0rr-r��
connection�responser r/r!�*test_https_client_non_tls_response_ignored�s.
�
�
�z@TestPreHandshakeClose.test_https_client_non_tls_response_ignoredN)r�r�r�r�r�r�rr$r*r-r3r r r r!r2s<-<rcCstjr[tjtjd�}|��D]\}}|�}|r#|dr#d||f}nqtt���}tdtj	tj
f�td|�tdtj�tdtj�z	tdtj
�Wn	tyZYnwttttttttttttfD]}tj�|�sxt�d	|��qit� �}t!j"tj#g|�R�dS)
N)ZMacZWindowsrz%s %rztest_ssl: testing with %r %rz          under %sz          HAS_SNI = %rz          OP_ALL = 0x%8xz          OP_NO_TLSv1_1 = 0x%8xzCan't read certificate file %r)$rrsr�Zmac_verZ	win32_ver�itemsryr�r	rrr�r�r�r�r�rrrrrr�r�r�r�BADKEYrrr�existsZ
TestFailedrZthreading_setuprdZaddModuleCleanupZthreading_cleanup)ZplatsrrgZplat�filename�thread_infor r r!�setUpModule+s@��
����r9�__main__r)r�TFNN)Nrr)�rqrdZ
unittest.mockr�rZtest.supportrrrrrr!r�r�rryZdatetimerDZhttp.clientr.rrAr�Zurllib.requestr~r�rorr�Z	sysconfigrir��ImportError�warnings�catch_warnings�simplefilterr2r�
import_moduler	r�r
rrr
rJZPy_DEBUGrcr�Z_PROTOCOL_NAMESr�r>rr_Zget_config_varrrBr��verrTr�r"r��fsencoderrrrrrrrr�rr)r�r�rNr�r�r�r�r�rTrSr�r�r\r�r�r�rrr?r5r�r�r�r0r1r>r?r@rArBrHrNr[�	lru_cacherXrmrwrZignore_warningsr�r�r�r�ZTestCaser�r�rdrqr�r�Zrequires_resourcer�r�r�Ztest.ssl_serversr�r�r�rrArGrHr�r�raZ
HAS_KEYLOGr
r�rrr9r��mainr r r r!�<module>s��

�





�






��

	
	
(��3C6?0t
v
�1
�N}�z
#�
@ Telegram