HEX

File: //usr/local/lib/python3.7/test/__pycache__/test_ssl.cpython-37.opt-1.pyc
B

��gj
�@s�ddlZddlZddlmZddlZddlZddlZddlZddlZddl	Z	ddl
Z
ddlZddlZ
ddlZddlZddlZddlZddlZddlZddlZddlZyddlZWnek
r�dZYnXe�d�Zeej�ZejZej�d�Zeo�ej dkZ!e�oej dkZ"e�#d�Z$iZ%xPdD]H\Z&Z'ye(ee&�Z&e(ej)e'�Z'Wne*k
�rb�w&YnXe'e%e&<�q&Wd	d
�Z+e+d�Z,e	�-e,�Z.e+d�Z/e+d
�Z0e	�-e/�Z1e	�-e0�Z2e+d�Z3e+d�Z4dZ5e+d�Z6e	�-e6�Z7e+dd�Z8e+dd�Z9dddddddd�Z:e+d�Z;e+d�Z<dZ=ddd d!d"d#d$dddd%�
Z>e+d&�Z?d'Z@e+d(�ZAd)ZBe+dd*�ZCe+d+�ZDe+d,�ZEd-ZFe+d.�ZGe+d/�ZHe+d0�ZIe+d1�ZJe+d2�ZKe+d3�ZLe+d4�ZMe+d5�ZNe	�-eN�ZOe(ed6d�ZPe(ed7d�ZQe(ed8d�ZRe(ed9d�ZSe(ed:d�ZTd;d<�ZUeU��rd=d>�ZVnd?d>�ZVd@dA�ZWe�X�dBdC��ZYdDdE�ZZe�[e\ej]dF�dG�Z^dHdI�Z_dJdK�Z`dLdM�ZadNdO�ZbdPdQ�Zcec�ZddRdS�ZedTdU�ZfdVdW�Zge�[ejhdX�ZiejjfejkdddddY�dZd[�Zle<fd\d]�ZmGd^d_�d_ejn�ZoGd`da�daejn�ZpGdbdc�dcejn�ZqGddde�deejn�ZrGdfdg�dgejn�ZsGdhdi�diejn�ZtGdjdk�dkejn�Zud�dldm�Zvdndo�ZwddplxmyZyGdqdr�drejz�Z{Gdsdt�dtejz�Z|d�dxdy�Z}d�dzd{�Z~Gd|d}�d}ejn�Ze�[eYd~�d�Gd�d��d�ejn��Z�d�d�d��Z�e�d�k�r�e��dS)��N)�support�sslZLibreSSL)�rr)rrr�PY_SSL_DEFAULT_CIPHERS))�PROTOCOL_SSLv23�SSLv3)�PROTOCOL_TLSv1�TLSv1)�PROTOCOL_TLSv1_1�TLSv1_1cGstjjtj�t�f|��S)N)�os�path�join�dirname�__file__)�name�r�)/usr/local/lib/python3.7/test/test_ssl.py�	data_file3srzkeycert.pemzssl_cert.pemzssl_key.pemzkeycert.passwd.pemzssl_key.passwd.pemZsomepass�capathz
4e1295a3.0z
5ed36f99.0)))�countryName�XY))�localityNamezCastle Anthrax))�organizationNamezPython Software Foundation))�
commonName�	localhostzAug 26 14:23:15 2028 GMTzAug 29 14:23:15 2018 GMTZ98A7CF88C74A32ED))�DNSr�)�issuer�notAfter�	notBefore�serialNumber�subject�subjectAltName�versionzrevocation.crlzkeycert3.pemr)z)http://testca.pythontest.net/testca/ocsp/)z0http://testca.pythontest.net/testca/pycacert.cer)z2http://testca.pythontest.net/testca/revocation.crl)))rr))rzPython Software Foundation CA))rz
our-ca-serverzJul  7 14:23:16 2028 GMTzAug 29 14:23:16 2018 GMTZCB2D80995A69525C)
�OCSP�	caIssuers�crlDistributionPointsrrr r!r"r#r$zkeycert4.pem�fakehostnamezkeycertecc.pemz
localhost-eccz
ceff1710.0zallsans.pemzidnsans.pemzself-signed.pythontest.netznullcert.pemzbadcert.pemzXXXnonexisting.pemz
badkey.pemz	nokia.pemznullbytecert.pemztalos-2019-0758.pemzffdh3072.pem�OP_NO_COMPRESSION�OP_SINGLE_DH_USE�OP_SINGLE_ECDH_USE�OP_CIPHER_SERVER_PREFERENCE�OP_ENABLE_MIDDLEBOX_COMPATc	Cs>y$tddd��}d|��kSQRXWntk
r8dSXdS)Nz/etc/os-releasezutf-8)�encodingZubuntuF)�open�read�FileNotFoundError)�frrr�	is_ubuntu�s
r3cGs4x.|D]&}t|d�r|jtjjkr|�d�qWdS)z@"Lower security level to '1' and allow all ciphers for TLS 1.0/1�minimum_versionz@SECLEVEL=1:ALLN)�hasattrr4r�
TLSVersionr�set_ciphers)�ctxs�ctxrrr�seclevel_workaround�s

r:cGsdS)Nr)r8rrrr:�scCsTt|t�r"tt|d�}|dkr"dS|tjtjtjhkr:dS|j}t|t	d�d��S)z�Check if a TLS protocol is available and enabled

    :param protocol: enum ssl._SSLMethod member or name
    :return: bool
    NFTZ	PROTOCOL_)
�
isinstance�str�getattrr�PROTOCOL_TLS�PROTOCOL_TLS_SERVER�PROTOCOL_TLS_CLIENTr�has_tls_version�len)�protocolrrrr�has_tls_protocol�s

rDcCs�|dkrdSt|t�r"tjj|}ttd|j���s8dSt��}t|d�rf|j	tjj
krf||j	krfdSt|d�r�|jtjjkr�||jkr�dSdS)z{Check if a TLS/SSL version is enabled

    :param version: TLS version name or ssl.TLSVersion member
    :return: bool
    �SSLv2FZHAS_r4�maximum_versionT)
r;r<rr6�__members__r=r�
SSLContextr5r4�MINIMUM_SUPPORTEDrF�MAXIMUM_SUPPORTED)r$r9rrrrA�s 




rAcs�fdd�}|S)z�Decorator to skip tests when a required TLS version is not available

    :param version: TLS version name or ssl.TLSVersion member
    :return:
    cst�����fdd��}|S)Ncs(t��st���d���n
�||�SdS)Nz is not available.)rA�unittest�SkipTest)�args�kw)�funcr$rr�wrapper�sz8requires_tls_version.<locals>.decorator.<locals>.wrapper)�	functools�wraps)rOrP)r$)rOr�	decorator�sz'requires_tls_version.<locals>.decoratorr)r$rSr)r$r�requires_tls_version�srTr4zrequired OpenSSL >= 1.1.0gcCs.d�tjt����}tjr*tj�||�dS)N� )	r�	traceback�format_exception�sys�exc_infor�verbose�stdout�write)�prefixZ
exc_formatrrr�handle_error�sr^cCs
tjdkS)N)r�	��
�)r�_OPENSSL_API_VERSIONrrrr�can_clear_optionssrdcCs
tjdkS)N)rr_�r`rb)r�OPENSSL_VERSION_INFOrrrr�no_sslv2_implies_sslv3_hellosrgcCs
tjdkS)N)rr_r`rrb)rrfrrrr�have_verify_flagssrhcCsBtjs
dSt�tj�}y|�d�Wntk
r8dSXdSdS)NF�	secp384r1T)r�HAS_ECDHrHr?�set_ecdh_curve�
ValueError)r9rrr�_have_secp_curvessrmcCs$tjrt��jdkrtjStjS)Nr)�timeZdaylightZ	localtimeZtm_isdstZaltzoneZtimezonerrrr�
utc_offsetsrocCs^tjdkrZd}tj�||�}|jdd�}|�|�}|ddkrZ|dd�d|dd�}|S)	N)rr_r`r_rbz%b %d %H:%M:%S %Y GMTr)�second��0rU�)rrc�datetimeZstrptime�replace�strftime)�	cert_timeZfmtZdtrrr�asn1time!s

rxcs,ttd�r$t����fdd��}|S�SdS)N�PROTOCOL_SSLv2csRyt�tj�Wn6tjk
rFtjdkrBt��dkrBt�d��YnX�||�S)N)rr_r`rbrb)Zdebianzsqueeze/sid�z'Patched Ubuntu OpenSSL breaks behaviour)	rrHry�SSLErrorrf�platform�linux_distributionrKrL)rM�kwargs)rOrrr22s
z$skip_if_broken_ubuntu_ssl.<locals>.f)r5rrQrR)rOr2r)rOr�skip_if_broken_ubuntu_ssl0s
	rz SNI support needed for this test)�	cert_reqs�ca_certs�ciphers�certfile�keyfilec	Ksvt�|�}|dk	r(|tjkr"d|_||_|dk	r:|�|�|dk	sJ|dk	rV|�||�|dk	rh|�|�|j|f|�S)NF)	rrH�	CERT_NONE�check_hostname�verify_mode�load_verify_locations�load_cert_chainr7�wrap_socket)	�sock�ssl_versionr�r�r�r�r�r~�contextrrr�test_wrap_socketBs



r�cCsd|tkrt}n|tkrt}nt|��t�tj�}|�t	�t�tj
�}|�|�|�t	�|||fS)zUCreate context

    client_context, server_context, hostname = testing_context()
    )�SIGNED_CERTFILE�SIGNED_CERTFILE_HOSTNAME�SIGNED_CERTFILE2�SIGNED_CERTFILE2_HOSTNAMErlrrHr@r��
SIGNING_CAr?r�)Zserver_cert�hostname�client_context�server_contextrrr�testing_contextTs


r�c@s�eZdZdd�Zdd�Zdd�Zdd�Ze�e	j
d	kd
�dd��Zd
Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd�Zejdd��Zdd�Zdd�Zd d!�Zd"d#�Zd$d%�Zd&d'�Zd(d)�Zd*d+�Zd,d-�Zd.d/�Ze�d0e j!kd1�d2d3��Z"d4d5�Z#d6d7�Z$e�e%j&d8kd9�d:d;��Z'e�e%j&d8kd9�d<d=��Z(d>d?�Z)d@dA�Z*dBdC�Z+dDdE�Z,dFdG�Z-e�e.�dH�dIdJ��Z/dKdL�Z0e�1dMdN�dOdP��Z2dQdR�Z3d
S)S�BasicSocketTestscCs�tjtjtjtjtjtjr*tjtjdkr:tj	|�
tjddh�|�
tjddh�tjtj
tjtjtjdkr�tjtj|�tjtj�dS)N)rrTF)rrr)rr��
CERT_OPTIONAL�
CERT_REQUIREDr,r*rjr+rfr)�assertIn�HAS_SNI�OP_NO_SSLv2�OP_NO_SSLv3�OP_NO_TLSv1�
OP_NO_TLSv1_3�
OP_NO_TLSv1_1�
OP_NO_TLSv1_2�assertEqualr>r)�selfrrr�test_constantsls&

zBasicSocketTests.test_constantsc
Cs:|�td��$t���}t�|�WdQRXWdQRXdS)Nzpublic constructor)�assertRaisesRegex�	TypeError�socketr�	SSLSocket)r��srrr�test_private_init�s
z"BasicSocketTests.test_private_initcCs2tj}|�t|�d�t�|�}|�|j|�dS)Nz_SSLMethod.PROTOCOL_TLS)rr>r�r<rH�assertIsrC)r��protor9rrr�test_str_for_enums�s
z#BasicSocketTests.test_str_for_enumscCst��}tjr*tj�d||r dp"df�t�d�\}}|�t	|�d�|�||dk�|rxt�
d�}|�t	|�d�n|�tjtj
d�|�t
tj
d�|�t
tjd�ttd�r�|�ttjd�|�ttjdd�t�d	d
�t�dd
�t�td�d
�dS)
Nz
 RAND_status is %d (%s)
zsufficient randomnesszinsufficient randomness�r����RAND_egd�foozthis is a random stringg�R@sthis is a random bytes objects!this is a random bytearray object)r�RAND_statusrrZrXr[r\�RAND_pseudo_bytesr�rBZ
RAND_bytes�assertRaisesr{rlr5r�r�ZRAND_add�	bytearray)r��v�dataZis_cryptographicrrr�test_random�s(



zBasicSocketTests.test_random�posixzrequires posixcCst��}|s|�d�t��\}}t��}|dkr�yBt�|�t�d�d}|�t	|�d�t�
||�t�|�Wntk
r�t�d�YnXt�d�nzt�|�|�
tj|�t�|d�\}}|�|d�t�|d�}|�t	|�d�t�d�d}|�t	|�d�|�||�dS)Nz*OpenSSL's PRNG has insufficient randomnessrr�r)rr��failr�pipe�fork�closer�r�rBr\�
BaseException�_exit�
addCleanup�waitpidr0�assertNotEqual)r��statusZrfdZwfd�pidZchild_random�_Z
parent_randomrrr�test_random_fork�s0


z!BasicSocketTests.test_random_forkNcCs�|�tj�t�t�|�tj�t�t�tj�t�}t	j
rTtj�
dt�|�d�|�|dd�|�|dd�|�|dd�|�|dd	�dS)
N�
r#))rzprojects.developer.nokia.com)rzprojects.forum.nokia.comr%)zhttp://ocsp.verisign.comr&)z0http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cerr')z0http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl)r�r�_ssl�_test_decode_cert�CERTFILE�
CERTFILE_INFOr��SIGNED_CERTFILE_INFO�	NOKIACERTrrZrXr[r\�pprint�pformat)r��prrr�test_parse_cert�s 




z BasicSocketTests.test_parse_certcCsLtj�t�}tjr,tj�dt	�
|�d�|�|dddddddd	��dS)
Nr�)))r�UK))rzcody-cazJun 14 18:00:58 2028 GMTzJun 18 18:00:58 2018 GMTZ02)))rr�))rz#codenomicon-vm-2.test.lal.cisco.com))rz#codenomicon-vm-2.test.lal.cisco.comr)rrr r!r"r#r$)rr�r��TALOS_INVALID_CRLDPrrZrXr[r\r�r�r�)r�r�rrr�test_parse_cert_CVE_2019_5010�sz.BasicSocketTests.test_parse_cert_CVE_2019_5010cCsxtj�t�}tjr,tj�dt	�
|�d�d}|�|d|�|�|d|�tjdkr`d}nd}|�|d|�dS)	Nr�)))r�US))�stateOrProvinceNameZOregon))rZ	Beaverton))rzPython Software Foundation))�organizationalUnitNamezPython Core Development))rznull.python.orgexample.org))�emailAddresszpython-dev@python.orgr"r)rr_r`))rzaltnull.python.orgexample.com)�emailz null@python.orguser@example.org)�URIz)http://null.python.orghttp://example.org)z
IP Addressz	192.0.2.1)z
IP Addressz2001:DB8:0:0:0:0:0:1))rzaltnull.python.orgexample.com)r�z null@python.orguser@example.org)r�z)http://null.python.orghttp://example.org)z
IP Addressz	192.0.2.1)z
IP Addressz	<invalid>r#)
rr�r��NULLBYTECERTrrZrXr[r\r�r�r�rc)r�r�r"Zsanrrr�test_parse_cert_CVE_2013_4238�s
z.BasicSocketTests.test_parse_cert_CVE_2013_4238cCs tj�t�}|�|dd�dS)Nr#)
)rZallsans)�	othernamez
<unsupported>)r�z
<unsupported>)r�zuser@example.org)rzwww.example.org)ZDirName)))rr))rzCastle Anthrax))rzPython Software Foundation))rzdirname example)r�zhttps://www.python.org/)z
IP Addressz	127.0.0.1)z
IP Addressz0:0:0:0:0:0:0:1)z
Registered IDz	1.2.3.4.5)rr�r��
ALLSANFILEr�)r�r�rrr�test_parse_all_sanss
z$BasicSocketTests.test_parse_all_sansc	Cs�ttd��}|��}WdQRXt�|�}t�|�}t�|�}|�||�|�tjd�sf|�	d|�|�
dtjd�s�|�	d|�dS)N�rr�z-DER-to-PEM didn't include correct header:
%r
z-DER-to-PEM didn't include correct footer:
%r
)r/�
CAFILE_CACERTr0r�PEM_cert_to_DER_certZDER_cert_to_PEM_certr��
startswithZ
PEM_HEADERr��endswithZ
PEM_FOOTER)r�r2�pem�d1Zp2�d2rrr�test_DER_to_PEM/s


z BasicSocketTests.test_DER_to_PEMc		Cs&tj}tj}tj}|�|t�|�|t�|�|t�|�|d�|�	|d�|\}}}}}|�|d�|�	|d�|�|d�|�	|d�|�|d�|�	|d�|�|d�|�
|d�|�|d�|�
|d�tr�|�|�
d	�|��||t|�f�n&|�|�
d
�|||��||t|�f�dS)Ni�i@rrqr��?rbz
LibreSSL {:d}zOpenSSL {:d}.{:d}.{:d})rZOPENSSL_VERSION_NUMBERrf�OPENSSL_VERSION�assertIsInstance�int�tupler<�assertGreaterEqual�
assertLessZassertLessEqual�IS_LIBRESSL�
assertTruer��format�hex)	r��n�tr��major�minorZfixZpatchr�rrr�test_openssl_version;s0z%BasicSocketTests.test_openssl_versionc	CsLt�tj�}t|�}t�|�}t�dtf��~WdQRX|�|�d�dS)Nrz)	r��AF_INETr��weakref�refrZcheck_warnings�ResourceWarningr�)r�r��ss�wrrrr�
test_refcycleZs
zBasicSocketTests.test_refcyclec	Cs�t�tj�}t|���}|�t|jd�|�t|jtd��|�t|jd�|�t|j	td�d�|�t|j
d�|�t|jdd�|�t|j
�|�t|jdgddd�|�t|jd�|�t|jtd�g�WdQRXdS)Nr�x)z0.0.0.0rrr�d)r�r�r�r��OSError�recv�	recv_intor��recvfrom�
recvfrom_into�send�sendto�NotImplementedError�dup�sendmsg�recvmsg�recvmsg_into)r�r�r�rrr�test_wrapped_unconnectedes


z)BasicSocketTests.test_wrapped_unconnectedc
CsLxFdD]>}t�tj�}|�|�t|��}|�||���WdQRXqWdS)N)Ngg@)r�r��
settimeoutr�r�Z
gettimeout)r��timeoutr�r�rrr�test_timeoutws



zBasicSocketTests.test_timeoutc
Csdt��}|jtdtj|td�|jtdtj|dd�|jtdtj|ddd�tj|dtd��}|�td|jtd	f�WdQRX|�t	��(}t���}tj|t
d
�WdQRXWdQRX|�|jj
t
j�|�t	��*}t���}tj|tt
d�WdQRXWdQRX|�|jj
t
j�|�t	��*}t���}tj|t
t
d�WdQRXWdQRX|�|jj
t
j�dS)Nzcertfile must be specified)r�z5certfile must be specified for server-side operationsT)�server_siderz)rr�z!can't connect in server-side modei�)r�)r�r�)r�r�rlrr�r��connect�HOSTr�r�NONEXISTINGCERTr��	exception�errno�ENOENT)r�r�r��cmrrr�test_errors_sslwrap�s6
"

z$BasicSocketTests.test_errors_sslwrapc	CsXtj�tj�t�ptj|�}t��}|�|j�|�	t
j��t||d�WdQRXdS)z;Check that trying to use the given client certificate fails)r�N)
rr
rrr�curdirr�r�r�r�rr{r�)r�r�r�rrr�
bad_cert_test�szBasicSocketTests.bad_cert_testcCs|�d�dS)z Wrapping with an empty cert fileznullcert.pemN)r)r�rrr�test_empty_cert�sz BasicSocketTests.test_empty_certcCs|�d�dS)z:Wrapping with a badly formatted certificate (syntax error)zbadcert.pemN)r)r�rrr�test_malformed_cert�sz$BasicSocketTests.test_malformed_certcCs|�d�dS)z2Wrapping with a badly formatted key (syntax error)z
badkey.pemN)r)r�rrr�test_malformed_key�sz#BasicSocketTests.test_malformed_keyc
s�dd�}�fdd�}ddi}||d�||d�||d	�||d
�||d�||d�dd
i}||d�||d�||d�||d�||d�ddi}||d�||d�||d�||d�||d�ddi}||d�||d�||d�ddi}||d�||d�||d�||d�ddi}||d�||d�||d�d�d ��d!�}dd"|fffi}|||�dd#i}|||�dd$i}|||�d%�d ��d!�}dd"|fffi}||d&�d ��d!��||d'�d ��d!��||d(�d ��d!��||d)�d ��d!��d*d+d,d-�}||d.�||d/�||d0�||d1�d2d3d4�}||d5�||d6�||d7�dd8d9�}||d:�||d;�||d<�||d=�||d>�||d?�||d@�ttdA��rddBd9�}||dC�||dD�||dE�||dF�||dG�||d@�d2dHd4�}||d5�dIdJdKd-�}||d5�dIdHdKd-�}||dL���ttjdd���ttjid�ddMi}��tj	dN��t�|dO�WdQRXddPi}��tj	dQ��t�|dR�WdQRXddSi}��tj	dT��t�|dU�WdQRXddVi}��tj	dW��t�|dX�WdQRXddYi}��tj	dZ��t�|d[�WdQRXx.d\D]&}��t��t�
|�WdQRX�q\Wxd]D]}��t�
|���q�WttdA��r�xd^D]}��t�
|���q�WdS)_NcSst�||�dS)N)r�match_hostname)�certr�rrr�ok�sz0BasicSocketTests.test_match_hostname.<locals>.okcs��tjtj||�dS)N)r�r�CertificateErrorr")r#r�)r�rrr��sz2BasicSocketTests.test_match_hostname.<locals>.failr")))rzexample.comzexample.comzExAmple.cOmzwww.example.comz.example.comzexample.orgZexampleXcom)))rz*.a.comz	foo.a.comz
bar.foo.a.comza.comzXa.comz.a.com)))rzf*.comzfoo.comzf.comzbar.comzbar.foo.com)))rznull.python.orgexample.orgznull.python.orgexample.orgznull.python.org)))rz	*.*.a.com)))rza.*.comz	a.foo.comza..comupüthon.python.org�idna�asciir)))rz
x*.python.org)))rzxn--p*.python.orguwww*.pythön.orguwww.pythön.orguwww1.pythön.orguftp.pythön.orgupythön.orgzJun 26 21:41:46 2011 GMT)))rzlinuxfrz.org))rzlinuxfr.org)rzlinuxfr.com)r�z
<unsupported>)rr"r#zlinuxfr.orgzlinuxfr.comz
<unsupported>zlinuxfrz.orgzDec 18 23:59:59 2011 GMT)))rr�))r��
California))rz
Mountain View))rz
Google Inc))rzmail.google.com)rr"zmail.google.comz	gmail.comr())rzexample.com)z
IP Addressz10.11.12.13)z
IP Addressz14.15.16.17)z
IP Addressz	127.0.0.1)r"r#z10.11.12.13z14.15.16.17z127.1z14.15.16.17 z14.15.16.17 extra dataz14.15.16.18zexample.netZAF_INET6))rzexample.com)z
IP Addressz2001:0:0:0:0:0:0:CAFE
)z
IP Addressz2003:0:0:0:0:0:0:BABA
z
2001::cafez
2003::babaz2003::baba z2003::baba extra dataz
2003::bebe)))rr�))r�r())rz
Mountain View))rz
Google InczDec 18 23:59:59 2099 GMT)))rr�))r�r())rz
Mountain View))rzmail.google.com))r�Zblablaz
google.com)))rza*b.example.comz5partial wildcards in leftmost label are not supportedzaxxb.example.com)))rzwww.*.example.comz2wildcard can only be present in the leftmost labelzwww.sub.example.com)))rza*b*.example.comztoo many wildcardszaxxbxxc.example.com)))r�*z7sole wildcard without additional labels are not support�host)))rz*.comz%hostname 'com' doesn't match '\*.com'Zcom)�1rzz1.2.3z	256.0.0.1z127.0.0.1/24)z	127.0.0.1z192.168.0.1)z::1z2001:db8:85a3::8a2e:370:7334)�encode�decoder5r�r�rlrr"r�r%Z_inet_patonr�)r�r$r�r#r&�invalidZipaddrr)r�r�test_match_hostname�s�






















































z$BasicSocketTests.test_match_hostnamec	Cs:t�tj�}t���}|jt|j|ddd�WdQRXdS)NTz
some.hostname)�server_hostname)rrHr?r�r�rlr�)r�r9r�rrr�test_server_sideys
z!BasicSocketTests.test_server_sidec
Cs|t�tj�}|�d�|��t�tj�}|�|���t|dd��&}|�t��|�	d�WdQRXWdQRX|�
�dS)N)z	127.0.0.1rF)�do_handshake_on_connectzunknown-type)r�r��bind�listenr�getsocknamer�r�rl�get_channel_bindingr�)r�r��cr�rrr�test_unknown_channel_binding�s
z-BasicSocketTests.test_unknown_channel_bindingz
tls-uniquez*'tls-unique' channel binding not availablec	Csjt�tj�}t|��}|�|�d��WdQRXt�tj�}t|dtd��}|�|�d��WdQRXdS)Nz
tls-uniqueT)rr�)r�r�r��assertIsNoner6r�)r�r�r�rrr�test_tls_unique_channel_binding�s
z0BasicSocketTests.test_tls_unique_channel_bindingc	CsVtt�tj��}t|�}|�t��}d}t��WdQRX|�|t	|j
jd��dS)Nr)r�r�r��reprZassertWarnsr�rZ
gc_collectr�r<ZwarningrM)r�r�r�rrrr�test_dealloc_warn�sz"BasicSocketTests.test_dealloc_warnc	Csrt��}|�t|�d�|�|tj�t���:}t|d<t	|d<t��}|�|j
t	�|�|jt�WdQRXdS)N��SSL_CERT_DIR�
SSL_CERT_FILE)rZget_default_verify_pathsr�rBr�ZDefaultVerifyPathsr�EnvironmentVarGuard�CAPATHr��cafiler)r��paths�envrrr�test_get_default_verify_paths�s
z.BasicSocketTests.test_get_default_verify_paths�win32zWindows specificc	Cs�|�t�d��|�t�d��|�ttj�|�ttjd�t�}x�dD]�}t�|�}|�|t�xx|D]p}|�|t	�|�
t|�d�|\}}}|�|t�|�
|ddh�|�|tttf�t|ttf�rj|�|�qjWqJWd}|�
||�dS)	N�CA�ROOTrz)rGrHr�x509_asn�
pkcs_7_asnz1.3.6.1.5.5.7.3.1)r�rZenum_certificatesr�r��WindowsError�setr��listr�r�rB�bytesr��	frozenset�boolr;�update)	r�Z
trust_oidsZ	storename�store�elementr#�encZtrust�
serverAuthrrr�test_enum_certificates�s&



z'BasicSocketTests.test_enum_certificatescCs�|�t�d��|�ttj�|�ttjd�t�d�}|�|t�xL|D]D}|�|t�|�	t
|�d�|�|dt�|�|dddh�qJWdS)NrGrz�rrrIrJ)
r�rZ	enum_crlsr�r�rKr�rMr�r�rBrNr�)r�ZcrlsrSrrr�test_enum_crls�s

zBasicSocketTests.test_enum_crlsc	Cs�d}t�d�}|�||�|�|jd�|�|jd�|�|jd�|�|jd�|�|tj�|�t	tjd�tj�
d�}|�||�|�|tj�|�t	tjj
d�|�t	d��tj�
d�WdQRXxvtd	�D]j}ytj�
|�}Wnt	k
r�Yq�X|�|jt
�|�|jt�|�|jt�|�|jttd�f�q�Wtj�d�}|�||�|�|tj�|�tj�d�|�|�tj�d�|�|�t	d
��tj�d�WdQRXdS)N)�rUzTLS Web Server Authenticationz1.3.6.1.5.5.7.3.1z1.3.6.1.5.5.7.3.1rYrUzTLS Web Server Authentication���zunknown NID 100000i��i�zunknown object 'serverauth'Z
serverauth)r�_ASN1Objectr��nid�	shortnameZlongname�oidr�r�rlZfromnidr��ranger�r<�typeZfromname)r��expected�val�i�objrrr�test_asn1object�s@
z BasicSocketTests.test_asn1objectcCs�t�d�}|�tjjtj�|�tjj|�|�tjjjd�|�tjjjd�|�tjjjd�t�d�}|�tjj	tj�|�tjj	|�|�tjj	jd�|�tjj	jd�|�tjj	jd�dS)Nz1.3.6.1.5.5.7.3.1rYrUz1.3.6.1.5.5.7.3.2�Z
clientAuth)
rr[r��Purpose�SERVER_AUTHr�r\r]r^�CLIENT_AUTH)r�rbrrr�test_purpose_enum�s

z"BasicSocketTests.test_purpose_enumc	Cs�t�tjtj�}|�|j�|�t��}t|tj	d�WdQRX|�
t|j�d�t�
tj�}|�t��}|�|�WdQRX|�
t|j�d�dS)N)r�z!only stream sockets are supported)r�r�Z
SOCK_DGRAMr�r�r�rr�rr�r�r<rrHr@r�)r�r�Zcxr9rrr�test_unsupported_dtlssz&BasicSocketTests.test_unsupported_dtlscCs|�t�|�|�dS)N)r�r�cert_time_to_seconds)r��
timestringZ	timestamprrr�cert_time_okszBasicSocketTests.cert_time_okc	Cs$|�t��t�|�WdQRXdS)N)r�rlrrl)r�rmrrr�cert_time_failszBasicSocketTests.cert_time_failz)local time needs to be different from UTCcCs|�dd�|�dd�dS)NzMay  9 00:00:00 2007 GMTg�C��AzJan  5 09:34:43 2018 GMTg��ѓ�A)rn)r�rrr�"test_cert_time_to_seconds_timezonesz3BasicSocketTests.test_cert_time_to_seconds_timezonecCs�d}d}|�||�|�tj|d�|�|�d|�|�d|�|�d�|�d�|�d�|�d	�|�d
�|�d�|�d�d
}|�d|�|�d|�|�dd�|�dd�|�dd�|�d�|�dd�dS)NzJan  5 09:34:43 2018 GMTg��ѓ�A)rwzJan 05 09:34:43 2018 GMTzJaN  5 09:34:43 2018 GmTzJan  5 09:34 2018 GMTzJan  5 09:34:43 2018zJan  5 09:34:43 2018 UTCzJan 35 09:34:43 2018 GMTzJon  5 09:34:43 2018 GMTzJan  5 24:00:00 2018 GMTzJan  5 09:60:43 2018 GMTg�W�AzDec 31 23:59:60 2008 GMTzJan  1 00:00:00 2009 GMTzJan  5 09:34:59 2018 GMTi�FOZzJan  5 09:34:60 2018 GMTi�FOZzJan  5 09:34:61 2018 GMTi�FOZzJan  5 09:34:62 2018 GMTzDec 31 23:59:59 9999 GMTg�� �MB)rnr�rrlro)r�rm�tsZ
newyear_tsrrr�test_cert_time_to_seconds&s*







z*BasicSocketTests.test_cert_time_to_seconds�LC_ALLrzcCs@dd�}|���dkr |�d�|�dd�|�|�d�dS)NcSst�dd�S)Nz%b)	rrWrrqrsr=rrr)rnrvrrrr�local_february_nameMszNBasicSocketTests.test_cert_time_to_seconds_locale.<locals>.local_february_nameZfebz>locale-specific month name needs to be different from C localezFeb  9 00:00:00 2007 GMTg`�r�Az  9 00:00:00 2007 GMT)�lower�skipTestrnro)r�rtrrr� test_cert_time_to_seconds_localeIs

z1BasicSocketTests.test_cert_time_to_seconds_localecCsvt�tj�}|�|j�t�|�}tt�tj�tjd�}|�|j�|�	t
|f�}tjtj
tjtjf}|�||�dS)N)r�)r�r�r�r�r�	bind_portr�rr��
connect_exrrZECONNREFUSEDZEHOSTUNREACHZ	ETIMEDOUT�EWOULDBLOCKr�)r��server�portr��rc�errorsrrr�test_connect_ex_errorXs

z&BasicSocketTests.test_connect_ex_error)4�__name__�
__module__�__qualname__r�r�r�r�rK�
skipUnlessrrr�ZmaxDiffr�r�r�r�r�r�rZcpython_onlyrrrrrrr r!r/r1r8r�CHANNEL_BINDING_TYPESr:r<rErXr|rVrXrerjrkrnrororprrZrun_with_localerwrrrrrr�jsP 	
G'#r�c@s�eZdZedd��Zedd��Zdd�Ze�e	dkd�d	d
��Z
e�ej
dkd�d
d��Zedd��Zdd�Zdd�Zee�ed�dd���Ze�e�d�dd��Zdd�Zdd�Zdd �Zd!d"�Zed#d$��Zd%d&�Ze�ejd'�d(d)��Zed*d+��Z ed,d-��Z!d.d/�Z"d0d1�Z#d2d3�Z$e�e%j&d4kd5�e�ed6�d7d8���Z'e�e%j&d4kd9�e�e(e%d:�d;�d<d=���Z)d>d?�Z*d@dA�Z+dBdC�Z,dDdE�Z-dFdG�Z.dHdI�Z/dJS)K�ContextTestscCsTxtD]}t�|�qWt��}|�|jtj�|�ttjd�|�ttjd�dS)NrZ�*)�	PROTOCOLSrrHr�rCr>r�rl)r�rCr9rrr�test_constructorks
zContextTests.test_constructorcCs*x$tD]}t�|�}|�|j|�qWdS)N)r�rrHr�rC)r�r�r9rrr�
test_protocolts

zContextTests.test_protocolc	CsHt�tj�}|�d�|�d�|�tjd��|�d�WdQRXdS)N�ALL�DEFAULTzNo cipher can be selectedz^$:,;?*'dorothyx)rrHr@r7r�r{)r�r9rrr�test_cipherszs


zContextTests.test_ciphersrz+Test applies only to Python default cipherscCsjt�tj�}|��}xP|D]H}|d}|�d|�|�d|�|�d|�|�d|�|�d|�qWdS)NrZPSKZSRPZMD5ZRC4Z3DES)rrHr@�get_ciphersZassertNotIn)r�r9r�Zsuiterrrr�test_python_ciphers�s
z ContextTests.test_python_ciphers)rrrWrrzOpenSSL too oldcCsHt�tj�}|�d�tdd�|��D��}|�d|�|�d|�dS)NZAESGCMcss|]}|dVqdS)rNr)�.0�drrr�	<genexpr>�sz0ContextTests.test_get_ciphers.<locals>.<genexpr>zAES256-GCM-SHA384zAES128-GCM-SHA256)rrHr@r7rLr�r�)r�r9�namesrrr�test_get_ciphers�s

zContextTests.test_get_ciphersc	Cs�t�tj�}tjtjBtjB}|ttBtBt	Bt
BO}|�||j�|jtj
O_|�|tj
B|j�t�r�|jtj
@|_|�||j�d|_|�d|jtj@�n|�t��d|_WdQRXdS)Nr)rrHr@�OP_ALLr�r�r)r,r*r+r-r��optionsr�rdr�rl)r�r9�defaultrrr�test_options�szContextTests.test_optionsc	Cs�t�tj�}|�|jtj�tj|_|�|jtj�tj|_|�|jtj�tj|_|�|jtj�|�t	��d|_WdQRX|�t
��d|_WdQRXt�tj�}|�|jtj�|�|j
�t�tj�}|�|jtj�|�|j
�dS)Nr�)rrHr>r�r�r�r�r�r�r�rlr?�assertFalser�r@r�)r�r9rrr�test_verify_mode_protocol�s$z&ContextTests.test_verify_mode_protocolc	Csvt�tj�}|�|j�tjrVd|_|�|j�d|_|�|j�d|_|�|j�n|�t��d|_WdQRXdS)NTF)	rrHr@r�Zhostname_checks_common_nameZHAS_NEVER_CHECK_COMMON_NAMEr�r��AttributeError)r�r9rrr� test_hostname_checks_common_name�sz-ContextTests.test_hostname_checks_common_namez
see bpo-34001c	Cs�t�tj�}tjjtjjtjjh}tjjtjjh}|�	|j
|�|�	|j|�tjj|_
tjj|_|�
|j
tjj�|�
|jtjj�tjj|_
tjj|_|�
|j
tjj�|�
|jtjj�tjj|_|�
|jtjj�tjj|_|�	|jtjjtjjh�tjj|_
|�	|j
tjjtjjh�|�t��d|_
WdQRXt�tj�}|�	|j
|�|�
|jtjj�|�t��tjj|_
WdQRX|�t��tjj|_WdQRXdS)Nr�)rrHr?r6rIr	�TLSv1_2rJ�TLSv1_3r�r4rFrr�rr�rlr
)r�r9Z
minimum_rangeZ
maximum_rangerrr�test_min_max_version�sX











z!ContextTests.test_min_max_versionz!verify_flags need OpenSSL > 0.9.8c	Cs�t�tj�}ttdd�}|�|jtj|B�tj|_|�|jtj�tj|_|�|jtj�tj|_|�|jtj�tjtj	B|_|�|jtjtj	B�|�
t��d|_WdQRXdS)N�VERIFY_X509_TRUSTED_FIRSTr)rrHr?r=r��verify_flags�VERIFY_DEFAULT�VERIFY_CRL_CHECK_LEAFZVERIFY_CRL_CHECK_CHAINZVERIFY_X509_STRICTr�r�)r�r9�tfrrr�test_verify_flags!szContextTests.test_verify_flagsc	Cs�t�tj�}|jtdd�|jttd�|jt|jtd�|�t��}|�t�WdQRX|�	|j
jtj�|�
tjd��|�t�WdQRX|�
tjd��|�t�WdQRXt�tj�}|�tt�|jttd�|jttd�|�
tjd��|�t�WdQRX|�
tjd��|�t�WdQRX|�
tjd��|jttd�WdQRXt�tj�}|�
tjd��|�tt�WdQRX|jttd�|jtt��d�|jttt���d�|�ttt�|�ttt���|�tttt����|�
td��|jtdd�WdQRX|�tj��|jtdd�WdQRX|�
td	��|jtd
dd�WdQRXdd
�}dd�}dd�}dd�}dd�}dd�}dd�}	Gdd�d�}
|jt|d�|jt|d�|jt|d�|jt|
�d�|jt|
�jd�|�tj��|jt|d�WdQRX|�
td	��|jt|d�WdQRX|�
td��|jt|d�WdQRX|�
td��|jt|	d�WdQRX|jt|	d�dS)N)r�zPEM lib)r�r�zkey values mismatch)Zpasswordzshould be a stringT�badpasszcannot be longer�ai�cSstS)N)�KEY_PASSWORDrrrr�getpass_unicodedsz:ContextTests.test_load_cert_chain.<locals>.getpass_unicodecSst��S)N)r�r,rrrr�
getpass_bytesfsz8ContextTests.test_load_cert_chain.<locals>.getpass_bytescSstt���S)N)r�r�r,rrrr�getpass_bytearrayhsz<ContextTests.test_load_cert_chain.<locals>.getpass_bytearraycSsdS)Nr�rrrrr�getpass_badpassjsz:ContextTests.test_load_cert_chain.<locals>.getpass_badpasscSsddS)Nr�irrrrr�getpass_hugelsz7ContextTests.test_load_cert_chain.<locals>.getpass_hugecSsdS)Nr_rrrrr�getpass_bad_typensz;ContextTests.test_load_cert_chain.<locals>.getpass_bad_typecSstd��dS)Nz
getpass error)�	Exceptionrrrr�getpass_exceptionpsz<ContextTests.test_load_cert_chain.<locals>.getpass_exceptionc@seZdZdd�Zdd�ZdS)z:ContextTests.test_load_cert_chain.<locals>.GetPassCallablecSstS)N)r�)r�rrr�__call__sszCContextTests.test_load_cert_chain.<locals>.GetPassCallable.__call__cSstS)N)r�)r�rrr�getpassuszBContextTests.test_load_cert_chain.<locals>.GetPassCallable.getpassN)r�r�r�r�r�rrrr�GetPassCallablersr�zmust return a stringz
getpass error)rrHr?r�r�r�r�rrr�rrrr�r{�BADCERT�	EMPTYCERT�ONLYCERT�ONLYKEY�BYTES_ONLYCERT�
BYTES_ONLYKEYr��CERTFILE_PROTECTEDr�r,r��ONLYKEY_PROTECTEDrlr�r�)r�r9rr�r�r�r�r�r�r�r�rrr�test_load_cert_chain5szz!ContextTests.test_load_cert_chainc	Cs�t�tj�}|�t�|jtdd�|�t�|jtdd�|�t|j�|�t|jddd�|�t��}|�t	�WdQRX|�
|jjtj
�|�tjd��|�t�WdQRX|�tt�|jttd�|�t|jdd�dS)N)rBrzPEM lib)rT)rrHr?r�r��BYTES_CERTFILEr�r�rrr�rrrr�r{r�rA�BYTES_CAPATH)r�r9rrrr�test_load_verify_locations�s

z'ContextTests.test_load_verify_locationsc	CsJtt��}|��}WdQRXt�|�}tt��}|��}WdQRXt�|�}t�tj�}|�|�	�dd�|j
|d�|�|�	�dd�|j
|d�|�|�	�dd�|j
|d�|�|�	�dd�t�tj�}d�||f�}|j
|d�|�|�	�dd�t�tj�}d|d|d	|d
g}|j
d�|�d�|�|�	�dd�t�tj�}|j
|d�|j
|d�|�|�	�dd�|j
|d�|�|�	�dd�t�tj�}d�||f�}|j
|d�|�|�	�dd�t�tj�}|jt
|j
td�|�tjd��|j
d
d�WdQRX|�tjd��|j
dd�WdQRXdS)N�x509_car)�cadatarrWr��head�otherZagain�tail�z
no start lineZbrokenznot enough datasbroken)r/r�r0rr��CAFILE_NEURONIOrHr@r��cert_store_statsr�rr�r��objectr�r{)r�r2Z
cacert_pemZ
cacert_derZneuronio_pemZneuronio_derr9Zcombinedrrr�test_load_verify_cadata�sN




z$ContextTests.test_load_verify_cadatac	Cs�t�tj�}|�t�tjdkr*|�t�|�t	|j�|�t	|jd�|�t
��}|�t�WdQRX|�|j
jtj�|�tj��}|�t�WdQRXdS)N�nt)rrHr?�load_dh_params�DHFILErr�BYTES_DHFILEr�r�r1rr�rrrr{r�)r�r9rrrr�test_load_dh_params�s


z ContextTests.test_load_dh_paramscCsDx>tD]6}t�|�}|�|��dddddddddddd��qWdS)Nr)ZnumberrZconnect_goodZconnect_renegotiate�acceptZaccept_goodZaccept_renegotiate�hits�missesZtimeoutsZ
cache_full)r�rrHr��
session_stats)r�r�r9rrr�test_session_stats�s


zContextTests.test_session_statscCst�tj�}|��dS)N)rrHr@Zset_default_verify_paths)r�r9rrr�test_set_default_verify_paths�sz*ContextTests.test_set_default_verify_pathsz#ECDH disabled on this OpenSSL buildcCsbt�tj�}|�d�|�d�|�t|j�|�t|jd�|�t|jd�|�t|jd�dS)N�
prime256v1s
prime256v1r�sfoo)rrHr?rkr�r�rl)r�r9rrr�test_set_ecdh_curve�s

z ContextTests.test_set_ecdh_curvecCsjt�tj�}|�t|j�|�t|jd�|�t|jd�|�t|j|�dd�}|�d�|�|�dS)NrqrzcSsdS)Nr)r��
servernamer9rrr�
dummycallbacksz5ContextTests.test_sni_callback.<locals>.dummycallback)rrHr?r�r��set_servername_callback)r�r9r�rrr�test_sni_callbacks
zContextTests.test_sni_callbackcCsJt�tj�}|fdd�}|�|�t�|�}~~t��|�|�d�dS)NcSsdS)Nr)r�r�r9�cyclerrrr�sz>ContextTests.test_sni_callback_refcycle.<locals>.dummycallback)	rrHr?r�r�r��gc�collectr�)r�r9r�rrrr�test_sni_callback_refcycles

z'ContextTests.test_sni_callback_refcyclecCs�t�tj�}|�|��dddd��|�t�|�|��dddd��|�t�|�|��dddd��|�t�|�|��dddd��dS)Nr)r��crl�x509rrW)	rrHr@r�r�r�r�r�r�)r�r9rrr�test_cert_store_stats s






z"ContextTests.test_cert_store_statscCs�t�tj�}|�|��g�|�t�|�|��g�|�t�|�|��dtd�td�ddddd�g�t	t��}|�
�}WdQRXt�|�}|�|�d�|g�dS)	N)))rzRoot CA))r�zhttp://www.cacert.org))rzCA Cert Signing Authority))r�zsupport@cacert.orgzMar 29 12:29:49 2033 GMTzMar 30 12:29:49 2003 GMTZ00)z!https://www.cacert.org/revoke.crlr)rrr r!r'r"r$T)rrHr@r��get_ca_certsr�r�r�rxr/r0r�)r�r9r2r��derrrr�test_get_ca_certs.s"




zContextTests.test_get_ca_certscCs�t�tj�}|��t�tj�}|�tjj�|��t�tj�}|�tjj�t�tj�}|�t|jd�|�t|jd�dS)Nrh)	rrHr@�load_default_certsrgrhrir�r�)r�r9rrr�test_load_default_certsJsz$ContextTests.test_load_default_certsrFznot-Windows specificz!LibreSSL doesn't support env varsc	CsTt�tj�}t���6}t|d<t|d<|��|�|�	�dddd��WdQRXdS)Nr>r?rr)r�r�r�)
rrHr@rr@rAr�r�r�r�)r�r9rDrrr�test_load_default_certs_envYs
z(ContextTests.test_load_default_certs_envzWindows specificZgettotalrefcountz3Debug build does not share environment between CRTsc	Csxt�tj�}|��|��}t�tj�}t���>}t|d<t|d<|��|dd7<|�	|��|�WdQRXdS)Nr>r?r�r)
rrHr@r�r�rr@rAr�r�)r�r9�statsrDrrr�#test_load_default_certs_env_windowscs
z0ContextTests.test_load_default_certs_env_windowscCs�|�|jtj@tj�tdkr0|�|jt@t�tdkrJ|�|jt@t�tdkrd|�|jt@t�tdkr~|�|jt@t�dS)Nr)r�r�rr�r)r*r+r,)r�r9rrr�_assert_context_optionsrsz$ContextTests._assert_context_optionsc	Cs�t��}|�|jtj�|�|jtj�|�|j�|�	|�t
t��}|��}WdQRXtjtt
|d�}|�|jtj�|�|jtj�|�	|�t�tjj�}|�|jtj�|�|jtj�|�	|�dS)N)rBrr�)r�create_default_contextr�rCr>r�r�r�r�r�r/r�r0rArgrir�)r�r9r2r�rrr�test_create_default_context�s 


z(ContextTests.test_create_default_contextcCs�t��}|�|jtj�|�|jtj�|�|j�|�	|�t�tj
�}|�|jtj
�|�|jtj�|�	|�tjtj
tjdd�}|�|jtj
�|�|jtj�|�|j�|�	|�tjtj
jd�}|�|jtj�|�|jtj�|�	|�dS)NT)r�r�)Zpurpose)rZ_create_stdlib_contextr�rCr>r�r�r�r�r�rr�r�rgri)r�r9rrr�test__create_stdlib_context�s(


z(ContextTests.test__create_stdlib_contextc	Csdt�tj�}|�|j�|�|jtj�d|_|�|j�|�|jtj	�d|_tj	|_|�|j�|�|jtj	�d|_tj|_d|_|�|j�|�|jtj�d|_|�|j�|�|jtj	�d|_tj
|_d|_|�|j�|�|jtj
�d|_|�|j�|�|jtj
�|�t��tj|_WdQRXd|_|�|j�tj|_|�|jtj�dS)NTF)
rrHr>r�r�r�r�r�r�r�r�r�rl)r�r9rrr�test_check_hostname�s@z ContextTests.test_check_hostnamecCsTt�tj�}|�|j�|�|jtj�t�tj�}|�	|j�|�|jtj
�dS)N)rrHr@r�r�r�r�r�r?r�r�)r�r9rrr�test_context_client_server�sz'ContextTests.test_context_client_serverc	Cs�Gdd�dtj�}Gdd�dtj�}t�tj�}||_||_|jt��dd��}|�	||�WdQRX|�
t��t���}|�	||�dS)Nc@seZdZdS)z;ContextTests.test_context_custom_class.<locals>.MySSLSocketN)r�r�r�rrrr�MySSLSocket�sr�c@seZdZdS)z;ContextTests.test_context_custom_class.<locals>.MySSLObjectN)r�r�r�rrrr�MySSLObject�sr�T)r)rr��	SSLObjectrHr?Zsslsocket_classZsslobject_classr�r�r��wrap_bio�	MemoryBIO)r�r�r�r9r�rdrrr�test_context_custom_class�sz&ContextTests.test_context_custom_classN)0r�r�r�rr�r�r�rKr�rr��skipIfrrfr�r�r�r��requires_minimum_versionr�r�rhr�r�r�r�r�r�r�rjr��	needs_snir�r�r�r�r�rXr|r�r5r�r�r�r�r�r�r�rrrrr�isF	
OS:


	+r�c@s,eZdZdd�Zdd�Zdd�Zdd�Zd	S)
�
SSLErrorTestscCsXt�dd�}|�t|�d�|�|jd�t�dd�}|�t|�d�|�|jd�dS)Nrr�)rr{r�r<rZSSLZeroReturnError)r��errr�test_str�szSSLErrorTests.test_strc	Csnt�tj�}|�tj��}|�t�WdQRX|�|jj	d�|�|jj
d�t|j�}|�|�
d�|�dS)NZPEMZ
NO_START_LINEz"[PEM: NO_START_LINE] no start line)rrHr@r�r{r�r�r�rZlibrary�reasonr<r�r�)r�r9rr�rrr�test_lib_reasons
zSSLErrorTests.test_lib_reasoncCs�t�tj�}d|_tj|_t����}|�d�|��t��}|�	|�
��|�d�|j|ddd��T}|�
tj��}|��WdQRXt|j�}|�|�d�|�|�|jjtj�WdQRXWdQRXdS)NF)z	127.0.0.1r)r2z%The operation did not complete (read))rrHr@r�r�r�r�r3r4rr5�setblockingr�r��SSLWantReadError�do_handshaker<rr�r�r�r�SSL_ERROR_WANT_READ)r�r9r�r7rrrr�
test_subclasss



zSSLErrorTests.test_subclassc	Cs�t��}|�t��|jt��t��dd�WdQRX|�t��|jt��t��dd�WdQRX|�t��|jt��t��dd�WdQRXdS)Nrz)r0z.example.orgzexample.orgevil.com)rr�r�rlr�r�r�)r�r9rrr�test_bad_server_hostname!sz&SSLErrorTests.test_bad_server_hostnameN)r�r�r�r�r�rrrrrrr��s

r�c@s4eZdZdd�Zdd�Zdd�Zdd�Zd	d
�ZdS)�MemoryBIOTestscCs�t��}|�d�|�|��d�|�|��d�|�d�|�d�|�|��d�|�|��d�|�d�|�|�d�d�|�|�d�d	�|�|�d�d�dS)
Nsfoor�sbarsfoobarsbazrWsbar�z)rr�r\r�r0)r��biorrr�test_read_write0s



zMemoryBIOTests.test_read_writecCs�t��}|�|j�|�|��d�|�|j�|�d�|�|j�|��|�|j�|�|�d�d�|�|j�|�|�d�d�|�|j�|�|��d�|�|j�dS)Nr�sfoorWsfor�o)	rr�r��eofr�r0r\�	write_eofr�)r�rrrr�test_eof>s
zMemoryBIOTests.test_eofcCs�t��}|�|jd�|�d�|�|jd�x0td�D]$}|�d�|�|jd|d�q8Wx,td�D] }|�d�|�|j|d�qjW|��|�|jd�dS)Nrsfoorrr)rr�r��pendingr\r_r0)r�rrcrrr�test_pendingNs


zMemoryBIOTests.test_pendingcCsbt��}|�d�|�|��d�|�td��|�|��d�|�td��|�|��d�dS)Nsfoosbarsbaz)rr�r\r�r0r��
memoryview)r�rrrr�test_buffer_types\s
z MemoryBIOTests.test_buffer_typescCsLt��}|�t|jd�|�t|jd�|�t|jd�|�t|jd�dS)Nr�Tr)rr�r�r�r\)r�rrrr�test_error_typeses
zMemoryBIOTests.test_error_typesN)r�r�r�rr
rrrrrrrr.s
	rc@seZdZdd�Zdd�ZdS)�SSLObjectTestsc	Cs0t��}|�td��t�||�WdQRXdS)Nzpublic constructor)rr�r�r�r�)r�rrrrr�nsz SSLObjectTests.test_private_initc	Cs.t�\}}}t��}t��}t��}t��}|j|||d�}|j||dd�}	x�td�D]t}
y|��Wntjk
r|YnX|jr�|�|�	��y|	��Wntjk
r�YnX|jrV|�|�	��qVW|��|	��|�
tj��|��WdQRX|�|�	��|	��|�|�	��|��dS)N)r0T)rrs)r�rr�r�r_r�r�rr\r0r��unwrap)r�Z
client_ctxZ
server_ctxr�Zc_inZc_outZs_inZs_out�clientr{r�rrr�test_unwrapss8zSSLObjectTests.test_unwrapN)r�r�r�r�rrrrrrmsrc@s�eZdZdZdd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Ze
�ejdkd�dd��Zdd�Zdd�Zdd�Zdd�Zd d!�Zed"d#��Zd$d%�Zd&d'�Zd(d)�Zd*S)+�SimpleBackgroundTestsz?Tests that connect to a simple server running in the backgroundcCs2tt�}t|jf|_|��|�|jddd�dS)N)�ThreadedEchoServerr�rr|�server_addr�	__enter__r��__exit__)r�r{rrr�setUp�szSimpleBackgroundTests.setUpc	Cs�tt�tj�tjd��.}|�|j�|�i|���|�	|j
�WdQRXtt�tj�tjtd��,}|�|j�|�
|���|�	|j
�WdQRXdS)N)r�)r�r�)r�r�r�rr�rrr��getpeercertr�rr�r�r�)r�r�rrr�test_connect�s
z"SimpleBackgroundTests.test_connectcCs<tt�tj�tjd�}|�|j�|�tjd|j	|j
�dS)N)r�zcertificate verify failed)r�r�r�rr�r�r�r�r{rr)r�r�rrr�test_connect_fail�s


z'SimpleBackgroundTests.test_connect_failcCsJtt�tj�tjtd�}|�|j�|�d|�	|j
��|�|���dS)N)r�r�r)
r�r�r�rr�r�r�r�r�ryrr�r)r�r�rrr�test_connect_ex�sz%SimpleBackgroundTests.test_connect_exc	Cs�tt�tj�tjtdd�}|�|j�|�d�|�	|j
�}|�|dtj
tjf�t�g|ggd�xby|��PWqftjk
r�t�|gggd�Yqftjk
r�t�g|ggd�YqfXqfW|�|���dS)NF)r�r�r2rg@)r�r�r�rr�r�r�r�r�ryrr�rZEINPROGRESSrz�selectr�r��SSLWantWriteErrorr�r)r�r�r}rrr�test_non_blocking_connect_ex�s$
z2SimpleBackgroundTests.test_non_blocking_connect_exc	Cs�t�tj�}|�t�tj���"}|�|j�|�i|�	��WdQRX|jt�tj�dd��}|�|j�WdQRXtj
|_|�t
�|�t�tj���$}|�|j�|�	�}|�|�WdQRXdS)NZdummy)r0)rrHr>r�r�r�rrr�rr�r�r�r�r�)r�r9r�r#rrr�test_connect_with_context�s

z/SimpleBackgroundTests.test_connect_with_contextcCsLt�tj�}tj|_|�t�tj��}|�|j	�|�
tjd|j|j
�dS)Nzcertificate verify failed)rrHr>r�r�r�r�r�r�r�r�r{rr)r�r9r�rrr�test_connect_with_context_fail�s
z4SimpleBackgroundTests.test_connect_with_context_failc	Cs�t�tj�}tj|_|jtd�|�t�tj	���$}|�
|j�|��}|�
|�WdQRXt�tj�}tj|_|jtd�|�t�tj	���$}|�
|j�|��}|�
|�WdQRXdS)N)r)rrHr>r�r�r�rAr�r�r�rrrr�r�)r�r9r�r#rrr�test_connect_capath�sz)SimpleBackgroundTests.test_connect_capathc	Cs�tt��}|��}WdQRXt�|�}t�tj�}tj|_|j	|d�|�
t�tj���$}|�
|j�|��}|�|�WdQRXt�tj�}tj|_|j	|d�|�
t�tj���$}|�
|j�|��}|�|�WdQRXdS)N)r�)r/r�r0rr�rHr>r�r�r�r�r�r�rrrr�)r�r2r�r�r9r�r#rrr�test_connect_cadatas"

z)SimpleBackgroundTests.test_connect_cadatar�z*Can't use a socket as a file under Windowsc	Cs�tt�tj��}|�|j�|��}|��}|��t�	|d�|��t
��|�t
��}t�	|d�WdQRX|�|jjtj�dS)Nr)r�r�r�rr�filenoZmakefiler�rr0r�r�r�rr�rrZEBADF)r�r��fdr2r�rrr�test_makefile_close+sz)SimpleBackgroundTests.test_makefile_closecCs�t�tj�}|�|j�|�d�t|tjdd�}|�|j	�d}xfy|d7}|�
�PWqDtjk
r�t�|ggg�YqDtj
k
r�t�g|gg�YqDXqDWtjr�tj�d|�dS)NF)r�r2rrz9
Needed %d calls to do_handshake() to establish session.
)r�r�rrr�r�rr�r�r�r�r�rrrrZrXr[r\)r�r��countrrr�test_non_blocking_handshake>s&
z1SimpleBackgroundTests.test_non_blocking_handshakecCst|f|j�dti�dS)Nr#)�_test_get_server_certificaterr�)r�rrr�test_get_server_certificateSsz1SimpleBackgroundTests.test_get_server_certificatecCst|f|j��dS)N)�!_test_get_server_certificate_failr)r�rrr� test_get_server_certificate_failVsz6SimpleBackgroundTests.test_get_server_certificate_failc
Cs�tt�tj�tjdd��}|�|j�WdQRXtt�tj�tjdd��}|�|j�WdQRX|�tjd��:t�tj��"}t|tjdd�}|�|j�WdQRXWdQRXdS)Nr�)r�r�r�zNo cipher can be selectedz^$:,;?*'dorothyx)	r�r�r�rr�rrr�r{)r�r�r�rrrr�[sz"SimpleBackgroundTests.test_ciphersc	Cs�t�tj�}|jtd�|�|��g�|jt�tj	�dd��$}|�
|j�|��}|�
|�WdQRX|�t|���d�dS)N)rr)r0r)rrHr@r�rAr�r�r�r�r�rrrr�rB)r�r9r�r#rrr�test_get_ca_certs_capathis
z.SimpleBackgroundTests.test_get_ca_certs_capathc	Cs�t�tj�}|jtd�t�tj�}|jtd�t�tj�}|j|dd��T}|�|j	�|�
|j|�|�
|jj|�||_|�
|j|�|�
|jj|�WdQRXdS)N)rr)r0)
rrHr@r�rAr�r�r�rrr�r��_sslobj)r�Zctx1Zctx2r�r�rrr�test_context_setgetusz)SimpleBackgroundTests.test_context_setgetc
Os�|�dd�}t��|}d}	x�t��|kr4|�d�d}
|	d7}	y||�}Wn>tjk
r�}z|jtjtjfkrt�|j}
Wdd}~XYnX|�	�}
|�
|
�|
dkr�Pq|
tjkr|�d�}
|
r�|�|
�q|�
�qWtjr�tj�d|	|jf�|S)Nr�
rri�z"Needed %d calls to complete %s().
)�getrnZ	monotonicr�rr{rrZSSL_ERROR_WANT_WRITEr0�sendallrr\r	rrZrXr[r�)r�r��incoming�outgoingrOrMr~rZdeadliner(r�retr��bufrrr�ssl_io_loop�s8




z!SimpleBackgroundTests.ssl_io_loopcCs�t�tj�}|�|j�|�|j�t��}t��}t�tj	�}|�
|j�|�|j
tj�|�t�|�||dt�}|�|jj|�|�|���|�|���|�|���|�t|j�dtjkr�|�|�d��|� ||||j!�|�
|���|�|���|�|���|�
|���dtjk�r>|�
|�d��y|� ||||j"�Wntj#k
�rlYnX|�tj$|j%d�dS)NFz
tls-uniquesfoo)&r�r�r�r�rrrr�rHr@r�r�r�r�r�r�r�r�r�r�r/�ownerr9�cipherr$�assertIsNotNone�shared_ciphersr�rlrr�r6r8r�rZSSLSyscallErrorr{r\)r�r�r4r5r9�sslobjrrr�test_bio_handshake�s<


z(SimpleBackgroundTests.test_bio_handshakecCs�t�tj�}|�|j�|�|j�t��}t��}t�tj	�}tj
|_|�||d�}|�
||||j�d}|�
||||j|�|�
||||jd�}|�|d�|�
||||j�dS)NFsFOO
isfoo
)r�r�r�r�rrrr�rHr>r�r�r�r8r�r\r0r�r)r�r�r4r5r9r=Zreqr7rrr�test_bio_read_write_data�sz.SimpleBackgroundTests.test_bio_read_write_dataN)r�r�r��__doc__rrrrr r!r"r#r$rKr�rrr'r)r+r-r�r.r�r0r8r>r?rrrrr�s(
	%"rc@s*eZdZdd�Ze�ejd�dd��ZdS)�NetworkedTestsc	Cs|t�t��htt�tj�tjdd�}|�|j	�|�
d�|�tdf�}|dkrZ|�d�|�
|tjtjf�WdQRXdS)NF)r�r2gH�����z>i�rz!REMOTE_HOST responded too quickly)r�transient_internet�REMOTE_HOSTr�r�r�rr�r�r�rryrvr�rZEAGAINrz)r�r�r}rrr�test_timeout_connect_ex�s

z&NetworkedTests.test_timeout_connect_exz
Needs IPv6c	Cs2t�d��t|dd�t|dd�WdQRXdS)Nzipv6.google.comi�)rrBr*r,)r�rrr� test_get_server_certificate_ipv6�sz/NetworkedTests.test_get_server_certificate_ipv6N)	r�r�r�rDrKr�rZIPV6_ENABLEDrErrrrrA�srAcCslt�||f�}|s$|�d||f�tj||f|d�}|sL|�d||f�tjrhtj�d|||f�dS)NzNo server certificate on %s:%s!)r�z&
Verified certificate for %s:%s is
%s
)r�get_server_certificater�rrZrXr[r\)�testr*r|r#r�rrrr*�sr*c
Csjytj||ftd�}Wn:tjk
rP}ztjr@tj�d|�Wdd}~XYnX|�	d|||f�dS)N)r�z%s
z$Got server certificate %s for %s:%s!)
rrFr�r{rrZrXr[r\r�)rGr*r|r��xrrrr,�s"r,)�make_https_serverc@sReZdZGdd�dej�Zddd�Zdd	�Zd
d�Zddd
�Z	dd�Z
dd�ZdS)rc@s@eZdZdZdd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dS)z$ThreadedEchoServer.ConnectionHandlerz�A mildly complicated class, because we want it to work both
        with and without the SSL wrapper around the socket connection, so
        that we can test the STARTTLS functionality.cCs@||_d|_||_||_|j�d�d|_tj�|�d|_	dS)NFrT)
r{�runningr��addrr��sslconn�	threading�Thread�__init__�daemon)r�r{ZconnsockrKrrrrO	sz-ThreadedEchoServer.ConnectionHandler.__init__c
CsyB|jjj|jdd�|_|jj�|j���|jj�|j�	��Wn�t
ttfk
r�}zB|jj
�t|��|jjr�tdt|j�d�d|_|��dSd}~XY�n^tjtfk
�r}zL|jj
�t|��|jjr�tdt|j�d�d|_|j��|��dSd}~XYn�X|jj�|j���|jjjtjk�r�|j��}tj�rx|jj�rxtj �!dt"�#|�d�|j�d�}tj�r�|jj�r�tj �!dtt$|��d	�|j�%�}tj�r|jj�rtj �!d
t|�d�tj �!dt|j���d�dSdS)NT)rz'
 server:  bad connection attempt from z:
Fz client cert is r�z cert binary is z bytes
z" server: connection cipher is now z" server: selected protocol is now )&r{r�r�r�rL�selected_npn_protocols�append�selected_npn_protocol�selected_alpn_protocols�selected_alpn_protocol�ConnectionResetError�BrokenPipeError�ConnectionAbortedError�conn_errorsr<�chattyr^r;rKrJr�rr{r�stopr<r�r�rrrZrXr[r\r�r�rBr:)r�r�r#Zcert_binaryr:rrr�	wrap_conn	sD


z.ThreadedEchoServer.ConnectionHandler.wrap_conncCs |jr|j��S|j�d�SdS)Ni)rLr0r�r)r�rrrr0W	s
z)ThreadedEchoServer.ConnectionHandler.readcCs"|jr|j�|�S|j�|�SdS)N)rLr\r�r	)r�rNrrrr\]	sz*ThreadedEchoServer.ConnectionHandler.writecCs |jr|j��n
|j��dS)N)rLr�r�)r�rrrr�c	sz*ThreadedEchoServer.ConnectionHandler.closec
Cs�d|_|jjs|��sdS�x�|j�r֐y�|��}|��}|s|d|_y|j��|_Wnt	k
rhYnXd|_|�
��nj|dkr�tjr�|jj
r�tj�d�|�
�dS|jjr�|dkr�tjr�|jj
r�tj�d�|�d�|��s�dS�n�|jj�rf|j�rf|dk�rftj�r(|jj
�r(tj�d	�|�d�|j��|_d|_tj�r�|jj
�r�tj�d
��n�|dk�r�tj�r�|jj
�r�tj�d�|j�d
�}|�t|��d�d��n0|dk�r8tj�r�|jj
�r�tj�d�y|j��Wn>tjk
�r*}z|�t|��d�d�Wdd}~XYnX|�d�n�|dk�rj|j��dk	�r^|�d�n
|�d�n||dk�r�|j��}|�t|��d�d�nNtj�r�|jj
�r�|j�r�d�p�d}tj�d|||��|f�|�|���Wqttfk
�r6|jj�r$tj�r$tj�d�|j��|�
�d|_Yqtjk
�r�}z>d|jk�r�|jj�rztj�rztj�|jd�t�d��Wdd}~XYqt	k
�r�|jj�r�t d�|�
�d|_|j�!�YqXqWdS)NTFsoverz" server: client closed connection
sSTARTTLSz2 server: read STARTTLS from client, sending OK...
sOK
sENDTLSz0 server: read ENDTLS from client, sending OK...
z* server: connection is now unencrypted...
s
CB tls-uniquez@ server: read CB tls-unique from client, sending our CB data...
z
tls-uniquezus-ascii�
sPHAz( server: initiating post handshake auth
sHASCERTsTRUE
sFALSE
sGETCERTZ	encryptedZunencryptedz/ server: read %r (%s), sending back %r (%s)...
z Connection reset by peer: {}
Z!PEER_DID_NOT_RETURN_A_CERTIFICATErz!tlsv13 alert certificate requiredzTest server failure:
)"rJr{�starttls_serverr\r0�striprLrr�rr�rrZ�connectionchattyrXr[r\r6r;r,�verify_client_post_handshakerr{rrurVrXrZr�rKr�rMr^r[)r��msg�strippedr�r�r#Zctype�errrrr�runi	s�




*






z(ThreadedEchoServer.ConnectionHandler.runN)
r�r�r�r@rOr\r0r\r�rerrrr�ConnectionHandler	s
9rfNTFcCs�|r||_n�t�|dk	r|ntj�|_|dk	r2|ntj|j_|rL|j�|�|r\|j�|�|rl|j�|�|	r||j�	|	�|
r�|j�
|
�||_||_||_
t��|_t�|j�|_d|_d|_g|_g|_g|_g|_tj�|�d|_dS)NFT)r�rrHr?r�r�r�r��set_npn_protocols�set_alpn_protocolsr7rZr`r^r�r�rrxr|�flag�activerQrTr<rYrMrNrOrP)r�Zcertificater��certreqs�cacertsrZr`r^Z
npn_protocolsZalpn_protocolsr�r�rrrrO�	s<


zThreadedEchoServer.__init__cCs|�t���|j��|S)N)�startrM�Eventri�wait)r�rrrr�	s
zThreadedEchoServer.__enter__cGs|��|��dS)N)r[r)r�rMrrrr�	szThreadedEchoServer.__exit__cCs||_tj�|�dS)N)rirMrNrm)r�rirrrrm�	szThreadedEchoServer.startc
Cs|j�d�|j��d|_|jr,|j��x�|j�ryT|j��\}}tjrj|j	rjt
j�dt
|�d�|�|||�}|��|��Wq.tjk
r�Yq.tk
r�|��Yq.tk
r�}z(tjr�|j	r�t
j�dt
|�d�Wdd}~XYq.Xq.W|j��dS)Ng�������?Tz server:  new connection from r�z connection handling failed: )r�rr4rjrirLr�rrZrZrXr[r\r;rfrmrr�r�KeyboardInterruptr[r�r�)r�ZnewconnZconnaddrZhandlerr�rrrre
s.


(zThreadedEchoServer.runcCs
d|_dS)NF)rj)r�rrrr[
szThreadedEchoServer.stop)NNNNTFFNNNN)N)r�r�r�rMrNrfrOrrrmrer[rrrrr	sD
!
rc@sXeZdZGdd�dej�Zdd�Zdd�Zdd�Zd	d
�Z	ddd
�Z
dd�Zdd�ZdS)�AsyncoreEchoServerc@s6eZdZGdd�dej�Zdd�Zdd�Zdd�Zd	S)
zAsyncoreEchoServer.EchoServerc@s<eZdZdd�Zdd�Zdd�Zdd�Zd	d
�Zdd�Zd
S)z/AsyncoreEchoServer.EchoServer.ConnectionHandlercCs4t|d|dd�|_tj�||j�d|_|��dS)NTF)rr�r2)r�r��asyncore�dispatcher_with_sendrO�_ssl_accepting�_do_ssl_handshake)r��connr�rrrrO)
s
z8AsyncoreEchoServer.EchoServer.ConnectionHandler.__init__cCs.t|jtj�r*x|j��dkr(|��qWdS)NrT)r;r�rr�rZhandle_read_event)r�rrr�readable1
sz8AsyncoreEchoServer.EchoServer.ConnectionHandler.readablec
Cs�y|j��Wn�tjtjfk
r*dStjk
rB|��Stjk
rX�Yn@tk
r�}z|j	dt
jkr�|��SWdd}~XYnXd|_dS)NrF)
r�r�rr�rZSSLEOFError�handle_closer{rrMrZECONNABORTEDrt)r�rdrrrru7
szAAsyncoreEchoServer.EchoServer.ConnectionHandler._do_ssl_handshakecCsT|jr|��n@|�d�}tjr4tj�dt|��|sB|�	�n|�
|���dS)Niz server:  read %s from client
)rtrurrrZrXr[r\r;r�r	ru)r�r�rrr�handle_readF
s


z;AsyncoreEchoServer.EchoServer.ConnectionHandler.handle_readcCs$|��tjr tj�d|j�dS)Nz server:  closed connection %s
)r�rrZrXr[r\r�)r�rrrrxR
sz<AsyncoreEchoServer.EchoServer.ConnectionHandler.handle_closecCs�dS)Nr)r�rrrr^W
sz<AsyncoreEchoServer.EchoServer.ConnectionHandler.handle_errorN)	r�r�r�rOrwruryrxr^rrrrrf'
srfcCs@||_t�tjtj�}t�|d�|_tj�	||�|�
d�dS)Nrzrs)r�r�r�ZSOCK_STREAMrrxr|rr�
dispatcherrOr4)r�r�r�rrrrOZ
s
z&AsyncoreEchoServer.EchoServer.__init__cCs(tjrtj�d|�|�||j�dS)Nz$ server:  new connection from %s:%s
)rrZrXr[r\rfr�)r�Zsock_objrKrrr�handle_accepteda
sz-AsyncoreEchoServer.EchoServer.handle_acceptedcCs�dS)Nr)r�rrrr^f
sz*AsyncoreEchoServer.EchoServer.handle_errorN)	r�r�r�rrrsrfrOr{r^rrrr�
EchoServer%
s3r|cCs8d|_d|_|�|�|_|jj|_tj�|�d|_dS)NFT)	rirjr|r{r|rMrNrOrP)r�r�rrrrOi
s
zAsyncoreEchoServer.__init__cCsd|jj|jfS)Nz<%s %s>)�	__class__r�r{)r�rrr�__str__q
szAsyncoreEchoServer.__str__cCs|�t���|j��|S)N)rmrMrnriro)r�rrrrt
s
zAsyncoreEchoServer.__enter__cGsVtjrtj�d�|��tjr,tj�d�|��tjrFtj�d�tjdd�dS)Nz cleanup: stopping server.
z! cleanup: joining server thread.
z cleanup: successfully joined.
T)Z
ignore_all)	rrZrXr[r\r[rrrZ	close_all)r�rMrrrry
szAsyncoreEchoServer.__exit__NcCs||_tj�|�dS)N)rirMrNrm)r�rirrrrm�
szAsyncoreEchoServer.startcCsBd|_|jr|j��x&|jr<yt�d�WqYqXqWdS)NTr)rjrirLrrZloop)r�rrrre�
s
zAsyncoreEchoServer.runcCsd|_|j��dS)NF)rjr{r�)r�rrrr[�
szAsyncoreEchoServer.stop)N)
r�r�r�rrrzr|rOr~rrrmrer[rrrrrq!
sD

rq�FOO
TFc
Cszi}t||dd�}|��X|jt��||d���}	|	�t|jf�x�|t|�t|�gD]�}
|rttj	rtt
j�d|�|	�|
�|	�
�}|r�tj	r�t
j�d|�||��krVtd|dd�t|�|dd���t|�f��qVW|	�d	�|�rtj	�rt
j�d
�|�|	��|	��|	��|	��|	��|	��|	j|	jd��|	��WdQRX|j|d<|j|d
<|j|d<WdQRX|S)zW
    Launch a server, connect a client to it and try various reads
    and writes.
    F)r�rZr`)r0�sessionz client:  sending %r...
z client:  read %r
z4bad data <<%r>> (%d) received; expected <<%r>> (%d)
N�sover
z client:  closing connection.
)�compressionr:�peercert�client_alpn_protocol�client_npn_protocolr$�session_reusedr��server_alpn_protocols�server_npn_protocols�server_shared_ciphers)rr�r�rrr|r�r
rrZrXr[r\r0ru�AssertionErrorrBrQr�r:rrUrSr$r�r�r�rTrQr<)r�r��indatarZr`�sni_namer�r�r{r��arg�outdatarrr�server_params_test�
sR


 


r�c
Cs�|dkrtj}tjdtjdtjdi|}tjr\|r6dp8d}tj�|t�	|�t�	|�|f�t�
|�}|j|O_t�
|�}	|	j|O_t�
|d�}
|
dk	r�t|	d�r�|tjkr�|	j|
kr�|
|	_|jtjkr�|�d�t|	|�x*||	fD]}||_|�t�|�t�q�Wyt||	d	d	d
�}WnXtjk
�rD|�r@�Yn�tk
�r|}
z|�sj|
jtjk�rl�Wdd}
~
XYnRX|�s�tdt�	|�t�	|�f��n,|dk	�r�||d
k�r�td||d
f��dS)a<
    Try to SSL-connect using *client_protocol* to *server_protocol*.
    If *expect_success* is true, assert that the connection succeeds,
    if it's false, assert that the connection fails.
    Also, if *expect_success* is a string, assert that it is the protocol
    version actually used by the connection.
    Nr�r�r�z %s->%s %s
z
 {%s->%s} %s
r4r�F)rZr`z5Client protocol %s succeeded with server protocol %s!Tr$z%version mismatch: expected %r, got %r)rr�r�r�rrZrXr[r\Zget_protocol_namerHr��PROTOCOL_TO_TLS_VERSIONr2r5r>r4rCr7r:r�r�r�r�r�r�r{rr�
ECONNRESETr�)Zserver_protocolZclient_protocol�expect_successZ	certsreqs�server_options�client_optionsZcerttypeZ	formatstrr�r�Zmin_versionr9r�r�rrr�try_protocol_combo�
s^	









r�c@s�eZdZedd��Zdd�Ze�e�d�dd��Z	dd	�Z
d
d�Zdd
�Zdd�Z
dd�Zed�dd��Zdd�Zdd�Zed�dd��Zedd��Zed�dd ��Zed!�d"d#��Zed$�d%d&��Zed'�d(d)��Zd*d+�Zd,d-�Zd.d/�Zd0d1�Zd2d3�Zd4d5�Zd6d7�Zd8d9�Z d:d;�Z!d<d=�Z"d>d?�Z#d@dA�Z$ed�dBdC��Z%e&ed'�dDdE���Z'e&ed$�dFdG���Z(e&ed'�dHdI���Z)e&ed�dJdK���Z*e�e+j,dL�dMdN��Z-e�dOe+j.kdP�dQdR��Z/dSdT�Z0e�e1e+dU�dV�dWdX��Z2dYdZ�Z3e�e4d[�e�5e6d\�d]d^���Z7d_d`�Z8e�e+j9da�dbdc��Z:e�e+j9dd�dedf��Z;dgdh�Z<e�e+j=di�djdk��Z>dldm�Z?dndo�Z@eAdpdq��ZBeAdrds��ZCeAdtdu��ZDeAdvdw��ZEdxdy�ZFdzd{�ZGd|d}�ZHd~d�ZId�d��ZJd�S)��
ThreadedTestsc
Cs�tjrtj�d�xrtD]j}|tjtjhkr.qt	|�s8q|j
tj|d��2t�|�}|�
t�t|�t||ddd�WdQRXqWt�\}}}|j
tjtjd��t||dd|d�WdQRXd|_|j
tjtjd��B|�tj��}t||dd|d�WdQRX|�d	t|j��WdQRX|j
tjtjd��@|�tj��}t||ddd
�WdQRX|�d	t|j��WdQRX|j
tjtjd��@|�tj��}t||ddd
�WdQRX|�d	t|j��WdQRXdS)z2Basic test of an SSL client connecting to a serverr�)rCT)rZr`N)rr{)r�r�rZr`r�Fz%called a function you should not call)r�r�rZr`)rrZrXr[r\r�rr@r?rDZsubTest�_PROTOCOL_NAMESrHr�r�r:r�r�r�r�r{r�r<r)r�rCr�r�r�r�r�rrr�	test_echosT


zThreadedTests.test_echoc
Cs\tjrtj�d�t�\}}}t|dd�}|��"|jt��d|d���}|�	t
|jf�|�t
��|��WdQRX|��|��}|�|d�|��}tjr�tj�t�|�d�tj�dt|�d�d|kr�|�d	t�|��d
|dk�r|�d�|�d|�|�d
|�t�|d�}t�|d
�}	|�||	�WdQRXWdQRXdS)Nr�F)r�rZ)r2r0zCan't get peer certificate.zConnection cipher is z.
r"z$No subject field in certificate: %s.))rzPython Software FoundationzkMissing or invalid 'organizationName' field in certificate subject; should be 'Python Software Foundation'.r r)rrZrXr[r\r�rr�r�rrr|r�rlrr�r�r:r�r�r<r�r�rrlr�)
r�r�r�r�r{r�r#r:ZbeforeZafterrrr�test_getpeercertGs<
zThreadedTests.test_getpeercertz!verify_flags need OpenSSL > 0.9.8cCs|tjrtj�d�t�\}}}ttdd�}|�|j	tj
|B�t|dd�}|�H|jt
�
�|d��*}|�t|jf�|��}|�|d�WdQRXWdQRX|j	tjO_	t|dd�}|�N|jt
�
�|d��0}|�tjd��|�t|jf�WdQRXWdQRXWdQRX|�t�t|dd�}|�H|jt
�
�|d��*}|�t|jf�|��}|�|d�WdQRXWdQRXdS)	Nr�r�rT)r�rZ)r0zCan't get peer certificate.zcertificate verify failed)rrZrXr[r\r�r=rr�r�r�rr�r�rrr|rr�r�r�r{r��CRLFILE)r�r�r�r�r�r{r�r#rrr�test_crl_checkks8

 

.


zThreadedTests.test_crl_checkcCs6tjrtj�d�t�\}}}t|dd�}|�H|jt��|d��*}|�	t
|jf�|��}|�
|d�WdQRXWdQRXt|dd�}|�N|jt��dd��0}|�tjd��|�	t
|jf�WdQRXWdQRXWdQRXt|dd�}|�<t���(}|�td��|�|�WdQRXWdQRXWdQRXdS)	Nr�T)r�rZ)r0zCan't get peer certificate.r.z:Hostname mismatch, certificate is not valid for 'invalid'.z'check_hostname requires server_hostname)rrZrXr[r\r�rr�r�rrr|rr�r�rr%rl)r�r�r�r�r{r�r#rrrr��s0

 

.
z!ThreadedTests.test_check_hostnamec
Cs�t�tj�}|�t�|�d�t}t�tj�}|�t	�t
|dd�}|�n|jt��|d��P}|�
t|jf�|��}|�|d�|��d�d�}|�|dd�d	�WdQRXWdQRXdS)
NzECDHE:ECDSA:!NULL:!aRSAT)r�rZ)r0zCan't get peer certificate.r�-rW)�ECDHE�ECDSA)rrHr@r�r�r7�SIGNED_CERTFILE_ECC_HOSTNAMEr?r��SIGNED_CERTFILE_ECCrr�r�rrr|rr�r:�split)r�r�r�r�r{r�r#r:rrr�
test_ecc_cert�s




zThreadedTests.test_ecc_certc
Cs�t�tj�}|�t�|jtjO_|�d�t}t�tj	�}|�
t�|�
t�t
|dd�}|�n|jt��|d��P}|�t|jf�|��}|�|d�|��d�d�}|�|dd�d	�WdQRXWdQRXdS)
NzECDHE:ECDSA:!NULL:!aRSAT)r�rZ)r0zCan't get peer certificate.rr�rW)r�r�)rrHr@r�r�r�r�r7r�r?r�r�r�rr�r�rrr|rr�r:r�)r�r�r�r�r{r�r#r:rrr�test_dual_rsa_ecc�s"





zThreadedTests.test_dual_rsa_eccc	CsRtjrtj�d�t�tj�}|�t	�t�tj
�}tj|_d|_
|�t�ddddddd	d
g}x�|D]�\}}t|dd�}|�d|jt��|d��F}|�|j|�|�t|jf�|��}|�|j|�|�|d
�WdQRXWdQRXqfWt|dd�}|�L|jt��dd��.}|�tj��|�t|jf�WdQRXWdQRXWdQRXdS)Nr�T)ukönig.idn.pythontest.netzxn--knig-5qa.idn.pythontest.net)zxn--knig-5qa.idn.pythontest.netzxn--knig-5qa.idn.pythontest.net)sxn--knig-5qa.idn.pythontest.netzxn--knig-5qa.idn.pythontest.net)u(königsgäßchen.idna2003.pythontest.netz.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)z.xn--knigsgsschen-lcb0w.idna2003.pythontest.netz.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)s.xn--knigsgsschen-lcb0w.idna2003.pythontest.netz.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)z.xn--knigsgchen-b4a3dun.idna2008.pythontest.netz.xn--knigsgchen-b4a3dun.idna2008.pythontest.net)s.xn--knigsgchen-b4a3dun.idna2008.pythontest.netz.xn--knigsgchen-b4a3dun.idna2008.pythontest.net)r�rZ)r0zCan't get peer certificate.zpython.example.org)rrZrXr[r\rrHr?r��IDNSANSFILEr@r�r�r�r�r�rr�r�r�r0rrr|rr�r�r%)	r�r�r�Z
idn_hostnamesr0Zexpected_hostnamer{r�r#rrr�test_check_hostname_idn�s@



$

z%ThreadedTests.test_check_hostname_idncCst�\}}}|�t�tj|_tjj|_t	|ddd�}|��|j
t��|d���}y|�t
|jf�Wn~tjk
r�}ztjr�tj�d|�Wdd}~XYnPtk
r�}z(|jtjkr��tjr�tj�d|�Wdd}~XYnX|�d�WdQRXWdQRXdS)z�Connecting when the server rejects the client's certificate

        Launch a server with CERT_REQUIRED, and check that trying to
        connect to it with a wrong client certificate fails.
        T)r�rZr`)r0z
SSLError is %r
Nz
socket.error is %r
z'Use of invalid cert should have failed!)r�r�r�rr�r�r6r�rFrr�r�rrr|r{rrZrXr[r\rrr�r�)r�r�r�r�r{r�r�rrr�test_wrong_cert_tls12s(



 "z#ThreadedTests.test_wrong_cert_tls12r�cCs&t�\}}}|�t�tj|_tjj|_tjj|_t	|ddd�}|��|j
t��|d���}|�t
|jf�y|�d�|�d�Wn�tjk
r�}ztjr�tj�d|�Wdd}~XYnRtk
�r}z(|jtjkr܂tjr�tj�d|�Wdd}~XYnX|�d�WdQRXWdQRXdS)	NT)r�rZr`)r0sdatarqz
SSLError is %r
z
socket.error is %r
z'Use of invalid cert should have failed!)r�r�r�rr�r�r6r�r4rr�r�rrr|r\r0r{rrZrXr[rrr�r�)r�r�r�r�r{r�r�rrr�test_wrong_cert_tls13Bs.





 "z#ThreadedTests.test_wrong_cert_tls13cstt���t���t���t��t�����fdd�}����fdd�}tj|d�}|��z
|�Wd|��XdS)ztA brutal shutdown of an SSL server should raise an OSError
        in the client when attempting handshake.
        cs8���������\}}|��������dS)N)r4rLr�r�)ZnewsockrK)�
listener_gone�listener_readyr�rr�listenerosz2ThreadedTests.test_rude_shutdown.<locals>.listenerc	sb���t���H}|�t�f����yt|�}Wntk
rHYnX��d�WdQRXdS)Nz2connecting to closed SSL socket should have failed)ror�rrr�rr�)r7�ssl_sock)r�r�r|r�rr�	connectorws
z3ThreadedTests.test_rude_shutdown.<locals>.connector)�targetN)	rMrnr�rrxrrNrmr)r�r�r�r�r)r�r�r|r�r�r�test_rude_shutdownas
z ThreadedTests.test_rude_shutdowncCs�tjrtj�d�t�tj�}|�t	�t�tj
�}t|dd�}|��|jt
�
�td���}y|�t|jf�Wnrtjk
r�}zRd}|�|tj�|�|jd�|�|j|�|�|t|��|�dt|��Wdd}~XYnXWdQRXWdQRXdS)Nr�T)r�rZ)r0z&unable to get local issuer certificater�zcertificate verify failed)rrZrXr[r\rrHr?r�r�r@rr�r�r�rrr|r{r�ZSSLCertVerificationErrorr�Zverify_codeZverify_messager�r;)r�r�r�r{r�r�rbrrr�test_ssl_cert_verify_error�s$


z(ThreadedTests.test_ssl_cert_verify_errorrEcCs�tjrtj�d�ttjtjd�ttjtjdtj�ttjtjdtj	�ttjtj
d�td�rrttjtjd�ttjtj
d�t�r�ttjtj
dtjd�ttjtj
dtjd�ttjtj
dtjd�dS)z9Connecting to an SSLv2 server with various client optionsr�TFr)r�N)rrZrXr[r\r�rryr�r�r>rA�PROTOCOL_SSLv3rrgr�r�r�)r�rrr�test_protocol_sslv2�s 

z!ThreadedTests.test_protocol_sslv2c
Cs�tjrtj�d�td�rlyttjtj	d�Wn<t
k
rj}ztjrZtj�dt|��Wdd}~XYnXtd�r�ttjtjd�ttjtjd�td�r�ttjtj
d�td�r�ttjtjdtj�ttjtjdtj�td�r�ttjtj
dtj�td��rttjtjdtj�ttjtjdtj�td��rHttjtj
dtj�td��rhttjtjdtjd	�ttjtjdtjtjBd	�td��r�ttjtj
dtjd	�dS)
z:Connecting to an SSLv23 server with various client optionsr�rETz; SSL2 client to SSL23 server test unexpectedly failed:
 %s
NrFr	)r�)rrZrXr[r\rAr�rr>ryrr<r�rr�r�r�r�r�)r�rHrrr�test_PROTOCOL_TLS�sB




zThreadedTests.test_PROTOCOL_TLSrcCs�tjrtj�d�ttjtjd�ttjtjdtj�ttjtjdtj	�t
d�rbttjtjd�ttjtjdtj
d�ttjtjd�t�r�ttjtjdtjd�dS)z9Connecting to an SSLv3 server with various client optionsr�rrEF)r�N)rrZrXr[r\r�rr�r�r�rAryr>r�rrgr�)r�rrr�test_protocol_sslv3�s

z!ThreadedTests.test_protocol_sslv3r	cCs�tjrtj�d�ttjtjd�ttjtjdtj�ttjtjdtj	�t
d�rbttjtjd�t
d�rzttjtjd�ttjtj
dtjd�dS)z8Connecting to a TLSv1 server with various client optionsr�r	rEFr)r�N)rrZrXr[r\r�rrr�r�rAryr�r>r�)r�rrr�test_protocol_tlsv1�sz!ThreadedTests.test_protocol_tlsv1rcCs�tjrtj�d�ttjtjd�td�r:ttjtj	d�td�rRttjtj
d�ttjtjdtjd�ttjtjd�ttjtj
d�ttj
tjd�dS)zjConnecting to a TLSv1.1 server with various client options.
           Testing against older TLS versions.r�zTLSv1.1rEFr)r�N)rrZrXr[r\r�rr
rAryr�r>r��PROTOCOL_TLSv1_2)r�rrr�test_protocol_tlsv1_1
s
z#ThreadedTests.test_protocol_tlsv1_1r�cCs�tjrtj�d�ttjtjdtjtj	Btjtj	Bd�t
d�rPttjtjd�t
d�rhttjtjd�ttjtj
dtjd�ttj
tjd�ttjtjd�ttjtjd�ttjtjd�ttjtjd�dS)	zjConnecting to a TLSv1.2 server with various client options.
           Testing against older TLS versions.r�zTLSv1.2)r�r�rEFr)r�N)rrZrXr[r\r�rr�r�r�rAryr�r>r�rr
)r�rrr�test_protocol_tlsv1_2
s 

z#ThreadedTests.test_protocol_tlsv1_2c		Cs�d}ttdddd�}d}|��ft��}|�d�|�t|jf�tjrTt	j
�d�x�|D]�}tjrtt	j
�d|�|r�|�|�|��}n|�
|�|�d�}|����}|d	kr�|�d
�r�tjr�t	j
�d|�t|�}d}qZ|dk�r|�d
��rtj�rt	j
�d
|�|��}d}qZtjrZt	j
�d|�qZWtj�rLt	j
�d�|�r^|�d�n
|�
d�|�rx|��n|��WdQRXdS)z6Switching from clear text to encrypted and back again.)smsg 1sMSG 2sSTARTTLSsMSG 3smsg 4sENDTLSsmsg 5smsg 6T)r^rZr`Frr�z client:  sending %r...
isSTARTTLSsokz/ client:  read %r from server, starting TLS...
sENDTLSz- client:  read %r from server, ending TLS...
z client:  read %r from server
z client:  closing connection.
sover
N)rr�r�r�rrr|rrZrXr[r\r0r	rr_rur�r�rr�)	r�Zmsgsr{�wrappedr�r�rvr�rbrrr�
test_starttls+
s^








zThreadedTests.test_starttlsc	Cs�t|td�}tjrtj�d�ttd��}|�	�}WdQRXd}d|j
tj�
t�df}tjtd�}tjj||d	�}zN|���d
�}|r�t|�dkr�|�	t|��}tjr�tj�dt|�|f�Wd|��X|�||�dS)
z8Using socketserver to create and manage SSL connections.)r�r��rbNrzzhttps://localhost:%d/%sr)rB)r�zcontent-lengthrz/ client: read %d bytes from remote server '%s'
)rIr�rrZrXr[r\r/r�r0r|rr
r�rr�r��urllibZrequestZurlopen�infor2r�rBr�r�)r�r{r2r�r�Zurlr�Zdlenrrr�test_socketserverd
s(
zThreadedTests.test_socketserverc	Cstjrtj�d�d}tt�}|��tt���}|�	d|j
f�tjrVtj�d|�|�|�|��}tjr~tj�d|�||��kr�|�
d|dd�t|�|dd���t|�f�|�d	�tjr�tj�d
�|��tjr�tj�d�WdQRXdS)z'Check the example asyncore integration.r�sFOO
z	127.0.0.1z client:  sending %r...
z client:  read %r
z4bad data <<%r>> (%d) received; expected <<%r>> (%d)
Nr�sover
z client:  closing connection.
z client:  connection closed.
)rrZrXr[r\rqr�r�r�rr|r0rur�rBr�)r�r�r{r�r�rrr�test_asyncore_server~
s2


z"ThreadedTests.test_asyncore_servercs�tjrtj�d�tttjtj	tddd�}|���t
t��dtttjtjd����
t|jf��fdd�}�fdd	�}d
�jdgtfd�jddgtfd
�jdgdd�fg}d�jdgfd�jddgfd|dgfd|dgfg}d}x�|D]�\}}}	}
}||�d�}yx||f|
��}
d�|�}|j|
||�|d����}||��k�rx|�dj||dd�t|�|dd�t|�d��Wq�tk
�r�}z@|	�r�|�dj|d��t|��|��s�|�dj||d��Wdd}~XYq�Xq�Wx�|D]�\}}}	}
||�d�}yV��|�||
�}||��k�rT|�d j||dd�t|�|dd�t|�d��Wnhtk
�r�}zH|	�r�|�d!j|d��t|��|��s�|�dj||d�����Wdd}~XYnX�q�Wd"}��|�tt|��}|���d#|�t|��|�||�t dk	�r@t j!t|�}|�"|�}��|�|����|�|�#t$�j%�|�#t$�j&d"g�|�#t$�j'd$�|�#t$�j(td$�g���d%�|�#t�jd#�|�#t�jd#���)�WdQRXdS)&z Test recv(), send() and friends.r�TF)rkr�rlrZr`)rr�r�r�r�cstd�}��|�}|d|�S)Nsd)r�r)�br()r�rr�
_recv_into�
s
z0ThreadedTests.test_recv_send.<locals>._recv_intocs"td�}��|�\}}|d|�S)Nsd)r�r)r�r(rK)r�rr�_recvfrom_into�
sz4ThreadedTests.test_recv_send.<locals>._recvfrom_intor	r
zsome.addressr3cSsdS)Nr)rHrrr�<lambda>�
r�z.ThreadedTests.test_recv_send.<locals>.<lambda>rrrrZPREFIX_r'zsending with {})rbzpWhile sending with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d})
Nr�)rr�Znoutr�Zninz>Failed to send with method <<{name:s}>>; expected to succeed.
)rzFMethod <<{name:s}>> failed with unexpected exception message: {exp:s}
)rZexpzrWhile receiving with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d})
zAFailed to receive with method <<{name:s}>>; expected to succeed.
sdatarZrsover
)*rrZrXr[r\rr�rr�r?r�r�r@rrr|r	rBr
r3rrr,r�r�r0rur�rlr<r�r��ctypesZc_ubyteZfrom_buffer_copyr�rrr
rrr�)r�r{r�r�Zsend_methodsZrecv_methodsZdata_prefixZ	meth_nameZ	send_methr�rMZret_val_methr�r6rbr�r�Z	recv_methr��bufferZubyteZ	bytesliker)r�r�test_recv_send�
s�



"

 




zThreadedTests.test_recv_sendcCs�tt�}|��|�|jdd�t�t|jf�}|�|j	�t
|dd�}|�|j	�|�d�|�|�
d�d�|�|�d�d�|�|��d�|�d�|�|�
d�d�|�|�t��d�dS)NF)Zsuppress_ragged_eofssdatarr�)rr�rr�rr�Zcreate_connectionrr|r�r�r	r�rr0r�rr�)r�r{r�rrr�test_recv_zero$s

zThreadedTests.test_recv_zeroc	s�tttjtjtddd�}|�xtt��dtttjtjd����t	|j
f���d�td����fdd�}|�
tjtjf|���d����WdQRXdS)NTF)rkr�rlrZr`)rr�r�r�r�i csx����qWdS)N)r	r)r7r�rr�fill_bufferLsz8ThreadedTests.test_nonblocking_send.<locals>.fill_buffer)rr�rr�r?r�r�r@rrr|r�r�r�rr�r�)r�r{r�r)r7r�r�test_nonblocking_send8s*


z#ThreadedTests.test_nonblocking_sendcs�t�tj��d}t���}t���d����fdd�}tj|d�}|�����z�z:t�tj�}|�	d�|�
||f�|�tjdt
|�Wd|��Xz:t�tj�}t
|�}|�	d�|�tjd|j
||f�Wd|��XWdd�|�����XdS)	Nz	127.0.0.1Fcsj������g}x:�sNt��gggd�\}}}�|kr|����d�qWx|D]}|��qVWdS)Ng�������?r)r4rLrrRr�r�)Zconnsr��wr�r�)�finishr{�startedrr�serve^s
z3ThreadedTests.test_handshake_timeout.<locals>.serve)r�g�������?z	timed outT)r�r�rrxrMrnrNrmrorrr�rr�r�r)r�r*r|r�r�r7r)r�r{r�r�test_handshake_timeoutVs6






z$ThreadedTests.test_handshake_timeoutcst�tj�}tj|_|�t�|�t�t	�	t	j
��d}t���}|j
�dd��|��j�t���d�d�����fdd�}tj|d�}|�����|�
t	�	��}|�||f�|�d�|��|��}|��|��������|��tj�|��|�dS)Nz	127.0.0.1T)rcs0���������\������d��dS)Nrq)r4rLr�r	rr)�evt�peer�remoter{rrr��sz/ThreadedTests.test_server_accept.<locals>.serve)r�sdata)rrHr>r�r�r�r�r�r�r�r�rrxr�r�rrMrnrNrmrorr	rr5r�rr�r�r�)r�r�r*r|r�r�rZclient_addrr)r�r�r�r{r�test_server_accept�s6



z ThreadedTests.test_server_acceptc
CsZt�tj�}|�t����6}|�t��}|��WdQRX|�|j	j
t
j�WdQRXdS)N)rrHr>r�r�r�rrr�rr�ENOTCONN)r�r�r�rrrr�test_getpeercert_enotconn�s
z'ThreadedTests.test_getpeercert_enotconnc
CsZt�tj�}|�t����6}|�t��}|��WdQRX|�|j	j
t
j�WdQRXdS)N)rrHr>r�r�r�rr�r�rrr�)r�r�r�rrrr�test_do_handshake_enotconn�s
z(ThreadedTests.test_do_handshake_enotconncCs�t�\}}}|jtjO_|�d�|�d�t|d��J}|jt��|d��,}|�t	��|�
t|jf�WdQRXWdQRXWdQRX|�
d|jd�dS)NZAES128�AES256)r�)r0zno shared cipherr)r�r�rr�r7rr�r�r�rrrr|r�rY)r�r�r�r�r{r�rrr�test_no_shared_ciphers�s



.z$ThreadedTests.test_no_shared_ciphersc
Cs�t�tj�}d|_tj|_tttjdd���}|�	t
�
���~}|�|��d�|�|j
d�|�t|jf�tr�td�r�|�|��d�n,tjdkr�|�|��d�n|�|��d�WdQRX|�|j
d�|�|��d�WdQRXdS)	zt
        Basic tests for SSLSocket.version().
        More tests are done in the test_protocol_*() methods.
        F)r�rZNr�zTLSv1.3)rrrWzTLSv1.2)r	zTLSv1.2)rrHr@r�r�r�rr�r?r�r�r�r$r/rrr|�IS_OPENSSL_1_1_1rAr�rfr�)r�r�r{r�rrr�test_version_basic�s"

z ThreadedTests.test_version_basicc
Cs�t�tj�}|�t�|jtjtjBtjBO_t	|d��Z}|�
t����@}|�t
|jf�|�|��ddddh�|�|��d�WdQRXWdQRXdS)N)r�rZTLS_AES_256_GCM_SHA384ZTLS_CHACHA20_POLY1305_SHA256ZTLS_AES_128_GCM_SHA256zTLSv1.3)rrHr>r�r�r�r�r�r�rr�r�rrr|r�r:r�r$)r�r�r{r�rrr�test_tls1_3�s
zThreadedTests.test_tls1_3c
Cs�t�\}}}tjj|_tjj|_tjj|_tjj|_t|d��D}|jt	�	�|d��&}|�
t|jf�|�
|��d�WdQRXWdQRXdS)N)r�)r0zTLSv1.2)r�rr6r	r4r�rFrr�r�rrr|r�r$)r�r�r�r�r{r�rrr�test_min_max_version_tlsv1_2�s





z*ThreadedTests.test_min_max_version_tlsv1_2c
Cs�t�\}}}tjj|_tjj|_tjj|_tjj|_t||�t	|d��D}|j
t��|d��&}|�t
|jf�|�|��d�WdQRXWdQRXdS)N)r�)r0zTLSv1.1)r�rr6r	r4r�rFrr:rr�r�rrr|r�r$)r�r�r�r�r{r�rrr�test_min_max_version_tlsv1_1s






z*ThreadedTests.test_min_max_version_tlsv1_1cCs�t�\}}}tjj|_tjj|_tjj|_tjj|_t||�t|d��^}|j	t
�
�|d��@}|�tj��}|�
t|jf�WdQRX|�dt|j��WdQRXWdQRXdS)N)r�)r0Zalert)r�rr6r�r4rFr	r:rr�r�r�r{rrr|r�r<r)r�r�r�r�r{r�r�rrr�test_min_max_version_mismatchs






z+ThreadedTests.test_min_max_version_mismatchc
Cs�t�\}}}tjj|_tjj|_tjj|_t||�t|d��D}|jt	�	�|d��&}|�
t|jf�|�
|��d�WdQRXWdQRXdS)N)r�)r0r)r�rr6rr4rFr:rr�r�rrr|r�r$)r�r�r�r�r{r�rrr�test_min_max_version_sslv3)s





z(ThreadedTests.test_min_max_version_sslv3z"test requires ECDH-enabled OpenSSLc
Cs�t�tj�}|�t�|jtjO_tjdkr:|�d�t	|d��D}|�
t����*}|�t
|jf�|�d|��d�WdQRXWdQRXdS)N)rrrz
ECCdraft:ECDH)r�ZECDHr)rrHr>r�r�r�r�rfr7rr�r�rrr|r�r:)r�r�r{r�rrr�test_default_ecdh_curve8s


z%ThreadedTests.test_default_ecdh_curvez
tls-uniquez*'tls-unique' channel binding not availablec	
Cs�tjrtj�d�t�\}}}t|ddd�}|��~|jt��|d���}|�	t
|jf�|�d�}tjrztj�d�
|��|�|�|��dkr�|�t|�d	�n|�t|�d
�|�d�|����}|�|t|��d��Wd
QRX|jt��|d���}|�	t
|jf�|�d�}tj�r0tj�d�
|��|�||�|�|�|��dk�rf|�t|�d	�n|�t|�d
�|�d�|����}|�|t|��d��Wd
QRXWd
QRXd
S)z Test tls-unique channel binding.r�TF)r�rZr`)r0z
tls-uniquez! got channel binding data: {0!r}
zTLSv1.3�0�sCB tls-unique
zus-asciiNz(got another channel binding data: {0!r}
)rrZrXr[r\r�rr�r�rrr|r6r�r;r$r�rBr0r_r;r,r�)	r�r�r�r�r{r�Zcb_dataZpeer_data_reprZnew_cb_datarrrr:LsR







z-ThreadedTests.test_tls_unique_channel_bindingcCsTt�\}}}t||dd|d�}tjr:tj�d�|d��|�|ddddh�dS)NT)rZr`r�z got compression: {!r}
r�ZZLIBZRLE)	r�r�rrZrXr[r\r�r�)r�r�r�r�r�rrr�test_compression�szThreadedTests.test_compressionr)z*ssl.OP_NO_COMPRESSION needed for this testcCsRt�\}}}|jtjO_|jtjO_t||dd|d�}|�|dd�dS)NT)rZr`r�r�)r�r�rr)r�r�)r�r�r�r�r�rrr�test_compression_disabled�sz'ThreadedTests.test_compression_disabledcCs�t�\}}}|jtjO_|�t�|�d�|jtjO_t||dd|d�}|dd}|�d�}d|kr�d|kr�d	|kr�|�	d
|d�dS)NZkEDHT)rZr`r�r:rr�ZADHZEDHZDHEzNon-DH cipher: )
r�r�rr�r�r�r7r�r�r�)r�r�r�r�r�r:�partsrrr�test_dh_params�s


zThreadedTests.test_dh_paramszneeds secp384r1 curve supportz TODO: Test doesn't work on 1.1.1cCst�\}}}|�d�|�d�|jtjtjBO_t||dd|d�}t�\}}}|�d�|�d�|jtjtjBO_t||dd|d�}t�\}}}|�d�|�d�|�d�|jtjtjBO_yt||dd|d�}Wntjk
r�YnXt	�r|�
d�dS)NrizECDHE:!eNULL:!aNULLT)rZr`r�r�zmismatch curve did not fail)r�rkr7r�rr�r�r�r{�IS_OPENSSL_1_1_0r�)r�r�r�r�r�rrr�test_ecdh_curve�s6






zThreadedTests.test_ecdh_curvecCs2t�\}}}t||dd|d�}|�|dd�dS)NT)rZr`r�r�)r�r�r�)r�r�r�r�r�rrr�test_selected_alpn_protocol�s
z)ThreadedTests.test_selected_alpn_protocolzALPN support requiredcCs@t�\}}}|�ddg�t||dd|d�}|�|dd�dS)Nr��barT)rZr`r�r�)r�rhr�r�)r�r�r�r�r�rrr�/test_selected_alpn_protocol_if_server_uses_alpn�sz=ThreadedTests.test_selected_alpn_protocol_if_server_uses_alpnz!ALPN support needed for this testc
Cs>dddg}ddgdfddgdfdgdfddgdfg}�x|D]�\}}t�\}}}|�|�|�|�yt||dd|d�}Wn(tjk
r�}	z|	}Wdd}	~	XYnX|dkr�tr�tjdkr�|�|tj�q<d	t|�t|�t|�f}
|d
}|�	|||
|df�t
|d��r|dd
nd}|�	|||
|df�q<WdS)Nr�r�Z	milkshakezhttp/3.0zhttp/4.0T)rZr`r�)rrrr=zKfailed trying %s (s) and %s (c).
was expecting %s, but got %%s from the %%sr�rr�rZ�nothingr{)r�rhr�rr{r�rfr�r<r�rB)
r��server_protocols�protocol_tests�client_protocolsrar�r�r�r�r�rb�
client_result�
server_resultrrr�test_alpn_protocols�s:





z!ThreadedTests.test_alpn_protocolscCs2t�\}}}t||dd|d�}|�|dd�dS)NT)rZr`r�r�)r�r�r�)r�r�r�r�r�rrr�test_selected_npn_protocol
s
z(ThreadedTests.test_selected_npn_protocolz NPN support needed for this testcCs�ddg}ddgdfddgdfddgdfddgdfg}x�|D]�\}}t�\}}}|�|�|�|�t||dd|d�}dt|�t|�t|�f}	|d	}
|�|
||	|
d
f�t|d�r�|ddnd
}|�|||	|df�q:WdS)Nzhttp/1.1zspdy/2rG�abc�defT)rZr`r�zKfailed trying %s (s) and %s (c).
was expecting %s, but got %%s from the %%sr�rr�rZr�r{)r�rgr�r<r�rB)r�r�r�r�rar�r�r�r�rbr�r�rrr�test_npn_protocolss&




z ThreadedTests.test_npn_protocolscCsLt�tj�}|�t�t�tj�}|�t�t�tj�}|�t�|||fS)N)	rrHr?r�r�r�r@r�r�)r�r��
other_contextr�rrr�sni_contexts/s


zThreadedTests.sni_contextscCs"|d}|�d|ff|d�dS)Nr�rr")r�)r�r�rr#rrr�check_common_name8szThreadedTests.check_common_namecs�g�|��\}�}d|_��fdd�}|�|�t||ddd�}|��d|fg�|�|d�g�t||ddd�}|��d|fg�|�|t�g�|�d�t||ddd�}|�|t�|��g�dS)	NFcs ��||f�|dk	r�|_dS)N)rRr�)r��server_name�initial_context)�callsr�rr�
servername_cbCsz6ThreadedTests.test_sni_callback.<locals>.servername_cbT�supermessage)rZr�r(Znotfunny)r�r�r�r�r�r�r�)r�r�r�r�r�r)r�r�rr�<s.

zThreadedTests.test_sni_callbackc	Cs\|��\}}}dd�}|�|�|�tj��}t||ddd�}WdQRX|�|jjd�dS)NcSstjS)N)rZALERT_DESCRIPTION_ACCESS_DENIED)r�r�r�rrr�cb_returning_alertjszAThreadedTests.test_sni_callback_alert.<locals>.cb_returning_alertFr�)rZr�ZTLSV1_ALERT_ACCESS_DENIED)	r�r�r�rr{r�r�rr�)r�r�r�r�r�rr�rrr�test_sni_callback_alertes
z%ThreadedTests.test_sni_callback_alertc
Cs�|��\}}}dd�}|�|�|�tj��*}t���}t||ddd�}WdQRXWdQRX|�|j	j
d�|�d|���dS)NcSsdddS)Nrrr)r�r�r�rrr�
cb_raisingxsz;ThreadedTests.test_sni_callback_raising.<locals>.cb_raisingFr�)rZr�ZSSLV3_ALERT_HANDSHAKE_FAILURE�ZeroDivisionError)
r�r�r�rr{r�captured_stderrr�r�rr�r��getvalue)r�r�r�r�r�r�stderrr�rrr�test_sni_callback_raisingss

z'ThreadedTests.test_sni_callback_raisingc
Cs�|��\}}}dd�}|�|�|�tj��*}t���}t||ddd�}WdQRXWdQRX|�|j	j
d�|�d|���dS)NcSsdS)Nr�r)r�r�r�rrr�cb_wrong_return_type�szOThreadedTests.test_sni_callback_wrong_return_type.<locals>.cb_wrong_return_typeFr�)rZr�ZTLSV1_ALERT_INTERNAL_ERRORr�)
r�r�r�rr{rrr�r�rr�r�r)r�r�r�r�rrrr�rrr�#test_sni_callback_wrong_return_type�s

z1ThreadedTests.test_sni_callback_wrong_return_typec	s�t�\}}}|�d�|�d�ddddg}t|||d�}|dd}|�t|�d�x2|D]*\�}}t�fd	d
�|D��s\|���q\WdS)Nz
AES128:AES256r�zAES-256ZTLS_CHACHA20ZTLS_AES)r�r�rc3s|]}|�kVqdS)Nr)r�Zalg)rrrr��sz4ThreadedTests.test_shared_ciphers.<locals>.<genexpr>)r�r7r��
assertGreaterrB�anyr�)	r�r�r�r�Z
expected_algsr�r�Ztls_version�bitsr)rr�test_shared_ciphers�s

z!ThreadedTests.test_shared_ciphersc	Csvt�\}}}t|dd�}|�P|jt��|d�}|�t|jf�|��|�t	|j
d�|�t	|jd�WdQRXdS)NF)r�rZ)r0ishello)r�rr�r�rrr|r�r�rlr0r\)r�r�r�r�r{r�rrr�,test_read_write_after_close_raises_valuerror�s
z:ThreadedTests.test_read_write_after_close_raises_valuerrorcCs�d}ttjd��}|�|�WdQRX|�tjtj�t�tj�}tj	|_
|�t�|�
t�t|dd�}|�d|�t����J}|�t|jf�ttjd��"}|�|�|�|�d�|�WdQRXWdQRXWdQRXdS)Nsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx�wbF)r�rZr�i)r/rZTESTFNr\r��unlinkrrHr>r�r�r�r�r�r�rr�r�rrr|�sendfiler�r)r�Z	TEST_DATAr2r�r{r��filerrr�
test_sendfile�s


zThreadedTests.test_sendfilec
Cs@t�\}}}|jtjO_t|||d�}|d}|�|j�|�|jd�|�|j	d�|�|j
�tjdkr~|�|jd�|�
|d�|��}|�|dd�|�|dd�t||||d	�}|��}|�|dd
�|�|dd�|�|d�|d}|�|j|j�|�||�|�||�|�|j|j�|�|j	|j	�t|||d�}|�
|d�|d}|�|j|j�|�||�|��}|�|dd�|�|dd�t||||d	�}|�|d�|d}	|�|	j|j�|�|	|�|�|	j|j�|�|	j	|j	�|��}|�|dd�|�|dd
�dS)
N)r�r�r)rrrr�r�rr�)r�r�rWrrq)r�r�rr�r�r��idrrnrZ
has_ticketrfZticket_lifetime_hintr�r�r�ZassertIsNotr�r�)
r�r�r�r�r�r�Z	sess_statZsession2Zsession3Zsession4rrr�test_session�s^


zThreadedTests.test_sessionc
Cs�t�\}}}t�\}}}|jtjO_|jtjO_t|dd�}|���|jt��|d��p}|�|jd�|�|j	d�|�
t|jf�|j}|�
|�|�t��}	t|_WdQRX|�t|	j�d�WdQRX|jt��|d��D}|�
t|jf�|�t��}	||_WdQRX|�t|	j�d�WdQRX|jt��|d��J}||_|�
t|jf�|�|jj|j�|�|j|�|�|j	d�WdQRX|jt��|d��D}|�t��}	||_|�
t|jf�WdQRX|�t|	j�d�WdQRXWdQRXdS)NF)r�rZ)r0zValue is not a SSLSession.z#Cannot set session after handshake.Tz)Session refers to a different SSLContext.)r�r�rr�rr�r�r�r�r�rrr|r�r�r�r�r<rrlr)
r�r�r�r�Zclient_context2r�r{r�r�r�rrr�test_session_handlingsJ








z#ThreadedTests.test_session_handlingN)Kr�r�r�rr�r�rKr�rhr�r�r�r�r�r�rTr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rrjr�r�r:r�r5r�r��HAVE_SECP_CURVESr�r�r�r�ZHAS_ALPNr�r�r�ZHAS_NPNr�r�r�r�r�r�rrr
rrrrrrrrr�s�3$)!8%)+9
1);	

&
(	)
:r�r�zTest needs TLS 1.3c@sTeZdZdd�Zdd�Zdd�Zdd�Zd	d
�Zdd�Zd
d�Z	dd�Z
dd�ZdS)�TestPostHandshakeAuthcCs�tjtjtjg}x�|D]�}t�|�}|�|jd�d|_|�|jd�tj|_|�|jtj�|�|jd�d|_|�|jtj�|�|jd�tj	|_d|_|�|jtj	�|�|jd�qWdS)NFT)
rr>r?r@rHr��post_handshake_authr�r�r�)r�Z	protocolsrCr9rrr�test_pha_setter5s 

z%TestPostHandshakeAuth.test_pha_setterc
Cst�\}}}d|_tj|_d|_|�t�t|dd�}|��|jt	�	�|d���}|�
t|jf�|�
d�|�|�d�d�|�
d�|�|�d�d	�|�
d�|�|�d�d
�|�
d�|�|�d�d	�|�
d�|�d��d
�}|�d|�WdQRXWdQRXdS)NTF)r�rZ)r0sHASCERTisFALSE
sPHAsOK
sTRUE
sGETCERTizus-asciizPython Software Foundation CA)r�rrr�r�r�r�rr�r�rrr|r\r�rr-r�)r�r�r�r�r{r�Z	cert_textrrr�test_pha_requiredMs*







z'TestPostHandshakeAuth.test_pha_requiredcCs�t�\}}}d|_tj|_d|_t|dd�}|�~|jt��|d��`}|�t	|j
f�|�d�|�|�
d�d�|�d�|�tjd	��|�
d�WdQRXWdQRXWdQRXdS)
NTF)r�rZ)r0sPHAisOK
sHASCERTz!tlsv13 alert certificate required)r�rrr�r�rr�r�rrr|r\r�rr�r{)r�r�r�r�r{r�rrr�test_pha_required_nocertfs 



z.TestPostHandshakeAuth.test_pha_required_nocertc
Cs�tjrtj�d�t�\}}}d|_tj|_	d|_|�
t�tj|_	t
|dd�}|��|jt��|d��j}|�t|jf�|�d�|�|�d�d�|�d	�|�|�d�d
�|�d�|�|�d�d�WdQRXWdQRXdS)Nr�TF)r�rZ)r0sHASCERTisFALSE
sPHAsOK
sTRUE
)rrZrXr[r\r�rrr�r�r�r�r�rr�r�rrr|r�r)r�r�r�r�r{r�rrr�test_pha_optional|s&





z'TestPostHandshakeAuth.test_pha_optionalc
Cs�tjrtj�d�t�\}}}d|_tj|_	d|_t
|dd�}|��|jt��|d��j}|�
t|jf�|�d�|�|�d�d�|�d	�|�|�d�d
�|�d�|�|�d�d�WdQRXWdQRXdS)Nr�TF)r�rZ)r0sHASCERTisFALSE
sPHAsOK
)rrZrXr[r\r�rrr�r�rr�r�rrr|r�r)r�r�r�r�r{r�rrr�test_pha_optional_nocert�s"




z.TestPostHandshakeAuth.test_pha_optional_nocertcCs�t�\}}}d|_tj|_|�t�t|dd�}|�r|jt	�	�|d��T}|�
t|jf�|�
tjd��|��WdQRX|�d�|�d|�d��WdQRXWdQRXdS)	NTF)r�rZ)r0z
not serversPHAsextension not receivedi)r�rrr�r�r�r�rr�r�rrr|r�r{rar\r�r)r�r�r�r�r{r�rrr�test_pha_no_pha_client�s



z,TestPostHandshakeAuth.test_pha_no_pha_clientc
Cs�t�\}}}tj|_d|_|�t�t|dd�}|��|jt	�	�|d��j}|�
t|jf�|�
d�|�|�d�d�|�
d�|�|�d�d	�|�
d�|�|�d�d�WdQRXWdQRXdS)
NTF)r�rZ)r0sHASCERTisTRUE
sPHAsOK
)r�rr�r�rr�r�rr�r�rrr|r\r�r)r�r�r�r�r{r�rrr�test_pha_no_pha_server�s





z,TestPostHandshakeAuth.test_pha_no_pha_serverc
Cs�t�\}}}tj|_tjj|_d|_|�t	�t
|dd�}|�P|jt��|d��2}|�
t|jf�|�d�|�d|�d��WdQRXWdQRXdS)NTF)r�rZ)r0sPHAsWRONG_SSL_VERSIONi)r�rr�r�r6r�rFrr�r�rr�r�rrr|r\r�r)r�r�r�r�r{r�rrr�test_pha_not_tls13�s




z(TestPostHandshakeAuth.test_pha_not_tls13c
Cst}t�tj�}d|_|�t�d|_tj|_	t�tj
�}|�t�|�t�d|_tj
|_	t|dd�}|��|jt��|d��z}|�t|jf�|�d�|�|�d�d�|�d�|�|�d�d	�|�d�|�|�d�d
�|�|��i�WdQRXWdQRXdS)NTF)r�rZ)r0sHASCERTisFALSE
sPHAsOK
sTRUE
)r�rrHr@rr�r�r�r�r�r?r�r�r�rr�r�rrr|r\r�rr)r�r�r�r�r{r�rrr�test_bpo37428_pha_cert_none�s.







z1TestPostHandshakeAuth.test_bpo37428_pha_cert_noneN)r�r�r�rrrrrrrrrrrrrr3src	Cs~tjr�ddl}tjtjtjd�}|���V|�ddt	�x@|�
�D](\}}|�}|rB|drBd||f}PqBWtt���}WdQRXtdt
jt
jf�td|�tdt
j�td	t
j�ytd
t
j�Wntk
r�YnXxBttttttttttttgD]"}t j!�"|��st�#d|���qWt$t%t&t't(t)t*t+g}t�,d��rV|�-t.�t�/�}ztj0|�Wdtj1|�XdS)
Nr)ZLinuxZMacZWindows�ignorez?dist\(\) and linux_distribution\(\) functions are deprecated .*z%s %rztest_ssl: testing with %r %rz          under %sz          HAS_SNI = %rz          OP_ALL = 0x%8xz          OP_NO_TLSv1_1 = 0x%8xzCan't read certificate file %rZnetwork)2rrZ�warningsr|r}Zmac_verZ	win32_ver�catch_warnings�filterwarnings�DeprecationWarning�itemsr;�printrr�rfr�r�r�r�r�r�r�r�r�r�r�r�r�r��BADKEYr�rr
�existsZ
TestFailedr�r�r�rrrr�rZis_resource_enabledrRrAZthreading_setupZrun_unittestZthreading_cleanup)	rZr!ZplatsrrOZplat�filenameZtests�thread_inforrr�	test_main�sR


r+�__main__)N)rTFNN)Nrr)F)�rXrKrGrr�rrnrtr�rrr�Zurllib.requestr�rMrVrrr�r|rQZ	sysconfigr��ImportError�
import_moduler�sortedr�r�rr�r�r�rfr�r�Zget_config_varrr�r�Zverr=r6r�rr��fsencoder�r�r�r�r�r�r�r�rAr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rCr�r�rr'r�r�r�r�r�r)r*r+r,r-r3r:rD�	lru_cacherArTr�r5rHr�r^rdrgrhrmrrorxrr�r�r>r�r�r�ZTestCaser�r�r�rrrrAr*r,Ztest.ssl_serversrIrNrrqr�r�r�rr+r�rrrr�<module>sR













	
	%
8?0B
v
1
H-
L
7