RddlmZddlZddlZddlZddlZddlZddlZddlm Z ddl Z ddl m Z m Z ddlmZmZddlmZddlmZdZdd Zej.ddd Zej.dd Zd d!d Z d d"d Zej.dddZej.ddZej.dd!dZd d!dZ d d#dZd$dZGddeZGddeZGddeZGddZ y)%) annotationsN)mock) DEFAULT_CA DEFAULT_CERTS)SocketDummyServerTestCaseconsume_socket)ssl_) SSLTransport<c@ttdr#tjtj}j t dt dttdr#tjtj }jt||fS)NPROTOCOL_TLS_SERVERcertfilekeyfilePROTOCOL_TLS_CLIENT) hasattrssl SSLContextr load_cert_chainrrload_verify_locationsr)server_contextclient_contexts =platform/gsutil/third_party/urllib3/test/test_ssltransport.pyserver_client_ssl_contextsrsss)*(?(?@""=#VWs)*(?(?@((4 > ))cyNbinarys rsample_requestr "rcyrrrs rr r 'r!rc0d}|r|S|jdS)NsYGET http://www.testing.com/ HTTP/1.1 Host: www.testing.com User-Agent: awesome-test utf-8decode)rrequests rr r ,s$  79'.."99rc0|Jt|}||k(sJyr)r )provided_requestrexpected_requests rvalidate_requestr+6s*  '' '%f- / // /rcyrrrs rsample_responser->r!rcyrrrs rr-r-Cr!rcyrrrs rr-r-Hr!rc0d}|r|S|jdS)Ns&HTTP/1.1 200 OK Content-Length: 0 r$r%)rresponses rr-r-Ms>H8;8??7#;;rc0|Jt|}||k(sJyr)r-)provided_responserexpected_responses rvalidate_responser5Rs*  (( ('/  1 11 1rc|jd}t|tusJt|dkDsJ|j}t|tusJd|vsJ|ddk7sJy)NT) binary_formr serialNumber) getpeercerttypebyteslendict) ssl_socket binary_certcerts rvalidate_peercertrBZs|((T(:K   %% % { a    ! ! #D :   T !! !  2 %% %rceZdZdZed dZ d ddZejje d dZ ejje d dZ ejje d dZ ejje d dZejje d d Zejje d d Zejje d d Zy)SingleTLSLayerTestCasezt Uses the SocketDummyServer to validate a single TLS layer can be established through the SSLTransport. c2t\|_|_yrrrrclss r setup_classz"SingleTLSLayerTestCase.setup_classk1K1M.C.rNcttjdfd }|r|n|}j|y)Nc6|jd} jj|d5}t|}s dddyt ||j t dddy#1swYyxYw#ttf$rYywxYw)NrT server_side quit_event) acceptr wrap_socketrr+sendr-ConnectionAbortedErrorConnectionResetError)listenersockssockr'rPselfvalidates rsocket_handlerzASingleTLSLayerTestCase.start_dummy_server..socket_handlervs??$Q'D ((44Tt4LPU,#-G$ ML%W-JJ01MLL+,@A  s:BA:B $A:1B:B?BBBBrOrV socket.socketreturnNone) threadingEvent _start_server)rYhandlerrZr[chosen_handlerrPs` ` @rstart_dummy_serverz)SingleTLSLayerTestCase.start_dummy_serveros4 __&  %, >jArctjtj}tj}|j t j t5t||dddy#1swYyxYw)z=Errors generated from an unconnected socket should bubble up.N) socketAF_INETrcreate_default_contextclosepytestraisesOSErrorr )rYrWcontexts rtest_start_closed_socketz/SingleTLSLayerTestCase.test_start_closed_socketsO}}V^^,,,. ]]7 # w '$ # #s ! A77Bcv|jdtj|j|jf}t ||j d5}|jtjt5|jdddddddy#1swYxYw#1swYyxYw)z"Socket errors should be bubbled upF)rZ localhostserver_hostnamesblaaarghN) rergcreate_connectionhostportr rrjrkrlrmrS)rYrWrXs rtest_close_after_handshakez1SingleTLSLayerTestCase.test_close_after_handshakes /''DII(>?  $%%{  KKMw' ;'(   ('   s$*B/B#B/#B, (B//B8cV|jtj|j|jf}t ||j d5}|jJ|jtt|}t|dddy#1swYyxYw)z0Validates a single TLS layer can be established.rqrrN) rergrtrurvr rversionrSr rr5rYrWrXr1s rtest_wrap_existing_socketz0SingleTLSLayerTestCase.test_wrap_existing_sockets !''DII(>?  $%%{ ==?. .. JJ~' (%e,H h '    s ABB(c|jtj|j|jf}t ||j d5}tjt5|jddddd|jtt|}t|dddy#1swYAxYw#1swYyxYw)Nrqrrrr) buffering)rergrtrurvr rrkrl ValueErrormakefilerSr rr5rzs rtest_unbuffered_text_makefilez4SingleTLSLayerTestCase.test_unbuffered_text_makefiles !''DII(>?  $%%{ z*sa0+ JJ~' (%e,H h '  +*  s$C.C7CC CCcdfd }j|tjjjf5}t |j d}|jtt|}t||j|jtt|}t|dddy#1swYyxYw)z Validates we can break up the TLS layer A full request/response is sent over TLS, and later over plain text. c|jd5}jj|d5}t|}t ||j t |j5}t|}t ||j t dddddddddy#1swYxYw#1swYxYw#1swYyxYwNrTrM)rQrrRrr+sendallr-unwrap)rVrWssl_sockr'unwrapped_sockrYs rshutdown_handlerzLSingleTLSLayerTestCase.test_unwrap_existing_socket..shutdown_handlers"1%t/B/B/N/N$0O0(2 )  !23__&.,^  01  % %tyy$))&< = t':':KXE MM.* +%e,H h ' LLN LL) *%d+H h '> = =s BCCc`|jtj|j|jf}t ||j d5}|j}t|tusJ|jJ|jJ|j}|!t|turt|dkDsJ|jJt!||j#t%t'|}t)|dddy#1swYyxYw)z)Ensures common ssl attributes are exposedrqrrNr)rergrtrurvr rcipherr;tupleselected_alpn_protocolselected_npn_protocolshared_cipherslistr= compressionrBrSr rr5)rYrWrXrrr1s rtest_ssl_object_attributesz1SingleTLSLayerTestCase.test_ssl_object_attributess !''DII(>?  $%%{ \\^F<5( ((//19 99..08 88"113N")^$,^1Dq1H $$&. .. e $ JJ~' (%e,H h '/   s CD$$D-c|jtj|j|jf}t ||j d5}|jJd}|j||j|k(sJ|jj|k(sJ|jtt|}t|dddy#1swYyxYw)z,Ensures common socket attributes are exposedrqrrN )rergrtrurvr rfileno settimeout gettimeoutrSr rr5)rYrWrX test_timeoutr1s rtest_socket_object_attributesz4SingleTLSLayerTestCase.test_socket_object_attributess !''DII(>?  $%%{ <<>- --L   \ *##%5 55<<**, < << JJ~' (%e,H h '   s B C&&C/r^r_)NT)rcz-typing.Callable[[socket.socket], None] | NonerZboolr^r_)__name__ __module__ __qualname____doc__ classmethodrIrerkmarktimeoutPER_TEST_TIMEOUTrorwr{rrrrrrrrDrDesI NN BFB>BB  B2 [[)*(+( [[)* (+ ( [[)* (+ ( [[)* (+ ( [[)* (+ (D [[)*(+(< [[)*(+(rrDcFeZdZdZ ddZddZ d d dZy) SocketProxyDummyServerzX Simulates a proxy that performs a simple I/O loop on client/server socket. cD||_||_t\|_}yr)destination_server_hostdestination_server_portr server_ctx)rYrr_s r__init__zSocketProxyDummyServer.__init__s#(?$'>$79rc4dfd }j|y)z Socket handler for the proxy. Terminates the first TLS layer and tunnels any bytes needed for client <-> server communicatin. cJ|jd}jj|d5}tjj j f}j|||j|jdddy#1swYyxYwr) rQrrRrgrtrr_read_write_looprj)rVrW client_sock upstream_sockrYs r proxy_handlerzASocketProxyDummyServer.start_proxy_handler..proxy_handler#s??$Q'D,,Tt,D & 8 81143O3OP! %%k=A##%!!# EDDs ABB"Nr\rb)rYrs` rstart_proxy_handlerz*SocketProxyDummyServer.start_proxy_handlers  $ =)rc4||g}||g}|rttj|||\}}}|ry|D]M} d\} } | |k(r|} |} n|} |} | |vs | j|} t| dk(ry| j| O|rsyy#tj $rYywxYw)N)NNr)selectrecvr=rSr SSLEOFError) rYr server_sockchunksinputsoutputreadablewritable exceptions read_socket write_socketbs rrz'SocketProxyDummyServer._read_write_loop/s {+{+,2MM&&&,Q )Hh ,6) \ #"-K#.L"-K#.L 8+ ',,V4q6Q;#$))!,#4?? sB(BBBN)rstrrintr^r_r))rr]rr]rrr^r_)rrrrrrrrrrrrsY :'*:EH: :*, '"'#' '  'rrc^eZdZdZeddZeddZedfd ZeddZe jje ddZ e jje ddZe jje e jjdd d gdd Ze jj#ej&d k(d e jje ddZe jje ddZxZS)TlsInTlsTestCaseaF Creates a TLS in TLS tunnel by chaining a 'SocketProxyDummyServer' and a `SocketDummyServerTestCase`. Client will first connect to the proxy, who will then proxy any bytes send to the destination server. First TLS layer terminates at the proxy, second TLS layer terminates at the destination server. c2t\|_|_yrrFrGs rrIzTlsInTlsTestCase.setup_classcrJrct|j|j|_|jj yr)rrurv proxy_serverrrGs rstart_proxy_serverz#TlsInTlsTestCase.start_proxy_servergs-2#((CHHE ,,.rcnt|dr|jjt| y)Nr)rrteardown_classsuper)rH __class__s rrzTlsInTlsTestCase.teardown_classns* 3 '    + + -  rc4dfd }j|y)z Socket handler for the destination_server. Terminates the second TLS layer and send a basic HTTP response. cl|jd} jj|d5}t|}t ||j t ddd|jy#1swYxYw#tjtjtf$rYywxYwr) rQrrRrr+rSr-rrSSLZeroReturnErrorrmrj)rVrWrXr'rHs rr[zATlsInTlsTestCase.start_destination_server..socket_handler{s??$Q'D ''33Dd3Ku,U3G$W-JJ01L JJL LKOOS%;%;WE  s(B0A<#B<BB(B32B3Nr\r)rHr[s` rstart_destination_serverz)TlsInTlsTestCase.start_destination_serverts  .)rc|j|jtj|jj |jj f}|jj|d5}t||jd5}|jJ|jtt|}t|ddddddy#1swYxYw#1swYyxYw)zA Basic communication over the TLS in TLS tunnel. rqrrN)rrrgrtrrurvrrRr ryrSr rr5)rYrW proxy_sockdestination_sockr1s rtest_tls_in_tls_tunnelz'TlsInTlsTestCase.test_tls_in_tls_tunnels %%' !''    # #T%6%6%;%; <  , , +- D//!'//1=== %%n&67)*:;!(+     s%=C5AC)C5)C2 .C55C>c|j|jtj|jj |jj f}|jj|d5}tjtj5t||jdddddddy#1swYxYw#1swYyxYw)zO Provides a wrong sni hint to validate an exception is thrown. rqrr veryverywrongN)rrrgrtrrurvrrRrkrlrSSLCertVerificationErrorr )rYrWrs rtest_wrong_sni_hintz$TlsInTlsTestCase.test_wrong_sni_hints %%' !''    # #T%6%6%;%; <  , , +- s;;< 3 3_=  =<  s$=$C!C :C C CC r~Nrc|j|jtj|jj |jj f}|jj|d5}t||jd5}|jd|}|jt|jtd}|j|}|J|j!dj#d}t%|d |j'ddddddy#1swYxYw#1swYyxYw) zT Uses makefile with read, write and binary modes without buffering. rqrrrwbrNr$Fr)rrrgrtrrurvrrRr rwriter flush bytearrayreadintor&rstripr5rj) rYr~rWrrfiler1wrote str_responses r&test_tls_in_tls_makefile_raw_rw_binaryz7TlsInTlsTestCase.test_tls_in_tls_makefile_raw_rw_binarys( %%' !''    # #T%6%6%;%; <  , , +- D//!'00 B >+, $U+ h/((( (w7>>vF !,u=     s%=E BE/E E E  EWindowsz-Skipping windows due to text makefile support)reasonc|j|jtj|jj |jj f}|jj|d5}t||jd5}|jdd}|jdd}|jtd|j|j}t|t usJd |vr%t|t usJ|j#d d }t%|dd d d d d d y #1swYxYw#1swYy xYw) zo Creates a separate buffer for reading and writing using text mode and utf-8 encoding. rqrrr}r$)encodingwFr  z N)rrrgrtrrurvrrRr rrr rreadr;rreplacer5)rYrWrrrrr1s r test_tls_in_tls_makefile_rw_textz1TlsInTlsTestCase.test_tls_in_tls_makefile_rw_textsE %%' !''    # #T%6%6%;%; <  , , +- D//!'00w0G(11#1H N%89 99;H~,,,x' >S000'//f=H!(59!    s%=EB+EEE EE'cD|j|jtj|jj |jj f}|jj|d5}t||jd5}|jttd}|j||jdjd}t!|dddddddy#1swYxYw#1swYyxYw) zo Valides recv_into and sendall also work as expected. Other tests are using recv/send. rqrrrr$rFrN)rrrgrtrrurvrrRr rr r recv_intor&rr5)rYrWrrr1rs r!test_tls_in_tls_recv_into_sendallz2TlsInTlsTestCase.test_tls_in_tls_recv_into_sendalls %%' !''    # #T%6%6%;%; <  , , +- D//! (()9:$U+ **84'w7>>vF !,u=    s%=DA#D 9D D DDr)r~z int | Noner^r_)rrrrrrIrrrrkrrrrr parametrizerskipifplatformsystemrr __classcell__)rs@rrrYs^NN// !! **& [[)*,+,* [[)*+$ [[)* [[[4)45+: [[Y&> [[)*:+  :@ [[)*>+>rrc,eZdZddZddZddZddZy)TestSSLTransportWithMockc$d}tj}tjtj}t |||d}|j jtjtj||jrJy)Nexample-domain.comFrssuppress_ragged_eofsrr) rMockcreate_autospecr rr wrap_bioassert_called_withANYrrYrsrWrn ssl_transports rtest_constructor_paramsz0TestSSLTransportWithMock.test_constructor_paramssx.yy{&&t7$ '?QV  ++ HHdhh , !55555rcd}tj}tjtj}t |||d}t jt5|jddddt jt5|jtddddt jt5|jtddddt jt5|jdddddy#1swYxYw#1swYxYw#1swYWxYw#1swYyxYw)NrFr)flags)rrrr rr rkrlrrrrrrSrs rtest_various_flags_errorsz2TestSSLTransportWithMock.test_various_flags_errorss.yy{&&t7$ '?QV ]]: &   Q  '']]: &  # #IKq # 9']]: &  ! !)+Q ! 7']]: &   t1  -' &' &' &' &' &s0"D-D9EE-D69EEEcd}tj}tjtj}t |||d}t jt5|jddddy#1swYyxYw)NrFrx)mode) rrrr rr rkrlrrrs rtest_makefile_wrong_mode_errorz7TestSSLTransportWithMock.test_makefile_wrong_mode_error.se.yy{&&t7$ '?QV ]]: &  " " " ,' & &s "A>>Bcd}tj}tjtj}t |||d}tj j|d5}tj|_ tjtj5|jdddddddy#1swYxYw#1swYyxYw)NrFr _ssl_io_loopr )rrrr rr patchobjectrSSLError side_effectrkrl_wrap_ssl_read)rYrsrWrnrrs rtest_wrap_ssl_read_errorz1TestSSLTransportWithMock.test_wrap_ssl_read_error8s.yy{&&t7$ '?QV ZZ  }n ='*||~L $s||,,,Q/-> =,,> =s$)=C&C 8C C CCNr)rrrrr rrrrrrrs 6.&- 0rr)r^z%tuple[ssl.SSLContext, ssl.SSLContext]).)rztyping.Literal[True]r^r<)rztyping.Literal[False]r^r)T)rrr^z bytes | str)r)rrztyping.Literal[False, True]r^r_)r3zbytes | bytearray | strrrr^r_)r?r r^r_)! __future__rrrrgrr`typingunittestrrkdummyserver.socketserverrrdummyserver.testcaserr urllib3.utilr urllib3.util.ssltransportr rroverloadr r+r-r5rBrDrrrrrrr!sB"   >J2 *:HL00)D0 0< @D2.28<2 2&h(6h(VF6FRr>0r>j4040r