Sindbad~EG File Manager

Current Path : /usr/local/lib/python3.9/test/__pycache__/
Upload File :
Current File : //usr/local/lib/python3.9/test/__pycache__/test_ssl.cpython-39.pyc

a

��g�_�@s�ddlZddlZddlZddlmZddlmZmZddlZddl	Z	ddl
Z
ddlZddlZddl
Z
ddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZzddlZWney�dZYn0e�d�Z ddl m!Z!m"Z"m#Z#e$ed�Z%e%�o&ejdkZ&e'e j(�Z)ej*Z*e j+�,d�Z-e-�oTe j.d	kZ/e-�ofe j.d
kZ0e-�oxe j.dkZ1e�2d�Z3iZ4d
D]H\Z5Z6ze7e e5�Z5e7e j!e6�Z6Wne8�y�Y�q�Yn0e6e4e5<�q�dd�Z9e9d�Z:e�;e:�Z<e9d�Z=e9d�Z>e�;e=�Z?e�;e>�Z@e9d�ZAe9d�ZBdZCe9d�ZDe�;eD�ZEe9dd�ZFe9dd�ZGdddddddd�ZHe9d �ZIe9d!�ZJd"ZKd#d$d%d&d'd(d)dddd*�
ZLe9d+�ZMd,ZNe9d-�ZOd.ZPe9dd/�ZQe9d0�ZRe9d1�ZSe9d2�ZTd"ZUd3ZVe9d4�ZWe9d5�ZXe9d6�ZYe9d7�ZZe9d8�Z[e9d9�Z\e9d:�Z]e9d;�Z^e�;e^�Z_e7e d<d�Z`e7e d=d�Zae7e d>d�Zbe7e d?d�Zce7e d@d�Zde7e dAd�ZedBdC�Zfef��r~dDdE�ZgndFdE�ZgdGdH�ZhejidIdJ��ZjdKdL�Zke�le$e jmdM�dN�ZndOdP�ZodQdR�ZpdSdT�ZqdUdV�ZrdWdX�Zses�ZtdYdZ�Zud[d\�Zve�le jwd]�Zxe jyfe jzddddd^�d_d`�Z{eJfdadb�Z|Gdcdd�ddej}�Z~Gdedf�dfej}�ZGdgdh�dhej}�Z�Gdidj�djej}�Z�Gdkdl�dlej}�Z�Gdmdn�dnej}�Z�e��do�Gdpdq�dqej}��Z�d�drds�Z�dtdu�Z�ddvl�m�Z�Gdwdx�dxej��Z�Gdydz�dzej��Z�d�d~d�Z�d�d�d��Z�Gd�d��d�ej}�Z�e�lejd��d��Gd�d��d�ej}��Z�e$e jmd��Z�e�le�d��Z�Gd�d��d�ej}�Z�d�d��Z�Gd�d��d�ej}�Z�d�d��Z�e�d�k�r�e���dS)��N)�support)�
socket_helper�warnings_helper�ssl)�
TLSVersion�_TLSContentType�_TLSMessageType�gettotalrefcount�win32ZLibreSSL)�rr)rrr)�rr�PY_SSL_DEFAULT_CIPHERS))�PROTOCOL_SSLv23�SSLv3)�PROTOCOL_TLSv1�TLSv1)�PROTOCOL_TLSv1_1�TLSv1_1cGstjjtj�t�g|�R�S�N)�os�path�join�dirname�__file__��name�r�)/usr/local/lib/python3.9/test/test_ssl.py�	data_file<srzkeycert.pemzssl_cert.pemzssl_key.pemzkeycert.passwd.pemzssl_key.passwd.pemZsomepass�capathz
4e1295a3.0z
5ed36f99.0)�)�countryNameZXY�)�localityNamezCastle Anthrax�)�organizationNamezPython Software Foundation))�
commonName�	localhostzAug 26 14:23:15 2028 GMTzAug 29 14:23:15 2018 GMTZ98A7CF88C74A32ED))�DNSr'r��issuer�notAfter�	notBefore�serialNumber�subject�subjectAltName�versionzrevocation.crlzkeycert3.pemr')z)http://testca.pythontest.net/testca/ocsp/)z0http://testca.pythontest.net/testca/pycacert.cer)z2http://testca.pythontest.net/testca/revocation.crl)r ))r%�Python Software Foundation CA))r&z
our-ca-serverzOct 28 14:23:16 2037 GMTzAug 29 14:23:16 2018 GMTZCB2D80995A69525C)
�OCSP�	caIssuers�crlDistributionPointsr*r+r,r-r.r/r0zkeycert4.pem�fakehostnamezkeycertecc.pemz
localhost-eccz
ceff1710.0zallsans.pemzidnsans.pemz	nosan.pemzself-signed.pythontest.net�nullcert.pem�badcert.pemzXXXnonexisting.pem�
badkey.pemz	nokia.pemznullbytecert.pemztalos-2019-0758.pemzffdh3072.pem�OP_NO_COMPRESSION�OP_SINGLE_DH_USE�OP_SINGLE_ECDH_USE�OP_CIPHER_SERVER_PREFERENCE�OP_ENABLE_MIDDLEBOX_COMPAT�OP_IGNORE_UNEXPECTED_EOFcCsXz>tddd��}d|��vWd�WS1s20YWntyRYdS0dS)Nz/etc/os-releasezutf-8)�encodingZubuntuF)�open�read�FileNotFoundError)�frrr�	is_ubuntu�s
0rDcGs0|D]&}t|d�r|jtjjkr|�d�qdS)z@"Lower security level to '1' and allow all ciphers for TLS 1.0/1�minimum_versionz@SECLEVEL=1:ALLN)�hasattrrErrr�set_ciphers)�ctxs�ctxrrr�seclevel_workaround�s��rJcGsdSrr)rHrrrrJ�scCsbt|t�r0|�d�sJ�tt|d�}|dur0dS|tjtjtjhvrHdS|j}t	|t
d�d��S)z�Check if a TLS protocol is available and enabled

    :param protocol: enum ssl._SSLMethod member or name
    :return: bool
    Z	PROTOCOL_NFT)�
isinstance�str�
startswith�getattrr�PROTOCOL_TLS�PROTOCOL_TLS_SERVER�PROTOCOL_TLS_CLIENTr�has_tls_version�len)�protocolrrrr�has_tls_protocol�s
�rUcCs�|dkrdSt|t�r"tjj|}ttd|j���s8dStrL|tjjkrLdSt�	�}t
|d�rz|jtjjkrz||jkrzdSt
|d�r�|j
tjjkr�||j
kr�dSdS)z{Check if a TLS/SSL version is enabled

    :param version: TLS version name or ssl.TLSVersion member
    :return: bool
    �SSLv2FZHAS_rE�maximum_versionT)rKrLrr�__members__rNr�IS_OPENSSL_3_0_0�TLSv1_2�
SSLContextrFrE�MINIMUM_SUPPORTEDrW�MAXIMUM_SUPPORTED)r0rIrrrrR�s0
������rRcs�fdd�}|S)z�Decorator to skip tests when a required TLS version is not available

    :param version: TLS version name or ssl.TLSVersion member
    :return:
    cst�����fdd��}|S)Ncs,t��st���d���n�|i|��SdS)Nz is not available.)rR�unittestZSkipTest)�args�kw)�funcr0rr�wrapper�sz8requires_tls_version.<locals>.decorator.<locals>.wrapper)�	functools�wraps)rarb�r0)rar�	decorator�sz'requires_tls_version.<locals>.decoratorr)r0rfrrer�requires_tls_version�srgrEzrequired OpenSSL >= 1.1.0gcCs.d�tjt����}tjr*tj�||�dS)N� )	r�	traceback�format_exception�sys�exc_infor�verbose�stdout�write)�prefixZ
exc_formatrrr�handle_errorsrqcCs
tjdkS)N)r�	��
�)r�_OPENSSL_API_VERSIONrrrr�can_clear_optionssrwcCs
tjdkS)N)rrr�rsru�r�OPENSSL_VERSION_INFOrrrr�no_sslv2_implies_sslv3_hellosr{cCs
tjdkS)N)rrrrsrruryrrrr�have_verify_flagssr|cCsBtjs
dSt�tj�}z|�d�Wnty8YdS0dSdS)NF�	secp384r1T)r�HAS_ECDHr[rP�set_ecdh_curve�
ValueError)rIrrr�_have_secp_curvessr�cCs$tjrt��jdkrtjStjS�Nr)�time�daylight�	localtime�tm_isdst�altzone�timezonerrrr�
utc_offset+sr�cCs^tjdkrZd}tj�||�}|jdd�}|�|�}|ddkrZ|dd�d|dd�}|S)	N)rrrrsrrruz%b %d %H:%M:%S %Y GMTr)�second��0rh�)rrv�datetime�strptime�replace�strftime)�	cert_time�fmtZdtrrr�asn1time1s

r�z SNI support needed for this test)�	cert_reqs�ca_certs�ciphers�certfile�keyfilec	Kszt�|�}|dur(|tjkr"d|_||_|dur:|�|�|dusJ|durV|�||�|durh|�|�|j|fi|��S�NF)	rr[�	CERT_NONE�check_hostname�verify_mode�load_verify_locations�load_cert_chainrG�wrap_socket)	�sock�ssl_versionr�r�r�r�r��kwargs�contextrrr�test_wrap_socketBs



r�cCsr|tkrt}n$|tkrt}n|tkr*t}nt|��t�tj	�}|�
t�t�tj�}|�
|�|�
t�|||fS)zUCreate context

    client_context, server_context, hostname = testing_context()
    )�SIGNED_CERTFILE�SIGNED_CERTFILE_HOSTNAME�SIGNED_CERTFILE2�SIGNED_CERTFILE2_HOSTNAME�	NOSANFILE�NOSAN_HOSTNAMEr�rr[rQr��
SIGNING_CArPr�)Zserver_cert�hostname�client_context�server_contextrrr�testing_contextTs


r�c@s�eZdZdd�Zdd�Zdd�Zdd�Ze�e	j
d	kd
�dd��Zd
Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd�Zejdd��Zdd�Zdd�Zd d!�Zd"d#�Zd$d%�Zd&d'�Zd(d)�Zd*d+�Zd,d-�Zd.d/�Ze�d0e j!vd1�d2d3��Z"d4d5�Z#d6d7�Z$e�e%j&d8kd9�d:d;��Z'e�e%j&d8kd9�d<d=��Z(d>d?�Z)d@dA�Z*dBdC�Z+dDdE�Z,dFdG�Z-e�e.�dH�dIdJ��Z/dKdL�Z0e�1dMdN�dOdP��Z2dQdR�Z3d
S)S�BasicSocketTestscCs�tjtjtjtjtjtjr*tjtjdkr:tj	|�
tjddh�|�
tjddh�tjtj
tjtjtjdkr�tjtj|�tjtj�dS)N)rrTF�rrr)rr��
CERT_OPTIONAL�
CERT_REQUIREDr<r:r~r;rzr9�assertIn�HAS_SNI�OP_NO_SSLv2�OP_NO_SSLv3�OP_NO_TLSv1�
OP_NO_TLSv1_3�
OP_NO_TLSv1_1�
OP_NO_TLSv1_2�assertEqualrOr��selfrrr�test_constantsns&

zBasicSocketTests.test_constantsc	Csb|�td��Bt���}t�|�Wd�n1s60YWd�n1sT0YdS�Nzpublic constructor)�assertRaisesRegex�	TypeError�socketr�	SSLSocket�r��srrr�test_private_init�s
z"BasicSocketTests.test_private_initcCs2tj}|�t|�d�t�|�}|�|j|�dS)Nz_SSLMethod.PROTOCOL_TLS)rrOr�rLr[�assertIsrT�r��protorIrrr�test_str_for_enums�s
z#BasicSocketTests.test_str_for_enumscCst��}tjr*tj�d||r dp"df�t�d�\}}|�t	|�d�|�||dk�|rxt�
d�}|�t	|�d�n|�tjtj
d�|�t
tj
d�|�t
tjd�ttd�r�|�ttjd�|�ttjdd�t�d	d
�t�dd
�t�td�d
�dS)
Nz
 RAND_status is %d (%s)
zsufficient randomnesszinsufficient randomness�r����RAND_egd�foozthis is a random stringg�R@sthis is a random bytes objects!this is a random bytearray object)r�RAND_statusrrmrkrnro�RAND_pseudo_bytesr�rSZ
RAND_bytes�assertRaises�SSLErrorr�rFr�r�ZRAND_add�	bytearray)r��v�dataZis_cryptographicrrr�test_random�s,
��

zBasicSocketTests.test_random�posixzrequires posixcCst��}|s|�d�t��\}}t��}|dkr�zBt�|�t�d�d}|�t	|�d�t�
||�t�|�Wnty�t�d�Yn0t�d�nlt�|�|�
tj|�tj|dd�t�|d�}|�t	|�d�t�d�d}|�t	|�d�|�||�dS)Nz*OpenSSL's PRNG has insufficient randomnessrr�r)�exitcode)rr��failr�pipe�fork�closer�r�rSro�
BaseException�_exit�
addCleanuprZwait_processrA�assertNotEqual)r��statusZrfdZwfd�pidZchild_randomZ
parent_randomrrr�test_random_fork�s.


z!BasicSocketTests.test_random_forkNcCs�|�tj�t�t�|�tj�t�t�tj�t�}t	j
rTtj�
dt�|�d�|�|dd�|�|dd�|�|dd�|�|dd	�dS)
N�
r/))r(zprojects.developer.nokia.com)r(zprojects.forum.nokia.comr2)zhttp://ocsp.verisign.comr3)z0http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cerr4)z0http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl)r�r�_ssl�_test_decode_cert�CERTFILE�
CERTFILE_INFOr��SIGNED_CERTFILE_INFO�	NOKIACERTrrmrkrnro�pprint�pformat�r��prrr�test_parse_cert�s*
�
�
�
�
�z BasicSocketTests.test_parse_certcCsLtj�t�}tjr,tj�dt	�
|�d�|�|dddddddd	��dS)
Nr�)�)r!ZUK))r&zcody-cazJun 14 18:00:58 2028 GMTzJun 18 18:00:58 2018 GMTZ02)r�))r&�#codenomicon-vm-2.test.lal.cisco.com))r(r�rr))rr�r��TALOS_INVALID_CRLDPrrmrkrnror�r�r�r�rrr�test_parse_cert_CVE_2019_5010�s��z.BasicSocketTests.test_parse_cert_CVE_2019_5010cCsxtj�t�}tjr,tj�dt	�
|�d�d}|�|d|�|�|d|�tjdkr`d}nd}|�|d|�dS)	Nr�)�)r!ZUS))�stateOrProvinceNameZOregon))r#Z	Beavertonr$))�organizationalUnitNamezPython Core Development�)r&�null.python.orgexample.org))�emailAddresszpython-dev@python.orgr.r*)rrrrs)�r(zaltnull.python.orgexample.com��emailz null@python.orguser@example.org��URIz)http://null.python.orghttp://example.org��
IP Addressz	192.0.2.1)rz2001:DB8:0:0:0:0:0:1)r�r�r�r)rz	<invalid>r/)
rr�r��NULLBYTECERTrrmrkrnror�r�r�rv)r�r�r.Zsanrrr�test_parse_cert_CVE_2013_4238�s
z.BasicSocketTests.test_parse_cert_CVE_2013_4238cCs tj�t�}|�|dd�dS)Nr/)
)r(Zallsans��	othername�
<unsupported>r)r�zuser@example.org)r(zwww.example.org)ZDirName)r r"r$))r&zdirname example)rzhttps://www.python.org/�r�	127.0.0.1)rz0:0:0:0:0:0:0:1)z
Registered IDz	1.2.3.4.5)rr�r��
ALLSANFILEr�r�rrr�test_parse_all_sanss
�z$BasicSocketTests.test_parse_all_sanscCs�ttd��}|��}Wd�n1s(0Yt�|�}t�|�}t�|�}|�||�|�tjd�sz|�	d|�|�
dtjd�s�|�	d|�dS)N�rr�z-DER-to-PEM didn't include correct header:
%r
z-DER-to-PEM didn't include correct footer:
%r
)r@�
CAFILE_CACERTrAr�PEM_cert_to_DER_certZDER_cert_to_PEM_certr�rMZ
PEM_HEADERr��endswithZ
PEM_FOOTER)r�rC�pem�d1Zp2�d2rrr�test_DER_to_PEM0s&


z BasicSocketTests.test_DER_to_PEMcCsHtj}tj}tj}|�|t�|�|t�|�|t�|�|d�|�	|d�|\}}}}}|�|d�|�	|d�|�|d�|�	|d�|�|d�|�	|d�|�|d�|�
|d�|�|d�|�
|d�d	|d
��}	|dk�rd|d
�d
|d
�d
|d
��}
nd|d
�d
|d
�d
|d
��}
|�|�|
|	f�||t
|�f�dS)Ni�i@rr�r��?ruz	LibreSSL �drzOpenSSL �.)rZOPENSSL_VERSION_NUMBERrz�OPENSSL_VERSION�assertIsInstance�int�tuplerL�assertGreaterEqual�
assertLessZassertLessEqual�
assertTruerM�hex)r��n�tr��major�minorZfix�patchr�Zlibressl_verZopenssl_verrrr�test_openssl_version<s6
�z%BasicSocketTests.test_openssl_versioncCs`t�tj�}t|�}t�|�}t�dtf��~Wd�n1sD0Y|�|�d�dS)N�)	r��AF_INETr��weakref�refr�check_warnings�ResourceWarningr�)r�r��ss�wrrrr�
test_refcycle^s
 zBasicSocketTests.test_refcyclec	Cs�t�tj�}t|���}|�t|jd�|�t|jtd��|�t|jd�|�t|j	td�d�|�t|j
d�|�t|jdd�|�t|j
�|�t|jdgddd�|�t|jd�|�t|jtd�g�Wd�n1s�0YdS)Nr�x)z0.0.0.0rrr�d)r�r'r�r��OSError�recv�	recv_intor��recvfrom�
recvfrom_into�send�sendto�NotImplementedError�dup�sendmsg�recvmsg�recvmsg_into�r�r�r,rrr�test_wrapped_unconnectedis 


�
�z)BasicSocketTests.test_wrapped_unconnectedc	Cs\dD]R}t�tj�}|�|�t|�� }|�||���Wd�q1sL0YqdS)N)Ng�@)r�r'�
settimeoutr�r��
gettimeout)r��timeoutr�r,rrr�test_timeout{s


zBasicSocketTests.test_timeoutc	Cs�t��}|jtdtj|td�|jtdtj|dd�|jtdtj|ddd�tj|dtd��&}|�td|jtd	f�Wd�n1s�0Y|�t	��F}t���}tj|t
d
�Wd�n1s�0YWd�n1s�0Y|�|jj
t
j�|�t	��J}t��� }tj|tt
d�Wd�n1�s@0YWd�n1�s`0Y|�|jj
t
j�|�t	��J}t��� }tj|t
t
d�Wd�n1�s�0YWd�n1�s�0Y|�|jj
t
j�dS)Nzcertfile must be specified�r�z5certfile must be specified for server-side operationsT��server_sider&�rFr�z!can't connect in server-side modei��r��r�r�)r�r�r�rr�r��connect�HOSTr�r1�NONEXISTINGCERTr��	exception�errno�ENOENT)r�r�r��cmrrr�test_errors_sslwrap�sB��
�
�"
J
�F
�Fz$BasicSocketTests.test_errors_sslwrapcCsltj�tj�t�ptj|�}t��}|�|j�|�	t
j��t||d�Wd�n1s^0YdS)z;Check that trying to use the given client certificate failsrHN)
rrrrr�curdirr�r�r�r�rr�r��r�r�r�rrr�
bad_cert_test�s��zBasicSocketTests.bad_cert_testcCs|�d�dS)z Wrapping with an empty cert filer6N�rTr�rrr�test_empty_cert�sz BasicSocketTests.test_empty_certcCs|�d�dS)z:Wrapping with a badly formatted certificate (syntax error)r7NrUr�rrr�test_malformed_cert�sz$BasicSocketTests.test_malformed_certcCs|�d�dS)z2Wrapping with a badly formatted key (syntax error)r8NrUr�rrr�test_malformed_key�sz#BasicSocketTests.test_malformed_keyc	sFdd�}�fdd�}ddi}||d�||d�||d	�||d
�||d�||d�dd
i}||d�||d�||d�||d�||d�ddi}||d�||d�||d�||d�||d�ddi}||d�||d�||d�ddi}||d�||d�||d�||d�ddi}||d�||d�||d�d�d ��d!�}dd"|fffi}|||�dd#i}|||�dd$i}|||�d%�d ��d!�}dd"|fffi}||d&�d ��d!��||d'�d ��d!��||d(�d ��d!��||d)�d ��d!��d*d+d,d-�}||d.�||d/�||d0�||d1�d2d3d4�}||d5�||d6�||d7�dd8d9�}||d:�||d;�||d<�||d=�||d>�||d?�||d@�tj�rddAd9�}||dB�||dC�||dD�||dE�||dF�||d@�d2dGd4�}||d5�dHdIdJd-�}||d5�dHdGdJd-�}||dK���ttjdd���ttjid�ddLi}��tj	dM��t�|dN�Wd�n1�s�0YddOi}��tj	dP��t�|dQ�Wd�n1�s�0YddRi}��tj	dS��t�|dT�Wd�n1�s.0YddUi}��tj	dV��t�|dW�Wd�n1�sr0YddXi}��tj	dY��t�|dZ�Wd�n1�s�0Yd[D]<}��t��t�
|�Wd�n1�s�0Y�q�d\D]}��t�
|���qtj�rBd]D]}��t�
|���q*dS)^NcSst�||�dSr)r�match_hostname��certr�rrr�ok�sz0BasicSocketTests.test_match_hostname.<locals>.okcs��tjtj||�dSr)r�r�CertificateErrorrYrZr�rrr��s�z2BasicSocketTests.test_match_hostname.<locals>.failr.)))r&�example.comr^zExAmple.cOmzwww.example.comz.example.comzexample.orgZexampleXcom)))r&z*.a.comz	foo.a.comz
bar.foo.a.comza.comzXa.comz.a.com)))r&zf*.comzfoo.comzf.comzbar.comzbar.foo.com)r�r�znull.python.org)))r&z	*.*.a.com)))r&za.*.comz	a.foo.comza..comupüthon.python.org�idna�asciir&)))r&z
x*.python.org)))r&zxn--p*.python.orguwww*.pythön.orguwww.pythön.orguwww1.pythön.orguftp.pythön.orgupythön.orgzJun 26 21:41:46 2011 GMT)))r&�linuxfrz.org))r(�linuxfr.org)r(�linuxfr.comr)r+r.r/rbrcrrazDec 18 23:59:59 2011 GMT)r��)r��
California�)r#z
Mountain View�)r%z
Google Inc�)r&�mail.google.com)r+r.riz	gmail.comre)�r(r^)r�10.11.12.13)r�14.15.16.17r)r.r/rkrlz127.1z14.15.16.17 z14.15.16.17 extra dataz14.15.16.18zexample.net)rj)rz2001:0:0:0:0:0:0:CAFE
)rz2003:0:0:0:0:0:0:BABA
z
2001::cafez
2003::babaz2003::baba z2003::baba extra dataz
2003::bebe)r�rdrfrgzDec 18 23:59:59 2099 GMT)r�rdrfrh))rZblablaz
google.com)))r&za*b.example.comz5partial wildcards in leftmost label are not supportedzaxxb.example.com)))r&zwww.*.example.comz2wildcard can only be present in the leftmost labelzwww.sub.example.com)))r&za*b*.example.comztoo many wildcardszaxxbxxc.example.com)))r&�*z7sole wildcard without additional labels are not support�host)))r&z*.comz%hostname 'com' doesn't match '\*.com'Zcom)�1r&z1.2.3z	256.0.0.1z127.0.0.1/24)r	z192.168.0.1)z::1z2001:db8:85a3::8a2e:370:7334)�encode�decoder�IPV6_ENABLEDr�r�rrYr�r]Z_inet_patonr)r�r\r�r[r_�invalidZipaddrrr�r�test_match_hostname�s




























�



�


�






�





�
�
�
�,�,�,�,�,.z$BasicSocketTests.test_match_hostnamecCsNt�tj�}t���&}|jt|j|ddd�Wd�n1s@0YdS)NTz
some.hostname��server_hostname)rr[rPr�r�r�r�)r�rIr�rrr�test_server_side}s

�z!BasicSocketTests.test_server_sidec	Cs�t�d�}t�tj�}|�|���t|dd��D}|�t��|�d�Wd�n1s\0YWd�n1sz0Y|�	�dS)N�r	rF��do_handshake_on_connectzunknown-type)
r��
create_serverr'rJ�getsocknamer�r�r��get_channel_bindingr�)r�r��cr,rrr�test_unknown_channel_binding�s
Fz-BasicSocketTests.test_unknown_channel_binding�
tls-unique�*'tls-unique' channel binding not availablecCs�t�tj�}t|�� }|�|�d��Wd�n1s:0Yt�tj�}t|dtd�� }|�|�d��Wd�n1s�0YdS)Nr�TrG)r�r'r��assertIsNoner}r�r=rrr�test_tls_unique_channel_binding�s
.z0BasicSocketTests.test_tls_unique_channel_bindingcCsjtt�tj��}t|�}|�t��}d}t��Wd�n1sD0Y|�|t	|j
jd��dSr�)r�r�r'�reprZassertWarnsr+r�
gc_collectr�rL�warningr_)r�r,rrPrrr�test_dealloc_warn�s&z"BasicSocketTests.test_dealloc_warncCs�t��}|�t|�d�|�|tj�t���D}t|d<t	|d<t��}|�|j
t	�|�|jt�Wd�n1sx0YdS)N��SSL_CERT_DIR�
SSL_CERT_FILE)rZget_default_verify_pathsr�rSrZDefaultVerifyPathsr�EnvironmentVarGuard�CAPATHr��cafiler)r��paths�envrrr�test_get_default_verify_paths�s
z.BasicSocketTests.test_get_default_verify_pathsr
�Windows specificc	Cs�|�t�d��|�t�d��|�ttj�|�ttjd�t�}dD]�}t�|�}|�|t�|D]p}|�|t	�|�
t|�d�|\}}}|�|t�|�
|ddh�|�|tttf�t|ttf�rf|�|�qfqHd}|�
||�dS)	N�CA�ROOTr&)r�r�r�x509_asn�
pkcs_7_asn�1.3.6.1.5.5.7.3.1)rrZenum_certificatesr�r��WindowsError�setr�listrr�rS�bytesr��	frozenset�boolrK�update)	r�Z
trust_oidsZ	storename�store�elementr[�encZtrust�
serverAuthrrr�test_enum_certificates�s&

z'BasicSocketTests.test_enum_certificatescCs�|�t�d��|�ttj�|�ttjd�t�d�}|�|t�|D]D}|�|t�|�	t
|�d�|�|dt�|�|dddh�qHdS)Nr�r&�rrr�r�)
rrZ	enum_crlsr�r�r�rr�rr�rSr�r�)r�Zcrlsr�rrr�test_enum_crls�s
zBasicSocketTests.test_enum_crlsc	Cs�d}t�d�}|�||�|�|jd�|�|jd�|�|jd�|�|jd�|�|tj�|�t	tjd�tj�
d�}|�||�|�|tj�|�t	tjj
d�|�t	d��tj�
d�Wd�n1s�0Ytd	�D]j}ztj�
|�}Wnt	�yYq�0|�|jt
�|�|jt�|�|jt�|�|jttd�f�q�tj�d�}|�||�|�|tj�|�tj�d�|�|�tj�d�|�|�t	d
��tj�d�Wd�n1�s�0YdS)N)�r��TLS Web Server Authenticationr�r�r�r�r����zunknown NID 100000i��i�zunknown object 'serverauth'Z
serverauth)r�_ASN1Objectr��nid�	shortnameZlongname�oidrr�r�Zfromnidr��rangerrL�typeZfromname)r��expected�val�i�objrrr�test_asn1object�sB
*�z BasicSocketTests.test_asn1objectcCs�t�d�}|�tjjtj�|�tjj|�|�tjjjd�|�tjjjd�|�tjjjd�t�d�}|�tjj	tj�|�tjj	|�|�tjj	jd�|�tjj	jd�|�tjj	jd�dS)Nr�r�r�z1.3.6.1.5.5.7.3.2�Z
clientAuth)
rr�r�Purpose�SERVER_AUTHr�r�r�r��CLIENT_AUTH)r�r�rrr�test_purpose_enum�s 
�
�z"BasicSocketTests.test_purpose_enumcCs�t�tjtj�}|�|j�|�t��}t|tj	d�Wd�n1sJ0Y|�
t|j�d�t�
tj�}|�t��}|�|�Wd�n1s�0Y|�
t|j�d�dS)N�r�z!only stream sockets are supported)r�r'�
SOCK_DGRAMr�r�r�r8r�rr�r�rLrMr[rQr�)r�r�ZcxrIrrr�test_unsupported_dtlss,(z&BasicSocketTests.test_unsupported_dtlscCs|�t�|�|�dSr)r�r�cert_time_to_seconds)r��
timestringZ	timestamprrr�cert_time_okszBasicSocketTests.cert_time_okcCs8|�t��t�|�Wd�n1s*0YdSr)r�r�rr�)r�r�rrr�cert_time_failszBasicSocketTests.cert_time_failz)local time needs to be different from UTCcCs|�dd�|�dd�dS)NzMay  9 00:00:00 2007 GMTg�C��A�Jan  5 09:34:43 2018 GMT���ѓ�A)r�r�rrr�"test_cert_time_to_seconds_timezone sz3BasicSocketTests.test_cert_time_to_seconds_timezonecCs�d}d}|�||�|�tj|d�|�|�d|�|�d|�|�d�|�d�|�d�|�d	�|�d
�|�d�|�d�d
}|�d|�|�d|�|�dd�|�dd�|�dd�|�d�|�dd�dS)Nr�r�)r�zJan 05 09:34:43 2018 GMTzJaN  5 09:34:43 2018 GmTzJan  5 09:34 2018 GMTzJan  5 09:34:43 2018zJan  5 09:34:43 2018 UTCzJan 35 09:34:43 2018 GMTzJon  5 09:34:43 2018 GMTzJan  5 24:00:00 2018 GMTzJan  5 09:60:43 2018 GMTg�W�AzDec 31 23:59:60 2008 GMTzJan  1 00:00:00 2009 GMTzJan  5 09:34:59 2018 GMTi�FOZzJan  5 09:34:60 2018 GMTi�FOZzJan  5 09:34:61 2018 GMTi�FOZzJan  5 09:34:62 2018 GMTzDec 31 23:59:59 9999 GMTg�� �MB)r�r�rr�r�)r�r��tsZ
newyear_tsrrr�test_cert_time_to_seconds(s*







z*BasicSocketTests.test_cert_time_to_seconds�LC_ALLr&cCs@dd�}|���dkr |�d�|�dd�|�|�d�dS)NcSst�dd�S)Nz%b)	rr�rr�r�r�rrr)r�r�rrrr�local_february_nameOszNBasicSocketTests.test_cert_time_to_seconds_locale.<locals>.local_february_nameZfebz>locale-specific month name needs to be different from C localezFeb  9 00:00:00 2007 GMTg`�r�Az  9 00:00:00 2007 GMT)�lower�skipTestr�r�)r�r�rrr� test_cert_time_to_seconds_localeKs

z1BasicSocketTests.test_cert_time_to_seconds_localecCsvt�tj�}|�|j�t�|�}tt�tj�tjd�}|�|j�|�	t
|f�}tjtj
tjtjf}|�||�dS)Nr�)r�r'r�r�r�	bind_portr�rr��
connect_exrKrNZECONNREFUSEDZEHOSTUNREACHZ	ETIMEDOUT�EWOULDBLOCKr�)r��server�portr��rc�errorsrrr�test_connect_ex_errorZs
��z&BasicSocketTests.test_connect_ex_error)4�__name__�
__module__�__qualname__r�r�r�r�r^�
skipUnlessrrr�ZmaxDiffr�r�rrrr%rZcpython_onlyr.r>rCrQrTrVrWrXrtrwrr�CHANNEL_BINDING_TYPESr�r�r�rk�platformr�r�r�r�r�r�r�r�r�r�Zrun_with_localer�r�rrrrr�lsb
"

	
G
�



'�
#

r�c@s�eZdZdd�Zdd�Zdd�Ze�edkd�d	d
��Z	e�
ejdkd�d
d��Z
dd�Zdd�Zdd�Zee�
ed�dd���Ze�e�d�dd��Zdd�Zdd�Zdd �Ze�
ed!�d"d#��Zd$d%�Zd&d'�Ze�ejd(�d)d*��Zed+d,��Z ed-d.��Z!d/d0�Z"d1d2�Z#d3d4�Z$e�
e%j&d5kd6�e�
ed7�d8d9���Z'e�e%j&d5kd:�e�
e(e%d;�d<�d=d>���Z)d?d@�Z*dAdB�Z+dCdD�Z,dEdF�Z-dGdH�Z.dIdJ�Z/e�e0dK�dLdM��Z1dNS)O�ContextTestsc	Cs�tD]L}t|�rt���t�|�}Wd�n1s80Y|�|j|�qt���t��}Wd�n1sx0Y|�|jtj�|�	t
tjd�|�	t
tjd�dS)Nr��*)�	PROTOCOLSrUrr*rr[r�rTrOr�r�)r�rTrIrrr�test_constructorms
(
&zContextTests.test_constructorc	CsVtD]L}t|�rt���t�|�}Wd�n1s80Y|�|j|�qdSr)r�rUrr*rr[r�rTr�rrr�
test_protocolys

(zContextTests.test_protocolcCs\t�tj�}|�d�|�d�|�tjd��|�d�Wd�n1sN0YdS)N�ALL�DEFAULT�No cipher can be selected�^$:,;?*'dorothyx)rr[rQrGr�r��r�rIrrr�test_ciphers�s


zContextTests.test_ciphersrz+Test applies only to Python default cipherscCsft�tj�}|��}|D]H}|d}|�d|�|�d|�|�d|�|�d|�|�d|�qdS)NrZPSKZSRPZMD5ZRC4Z3DES)rr[rQ�get_ciphersZassertNotIn)r�rIr�Zsuiterrrr�test_python_ciphers�sz ContextTests.test_python_ciphers)rrr�rrzOpenSSL too oldc	Csht�tj�}|�d�tdd�|��D��}hd�}|�|�}|�t|�ddt	|��dt	|����dS)NZAESGCMcss|]}|dVqdS)rNr)�.0rrrr�	<genexpr>��z0ContextTests.test_get_ciphers.<locals>.<genexpr>>zDHE-RSA-AES128-GCM-SHA256zDHE-RSA-AES256-GCM-SHA384zECDHE-RSA-AES256-GCM-SHA384zECDHE-ECDSA-AES256-GCM-SHA384zAES128-GCM-SHA256zAES256-GCM-SHA384zECDHE-ECDSA-AES128-GCM-SHA256zECDHE-RSA-AES128-GCM-SHA256r�z
got: z
expected: )
rr[rQrGr�r��intersectionrrS�sorted)r�rI�namesr�r�rrr�test_get_ciphers�s


�zContextTests.test_get_cipherscCs�t�tj�}tjtjBtjB}|ttBtBt	Bt
BtBO}|�||j
�|j
tjO_
|�|tjB|j
�t�r�|j
tj@|_
|�||j
�d|_
|�d|j
tj@�n0|�t��d|_
Wd�n1s�0YdSr�)rr[rQ�OP_ALLr�r�r9r<r:r;r=r>r��optionsr�rwr�r�)r�rI�defaultrrr�test_options�s*����zContextTests.test_optionscCst�tj�}|�|jtj�tj|_|�|jtj�tj|_|�|jtj�tj|_|�|jtj�|�t	��d|_Wd�n1s�0Y|�t
��d|_Wd�n1s�0Yt�tj�}|�|jtj�|�|j
�t�tj�}|�|jtj�|�|j
�dS�Nr�)rr[rOr�r�r�r�r�r�r�r�rP�assertFalser�rQrr�rrr�test_verify_mode_protocol�s$$$z&ContextTests.test_verify_mode_protocolcCs�t�tj�}|�|j�tjrVd|_|�|j�d|_|�|j�d|_|�|j�n0|�t��d|_Wd�n1s|0YdS�NTF)	rr[rQr�hostname_checks_common_name�HAS_NEVER_CHECK_COMMON_NAMEr�r��AttributeErrorr�rrr� test_hostname_checks_common_name�sz-ContextTests.test_hostname_checks_common_namez
see bpo-34001cCst�tj�}tjjtjjtjjh}tjjtjjh}|�	|j
|�|�	|j|�tjj|_
tjj|_|�
|j
tjj�|�
|jtjj�tjj|_
tjj|_|�
|j
tjj�|�
|jtjj�tjj|_|�
|jtjj�tjj|_|�	|jtjjtjjtjjh�tjj|_
|�	|j
tjjtjjh�|�t��d|_
Wd�n1�sP0Yttj��r�t�tj�}|�	|j
|�|�
|jtjj�|�t��tjj|_
Wd�n1�s�0Y|�t��tjj|_Wd�n1�s�0YdSr�)rr[rPrr\rrZr]�TLSv1_3r�rErWrr�rr�r�rUr)r�rIZ
minimum_rangeZ
maximum_rangerrr�test_min_max_version�st�
���


�
�


�
�

�
�
�&�
�*z!ContextTests.test_min_max_version�!verify_flags need OpenSSL > 0.9.8cCs�t�tj�}ttdd�}|�|jtj|B�tj|_|�|jtj�tj|_|�|jtj�tj|_|�|jtj�tjtj	B|_|�|jtjtj	B�|�
t��d|_Wd�n1s�0YdS)N�VERIFY_X509_TRUSTED_FIRSTr)rr[rPrNr��verify_flags�VERIFY_DEFAULT�VERIFY_CRL_CHECK_LEAFZVERIFY_CRL_CHECK_CHAINZVERIFY_X509_STRICTr�r�)r�rI�tfrrr�test_verify_flags3s
�zContextTests.test_verify_flagscCs�t�tj�}|jtdd�|jttd�|jt|jtd�|�t��}|�t�Wd�n1sd0Y|�	|j
jtj�|�
tjd��|�t�Wd�n1s�0Y|�
tjd��|�t�Wd�n1s�0Yt�tj�}|�tt�|jttd�|jttd�|�
tjd��|�t�Wd�n1�sT0Y|�
tjd��|�t�Wd�n1�s�0Y|�
tjd��|jttd�Wd�n1�s�0Yt�tj�}|�
tjd��|�tt�Wd�n1�s0Y|jttd�|jtt��d�|jttt���d�|�ttt�|�ttt���|�tttt����|�
td��|jtdd�Wd�n1�s�0Y|�tj��|jtdd�Wd�n1�s�0Y|�
td	��"|jtd
dd�Wd�n1�s80Ydd
�}dd�}dd�}dd�}dd�}dd�}dd�}	Gdd�d�}
|jt|d�|jt|d�|jt|d�|jt|
�d�|jt|
�jd�|�tj��|jt|d�Wd�n1�s0Y|�
td	��|jt|d�Wd�n1�sB0Y|�
td��|jt|d�Wd�n1�s~0Y|�
td��|jt|	d�Wd�n1�s�0Y|jt|	d�dS)NrD�PEM librIzkey values mismatch)�passwordzshould be a stringT�badpasszcannot be longer�ai�cSstSr��KEY_PASSWORDrrrr�getpass_unicodevsz:ContextTests.test_load_cert_chain.<locals>.getpass_unicodecSst��Sr)rrprrrr�
getpass_bytesxsz8ContextTests.test_load_cert_chain.<locals>.getpass_bytescSstt���Sr)r�rrprrrr�getpass_bytearrayzsz<ContextTests.test_load_cert_chain.<locals>.getpass_bytearraycSsdS)Nrrrrrr�getpass_badpass|sz:ContextTests.test_load_cert_chain.<locals>.getpass_badpasscSsddS)Nrirrrrr�getpass_huge~sz7ContextTests.test_load_cert_chain.<locals>.getpass_hugecSsdS)Nrrrrrrr�getpass_bad_type�sz;ContextTests.test_load_cert_chain.<locals>.getpass_bad_typecSstd��dS)N�
getpass error)�	Exceptionrrrr�getpass_exception�sz<ContextTests.test_load_cert_chain.<locals>.getpass_exceptionc@seZdZdd�Zdd�ZdS)z:ContextTests.test_load_cert_chain.<locals>.GetPassCallablecSstSrrr�rrr�__call__�szCContextTests.test_load_cert_chain.<locals>.GetPassCallable.__call__cSstSrrr�rrr�getpass�szBContextTests.test_load_cert_chain.<locals>.GetPassCallable.getpassN)r�r�r�rrrrrr�GetPassCallable�srzmust return a stringr)rr[rPr�r�r�r�r1rLr�rMrNrOr�r��BADCERT�	EMPTYCERT�ONLYCERT�ONLYKEY�BYTES_ONLYCERT�
BYTES_ONLYKEYr
�CERTFILE_PROTECTEDrrpr��ONLYKEY_PROTECTEDr�rr
)r�rIrPrrrr	r
rrrrrr�test_load_cert_chainGs�(((**.,
�
�..2�....z!ContextTests.test_load_cert_chaincCst�tj�}|�t�|jtdd�|�t�|jtdd�|�t|j�|�t|jddd�|�t��}|�t	�Wd�n1s�0Y|�
|jjtj
�|�tjd��|�t�Wd�n1s�0Y|�tt�|jttd�|�t|jdd�dS)N)r�rr�rT)rr[rPr�r��BYTES_CERTFILEr�r�r1rLr�rMrNrOr�r�rr��BYTES_CAPATH�r�rIrPrrr�test_load_verify_locations�s

((z'ContextTests.test_load_verify_locationscCs�tt��}|��}Wd�n1s&0Yt�|�}tt��}|��}Wd�n1s`0Yt�|�}t�tj�}|�|�	�dd�|j
|d�|�|�	�dd�|j
|d�|�|�	�dd�|j
|d�|�|�	�dd�t�tj�}d�||f�}|j
|d�|�|�	�dd�t�tj�}d|d|d	|d
g}|j
d�|�d�|�|�	�dd�t�tj�}|j
|d�|j
|d�|�|�	�dd�|j
|d�|�|�	�dd�t�tj�}d�||f�}|j
|d�|�|�	�dd�t�tj�}|jt
|j
td�|�tjd��|j
d
d�Wd�n1�sT0Y|�tjd��|j
dd�Wd�n1�s�0YdS)N�x509_car��cadatarr�r��head�otherZagain�tailr�z4no start line: cadata does not contain a certificate�brokenz6not enough data: cadata does not contain a certificatesbroken)r@r
rArr�CAFILE_NEURONIOr[rQr��cert_store_statsr�rr�r��objectr�r�)r�rCZ
cacert_pemZ
cacert_derZneuronio_pemZneuronio_derrIZcombinedrrr�test_load_verify_cadata�s\
&

&

��,�z$ContextTests.test_load_verify_cadata�)Avoid mixing debug/release CRT on WindowscCs�t�tj�}|�t�tjdkr*|�t�|�t	|j�|�t	|jd�|�t
��}|�t�Wd�n1sr0Y|�|j
jtj�|�tj��}|�t�Wd�n1s�0YdS)N�nt)rr[rP�load_dh_params�DHFILErr�BYTES_DHFILEr�r�rBrLr�rMrNrOr�r�rrrr�test_load_dh_params�s


(z ContextTests.test_load_dh_paramscCsrtD]h}t|�sqt���t�|�}Wd�n1s:0Y|�|��dddddddddddd��qdS)Nr)�numberrJZconnect_goodZconnect_renegotiate�acceptZaccept_goodZaccept_renegotiate�hits�missesZtimeoutsZ
cache_full)r�rUrr*rr[r��
session_statsr�rrr�test_session_stats�s$
(
�zContextTests.test_session_statscCst�tj�}|��dSr)rr[rQZset_default_verify_pathsr�rrr�test_set_default_verify_pathssz*ContextTests.test_set_default_verify_pathsz#ECDH disabled on this OpenSSL buildcCsbt�tj�}|�d�|�d�|�t|j�|�t|jd�|�t|jd�|�t|jd�dS)N�
prime256v1s
prime256v1r��foo)rr[rPrr�r�r�r�rrr�test_set_ecdh_curves

z ContextTests.test_set_ecdh_curvecCsjt�tj�}|�t|j�|�t|jd�|�t|jd�|�t|j|�dd�}|�d�|�|�dS)Nr�r&cSsdSrr�r��
servernamerIrrr�
dummycallback(sz5ContextTests.test_sni_callback.<locals>.dummycallback)rr[rPr�r��set_servername_callback)r�rIr=rrr�test_sni_callbacks
zContextTests.test_sni_callbackcCsJt�tj�}|fdd�}|�|�t�|�}~~t��|�|�d�dS)NcSsdSrr)r�r<rI�cyclerrrr=2sz>ContextTests.test_sni_callback_refcycle.<locals>.dummycallback)	rr[rPr>r(r)�gc�collectr�)r�rIr=r-rrr�test_sni_callback_refcycle-s

z'ContextTests.test_sni_callback_refcyclecCs�t�tj�}|�|��dddd��|�t�|�|��dddd��|�t�|�|��dddd��|�t�|�|��dddd��dS)Nr)r �crl�x509rr�)	rr[rQr�r(r�r�r�r
r�rrr�test_cert_store_stats:s 

�


�


�


�z"ContextTests.test_cert_store_statscCs�t�tj�}|�|��g�|�t�|�|��g�|�t�|�|��dtd�td�ddddd�g�t	t��}|�
�}Wd�n1s�0Yt�|�}|�|�d�|g�dS)	N)))r%zRoot CA))r�zhttp://www.cacert.org))r&zCA Cert Signing Authority))r�zsupport@cacert.orgzMar 29 12:29:49 2033 GMTzMar 30 12:29:49 2003 GMTZ00)z!https://www.cacert.org/revoke.crlr)r*r+r,r-r4r.r0T)rr[rQr��get_ca_certsr�r�r
r�r@rAr)r�rIrCr�derrrr�test_get_ca_certsHs&


��
&
zContextTests.test_get_ca_certscCs�t�tj�}|��t�tj�}|�tjj�|��t�tj�}|�tjj�t�tj�}|�t|jd�|�t|jd�dS)Nr�)	rr[rQ�load_default_certsr�r�r�r�r�r�rrr�test_load_default_certsdsz$ContextTests.test_load_default_certsr
znot-Windows specificz!LibreSSL doesn't support env varscCsht�tj�}t���@}t|d<t|d<|��|�|�	�dddd��Wd�n1sZ0YdS)Nr�r�rr)rDrEr )
rr[rQrr�r�r�rJr�r()r�rIr�rrr�test_load_default_certs_envss
z(ContextTests.test_load_default_certs_envr�r	z3Debug build does not share environment between CRTscCs�t�tj�}|��|��}t�tj�}t���H}t|d<t|d<|��|dd7<|�	|��|�Wd�n1s~0YdS)Nr�r�rEr)
rr[rQrJr(rr�r�r�r�)r�rI�statsr�rrr�#test_load_default_certs_env_windows}s
z0ContextTests.test_load_default_certs_env_windowscCs�|�|jtj@tj�tdkr0|�|jt@t�tdkrJ|�|jt@t�tdkrd|�|jt@t�tdkr~|�|jt@t�dSr�)r�r�rr�r9r:r;r<r�rrr�_assert_context_options�s"����z$ContextTests._assert_context_optionscCs�t��}|�|jtj�|�|jtj�|�|j�|�	|�t
t��}|��}Wd�n1sd0Ytjtt
|d�}|�|jtj�|�|jtj�|�	|�t�tjj�}|�|jtj�|�|jtj�|�	|�dS)N)r�rr")r�create_default_contextr�rTrOr�r�rr�rOr@r�rAr�r�r�r�)r�rIrCr"rrr�test_create_default_context�s"

&�
z(ContextTests.test_create_default_contextcCsXt��}|�|jtj�|�|jtj�|�|j�|�	|�t
tj��rt�
��t�tj�}Wd�n1st0Y|�|jtj�|�|jtj�|�	|�t�
��$tjtjtjdd�}Wd�n1s�0Y|�|jtj�|�|jtj�|�|j�|�	|�tjtjjd�}|�|jtj�|�|jtj�|�	|�dS)NT)r�r�)Zpurpose)r�_create_stdlib_contextr�rTrOr�r�r�r�rOrUrrr*r�rr�r�r�rrr�test__create_stdlib_context�s0

*

�$
z(ContextTests.test__create_stdlib_contextcCszt�tj�}|�|j�|�|jtj�d|_|�|j�|�|jtj	�d|_tj	|_|�|j�|�|jtj	�d|_tj|_d|_|�|j�|�|jtj�d|_|�|j�|�|jtj	�d|_tj
|_d|_|�|j�|�|jtj
�d|_|�|j�|�|jtj
�|�t��tj|_Wd�n1�sB0Yd|_|�|j�tj|_|�|jtj�dSr�)
rr[rOr�r�r�r�r�rr�r�r�r�r�rrr�test_check_hostname�s@(z ContextTests.test_check_hostnamecCsTt�tj�}|�|j�|�|jtj�t�tj�}|�	|j�|�|jtj
�dSr)rr[rQrr�r�r�r�rPr�r�r�rrr�test_context_client_server�sz'ContextTests.test_context_client_servercCs�Gdd�dtj�}Gdd�dtj�}t�tj�}||_||_|jt��dd��}|�	||�Wd�n1sp0Y|�
t��t���}|�	||�dS)Nc@seZdZdS)z;ContextTests.test_context_custom_class.<locals>.MySSLSocketN�r�r�r�rrrr�MySSLSocketsrWc@seZdZdS)z;ContextTests.test_context_custom_class.<locals>.MySSLObjectNrVrrrr�MySSLObjectsrXTrE)rr��	SSLObjectr[rPZsslsocket_classZsslobject_classr�r�r�wrap_bio�	MemoryBIO)r�rWrXrIr�r�rrr�test_context_custom_classs*z&ContextTests.test_context_custom_classzTest requires OpenSSL 1.1.1cCs�t�tj�}|�|jd�d|_|�|jd�d|_|�|jd�|�t��d|_Wd�n1sh0Y|�t��d|_Wd�n1s�0Yt�tj�}|�|jd�|�t��d|_Wd�n1s�0YdS)Nr�rrr�)	rr[rPr�Znum_ticketsr�r�r�rQr�rrr�test_num_tickests$$zContextTests.test_num_tickestN)2r�r�r�r�r�r�r^r�r
r��skipIfrrzr�r�r�r��requires_minimum_version�IS_LIBRESSLr�r|r�rrr*�Py_DEBUG_WIN32r0r6r7r~r:�	needs_snir?rCrFrIrKrkr�rLrFrNrOrQrSrTrUr\�IS_OPENSSL_1_1_1r]rrrrr�ksb
�


N�
S?



	



+
r�c@s8eZdZdd�Ze�ed�dd��Zdd�Zdd	�Z	d
S)�
SSLErrorTestscCsXt�dd�}|�t|�d�|�|jd�t�dd�}|�t|�d�|�|jd�dS)Nrr�)rr�r�rLrNZSSLZeroReturnError)r��errr�test_str'szSSLErrorTests.test_strr+cCs�t�tj�}|�tj��}|�t�Wd�n1s80Y|�|jj	d�|�|jj
d�t|j�}|�|�
d�|�dS)NZPEMZ
NO_START_LINEz"[PEM: NO_START_LINE] no start line)rr[rQr�r�r-r�r�rM�library�reasonrLrrM)r�rIrPr�rrr�test_lib_reason1s(
zSSLErrorTests.test_lib_reasonc
Cs�t�tj�}d|_tj|_t�d���}t�|�	��}|�
d�|j|ddd��r}|�tj
��}|��Wd�n1sz0Yt|j�}|�|�d�|�|�|jjtj�Wd�n1s�0YWd�n1s�0YdS)NFrxryz%The operation did not complete (read))rr[rQr�r�r�r�r{�create_connectionr|�setblockingr�r��SSLWantReadError�do_handshakerLrMrrMr�rN�SSL_ERROR_WANT_READ)r�rIr�r~rPrrr�
test_subclass<s
&
zSSLErrorTests.test_subclasscCs�t��}|�t��(|jt��t��dd�Wd�n1s@0Y|�t��(|jt��t��dd�Wd�n1s�0Y|�t��(|jt��t��dd�Wd�n1s�0YdS)Nr&ruz.example.orgzexample.orgevil.com)rrPr�r�rZr[r�r�rrr�test_bad_server_hostnameNs�$�$�z&SSLErrorTests.test_bad_server_hostnameN)
r�r�r�rfr^r^rarirorprrrrrd%s




rdc@s4eZdZdd�Zdd�Zdd�Zdd�Zd	d
�ZdS)�MemoryBIOTestscCs�t��}|�d�|�|��d�|�|��d�|�d�|�d�|�|��d�|�|��d�|�d�|�|�d�d�|�|�d�d	�|�|�d�d�dS)
Nr9r��barsfoobar�bazr�sbar�z)rr[ror�rA�r��biorrr�test_read_write]s



zMemoryBIOTests.test_read_writecCs�t��}|�|j�|�|��d�|�|j�|�d�|�|j�|��|�|j�|�|�d�d�|�|j�|�|�d�d�|�|j�|�|��d�|�|j�dS)Nr�r9r�sfor�o)	rr[r��eofr�rAro�	write_eofrrurrr�test_eofks
zMemoryBIOTests.test_eofcCs�t��}|�|jd�|�d�|�|jd�td�D]$}|�d�|�|jd|d�q6td�D] }|�d�|�|j|d�qd|��|�|jd�dS)Nrr9rrr/)rr[r��pendingror�rA)r�rvr�rrr�test_pending{s


zMemoryBIOTests.test_pendingcCsbt��}|�d�|�|��d�|�td��|�|��d�|�td��|�|��d�dS)Nr9rrrs)rr[ror�rAr��
memoryviewrurrr�test_buffer_types�s
z MemoryBIOTests.test_buffer_typescCsLt��}|�t|jd�|�t|jd�|�t|jd�|�t|jd�dS)Nr�Tr)rr[r�r�rorurrr�test_error_types�s
zMemoryBIOTests.test_error_typesN)r�r�r�rwr{r}rr�rrrrrq[s
	rqc@seZdZdd�Zdd�ZdS)�SSLObjectTestscCsDt��}|�td��t�||�Wd�n1s60YdSr�)rr[r�r�rYrurrrr��sz SSLObjectTests.test_private_initc	Cs<t�\}}}t��}t��}t��}t��}|j|||d�}|j||dd�}	td�D]p}
z|��WntjyxYn0|jr�|�|�	��z|	��Wntjy�Yn0|jrT|�|�	��qT|��|	��|�
tj��|��Wd�n1�s0Y|�|�	��|	��|�|�	��|��dS)NruTrEr�)r�rr[rZr�rmrlr|rorAr��unwrap)r�Z
client_ctxZ
server_ctxr�Zc_inZc_outZs_inZs_out�clientr��_rrr�test_unwrap�s8(zSSLObjectTests.test_unwrapN)r�r�r�r�r�rrrrr��sr�c@s�eZdZdZdd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Ze
�ejdkd�dd��Zdd�Zdd�Zdd�Zdd�Zd d!�Zed"d#��Zd$d%�Zd&d'�Zd(d)�Zd*S)+�SimpleBackgroundTestsz?Tests that connect to a simple server running in the backgroundcCs2tt�}t|jf|_|��|�|jddd�dSr)�ThreadedEchoServerr�rKr��server_addr�	__enter__r��__exit__)r�r�rrr�setUp�szSimpleBackgroundTests.setUpcCs�tt�tj�tjd��8}|�|j�|�i|���|�	|j
�Wd�n1sT0Ytt�tj�tjtd��6}|�|j�|�
|���|�	|j
�Wd�n1s�0YdS)Nr��r�r�)r�r�r'rr�rJr�r��getpeercertr�rFr�r�rr�rrr�test_connect�s�*�z"SimpleBackgroundTests.test_connectcCs<tt�tj�tjd�}|�|j�|�tjd|j	|j
�dS)Nr��certificate verify failed)r�r�r'rr�r�r�r�r�rJr�r�rrr�test_connect_fail�s�
�z'SimpleBackgroundTests.test_connect_failcCsJtt�tj�tjtd�}|�|j�|�d|�	|j
��|�|���dS)Nr�r)
r�r�r'rr�r�r�r�r�r�r�rr�r�rrr�test_connect_ex�s�z%SimpleBackgroundTests.test_connect_exc	Cs�tt�tj�tjtdd�}|�|j�|�d�|�	|j
�}|�|dtj
tjf�t�g|ggd�z|��Wq�Wqdtjy�t�|gggd�Yqdtjy�t�g|ggd�Yqd0qd|�|���dS)NF)r�r�rzrr?)r�r�r'rr�r�r�r�rkr�r�r�rNZEINPROGRESSr��selectrmrl�SSLWantWriteErrorrr��r�r�r�rrr�test_non_blocking_connect_ex�s$�
z2SimpleBackgroundTests.test_non_blocking_connect_excCst�tj�}|�t�tj���,}|�|j�|�i|�	��Wd�n1sP0Y|jt�tj�dd��}|�|j�Wd�n1s�0Ytj
|_|�t
�|�t�tj���.}|�|j�|�	�}|�|�Wd�n1s�0YdS)N�dummyru)rr[rOr�r�r'rJr�r�r�r�r�r�r�r�r�rIr�r[rrr�test_connect_with_contexts.�*
z/SimpleBackgroundTests.test_connect_with_contextcCsLt�tj�}tj|_|�t�tj��}|�|j	�|�
tjd|j|j
�dS)Nr�)rr[rOr�r�r�r�r'r�r�r�r�rJr�)r�rIr�rrr�test_connect_with_context_fail!s
�z4SimpleBackgroundTests.test_connect_with_context_failcCs�t�tj�}tj|_|jtd�|�t�tj	���.}|�
|j�|��}|�
|�Wd�n1sf0Yt�tj�}tj|_|jtd�|�t�tj	���.}|�
|j�|��}|�
|�Wd�n1s�0YdS)Nr)rr[rOr�r�r�r�r�r�r'rJr�r�rrr�rrr�test_connect_capath,s(z)SimpleBackgroundTests.test_connect_capathcCs tt��}|��}Wd�n1s&0Yt�|�}t�tj�}tj|_|j	|d�|�
t�tj���.}|�
|j�|��}|�|�Wd�n1s�0Yt�tj�}tj|_|j	|d�|�
t�tj���.}|�
|j�|��}|�|�Wd�n1�s0YdS)Nr!)r@r�rArrr[rOr�r�r�r�r�r'rJr�r�r)r�rCrrHrIr�r[rrr�test_connect_cadataCs"
&
(z)SimpleBackgroundTests.test_connect_cadatar,z*Can't use a socket as a file under WindowscCs�tt�tj��}|�|j�|��}|��}|��t�	|d�|��t
��|�t
��}t�	|d�Wd�n1s|0Y|�|jjtj�dSr�)r�r�r'rJr��fileno�makefiler�rrArArBr�r1r�rMrN�EBADF)r�r,�fdrCrerrr�test_makefile_closeXs*z)SimpleBackgroundTests.test_makefile_closecCs�t�tj�}|�|j�|�d�t|tjdd�}|�|j	�d}z|d7}|�
�Wq�WqBtjy~t�|ggg�YqBtj
y�t�g|gg�YqB0qBtjr�tj�d|�dS)NF�r�rzrrz9
Needed %d calls to do_handshake() to establish session.
)r�r'rJr�rkr�rr�r�r�rmrlr�r�rrmrkrnro)r�r��countrrr�test_non_blocking_handshakeks&
�z1SimpleBackgroundTests.test_non_blocking_handshakecCst|g|j�Rdti�dS)Nr[)�_test_get_server_certificater�r�r�rrr�test_get_server_certificate�sz1SimpleBackgroundTests.test_get_server_certificatecCst|g|j�R�dSr)�!_test_get_server_certificate_failr�r�rrr� test_get_server_certificate_fail�sz6SimpleBackgroundTests.test_get_server_certificate_failc	Cstt�tj�tjdd��}|�|j�Wd�n1s:0Ytt�tj�tjdd��}|�|j�Wd�n1s~0Y|�tjd��Xt�tj��,}t|tjdd�}|�|j�Wd�n1s�0YWd�n1s�0YdS)Nr�)r�r�r�r�r�)	r�r�r'rr�rJr�r�r�)r�r�r�rrrr��s �*�*�z"SimpleBackgroundTests.test_cipherscCs�t�tj�}|jtd�|�|��g�|jt�tj	�dd��.}|�
|j�|��}|�
|�Wd�n1sr0Y|�t|���d�dS)Nrr'rur)rr[rQr�r�r�rGr�r�r'rJr�r�rrSr�rrr�test_get_ca_certs_capath�s�(z.SimpleBackgroundTests.test_get_ca_certs_capathcCs�t�tj�}|jtd�t�tj�}|jtd�t�tj�}|j|dd��^}|�|j	�|�
|j|�|�
|jj|�||_|�
|j|�|�
|jj|�Wd�n1s�0YdS)Nrr'ru)
rr[rQr�r�r�r'r�rJr�r�r��_sslobj)r�Zctx1Zctx2r�r,rrr�test_context_setget�sz)SimpleBackgroundTests.test_context_setgetc
Os�|�dtj�}t��|}d}	t��|kr4|�d�d}
|	d7}	z||�}Wn@tjy�}z&|jtj	tj
fvrr�|j}
WYd}~n
d}~00|��}
|�|
�|
dur�q�q|
tj	kr|�
d�}
|
r�|�|
�q|��qtjr�tj�d|	|jf�|S)NrBrri�z"Needed %d calls to complete %s().
)�getr�
SHORT_TIMEOUTr��	monotonicr�rr�rNrnZSSL_ERROR_WANT_WRITErA�sendallr2rorzrmrkrnr�)r�r��incoming�outgoingrar_r�rB�deadliner�rN�retre�bufrrr�ssl_io_loop�s:
�



�z!SimpleBackgroundTests.ssl_io_loopcCs�t�tj�}|�|j�|�|j�t��}t��}t�tj	�}|�
|j�|�|j
tj�|�t�|�||dt�}|�|jj|�|�|���|�|���|�|���|�t|j�dtjvr�|�|�d��|� ||||j!�|�
|���|�|���|�|���|�
|���dtjv�r>|�
|�d��z|� ||||j"�Wntj#�yjYn0|�tj$|j%d�dS)NFr�r9)&r�r'r�r�rJr�rr[r[rQrr�r�r�r�r�r�rZr�r�r��ownerr��cipherr0�assertIsNotNone�shared_ciphersr�r�r�r�r}r�rmr�ZSSLSyscallErrorr�ro)r�r�r�r�rI�sslobjrrr�test_bio_handshake�s>

�
z(SimpleBackgroundTests.test_bio_handshakecCs�t�tj�}|�|j�|�|j�t��}t��}t�tj	�}tj
|_|�||d�}|�
||||j�d}|�
||||j|�|�
||||jd�}|�|d�|�
||||j�dS)NF�FOO
�sfoo
)r�r'r�r�rJr�rr[r[rOr�r�rZr�rmrorAr�r�)r�r�r�r�rIr�Zreqr�rrr�test_bio_read_write_data�sz.SimpleBackgroundTests.test_bio_read_write_dataN)r�r�r��__doc__r�r�r�r�r�r�r�r�r�r^r^rrr�r�r�r�r�r�rbr�r�r�r�rrrrr��s,
	

%"r��networkc@s*eZdZdd�Ze�ejd�dd��ZdS)�NetworkedTestscCs�t�t���tt�tj�tjdd�}|�|j	�|�
d�|�tdf�}|dkr\|�d�n|t
jkrp|�d�|�|t
jt
jf�Wd�n1s�0YdS)NFr�gH�����z>�rz!REMOTE_HOST responded too quicklyzNetwork unreachable.)r�transient_internet�REMOTE_HOSTr�r�r'rr�r�r�r@r�r�rNZENETUNREACHr��EAGAINr�r�rrr�test_timeout_connect_ex
	s�


z&NetworkedTests.test_timeout_connect_exz
Needs IPv6cCsFt�d��(t|dd�t|dd�Wd�n1s80YdS)Nzipv6.google.comr�)rr�r�r�r�rrr� test_get_server_certificate_ipv6	sz/NetworkedTests.test_get_server_certificate_ipv6N)	r�r�r�r�r^r�rrrr�rrrrr�
	sr�cCslt�||f�}|s$|�d||f�tj||f|d�}|sL|�d||f�tjrhtj�d|||f�dS)NzNo server certificate on %s:%s!�r�z&
Verified certificate for %s:%s is
%s
)r�get_server_certificater�rrmrkrnro)�testrnr�r[rrrrr�$	sr�c
Cslztj||ftd�}Wn<tjyR}z"tjr>tj�d|�WYd}~nd}~00|�	d|||f�dS)Nr�z%s
z$Got server certificate %s for %s:%s!)
rr�r�r�rrmrkrnror�)r�rnr�r�xrrrr�/	s&r�)�make_https_serverc@sReZdZGdd�dej�Zddd�Zdd	�Zd
d�Zddd
�Z	dd�Z
dd�ZdS)r�c@s@eZdZdZdd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dS)z$ThreadedEchoServer.ConnectionHandlerz�A mildly complicated class, because we want it to work both
        with and without the SSL wrapper around the socket connection, so
        that we can test the STARTTLS functionality.cCs@||_d|_||_||_|j�d�d|_tj�|�d|_	dS�NFT)
r��runningr��addrrk�sslconn�	threading�Thread�__init__�daemon)r�r�Zconnsockr�rrrr�D	sz-ThreadedEchoServer.ConnectionHandler.__init__c
Cs0zD|jjj|jdd�|_|jj�|j���|jj�|j�	��W�n�t
ttfy�}zL|jj
�t|��|jjr�tdt|j�d�d|_|��WYd}~dSd}~0tjtf�y>}zr|jj
�t|��|jj�r�tdt|j�d�|jtjk�r(tjdk�r(d|_|j��|��WYd}~dSd}~00|jj�|j���|jjjtjk�r�|j� �}t!j"�r�|jj�r�tj#�$dt%�&|�d�|j� d�}t!j"�r�|jj�r�tj#�$d	tt'|��d
�|j�(�}t!j"�r(|jj�r(tj#�$dt|�d�tj#�$dt|j���d�dSdS)
NTrEz'
 server:  bad connection attempt from z:
F�darwinz client cert is r�z cert binary is z bytes
z" server: connection cipher is now z" server: selected protocol is now ))r�r�r�r�r��selected_npn_protocols�append�selected_npn_protocol�selected_alpn_protocols�selected_alpn_protocol�ConnectionResetError�BrokenPipeError�ConnectionAbortedError�conn_errorsrL�chattyrqr�r�r�r�rr�r1rNZ
EPROTOTYPErkr��stopr�r�r�r�rrmrnror�r�rSr�)r�rer[Zcert_binaryr�rrr�	wrap_connN	sN�



��z.ThreadedEchoServer.ConnectionHandler.wrap_conncCs |jr|j��S|j�d�SdS)Nr�)r�rAr�r2r�rrrrA�	s
z)ThreadedEchoServer.ConnectionHandler.readcCs"|jr|j�|�S|j�|�SdSr)r�ror�r6)r�r�rrrro�	sz*ThreadedEchoServer.ConnectionHandler.writecCs |jr|j��n
|j��dSr)r�r�r�r�rrrr��	sz*ThreadedEchoServer.ConnectionHandler.closec
Cs�d|_|jjs|��sdS|j�rԐz�|��}|��}|svd|_z|j��|_Wnt	ybYn0d|_|�
��np|dkr�tjr�|jj
r�tj�d�|�
�WdS|jjr�|dkr�tjr�|jj
r�tj�d�|�d�|��s�WdS�n�|jj�rd|j�rd|dk�rdtj�r&|jj
�r&tj�d	�|�d�|j��|_d|_tj�r�|jj
�r�tj�d
��n�|dk�r�tj�r�|jj
�r�tj�d�|j�d
�}|�t|��d�d��n2|dk�r8tj�r�|jj
�r�tj�d�z|j��Wn@tj�y*}z$|�t|��d�d�WYd}~nd}~00|�d�n�|dk�rj|j��du�r^|�d�n
|�d�n||dk�r�|j��}|�t|��d�d�nNtj�r�|jj
�r�|j�r�d�p�d}tj�d|||��|f�|�|���Wqttf�y4|jj�r"tj�r"tj�d�|j��|�
�d|_Yqtj�y�}zFd|jk�r�|jj�rvtj�rvtj�|jd�t�d��WYd}~qd}~0t	�y�|jj�r�t d�|�
�d|_|j�!�Yq0qdS)NTFsoverz" server: client closed connection
�STARTTLSz2 server: read STARTTLS from client, sending OK...
�OK
�ENDTLSz0 server: read ENDTLS from client, sending OK...
z* server: connection is now unencrypted...
s
CB tls-uniquez@ server: read CB tls-unique from client, sending our CB data...
r��us-ascii�
�PHAz( server: initiating post handshake auth
�HASCERT�TRUE
�FALSE
�GETCERTZ	encryptedZunencryptedz/ server: read %r (%s), sending back %r (%s)...
z Connection reset by peer: {}
Z!PEER_DID_NOT_RETURN_A_CERTIFICATEr�!tlsv13 alert certificate requiredzTest server failure:
)"r�r��starttls_serverr�rA�stripr�r�r�r1r�rrm�connectionchattyrkrnror}r�rp�verify_client_post_handshakerr�r�r�r�r�r��formatr�rhr_rqr�)r��msg�strippedr�rer[Zctype�errrrr�run�	s��

�


.


����

z(ThreadedEchoServer.ConnectionHandler.runN)
r�r�r�r�r�r�rAror�r�rrrr�ConnectionHandler>	s
>r�NTFcCs�|r||_n�t�|dur|ntj�|_|dur2|ntj|j_|rL|j�|�|r\|j�|�|rl|j�|�|	r||j�	|	�|
r�|j�
|
�||_||_||_
t��|_t�|j�|_d|_d|_g|_g|_g|_g|_tj�|�d|_dSr�)r�rr[rPr�r�r�r��set_npn_protocols�set_alpn_protocolsrGr�r�r�r�r�rr�r��flag�activer�r�r�r�r�r�r�r�)r�Zcertificater��certreqs�cacertsr�r�r�Z
npn_protocolsZalpn_protocolsr�r�rrrr�
sB���
zThreadedEchoServer.__init__cCs|�t���|j��|Sr��startr��Eventr��waitr�rrrr�+
s
zThreadedEchoServer.__enter__cGs|��|��dSr)r�r�r�r_rrrr�0
szThreadedEchoServer.__exit__cCs||_tj�|�dSr�r�r�r�r��r�r�rrrr�4
szThreadedEchoServer.startc
Cs
|j�d�|j��d|_|jr,|j��|jr�zT|j��\}}tjrf|j	rft
j�dt
|�d�|�|||�}|��|��Wq,tjy�Yq,ty�|��Yq,ty�}z0tjr�|j	r�t
j�dt
|�d�WYd}~q,d}~00q,|j��dS)Ng�������?Tz server:  new connection from r�z connection handling failed: )r�r@�listenr�r�r�r2rrmr�rkrnror�r�r�rr�rB�KeyboardInterruptr�r�r�)r�ZnewconnZconnaddr�handlerrerrrr�8
s6

���zThreadedEchoServer.runcCs
d|_dSr�)r�r�rrrr�S
szThreadedEchoServer.stop)NNNNTFFNNNN)N)r�r�r�r�r�r�r�r�r�r�r�r�rrrrr�<	sI�
%
r�c@sXeZdZGdd�dej�Zdd�Zdd�Zdd�Zd	d
�Z	ddd
�Z
dd�Zdd�ZdS)�AsyncoreEchoServerc@s6eZdZGdd�dej�Zdd�Zdd�Zdd�Zd	S)
zAsyncoreEchoServer.EchoServerc@s<eZdZdd�Zdd�Zdd�Zdd�Zd	d
�Zdd�Zd
S)z/AsyncoreEchoServer.EchoServer.ConnectionHandlercCs4t|d|dd�|_tj�||j�d|_|��dS)NTF)rFr�rz)r�r��asyncore�dispatcher_with_sendr��_ssl_accepting�_do_ssl_handshake)r��connr�rrrr�^
s�z8AsyncoreEchoServer.EchoServer.ConnectionHandler.__init__cCs*t|jtj�r&|j��dkr&|��qdS)NrT)rKr�rr�r|Zhandle_read_eventr�rrr�readablef
s
z8AsyncoreEchoServer.EchoServer.ConnectionHandler.readablec
Cs�z|j��Wn�tjtjfy*YdStjyD|��YStjyX�YnNty�}z0|j	dt
jkr�|��WYd}~SWYd}~nd}~00d|_dS)NrF)
r�rmrrlr�ZSSLEOFError�handle_closer�r1r_rNZECONNABORTEDr	�r�r�rrrr
l
s*zAAsyncoreEchoServer.EchoServer.ConnectionHandler._do_ssl_handshakecCsT|jr|��n@|�d�}tjr4tj�dt|��|sB|�	�n|�
|���dS)Nr�z server:  read %s from client
)r	r
r2rrmrkrnror�r�r6r�)r�r�rrr�handle_read{
s


z;AsyncoreEchoServer.EchoServer.ConnectionHandler.handle_readcCs$|��tjr tj�d|j�dS)Nz server:  closed connection %s
)r�rrmrkrnror�r�rrrr
�
sz<AsyncoreEchoServer.EchoServer.ConnectionHandler.handle_closecCs�dSrrr�rrrrq�
sz<AsyncoreEchoServer.EchoServer.ConnectionHandler.handle_errorN)	r�r�r�r�rr
rr
rqrrrrr�\
sr�cCs@||_t�tjtj�}t�|d�|_tj�	||�|�
d�dS)Nr&r�)r�r�r'�SOCK_STREAMrr�r�r�
dispatcherr�rrSrrrr��
s
z&AsyncoreEchoServer.EchoServer.__init__cCs(tjrtj�d|�|�||j�dS)Nz$ server:  new connection from %s:%s
)rrmrkrnror�r�)r�Zsock_objr�rrr�handle_accepted�
sz-AsyncoreEchoServer.EchoServer.handle_acceptedcCs�dSrrr�rrrrq�
sz*AsyncoreEchoServer.EchoServer.handle_errorN)	r�r�r�rrr�r�rrqrrrr�
EchoServerZ
s3rcCs8d|_d|_|�|�|_|jj|_tj�|�d|_dSr�)	r�r�rr�r�r�r�r�r�)r�r�rrrr��
s
zAsyncoreEchoServer.__init__cCsd|jj|jfS)Nz<%s %s>)�	__class__r�r�r�rrr�__str__�
szAsyncoreEchoServer.__str__cCs|�t���|j��|Srr�r�rrrr��
s
zAsyncoreEchoServer.__enter__cGsVtjrtj�d�|��tjr,tj�d�|��tjrFtj�d�tjdd�dS)Nz cleanup: stopping server.
z! cleanup: joining server thread.
z cleanup: successfully joined.
T)Z
ignore_all)	rrmrkrnror�rrZ	close_allrrrrr��
szAsyncoreEchoServer.__exit__NcCs||_tj�|�dSrrrrrrr��
szAsyncoreEchoServer.startcCs>d|_|jr|j��|jr:zt�d�WqYq0qdS)NTr)r�r�r�rZloopr�rrrr��
s
zAsyncoreEchoServer.runcCsd|_|j��dSr�)r�r�r�r�rrrr��
szAsyncoreEchoServer.stop)N)
r�r�r�rrrr�rr�r�r�r�r�rrrrrV
sD

rr�TFc
Cs�i}t||dd�}|��p|jt��||d���}	|	�t|jf�|t|�t|�fD]�}
|rrtj	rrt
j�d|�|	�|
�|	�
�}|r�tj	r�t
j�d|�||��krTtd|dd�t|�|dd���t|�f��qT|	�d	�|r�tj	r�t
j�d
�|�|	��|	��|	��|	��|	��|	��|	j|	jd��|	��Wd�n1�sR0Y|j|d<|j|d
<|j|d<Wd�n1�s�0Y|S)zW
    Launch a server, connect a client to it and try various reads
    and writes.
    F�r�r�r�)rv�session� client:  sending %r...
� client:  read %r
�4bad data <<%r>> (%d) received; expected <<%r>> (%d)
N��over
� client:  closing connection.
)�compressionr��peercert�client_alpn_protocol�client_npn_protocolr0�session_reusedr�server_alpn_protocols�server_npn_protocols�server_shared_ciphers)r�r�r�rJrKr�r�r~rrmrkrnrorAr��AssertionErrorrSr�rr�r�r�r�r0r"rr�r�r�r�)r�r��indatar�r��sni_namerrMr�r��arg�outdatarrr�server_params_test�
sb�
��
���
�
(

*r+c
Cs�|durtj}tjdtjdtjdi|}tjr\|r6dp8d}tj�|t�	|�t�	|�|f�t�
|�}|j|O_t�
|�}	|	j|O_t�
|d�}
|
dur�t|	d�r�|tjkr�|	j|
kr�|
|	_|jtjkr�|�d�t|	|�||	fD]}||_|�t�|�t�q�zt||	d	d	d
�}WnXtj�y>|�r:�Yn�t�yx}
z"|�sb|
jtjk�rd�WYd}
~
nZd}
~
00|�s�tdt�	|�t�	|�f��n,|du�r�||d
k�r�td||d
f��dS)a<
    Try to SSL-connect using *client_protocol* to *server_protocol*.
    If *expect_success* is true, assert that the connection succeeds,
    if it's false, assert that the connection fails.
    Also, if *expect_success* is a string, assert that it is the protocol
    version actually used by the connection.
    Nr�r�r�z %s->%s %s
z
 {%s->%s} %s
rEr�F�r�r�z5Client protocol %s succeeded with server protocol %s!Tr0z%version mismatch: expected %r, got %r)rr�r�r�rrmrkrnroZget_protocol_namer[r��PROTOCOL_TO_TLS_VERSIONr�rFrOrErTrGrJr�r�r�r�r�r+r�r1rN�
ECONNRESETr&)Zserver_protocolZclient_protocol�expect_successZ	certsreqs�server_options�client_optionsZcerttypeZ	formatstrr�r�Zmin_versionrIrMrerrr�try_protocol_combo�
sx	����

���


�
���

�
�r2c@s�eZdZdd�Zdd�Ze�e�d�dd��Zdd	�Z	e�e
jd
�dd��Zd
d�Z
dd�Zdd�Zdd�Zed�dd��Zdd�Zdd�Zed�dd��Zdd �Zed!�d"d#��Zed$�d%d&��Zed'�d(d)��Zed*�d+d,��Zd-d.�Zd/d0�Zd1d2�Zd3d4�Zd5d6�Zd7d8�Z d9d:�Z!d;d<�Z"d=d>�Z#d?d@�Z$dAdB�Z%dCdD�Z&ed�dEdF��Z'e(ed*�dGdH���Z)e(ed'�dIdJ���Z*e(ed*�ed$�dKdL����Z+e(ed!�dMdN���Z,e�e
j-dO�dPdQ��Z.e�dRe
j/vdS�dTdU��Z0dVdW�Z1e�e2e
dX�dY�dZd[��Z3e�4e5d\�d]d^��Z6e�e7d_�e�4e8d`�dadb���Z9dcdd�Z:e�e
j;de�dfdg��Z<e�e
j;dh�didj��Z=dkdl�Z>e�e
j?dm�dndo��Z@dpdq�ZAdrds�ZBeCdtdu��ZDeCdvdw��ZEeCdxdy��ZFeCdzd{��ZGd|d}�ZHd~d�ZId�d��ZJd�d��ZKd�d��ZLd�S)��
ThreadedTestsc	Cs~tjrtj�d�tD]~}|tjtjhvr,qt	|�s6q|j
tj|d��<t�|�}|�
t�t|�t||ddd�Wd�q1s�0Yqt�\}}}|j
tjtjd��"t||dd|d�Wd�n1s�0Yd|_|j
tjtjd��b|�tj��"}t||dd|d�Wd�n1�s60Y|�d	t|j��Wd�n1�sh0Y|j
tjtjd��`|�tj�� }t||ddd
�Wd�n1�s�0Y|�d	t|j��Wd�n1�s�0Y|j
tjtjd��`|�tj�� }t||ddd
�Wd�n1�s>0Y|�d	t|j��Wd�n1�sp0YdS)z2Basic test of an SSL client connecting to a serverr�)rTTr,N)r�r�)r�r�r�r�r(Fz%called a function you should not call)r�r�r�r�)rrmrkrnror�rrQrPrUZsubTest�_PROTOCOL_NAMESr[r�r�rJr+r�r�r�r�r�rLrM)r�rTr�r�r�r�rerrr�	test_echoIsd

�&�$�&�$�&�$�&�zThreadedTests.test_echoc

Cs�tjrtj�d�t�\}}}t|dd�}|��X|jt��d|d��� }|�	t
|jf�|�t
��|��Wd�n1s�0Y|��|��}|�|d�|��}tjr�tj�t�|�d�tj�dt|�d�d|v�r|�d	t�|��d
|dv�r|�d�|�d|�|�d
|�t�|d�}t�|d
�}	|�||	�Wd�n1�sp0YWd�n1�s�0YdS)Nr�F�r�r�)rzrv�Can't get peer certificate.zConnection cipher is z.
r.z$No subject field in certificate: %s.r$zkMissing or invalid 'organizationName' field in certificate subject; should be 'Python Software Foundation'.r,r+)rrmrkrnror�r�r�r�rJrKr�r�r�r�rmrr�r�r�rLr�r�rr�r)
r�r�r�r�r�r�r[r��beforeZafterrrr�test_getpeercert{sF
�&
���zThreadedTests.test_getpeercertr�c
Cstjrtj�d�t�\}}}ttdd�}|�|j	tj
|B�t|dd�}|�f|jt
�
�|d��4}|�t|jf�|��}|�|d�Wd�n1s�0YWd�n1s�0Y|j	tjO_	t|dd�}|��|jt
�
�|d��P}|�tjd�� |�t|jf�Wd�n1�s00YWd�n1�sP0YWd�n1�sp0Y|�t�t|dd�}|�h|jt
�
�|d��4}|�t|jf�|��}|�|d�Wd�n1�s�0YWd�n1�s0YdS)	Nr�r�rTr6rur7r�)rrmrkrnror�rNrr�r�r�r�r�r�rJrKr�r�rr�r�r�r��CRLFILE)r�r�r�r�r�r�r�r[rrr�test_crl_check�sF
�H
��p

�zThreadedTests.test_crl_checkc
Cs�tjrtj�d�t�\}}}t|dd�}|�f|jt��|d��4}|�	t
|jf�|��}|�
|d�Wd�n1s|0YWd�n1s�0Yt|dd�}|��|jt��dd��N}|�tjd�� |�	t
|jf�Wd�n1s�0YWd�n1�s0YWd�n1�s>0Yt|dd�}|�rt���H}|�td��|�|�Wd�n1�s�0YWd�n1�s�0YWd�n1�s�0YdS)	Nr�Tr6rur7rsz:Hostname mismatch, certificate is not valid for 'invalid'.z'check_hostname requires server_hostname)rrmrkrnror�r�r�r�rJrKr�r�rr�rr]r�)r�r�r�r�r�r�r[rrrrT�s<
�H
��n
�z!ThreadedTests.test_check_hostnamez)test requires hostname_checks_common_namec
CsHt�\}}}|jsJ�d|_t|dd�}|�R|jt��|d�� }|�t|jf�Wd�n1sf0YWd�n1s�0Ytt�\}}}d|_t|dd�}|��|jt��|d��L}|�	t
j�� |�t|jf�Wd�n1s�0YWd�n1�s0YWd�n1�s:0YdS)NFTr6ru)r�r�r�r�r�rJrKr�r�r�r�SSLCertVerificationError�r�r�r�r�r�r�rrrr��s(

�L
�z.ThreadedTests.test_hostname_checks_common_namec	Cs�t�tj�}|�t�|�d�t}t�tj�}|�t	�t
|dd�}|��|jt��|d��Z}|�
t|jf�|��}|�|d�|��d�d�}|�|dd�d	�Wd�n1s�0YWd�n1s�0YdS�
NzECDHE:ECDSA:!NULL:!aRSATr6rur7r�-r�)ZECDHEZECDSA)rr[rQr�r�rG�SIGNED_CERTFILE_ECC_HOSTNAMErPr��SIGNED_CERTFILE_ECCr�r�r�rJrKr�r�rr��split�r�r�r�r�r�r�r[r�rrr�
test_ecc_certs"



�zThreadedTests.test_ecc_certc	Cst�tj�}|�t�|jtjO_|�d�t}t�tj	�}|�
t�|�
t�t
|dd�}|��|jt��|d��Z}|�t|jf�|��}|�|d�|��d�d�}|�|dd�d	�Wd�n1s�0YWd�n1s�0YdSr>)rr[rQr�r�r�r�rGr@rPr�rAr�r�r�r�rJrKr�r�rr�rBrCrrr�test_dual_rsa_eccs&




�zThreadedTests.test_dual_rsa_eccc	
Cs�tjrtj�d�t�tj�}|�t	�t�tj
�}tj|_d|_
|�t�gd�}|D]�\}}t|dd�}|��|jt��|d��P}|�|j|�|�t|jf�|��}|�|j|�|�|d�Wd�n1s�0YWd�qX1s�0YqXt|dd�}|��|jt��dd��N}|�tj�� |�t|jf�Wd�n1�s^0YWd�n1�s~0YWd�n1�s�0YdS)Nr�T))ukönig.idn.pythontest.net�xn--knig-5qa.idn.pythontest.net)rFrF)sxn--knig-5qa.idn.pythontest.netrF)u(königsgäßchen.idna2003.pythontest.net�.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)rGrG)s.xn--knigsgsschen-lcb0w.idna2003.pythontest.netrG)�.xn--knigsgchen-b4a3dun.idna2008.pythontest.netrH)s.xn--knigsgchen-b4a3dun.idna2008.pythontest.netrHr6rur7zpython.example.org)rrmrkrnrorr[rPr��IDNSANSFILErQr�r�r�r�r�r�r�r�r�rvrJrKr�r�rr�r])	r�r�r�Z
idn_hostnamesrvZexpected_hostnamer�r�r[rrr�test_check_hostname_idn1s:


�J
�z%ThreadedTests.test_check_hostname_idncCs6t�\}}}|�t�tj|_tjj|_t	|ddd�}|��|j
t��|d���}z|�t
|jf�Wn�tjy�}z"tjr�tj�d|�WYd}~nZd}~0ty�}z0|jtjkr��tjr�tj�d|�WYd}~nd}~00|�d�Wd�n1�s0YWd�n1�s(0YdS)z�Connecting when the server rejects the client's certificate

        Launch a server with CERT_REQUIRED, and check that trying to
        connect to it with a wrong client certificate fails.
        Trru�
SSLError is %r
N�
socket.error is %r
�'Use of invalid cert should have failed!)r�r�r�rr�r�rrZrWr�r�r�rJrKr�r�rrmrkrnror1rNr.r��r�r�r�r�r�r�rerrr�test_wrong_cert_tls12is0

�
��$&z#ThreadedTests.test_wrong_cert_tls12r�cCsVt�\}}}|�t�tj|_tjj|_tjj|_t	|ddd�}|��|j
t��|d���}|�t
|jf�z|�d�|�d�Wn�tjy�}z"tjr�tj�d|�WYd}~n\d}~0t�y}z0|jtjkr܂tjr�tj�d|�WYd}~nd}~00|�d�Wd�n1�s(0YWd�n1�sH0YdS)	NTrru�datar�rKrLrM)r�r�r�rr�r�rr�rEr�r�r�rJrKr�rorAr�rrmrkrnr1rNr.r�rNrrr�test_wrong_cert_tls13�s6


�
��
$&z#ThreadedTests.test_wrong_cert_tls13cs|t���t���t���t��t�����fdd�}����fdd�}tj|d�}|��z|�W|��n
|��0dS)ztA brutal shutdown of an SSL server should raise an OSError
        in the client when attempting handshake.
        cs8���������\}}|��������dSr)rr�r2r�)Znewsockr�)�
listener_gone�listener_readyr�rr�listener�sz2ThreadedTests.test_rude_shutdown.<locals>.listenerc	st���t���P}|�t�f����zt|�}WntyFYn0��d�Wd�n1sf0YdS)Nz2connecting to closed SSL socket should have failed)r�r�rJrKr�r1r�)r~�ssl_sock)rRrSr�r�rr�	connector�s
z3ThreadedTests.test_rude_shutdown.<locals>.connector��targetN)	r�r�r�rr�rKr�r�r)r�rTrVr!r)rRrSr�r�r�r�test_rude_shutdown�sz ThreadedTests.test_rude_shutdowncCs&tjrtj�d�t�tj�}|�t	�t�tj
�}t|dd�}|��|jt
�
�td���}z|�t|jf�Wnttjy�}zZd}|�|tj�|�|jd�|�|j|�|�|t|��|�dt|��WYd}~n
d}~00Wd�n1s�0YWd�n1�s0YdS)Nr�Tr6ruz&unable to get local issuer certificaterr�)rrmrkrnrorr[rPr�r�rQr�r�r�r�rJrKr�r�rr<r�Zverify_codeZverify_messager�r�)r�r�r�r�r�rer�rrr�test_ssl_cert_verify_error�s(

�z(ThreadedTests.test_ssl_cert_verify_errorrVcCs�tjrtj�d�ttjtjd�ttjtjdtj�ttjtjdtj	�ttjtj
d�td�rrttjtjd�ttjtj
d�t�r�ttjtj
dtjd�ttjtj
dtjd�ttjtj
dtjd�dS)z9Connecting to an SSLv2 server with various client optionsr�TFr�r1N)rrmrkrnror2r�PROTOCOL_SSLv2r�r�rOrR�PROTOCOL_SSLv3rr{r�r�r�r�rrr�test_protocol_sslv2�s&���z!ThreadedTests.test_protocol_sslv2c
Cs�tjrtj�d�td�rnzttjtj	d�Wn>t
yl}z&tjrXtj�dt|��WYd}~n
d}~00td�r�ttjtjd�ttjtjd�td�r�ttjtj
d�td�r�ttjtjdtj�ttjtjdtj�td�r�ttjtj
dtj�td��rttjtjdtj�ttjtjdtj�td��rJttjtj
dtj�td��rjttjtjdtjd	�ttjtjdtjtjBd	�td��r�ttjtj
dtjd	�dS)
z:Connecting to an SSLv23 server with various client optionsr�rVTz; SSL2 client to SSL23 server test unexpectedly failed:
 %s
NrFr)r0)rrmrkrnrorRr2rrOr\r1rLr]rr�r�r�r�r�)r�r�rrr�test_PROTOCOL_TLS
sL��


�
�
�zThreadedTests.test_PROTOCOL_TLSrcCs�tjrtj�d�ttjtjd�ttjtjdtj�ttjtjdtj	�t
d�rbttjtjd�ttjtjdtj
d�ttjtjd�t�r�ttjtjdtjd�dS)z9Connecting to an SSLv3 server with various client optionsr�rrVFr[N)rrmrkrnror2rr]r�r�rRr\rOr�rr{r�r�rrr�test_protocol_sslv3-
s�
�z!ThreadedTests.test_protocol_sslv3rcCs�tjrtj�d�ttjtjd�ttjtjdtj�ttjtjdtj	�t
d�rbttjtjd�t
d�rzttjtjd�ttjtj
dtjd�dS)z8Connecting to a TLSv1 server with various client optionsr�rrVFrr[N)rrmrkrnror2rrr�r�rRr\r]rOr�r�rrr�test_protocol_tlsv1?
s�z!ThreadedTests.test_protocol_tlsv1rcCs�tjrtj�d�ttjtjd�td�r:ttjtj	d�td�rRttjtj
d�ttjtjdtjd�ttjtjd�ttjtj
d�ttj
tjd�dS)zjConnecting to a TLSv1.1 server with various client options.
           Testing against older TLS versions.r��TLSv1.1rVFrr[N)rrmrkrnror2rrrRr\r]rOr��PROTOCOL_TLSv1_2r�rrr�test_protocol_tlsv1_1N
s�z#ThreadedTests.test_protocol_tlsv1_1rZcCs�tjrtj�d�ttjtjdtjtj	Btjtj	Bd�t
d�rPttjtjd�t
d�rhttjtjd�ttjtj
dtjd�ttj
tjd�ttj�r�ttjtjd�ttjtjd�ttj�r�ttjtjd�ttjtjd�dS)	zjConnecting to a TLSv1.2 server with various client options.
           Testing against older TLS versions.r��TLSv1.2)r0r1rVFrr[N)rrmrkrnror2rrcr�r�rRr\r]rOr�rUrrr�rrr�test_protocol_tlsv1_2`
s(

��

z#ThreadedTests.test_protocol_tlsv1_2c	Cs�d}ttdddd�}d}|��lt��}|�d�|�t|jf�tjrTt	j
�d�|D]�}tjrrt	j
�d|�|r�|�|�|��}n|�
|�|�d�}|����}|dkr�|�d	�r�tjr�t	j
�d
|�t|�}d}qX|dk�r|�d	��rtj�rt	j
�d|�|��}d}qXtjrXt	j
�d
|�qXtj�rHt	j
�d�|�rZ|�d�n
|�
d�|�rt|��n|��Wd�n1�s�0YdS)z6Switching from clear text to encrypted and back again.)smsg 1sMSG 2r�sMSG 3smsg 4r�smsg 5smsg 6T)r�r�r�Fr�rr�r�sokz/ client:  read %r from server, starting TLS...
r�z- client:  read %r from server, ending TLS...
z client:  read %r from server
rrN)r�r�r�rkrJrKr�rrmrkrnrorAr6r2r�r�rMr�r�r�)	r�Zmsgsr��wrappedr�r'rr*r�rrr�
test_starttlsx
sl�
�



�����

zThreadedTests.test_starttlscCs�t|td�}tjrtj�d�ttd��}|�	�}Wd�n1sF0Yd}d|j
tj�
t�df}tjtd�}tjj||d	�}zV|���d
�}|r�t|�dkr�|�	t|��}tjr�tj�dt|�|f�W|��n
|��0|�||�dS)
z8Using socketserver to create and manage SSL connections.rHr��rbNr&zhttps://localhost:%d/%sr�r��r�zcontent-lengthrz/ client: read %d bytes from remote server '%s'
)r�r�rrmrkrnror@r�rAr�rrrBrrPr��urllib�request�urlopen�infor�rrSr�r�)r�r�rCrr�urlr�Zdlenrrr�test_socketserver�
s.&�
��zThreadedTests.test_socketserverc	Cstjrtj�d�d}tt�}|��tt���}|�	d|j
f�tjrVtj�d|�|�|�|��}tjr~tj�d|�||��kr�|�
d|dd�t|�|dd���t|�f�|�d	�tjr�tj�d
�|��tjr�tj�d�Wd�n1�s0YdS)z'Check the example asyncore integration.r�r�r	rrrNrrrz client:  connection closed.
)rrmrkrnrorr�r�r�rJr�rAr�r�rSr�)r�r'r�r�r*rrr�test_asyncore_server�
s:�
���
z"ThreadedTests.test_asyncore_servercs�tjrtj�d�tttjtj	tddd�}|���t
t��dtttjtjd����
t|jf��fdd�}�fdd	�}d
�jdgtfd�jddgtfd
�jdgdd�fg}d�jdgfd�jddgfd|dgfd|dgfg}d}|D]�\}}}	}
}||�d�}zz||g|
�R�}
d�|�}|j|
||�|d����}||��k�rx|�dj||dd�t|�|dd�t|�d��Wq�t�y�}zH|	�r�|�dj|d��t|��|��s�|�dj||d��WYd}~q�d}~00q�|D]�\}}}	}
||�d�}zV��|�||
�}||��k�rR|�d j||dd�t|�|dd�t|�d��Wnjt�y�}zP|	�r~|�d!j|d��t|��|��s�|�dj||d�����WYd}~n
d}~00�q�d"}��|�tt|��}|���d#|�t|��|�||�t du�r>t j!t|�}|�"|�}��|�|����|�|�#t$�j%�|�#t$�j&d"g�|�#t$�j'd$�|�#t$�j(td$�g���d%�|�#t�jd#�|�#t�jd#���)�Wd�n1�s�0YdS)&z Test recv(), send() and friends.r�TF�r�r�r�r�r��rFr�r�r�r�cstd�}��|�}|d|�S�Nsd)r�r3)�br��r�rr�
_recv_into�
s
z0ThreadedTests.test_recv_send.<locals>._recv_intocs"td�}��|�\}}|d|�Sru)r�r5)rvr�r�rwrr�_recvfrom_intosz4ThreadedTests.test_recv_send.<locals>._recvfrom_intor6r7zsome.addressr�cSsdSrr)r�rrr�<lambda>
r�z.ThreadedTests.test_recv_send.<locals>.<lambda>r2r4r3r5ZPREFIX_r`zsending with {}�r�zpWhile sending with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d})
Nr)rr*Znoutr'Zninz>Failed to send with method <<{name:s}>>; expected to succeed.
rzFMethod <<{name:s}>> failed with unexpected exception message: {exp:s}
)r�expzrWhile receiving with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d})
zAFailed to receive with method <<{name:s}>>; expected to succeed.
rPr�r0r)*rrmrkrnror�r�rr�rPr�r�rQrJrKr�r6rSr7r�r2r4rpr�r�rAr�r�r�rLrMr��ctypesZc_ubyteZfrom_buffer_copyr�r8r9r:r;r<r�)r�r�rxryZsend_methodsZrecv_methodsZdata_prefixZ	meth_nameZ	send_methr/r_Zret_val_methr'r�r�r*reZ	recv_methr��bufferZubyteZ	byteslikerrwr�test_recv_send�
s����

��
��	����
��	����"



�
zThreadedTests.test_recv_sendcCs�tt�}|��|�|jdd�t�t|jf�}|�|j	�t
|dd�}|�|j	�|�d�|�|�
d�d�|�|�d�d�|�|��d�|�d�|�|�
d�d�|�|�t��d�dS)NF)Zsuppress_ragged_eofsrPrr�)r�r�r�r�r�r�rjrKr�r�r�r6r�r2rArkr3r�)r�r�r�rrr�test_recv_zeroqs

zThreadedTests.test_recv_zeroc	s�tttjtjtddd�}|��tt��dtttjtjd����t	|j
f���d�td����fdd�}|�
tjtjf|���d����Wd�n1s�0YdS)NTFrsrti cs����qdSr)r6r�r�r�rr�fill_buffer�sz8ThreadedTests.test_nonblocking_send.<locals>.fill_buffer)r�r�rr�rPr�r�rQrJrKr�rkr�r�r�rlr�)r�r�r�rr�r�test_nonblocking_send�s4��
��
z#ThreadedTests.test_nonblocking_sendcs"t�tj��d}t���}t���d����fdd�}tj|d�}|�����z�zBt�tj�}|�	d�|�
||f�|�tjdt
|�W|��n
|��0zBt�tj�}t
|�}|�	d�|�tjd|j
||f�W|��n
|��0Wd�|�����nd�|�����0dS)	Nr	Fcsb������g}�sLt��gggd�\}}}�|vr|����d�q|D]}|��qPdS)Ng�������?r)rr�r�r�r2r�)Zconnsr�wrer��Zfinishr��startedrr�serve�sz3ThreadedTests.test_handshake_timeout.<locals>.serverWg�������?z	timed outT)r�r'rr�r�r�r�r�r�r@rJr�rBr�r�r)r�rnr�r�r!r~rr�r�test_handshake_timeout�s@



�


�
�z$ThreadedTests.test_handshake_timeoutcst�tj�}tj|_|�t�|�t�t	�	t	j
��d}t���}|j
�dd��|��j�t���d�d�����fdd�}tj|d�}|�����|�
t	�	��}|�||f�|�d�|��|��}|��|��������|��tj�|��|�dS)Nr	TrEcs0���������\������d��dS)Nr�)rr�r2r6r2r�ZevtZpeerZremoter�rrr��sz/ThreadedTests.test_server_accept.<locals>.serverWrP)rr[rOr�r�r�r�r�r�r�r'rr�r�rrFr�r�r�r�r�rJr6r2r|r�rrr�r�)r�r�rnr�r�r!r�Zclient_addrrr�r�test_server_accept�s6



z ThreadedTests.test_server_acceptc	Cs�t�tj�}|�t����T}|�t��}|��Wd�n1sD0Y|�|j	j
t
j�Wd�n1st0YdSr)rr[rOr�r�r�r1r�r�rMrN�ENOTCONN�r�r�r�rPrrr�test_getpeercert_enotconn�s
&z'ThreadedTests.test_getpeercert_enotconnc	Cs�t�tj�}|�t����T}|�t��}|��Wd�n1sD0Y|�|j	j
t
j�Wd�n1st0YdSr)rr[rOr�r�r�r1rmr�rMrNr�r�rrr�test_do_handshake_enotconns
&z(ThreadedTests.test_do_handshake_enotconnc
Cs�t�\}}}|jtjO_|�d�|�d�t|d��|}|jt��|d��J}|�t	�� |�
t|jf�Wd�n1s�0YWd�n1s�0YWd�n1s�0Y|�
d|jd�dS)NZAES128�AES256rkruzno shared cipherr)r�r�rr�rGr�r�r�r�r1rJrKr�r�r�r=rrr�test_no_shared_cipherss


�jz$ThreadedTests.test_no_shared_ciphersc	Cst�tj�}d|_tj|_tttjdd���}|�	t
�
����}|�|��d�|�|j
d�|�t|jf�tr�td�r�|�|��d�n,tjdkr�|�|��d�n|�|��d�Wd�n1s�0Y|�|j
d�|�|��d�Wd�n1�s0YdS)	zt
        Basic tests for SSLSocket.version().
        More tests are done in the test_protocol_*() methods.
        F)r�r�Nr��TLSv1.3)rrr�re)rre)rr[rQr�r�r�r�r�rPr�r�r�r0r�rJrKr�rcrRr�rzr��r�r�r�r�rrr�test_version_basics&�
.z ThreadedTests.test_version_basicc	Cs�t�tj�}|�t�|jtjtjBtjBO_t	|d��v}|�
t����H}|�t
|jf�|�|��dhd��|�|��d�Wd�n1s�0YWd�n1s�0YdS)Nrkr>ZTLS_CHACHA20_POLY1305_SHA256ZTLS_AES_256_GCM_SHA384ZTLS_AES_128_GCM_SHA256r�)rr[rOr�r�r�r�r�r�r�r�r�rJrKr�r�r�r�r0r�rrr�test_tls1_31s
�zThreadedTests.test_tls1_3c	Cs�t�\}}}tjj|_tjj|_tjj|_tjj|_t|d��b}|jt	�	�|d��0}|�
t|jf�|�
|��d�Wd�n1s�0YWd�n1s�0YdS)Nrkrure)r�rrrrErZrWr�r�r�rJrKr�r�r0r=rrr�test_min_max_version_tlsv1_2Bs




�z*ThreadedTests.test_min_max_version_tlsv1_2c	Cs�t�\}}}tjj|_tjj|_tjj|_tjj|_t||�t	|d��b}|j
t��|d��0}|�t
|jf�|�|��d�Wd�n1s�0YWd�n1s�0YdS)Nrkrurb)r�rrrrErZrWrrJr�r�r�rJrKr�r�r0r=rrr�test_min_max_version_tlsv1_1Ss





�z*ThreadedTests.test_min_max_version_tlsv1_1c
Cs�t�\}}}tjj|_tjj|_tjj|_tjj|_t||�t|d���}|j	t
�
�|d��^}|�tj�� }|�
t|jf�Wd�n1s�0Y|�dt|j��Wd�n1s�0YWd�n1s�0YdS)NrkruZalert)r�rrrZrWrErrJr�r�r�r�r�rJrKr�r�rLrMrNrrr�test_min_max_version_mismatchds





�.z+ThreadedTests.test_min_max_version_mismatchc	Cs�t�\}}}tjj|_tjj|_tjj|_t||�t|d��b}|jt	�	�|d��0}|�
t|jf�|�
|��d�Wd�n1s�0YWd�n1s�0YdS)Nrkrur)r�rrrrErWrJr�r�r�rJrKr�r�r0r=rrr�test_min_max_version_sslv3ws




�z(ThreadedTests.test_min_max_version_sslv3z"test requires ECDH-enabled OpenSSLc	Cs�t�tj�}|�t�|jtjO_tjdkr:|�d�t	|d��b}|�
t����4}|�t
|jf�|�d|��d�Wd�n1s�0YWd�n1s�0YdS)N)rrrz
ECCdraft:ECDHrkZECDHr)rr[rOr�r�r�r�rzrGr�r�r�rJrKr�r�r�r�rrr�test_default_ecdh_curve�s


z%ThreadedTests.test_default_ecdh_curver�r�c		Cs�tjrtj�d�t�\}}}t|ddd�}|���|jt��|d���}|�	t
|jf�|�d�}tjrztj�d�
|��|�|�|��dkr�|�t|�d	�n|�t|�d
�|�d�|����}|�|t|��d��Wd
�n1s�0Y|jt��|d���}|�	t
|jf�|�d�}tj�rDtj�d�
|��|�||�|�|�|��dk�rz|�t|�d	�n|�t|�d
�|�d�|����}|�|t|��d��Wd
�n1�s�0YWd
�n1�s�0Yd
S)z Test tls-unique channel binding.r�TFrrur�z! got channel binding data: {0!r}
r��0�sCB tls-unique
r�Nz(got another channel binding data: {0!r}
)rrmrkrnror�r�r�r�rJrKr�r}r�r�r0r�rSrAr�r�rpr�)	r�r�r�r�r�r�Zcb_dataZpeer_data_reprZnew_cb_datarrrr��sf��
�

�"�
��

�z-ThreadedTests.test_tls_unique_channel_bindingcCsRt�\}}}t||dd|d�}tjr:tj�d�|d��|�|dhd��dS)NT�r�r�r(z got compression: {!r}
r>NZRLEZZLIB)	r�r+rrmrkrnror�r��r�r�r�r�rMrrr�test_compression�s�zThreadedTests.test_compressionr9z*ssl.OP_NO_COMPRESSION needed for this testcCsRt�\}}}|jtjO_|jtjO_t||dd|d�}|�|dd�dS)NTr�r)r�r�rr9r+r�r�rrr�test_compression_disabled�s�z'ThreadedTests.test_compression_disabledr+cCs�t�\}}}|jtjO_|�t�|�d�|jtjO_t||dd|d�}|dd}|�d�}d|vr�d|vr�d	|vr�|�	d
|d�dS)NZkEDHTr�r�rr?ZADHZEDHZDHEzNon-DH cipher: )
r�r�rr�r-r.rGr+rBr�)r�r�r�r�rMr��partsrrr�test_dh_params�s

�
zThreadedTests.test_dh_paramszneeds secp384r1 curve supportz TODO: Test doesn't work on 1.1.1cCst�\}}}|�d�|�d�|jtjtjBO_t||dd|d�}t�\}}}|�d�|�d�|jtjtjBO_t||dd|d�}t�\}}}|�d�|�d�|�d�|jtjtjBO_zt||dd|d�}Wntjy�Yn0t	�r|�
d�dS)Nr}zECDHE:!eNULL:!aNULLTr�r8zmismatch curve did not fail)r�rrGr�rr�r�r+r��IS_OPENSSL_1_1_0r�r�rrr�test_ecdh_curve�s<

�

�


�
zThreadedTests.test_ecdh_curvecCs2t�\}}}t||dd|d�}|�|dd�dS)NTr�r �r�r+r�r�rrr�test_selected_alpn_protocol"s�z)ThreadedTests.test_selected_alpn_protocolzALPN support requiredcCs@t�\}}}|�ddg�t||dd|d�}|�|dd�dS)Nr��barTr�r )r�r�r+r�r�rrr�/test_selected_alpn_protocol_if_server_uses_alpn*s�z=ThreadedTests.test_selected_alpn_protocol_if_server_uses_alpnz!ALPN support needed for this testc
Cs8gd�}ddgdfddgdfdgdfddgdfg}|D]�\}}t�\}}}|�|�|�|�zt||dd|d�}Wn*tjy�}	z|	}WYd}	~	n
d}	~	00|dur�tr�tjd	kr�|�|tj�q6d
t|�t|�t|�f}
|d}|�	|||
|df�t
|d
��r|d
dnd}|�	|||
|df�q6dS)N)r�r��	milkshaker�r�r�zhttp/3.0zhttp/4.0Tr�)rrrr��Kfailed trying %s (s) and %s (c).
was expecting %s, but got %%s from the %%sr r�r#r��nothingr�)r�r�r+rr�r�rzrrLr�rS)
r��server_protocols�protocol_tests�client_protocolsr�r�r�r�rMrer��
client_result�
server_resultrrr�test_alpn_protocols4sN


�

�
���
�
��
�z!ThreadedTests.test_alpn_protocolscCs2t�\}}}t||dd|d�}|�|dd�dS)NTr�r!r�r�rrr�test_selected_npn_protocol\s�z(ThreadedTests.test_selected_npn_protocolz NPN support needed for this testcCs�ddg}ddgdfddgdfddgdfddgdfg}|D]�\}}t�\}}}|�|�|�|�t||dd|d�}dt|�t|�t|�f}	|d	}
|�|
||	|
d
f�t|d�r�|ddnd
}|�|||	|df�q8dS)Nzhttp/1.1zspdy/2r��abc�defTr�r�r!r�r$r�r�r�)r�r�r+rLr�rS)r�r�r�r�r�r�r�r�rMr�r�r�rrr�test_npn_protocolsds4



�

���
��z ThreadedTests.test_npn_protocolscCsLt�tj�}|�t�t�tj�}|�t�t�tj�}|�t�|||fSr)	rr[rPr�r�r�rQr�r�)r�r��
other_contextr�rrr�sni_contexts~s


zThreadedTests.sni_contextscCs"|d}|�d|ff|d�dS)Nrr&r.)r�)r�rMrr[rrr�check_common_name�szThreadedTests.check_common_namecs�g�|��\}�}d|_��fdd�}|�|�t||ddd�}|��d|fg�|�|d�g�t||ddd�}|��d|fg�|�|t�g�|�d�t||ddd�}|�|t�|��g�dS)	NFcs ��||f�|dur�|_dSr)r�r��rUZserver_nameZinitial_context�Zcallsr�rr�
servername_cb�sz6ThreadedTests.test_sni_callback.<locals>.servername_cbT�supermessage�r�r(r5Znotfunny)r�r�r>r+r�r�r�)r�r�r�r�rMrr�rr?�s4
��
�zThreadedTests.test_sni_callbackcCsp|��\}}}dd�}|�|�|�tj�� }t||ddd�}Wd�n1sR0Y|�|jjd�dS)NcSstjSr)rZALERT_DESCRIPTION_ACCESS_DENIEDr�rrr�cb_returning_alert�szAThreadedTests.test_sni_callback_alert.<locals>.cb_returning_alertFr�r�ZTLSV1_ALERT_ACCESS_DENIED)	r�r>r�rr�r+r�rMrh)r�r�r�r�r�rPrMrrr�test_sni_callback_alert�s
�$z%ThreadedTests.test_sni_callback_alertc	Cs�|��\}}}dd�}|�|�t���l}|�tj�� }t||ddd�}Wd�n1s\0Y|�|j	j
d�|�|jjt
�Wd�n1s�0YdS)NcSsdddS)Nrrrr�rrr�
cb_raising�sz;ThreadedTests.test_sni_callback_raising.<locals>.cb_raisingFr�r�ZSSLV3_ALERT_HANDSHAKE_FAILURE)r�r>r�catch_unraisable_exceptionr�rr�r+r�rMrh�
unraisable�exc_type�ZeroDivisionError)r�r�r�r�r��catchrPrMrrr�test_sni_callback_raising�s

�$
�z'ThreadedTests.test_sni_callback_raisingc	Cs�|��\}}}dd�}|�|�t���l}|�tj�� }t||ddd�}Wd�n1s\0Y|�|j	j
d�|�|jjt
�Wd�n1s�0YdS)NcSsdS)Nr�rr�rrr�cb_wrong_return_type�szOThreadedTests.test_sni_callback_wrong_return_type.<locals>.cb_wrong_return_typeFr�r�ZTLSV1_ALERT_INTERNAL_ERROR)r�r>rr�r�rr�r+r�rMrhr�r�r�)r�r�r�r�r�r�rPrMrrr�#test_sni_callback_wrong_return_type�s

�$z1ThreadedTests.test_sni_callback_wrong_return_typec	s�t�\}}}|�d�|�d�gd�}t|||d�}|dd}|�t|�d�|D]*\�}}t�fdd�|D��sV|���qVdS)	Nz
AES128:AES256r�)r�zAES-256ZTLS_CHACHA20ZTLS_AES�r(r%rc3s|]}|�vVqdSrr)r�Zalgrrrr��r�z4ThreadedTests.test_shared_ciphers.<locals>.<genexpr>)r�rGr+�
assertGreaterrS�anyr�)	r�r�r�r�Z
expected_algsrMr�Ztls_version�bitsrrr�test_shared_ciphers�s

�z!ThreadedTests.test_shared_cipherscCs�t�\}}}t|dd�}|�Z|jt��|d�}|�t|jf�|��|�t	|j
d�|�t	|jd�Wd�n1s|0YdS)NFr6rur�shello)r�r�r�r�rJrKr�r�r�r�rAror=rrr�,test_read_write_after_close_raises_valuerror�s
�z:ThreadedTests.test_read_write_after_close_raises_valuerrorc
Cs0d}ttjd��}|�|�Wd�n1s00Y|�tjtj�t�tj�}tj	|_
|�t�|�
t�t|dd�}|��|�t����h}|�t|jf�ttjd��,}|�|�|�|�d�|�Wd�n1s�0YWd�n1�s0YWd�n1�s"0YdS)Nsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx�wbFr6rir�)r@r�TESTFNror��unlinkrr[rOr�r�r�r�r�r�r�r�r�rJrKr��sendfiler�r2)r�Z	TEST_DATArCr�r�r��filerrr�
test_sendfiles(


zThreadedTests.test_sendfilec
Cs@t�\}}}|jtjO_t|||d�}|d}|�|j�|�|jd�|�|j	d�|�|j
�tjdkr~|�|jd�|�
|d�|��}|�|dd�|�|dd�t||||d	�}|��}|�|dd
�|�|dd�|�|d�|d}|�|j|j�|�||�|�||�|�|j|j�|�|j	|j	�t|||d�}|�
|d�|d}|�|j|j�|�||�|��}|�|dd�|�|dd�t||||d	�}|�|d�|d}	|�|	j|j�|�|	|�|�|	j|j�|�|	j	|j	�|��}|�|dd�|�|dd
�dS)
Nr�rrr�r"r2rr3)rr(r�rr�)r�r�rr�r+r�idr�r�rBZ
has_ticketrzZticket_lifetime_hintr�r5r�ZassertIsNotrr�)
r�r�r�r�rMrZ	sess_statZsession2Zsession3Zsession4rrr�test_sessionsf�
���zThreadedTests.test_sessionc

Cs�t�\}}}t�\}}}|jtjO_|jtjO_t|dd�}|��H|jt��|d���}|�|jd�|�|j	d�|�
t|jf�|j}|�
|�|�t��}	t|_Wd�n1s�0Y|�t|	j�d�Wd�n1s�0Y|jt��|d��d}|�
t|jf�|�t��}	||_Wd�n1�sH0Y|�t|	j�d�Wd�n1�sz0Y|jt��|d��T}||_|�
t|jf�|�|jj|j�|�|j|�|�|j	d�Wd�n1�s�0Y|jt��|d��d}|�t��&}	||_|�
t|jf�Wd�n1�sH0Y|�t|	j�d�Wd�n1�sz0YWd�n1�s�0YdS)NFr6ruzValue is not a SSLSession.z#Cannot set session after handshake.Tz)Session refers to a different SSLContext.)r�r�rr�r�r�r�r�rr"rJrKr�rr�r�r)rLrMr�r�)
r�r�r�r�Zclient_context2r�r�r�rrerrr�test_session_handlingSs^
�
$0
�&�$
�.
�0�z#ThreadedTests.test_session_handlingN)Mr�r�r�r5r9r^r�r|r;rTrr�r�rDrErJrOrgrQrYrZr^r_r`rardrfrhrqrrrr�r�r�r�r�r�r�r�r�r_r�r�r�r�r~r�r�r�r�rFr�r^rar��HAVE_SECP_CURVESrcr�r�ZHAS_ALPNr�r�r�ZHAS_NPNr�r�r�rbr?r�r�r�r�r�r�r�r�rrrrr3Gs�2$�
(!�
8%
)
*



9
1)


�
:	�
	



%
	
'
	
(




:r3r�zTest needs TLS 1.3c@sTeZdZdd�Zdd�Zdd�Zdd�Zd	d
�Zdd�Zd
d�Z	dd�Z
dd�ZdS)�TestPostHandshakeAuthcCs�tjtjtjg}|D]�}t�|�}|�|jd�d|_|�|jd�tj|_|�|jtj�|�|jd�d|_|�|jtj�|�|jd�tj	|_d|_|�|jtj	�|�|jd�qdSr�)
rrOrPrQr[r��post_handshake_authr�r�r�)r�Z	protocolsrTrIrrr�test_pha_setter�s"�
z%TestPostHandshakeAuth.test_pha_setterc	Cs:t�\}}}d|_tj|_d|_|�t�t|dd�}|��|jt	�	�|d���}|�
t|jf�|�
d�|�|�d�d�|�
d�|�|�d�d	�|�
d�|�|�d�d
�|�
d�|�|�d�d	�|�
d�|�d��d
�}|�d|�Wd�n1�s0YWd�n1�s,0YdS)NTFr6rur�r�r�r�r�r�r�ir�r1)r�r�rr�r�r�r�r�r�r�rJrKr�ror�r2rqr�)r�r�r�r�r�r�Z	cert_textrrr�test_pha_required�s.

�




z'TestPostHandshakeAuth.test_pha_requiredcCst�\}}}d|_tj|_d|_t����}t|dd�}|��|jt	�	�|d��~}|�
t|jf�|�
d�|�|�d�d�|�
d�|�tjd	��|�d�Wd�n1s�0YWd�n1s�0YWd�n1s�0YWd�n1�s0YdS)
NTFr6rur�r�r�r�r�)r�r�rr�r�rZcatch_threading_exceptionr�r�r�rJrKr�ror�r2r�r�)r�r�r�r�rPr�r�rrr�test_pha_required_nocert�s(

�

�z.TestPostHandshakeAuth.test_pha_required_nocertc	Cstjrtj�d�t�\}}}d|_tj|_	d|_|�
t�tj|_	t
|dd�}|��|jt��|d��t}|�t|jf�|�d�|�|�d�d�|�d	�|�|�d�d
�|�d�|�|�d�d�Wd�n1s�0YWd�n1�s0YdS)Nr�TFr6rur�r�r�r�r�r�)rrmrkrnror�r�rr�r�r�r�r�r�r�r�rJrKr�r�r2r=rrr�test_pha_optional�s*

�


z'TestPostHandshakeAuth.test_pha_optionalc	Cs�tjrtj�d�t�\}}}d|_tj|_	d|_t
|dd�}|��|jt��|d��t}|�
t|jf�|�d�|�|�d�d�|�d	�|�|�d�d
�|�d�|�|�d�d�Wd�n1s�0YWd�n1s�0YdS)Nr�TFr6rur�r�r�r�r�)rrmrkrnror�r�rr�r�r�r�r�rJrKr�r�r2r=rrr�test_pha_optional_nocert�s&
�


z.TestPostHandshakeAuth.test_pha_optional_nocertc
Cs�t�\}}}d|_tj|_|�t�t|dd�}|��|jt	�	�|d��r}|�
t|jf�|�
tjd��|��Wd�n1s�0Y|�d�|�d|�d��Wd�n1s�0YWd�n1s�0YdS)	NTFr6ruz
not serverr�sextension not receivedr�)r�r�rr�r�r�r�r�r�r�rJrKr�r�r�r�ror�r2r=rrr�test_pha_no_pha_clients

�&
z,TestPostHandshakeAuth.test_pha_no_pha_clientc	Cs�t�\}}}tj|_d|_|�t�t|dd�}|��|jt	�	�|d��t}|�
t|jf�|�
d�|�|�d�d�|�
d�|�|�d�d	�|�
d�|�|�d�d�Wd�n1s�0YWd�n1s�0YdS)
NTFr6rur�r�r�r�r�)r�rr�r�r�r�r�r�r�r�rJrKr�ror�r2r=rrr�test_pha_no_pha_servers"

�


z,TestPostHandshakeAuth.test_pha_no_pha_serverc	Cs�t�\}}}tj|_tjj|_d|_|�t	�t
|dd�}|�n|jt��|d��<}|�
t|jf�|�d�|�d|�d��Wd�n1s�0YWd�n1s�0YdS)NTFr6rur�sWRONG_SSL_VERSIONr�)r�rr�r�rrZrWr�r�r�r�r�r�rJrKr�ror�r2r=rrr�test_pha_not_tls13$s


�
z(TestPostHandshakeAuth.test_pha_not_tls13c	Cs:t}t�tj�}d|_|�t�d|_tj|_	t�tj
�}|�t�|�t�d|_tj
|_	t|dd�}|��|jt��|d���}|�t|jf�|�d�|�|�d�d�|�d�|�|�d�d	�|�d�|�|�d�d
�|�|��i�Wd�n1�s0YWd�n1�s,0YdS)NTFr6rur�r�r�r�r�r�)r�rr[rQr�r�r�r�r�r�rPr�r�r�r�r�r�rJrKr�ror�r2r�)r�r�r�r�r�r�rrr�test_bpo37428_pha_cert_none5s2



�


z1TestPostHandshakeAuth.test_bpo37428_pha_cert_noneN)r�r�r�r�r�r�r�r�r�r�r�r�rrrrr��sr��keylog_filenamez0test requires OpenSSL 1.1.1 with keylog callbackc@s�eZdZejfdd�Zee�e	d�dd���Z
ee�e	d�dd���Zee�ej
jd�e�e	d�d	d
����Zdd�Zd
d�Zdd�ZdS)�TestSSLDebugcCs8t|��}tt|��Wd�S1s*0YdSr)r@rSr�)r�ZfnamerCrrr�keylog_lines[s
zTestSSLDebug.keylog_linesr+cCs|�tjtj�t�tj�}|�|jd�|�	t
j�tj��tj|_|�|jtj�|�
t
j�tj��|�|��d�d|_|�|jd�|�ttf��(t
j�t
j�tj��|_Wd�n1s�0Y|�t��d|_Wd�n1s�0YdS)Nr)r�rr�r�rr[rQr�r�r�rr�isfilerr�r��IsADirectoryError�PermissionErrorr�abspathr�r�rrr�test_keylog_defaults_s �$z!TestSSLDebug.test_keylog_defaultsc	Cs�|�tjtj�t�\}}}tj|_t|dd�}|�R|jt��|d�� }|�	t
|jf�Wd�n1sn0YWd�n1s�0Y|�|�
�d�d|_tj|_t|dd�}|�R|jt��|d�� }|�	t
|jf�Wd�n1s�0YWd�n1�s0Y|�|�
�d�tj|_tj|_t|dd�}|�T|jt��|d�� }|�	t
|jf�Wd�n1�s�0YWd�n1�s�0Y|�|�
�d�d|_d|_dS)NFr6rur���)r�rr�r�r�r�r�r�r�rJrKr�r�r�rr=rrr�test_keylog_filenamewsB
�L
�N
�Pz!TestSSLDebug.test_keylog_filenamez.test is not compatible with ignore_environmentcCs�|�tjtj�tjj�tj	��ztjtj	d<|�
tj	dtj�t�tj
�}|�
|jd�t��}|�
|jtj�t��}|�
|jtj�Wd�n1s�0YdS)NZ
SSLKEYLOGFILE)r�rr�r�r^Zmockr$�dictr�environr�rr[rQr�rPrRr�rrr�test_keylog_env�szTestSSLDebug.test_keylog_envcCslt�\}}}dd�}|�|jd�||_|�|j|�|�t��t�|_Wd�n1s^0YdS)NcSsdSrr�r�	directionr0Zcontent_typeZmsg_typer�rrr�msg_cb�sz.TestSSLDebug.test_msg_callback.<locals>.msg_cb)r�r��
_msg_callbackr�r�r))r�r�r�r�r�rrr�test_msg_callback�szTestSSLDebug.test_msg_callbackc	s�t�\}}}|jtjO_g���fdd�}||_t|dd�}|�R|jt��|d�� }|�t	|j
f�Wd�n1s~0YWd�n1s�0Y��dtj
tjtjf����dtj
tjtjf��dS)Ncs@��|tj���|t���|ddh���||||f�dS)NrAro)rrr�r�r�r�r��r�r�rrr��sz4TestSSLDebug.test_msg_callback_tls12.<locals>.msg_cbFr6rurAro)r�r�rr�r�r�r�r�rJrKr�r�rrZrZ	HANDSHAKErZSERVER_KEY_EXCHANGEZCHANGE_CIPHER_SPEC)r�r�r�r�r�r�r�rr�r�test_msg_callback_tls12�s0
�L
��
��z$TestSSLDebug.test_msg_callback_tls12c	s�t�\}}}t�d�dd�}�fdd�}||_||_t|dd�}|��|jt��|d�� }|�t|jf�Wd�n1s�0Y|jt��|d�� }|�t|jf�Wd�n1s�0YWd�n1s�0YdS)	NrcSsdSrrr�rrrr��sz@TestSSLDebug.test_msg_callback_deadlock_bpo43577.<locals>.msg_cbcs
�|_dSrrkr;�Zserver_context2rr�sni_cb�sz@TestSSLDebug.test_msg_callback_deadlock_bpo43577.<locals>.sni_cbFr6ru)	r�r�Zsni_callbackr�r�r�rJrKr�)r�r�r�r�r�r�r�r�rr�r�#test_msg_callback_deadlock_bpo43577�s$

�.
�z0TestSSLDebug.test_msg_callback_deadlock_bpo43577N)r�r�r�rr�r��requires_keylogr^r^rar�r�rk�flags�ignore_environmentr�r�r�r�rrrrr�Ys 

"
�
r�c	Cs |�tjtjt�ddd��dS)N�iirr)�
setsockoptr��
SOL_SOCKET�	SO_LINGER�struct�pack)r�rrr�)set_socket_so_linger_on_with_zero_timeout�src@sBeZdZdZGdd�dej�Zdd�Zdd�Zdd	�Z	d
d�Z
dS)
�TestPreHandshakeClosezQVerify behavior of close sockets with received data before to the handshake.
    csFeZdZdd��fdd�
Zdd�Zdd�Z�fd	d
�Zdd�Z�ZS)
z6TestPreHandshakeClose.SingleConnectionTestServerThreadN)rBcsH||_d|_d|_d|_d|_|dur0tj|_n||_t�j	|d�dS)Nr�r)
�call_after_accept�
received_data�
wrap_errorrTr�rr�rB�superr�)r�rrrB�rrrr��s
z?TestPreHandshakeClose.SingleConnectionTestServerThread.__init__cCs|��|Sr)r�r�rrrr�sz@TestPreHandshakeClose.SingleConnectionTestServerThread.__enter__cGs:z|jr|j��Wnty&Yn0|��d|_dSr)rTr�r1rrrrrrr�
sz?TestPreHandshakeClose.SingleConnectionTestServerThread.__exit__csxt�tjj�|_tj|j_|jjtd�|jj	tt
d�t��|_t
�|j�|_|j�|j�|j�d�t���dS)NrjrIr)rrPr�r��ssl_ctxr�r�r�rr�rr�rTrr�r�r@rBrr	r�r�r
rrr�s

z<TestPreHandshakeClose.SingleConnectionTestServerThread.startcCs�zBz|j��\}}Wn ty4YW|j��dS0W|j��n|j��0|��|�|�rpWd�dSz|jj|dd�}Wn*ty�}z||_WYd}~n.d}~00z|�	d�|_
Wnty�Yn0Wd�n1s�0YdS)NTrE�)rTr2�TimeoutErrorr�rrr�r1rr2r)r�r�addressZ
tls_socketr�rrrr�s$
�
z:TestPreHandshakeClose.SingleConnectionTestServerThread.run)	r�r�r�r�r�r�r�r��
__classcell__rrr
r� SingleConnectionTestServerThread�s
	rcCsrtjdkrdSt|t�sFt|t�r.|jtjksFt�dt	|dd�tj
�rnz |�dtj�d|���Wd}nd}0dS)N�linuxzwrong.version.numberrhr&z!Could not recreate conditions on z: err=)rkr�rKr�r1rN�EINVAL�re�searchrN�Ir�rrrr�"non_linux_skip_if_other_okay_error4s

�
���
z8TestPreHandshakeClose.non_linux_skip_if_other_okay_errorcsPt���t�����fdd�}|j|dd�}|��|�|j�t���L}|�|j�	��t
|�|�d����|�
d�|��Wd�n1s�0Y���|��|j}d|_z�|�d|j�|�|t�|�|�|�|tj�|�d|jd	�|�d|j�|�d
|jd
�|j|jdd�Wd}d}n
d}d}0dS)
Ncs �����tj�std��dS)Nz+wrap_socket event never set, test may fail.F)r�r�rr��RuntimeError)Zunused�Zready_for_server_wrap_socketZserver_accept_calledrrrQszPTestPreHandshakeClose.test_preauth_data_to_tls_server.<locals>.call_after_acceptZpreauth_data_to_tls_server�rrFsDELETE /data HTTP/1.0

r��before TLS handshake with datarr�attr must existr{)r�r�rr�r�r�r�rJrTr|rrkr�r6r�r�rrr�rrr1rrr�r�r_rhr�r�rg)r�rr�r�rrrr�test_preauth_data_to_tls_serverMsB�


&
�z5TestPreHandshakeClose.test_preauth_data_to_tls_serverc	s�t���t�����fdd�}|j|dd�}|��|�|j�t|j�t����}|�	|j�
�������t
j�s�|�d�t��}z|j|dd�}Wn,ty�}z|}d}WYd}~n d}~00d}|�d	�}|��Wd�n1s�0Y|��z~|�d|�|�|t�|�|�|�|tj�|�d
|jd�|�d
|j�|�d|jd�|j|j d
d�Wd}d}n
d}d}0dS)Ncs:��tj�std�t|�|�d�|�����dS)Nz ERROR: test client took too longsWHTTP/1.0 307 Temporary Redirect
Location: https://example.com/someone-elses-server

T)r�rr��printrr6r�r��Zconn_to_client�Z$client_can_continue_with_wrap_socketZ$server_can_continue_with_wrap_socketrrr~s�zPTestPreHandshakeClose.test_preauth_data_to_tls_client.<locals>.call_after_acceptZpreauth_data_to_tls_clientrztest server took too longr'rur�rrrrrr{)!r�r�rr�r�r�rrTr�rJr|r�r�rr�r�rrPr�r1r2r�rr�rrr�r�r_rhr�r�rg)	r�rr�r�rZ
tls_clientr�rrrrr�test_preauth_data_to_tls_clientzsP�


�

&
�z5TestPreHandshakeClose.test_preauth_data_to_tls_clientcs�t���G�fdd�dtjj�}�fdd�}d}|j|d|d�}|��|�|j�t	|j
�||j
��d|jt
��|d	�}|�t��,|jd
ddd
id�|��}Wd�n1s�0Y|��dS)NcseZdZ�fdd�ZdS)zeTestPreHandshakeClose.test_https_client_non_tls_response_ignored.<locals>.SynchronizedHTTPSConnectioncsFtjj�|���tj�s,tjr,tj	�
d�|jj|j
|jd�|_
dS)Nz"server_responding event never set.ru)�httpr�ZHTTPConnectionrJr�rr�rmrkrnroZ_contextr�r�rnr��Zserver_respondingrrrJ�s�zmTestPreHandshakeClose.test_https_client_non_tls_response_ignored.<locals>.SynchronizedHTTPSConnection.connectN)r�r�r�rJrr"rr�SynchronizedHTTPSConnection�sr#cs&t|�|�d�|�����dS)Ns!HTTP/1.0 402 Payment Required

T)rr6r�r�rr"rrr�s�z[TestPreHandshakeClose.test_https_client_non_tls_response_ignored.<locals>.call_after_acceptg@Znon_tls_http_RST_responder)rrrBr)r�r�rBZHEADz/testZHostr')Zheaders)r�r�r!r�ZHTTPSConnectionrr�r�r�rrTr|r�rrPr�r1rmZgetresponser)r�r#rrBr��
connection�responserr"r�*test_https_client_non_tls_response_ignored�s,
�
�&z@TestPreHandshakeClose.test_https_client_non_tls_response_ignoredN)r�r�r�r�r�r�rrrr r&rrrrr�s<-<rcCstjr�tjtjd�}|��D]*\}}|�}|r|drd||f}qTqtt���}tdtj	tj
f�td|�tdtj�tdtj�ztdtj
�Wnty�Yn0ttttttttttttfD]}tj�|�s�t�d	|��q�t��}t j!tj"g|�R�dS)
N)ZMacZWindowsrz%s %rztest_ssl: testing with %r %rz          under %sz          HAS_SNI = %rz          OP_ALL = 0x%8xz          OP_NO_TLSv1_1 = 0x%8xzCan't read certificate file %r)#rrmr�Zmac_verZ	win32_ver�itemsr�rrrrzr�r�r�r�r�rrrrrr�r�r�r�BADKEYrrr�existsZ
TestFailedZthreading_setupr^ZaddModuleCleanupZthreading_cleanup)ZplatsrraZplat�filename�thread_inforrr�setUpModule�s:�
��r,�__main__)N)r�TFNN)Nrr)�rkr^Z
unittest.mockr�rZtest.supportrrrr�r�rr�r�rAZhttp.clientr!rrNr�Zurllib.requestrlr�rirr(r�Z	sysconfigrcr}�ImportError�
import_modulerrrrrFZPy_DEBUGrar�r4r�rKrrMr`rzr�rcrYZget_config_varr
r-r��verrNr�rr��fsencoderrrrrrrrr�rr'r
r�r:r�r�r�r�r�rAr@r�r
rIr�r�r�rrrLr(r�rr�r.r/r9r:r;r<r=r>rDrJrU�	lru_cacherRrgr�r[r_rqrwr{r|r�r�r�r�r�rbrOr�r�r�ZTestCaser�r�rdrqr�r�Zrequires_resourcer�r�r�Ztest.ssl_serversr�r�r�rr+r2r3r�Z
HAS_KEYLOGr�r�rrr,r��mainrrrr�<module>s�











��

	
	
(
��?6?0B
v�
3�
IKO�y#


Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists