RSSKJr SSKrSSKrSSKrSSKrSSKrSSKrSSKJ r SSK r SSK J r J r SSKJrJr SSKJr SSKJr SrSS jr\R.SSS jj5r\R.SS j5rS S!S jjrS S"S jjr\R.SSSjj5r\R.SSj5r\R.SS!Sjj5rS S!SjjrS S#SjjrS$Sjr"SS\5r"SS\5r"SS\5r"SS5r g)%) annotationsN)mock) DEFAULT_CA DEFAULT_CERTS)SocketDummyServerTestCaseconsume_socket)ssl_) SSLTransport<cV[[S5(a$[R"[R5nWR [ S[ S5 [[S5(a$[R"[R 5nWR[5 X4$)NPROTOCOL_TLS_SERVERcertfilekeyfilePROTOCOL_TLS_CLIENT) hasattrssl SSLContextr load_cert_chainrrload_verify_locationsr)server_contextclient_contexts =platform/gsutil/third_party/urllib3/test/test_ssltransport.pyserver_client_ssl_contextsrsws)**(?(?@""=#VWs)**(?(?@((4  ))cgNbinarys rsample_requestr "rcgrrrs rr r 'r!rc:SnU(aU$URS5$)NsYGET http://www.testing.com/ HTTP/1.1 Host: www.testing.com User-Agent: awesome-test utf-8decode)rrequests rr r ,s$  79'.."99rc2Uce[U5nX:Xdegr)r )provided_requestrexpected_requests rvalidate_requestr+6s'  '' '%f-  // /rcgrrrs rsample_responser->r!rcgrrrs rr-r-Cr!rcgrrrs rr-r-Hr!rc:SnU(aU$URS5$)Ns&HTTP/1.1 200 OK Content-Length: 0 r$r%)rresponses rr-r-Ms>H8;8??7#;;rc2Uce[U5nX:Xdegr)r-)provided_responserexpected_responses rvalidate_responser5Rs'  (( ('/  11 1rcURSS9n[U5[Lde[U5S:deUR5n[U5[LdeSU;deUSS:wdeg)NT) binary_formr serialNumber) getpeercerttypebyteslendict) ssl_socket binary_certcerts rvalidate_peercertrBZs|((T(:K   %% % { a    ! ! #D :   T !! !  2 %% %rc2\rSrSrSr\SSj5rSSSjjr\RR\ 5SSj5r \RR\ 5SSj5r \RR\ 5SSj5r\RR\ 5SS j5r\RR\ 5SS j5r\RR\ 5SS j5r\RR\ 5SS j5rS rg)SingleTLSLayerTestCaseezh Uses the SocketDummyServer to validate a single TLS layer can be established through the SSLTransport. c2[5uUlUlgrrrrclss r setup_class"SingleTLSLayerTestCase.setup_classk1K1M.C.rNc~^^^[R"5mSUUU4SjjnU(aUOUnTRUTS9 g)Nc@>UR5SnTRRUSS9n[UTS9nT(d SSS5 g[ U5 UR [ 55 SSS5 g!,(df  g=f![[4a gf=f)NrT server_side quit_event) acceptr wrap_socketrr+sendr-ConnectionAbortedErrorConnectionResetError)listenersockssockr'rRselfvalidates rsocket_handlerASingleTLSLayerTestCase.start_dummy_server..socket_handlervs??$Q'D ((44Tt4LPU,#-G$ ML%W-JJ01MLL+,@A  s:B A9B $A90B 9 BB B BBrQrX socket.socketreturnNone) threadingEvent _start_server)r[handlerr\r]chosen_handlerrRs` ` @rstart_dummy_server)SingleTLSLayerTestCase.start_dummy_serveros9 __&   %, >jArc[R"[R5n[R"5nUR 5 [ R "[5 [X5 SSS5 g!,(df  g=f)z=Errors generated from an unconnected socket should bubble up.N) socketAF_INETrcreate_default_contextclosepytestraisesOSErrorr )r[rYcontexts rtest_start_closed_socket/SingleTLSLayerTestCase.test_start_closed_socketsM}}V^^,,,. ]]7 #  '$ # #s $ A99 BcURSS9 [R"URUR45n[ XR SS9nUR5 [R"[5 URS5 SSS5 SSS5 g!,(df  N=f!,(df  g=f)z"Socket errors should be bubbled upF)r\ localhostserver_hostnamesblaaarghN) rhrkcreate_connectionhostportr rrnrorprqrU)r[rYrZs rtest_close_after_handshake1SingleTLSLayerTestCase.test_close_after_handshakes /''DII(>?  %%{  KKMw' ;'(   ('   s$+B/;B B/ B, (B// B=c\UR5 [R"URUR45n[ XR SS9nUR5ceUR[55 [U5n[U5 SSS5 g!,(df  g=f)z0Validates a single TLS layer can be established.rvrwN) rhrkryrzr{r rversionrUr rr5r[rYrZr1s rtest_wrap_existing_socket0SingleTLSLayerTestCase.test_wrap_existing_sockets !''DII(>?  %%{ ==?. .. JJ~' (%e,H h '    s AB B+cUR5 [R"URUR45n[ XR SS9n[R"[5 URSSS9 SSS5 UR[55 [U5n[U5 SSS5 g!,(df  NF=f!,(df  g=f)Nrvrwrr) buffering)rhrkryrzr{r rrorp ValueErrormakefilerUr rr5rs rtest_unbuffered_text_makefile4SingleTLSLayerTestCase.test_unbuffered_text_makefiles !''DII(>?  %%{ z*sa0+ JJ~' (%e,H h '  +*  s$C,B==7C= C C Cc^SU4SjjnTRU5 [R"TRTR45n[ UTR SS9nUR[55 [U5n[U5 UR5 UR[55 [U5n[U5 SSS5 g!,(df  g=f)zn Validates we can break up the TLS layer A full request/response is sent over TLS, and later over plain text. c>UR5SnTRRUSS9n[U5n[ U5 UR [ 55 UR5n[U5n[ U5 UR [ 55 SSS5 SSS5 SSS5 g!,(df  N=f!,(df  N(=f!,(df  g=fNrTrO)rSrrTrr+sendallr-unwrap)rXrYssl_sockr'unwrapped_sockr[s rshutdown_handlerLSingleTLSLayerTestCase.test_unwrap_existing_socket..shutdown_handlers"1%t/B/B/N/N$0O0(2 )  !23__&.,^  01  % %tyy$))&< = t':':KXE MM.* +%e,H h ' LLN LL) *%d+H h '> = =s BC C"crUR5 [R"URUR45n[ XR SS9nUR5n[U5[LdeUR5beUR5beUR5nUb#[U5[La[U5S:deUR5be[!U5 UR#[%55 ['U5n[)U5 SSS5 g!,(df  g=f)z)Ensures common ssl attributes are exposedrvrwNr)rhrkryrzr{r rcipherr;tupleselected_alpn_protocolselected_npn_protocolshared_cipherslistr= compressionrBrUr rr5)r[rYrZrrr1s rtest_ssl_object_attributes1SingleTLSLayerTestCase.test_ssl_object_attributess !''DII(>?  %%{ \\^F<5( ((//19 99..08 88"113N")^$,^1Dq1H $$&. .. e $ JJ~' (%e,H h '/   s CD(( D6cUR5 [R"URUR45n[ XR SS9nUR5ceSnURU5 UR5U:XdeURR5U:XdeUR[55 [U5n[U5 SSS5 g!,(df  g=f)z,Ensures common socket attributes are exposedrvrwN )rhrkryrzr{r rfileno settimeout gettimeoutrUr rr5)r[rYrZ test_timeoutr1s rtest_socket_object_attributes4SingleTLSLayerTestCase.test_socket_object_attributess !''DII(>?  %%{ <<>- --L   \ *##%5 55<<**, < << JJ~' (%e,H h '   s B C&& C4rrarb)NT)rfz-typing.Callable[[socket.socket], None] | Noner\boolrarb)__name__ __module__ __qualname____firstlineno____doc__ classmethodrJrhromarktimeoutPER_TEST_TIMEOUTrsr|rrrrr__static_attributes__rrrrDrDesI NN BFB>BB  B2 [[)*(+( [[)* (+ ( [[)* (+ ( [[)* (+ ( [[)* (+ (D [[)*(+(< [[)*(+(rrDcV\rSrSrSrSSjrS SjrS S SjjrSrg) SocketProxyDummyServerizL Simulates a proxy that performs a simple I/O loop on client/server socket. c@XlX l[5uUlngr)destination_server_hostdestination_server_portr server_ctx)r[rr_s r__init__SocketProxyDummyServer.__init__s(?$'>$79rc8^SU4SjjnTRU5 g)z Socket handler for the proxy. Terminates the first TLS layer and tunnels any bytes needed for client <-> server communicatin. cN>UR5SnTRRUSS9n[R"TR TR 45nTRX#5 UR5 UR5 SSS5 g!,(df  g=fr) rSrrTrkryrr_read_write_looprn)rXrY client_sock upstream_sockr[s r proxy_handlerASocketProxyDummyServer.start_proxy_handler..proxy_handler#s??$Q'D,,Tt,D & 8 81143O3OP! %%kA##%!!# EDDs AB B$Nr_re)r[rs` rstart_proxy_handler*SocketProxyDummyServer.start_proxy_handlers  $ =)rcXX/nX/nU(a[R"XEU5upgnU(agUHPn SupX:XaUn Un OUn Un X;dMU RU5n [U 5S:Xa gU RU 5 MR U(aMgg![R a  gf=f)N)NNr)selectrecvr=rUr SSLEOFError) r[r server_sockchunksinputsoutputreadablewritable exceptions read_socket write_socketbs rr'SocketProxyDummyServer._read_write_loop/s ++,2MM&&,Q )H ,6) #"-K#.L"-K#.L + ',,V4q6Q;#$))!,#f4?? s B1BB)(B))rrrN)rstrrintrarbr))rr`rr`rrrarb) rrrrrrrrrrrrrrs^ :'*:EH: :*, '"'#' '  ''rrct^\rSrSrSr\SSj5r\SSj5r\SU4Sjj5r\SSj5r \ RR\ 5SSj5r\ RR\ 5SSj5r\ RR\ 5\ RR!S S S /5SS j55r\ RR%\R("5S :HSS9\ RR\ 5SSj55r\ RR\ 5SSj5rSrU=r$)TlsInTlsTestCaseiYa. Creates a TLS in TLS tunnel by chaining a 'SocketProxyDummyServer' and a `SocketDummyServerTestCase`. Client will first connect to the proxy, who will then proxy any bytes send to the destination server. First TLS layer terminates at the proxy, second TLS layer terminates at the destination server. c2[5uUlUlgrrGrHs rrJTlsInTlsTestCase.setup_classcrLrc[URUR5UlURR 5 gr)rrzr{ proxy_serverrrHs rstart_proxy_server#TlsInTlsTestCase.start_proxy_servergs-2#((CHHE ,,.rcx>[US5(aURR5 [TU] 5 g)Nr)rrteardown_classsuper)rI __class__s rrTlsInTlsTestCase.teardown_classns- 3 ' '    + + -  rc8^SU4SjjnTRU5 g)zl Socket handler for the destination_server. Terminates the second TLS layer and send a basic HTTP response. cr>UR5SnTRRUSS9n[U5n[ U5 UR [ 55 SSS5 UR5 g!,(df  N=f![R[R[4a gf=fr) rSrrTrr+rUr-rrSSLZeroReturnErrorrqrn)rXrYrZr'rIs rr]ATlsInTlsTestCase.start_destination_server..socket_handler{s??$Q'D ''33Dd3Ku,U3G$W-JJ01L JJL LKOOS%;%;WE  s.B 0A9 B 9 BB B )B65B6Nr_r)rIr]s` rstart_destination_server)TlsInTlsTestCase.start_destination_serverts  .)rc UR5 UR5 [R"URR URR 45nURRUSS9n[X RSS9nUR5ceUR[55 [U5n[U5 SSS5 SSS5 g!,(df  N=f!,(df  g=f)z1 Basic communication over the TLS in TLS tunnel. rvrwN)rrrkryrrzr{rrTr rrUr rr5)r[rY proxy_sockdestination_sockr1s rtest_tls_in_tls_tunnel'TlsInTlsTestCase.test_tls_in_tls_tunnels %%' !''    # #T%6%6%;%; <  , , +- //!'//1=== %%n&67)*:;!(+     s%;C5AC$C5$ C2 .C55 DcUR5 UR5 [R"URR URR 45nURRUSS9n[R"[R5 [X RSS9 SSS5 SSS5 g!,(df  N=f!,(df  g=f)z? Provides a wrong sni hint to validate an exception is thrown. rvrw veryverywrongN)rrrkryrrzr{rrTrorprSSLCertVerificationErrorr )r[rYrs rtest_wrong_sni_hint$TlsInTlsTestCase.test_wrong_sni_hints %%' !''    # #T%6%6%;%; <  , , +- s;;< 3 3_=  =<  s$;%C C5C C C C%rNrcUR5 UR5 [R"URR URR 45nURRUSS9n[X0RSS9nURSU5nUR[55 UR5 [S5nURU5nUceUR!S5R#S5n[%USS 9 UR'5 SSS5 SSS5 g!,(df  N=f!,(df  g=f) zD Uses makefile with read, write and binary modes without buffering. rvrwrwbrNr$Fr)rrrkryrrzr{rrTr rwriter flush bytearrayreadintor&rstripr5rn) r[rrYrrfiler1wrote str_responses r&test_tls_in_tls_makefile_raw_rw_binary7TlsInTlsTestCase.test_tls_in_tls_makefile_raw_rw_binarys& %%' !''    # #T%6%6%;%; <  , , +- //!'00 B >+, $U+ h/((( (w7>>vF !,u=     s%;E BD8'E 8 E E  EWindowsz-Skipping windows due to text makefile support)reasoncUR5 UR5 [R"URR URR 45nURRUSS9n[X RSS9nURSSS9nURSSS9nUR[SS95 UR5 UR5n[U5[ LdeS U;a&[U5[ LdeUR#S S 5n[%USS9 S S S 5 S S S 5 g !,(df  N=f!,(df  g =f) zW Creates a separate buffer for reading and writing using text mode and utf-8 encoding. rvrwrr$)encodingwFr  z N)rrrkryrrzr{rrTr rrr rreadr;rreplacer5)r[rYrrr rr1s r test_tls_in_tls_makefile_rw_text1TlsInTlsTestCase.test_tls_in_tls_makefile_rw_textsC %%' !''    # #T%6%6%;%; <  , , +- //!'00w0G(11#1H N%89 99;H~,,,x' >S000'//f=H!(59!    s%;EB#E3E E E E#cFUR5 UR5 [R"URR URR 45nURRUSS9n[X RSS9nUR[55 [S5nURU5 URS5RS5n[!USS9 SSS5 SSS5 g!,(df  N=f!,(df  g=f) zW Valides recv_into and sendall also work as expected. Other tests are using recv/send. rvrwrr$rFrN)rrrkryrrzr{rrTr rr r recv_intor&rr5)r[rYrrr1rs r!test_tls_in_tls_recv_into_sendall2TlsInTlsTestCase.test_tls_in_tls_recv_into_sendalls %%' !''    # #T%6%6%;%; <  , , +- //! (()9:$U+ **84'w7>>vF !,u=    s%;DA D0D D D D rr)rz int | Nonerarb)rrrrrrrJrrrrorrrrr parametrizerskipifplatformsystemr rr __classcell__)rs@rrrYs\NN// !! **& [[)*,+,* [[)*+$ [[)* [[[4)45+: [[Y&> [[)*:+  :@ [[)*>+>rrc<\rSrSrSSjrSSjrSSjrSSjrSrg) TestSSLTransportWithMockic$Sn[R"5n[R"[R5n[ X#USS9nUR R[R[RUS9 UR(aeg)Nexample-domain.comFrxsuppress_ragged_eofsrw) rMockcreate_autospecr rr wrap_bioassert_called_withANYrr[rxrYrr ssl_transports rtest_constructor_params0TestSSLTransportWithMock.test_constructor_paramssv.yy{&&t7$ ?QV  ++ HHdhh , !55555rcSn[R"5n[R"[R5n[ X#USS9n[ R"[5 URSS9 SSS5 [ R"[5 UR[5SS9 SSS5 [ R"[5 UR[5SS9 SSS5 [ R"[5 URSSS9 SSS5 g!,(df  N=f!,(df  N=f!,(df  Nd=f!,(df  g=f)NrFr)flags)rrrr rr rorprrrrrrUr"s rtest_various_flags_errors2TestSSLTransportWithMock.test_various_flags_errorss.yy{&&t7$ ?QV ]]: &   Q  '']]: &  # #IKq # 9']]: &  ! !)+Q ! 7']]: &   t1  -' &' &' &' &' &s0!D#D4E E# D14 E E E$cSn[R"5n[R"[R5n[ X#USS9n[ R"[5 URSS9 SSS5 g!,(df  g=f)NrFrx)mode) rrrr rr rorprrr"s rtest_makefile_wrong_mode_error7TestSSLTransportWithMock.test_makefile_wrong_mode_error.sc.yy{&&t7$ ?QV ]]: &  " " " ,' & &s !A:: BcSn[R"5n[R"[R5n[ X#USS9n[R RUS5n[R"5Ul [R"[R5 URS5 SSS5 SSS5 g!,(df  N=f!,(df  g=f)NrFr _ssl_io_loopr')rrrr rr patchobjectrSSLError side_effectrorp_wrap_ssl_read)r[rxrYrrr#r1s rtest_wrap_ssl_read_error1TestSSLTransportWithMock.test_wrap_ssl_read_error8s.yy{&&t7$ ?QV ZZ  }n ='*||~L $s||,,,Q/-> =,,> =s$'?C&C 8C C C C(rNr) rrrrr$r)r.r7rrrrrrs 6.&- 0rr)raz%tuple[ssl.SSLContext, ssl.SSLContext]).)rztyping.Literal[True]rar<)rztyping.Literal[False]rar)T)rrraz bytes | str)r)rrztyping.Literal[False, True]rarb)r3zbytes | bytearray | strrrrarb)r?r rarb)! __future__rrrrkrrctypingunittestrrodummyserver.socketserverrrdummyserver.testcaserr urllib3.utilr urllib3.util.ssltransportr rroverloadr r+r-r5rBrDrrrrrrrAsB"   >J2 *:HL00)D0 0< @D2.28<2 2&h(6h(VF6FRr>0r>j4040r