cheroot.test.test_ssl module

Tests for TLS support.

class cheroot.test.test_ssl.HelloWorldGateway(req)

Bases: Gateway_10

Gateway responding with Hello World to root URI.

respond()

Respond with dummy content via HTTP.

class cheroot.test.test_ssl.PasswordCallbackHelper(adapter: Adapter)

Bases: object

Collects helper methods for mocking password callback.

get_password()

Provide correct password on first call, wrong on other calls.

verify_twice_callback(max_length, _verify_twice, userdata)

Establish a mock callback for testing two-factor password prompt.

class cheroot.test.test_ssl.Scenario(client_s, provided_addr, expected_addr, expect_error)

Bases: tuple

_asdict()

Return a new dict which maps field names to their values.

_field_defaults = {}

_fields = ('client_s', 'provided_addr', 'expected_addr', 'expect_error')

classmethod _make(iterable)

Make a new Scenario object from a sequence or iterable

_replace(**kwds)

Return a new Scenario object replacing specified fields with new values

client_s

Alias for field number 0

expect_error

Alias for field number 3

expected_addr

Alias for field number 2

provided_addr

Alias for field number 1

cheroot.test.test_ssl._dummy_fcntl(fd, op, arg=0)

Return nothing instead of a real file control.

cheroot.test.test_ssl._raise_eintr(*args, **kwargs)

Raise an interrupt error.

cheroot.test.test_ssl._thread_except_hook(exceptions, args)

Append uncaught exception args in threads to exceptions.

cheroot.test.test_ssl.ca()

Provide a certificate authority via fixture.

cheroot.test.test_ssl.conn_manager()

Create a ConnectionManager with a minimal stub server.

cheroot.test.test_ssl.conn_manager_with_server()

Create a ConnectionManager with a stub server.

cheroot.test.test_ssl.dummy_adapter(monkeypatch)

Provide a dummy SSL adapter instance.

cheroot.test.test_ssl.fake_socket()

Provide a basic mock socket.

cheroot.test.test_ssl.get_key_password()

Return a predefined password string.

It is to be used for decrypting private keys.

cheroot.test.test_ssl.make_tls_http_server(bind_addr, ssl_adapter, request)

Create and start an HTTP server bound to bind_addr.

cheroot.test.test_ssl.private_key_password()

Provide hardcoded password for private key.

cheroot.test.test_ssl.raise_os_error(*args, **kwargs)

Raise OSError in a mock.

cheroot.test.test_ssl.test_bind_deprecated_call(dummy_adapter)

Test deprecated bind() method issues warning and returns socket.

cheroot.test.test_ssl.test_builtin_adapter_with_false_key_password(tls_certificate_chain_pem_path, tls_certificate_passwd_private_key_pem_path, adapter_type)

Check that builtin ssl-adapter initialization fails when wrong private key password given.

cheroot.test.test_ssl.test_from_server_socket_interrupt_error(conn_manager_with_server)

Verify that _from_server_socket returns None on ignorable OS errors.

cheroot.test.test_ssl.test_from_server_socket_scenarios(conn_manager_with_server, fake_socket, monkeypatch, scenario)

Verify high-level connection orchestration from sockets.

This test ensures that the _from_server_socket() pipeline correctly: 1. Accepts a connection from the server socket. 2. Configures the resulting client socket. 3. Successfully increments ‘Accepts’ stats on successful configuration. 4. Wraps the socket into a Connection object.

cheroot.test.test_ssl.test_http_over_https_check_socket_errors(exception, mocker)

Test _ensure_peer_speaks_https() handles socket errors gracefully.

cheroot.test.test_ssl.test_http_over_https_error(http_request_timeout, tls_http_server, adapter_type, ca, ip_addr, tls_certificate, tls_certificate_chain_pem_path, tls_certificate_private_key_pem_path)

Ensure that connecting over HTTP to HTTPS port is handled.

cheroot.test.test_ssl.test_http_over_https_no_data(mocker)

Test _ensure_peer_speaks_https() handles empty peek correctly.

cheroot.test.test_ssl.test_http_over_https_ssl_handshake(mocker, tls_http_server, adapter_type, tls_certificate, tls_certificate_chain_pem_path, tls_certificate_private_key_pem_path)

Test NoSSLError raised when SSL handshake catches HTTP.

Normally the early probe _ensure_peer_speaks_https() will detect a client attempting to speak HTTP on a TLS port but if this times out or fails for some reason, SSL should raise an error at the time of the handshake. Here we test the error is caught and triggers the emission of a 400 Bad Request.

cheroot.test.test_ssl.test_https_over_http_error(http_server, ip_addr)

Ensure that connecting over HTTPS to HTTP port is handled.

cheroot.test.test_ssl.test_ignore_socket_oserror_disabled_stats(conn_manager)

Test the socket OSError handler for disabled_stats.

cheroot.test.test_ssl.test_ignore_socket_oserror_increments_stats(conn_manager)

Test the socket OSError handler for interrupt errors.

cheroot.test.test_ssl.test_ignore_socket_oserror_logic_branches(conn_manager, err_code, expected)

Test the socket OSError handler for ignorable errors.

cheroot.test.test_ssl.test_openssl_adapter_verify_twice_callback(tls_certificate_chain_pem_path, tls_certificate_passwd_private_key_pem_path, adapter_type, mocker)

Check that two-time password verification fails with correct error.

cheroot.test.test_ssl.test_openssl_adapter_with_false_key_password(tls_certificate_chain_pem_path, tls_certificate_passwd_private_key_pem_path, adapter_type, false_password, expected_warn)

Check that server init fails when wrong private key password given.

cheroot.test.test_ssl.test_prepare_socket_emits_deprecation_warning(dummy_adapter)

Test prepare_socket() deprecated argument triggers a warning.

ssl_adapter has been deprecated in prepare_socket().

cheroot.test.test_ssl.test_send_bad_request_socket_errors(mocker, error, raising_expectation)

Test socket error handling when sending 400 Bad Request.

cheroot.test.test_ssl.test_ssl_adapter_with_none_key_password(tls_certificate_chain_pem_path, tls_certificate_passwd_private_key_pem_path, private_key_password, adapter_type, mocker)

Check that TLS-adapters prompt for password when set as None.

cheroot.test.test_ssl.test_ssl_adapters(http_request_timeout, tls_http_server, adapter_type, tls_certificate, tls_certificate_chain_pem_path, tls_certificate_private_key_pem_path, tls_ca_certificate_pem_path)

Test ability to connect to server via HTTPS using adapters.

cheroot.test.test_ssl.test_ssl_adapters_with_private_key_password(http_request_timeout, private_key_password, tls_http_server, tls_ca_certificate_pem_path, tls_certificate_chain_pem_path, tls_certificate_passwd_private_key_pem_path, tls_certificate_private_key_pem_path, adapter_type, encrypted_key, transform_password_arg)

Check server decrypts private TLS keys with password as bytes or str.

cheroot.test.test_ssl.test_ssl_env(thread_exceptions, recwarn, mocker, http_request_timeout, tls_http_server, adapter_type, ca, tls_verify_mode, tls_certificate, tls_certificate_chain_pem_path, tls_certificate_private_key_pem_path, tls_ca_certificate_pem_path, use_client_cert)

Test the SSL environment generated by the SSL adapters.

cheroot.test.test_ssl.test_tls_client_auth(http_request_timeout, mocker, tls_http_server, adapter_type, ca, tls_certificate, tls_certificate_chain_pem_path, tls_certificate_private_key_pem_path, tls_ca_certificate_pem_path, is_trusted_cert, tls_client_identity, tls_verify_mode)

Verify that client TLS certificate auth works correctly.

cheroot.test.test_ssl.thread_exceptions()

Provide a list of uncaught exceptions from threads via a fixture.

Only catches exceptions on Python 3.8+. The list contains: (type, str(value), str(traceback))

cheroot.test.test_ssl.tls_ca_certificate_pem_path(ca)

Provide a certificate authority certificate file via fixture.

cheroot.test.test_ssl.tls_certificate(ca)

Provide a leaf certificate via fixture.

cheroot.test.test_ssl.tls_certificate_chain_pem_path(tls_certificate)

Provide a certificate chain PEM file path via fixture.

cheroot.test.test_ssl.tls_certificate_passwd_private_key_pem_path(tls_certificate, private_key_password, tmp_path)

Return a certificate private key PEM file path.

cheroot.test.test_ssl.tls_certificate_private_key_pem_path(tls_certificate)

Provide a certificate private key PEM file path via fixture.

cheroot.test.test_ssl.tls_http_server(request)

Provision a server creator as a fixture.