B F.\m+@s$ddlmZmZmZddlmZddlZy ddlZWnek rLdZYnXddl Z ddl m Z ddl m Z mZddlmZddlmZmZmZedZed Zed Zed Zd Zd ddddgZddZddZddZddZddZddZ ddZ!d d!Z"ed"d#Z#ed$d%Z$dS)&)print_functiondivisionabsolute_import)contextmanagerN)gen)connectlisten)Security) new_configget_certgen_testztls-ca-cert.pemz tls-cert.pemz tls-key.pemztls-key-cert.pemzECDHE-RSA-AES128-GCM-SHA256ZTLS_AES_128_GCM_SHA256ZTLS_AES_256_GCM_SHA384ZTLS_CHACHA20_POLY1305_SHA256ZTLS_AES_128_CCM_SHA256ZTLS_AES_128_CCM_8_SHA256c Csti t}WdQRX|jdks(t|jdks6t|jdksDt|jdksRt|jdks`t|jdksnt|j dks|t|j dkst|j dkstdS)N)NF) r r require_encryptionAssertionError tls_ca_file tls_cipherstls_client_keytls_client_certtls_scheduler_keytls_scheduler_certtls_worker_keytls_worker_cert)secr>lib/python3.7/site-packages/distributed/tests/test_security.py test_defaults%s rc CsPt}t|dsttt |jWdQRXtt d|_WdQRXdS)Nr)r hasattrrpytestraisesAttributeErrorZ tls_foobar)rrrrtest_attribute_error3s   r c Csdddddditddd }t| t}WdQRX|jdksFt|jdksTt|jtksbt|jdkspt|jdks~t|j dkst|j dkst|j dkst|j dkstdS) Nzca.pemzskey.pemz scert.pem)keycertr"z wcert.pem)zca-file schedulerworkerciphersT)tlszrequire-encryption) FORCED_CIPHERr r r rrrrrrrrr)crrrrtest_from_config<s" r)c Csddddddi}t|tdddd }WdQRX|jdksDt|jdksRt|jdks`t|jdksnt|jdks|t|jdkst|j dkst|j dkst|j dkstdS) Nr&zca.pemzskey.pemz scert.pem)r!r")zca-filer#z newcert.pemT)rr r) r r r rrrrrrrrr)r(rrrr test_kwargsXs" r*c Cs4ti"tddd}t|dks&tWdQRXdS)Nzca.pemz scert.pem)rrz>Security(tls_ca_file='ca.pem', tls_scheduler_cert='scert.pem'))r r reprr)rrrr test_reprrs  r,c Csddddddditdi}t| t}WdQRX|d }|dddtd ksVt|d }|dddtd ksvt|d }|dddtd ksttt|d WdQRXdS)Nr&zca.pemzskey.pemz scert.pem)r!r"r"z wcert.pem)zca-filer#r$r%r#)ca_filer!r"r%r$clientZ supervisor)r'r r Zget_tls_config_for_rolerrr ValueError)r(rtrrrtest_tls_config_for_rolexs8      r1c Csfdd}dd}dtttddtidi}t| t}WdQRX|d }|d rZt|d }|||||d }|d }|||||d }|d dkstt |dd<d|d<t| t}WdQRX| d }|d st|d }||t j dkrb| }dd|D}t|dks8tdd|D}t|rbt|dksbtdS)NcSs"|jtjkst|jdkstdS)NF) verify_modessl CERT_REQUIREDrcheck_hostname)ctxrrr basic_checkssz*test_connection_args..basic_checkscSs"tjdkrt|dkstdS)N))sys version_infolen get_ciphersr)r6rrr many_cipherss z*test_connection_args..many_ciphersr&)r!r"r")zca-filer#r$r#r ssl_contextr$r.r%Tzrequire-encryption)r8r9cSsg|]}|ddkr|qS)protocolzTLSv1.2r).0r(rrr sz(test_connection_args..cSsg|]}|ddkr|qS)rAzTLSv1.3r)rBr(rrrrCsr8)r-key1cert1keycert1r r get_connection_argsrgetr'get_listen_argsr;r<r>r=) r7r?r(rdr6supported_cipherstls_12_cipherstls_13_ciphersrrrtest_connection_argssF           rOc Csfdd}dd}dtttddtidi}t| t}WdQRX|d }|d rZt|d }|||||d }|d }|||||d }|d dkstt |dd<d|d<t| t}WdQRX|d }|d st|d }||t j dkrb| }dd|D}t |dks8tdd|D}t |rbt |dksbtdS)NcSs"|jtjkst|jdkstdS)NF)r2r3r4rr5)r6rrrr7sz&test_listen_args..basic_checkscSs"tjdkrt|dkstdS)N)r8r9r:)r;r<r=r>r)r6rrrr?s z&test_listen_args..many_ciphersr&)r!r"r")zca-filer#r$r#r r@r$r.r%Tzrequire-encryption)r8r9cSsg|]}|ddkr|qS)rAzTLSv1.2r)rBr(rrrrCsz$test_listen_args..rDcSsg|]}|ddkr|qS)rAzTLSv1.3r)rBr(rrrrCsr8)r-rErFrGr r rJrrIr'r;r<r>r=) r7r?r(rrKr6rLrMrNrrrtest_listen_argssF           rPc cs.tjdd}dtttddtidi}t| t}WdQRXt|dd<t| t}WdQRXt d || d d }t |j | d d V}|V}|d kst|ttt |j | dd VWdQRXt |j | d d V}|jd\}}}|tgtkst|WdQRXdS)z2 Functional test for TLS connection args. css.|j}|dst|dV|VdS)Nztls://hello)Z peer_address startswithrwriteclose)commZ peer_addrrrr handle_comms z,test_tls_listen_connect..handle_commr&)r!r"r")zca-filer#r$Nr%ztls://r#)connection_argsr$rQr.cipher)r coroutiner-rErFrGr r r'rrJrcontact_addressrHreadrabortrr TypeErrorZ extra_infoTLS_13_CIPHERS) rVr(rZforced_cipher_seclistenerrUmsgrX_rrrtest_tls_listen_connects4      rbc cstjdd}dtttddtidi}t| t}WdQRXd|d <t| t}WdQRXxd D]}t||| d d $}t |j | d d V}| WdQRXt||| d d $}t |j | d d V}| WdQRXqjWtdd}xdD]}t||| d d P}t |j | d d V}| ttt |j | d d VWdQRXWdQRXttt||| d d WdQRXqWdS)z; Functional test for "require_encryption" setting. cSs |dS)N)r\)rUrrrrVPsz,test_require_encryption..handle_commr&)r!r"r")zca-filer#r$NTzrequire-encryption)z inproc://ztls://r#)rWr$c ss2tt }dVWdQRXdt|jks.tdS)Nzencryption required)rr RuntimeErrorstrvaluer)excinforrrcheck_encryption_errorss z7test_require_encryption..check_encryption_error)ztcp://)rrYr-rErFrGr r rrJrrZrHr\rrrrc)rVr(rZsec2Z listen_addrr_rUrgrrrtest_require_encryptionKsF      $ rh)%Z __future__rrr contextlibrr;r3 ImportErrorrZtornadorZdistributed.commrrZdistributed.securityr Zdistributed.utils_testr r r r-rFrErGr'r^rr r)r*r,r1rOrPrbrhrrrrs>      );;4