matrix-org · clokep · Oct 25, 2023 · Oct 20, 2023 · Oct 19, 2023 · Oct 20, 2023
@@ -15,14 +15,17 @@
 import subprocess
 from typing import List
 
+from incremental import Version
 from zope.interface import implementer
 
+import twisted
 from OpenSSL import SSL
 from OpenSSL.SSL import Connection
 from twisted.internet.address import IPv4Address
 from twisted.internet.interfaces import (
     IOpenSSLServerConnectionCreator,
     IProtocolFactory,
+    IReactorTime,
 )
 from twisted.internet.ssl import Certificate, trustRootFromCertificates
 from twisted.protocols.tls import TLSMemoryBIOFactory, TLSMemoryBIOProtocol
@@ -157,7 +160,7 @@ def serverConnectionForTLS(self, tlsProtocol: TLSMemoryBIOProtocol) -> Connectio
 
 
 def wrap_server_factory_for_tls(
-    factory: IProtocolFactory, sanlist: List[bytes]
+    factory: IProtocolFactory, clock: IReactorTime, sanlist: List[bytes]
 ) -> TLSMemoryBIOFactory:
     """Wrap an existing Protocol Factory with a test TLSMemoryBIOFactory
 
@@ -172,9 +175,15 @@ def wrap_server_factory_for_tls(
         interfaces.IProtocolFactory
     """
     connection_creator = TestServerTLSConnectionFactory(sanlist=sanlist)
-    return TLSMemoryBIOFactory(
-        connection_creator, isClient=False, wrappedFactory=factory
-    )
+    # Twisted > 23.8.0 has a different API that accepts a clock.
+    if twisted.version <= Version("Twisted", 23, 8, 0):
+        return TLSMemoryBIOFactory(
+            connection_creator, isClient=False, wrappedFactory=factory
+        )
+    else:
+        return TLSMemoryBIOFactory(
+            connection_creator, isClient=False, wrappedFactory=factory, clock=clock  # type: ignore[call-arg]
+        )
 
 
 # A dummy address, useful for tests that use FakeTransport and don't care about where

@@ -123,6 +123,7 @@ def _make_connection(
         if ssl:
             server_factory = wrap_server_factory_for_tls(
                 server_factory,
+                self.reactor,
                 tls_sanlist
                 or [
                     b"DNS:testserv",
@@ -443,6 +444,7 @@ def _do_get_via_proxy(
         # now we make another test server to act as the upstream HTTP server.
         server_ssl_protocol = wrap_server_factory_for_tls(
             _get_test_protocol_factory(),
+            self.reactor,
             sanlist=[
                 b"DNS:testserv",
                 b"DNS:target-server",

@@ -248,7 +248,7 @@ def _make_connection(
         """
         if ssl:
             server_factory = wrap_server_factory_for_tls(
-                server_factory, tls_sanlist or [b"DNS:test.com"]
+                server_factory, self.reactor, tls_sanlist or [b"DNS:test.com"]
             )
 
         server_protocol = server_factory.buildProtocol(dummy_address)
@@ -617,7 +617,7 @@ def _do_https_request_via_proxy(
 
         # now we make another test server to act as the upstream HTTP server.
         server_ssl_protocol = wrap_server_factory_for_tls(
-            _get_test_protocol_factory(), sanlist=[b"DNS:test.com"]
+            _get_test_protocol_factory(), self.reactor, sanlist=[b"DNS:test.com"]
         ).buildProtocol(dummy_address)
 
         # Tell the HTTP server to send outgoing traffic back via the proxy's transport.
@@ -784,7 +784,7 @@ def test_https_request_via_uppercase_proxy_with_blocklist(self) -> None:
 
         # now we can replace the proxy channel with a new, SSL-wrapped HTTP channel
         ssl_factory = wrap_server_factory_for_tls(
-            _get_test_protocol_factory(), sanlist=[b"DNS:test.com"]
+            _get_test_protocol_factory(), self.reactor, sanlist=[b"DNS:test.com"]
         )
         ssl_protocol = ssl_factory.buildProtocol(dummy_address)
         assert isinstance(ssl_protocol, TLSMemoryBIOProtocol)

@@ -101,7 +101,7 @@ def _get_media_req(
         server_factory.log = _log_request
 
         server_tls_protocol = wrap_server_factory_for_tls(
-            server_factory, sanlist=[b"DNS:example.com"]
+            server_factory, self.reactor, sanlist=[b"DNS:example.com"]
         ).buildProtocol(None)
 
         # now, tell the client protocol factory to build the client protocol (it will be a

@@ -40,7 +40,7 @@
     Union,
     cast,
 )
-from unittest.mock import Mock
+from unittest.mock import Mock, patch
 
 import attr
 from typing_extensions import ParamSpec
@@ -474,6 +474,18 @@ def getHostByName(
                     return fail(DNSLookupError("OH NO: unknown %s" % (name,)))
                 return succeed(lookups[name])
 
+        # In order for the TLS protocols to use the proper we need to patch
+        # _get_default_clock.
+        #
+        # This is *super* dirty since we never unpatch and rely on the next test
+        # to patch over us.
+        #
+        # Use create=True for backwards compatibilty with Twisted <= 23.8.0.
+        self._tls_clock_patcher = patch(
+            "twisted.protocols.tls._get_default_clock", return_value=self, create=True
+        )
+        self._tls_clock_patcher.start()
+
         self.nameResolver = SimpleResolverComplexifier(FakeResolver())
         super().__init__()