def _sslHandshake( sock, sslContext, reactor, callback=None ) :
def doCancel() :
acceptOp.cancel()
sslAbort( sslConn )
def onSSLAccept( err ) :
global logger
if err is not None :
sslAbort( sslConn )
op.notify( None )
return
try :
peerCert = sslConn.getPeerCertificate()
peerKey = RSAKey()
peerKey.fromPKey_PublicKey(peerCert.get_pubkey())
CN = peerCert.get_subject().CN
if CN.count('@'):
peerName, peerKeyID = CN.split('@')
else:
peerName, peerKeyID = CN, ''
except (SSLError,X509Error,RSAError) :
logger.exception('ssl accept error')
sslAbort( sslConn )
op.notify( None )
return
data = (sslConn,peerKey,peerName,peerKeyID)
# logger.info('onSSLAccept SUCCESSFUL with %s' % str(peerName))
op.notify( data )
sslConn = SSLConnection( sslContext, sock )
sslConn.setAcceptState()
acceptOp = sslAccept( sslConn, reactor, onSSLAccept )
op = AsyncOp( callback, doCancel )
return op
peerName, peerKeyID = CN.split('@')
else:
peerName, peerKeyID = CN, ''
except (SSLError,X509Error,RSAError), e :
logger.exception( 'ssl connect error' )
sslAbort( sslConn )
op.notify( None )
return
if peerKey.toDER_PublicKey() != remotePublicKey.toDER_PublicKey() :
logger.error( 'ssl connect public key mismatch' )
sslAbort( sslConn )
op.notify( None )
return
# logger.info('onSSLConnect SUCCESSFUL with %s' % str(peerName))
op.notify( sslConn )
sslConn = SSLConnection( sslContext, sock )
sslConn.setConnectState()
connectOp = sslConnect( sslConn, reactor, onSSLConnect )
op = AsyncOp( callback, doCancel )
return op
def _directConnect( sslContext, remotePublicKey, directLocation,
reactor, callback=None ) :
def onConnect( connector ) :
if connector.getError() != 0 :
op.notify( None )
return
authOp = _authenticateUser( connector.getSock(), sslContext,
remotePublicKey, reactor, op.notify )
op.setCanceler( authOp.cancel )
connectOp = tcpConnect( directLocation.addr, reactor, onConnect )
