def __init__(self):
self.accounting = [
__import__('mediaproxy.interfaces.accounting.%s' % mod.lower(),
globals(), locals(), ['']).Accounting()
for mod in set(DispatcherConfig.accounting)
]
self.cred = X509Credentials(cert_name='dispatcher')
self.tls_context = TLSContext(self.cred)
self.relay_factory = RelayFactory(self)
dispatcher_addr, dispatcher_port = DispatcherConfig.listen
self.relay_listener = reactor.listenTLS(dispatcher_port,
self.relay_factory,
self.tls_context,
interface=dispatcher_addr)
self.opensips_factory = OpenSIPSControlFactory(self)
socket_path = process.runtime.file(DispatcherConfig.socket_path)
unlink(socket_path)
self.opensips_listener = reactor.listenUNIX(socket_path,
self.opensips_factory)
self.opensips_management = opensips.ManagementInterface()
self.management_factory = ManagementControlFactory(self)
management_addr, management_port = DispatcherConfig.listen_management
if DispatcherConfig.management_use_tls:
self.management_listener = reactor.listenTLS(
management_port,
self.management_factory,
self.tls_context,
interface=management_addr)
else:
self.management_listener = reactor.listenTCP(
management_port,
self.management_factory,
interface=management_addr)
def _start_https(self, reactor):
from gnutls.interfaces.twisted import TLSContext, X509Credentials
cert, pKey = TLSConfig.certificate, TLSConfig.private_key
if cert is None or pKey is None:
log.fatal("the TLS certificates or the private key could not be loaded")
sys.exit(1)
credentials = X509Credentials(cert, pKey)
tls_context = TLSContext(credentials)
reactor.listenTLS(ServerConfig.root.port, HTTPFactory(self.site), tls_context, interface=ServerConfig.address)
log.msg("TLS started")
def _start_https(self, reactor):
from gnutls.interfaces.twisted import X509Credentials
from gnutls.connection import TLSContext, TLSContextServerOptions
cert, pKey = TLSConfig.certificate, TLSConfig.private_key
if cert is None or pKey is None:
log.fatal("the TLS certificates or the private key could not be loaded")
sys.exit(1)
credentials = X509Credentials(cert, pKey)
tls_context = TLSContext(credentials, server_options=TLSContextServerOptions(certificate_request=None))
reactor.listenTLS(ServerConfig.root.port, HTTPFactory(self.site), tls_context, interface=ServerConfig.address)
log.msg("TLS started")
def _start_https(self, reactor):
from gnutls.interfaces.twisted import X509Credentials
from gnutls.connection import TLSContext, TLSContextServerOptions
cert, pKey = TLSConfig.certificate, TLSConfig.private_key
if cert is None or pKey is None:
log.critical('The TLS certificate/key could not be loaded')
sys.exit(1)
credentials = X509Credentials(cert, pKey)
tls_context = TLSContext(
credentials,
server_options=TLSContextServerOptions(certificate_request=None))
reactor.listenTLS(ServerConfig.root.port,
HTTPFactory(self.site),
tls_context,
interface=ServerConfig.address)
log.info('TLS started')
def __init__(self):
self.accounting = [__import__("mediaproxy.interfaces.accounting.%s" % mod.lower(), globals(), locals(), [""]).Accounting() for mod in set(DispatcherConfig.accounting)]
self.cred = X509Credentials(cert_name='dispatcher')
self.relay_factory = RelayFactory(self)
dispatcher_addr, dispatcher_port = DispatcherConfig.listen
self.relay_listener = reactor.listenTLS(dispatcher_port, self.relay_factory, self.cred, interface=dispatcher_addr)
self.opensips_factory = OpenSIPSControlFactory(self)
socket_path = process.runtime_file(DispatcherConfig.socket_path)
unlink(socket_path)
self.opensips_listener = reactor.listenUNIX(socket_path, self.opensips_factory)
self.opensips_management = opensips.ManagementInterface()
self.management_factory = ManagementControlFactory(self)
management_addr, management_port = DispatcherConfig.listen_management
if DispatcherConfig.management_use_tls:
self.management_listener = reactor.listenTLS(management_port, self.management_factory, self.cred, interface=management_addr)
else:
self.management_listener = reactor.listenTCP(management_port, self.management_factory, interface=management_addr)
def startService(self):
factory = ITFactory(self.database_pool, self.database_type, self.storage_path, self.server_test, self.detection_path)
if self.encryption_enabled == 'True':
log.msg('Server started to listen for TLS connections')
c = mycertificates.TLSCertificates(certs_path=self.encryption_ca)
reactor.listenTLS(int(self.server_port), factory, c.credentials)
elif self.encryption == 'False':
log.msg('Server started to listen for TCP connections')
reactor.listenTCP(int(self.server_port), factory)
else:
log.msg('Encryption in server.conf should be either True or False, invalid encryption specified: ', self.encryption_enabled)
reactor.run()
def test_server_connectionMade_never_called(self):
# trigger case when protocol instance is created,
# but it's connectionMade is never called
from gnutls.interfaces.twisted import X509Credentials
from gnutls.errors import GNUTLSError
cred = X509Credentials(None, None)
ev = Event()
def handle(conn):
ev.send("handle must not be called")
s = reactor.listenTLS(0, pr.SpawnFactory(handle, LineOnlyReceiverTransport), cred)
creator = pr.GreenClientCreator(reactor, LineOnlyReceiverTransport)
try:
conn = creator.connectTLS('127.0.0.1', s.getHost().port, cred)
except GNUTLSError:
pass
assert ev.poll() is None, repr(ev.poll())
def _listen(self, local_uri, factory):
from twisted.internet import reactor
if local_uri.use_tls:
port = reactor.listenTLS(local_uri.port or 0,
factory,
TLSContext(local_uri.credentials),
interface=local_uri.host)
else:
port = reactor.listenTCP(local_uri.port or 0,
factory,
interface=local_uri.host)
local_uri.port = port.getHost().port
self.logger.info('Listening for incoming %s connections on %s:%s' %
(local_uri.scheme.upper(), port.getHost().host,
port.getHost().port))
return port
def test_server_connectionMade_never_called(self):
# trigger case when protocol instance is created,
# but it's connectionMade is never called
from gnutls.interfaces.twisted import X509Credentials
from gnutls.errors import GNUTLSError
cred = X509Credentials(None, None)
ev = Event()
def handle(conn):
ev.send("handle must not be called")
s = reactor.listenTLS(
0, pr.SpawnFactory(handle, LineOnlyReceiverTransport), cred)
creator = pr.GreenClientCreator(reactor, LineOnlyReceiverTransport)
try:
conn = creator.connectTLS('127.0.0.1', s.getHost().port, cred)
except GNUTLSError:
pass
assert ev.poll() is None, repr(ev.poll())
print 'Compression: %s' % session.compression
def lineReceived(self, line):
if line == 'quit':
self.transport.loseConnection()
return
self.sendLine(line)
def connectionLost(self, reason):
if reason.type != ConnectionDone:
print "Connection was lost: %s" % reason.value
class EchoFactory(Factory):
protocol = EchoProtocol
script_path = os.path.realpath(os.path.dirname(sys.argv[0]))
certs_path = os.path.join(script_path, 'certs')
cert = X509Certificate(open(certs_path + '/valid.crt').read())
key = X509PrivateKey(open(certs_path + '/valid.key').read())
ca = X509Certificate(open(certs_path + '/ca.pem').read())
crl = X509CRL(open(certs_path + '/crl.pem').read())
cred = X509Credentials(cert, key, [ca], [crl])
cred.verify_peer = True
context = TLSContext(cred, session_parameters="NORMAL:+COMP-DEFLATE")
reactor.listenTLS(10000, EchoFactory(), context)
reactor.run()
print 'MAC algorithm: %s' % session.mac_algorithm
print 'Compression: %s' % session.compression
def lineReceived(self, line):
if line == 'quit':
self.transport.loseConnection()
return
self.sendLine(line)
def connectionLost(self, reason):
if reason.type != ConnectionDone:
print "Connection was lost: %s" % reason.value
class EchoFactory(Factory):
protocol = EchoProtocol
script_path = os.path.realpath(os.path.dirname(sys.argv[0]))
certs_path = os.path.join(script_path, 'certs')
cert = X509Certificate(open(certs_path + '/valid.crt').read())
key = X509PrivateKey(open(certs_path + '/valid.key').read())
ca = X509Certificate(open(certs_path + '/ca.pem').read())
crl = X509CRL(open(certs_path + '/crl.pem').read())
cred = X509Credentials(cert, key, [ca], [crl])
cred.verify_peer = True
cred.session_params.compressions = (COMP_LZO, COMP_DEFLATE, COMP_NULL)
reactor.listenTLS(10000, EchoFactory(), cred)
reactor.run()
print 'MAC algorithm: %s' % session.mac_algorithm
print 'Compression: %s' % session.compression
def lineReceived(self, line):
if line == 'quit':
self.transport.loseConnection()
return
self.sendLine(line)
def connectionLost(self, reason):
if reason.type != ConnectionDone:
print "Connection was lost: %s" % reason.value
class EchoFactory(Factory):
protocol = EchoProtocol
script_path = os.path.realpath(os.path.dirname(sys.argv[0]))
certs_path = os.path.join(script_path, 'certs')
cert = X509Certificate(open(certs_path + '/valid.crt').read())
key = X509PrivateKey(open(certs_path + '/valid.key').read())
ca = X509Certificate(open(certs_path + '/ca.pem').read())
crl = X509CRL(open(certs_path + '/crl.pem').read())
cred = X509Credentials(cert, key, [ca], [crl])
cred.verify_peer = True
context = TLSContext(cred, session_parameters="NORMAL:+COMP-DEFLATE")
reactor.listenTLS(10000, EchoFactory(), context)
reactor.run()
print 'MAC algorithm:', session.mac_algorithm
print 'Compression: ', session.compression
def lineReceived(self, line):
if line == 'quit':
self.transport.loseConnection()
return
self.sendLine('hello')
def connectionLost(self, reason):
if reason.type != ConnectionDone:
print "Connection was lost:", str(reason.value)
class EchoFactory(Factory):
protocol = EchoProtocol
certs_path = 'certs'
cert = X509Certificate(open(certs_path + '/valid.crt').read())
key = X509PrivateKey(open(certs_path + '/valid.key').read())
cred = X509Credentials(cert, key)
cred.session_params.protocols = (PROTO_TLS1_2, )
cred.session_params.ciphers = (GNUTLS_CIPHER_AES_256_CBC, )
cred.session_params.compressions = (COMP_DEFLATE, COMP_NULL)
reactor.listenTLS(10000, EchoFactory(), cred)
reactor.run()
action="store_true",
default=0,
help="verbose output")
parser.add_option("-m",
"--memory",
dest="memory",
action="store_true",
default=0,
help="debug memory leaks")
options, args = parser.parse_args()
if options.memory:
from application.debug.memory import *
certs_path = os.path.join(gnutls_path, 'examples/certs')
cert = X509Certificate(open(certs_path + '/valid.crt').read())
key = X509PrivateKey(open(certs_path + '/valid.key').read())
ca = X509Certificate(open(certs_path + '/ca.pem').read())
crl = X509CRL(open(certs_path + '/crl.pem').read())
cred = X509Credentials(cert, key, [ca], [crl])
cred.verify_peer = options.verify
context = TLSContext(cred)
reactor.listenTLS(options.port, EchoFactory(), context)
reactor.run()
if options.memory:
memory_dump()
help="specify port to listen on (default = 10000)",
metavar="port")
parser.add_option("-v", "--verify", dest="verify", action="store_true", default=0,
help="verify peer certificates")
parser.add_option("-V", "--verbose", dest="verbose", action="store_true", default=0,
help="verbose output")
parser.add_option("-m", "--memory", dest="memory", action="store_true", default=0,
help="debug memory leaks")
options, args = parser.parse_args()
if options.memory:
from application.debug.memory import *
certs_path = os.path.join(gnutls_path, 'examples/certs')
cert = X509Certificate(open(certs_path + '/valid.crt').read())
key = X509PrivateKey(open(certs_path + '/valid.key').read())
ca = X509Certificate(open(certs_path + '/ca.pem').read())
crl = X509CRL(open(certs_path + '/crl.pem').read())
cred = X509Credentials(cert, key, [ca], [crl])
cred.verify_peer = options.verify
context = TLSContext(cred)
reactor.listenTLS(options.port, EchoFactory(), context)
reactor.run()
if options.memory:
memory_dump()
