def setUp(self):
"""
Create a L{PantheonHTTPChecker} pointed at a mock authentication service
with some simple site and user information.
"""
self.site = 'example.com'
self.cwd = '/some/path'
self.uid = 1542
self.username = '******'
self.password = '******'
keyString = FilePath(__file__).sibling('id_rsa').getContent()
self.privateKey = Key.fromString(keyString)
caKeyString = FilePath(__file__).sibling('cakey.pem').getContent()
self.caKey = KeyPair.load(caKeyString, FILETYPE_PEM)
caCertString = FilePath(__file__).sibling('cacert.pem').getContent()
self.caCert = PrivateCertificate.load(
caCertString, self.caKey, FILETYPE_PEM)
self.resource = MockPantheonAuthResource(
sites={self.site: [self.username]},
authorizations={self.site: dict(cwd=self.cwd, uid=self.uid)},
passwords={self.username: self.password},
keys={self.username: self.privateKey},
)
self.server = MockPantheonAuthServer(
reactor, self.resource, self.caCert)
self.server.startService()
self.addCleanup(self.server.stopService)
def getServerContext(self):
"""
Generate a new L{OpenSSL.SSL.Context} object configured to use a
certificate signed by C{self.ca} and only accept connections from peers
which are also using a certificate signed by C{self.ca}.
"""
# Generate a new key for the server and have the CA sign a certificate
# for it.
key = KeyPair.generate(size=512)
req = key.certificateRequest(DN(commonName='localhost'))
certData = self.ca.signCertificateRequest(req, lambda dn: True, 1)
cert = PrivateCertificate.load(certData, key)
# Use the new key/certificate
context = Context(TLSv1_METHOD)
context.use_privatekey(key.original)
context.use_certificate(cert.original)
context.check_privatekey()
# Allow peer certificates signed by the CA
store = context.get_cert_store()
store.add_cert(self.ca.original)
# Verify the peer certificate and require that they have one.
def verify(conn, cert, errno, depth, preverify_ok):
return preverify_ok
context.set_verify(VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify)
return context
def getServerContext(self):
"""
Return a new SSL context suitable for use in a test server.
"""
cert = PrivateCertificate.load(
self._certificateText,
KeyPair.load(self._privateKeyText, FILETYPE_PEM), FILETYPE_PEM)
return cert.options()
def getServerContext(self):
"""
Return a new SSL context suitable for use in a test server.
"""
pem = self._pem.getContent()
cert = PrivateCertificate.load(
pem, KeyPair.load(pem, FILETYPE_PEM), FILETYPE_PEM)
return cert.options()
def getServerContext(self):
"""
Return a new SSL context suitable for use in a test server.
"""
pem = self._pem.getContent()
cert = PrivateCertificate.load(
pem, KeyPair.load(pem, FILETYPE_PEM), FILETYPE_PEM)
return cert.options()
def getServerContext(self):
"""
Return a new SSL context suitable for use in a test server.
"""
cert = PrivateCertificate.load(
self._certificateText,
KeyPair.load(self._privateKeyText, FILETYPE_PEM),
FILETYPE_PEM)
return cert.options()
"""
from twisted.internet.protocol import ServerFactory
from twisted.internet.endpoints import SSL4ClientEndpoint
from twisted.internet.ssl import (
DN, KeyPair, PrivateCertificate, CertificateOptions)
from twisted.protocols.wire import Echo
from tcp_throughput import Client, driver
# Generate a new self-signed certificate
key = KeyPair.generate(size=2048)
req = key.certificateRequest(DN(commonName='localhost'), digestAlgorithm='sha1')
cert = PrivateCertificate.load(
key.signCertificateRequest(
DN(commonName='localhost'), req,
lambda dn: True, 1, digestAlgorithm='sha1'),
key)
def main(reactor, duration):
chunkSize = 16384
server = ServerFactory()
server.protocol = Echo
port = reactor.listenSSL(0, server, cert.options())
client = Client(
reactor,
SSL4ClientEndpoint(
reactor, '127.0.0.1', port.getHost().port,
CertificateOptions(
