def getTacks(self):
fileName = self.argRemainder[0]
try:
contents = open(fileName, "r").read()
return Tack.createFromPemList(contents)
except IOError as e:
self.printError("Error opening tacks: %s\n%s" % (fileName, e))
except SyntaxError as e:
self.printError("Error parsing tacks: %s\n%s" % (fileName, e))
def getTacks(self):
fileName = self._getOptionValue("-t")
if fileName is None:
return None
try:
contents = open(fileName, "r").read()
return Tack.createFromPemList(contents)
except IOError:
self.printError("Error opening tacks: %s" % fileName)
except SyntaxError:
self.printError("Error parsing tacks: %s" % fileName)
def handleArgs(argv, argString, flagsList=[]):
# Convert to getopt argstring format:
# Add ":" after each arg, ie "abc" -> "a:b:c:"
getOptArgString = ":".join(argString) + ":"
try:
opts, argv = getopt.getopt(argv, getOptArgString, flagsList)
except getopt.GetoptError as e:
printError(e)
# Default values if arg not present
privateKey = None
certChain = None
username = None
password = None
tacks = None
verifierDB = None
reqCert = False
directory = None
for opt, arg in opts:
if opt == "-k":
s = open(arg, "rb").read()
privateKey = parsePEMKey(s, private=True)
elif opt == "-c":
s = open(arg, "rb").read()
x509 = X509()
x509.parse(s)
certChain = X509CertChain([x509])
elif opt == "-u":
username = arg
elif opt == "-p":
password = arg
elif opt == "-t":
if tackpyLoaded:
s = open(arg, "rU").read()
tacks = Tack.createFromPemList(s)
elif opt == "-v":
verifierDB = VerifierDB(arg)
verifierDB.open()
elif opt == "-d":
directory = arg
elif opt == "--reqcert":
reqCert = True
else:
assert (False)
if not argv:
printError("Missing address")
if len(argv) > 1:
printError("Too many arguments")
#Split address into hostname/port tuple
address = argv[0]
address = address.split(":")
if len(address) != 2:
raise SyntaxError("Must specify <host>:<port>")
address = (address[0], int(address[1]))
# Populate the return list
retList = [address]
if "k" in argString:
retList.append(privateKey)
if "c" in argString:
retList.append(certChain)
if "u" in argString:
retList.append(username)
if "p" in argString:
retList.append(password)
if "t" in argString:
retList.append(tacks)
if "v" in argString:
retList.append(verifierDB)
if "d" in argString:
retList.append(directory)
if "reqcert" in flagsList:
retList.append(reqCert)
return retList
def handleArgs(argv, argString, flagsList=[]):
# Convert to getopt argstring format:
# Add ":" after each arg, ie "abc" -> "a:b:c:"
getOptArgString = ":".join(argString) + ":"
try:
opts, argv = getopt.getopt(argv, getOptArgString, flagsList)
except getopt.GetoptError as e:
printError(e)
# Default values if arg not present
privateKey = None
certChain = None
username = None
password = None
tacks = None
verifierDB = None
reqCert = False
directory = None
expLabel = None
expLength = 20
alpn = []
dhparam = None
for opt, arg in opts:
if opt == "-k":
s = open(arg, "rb").read()
if sys.version_info[0] >= 3:
s = str(s, 'utf-8')
# OpenSSL/m2crypto does not support RSASSA-PSS certificates
privateKey = parsePEMKey(s,
private=True,
implementations=["python"])
elif opt == "-c":
s = open(arg, "rb").read()
if sys.version_info[0] >= 3:
s = str(s, 'utf-8')
x509 = X509()
x509.parse(s)
certChain = X509CertChain([x509])
elif opt == "-u":
username = arg
elif opt == "-p":
password = arg
elif opt == "-t":
if tackpyLoaded:
s = open(arg, "rU").read()
tacks = Tack.createFromPemList(s)
elif opt == "-v":
verifierDB = VerifierDB(arg)
verifierDB.open()
elif opt == "-d":
directory = arg
elif opt == "--reqcert":
reqCert = True
elif opt == "-l":
expLabel = arg
elif opt == "-L":
expLength = int(arg)
elif opt == "-a":
alpn.append(bytearray(arg, 'utf-8'))
elif opt == "--param":
s = open(arg, "rb").read()
if sys.version_info[0] >= 3:
s = str(s, 'utf-8')
dhparam = parseDH(s)
else:
assert (False)
# when no names provided, don't return array
if not alpn:
alpn = None
if not argv:
printError("Missing address")
if len(argv) > 1:
printError("Too many arguments")
#Split address into hostname/port tuple
address = argv[0]
address = address.split(":")
if len(address) != 2:
raise SyntaxError("Must specify <host>:<port>")
address = (address[0], int(address[1]))
# Populate the return list
retList = [address]
if "k" in argString:
retList.append(privateKey)
if "c" in argString:
retList.append(certChain)
if "u" in argString:
retList.append(username)
if "p" in argString:
retList.append(password)
if "t" in argString:
retList.append(tacks)
if "v" in argString:
retList.append(verifierDB)
if "d" in argString:
retList.append(directory)
if "reqcert" in flagsList:
retList.append(reqCert)
if "l" in argString:
retList.append(expLabel)
if "L" in argString:
retList.append(expLength)
if "a" in argString:
retList.append(alpn)
if "param=" in flagsList:
retList.append(dhparam)
return retList
def handleArgs(argv, argString, flagsList=[]):
# Convert to getopt argstring format:
# Add ":" after each arg, ie "abc" -> "a:b:c:"
getOptArgString = ":".join(argString) + ":"
try:
opts, argv = getopt.getopt(argv, getOptArgString, flagsList)
except getopt.GetoptError as e:
printError(e)
# Default values if arg not present
privateKey = None
certChain = None
username = None
password = None
tacks = None
verifierDB = None
reqCert = False
directory = None
for opt, arg in opts:
if opt == "-k":
s = open(arg, "rb").read()
privateKey = parsePEMKey(s, private=True)
elif opt == "-c":
s = open(arg, "rb").read()
x509 = X509()
x509.parse(s)
certChain = X509CertChain([x509])
elif opt == "-u":
username = arg
elif opt == "-p":
password = arg
elif opt == "-t":
if tackpyLoaded:
s = open(arg, "rU").read()
tacks = Tack.createFromPemList(s)
elif opt == "-v":
verifierDB = VerifierDB(arg)
verifierDB.open()
elif opt == "-d":
directory = arg
elif opt == "--reqcert":
reqCert = True
else:
assert(False)
if not argv:
printError("Missing address")
if len(argv)>1:
printError("Too many arguments")
#Split address into hostname/port tuple
address = argv[0]
address = address.split(":")
if len(address) != 2:
raise SyntaxError("Must specify <host>:<port>")
address = ( address[0], int(address[1]) )
# Populate the return list
retList = [address]
if "k" in argString:
retList.append(privateKey)
if "c" in argString:
retList.append(certChain)
if "u" in argString:
retList.append(username)
if "p" in argString:
retList.append(password)
if "t" in argString:
retList.append(tacks)
if "v" in argString:
retList.append(verifierDB)
if "d" in argString:
retList.append(directory)
if "reqcert" in flagsList:
retList.append(reqCert)
return retList
def handleArgs(argv, argString, flagsList=[]):
# Convert to getopt argstring format:
# Add ":" after each arg, ie "abc" -> "a:b:c:"
getOptArgString = ":".join(argString) + ":"
try:
opts, argv = getopt.getopt(argv, getOptArgString, flagsList)
except getopt.GetoptError as e:
printError(e)
# Default values if arg not present
privateKey = None
cert_chain = None
username = None
password = None
tacks = None
verifierDB = None
reqCert = False
directory = None
expLabel = None
expLength = 20
alpn = []
dhparam = None
psk = None
psk_ident = None
psk_hash = 'sha256'
resumption = False
ssl3 = False
max_ver = None
tickets = None
for opt, arg in opts:
if opt == "-k":
s = open(arg, "rb").read()
if sys.version_info[0] >= 3:
s = str(s, 'utf-8')
# OpenSSL/m2crypto does not support RSASSA-PSS certificates
privateKey = parsePEMKey(s, private=True,
implementations=["python"])
elif opt == "-c":
s = open(arg, "rb").read()
if sys.version_info[0] >= 3:
s = str(s, 'utf-8')
cert_chain = X509CertChain()
cert_chain.parsePemList(s)
elif opt == "-u":
username = arg
elif opt == "-p":
password = arg
elif opt == "-t":
if tackpyLoaded:
s = open(arg, "rU").read()
tacks = Tack.createFromPemList(s)
elif opt == "-v":
verifierDB = VerifierDB(arg)
verifierDB.open()
elif opt == "-d":
directory = arg
elif opt == "--reqcert":
reqCert = True
elif opt == "-l":
expLabel = arg
elif opt == "-L":
expLength = int(arg)
elif opt == "-a":
alpn.append(bytearray(arg, 'utf-8'))
elif opt == "--param":
s = open(arg, "rb").read()
if sys.version_info[0] >= 3:
s = str(s, 'utf-8')
dhparam = parseDH(s)
elif opt == "--psk":
psk = a2b_hex(arg)
elif opt == "--psk-ident":
psk_ident = bytearray(arg, 'utf-8')
elif opt == "--psk-sha384":
psk_hash = 'sha384'
elif opt == "--resumption":
resumption = True
elif opt == "--ssl3":
ssl3 = True
elif opt == "--max-ver":
max_ver = ver_to_tuple(arg)
elif opt == "--tickets":
tickets = int(arg)
else:
assert(False)
# when no names provided, don't return array
if not alpn:
alpn = None
if (psk and not psk_ident) or (not psk and psk_ident):
printError("PSK and IDENTITY must be set together")
if not argv:
printError("Missing address")
if len(argv)>1:
printError("Too many arguments")
#Split address into hostname/port tuple
address = argv[0]
address = address.split(":")
if len(address) != 2:
raise SyntaxError("Must specify <host>:<port>")
address = ( address[0], int(address[1]) )
# Populate the return list
retList = [address]
if "k" in argString:
retList.append(privateKey)
if "c" in argString:
retList.append(cert_chain)
if "u" in argString:
retList.append(username)
if "p" in argString:
retList.append(password)
if "t" in argString:
retList.append(tacks)
if "v" in argString:
retList.append(verifierDB)
if "d" in argString:
retList.append(directory)
if "reqcert" in flagsList:
retList.append(reqCert)
if "l" in argString:
retList.append(expLabel)
if "L" in argString:
retList.append(expLength)
if "a" in argString:
retList.append(alpn)
if "param=" in flagsList:
retList.append(dhparam)
if "psk=" in flagsList:
retList.append(psk)
if "psk-ident=" in flagsList:
retList.append(psk_ident)
if "psk-sha384" in flagsList:
retList.append(psk_hash)
if "resumption" in flagsList:
retList.append(resumption)
if "ssl3" in flagsList:
retList.append(ssl3)
if "max-ver=" in flagsList:
retList.append(max_ver)
if "tickets=" in flagsList:
retList.append(tickets)
return retList
def handleArgs(argv, argString, flagsList=[]):
# Convert to getopt argstring format:
# Add ":" after each arg, ie "abc" -> "a:b:c:"
getOptArgString = ":".join(argString) + ":"
try:
opts, argv = getopt.getopt(argv, getOptArgString, flagsList)
except getopt.GetoptError as e:
printError(e)
# Default values if arg not present
privateKey = None
cert_chain = None
virtual_hosts = []
v_host_cert = None
username = None
password = None
tacks = None
verifierDB = None
reqCert = False
directory = None
expLabel = None
expLength = 20
alpn = []
dhparam = None
psk = None
psk_ident = None
psk_hash = 'sha256'
resumption = False
ssl3 = False
max_ver = None
tickets = None
ciphers = []
request_pha = False
require_pha = False
for opt, arg in opts:
if opt == "-k":
s = open(arg, "rb").read()
if sys.version_info[0] >= 3:
s = str(s, 'utf-8')
# OpenSSL/m2crypto does not support RSASSA-PSS certificates
if not privateKey:
privateKey = parsePEMKey(s,
private=True,
implementations=["python"])
else:
if not v_host_cert:
raise ValueError("Virtual host certificate missing "
"(must be listed before key)")
p_key = parsePEMKey(s,
private=True,
implementations=["python"])
if not virtual_hosts:
virtual_hosts.append(VirtualHost())
virtual_hosts[0].keys.append(
Keypair(p_key, v_host_cert.x509List))
v_host_cert = None
elif opt == "-c":
s = open(arg, "rb").read()
if sys.version_info[0] >= 3:
s = str(s, 'utf-8')
if not cert_chain:
cert_chain = X509CertChain()
cert_chain.parsePemList(s)
else:
v_host_cert = X509CertChain()
v_host_cert.parsePemList(s)
elif opt == "-u":
username = arg
elif opt == "-p":
password = arg
elif opt == "-t":
if tackpyLoaded:
s = open(arg, "rU").read()
tacks = Tack.createFromPemList(s)
elif opt == "-v":
verifierDB = VerifierDB(arg)
verifierDB.open()
elif opt == "-d":
directory = arg
elif opt == "--reqcert":
reqCert = True
elif opt == "-l":
expLabel = arg
elif opt == "-L":
expLength = int(arg)
elif opt == "-a":
alpn.append(bytearray(arg, 'utf-8'))
elif opt == "--param":
s = open(arg, "rb").read()
if sys.version_info[0] >= 3:
s = str(s, 'utf-8')
dhparam = parseDH(s)
elif opt == "--psk":
psk = a2b_hex(arg)
elif opt == "--psk-ident":
psk_ident = bytearray(arg, 'utf-8')
elif opt == "--psk-sha384":
psk_hash = 'sha384'
elif opt == "--resumption":
resumption = True
elif opt == "--ssl3":
ssl3 = True
elif opt == "--max-ver":
max_ver = ver_to_tuple(arg)
elif opt == "--tickets":
tickets = int(arg)
elif opt == "--cipherlist":
ciphers.append(arg)
elif opt == "--request-pha":
request_pha = True
elif opt == "--require-pha":
require_pha = True
else:
assert (False)
# when no names provided, don't return array
if not alpn:
alpn = None
if (psk and not psk_ident) or (not psk and psk_ident):
printError("PSK and IDENTITY must be set together")
if not argv:
printError("Missing address")
if len(argv) > 1:
printError("Too many arguments")
#Split address into hostname/port tuple
address = argv[0]
address = address.split(":")
if len(address) != 2:
raise SyntaxError("Must specify <host>:<port>")
address = (address[0], int(address[1]))
# Populate the return list
retList = [address]
if "k" in argString:
retList.append(privateKey)
if "c" in argString:
retList.append(cert_chain)
retList.append(virtual_hosts)
if "u" in argString:
retList.append(username)
if "p" in argString:
retList.append(password)
if "t" in argString:
retList.append(tacks)
if "v" in argString:
retList.append(verifierDB)
if "d" in argString:
retList.append(directory)
if "reqcert" in flagsList:
retList.append(reqCert)
if "l" in argString:
retList.append(expLabel)
if "L" in argString:
retList.append(expLength)
if "a" in argString:
retList.append(alpn)
if "param=" in flagsList:
retList.append(dhparam)
if "psk=" in flagsList:
retList.append(psk)
if "psk-ident=" in flagsList:
retList.append(psk_ident)
if "psk-sha384" in flagsList:
retList.append(psk_hash)
if "resumption" in flagsList:
retList.append(resumption)
if "ssl3" in flagsList:
retList.append(ssl3)
if "max-ver=" in flagsList:
retList.append(max_ver)
if "tickets=" in flagsList:
retList.append(tickets)
if "cipherlist=" in flagsList:
retList.append(ciphers)
if "request-pha" in flagsList:
retList.append(request_pha)
if "require-pha" in flagsList:
retList.append(require_pha)
return retList
def handleArgs(argv, argString, flagsList=[]):
# Convert to getopt argstring format:
# Add ":" after each arg, ie "abc" -> "a:b:c:"
getOptArgString = ":".join(argString) + ":"
try:
opts, argv = getopt.getopt(argv, getOptArgString, flagsList)
except getopt.GetoptError as e:
printError(e)
# Default values if arg not present
privateKey = None
cert_chain = None
username = None
password = None
use_fido2 = False
eph_user_name_out = None
eph_user_name_in = None
tacks = None
verifierDB = None
reqCert = False
fido2_db = None
fido2_db_encryption_key = None
fido2_modes = None
force_fido2 = False
pre_share_eph_user_name = False
directory = None
expLabel = None
expLength = 20
alpn = []
dhparam = None
psk = None
psk_ident = None
psk_hash = 'sha256'
resumption = False
ssl3 = False
max_ver = None
tickets = None
verbose = False
for opt, arg in opts:
if opt == "-k":
s = open(arg, "rb").read()
if sys.version_info[0] >= 3:
s = str(s, 'utf-8')
# OpenSSL/m2crypto does not support RSASSA-PSS certificates
privateKey = parsePEMKey(s,
private=True,
implementations=["python"])
elif opt == "-c":
s = open(arg, "rb").read()
if sys.version_info[0] >= 3:
s = str(s, 'utf-8')
cert_chain = X509CertChain()
cert_chain.parsePemList(s)
elif opt == "-u":
username = arg
elif opt == "-p":
password = arg
elif opt == "--fido2":
use_fido2 = True
elif opt == "--eph-uname-out":
eph_user_name_out = arg
elif opt == "--eph-uname-in":
eph_user_name_in = arg
elif opt == "-t":
if tackpyLoaded:
s = open(arg, "rU").read()
tacks = Tack.createFromPemList(s)
elif opt == "-v":
verifierDB = VerifierDB(arg)
verifierDB.open()
elif opt == "-d":
directory = arg
elif opt == "--reqcert":
reqCert = True
elif opt == "--fido2-db":
fido2_db = arg
elif opt == "--db-encryption-key":
s = open(arg, "rb").read()
if sys.version_info[0] >= 3:
s = str(s, 'utf-8')
fido2_db_encryption_key = parsePEMKey(s,
private=True,
implementations=["python"])
elif opt == "--fido2-modes":
mode_string = arg
fido2_modes = []
if "i" in mode_string:
fido2_modes.append(FIDO2Mode.fido2_with_id)
if "n" in mode_string:
fido2_modes.append(FIDO2Mode.fido2_with_name)
elif opt == "--force-fido2":
force_fido2 = True
elif opt == "--pre-share-euname":
pre_share_eph_user_name = True
elif opt == "-l":
expLabel = arg
elif opt == "-L":
expLength = int(arg)
elif opt == "-a":
alpn.append(bytearray(arg, 'utf-8'))
elif opt == "--param":
s = open(arg, "rb").read()
if sys.version_info[0] >= 3:
s = str(s, 'utf-8')
dhparam = parseDH(s)
elif opt == "--psk":
psk = a2b_hex(arg)
elif opt == "--psk-ident":
psk_ident = bytearray(arg, 'utf-8')
elif opt == "--psk-sha384":
psk_hash = 'sha384'
elif opt == "--resumption":
resumption = True
elif opt == "--ssl3":
ssl3 = True
elif opt == "--max-ver":
max_ver = ver_to_tuple(arg)
elif opt == "--tickets":
tickets = int(arg)
elif opt == "--verbose":
verbose = True
else:
assert (False)
# when no names provided, don't return array
if not alpn:
alpn = None
if (psk and not psk_ident) or (not psk and psk_ident):
printError("PSK and IDENTITY must be set together")
if not argv:
printError("Missing address")
if len(argv) > 1:
printError("Too many arguments")
# Split address into hostname/port tuple
address = argv[0]
address = address.split(":")
if len(address) != 2:
raise SyntaxError("Must specify <host>:<port>")
address = (address[0], int(address[1]))
# Populate the return list
retList = [address]
if "k" in argString:
retList.append(privateKey)
if "c" in argString:
retList.append(cert_chain)
if "u" in argString:
retList.append(username)
if "p" in argString:
retList.append(password)
if "fido2" in flagsList:
retList.append(use_fido2)
if "eph-uname-out=" in flagsList:
retList.append(eph_user_name_out)
if "eph-uname-in=" in flagsList:
retList.append(eph_user_name_in)
if "t" in argString:
retList.append(tacks)
if "v" in argString:
retList.append(verifierDB)
if "d" in argString:
retList.append(directory)
if "reqcert" in flagsList:
retList.append(reqCert)
if "fido2-db=" in flagsList:
retList.append(fido2_db)
if "db-encryption-key=" in flagsList:
retList.append(fido2_db_encryption_key)
if "fido2-modes=" in flagsList:
retList.append(fido2_modes)
if "force-fido2" in flagsList:
retList.append(force_fido2)
if "pre-share-euname" in flagsList:
retList.append(pre_share_eph_user_name)
if "l" in argString:
retList.append(expLabel)
if "L" in argString:
retList.append(expLength)
if "a" in argString:
retList.append(alpn)
if "param=" in flagsList:
retList.append(dhparam)
if "psk=" in flagsList:
retList.append(psk)
if "psk-ident=" in flagsList:
retList.append(psk_ident)
if "psk-sha384" in flagsList:
retList.append(psk_hash)
if "resumption" in flagsList:
retList.append(resumption)
if "ssl3" in flagsList:
retList.append(ssl3)
if "max-ver=" in flagsList:
retList.append(max_ver)
if "tickets=" in flagsList:
retList.append(tickets)
if "verbose" in flagsList:
retList.append(verbose)
return retList
