def getTacks(self): fileName = self.argRemainder[0] try: contents = open(fileName, "r").read() return Tack.createFromPemList(contents) except IOError as e: self.printError("Error opening tacks: %s\n%s" % (fileName, e)) except SyntaxError as e: self.printError("Error parsing tacks: %s\n%s" % (fileName, e))
def getTacks(self): fileName = self._getOptionValue("-t") if fileName is None: return None try: contents = open(fileName, "r").read() return Tack.createFromPemList(contents) except IOError: self.printError("Error opening tacks: %s" % fileName) except SyntaxError: self.printError("Error parsing tacks: %s" % fileName)
def handleArgs(argv, argString, flagsList=[]): # Convert to getopt argstring format: # Add ":" after each arg, ie "abc" -> "a:b:c:" getOptArgString = ":".join(argString) + ":" try: opts, argv = getopt.getopt(argv, getOptArgString, flagsList) except getopt.GetoptError as e: printError(e) # Default values if arg not present privateKey = None certChain = None username = None password = None tacks = None verifierDB = None reqCert = False directory = None for opt, arg in opts: if opt == "-k": s = open(arg, "rb").read() privateKey = parsePEMKey(s, private=True) elif opt == "-c": s = open(arg, "rb").read() x509 = X509() x509.parse(s) certChain = X509CertChain([x509]) elif opt == "-u": username = arg elif opt == "-p": password = arg elif opt == "-t": if tackpyLoaded: s = open(arg, "rU").read() tacks = Tack.createFromPemList(s) elif opt == "-v": verifierDB = VerifierDB(arg) verifierDB.open() elif opt == "-d": directory = arg elif opt == "--reqcert": reqCert = True else: assert (False) if not argv: printError("Missing address") if len(argv) > 1: printError("Too many arguments") #Split address into hostname/port tuple address = argv[0] address = address.split(":") if len(address) != 2: raise SyntaxError("Must specify <host>:<port>") address = (address[0], int(address[1])) # Populate the return list retList = [address] if "k" in argString: retList.append(privateKey) if "c" in argString: retList.append(certChain) if "u" in argString: retList.append(username) if "p" in argString: retList.append(password) if "t" in argString: retList.append(tacks) if "v" in argString: retList.append(verifierDB) if "d" in argString: retList.append(directory) if "reqcert" in flagsList: retList.append(reqCert) return retList
def handleArgs(argv, argString, flagsList=[]): # Convert to getopt argstring format: # Add ":" after each arg, ie "abc" -> "a:b:c:" getOptArgString = ":".join(argString) + ":" try: opts, argv = getopt.getopt(argv, getOptArgString, flagsList) except getopt.GetoptError as e: printError(e) # Default values if arg not present privateKey = None certChain = None username = None password = None tacks = None verifierDB = None reqCert = False directory = None expLabel = None expLength = 20 alpn = [] dhparam = None for opt, arg in opts: if opt == "-k": s = open(arg, "rb").read() if sys.version_info[0] >= 3: s = str(s, 'utf-8') # OpenSSL/m2crypto does not support RSASSA-PSS certificates privateKey = parsePEMKey(s, private=True, implementations=["python"]) elif opt == "-c": s = open(arg, "rb").read() if sys.version_info[0] >= 3: s = str(s, 'utf-8') x509 = X509() x509.parse(s) certChain = X509CertChain([x509]) elif opt == "-u": username = arg elif opt == "-p": password = arg elif opt == "-t": if tackpyLoaded: s = open(arg, "rU").read() tacks = Tack.createFromPemList(s) elif opt == "-v": verifierDB = VerifierDB(arg) verifierDB.open() elif opt == "-d": directory = arg elif opt == "--reqcert": reqCert = True elif opt == "-l": expLabel = arg elif opt == "-L": expLength = int(arg) elif opt == "-a": alpn.append(bytearray(arg, 'utf-8')) elif opt == "--param": s = open(arg, "rb").read() if sys.version_info[0] >= 3: s = str(s, 'utf-8') dhparam = parseDH(s) else: assert (False) # when no names provided, don't return array if not alpn: alpn = None if not argv: printError("Missing address") if len(argv) > 1: printError("Too many arguments") #Split address into hostname/port tuple address = argv[0] address = address.split(":") if len(address) != 2: raise SyntaxError("Must specify <host>:<port>") address = (address[0], int(address[1])) # Populate the return list retList = [address] if "k" in argString: retList.append(privateKey) if "c" in argString: retList.append(certChain) if "u" in argString: retList.append(username) if "p" in argString: retList.append(password) if "t" in argString: retList.append(tacks) if "v" in argString: retList.append(verifierDB) if "d" in argString: retList.append(directory) if "reqcert" in flagsList: retList.append(reqCert) if "l" in argString: retList.append(expLabel) if "L" in argString: retList.append(expLength) if "a" in argString: retList.append(alpn) if "param=" in flagsList: retList.append(dhparam) return retList
def handleArgs(argv, argString, flagsList=[]): # Convert to getopt argstring format: # Add ":" after each arg, ie "abc" -> "a:b:c:" getOptArgString = ":".join(argString) + ":" try: opts, argv = getopt.getopt(argv, getOptArgString, flagsList) except getopt.GetoptError as e: printError(e) # Default values if arg not present privateKey = None certChain = None username = None password = None tacks = None verifierDB = None reqCert = False directory = None for opt, arg in opts: if opt == "-k": s = open(arg, "rb").read() privateKey = parsePEMKey(s, private=True) elif opt == "-c": s = open(arg, "rb").read() x509 = X509() x509.parse(s) certChain = X509CertChain([x509]) elif opt == "-u": username = arg elif opt == "-p": password = arg elif opt == "-t": if tackpyLoaded: s = open(arg, "rU").read() tacks = Tack.createFromPemList(s) elif opt == "-v": verifierDB = VerifierDB(arg) verifierDB.open() elif opt == "-d": directory = arg elif opt == "--reqcert": reqCert = True else: assert(False) if not argv: printError("Missing address") if len(argv)>1: printError("Too many arguments") #Split address into hostname/port tuple address = argv[0] address = address.split(":") if len(address) != 2: raise SyntaxError("Must specify <host>:<port>") address = ( address[0], int(address[1]) ) # Populate the return list retList = [address] if "k" in argString: retList.append(privateKey) if "c" in argString: retList.append(certChain) if "u" in argString: retList.append(username) if "p" in argString: retList.append(password) if "t" in argString: retList.append(tacks) if "v" in argString: retList.append(verifierDB) if "d" in argString: retList.append(directory) if "reqcert" in flagsList: retList.append(reqCert) return retList
def handleArgs(argv, argString, flagsList=[]): # Convert to getopt argstring format: # Add ":" after each arg, ie "abc" -> "a:b:c:" getOptArgString = ":".join(argString) + ":" try: opts, argv = getopt.getopt(argv, getOptArgString, flagsList) except getopt.GetoptError as e: printError(e) # Default values if arg not present privateKey = None cert_chain = None username = None password = None tacks = None verifierDB = None reqCert = False directory = None expLabel = None expLength = 20 alpn = [] dhparam = None psk = None psk_ident = None psk_hash = 'sha256' resumption = False ssl3 = False max_ver = None tickets = None for opt, arg in opts: if opt == "-k": s = open(arg, "rb").read() if sys.version_info[0] >= 3: s = str(s, 'utf-8') # OpenSSL/m2crypto does not support RSASSA-PSS certificates privateKey = parsePEMKey(s, private=True, implementations=["python"]) elif opt == "-c": s = open(arg, "rb").read() if sys.version_info[0] >= 3: s = str(s, 'utf-8') cert_chain = X509CertChain() cert_chain.parsePemList(s) elif opt == "-u": username = arg elif opt == "-p": password = arg elif opt == "-t": if tackpyLoaded: s = open(arg, "rU").read() tacks = Tack.createFromPemList(s) elif opt == "-v": verifierDB = VerifierDB(arg) verifierDB.open() elif opt == "-d": directory = arg elif opt == "--reqcert": reqCert = True elif opt == "-l": expLabel = arg elif opt == "-L": expLength = int(arg) elif opt == "-a": alpn.append(bytearray(arg, 'utf-8')) elif opt == "--param": s = open(arg, "rb").read() if sys.version_info[0] >= 3: s = str(s, 'utf-8') dhparam = parseDH(s) elif opt == "--psk": psk = a2b_hex(arg) elif opt == "--psk-ident": psk_ident = bytearray(arg, 'utf-8') elif opt == "--psk-sha384": psk_hash = 'sha384' elif opt == "--resumption": resumption = True elif opt == "--ssl3": ssl3 = True elif opt == "--max-ver": max_ver = ver_to_tuple(arg) elif opt == "--tickets": tickets = int(arg) else: assert(False) # when no names provided, don't return array if not alpn: alpn = None if (psk and not psk_ident) or (not psk and psk_ident): printError("PSK and IDENTITY must be set together") if not argv: printError("Missing address") if len(argv)>1: printError("Too many arguments") #Split address into hostname/port tuple address = argv[0] address = address.split(":") if len(address) != 2: raise SyntaxError("Must specify <host>:<port>") address = ( address[0], int(address[1]) ) # Populate the return list retList = [address] if "k" in argString: retList.append(privateKey) if "c" in argString: retList.append(cert_chain) if "u" in argString: retList.append(username) if "p" in argString: retList.append(password) if "t" in argString: retList.append(tacks) if "v" in argString: retList.append(verifierDB) if "d" in argString: retList.append(directory) if "reqcert" in flagsList: retList.append(reqCert) if "l" in argString: retList.append(expLabel) if "L" in argString: retList.append(expLength) if "a" in argString: retList.append(alpn) if "param=" in flagsList: retList.append(dhparam) if "psk=" in flagsList: retList.append(psk) if "psk-ident=" in flagsList: retList.append(psk_ident) if "psk-sha384" in flagsList: retList.append(psk_hash) if "resumption" in flagsList: retList.append(resumption) if "ssl3" in flagsList: retList.append(ssl3) if "max-ver=" in flagsList: retList.append(max_ver) if "tickets=" in flagsList: retList.append(tickets) return retList
def handleArgs(argv, argString, flagsList=[]): # Convert to getopt argstring format: # Add ":" after each arg, ie "abc" -> "a:b:c:" getOptArgString = ":".join(argString) + ":" try: opts, argv = getopt.getopt(argv, getOptArgString, flagsList) except getopt.GetoptError as e: printError(e) # Default values if arg not present privateKey = None cert_chain = None virtual_hosts = [] v_host_cert = None username = None password = None tacks = None verifierDB = None reqCert = False directory = None expLabel = None expLength = 20 alpn = [] dhparam = None psk = None psk_ident = None psk_hash = 'sha256' resumption = False ssl3 = False max_ver = None tickets = None ciphers = [] request_pha = False require_pha = False for opt, arg in opts: if opt == "-k": s = open(arg, "rb").read() if sys.version_info[0] >= 3: s = str(s, 'utf-8') # OpenSSL/m2crypto does not support RSASSA-PSS certificates if not privateKey: privateKey = parsePEMKey(s, private=True, implementations=["python"]) else: if not v_host_cert: raise ValueError("Virtual host certificate missing " "(must be listed before key)") p_key = parsePEMKey(s, private=True, implementations=["python"]) if not virtual_hosts: virtual_hosts.append(VirtualHost()) virtual_hosts[0].keys.append( Keypair(p_key, v_host_cert.x509List)) v_host_cert = None elif opt == "-c": s = open(arg, "rb").read() if sys.version_info[0] >= 3: s = str(s, 'utf-8') if not cert_chain: cert_chain = X509CertChain() cert_chain.parsePemList(s) else: v_host_cert = X509CertChain() v_host_cert.parsePemList(s) elif opt == "-u": username = arg elif opt == "-p": password = arg elif opt == "-t": if tackpyLoaded: s = open(arg, "rU").read() tacks = Tack.createFromPemList(s) elif opt == "-v": verifierDB = VerifierDB(arg) verifierDB.open() elif opt == "-d": directory = arg elif opt == "--reqcert": reqCert = True elif opt == "-l": expLabel = arg elif opt == "-L": expLength = int(arg) elif opt == "-a": alpn.append(bytearray(arg, 'utf-8')) elif opt == "--param": s = open(arg, "rb").read() if sys.version_info[0] >= 3: s = str(s, 'utf-8') dhparam = parseDH(s) elif opt == "--psk": psk = a2b_hex(arg) elif opt == "--psk-ident": psk_ident = bytearray(arg, 'utf-8') elif opt == "--psk-sha384": psk_hash = 'sha384' elif opt == "--resumption": resumption = True elif opt == "--ssl3": ssl3 = True elif opt == "--max-ver": max_ver = ver_to_tuple(arg) elif opt == "--tickets": tickets = int(arg) elif opt == "--cipherlist": ciphers.append(arg) elif opt == "--request-pha": request_pha = True elif opt == "--require-pha": require_pha = True else: assert (False) # when no names provided, don't return array if not alpn: alpn = None if (psk and not psk_ident) or (not psk and psk_ident): printError("PSK and IDENTITY must be set together") if not argv: printError("Missing address") if len(argv) > 1: printError("Too many arguments") #Split address into hostname/port tuple address = argv[0] address = address.split(":") if len(address) != 2: raise SyntaxError("Must specify <host>:<port>") address = (address[0], int(address[1])) # Populate the return list retList = [address] if "k" in argString: retList.append(privateKey) if "c" in argString: retList.append(cert_chain) retList.append(virtual_hosts) if "u" in argString: retList.append(username) if "p" in argString: retList.append(password) if "t" in argString: retList.append(tacks) if "v" in argString: retList.append(verifierDB) if "d" in argString: retList.append(directory) if "reqcert" in flagsList: retList.append(reqCert) if "l" in argString: retList.append(expLabel) if "L" in argString: retList.append(expLength) if "a" in argString: retList.append(alpn) if "param=" in flagsList: retList.append(dhparam) if "psk=" in flagsList: retList.append(psk) if "psk-ident=" in flagsList: retList.append(psk_ident) if "psk-sha384" in flagsList: retList.append(psk_hash) if "resumption" in flagsList: retList.append(resumption) if "ssl3" in flagsList: retList.append(ssl3) if "max-ver=" in flagsList: retList.append(max_ver) if "tickets=" in flagsList: retList.append(tickets) if "cipherlist=" in flagsList: retList.append(ciphers) if "request-pha" in flagsList: retList.append(request_pha) if "require-pha" in flagsList: retList.append(require_pha) return retList
def handleArgs(argv, argString, flagsList=[]): # Convert to getopt argstring format: # Add ":" after each arg, ie "abc" -> "a:b:c:" getOptArgString = ":".join(argString) + ":" try: opts, argv = getopt.getopt(argv, getOptArgString, flagsList) except getopt.GetoptError as e: printError(e) # Default values if arg not present privateKey = None cert_chain = None username = None password = None use_fido2 = False eph_user_name_out = None eph_user_name_in = None tacks = None verifierDB = None reqCert = False fido2_db = None fido2_db_encryption_key = None fido2_modes = None force_fido2 = False pre_share_eph_user_name = False directory = None expLabel = None expLength = 20 alpn = [] dhparam = None psk = None psk_ident = None psk_hash = 'sha256' resumption = False ssl3 = False max_ver = None tickets = None verbose = False for opt, arg in opts: if opt == "-k": s = open(arg, "rb").read() if sys.version_info[0] >= 3: s = str(s, 'utf-8') # OpenSSL/m2crypto does not support RSASSA-PSS certificates privateKey = parsePEMKey(s, private=True, implementations=["python"]) elif opt == "-c": s = open(arg, "rb").read() if sys.version_info[0] >= 3: s = str(s, 'utf-8') cert_chain = X509CertChain() cert_chain.parsePemList(s) elif opt == "-u": username = arg elif opt == "-p": password = arg elif opt == "--fido2": use_fido2 = True elif opt == "--eph-uname-out": eph_user_name_out = arg elif opt == "--eph-uname-in": eph_user_name_in = arg elif opt == "-t": if tackpyLoaded: s = open(arg, "rU").read() tacks = Tack.createFromPemList(s) elif opt == "-v": verifierDB = VerifierDB(arg) verifierDB.open() elif opt == "-d": directory = arg elif opt == "--reqcert": reqCert = True elif opt == "--fido2-db": fido2_db = arg elif opt == "--db-encryption-key": s = open(arg, "rb").read() if sys.version_info[0] >= 3: s = str(s, 'utf-8') fido2_db_encryption_key = parsePEMKey(s, private=True, implementations=["python"]) elif opt == "--fido2-modes": mode_string = arg fido2_modes = [] if "i" in mode_string: fido2_modes.append(FIDO2Mode.fido2_with_id) if "n" in mode_string: fido2_modes.append(FIDO2Mode.fido2_with_name) elif opt == "--force-fido2": force_fido2 = True elif opt == "--pre-share-euname": pre_share_eph_user_name = True elif opt == "-l": expLabel = arg elif opt == "-L": expLength = int(arg) elif opt == "-a": alpn.append(bytearray(arg, 'utf-8')) elif opt == "--param": s = open(arg, "rb").read() if sys.version_info[0] >= 3: s = str(s, 'utf-8') dhparam = parseDH(s) elif opt == "--psk": psk = a2b_hex(arg) elif opt == "--psk-ident": psk_ident = bytearray(arg, 'utf-8') elif opt == "--psk-sha384": psk_hash = 'sha384' elif opt == "--resumption": resumption = True elif opt == "--ssl3": ssl3 = True elif opt == "--max-ver": max_ver = ver_to_tuple(arg) elif opt == "--tickets": tickets = int(arg) elif opt == "--verbose": verbose = True else: assert (False) # when no names provided, don't return array if not alpn: alpn = None if (psk and not psk_ident) or (not psk and psk_ident): printError("PSK and IDENTITY must be set together") if not argv: printError("Missing address") if len(argv) > 1: printError("Too many arguments") # Split address into hostname/port tuple address = argv[0] address = address.split(":") if len(address) != 2: raise SyntaxError("Must specify <host>:<port>") address = (address[0], int(address[1])) # Populate the return list retList = [address] if "k" in argString: retList.append(privateKey) if "c" in argString: retList.append(cert_chain) if "u" in argString: retList.append(username) if "p" in argString: retList.append(password) if "fido2" in flagsList: retList.append(use_fido2) if "eph-uname-out=" in flagsList: retList.append(eph_user_name_out) if "eph-uname-in=" in flagsList: retList.append(eph_user_name_in) if "t" in argString: retList.append(tacks) if "v" in argString: retList.append(verifierDB) if "d" in argString: retList.append(directory) if "reqcert" in flagsList: retList.append(reqCert) if "fido2-db=" in flagsList: retList.append(fido2_db) if "db-encryption-key=" in flagsList: retList.append(fido2_db_encryption_key) if "fido2-modes=" in flagsList: retList.append(fido2_modes) if "force-fido2" in flagsList: retList.append(force_fido2) if "pre-share-euname" in flagsList: retList.append(pre_share_eph_user_name) if "l" in argString: retList.append(expLabel) if "L" in argString: retList.append(expLength) if "a" in argString: retList.append(alpn) if "param=" in flagsList: retList.append(dhparam) if "psk=" in flagsList: retList.append(psk) if "psk-ident=" in flagsList: retList.append(psk_ident) if "psk-sha384" in flagsList: retList.append(psk_hash) if "resumption" in flagsList: retList.append(resumption) if "ssl3" in flagsList: retList.append(ssl3) if "max-ver=" in flagsList: retList.append(max_ver) if "tickets=" in flagsList: retList.append(tickets) if "verbose" in flagsList: retList.append(verbose) return retList