def x509_name_entry2tuple(entry):
bio = BIO.MemoryBuffer()
m2.asn1_string_print(bio._ptr(), m2.x509_name_entry_get_data(entry._ptr()))
return (
util.py3str(m2.obj_obj2txt(
m2.x509_name_entry_get_object(entry._ptr()), 0)),
util.py3str(bio.getvalue()))
def __str__(self):
# type: () -> str
assert m2.asn1_time_type_check(self.asn1_time), \
"'asn1_time' type error'"
buf = BIO.MemoryBuffer()
m2.asn1_time_print(buf.bio_ptr(), self.asn1_time)
return util.py3str(buf.read_all())
def get_error():
# type: () -> Optional[str]
err = BIO.MemoryBuffer()
m2.err_print_errors(err.bio_ptr())
err_msg = err.read()
if err_msg:
return util.py3str(err_msg)
def rand_file_name():
# type: () -> str
"""
Generate a default path for the random seed file.
:return: string with the filename.
The seed file is $RANDFILE if that environment variable
is set, $HOME/.rnd otherwise. If $HOME is not set either,
an error occurs.
"""
return util.py3str(m2.rand_file_name()) # pylint: disable=no-member
def get_value(self, flag=0, indent=0):
# type: (int, int) -> str
"""
Get the extension value, for example 'DNS:www.example.com'.
:param flag: Flag to control what and how to print.
:param indent: How many spaces to print before actual value.
"""
buf = BIO.MemoryBuffer()
m2.x509_ext_print(buf.bio_ptr(), self.x509_ext, flag, indent)
return util.py3str(buf.read_all())
def as_text(self, flags=0):
# type: (int) -> str
"""output an ASN1_STRING structure according to the set flags.
@param flags: determine the format of the output by using
predetermined constants, see ASN1_STRING_print_ex(3)
manpage for their meaning.
@return: output an ASN1_STRING structure.
"""
buf = BIO.MemoryBuffer()
m2.asn1_string_print_ex(buf.bio_ptr(), self.asn1str, flags)
return util.py3str(buf.read_all())
def http_get(self, s):
s.send('GET / HTTP/1.0\n\n')
resp = b''
while 1:
try:
r = s.recv(4096)
if not r:
break
except SSL.SSLError: # s_server throws an 'unexpected eof'...
break
resp = resp + r
return util.py3str(resp)
def as_text(self, flags=0):
# type: (int) -> str
"""output an ASN1_STRING structure according to the set flags.
:param flags: determine the format of the output by using
predetermined constants, see ASN1_STRING_print_ex(3)
manpage for their meaning.
:return: output an ASN1_STRING structure.
"""
buf = BIO.MemoryBuffer()
m2.asn1_string_print_ex(buf.bio_ptr(), self.asn1str, flags)
return util.py3str(buf.read_all())
def __getattr__(self, attr):
# type: (str) -> str
if attr in self.nid:
assert m2.x509_name_type_check(self.x509_name), \
"'x509_name' type error"
return util.py3str(
m2.x509_name_by_nid(self.x509_name, self.nid[attr]))
if attr in self.__dict__:
return self.__dict__[attr]
raise AttributeError(self, attr)
def http_get(self, s):
s.send(b'GET / HTTP/1.0\n\n')
resp = b''
while 1:
try:
r = s.recv(4096)
if not r:
break
except SSL.SSLError: # s_server throws an 'unexpected eof'...
break
resp = resp + r
return util.py3str(resp)
def get_fingerprint(self, md='md5'):
# type: (int) -> str
"""
Get the fingerprint of the certificate.
@param md: Message digest algorithm to use.
@return: String containing the fingerprint in hex format.
"""
der = self.as_der()
md = EVP.MessageDigest(md)
md.update(der)
digest = md.final()
return util.py3str(binascii.hexlify(digest).upper())
def test_HTTPSConnection_secure_context(self):
pid = self.start_server(self.args)
try:
self.ctx.set_verify(
SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9)
self.ctx.load_verify_locations('tests/ca.pem')
c = httpslib.HTTPSConnection(srv_host, self.srv_port,
ssl_context=self.ctx)
c.request('GET', '/')
data = util.py3str(c.getresponse().read())
c.close()
finally:
self.stop_server(pid)
self.assertIn('s_server -quiet -www', data)
def as_text(self, indent=0, flags=m2.XN_FLAG_COMPAT):
# type: (int, int) -> str
"""
as_text returns the name as a string.
:param indent: Each line in multiline format is indented
by this many spaces.
:param flags: Flags that control how the output should be formatted.
"""
assert m2.x509_name_type_check(self.x509_name), \
"'x509_name' type error"
buf = BIO.MemoryBuffer()
m2.x509_name_print_ex(buf.bio_ptr(), self.x509_name, indent, flags)
return util.py3str(buf.read_all())
def test_HTTPSConnection_resume_session(self):
pid = self.start_server(self.args)
try:
self.ctx.load_verify_locations(cafile='tests/ca.pem')
self.ctx.load_cert('tests/x509.pem')
self.ctx.set_verify(
SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 1)
self.ctx.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT)
c = httpslib.HTTPSConnection(srv_host,
self.srv_port,
ssl_context=self.ctx)
c.request('GET', '/')
ses = c.get_session()
t = ses.as_text()
data = c.getresponse().read()
# Appearently closing connection here screws session; Ali Polatel?
# c.close()
ctx2 = SSL.Context()
ctx2.load_verify_locations(cafile='tests/ca.pem')
ctx2.load_cert('tests/x509.pem')
ctx2.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert,
1)
ctx2.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT)
c2 = httpslib.HTTPSConnection(srv_host,
self.srv_port,
ssl_context=ctx2)
c2.set_session(ses)
c2.request('GET', '/')
ses2 = c2.get_session()
t2 = ses2.as_text()
data = util.py3str(c2.getresponse().read())
c.close()
c2.close()
self.assertEqual(t, t2, "Sessions did not match")
finally:
self.stop_server(pid)
self.assertIn('s_server -quiet -www', data)
def get_error_func(err):
# type: (int) -> str
return util.py3str(m2.err_func_error_string(err))
def __str__(self):
# type: () -> str
return util.py3str(self.__bytes__())
def name(self):
# type: () -> str
return util.py3str(m2.ssl_cipher_get_name(self.cipher))
def get_cipher_list(self, idx=0):
# type: (int) -> str
"""Return the cipher suites for this connection as a string object."""
return util.py3str(m2.ssl_get_cipher_list(self.ssl, idx))
def get_version(self):
# type: () -> str
"""Return the TLS/SSL protocol version for this connection."""
return util.py3str(m2.ssl_get_version(self.ssl))
def test_py3str_None(self):
with self.assertRaises(TypeError):
util.py3str(None)
def name(self):
# type: () -> str
return util.py3str(m2.ssl_cipher_get_name(self.cipher))
def test_py3str_str(self):
self.assertIsInstance(util.py3str(u'test'), six.string_types)
def get_x509_verify_error(err):
# type: (int) -> str
return util.py3str(m2.x509_get_verify_error(err))
def get_error_reason(err):
# type: (int) -> str
return util.py3str(m2.err_reason_error_string(err))
def stop_server(self, pid):
pid.terminate()
out, err = pid.communicate()
return util.py3str(out), util.py3str(err)
def x509_name_entry2tuple(entry):
bio = BIO.MemoryBuffer()
m2.asn1_string_print(bio._ptr(), m2.x509_name_entry_get_data(entry._ptr()))
return (util.py3str(
m2.obj_obj2txt(m2.x509_name_entry_get_object(entry._ptr()),
0)), util.py3str(bio.getvalue()))
def get_error_message():
# type: () -> str
return util.py3str(get_error_reason(get_error_code()))
def get_name(self):
# type: () -> str
"""
Get the extension name, for example 'subjectAltName'.
"""
return util.py3str(m2.x509_extension_get_name(self.x509_ext))
def test_py3str(self):
self.assertIsInstance(util.py3str('test'), str)
def __str__(self):
# type: () -> str
s = 'Peer certificate %s does not match host, expected %s, got %s' \
% (self.fieldName, self.expectedHost, self.actualHost)
return util.py3str(s)
def test_py3str_bytearray(self):
self.assertIsInstance(util.py3str(bytearray(b'test')), str)
def __str__(self):
# type: () -> str
return util.py3str(self.__bytes__())
def get_error_func(err):
# type: (int) -> str
return util.py3str(m2.err_func_error_string(err))
def rand_file_name():
# type: () -> str
return util.py3str(m2.rand_file_name())
def as_text(self):
# type: () -> str
buf = BIO.MemoryBuffer()
m2.x509_req_print(buf.bio_ptr(), self.req)
return util.py3str(buf.read_all())
def get_error_reason(err):
# type: (int) -> str
return util.py3str(m2.err_reason_error_string(err))
def as_text(self):
# type: () -> str
assert m2.x509_type_check(self.x509), "'x509' type error"
buf = BIO.MemoryBuffer()
m2.x509_print(buf.bio_ptr(), self.x509)
return util.py3str(buf.read_all())
def get_x509_verify_error(err):
# type: (int) -> str
return util.py3str(m2.x509_get_verify_error(err))
def __call__(self, peerCert, host=None):
# type: (X509.X509, Optional[str]) -> bool
if peerCert is None:
raise NoCertificate('peer did not return certificate')
if host is not None:
self.host = host # type: str
if self.fingerprint:
if self.digest not in ('sha1', 'md5'):
raise ValueError('unsupported digest "%s"' % self.digest)
if self.digest == 'sha1':
expected_len = 40
elif self.digest == 'md5':
expected_len = 32
else:
raise ValueError('Unexpected digest {0}'.format(self.digest))
if len(self.fingerprint) != expected_len:
raise WrongCertificate(
('peer certificate fingerprint length does not match\n' +
'fingerprint: {0}\nexpected = {1}\n' +
'observed = {2}').format(self.fingerprint,
expected_len,
len(self.fingerprint)))
expected_fingerprint = util.py3str(self.fingerprint)
observed_fingerprint = peerCert.get_fingerprint(md=self.digest)
if observed_fingerprint != expected_fingerprint:
raise WrongCertificate(
('peer certificate fingerprint does not match\n' +
'expected = {0},\n' +
'observed = {1}').format(expected_fingerprint,
observed_fingerprint))
if self.host:
hostValidationPassed = False
self.useSubjectAltNameOnly = False
# subjectAltName=DNS:somehost[, ...]*
try:
subjectAltName = peerCert.get_ext('subjectAltName').get_value()
if self._splitSubjectAltName(self.host, subjectAltName):
hostValidationPassed = True
elif self.useSubjectAltNameOnly:
raise WrongHost(expectedHost=self.host,
actualHost=subjectAltName,
fieldName='subjectAltName')
except LookupError:
pass
# commonName=somehost[, ...]*
if not hostValidationPassed:
hasCommonName = False
commonNames = ''
for entry in peerCert.get_subject().get_entries_by_nid(
m2.NID_commonName):
hasCommonName = True
commonName = entry.get_data().as_text()
if not commonNames:
commonNames = commonName
else:
commonNames += ',' + commonName
if self._match(self.host, commonName):
hostValidationPassed = True
break
if not hasCommonName:
raise WrongCertificate('no commonName in peer certificate')
if not hostValidationPassed:
raise WrongHost(expectedHost=self.host,
actualHost=commonNames,
fieldName='commonName')
return True
def rand_file_name():
# type: () -> str
return util.py3str(m2.rand_file_name())
