Example #1
0
    def _createSSLEngine(self, addr, hostname=None, cert_file=None, key_file=None):
        trust_managers = [NoVerifyX509TrustManager()]
        if self.verify_mode == CERT_REQUIRED:
            tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
            tmf.init(self._trust_store)
            trust_managers = [CompositeX509TrustManager(tmf.getTrustManagers())]

        context = _JavaSSLContext.getInstance(self._protocol_name)

        if self._key_managers is None:
            context.init(
                _get_openssl_key_manager(
                    cert_file=cert_file, key_file=key_file).getKeyManagers(),
                trust_managers, None)
        else:
            context.init(
                self._key_managers.getKeyManagers(),
                trust_managers, None)

        # addr could be ipv6, only extract relevant parts
        engine = context.createSSLEngine((hostname or addr[0]), addr[1])

        # apparently this can be used to enforce hostname verification
        if hostname is not None and self._check_hostname:
            params = engine.getSSLParameters()
            params.setEndpointIdentificationAlgorithm('HTTPS')
            engine.setSSLParameters(params)

        if self._ciphers is not None:
            engine.setEnabledCipherSuites(self._ciphers)

        return engine
Example #2
0
    def _createSSLEngine(self, addr, hostname=None, cert_file=None, key_file=None):
        trust_managers = [NoVerifyX509TrustManager()]
        if self.verify_mode == CERT_REQUIRED:
            tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
            tmf.init(self._trust_store)
            trust_managers = [CompositeX509TrustManager(tmf.getTrustManagers())]

        context = _JavaSSLContext.getInstance(self._protocol_name)

        if self._key_managers is None:
            context.init(
                _get_openssl_key_manager(
                    cert_file=cert_file, key_file=key_file).getKeyManagers(),
                trust_managers, None)
        else:
            context.init(
                self._key_managers.getKeyManagers(),
                trust_managers, None)

        if hostname is not None:
            engine = context.createSSLEngine(hostname, addr[1])
        else:
            engine = context.createSSLEngine(*addr)

        # apparently this can be used to enforce hostname verification
        if hostname is not None and self._check_hostname:
            params = engine.getSSLParameters()
            params.setEndpointIdentificationAlgorithm('HTTPS')
            engine.setSSLParameters(params)

        if self._ciphers is not None:
            engine.setEnabledCipherSuites(self._ciphers)

        return engine
Example #3
0
    def _createSSLEngine(self,
                         addr,
                         hostname=None,
                         cert_file=None,
                         key_file=None,
                         server_side=False):
        tmf = InsecureTrustManagerFactory.INSTANCE
        if self.verify_mode != CERT_NONE:
            # XXX need to refactor so we don't have to get trust managers twice
            stmf = SimpleTrustManagerFactory.getInstance(
                SimpleTrustManagerFactory.getDefaultAlgorithm())
            stmf.init(self._trust_store)

            tmf = CompositeX509TrustManagerFactory(stmf.getTrustManagers())
            tmf.init(self._trust_store)

        kmf = self._key_managers
        if self._key_managers is None:
            kmf = _get_openssl_key_manager(cert_file=cert_file,
                                           key_file=key_file)

        context_builder = None

        if not server_side:
            context_builder = SslContextBuilder.forClient()

        if kmf:
            if server_side:
                context_builder = SslContextBuilder.forServer(kmf)
            else:
                context_builder = context_builder.keyManager(kmf)

        context_builder = context_builder.trustManager(tmf)
        context_builder = context_builder.sslProvider(SslProvider.JDK)
        context_builder = context_builder.clientAuth(
            _CERT_TO_CLIENT_AUTH[self.verify_mode])

        if self._ciphers is not None:
            context_builder = context_builder.ciphers(self._ciphers)

        if self._check_hostname:
            engine = context_builder.build().newEngine(
                ByteBufAllocator.DEFAULT, hostname, addr[1])
            if HAS_SNI:
                params = engine.getSSLParameters()
                params.setEndpointIdentificationAlgorithm('HTTPS')
                params.setServerNames([SNIHostName(hostname)])
                engine.setSSLParameters(params)
        else:
            engine = context_builder.build().newEngine(
                ByteBufAllocator.DEFAULT, addr[0], addr[1])

        return engine
Example #4
0
    def _createSSLEngine(self):
        trust_managers = [NoVerifyX509TrustManager()]
        if self.verify_mode == CERT_REQUIRED:
            tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
            tmf.init(self._trust_store)
            trust_managers = tmf.getTrustManagers()

        if self._key_managers is None:  # get an e
            self._context.init(_get_openssl_key_manager().getKeyManagers(), trust_managers, None)
        else:
            self._context.init(self._key_managers.getKeyManagers(), trust_managers, None)

        engine = self._context.createSSLEngine()

        if self._ciphers is not None:
            engine.setEnabledCipherSuites(self._ciphers)

        return engine
Example #5
0
    def _createSSLEngine(self, addr, hostname=None, cert_file=None, key_file=None, server_side=False):
        tmf = InsecureTrustManagerFactory.INSTANCE
        if self.verify_mode != CERT_NONE:
            # XXX need to refactor so we don't have to get trust managers twice
            stmf = SimpleTrustManagerFactory.getInstance(SimpleTrustManagerFactory.getDefaultAlgorithm())
            stmf.init(self._trust_store)

            tmf = CompositeX509TrustManagerFactory(stmf.getTrustManagers())
            tmf.init(self._trust_store)

        kmf = self._key_managers
        if self._key_managers is None:
            kmf = _get_openssl_key_manager(cert_file=cert_file, key_file=key_file)

        context_builder = None

        if not server_side:
            context_builder = SslContextBuilder.forClient()

        if kmf:
            if server_side:
                context_builder = SslContextBuilder.forServer(kmf)
            else:
                context_builder = context_builder.keyManager(kmf)

        context_builder = context_builder.trustManager(tmf)
        context_builder = context_builder.sslProvider(SslProvider.JDK)
        context_builder = context_builder.clientAuth(_CERT_TO_CLIENT_AUTH[self.verify_mode])

        if self._ciphers is not None:
            context_builder = context_builder.ciphers(self._ciphers)

        if self._check_hostname:
            engine = context_builder.build().newEngine(ByteBufAllocator.DEFAULT, hostname, addr[1])
            if HAS_SNI:
                params = engine.getSSLParameters()
                params.setEndpointIdentificationAlgorithm('HTTPS')
                params.setServerNames([SNIHostName(hostname)])
                engine.setSSLParameters(params)
        else:
            engine = context_builder.build().newEngine(ByteBufAllocator.DEFAULT, addr[0], addr[1])

        return engine
Example #6
0
    def _createSSLEngine(self):
        trust_managers = [NoVerifyX509TrustManager()]
        if self.verify_mode == CERT_REQUIRED:
            tmf = TrustManagerFactory.getInstance(
                TrustManagerFactory.getDefaultAlgorithm())
            tmf.init(self._trust_store)
            trust_managers = tmf.getTrustManagers()

        if self._key_managers is None:  # get an e
            self._context.init(_get_openssl_key_manager().getKeyManagers(),
                               trust_managers, None)
        else:
            self._context.init(self._key_managers.getKeyManagers(),
                               trust_managers, None)

        engine = self._context.createSSLEngine()

        if self._ciphers is not None:
            engine.setEnabledCipherSuites(self._ciphers)

        return engine
Example #7
0
 def load_cert_chain(self, certfile, keyfile=None, password=None):
     try:
         self._key_managers = _get_openssl_key_manager(certfile, keyfile, password, _key_store=self._key_store)
     except IllegalArgumentException as err:
         raise SSLError(SSL_ERROR_SSL, "PEM lib ({})".format(err))
Example #8
0
 def load_cert_chain(self, certfile, keyfile=None, password=None):
     self._key_managers = _get_openssl_key_manager(certfile, keyfile, password, _key_store=self._key_store)
Example #9
0
 def load_cert_chain(self, certfile, keyfile=None, password=None):
     self._key_managers = _get_openssl_key_manager(
         certfile, keyfile, password, _key_store=self._key_store)