def _onIncoming( self, sslConn, peerKey, incomingName, peerKeyID,
serviceName ) :
assert self.sm.current() == self.ONLINE
if not isValidUserName(incomingName) :
sslAbort( sslConn )
return
if not isValidServiceName(serviceName) :
sslAbort( sslConn )
return
contact = self.profile.getContactByPublicKey( peerKey )
if contact is None :
contactName = peerKeyID
else :
contactName = contact.name
if serviceName not in self.services :
action = ACCESS_DENY
else :
action = self.permissions.execute( contactName,
serviceName )
def onActionDone( result ) :
self.sm.removeCallback( callbackId )
if action == ACCESS_DENY :
actionOp = self._rejectIncoming( sslConn, onActionDone )
else:
# elif action == ACCESS_ALLOW :
actionOp = self._acceptIncoming( sslConn, serviceName,
peerKey, contactName, peerKeyID, incomingName, onActionDone )
# else :
# assert action == ACCESS_PROMPT
# actionOp = self._promptIncoming( sslConn, serviceName,
# peerKey, contactName, incomingName, onActionDone )
callbackId = self.sm.insertCallback( actionOp.cancel,
src=self.ONLINE, single=True )
def _authenticateUser( sock, sslContext, remotePublicKey, reactor, callback=None ) :
def doCancel() :
connectOp.cancel()
sslAbort( sslConn )
def onSSLConnect( err ) :
global logger
if err is not None :
logger.error( 'ssl connect err=%s' % str(err) )
sslAbort( sslConn )
op.notify( None )
return
try :
peerCert = sslConn.getPeerCertificate()
peerKey = RSAKey()
peerKey.fromPKey_PublicKey(peerCert.get_pubkey())
CN = peerCert.get_subject().CN
if CN.count('@'):
peerName, peerKeyID = CN.split('@')
else:
peerName, peerKeyID = CN, ''
except (SSLError,X509Error,RSAError), e :
logger.exception( 'ssl connect error' )
sslAbort( sslConn )
op.notify( None )
return
if peerKey.toDER_PublicKey() != remotePublicKey.toDER_PublicKey() :
logger.error( 'ssl connect public key mismatch' )
sslAbort( sslConn )
op.notify( None )
return
# logger.info('onSSLConnect SUCCESSFUL with %s' % str(peerName))
op.notify( sslConn )
def onRead( data ) :
del self.otherOps[op]
if data is None :
return
sslConn,peerKey,peerName,serviceName = data
if self.incomingCallback is None :
sslAbort( sslConn )
return
self.incomingCallback( sslConn, peerKey, peerName, serviceName )
def shutdown( self, deferred=False ) :
if self.state == self.CONNECTING :
self.connectOp.cancel()
elif self.state == self.LISTENER :
self.appletServer.unregisterListener( self.listenerName )
elif self.state == self.WAITING_BRIDGE :
sslAbort( self.peerSSLConn )
self.stream.close( deferred )
self._setClosed()
def onRead(data):
del self.otherOps[op]
if data is None:
return
sslConn, peerKey, peerName, serviceName = data
if self.incomingCallback is None:
sslAbort(sslConn)
return
self.incomingCallback(sslConn, peerKey, peerName, serviceName)
def onAccept(sslConn):
if sslConn is None:
op.notify(False)
return
serviceCallback = self.services.get(serviceName)
if serviceCallback is None:
sslAbort(sslConn)
op.notify(False)
return
serviceCallback(sslConn, peerKey, contactName, incomingName)
op.notify(True)
def onAccept( sslConn ) :
if sslConn is None :
op.notify( False )
return
serviceCallback = self.services.get( serviceName )
if serviceCallback is None :
sslAbort( sslConn )
op.notify( False )
return
serviceCallback( sslConn, peerKey, contactName, peerKeyID,
incomingName )
op.notify( True )
def onSSLConnect( err ) :
if err is not None :
logger.error( 'ssl connect err=%s' % str(err) )
sslAbort( sslConn )
op.notify( None )
return
try :
peerCert = sslConn.getPeerCertificate()
peerKey = peerCert.getPublicKey()
except (SSLError,X509Error), e :
logger.exception( 'ssl connect error' )
sslAbort( sslConn )
op.notify( None )
return
def onSSLAccept( err ) :
if err is not None :
sslAbort( sslConn )
op.notify( None )
return
try :
peerCert = sslConn.getPeerCertificate()
peerKey = peerCert.getPublicKey()
peerName = peerCert.getSubject().lookupEntry('commonName')
except (SSLError,X509Error) :
sslAbort( sslConn )
op.notify( None )
return
data = (sslConn,peerKey,peerName)
op.notify( data )
def onSSLAccept(err):
if err is not None:
sslAbort(sslConn)
op.notify(None)
return
try:
peerCert = sslConn.getPeerCertificate()
peerKey = peerCert.getPublicKey()
peerName = peerCert.getSubject().lookupEntry('commonName')
except (SSLError, X509Error):
sslAbort(sslConn)
op.notify(None)
return
data = (sslConn, peerKey, peerName)
op.notify(data)
def onSSLConnect( err ) :
global logger
if err is not None :
logger.error( 'ssl connect err=%s' % str(err) )
sslAbort( sslConn )
op.notify( None )
return
try :
peerCert = sslConn.getPeerCertificate()
peerKey = RSAKey()
peerKey.fromPKey_PublicKey(peerCert.get_pubkey())
CN = peerCert.get_subject().CN
if CN.count('@'):
peerName, peerKeyID = CN.split('@')
else:
peerName, peerKeyID = CN, ''
except (SSLError,X509Error,RSAError), e :
logger.exception( 'ssl connect error' )
sslAbort( sslConn )
op.notify( None )
return
def onSSLAccept( err ) :
global logger
if err is not None :
sslAbort( sslConn )
op.notify( None )
return
try :
peerCert = sslConn.getPeerCertificate()
peerKey = RSAKey()
peerKey.fromPKey_PublicKey(peerCert.get_pubkey())
CN = peerCert.get_subject().CN
if CN.count('@'):
peerName, peerKeyID = CN.split('@')
else:
peerName, peerKeyID = CN, ''
except (SSLError,X509Error,RSAError) :
logger.exception('ssl accept error')
sslAbort( sslConn )
op.notify( None )
return
data = (sslConn,peerKey,peerName,peerKeyID)
# logger.info('onSSLAccept SUCCESSFUL with %s' % str(peerName))
op.notify( data )
def _authenticateUser( sock, sslContext, remotePublicKey, reactor, callback=None ) :
def doCancel() :
connectOp.cancel()
sslAbort( sslConn )
def onSSLConnect( err ) :
if err is not None :
logger.error( 'ssl connect err=%s' % str(err) )
sslAbort( sslConn )
op.notify( None )
return
try :
peerCert = sslConn.getPeerCertificate()
peerKey = peerCert.getPublicKey()
except (SSLError,X509Error), e :
logger.exception( 'ssl connect error' )
sslAbort( sslConn )
op.notify( None )
return
if peerKey.toDER_PublicKey() != remotePublicKey.toDER_PublicKey() :
logger.error( 'ssl connect public key mismatch' )
sslAbort( sslConn )
op.notify( None )
return
op.notify( sslConn )
def _onIncoming(self, sslConn, peerKey, incomingName, serviceName):
assert self.sm.current() == self.ONLINE
if not isValidUserName(incomingName):
sslAbort(sslConn)
return
if not isValidServiceName(serviceName):
sslAbort(sslConn)
return
contact = self.profile.getContactByPublicKey(peerKey)
if contact is None:
contactName = ''
else:
contactName = contact.name
if serviceName not in self.services:
action = ACCESS_DENY
else:
action = self.permissions.execute(contactName, serviceName)
def onActionDone(result):
self.sm.removeCallback(callbackId)
if action == ACCESS_DENY:
actionOp = self._rejectIncoming(sslConn, onActionDone)
elif action == ACCESS_ALLOW:
actionOp = self._acceptIncoming(sslConn, serviceName, peerKey,
contactName, incomingName,
onActionDone)
else:
assert action == ACCESS_PROMPT
actionOp = self._promptIncoming(sslConn, serviceName, peerKey,
contactName, incomingName,
onActionDone)
callbackId = self.sm.insertCallback(actionOp.cancel,
src=self.ONLINE,
single=True)
def onReject(sslConn):
if sslConn is None:
op.notify(False)
return
sslAbort(sslConn)
op.notify(True)
def doCancel() :
ms.shutdown()
sslAbort( sslConn )
def doCancel():
acceptOp.cancel()
sslAbort(sslConn)
def clearConnections( self ) :
for sslConn,peerKey,timerOp in self.connections.values() :
sslAbort( sslConn )
timerOp.cancel()
self.connections.clear()
def _onTimeout( self, connectionId ) :
sslConn,peerKey,timerOp = self.connections.pop( connectionId )
sslAbort( sslConn )
def doCancel() :
acceptOp.cancel()
sslAbort( sslConn )
def doCancel() :
promptOp.cancel()
sslAbort( sslConn )
def doCancel():
promptOp.cancel()
sslAbort(sslConn)
def onReject( sslConn ) :
if sslConn is None :
op.notify( False )
return
sslAbort( sslConn )
op.notify( True )
def doCancel() :
connectOp.cancel()
sslAbort( sslConn )
