class NSPRConnection(httplib.HTTPConnection):
default_port = httplib.HTTPConnection.default_port
def __init__(self, host, port=None, strict=None):
httplib.HTTPConnection.__init__(self, host, port, strict)
logging.debug('%s init %s', self.__class__.__name__, host)
if not nss.nss_is_initialized(): nss.nss_init_nodb()
self.sock = None
def connect(self):
logging.debug("connect: host=%s port=%s", self.host, self.port)
try:
addr_info = io.AddrInfo(self.host)
except Exception, e:
logging.error("could not resolve host address \"%s\"", self.host)
raise
for net_addr in addr_info:
net_addr.port = self.port
self.sock = io.Socket(net_addr.family)
try:
logging.debug("try connect: %s", net_addr)
self.sock.connect(net_addr,
timeout=io.seconds_to_interval(timeout_secs))
logging.debug("connected to: %s", net_addr)
return
except Exception, e:
logging.debug("connect failed: %s (%s)", net_addr, e)
def connect(self):
log.info("connect: host=%s port=%s", self.host, self.port)
try:
addr_info = io.AddrInfo(self.host)
except Exception as e:
log.error("could not resolve host address '%s'", self.host)
raise
for net_addr in addr_info:
net_addr.port = self.port
self._create_socket(net_addr.family)
try:
log.info("try connect: %s", net_addr)
self.sock.connect(net_addr,
timeout=io.seconds_to_interval(
self._timeout))
except Exception as e:
log.info("connect failed: %s (%s)", net_addr, e)
else:
log.info("connected to: %s", net_addr)
break
else:
raise IOError(
errno.ENOTCONN,
"Could not connect to %s at port %d" % (self.host, self.port))
def ssl_connect():
print("SSL connect to: %s" % options.hostname)
valid_addr = False
# Get the IP Address of our server
try:
addr_info = io.AddrInfo(options.hostname)
except:
print("ERROR: could not resolve hostname \"%s\"" % options.hostname)
return
for net_addr in addr_info:
net_addr.port = options.port
sock = ssl.SSLSocket(net_addr.family)
# Set client SSL socket options
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
sock.set_hostname(options.hostname)
try:
sock.set_ssl_version_range("tls1.0", "tls1.3")
except NSPRError as e:
print("Cannot enable TLS 1.3, {}".format(e))
# Provide a callback which notifies us when the SSL handshake is
# complete
sock.set_handshake_callback(handshake_callback)
try:
print("try connecting to: %s" % (net_addr))
sock.connect(net_addr,
timeout=io.seconds_to_interval(TIMEOUT_SECS))
print("connected to: %s" % (net_addr))
valid_addr = True
break
except:
continue
if not valid_addr:
print("ERROR: could not connect to \"%s\"" % options.hostname)
return
try:
# Talk to the server
n_received = 0
sock.send(REQUEST.encode('utf-8'))
while True:
buf = sock.recv(1024)
n_received += len(buf)
if not buf:
break
except Exception as e:
print(e)
sock.shutdown()
return
sock.shutdown()
return
def client():
valid_addr = False
# Get the IP Address of our server
try:
addr_info = io.AddrInfo(options.hostname)
except:
print("ERROR: could not resolve hostname \"%s\"" % options.hostname)
return
for net_addr in addr_info:
net_addr.port = options.port
sock = ssl.SSLSocket(net_addr.family)
# Set client SSL socket options
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
sock.set_hostname(options.hostname)
# Provide a callback which notifies us when the SSL handshake is
# complete
sock.set_handshake_callback(handshake_callback)
# Provide a callback to verify the servers certificate
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
try:
print("try connecting to: %s" % (net_addr))
sock.connect(net_addr,
timeout=io.seconds_to_interval(timeout_secs))
print("connected to: %s" % (net_addr))
valid_addr = True
break
except:
continue
if not valid_addr:
print("ERROR: could not connect to \"%s\"" % options.hostname)
return
try:
# Talk to the server
n_received = 0
sock.send(request.encode('utf-8'))
while True:
buf = sock.recv(1024)
n_received += len(buf)
if not buf:
print("\nclient lost connection, received %d bytes" %
(n_received))
break
except Exception as e:
print(e)
sock.shutdown()
return
sock.shutdown()
return
def settimeout(self, timeout):
if timeout is socket._GLOBAL_DEFAULT_TIMEOUT:
timeout = socket.getdefaulttimeout()
if timeout is None:
timeout = io.PR_INTERVAL_NO_TIMEOUT
elif isinstance(timeout, float):
# fraction of seconds
timeout = int(TICKS_SEC * timeout)
else:
timeout = io.seconds_to_interval(timeout)
self._timeout = timeout
def client():
valid_addr = False
# Get the IP Address of our server
try:
addr_info = io.AddrInfo(hostname)
except:
print "ERROR: could not resolve hostname \"%s\"" % hostname
return
for net_addr in addr_info:
net_addr.port = port
sock = ssl.SSLSocket(net_addr.family)
# Set client SSL socket options
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
sock.set_hostname(hostname)
# Provide a callback which notifies us when the SSL handshake is
# complete
sock.set_handshake_callback(handshake_callback)
# Provide a callback to verify the servers certificate
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
try:
print "try connecting to: %s" % (net_addr)
sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs))
print "connected to: %s" % (net_addr)
valid_addr = True
break
except:
continue
if not valid_addr:
print "ERROR: could not connect to \"%s\"" % hostname
return
try:
# Talk to the server
n_received = 0
sock.send(request)
while True:
buf = sock.recv(1024)
n_received += len(buf)
if not buf:
print "\nclient lost connection, received %d bytes" % (n_received)
break
except Exception, e:
print e.strerror
sock.shutdown()
return
class NSSConnection(httplib.HTTPConnection):
default_port = httplib.HTTPSConnection.default_port
def __init__(self, host, port=None, strict=None, dbdir=None, nickname=None, password=None):
httplib.HTTPConnection.__init__(self, host, port, strict)
if not dbdir:
raise RuntimeError("dbdir is required")
logging.debug('%s init host=%s dbdir=%s', self.__class__.__name__, host, dbdir)
if not nss.nss_is_initialized(): nss.nss_init(dbdir)
self.nickname = nickname
self.password = password
self.sock = None
ssl.set_domestic_policy()
nss.set_password_callback(password_callback)
def _create_socket(self, family):
self.sock = ssl.SSLSocket(family)
self.sock.set_ssl_option(ssl.SSL_SECURITY, True)
self.sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
self.sock.set_hostname(self.host)
# Provide a callback which notifies us when the SSL handshake is complete
self.sock.set_handshake_callback(handshake_callback)
# Provide a callback to verify the servers certificate
self.sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
if self.nickname and self.password:
self.sock.set_client_auth_data_callback(client_auth_data_callback, self.nickname,self.password, nss.get_default_certdb())
def connect(self):
logging.debug("connect: host=%s port=%s", self.host, self.port)
try:
addr_info = io.AddrInfo(self.host)
except Exception, e:
logging.error("could not resolve host address \"%s\"", self.host)
raise
for net_addr in addr_info:
net_addr.port = self.port
self._create_socket(net_addr.family)
try:
logging.debug("try connect: %s", net_addr)
self.sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs))
logging.debug("connected to: %s", net_addr)
return
except Exception, e:
logging.debug("connect failed: %s (%s)", net_addr, e)
def connect(self):
logging.debug("connect: host=%s port=%s", self.host, self.port)
try:
addr_info = io.AddrInfo(self.host)
except Exception as e:
logging.error("could not resolve host address \"%s\"", self.host)
raise
for net_addr in addr_info:
net_addr.port = self.port
self.sock = io.Socket(net_addr.family)
try:
logging.debug("try connect: %s", net_addr)
self.sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs))
logging.debug("connected to: %s", net_addr)
return
except Exception as e:
logging.debug("connect failed: %s (%s)", net_addr, e)
raise IOError(errno.ENOTCONN, "could not connect to %s at port %d" % (self.host, self.port))
def connect(self):
log.info("connect: host=%s port=%s", self.host, self.port)
try:
addr_info = io.AddrInfo(self.host)
except Exception as e:
log.error("could not resolve host address '%s'", self.host)
raise
for net_addr in addr_info:
net_addr.port = self.port
self._create_socket(net_addr.family)
try:
log.info("try connect: %s", net_addr)
self.sock.connect(net_addr,
timeout=io.seconds_to_interval(self._timeout))
except Exception as e:
log.info("connect failed: %s (%s)", net_addr, e)
else:
log.info("connected to: %s", net_addr)
break
else:
raise IOError(errno.ENOTCONN,
"Could not connect to %s at port %d" % (self.host, self.port))
def client(request):
if use_ssl:
if info:
print("client: using SSL")
ssl.set_domestic_policy()
# Get the IP Address of our server
try:
addr_info = io.AddrInfo(hostname)
except Exception as e:
print("client: could not resolve host address \"%s\"" % hostname, file=sys.stderr)
return
for net_addr in addr_info:
net_addr.port = port
if use_ssl:
sock = ssl.SSLSocket(net_addr.family)
# Set client SSL socket options
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
sock.set_hostname(hostname)
# Provide a callback which notifies us when the SSL handshake is complete
sock.set_handshake_callback(handshake_callback)
# Provide a callback to supply our client certificate info
sock.set_client_auth_data_callback(client_auth_data_callback, client_nickname,
password, nss.get_default_certdb())
# Provide a callback to verify the servers certificate
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
else:
sock = io.Socket(net_addr.family)
try:
if verbose:
print("client trying connection to: %s" % (net_addr))
sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs))
if verbose:
print("client connected to: %s" % (net_addr))
break
except Exception as e:
sock.close()
print("client: connection to: %s failed (%s)" % (net_addr, e), file=sys.stderr)
# Talk to the server
try:
if info:
print("client: sending \"%s\"" % (request))
data = request + "\n"; # newline is protocol record separator
sock.send(data.encode('utf-8'))
buf = sock.readline()
if not buf:
print("client: lost connection", file=sys.stderr)
sock.close()
return
buf = buf.decode('utf-8')
buf = buf.rstrip() # remove newline record separator
if info:
print("client: received \"%s\"" % (buf))
except Exception as e:
print("client: %s" % e, file=sys.stderr)
try:
sock.close()
except:
pass
return
try:
sock.shutdown()
except Exception as e:
print("client: %s" % e, file=sys.stderr)
try:
sock.close()
if use_ssl:
ssl.clear_session_cache()
except Exception as e:
print("client: %s" % e, file=sys.stderr)
return buf
# Provide a callback which notifies us when the SSL handshake is complete
sock.set_handshake_callback(handshake_callback)
# Provide a callback to supply our client certificate info
sock.set_client_auth_data_callback(client_auth_data_callback, client_nickname,
password, nss.get_default_certdb())
# Provide a callback to verify the servers certificate
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
else:
sock = io.Socket(net_addr.family)
try:
if verbose: print "client trying connection to: %s" % (net_addr)
sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs))
if verbose: print "client connected to: %s" % (net_addr)
valid_addr = True
break
except Exception, e:
sock.close()
print >>sys.stderr, "client: connection to: %s failed (%s)" % (net_addr, e)
if not valid_addr:
print >>sys.stderr, "Could not establish valid address for \"%s\" in family %s" % \
(hostname, io.addr_family_name(family))
return
# Talk to the server
try:
if info: print "client: sending \"%s\"" % (request)
def client(request):
if use_ssl:
if info:
print("client: using SSL")
ssl.set_domestic_policy()
# Get the IP Address of our server
try:
addr_info = io.AddrInfo(hostname)
except Exception as e:
print("client: could not resolve host address \"%s\"" % hostname,
file=sys.stderr)
return
for net_addr in addr_info:
net_addr.port = port
if use_ssl:
sock = ssl.SSLSocket(net_addr.family)
# Set client SSL socket options
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
sock.set_hostname(hostname)
# Provide a callback which notifies us when the SSL handshake is complete
sock.set_handshake_callback(handshake_callback)
# Provide a callback to supply our client certificate info
sock.set_client_auth_data_callback(client_auth_data_callback,
client_nickname, password,
nss.get_default_certdb())
# Provide a callback to verify the servers certificate
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
else:
sock = io.Socket(net_addr.family)
try:
if verbose:
print("client trying connection to: %s" % (net_addr))
sock.connect(net_addr,
timeout=io.seconds_to_interval(timeout_secs))
if verbose:
print("client connected to: %s" % (net_addr))
break
except Exception as e:
sock.close()
print("client: connection to: %s failed (%s)" % (net_addr, e),
file=sys.stderr)
# Talk to the server
try:
if info:
print("client: sending \"%s\"" % (request))
data = request + "\n"
# newline is protocol record separator
sock.send(data.encode('utf-8'))
buf = sock.readline()
if not buf:
print("client: lost connection", file=sys.stderr)
sock.close()
return
buf = buf.decode('utf-8')
buf = buf.rstrip() # remove newline record separator
if info:
print("client: received \"%s\"" % (buf))
except Exception as e:
print("client: %s" % e, file=sys.stderr)
try:
sock.close()
except:
pass
return
try:
sock.shutdown()
except Exception as e:
print("client: %s" % e, file=sys.stderr)
try:
sock.close()
if use_ssl:
ssl.clear_session_cache()
except Exception as e:
print("client: %s" % e, file=sys.stderr)
return buf
# Provide a callback to supply our client certificate info
sock.set_client_auth_data_callback(client_auth_data_callback,
client_nickname, password,
nss.get_default_certdb())
# Provide a callback to verify the servers certificate
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
else:
sock = io.Socket(net_addr.family)
try:
if verbose: print "client trying connection to: %s" % (net_addr)
sock.connect(net_addr,
timeout=io.seconds_to_interval(timeout_secs))
if verbose: print "client connected to: %s" % (net_addr)
valid_addr = True
break
except Exception, e:
sock.close()
print >> sys.stderr, "client: connection to: %s failed (%s)" % (
net_addr, e)
if not valid_addr:
print >>sys.stderr, "Could not establish valid address for \"%s\" in family %s" % \
(hostname, io.addr_family_name(family))
return
# Talk to the server
try:
def Client():
valid_addr = False
# Get the IP Address of our server
try:
addr_info = io.AddrInfo(options.hostname)
except Exception as e:
print("could not resolve host address \"%s\"" % options.hostname)
return
for net_addr in addr_info:
if options.family != io.PR_AF_UNSPEC:
if net_addr.family != options.family:
continue
net_addr.port = options.port
if options.use_ssl:
sock = ssl.SSLSocket(net_addr.family)
# Set client SSL socket options
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
sock.set_hostname(options.hostname)
# Provide a callback which notifies us when the SSL handshake is complete
sock.set_handshake_callback(handshake_callback)
# Provide a callback to supply our client certificate info
sock.set_client_auth_data_callback(
client_auth_data_callback,
options.client_nickname,
options.password,
nss.get_default_certdb(),
)
# Provide a callback to verify the servers certificate
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
else:
sock = io.Socket(net_addr.family)
try:
print("client trying connection to: %s" % (net_addr))
sock.connect(net_addr,
timeout=io.seconds_to_interval(timeout_secs))
print("client connected to: %s" % (net_addr))
valid_addr = True
break
except Exception as e:
sock.close()
print("client connection to: %s failed (%s)" % (net_addr, e))
if not valid_addr:
print("Could not establish valid address for \"%s\" in family %s" %
(options.hostname, io.addr_family_name(options.family)))
return
# Talk to the server
try:
data = 'Hello' + '\n' # newline is protocol record separator
sock.send(data.encode('utf-8'))
buf = sock.readline()
if not buf:
print("client lost connection")
sock.close()
return
buf = buf.decode('utf-8')
buf = buf.rstrip() # remove newline record separator
print("client received: %s" % (buf))
except Exception as e:
print(e.strerror)
try:
sock.close()
except:
pass
return
# End of (simple) protocol session?
if buf == 'Goodbye':
try:
sock.shutdown()
except:
pass
try:
sock.close()
if options.use_ssl:
ssl.clear_session_cache()
except Exception as e:
print(e)
def Client():
valid_addr = False
# Get the IP Address of our server
try:
addr_info = io.AddrInfo(options.hostname)
except Exception as e:
print("could not resolve host address \"%s\"" % options.hostname)
return
for net_addr in addr_info:
if options.family != io.PR_AF_UNSPEC:
if net_addr.family != options.family:
continue
net_addr.port = options.port
if options.use_ssl:
sock = ssl.SSLSocket(net_addr.family)
# Set client SSL socket options
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
sock.set_hostname(options.hostname)
# Provide a callback which notifies us when the SSL handshake is complete
sock.set_handshake_callback(handshake_callback)
# Provide a callback to supply our client certificate info
sock.set_client_auth_data_callback(client_auth_data_callback, options.client_nickname,
options.password, nss.get_default_certdb())
# Provide a callback to verify the servers certificate
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
else:
sock = io.Socket(net_addr.family)
try:
print("client trying connection to: %s" % (net_addr))
sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs))
print("client connected to: %s" % (net_addr))
valid_addr = True
break
except Exception as e:
sock.close()
print("client connection to: %s failed (%s)" % (net_addr, e))
if not valid_addr:
print("Could not establish valid address for \"%s\" in family %s" % \
(options.hostname, io.addr_family_name(options.family)))
return
# Talk to the server
try:
data = 'Hello' + '\n' # newline is protocol record separator
sock.send(data.encode('utf-8'))
buf = sock.readline()
if not buf:
print("client lost connection")
sock.close()
return
buf = buf.decode('utf-8')
buf = buf.rstrip() # remove newline record separator
print("client received: %s" % (buf))
except Exception as e:
print(e.strerror)
try:
sock.close()
except:
pass
return
# End of (simple) protocol session?
if buf == 'Goodbye':
try:
sock.shutdown()
except:
pass
try:
sock.close()
if options.use_ssl:
ssl.clear_session_cache()
except Exception as e:
print(e)
# Provide a callback which notifies us when the SSL handshake is complete
sock.set_handshake_callback(handshake_callback)
# Provide a callback to supply our client certificate info
sock.set_client_auth_data_callback(client_auth_data_callback, client_nickname,
password, nss.get_default_certdb())
# Provide a callback to verify the servers certificate
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
else:
sock = io.Socket(net_addr.family)
try:
print "client trying connection to: %s" % (net_addr)
sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs))
print "client connected to: %s" % (net_addr)
valid_addr = True
break
except Exception, e:
sock.close()
print "client connection to: %s failed (%s)" % (net_addr, e)
if not valid_addr:
print "Could not establish valid address for \"%s\" in family %s" % \
(hostname, io.addr_family_name(family))
return
# Talk to the server
try:
sock.send("Hello")
try:
from nss.ssl import SSL_REQUIRE_SAFE_NEGOTIATION
from nss.ssl import SSL_ENABLE_RENEGOTIATION
from nss.ssl import SSL_RENEGOTIATE_REQUIRES_XTN
except ImportError:
SSL_REQUIRE_SAFE_NEGOTIATION = 21
SSL_ENABLE_RENEGOTIATION = 21
SSL_RENEGOTIATE_REQUIRES_XTN = 2
logger = logging.getLogger('nssta')
DEFAULT_TIMEOUT = io.PR_INTERVAL_NO_TIMEOUT
TW_TIMEOUT = io.PR_INTERVAL_NO_TIMEOUT - 1
TICKS_SEC = io.seconds_to_interval(1)
SEC_TICKS = 1. / TICKS_SEC
class NSSAdapterException(Exception):
pass
class TimeoutWrapper(object):
"""Wrap NSS socket to support timeout on an object level
nss.io.Socket and nss.ssl.SSLSocket objects don't have a gettimeout()
and settimeout() method. Their methods like connect() and recv() have a
timeout argument instead.
"""
__slots__ = ('_sock', '_timeout')
