def client_auth_data_callback(ca_names, chosen_nickname, password, certdb): cert = None if chosen_nickname: try: cert = nss.find_cert_from_nickname(chosen_nickname, password) priv_key = nss.find_key_by_any_cert(cert, password) if verbose: print("client cert:\n%s" % cert) return cert, priv_key except NSPRError as e: print("client_auth_data_callback: %s" % e, file=sys.stderr) return False else: nicknames = nss.get_cert_nicknames(certdb, cert.SEC_CERT_NICKNAMES_USER) for nickname in nicknames: try: cert = nss.find_cert_from_nickname(nickname, password) if verbose: print("client cert:\n%s" % cert) if cert.check_valid_times(): if cert.has_signer_in_ca_names(ca_names): priv_key = nss.find_key_by_any_cert(cert, password) return cert, priv_key except NSPRError as e: print("client_auth_data_callback: %s" % e, file=sys.stderr) return False
def client_auth_data_callback(self, ca_names, chosen_nickname=None, password=None): """Client authentication callback (client cert) The password argument is passed down to the password callback. """ cert = None if chosen_nickname: try: cert = nss.find_cert_from_nickname(chosen_nickname, password) priv_key = nss.find_key_by_any_cert(cert, password) return cert, priv_key except NSPRError: return False else: nicknames = nss.get_cert_nicknames(self.certdb, nss.SEC_CERT_NICKNAMES_USER) for nickname in nicknames: try: cert = nss.find_cert_from_nickname(nickname, password) if cert.check_valid_times(): if cert.has_signer_in_ca_names(ca_names): priv_key = nss.find_key_by_any_cert(cert, password) return cert, priv_key except NSPRError: pass return False
def client_auth_data_callback(self, sock, name): try: cert = nss.find_cert_from_nickname(name) priv_key = nss.find_key_by_any_cert(cert) return cert, priv_key except NSPRError, e: logging.debug("client authentication failed: %s", e) return False
def _client_auth_data_callback(self, ca_names, chosen_nickname, password, nicknames): nickname = _certificate_callback( nss.get_cert_nicknames(self._certdb, nss.SEC_CERT_NICKNAMES_USER)) try: cert = nss.find_cert_from_nickname(nickname, password) priv_key = nss.find_key_by_any_cert(cert, password) except NSPRError: return False return cert, priv_key
def client_auth_data_callback(ca_names, chosen_nickname, password, certdb): cert = None if chosen_nickname: try: cert = nss.find_cert_from_nickname(chosen_nickname, password) priv_key = nss.find_key_by_any_cert(cert, password) if verbose: print "client cert:\n%s" % cert return cert, priv_key except NSPRError, e: print >> sys.stderr, "client_auth_data_callback: %s" % e return False
def client_auth_data_callback(ca_names, chosen_nickname, password, certdb): cert = None if chosen_nickname: try: cert = nss.find_cert_from_nickname(chosen_nickname, password) priv_key = nss.find_key_by_any_cert(cert, password) if verbose: print "client cert:\n%s" % cert return cert, priv_key except NSPRError, e: print >>sys.stderr, "client_auth_data_callback: %s" % e return False
def server(): global family if verbose: print "starting server:" # Initialize # Setup an IP Address to listen on any of our interfaces if family == io.PR_AF_UNSPEC: family = io.PR_AF_INET net_addr = io.NetworkAddress(io.PR_IpAddrAny, port, family) if use_ssl: if info: print "server: using SSL" ssl.set_domestic_policy() nss.set_password_callback(password_callback) # Perform basic SSL server configuration ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True) ssl.config_server_session_id_cache() # Get our certificate and private key server_cert = nss.find_cert_from_nickname(server_nickname, password) priv_key = nss.find_key_by_any_cert(server_cert, password) server_cert_kea = server_cert.find_kea_type(); #if verbose: print "server cert:\n%s" % server_cert sock = ssl.SSLSocket(net_addr.family) # Set server SSL socket options sock.set_pkcs11_pin_arg(password) sock.set_ssl_option(ssl.SSL_SECURITY, True) sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True) # If we're doing client authentication then set it up if client_cert_action >= REQUEST_CLIENT_CERT_ONCE: sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True) if client_cert_action == REQUIRE_CLIENT_CERT_ONCE: sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True) sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) # Configure the server SSL socket sock.config_secure_server(server_cert, priv_key, server_cert_kea) else: sock = io.Socket(net_addr.family) # Bind to our network address and listen for clients sock.bind(net_addr) if verbose: print "listening on: %s" % (net_addr) sock.listen() while True: # Accept a connection from a client client_sock, client_addr = sock.accept() if use_ssl: client_sock.set_handshake_callback(handshake_callback) if verbose: print "client connect from: %s" % (client_addr) while True: try: # Handle the client connection buf = client_sock.recv(1024) if not buf: print >>sys.stderr, "server: lost lost connection to %s" % (client_addr) break if info: print "server: received \"%s\"" % (buf) reply = "{%s}" % buf # echo if info: print "server: sending \"%s\"" % (reply) client_sock.send(reply) # echo time.sleep(sleep_time) client_sock.shutdown() client_sock.close() break except Exception, e: print >>sys.stderr, "server: %s" % e break break
def server(): if verbose: print("starting server:") # Initialize # Setup an IP Address to listen on any of our interfaces net_addr = io.NetworkAddress(io.PR_IpAddrAny, port) if use_ssl: if info: print("server: using SSL") ssl.set_domestic_policy() nss.set_password_callback(password_callback) # Perform basic SSL server configuration ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True) ssl.config_server_session_id_cache() # Get our certificate and private key server_cert = nss.find_cert_from_nickname(server_nickname, password) priv_key = nss.find_key_by_any_cert(server_cert, password) server_cert_kea = server_cert.find_kea_type(); #if verbose: # print("server cert:\n%s" % server_cert) sock = ssl.SSLSocket(net_addr.family) # Set server SSL socket options sock.set_pkcs11_pin_arg(password) sock.set_ssl_option(ssl.SSL_SECURITY, True) sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True) # If we're doing client authentication then set it up if client_cert_action >= REQUEST_CLIENT_CERT_ONCE: sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True) if client_cert_action == REQUIRE_CLIENT_CERT_ONCE: sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True) sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) # Configure the server SSL socket sock.config_secure_server(server_cert, priv_key, server_cert_kea) else: sock = io.Socket(net_addr.family) # Bind to our network address and listen for clients sock.bind(net_addr) if verbose: print("listening on: %s" % (net_addr)) sock.listen() while True: # Accept a connection from a client client_sock, client_addr = sock.accept() if use_ssl: client_sock.set_handshake_callback(handshake_callback) if verbose: print("client connect from: %s" % (client_addr)) while True: try: # Handle the client connection buf = client_sock.readline() # newline is protocol record separator if not buf: print("server: lost lost connection to %s" % (client_addr), file=sys.stderr) break buf = buf.decode('utf-8') buf = buf.rstrip() # remove newline record separator if info: print("server: received \"%s\"" % (buf)) reply = "{%s}" % buf # echo embedded inside braces if info: print("server: sending \"%s\"" % (reply)) data = reply + "\n" # send echo with record separator client_sock.send(data.encode('utf-8')) time.sleep(sleep_time) client_sock.shutdown() client_sock.close() break except Exception as e: print("server: %s" % e, file=sys.stderr) break break # Clean up sock.shutdown() sock.close() if use_ssl: ssl.shutdown_server_session_id_cache()
cert = nss.find_cert_from_nickname(chosen_nickname, password) priv_key = nss.find_key_by_any_cert(cert, password) if verbose: print "client cert:\n%s" % cert return cert, priv_key except NSPRError, e: print >>sys.stderr, "client_auth_data_callback: %s" % e return False else: nicknames = nss.get_cert_nicknames(certdb, cert.SEC_CERT_NICKNAMES_USER) for nickname in nicknames: try: cert = nss.find_cert_from_nickname(nickname, password) if verbose: print "client cert:\n%s" % cert if cert.check_valid_times(): if cert.has_signer_in_ca_names(ca_names): priv_key = nss.find_key_by_any_cert(cert, password) return cert, priv_key except NSPRError, e: print >>sys.stderr, "client_auth_data_callback: %s" % e return False # ----------------------------------------------------------------------------- # Client Implementation # ----------------------------------------------------------------------------- def client(request): if use_ssl: if info: print "client: using SSL" ssl.set_domestic_policy() valid_addr = False
def Server(): global family # Perform basic SSL server configuration ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True) ssl.config_server_session_id_cache() # Get our certificate and private key server_cert = nss.find_cert_from_nickname(server_nickname, password) priv_key = nss.find_key_by_any_cert(server_cert, password) server_cert_kea = server_cert.find_kea_type(); print "server cert:\n%s" % server_cert # Setup an IP Address to listen on any of our interfaces if family == io.PR_AF_UNSPEC: family = io.PR_AF_INET net_addr = io.NetworkAddress(io.PR_IpAddrAny, port, family) if use_ssl: sock = ssl.SSLSocket(net_addr.family) # Set server SSL socket options sock.set_pkcs11_pin_arg(password) sock.set_ssl_option(ssl.SSL_SECURITY, True) sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True) # If we're doing client authentication then set it up if client_cert_action >= REQUEST_CLIENT_CERT_ONCE: sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True) if client_cert_action == REQUIRE_CLIENT_CERT_ONCE: sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True) sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) # Configure the server SSL socket sock.config_secure_server(server_cert, priv_key, server_cert_kea) else: sock = io.Socket(net_addr.family) # Bind to our network address and listen for clients sock.bind(net_addr) print "listening on: %s" % (net_addr) sock.listen() while True: # Accept a connection from a client client_sock, client_addr = sock.accept() if use_ssl: client_sock.set_handshake_callback(handshake_callback) print "client connect from: %s" % (client_addr) while True: try: # Handle the client connection buf = client_sock.recv(1024) if not buf: print "server lost lost connection to %s" % (client_addr) break print "server received: %s" % (buf) client_sock.send("Goodbye") try: client_sock.shutdown(io.PR_SHUTDOWN_RCV) client_sock.close() except: pass break except Exception, e: print e.strerror break break
def server(): if verbose: print("starting server:") # Initialize # Setup an IP Address to listen on any of our interfaces net_addr = io.NetworkAddress(io.PR_IpAddrAny, port) if use_ssl: if info: print("server: using SSL") ssl.set_domestic_policy() nss.set_password_callback(password_callback) # Perform basic SSL server configuration ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True) ssl.config_server_session_id_cache() # Get our certificate and private key server_cert = nss.find_cert_from_nickname(server_nickname, password) priv_key = nss.find_key_by_any_cert(server_cert, password) server_cert_kea = server_cert.find_kea_type() #if verbose: # print("server cert:\n%s" % server_cert) sock = ssl.SSLSocket(net_addr.family) # Set server SSL socket options sock.set_pkcs11_pin_arg(password) sock.set_ssl_option(ssl.SSL_SECURITY, True) sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True) # If we're doing client authentication then set it up if client_cert_action >= REQUEST_CLIENT_CERT_ONCE: sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True) if client_cert_action == REQUIRE_CLIENT_CERT_ONCE: sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True) sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) # Configure the server SSL socket sock.config_secure_server(server_cert, priv_key, server_cert_kea) else: sock = io.Socket(net_addr.family) # Bind to our network address and listen for clients sock.bind(net_addr) if verbose: print("listening on: %s" % (net_addr)) sock.listen() while True: # Accept a connection from a client client_sock, client_addr = sock.accept() if use_ssl: client_sock.set_handshake_callback(handshake_callback) if verbose: print("client connect from: %s" % (client_addr)) while True: try: # Handle the client connection buf = client_sock.readline( ) # newline is protocol record separator if not buf: print("server: lost lost connection to %s" % (client_addr), file=sys.stderr) break buf = buf.decode('utf-8') buf = buf.rstrip() # remove newline record separator if info: print("server: received \"%s\"" % (buf)) reply = "{%s}" % buf # echo embedded inside braces if info: print("server: sending \"%s\"" % (reply)) data = reply + "\n" # send echo with record separator client_sock.send(data.encode('utf-8')) time.sleep(sleep_time) client_sock.shutdown() client_sock.close() break except Exception as e: print("server: %s" % e, file=sys.stderr) break break # Clean up sock.shutdown() sock.close() if use_ssl: ssl.shutdown_server_session_id_cache()
def server(): global family if verbose: print "starting server:" # Initialize # Setup an IP Address to listen on any of our interfaces if family == io.PR_AF_UNSPEC: family = io.PR_AF_INET net_addr = io.NetworkAddress(io.PR_IpAddrAny, port, family) if use_ssl: if info: print "server: using SSL" ssl.set_domestic_policy() nss.set_password_callback(password_callback) # Perform basic SSL server configuration ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True) ssl.config_server_session_id_cache() # Get our certificate and private key server_cert = nss.find_cert_from_nickname(server_nickname, password) priv_key = nss.find_key_by_any_cert(server_cert, password) server_cert_kea = server_cert.find_kea_type() #if verbose: print "server cert:\n%s" % server_cert sock = ssl.SSLSocket(net_addr.family) # Set server SSL socket options sock.set_pkcs11_pin_arg(password) sock.set_ssl_option(ssl.SSL_SECURITY, True) sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True) # If we're doing client authentication then set it up if client_cert_action >= REQUEST_CLIENT_CERT_ONCE: sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True) if client_cert_action == REQUIRE_CLIENT_CERT_ONCE: sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True) sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) # Configure the server SSL socket sock.config_secure_server(server_cert, priv_key, server_cert_kea) else: sock = io.Socket(net_addr.family) # Bind to our network address and listen for clients sock.bind(net_addr) if verbose: print "listening on: %s" % (net_addr) sock.listen() while True: # Accept a connection from a client client_sock, client_addr = sock.accept() if use_ssl: client_sock.set_handshake_callback(handshake_callback) if verbose: print "client connect from: %s" % (client_addr) while True: try: # Handle the client connection buf = client_sock.recv(1024) if not buf: print >> sys.stderr, "server: lost lost connection to %s" % ( client_addr) break if info: print "server: received \"%s\"" % (buf) reply = "{%s}" % buf # echo if info: print "server: sending \"%s\"" % (reply) client_sock.send(reply) # echo time.sleep(sleep_time) client_sock.shutdown() client_sock.close() break except Exception, e: print >> sys.stderr, "server: %s" % e break break
def Server(): # Setup an IP Address to listen on any of our interfaces if options.family == io.PR_AF_UNSPEC: options.family = io.PR_AF_INET net_addr = io.NetworkAddress(io.PR_IpAddrAny, options.port, options.family) if options.use_ssl: # Perform basic SSL server configuration ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True) ssl.config_server_session_id_cache() # Get our certificate and private key server_cert = nss.find_cert_from_nickname(options.server_nickname, options.password) priv_key = nss.find_key_by_any_cert(server_cert, options.password) server_cert_kea = server_cert.find_kea_type(); print("server cert:\n%s" % server_cert) sock = ssl.SSLSocket(net_addr.family) # Set server SSL socket options sock.set_pkcs11_pin_arg(options.password) sock.set_ssl_option(ssl.SSL_SECURITY, True) sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True) # If we're doing client authentication then set it up if options.client_cert_action >= REQUEST_CLIENT_CERT_ONCE: sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True) if options.client_cert_action == REQUIRE_CLIENT_CERT_ONCE: sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True) sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) # Configure the server SSL socket sock.config_secure_server(server_cert, priv_key, server_cert_kea) else: sock = io.Socket(net_addr.family) # Bind to our network address and listen for clients sock.bind(net_addr) print("listening on: %s" % (net_addr)) sock.listen() while True: # Accept a connection from a client client_sock, client_addr = sock.accept() if options.use_ssl: client_sock.set_handshake_callback(handshake_callback) print("client connect from: %s" % (client_addr)) while True: try: # Handle the client connection buf = client_sock.readline() if not buf: print("server lost lost connection to %s" % (client_addr)) break buf = buf.decode('utf-8') buf = buf.rstrip() # remove newline record separator print("server received: %s" % (buf)) data ='Goodbye' + '\n' # newline is protocol record separator client_sock.send(data.encode('utf-8')) try: client_sock.shutdown(io.PR_SHUTDOWN_RCV) client_sock.close() except: pass break except Exception as e: print(e.strerror) break break try: sock.shutdown() sock.close() if options.use_ssl: ssl.shutdown_server_session_id_cache() except Exception as e: print(e) pass
priv_key = nss.find_key_by_any_cert(cert, password) if verbose: print "client cert:\n%s" % cert return cert, priv_key except NSPRError, e: print >> sys.stderr, "client_auth_data_callback: %s" % e return False else: nicknames = nss.get_cert_nicknames(certdb, cert.SEC_CERT_NICKNAMES_USER) for nickname in nicknames: try: cert = nss.find_cert_from_nickname(nickname, password) if verbose: print "client cert:\n%s" % cert if cert.check_valid_times(): if cert.has_signer_in_ca_names(ca_names): priv_key = nss.find_key_by_any_cert(cert, password) return cert, priv_key except NSPRError, e: print >> sys.stderr, "client_auth_data_callback: %s" % e return False # ----------------------------------------------------------------------------- # Client Implementation # ----------------------------------------------------------------------------- def client(request): if use_ssl: if info: print "client: using SSL" ssl.set_domestic_policy()
def Server(): global family # Perform basic SSL server configuration ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True) ssl.config_server_session_id_cache() # Get our certificate and private key server_cert = nss.find_cert_from_nickname(server_nickname, password) priv_key = nss.find_key_by_any_cert(server_cert, password) server_cert_kea = server_cert.find_kea_type() print "server cert:\n%s" % server_cert # Setup an IP Address to listen on any of our interfaces if family == io.PR_AF_UNSPEC: family = io.PR_AF_INET net_addr = io.NetworkAddress(io.PR_IpAddrAny, port, family) if use_ssl: sock = ssl.SSLSocket(net_addr.family) # Set server SSL socket options sock.set_pkcs11_pin_arg(password) sock.set_ssl_option(ssl.SSL_SECURITY, True) sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True) # If we're doing client authentication then set it up if client_cert_action >= REQUEST_CLIENT_CERT_ONCE: sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True) if client_cert_action == REQUIRE_CLIENT_CERT_ONCE: sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True) sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) # Configure the server SSL socket sock.config_secure_server(server_cert, priv_key, server_cert_kea) else: sock = io.Socket(net_addr.family) # Bind to our network address and listen for clients sock.bind(net_addr) print "listening on: %s" % (net_addr) sock.listen() while True: # Accept a connection from a client client_sock, client_addr = sock.accept() if use_ssl: client_sock.set_handshake_callback(handshake_callback) print "client connect from: %s" % (client_addr) while True: try: # Handle the client connection buf = client_sock.recv(1024) if not buf: print "server lost lost connection to %s" % (client_addr) break print "server received: %s" % (buf) client_sock.send("Goodbye") try: client_sock.shutdown(io.PR_SHUTDOWN_RCV) client_sock.close() except: pass break except Exception, e: print e.strerror break break
def Server(): # Setup an IP Address to listen on any of our interfaces if options.family == io.PR_AF_UNSPEC: options.family = io.PR_AF_INET net_addr = io.NetworkAddress(io.PR_IpAddrAny, options.port, options.family) if options.use_ssl: # Perform basic SSL server configuration ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True) ssl.config_server_session_id_cache() # Get our certificate and private key server_cert = nss.find_cert_from_nickname(options.server_nickname, options.password) priv_key = nss.find_key_by_any_cert(server_cert, options.password) server_cert_kea = server_cert.find_kea_type() print("server cert:\n%s" % server_cert) sock = ssl.SSLSocket(net_addr.family) # Set server SSL socket options sock.set_pkcs11_pin_arg(options.password) sock.set_ssl_option(ssl.SSL_SECURITY, True) sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True) # If we're doing client authentication then set it up if options.client_cert_action >= REQUEST_CLIENT_CERT_ONCE: sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True) if options.client_cert_action == REQUIRE_CLIENT_CERT_ONCE: sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True) sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) # Configure the server SSL socket sock.config_secure_server(server_cert, priv_key, server_cert_kea) else: sock = io.Socket(net_addr.family) # Bind to our network address and listen for clients sock.bind(net_addr) print("listening on: %s" % (net_addr)) sock.listen() while True: # Accept a connection from a client client_sock, client_addr = sock.accept() if options.use_ssl: client_sock.set_handshake_callback(handshake_callback) print("client connect from: %s" % (client_addr)) while True: try: # Handle the client connection buf = client_sock.readline() if not buf: print("server lost lost connection to %s" % (client_addr)) break buf = buf.decode('utf-8') buf = buf.rstrip() # remove newline record separator print("server received: %s" % (buf)) data = 'Goodbye' + '\n' # newline is protocol record separator client_sock.send(data.encode('utf-8')) try: client_sock.shutdown(io.PR_SHUTDOWN_RCV) client_sock.close() except: pass break except Exception as e: print(e.strerror) break break try: sock.shutdown() sock.close() if options.use_ssl: ssl.shutdown_server_session_id_cache() except Exception as e: print(e) pass