def client_auth_data_callback(ca_names, chosen_nickname, password, certdb):
cert = None
if chosen_nickname:
try:
cert = nss.find_cert_from_nickname(chosen_nickname, password)
priv_key = nss.find_key_by_any_cert(cert, password)
if verbose:
print("client cert:\n%s" % cert)
return cert, priv_key
except NSPRError as e:
print("client_auth_data_callback: %s" % e, file=sys.stderr)
return False
else:
nicknames = nss.get_cert_nicknames(certdb,
cert.SEC_CERT_NICKNAMES_USER)
for nickname in nicknames:
try:
cert = nss.find_cert_from_nickname(nickname, password)
if verbose:
print("client cert:\n%s" % cert)
if cert.check_valid_times():
if cert.has_signer_in_ca_names(ca_names):
priv_key = nss.find_key_by_any_cert(cert, password)
return cert, priv_key
except NSPRError as e:
print("client_auth_data_callback: %s" % e, file=sys.stderr)
return False
def client_auth_data_callback(self, ca_names, chosen_nickname=None,
password=None):
"""Client authentication callback (client cert)
The password argument is passed down to the password callback.
"""
cert = None
if chosen_nickname:
try:
cert = nss.find_cert_from_nickname(chosen_nickname, password)
priv_key = nss.find_key_by_any_cert(cert, password)
return cert, priv_key
except NSPRError:
return False
else:
nicknames = nss.get_cert_nicknames(self.certdb,
nss.SEC_CERT_NICKNAMES_USER)
for nickname in nicknames:
try:
cert = nss.find_cert_from_nickname(nickname, password)
if cert.check_valid_times():
if cert.has_signer_in_ca_names(ca_names):
priv_key = nss.find_key_by_any_cert(cert,
password)
return cert, priv_key
except NSPRError:
pass
return False
def client_auth_data_callback(ca_names, chosen_nickname, password, certdb):
cert = None
if chosen_nickname:
try:
cert = nss.find_cert_from_nickname(chosen_nickname, password)
priv_key = nss.find_key_by_any_cert(cert, password)
if verbose:
print("client cert:\n%s" % cert)
return cert, priv_key
except NSPRError as e:
print("client_auth_data_callback: %s" % e, file=sys.stderr)
return False
else:
nicknames = nss.get_cert_nicknames(certdb, cert.SEC_CERT_NICKNAMES_USER)
for nickname in nicknames:
try:
cert = nss.find_cert_from_nickname(nickname, password)
if verbose:
print("client cert:\n%s" % cert)
if cert.check_valid_times():
if cert.has_signer_in_ca_names(ca_names):
priv_key = nss.find_key_by_any_cert(cert, password)
return cert, priv_key
except NSPRError as e:
print("client_auth_data_callback: %s" % e, file=sys.stderr)
return False
def client_auth_data_callback(self, sock, name):
try:
cert = nss.find_cert_from_nickname(name)
priv_key = nss.find_key_by_any_cert(cert)
return cert, priv_key
except NSPRError, e:
logging.debug("client authentication failed: %s", e)
return False
def _client_auth_data_callback(self, ca_names, chosen_nickname, password, nicknames):
nickname = _certificate_callback(
nss.get_cert_nicknames(self._certdb, nss.SEC_CERT_NICKNAMES_USER))
try:
cert = nss.find_cert_from_nickname(nickname, password)
priv_key = nss.find_key_by_any_cert(cert, password)
except NSPRError:
return False
return cert, priv_key
def _client_auth_data_callback(self, ca_names, chosen_nickname, password,
nicknames):
nickname = _certificate_callback(
nss.get_cert_nicknames(self._certdb, nss.SEC_CERT_NICKNAMES_USER))
try:
cert = nss.find_cert_from_nickname(nickname, password)
priv_key = nss.find_key_by_any_cert(cert, password)
except NSPRError:
return False
return cert, priv_key
def client_auth_data_callback(ca_names, chosen_nickname, password, certdb):
cert = None
if chosen_nickname:
try:
cert = nss.find_cert_from_nickname(chosen_nickname, password)
priv_key = nss.find_key_by_any_cert(cert, password)
if verbose: print "client cert:\n%s" % cert
return cert, priv_key
except NSPRError, e:
print >> sys.stderr, "client_auth_data_callback: %s" % e
return False
def client_auth_data_callback(ca_names, chosen_nickname, password, certdb):
cert = None
if chosen_nickname:
try:
cert = nss.find_cert_from_nickname(chosen_nickname, password)
priv_key = nss.find_key_by_any_cert(cert, password)
if verbose: print "client cert:\n%s" % cert
return cert, priv_key
except NSPRError, e:
print >>sys.stderr, "client_auth_data_callback: %s" % e
return False
def server():
global family
if verbose: print "starting server:"
# Initialize
# Setup an IP Address to listen on any of our interfaces
if family == io.PR_AF_UNSPEC:
family = io.PR_AF_INET
net_addr = io.NetworkAddress(io.PR_IpAddrAny, port, family)
if use_ssl:
if info: print "server: using SSL"
ssl.set_domestic_policy()
nss.set_password_callback(password_callback)
# Perform basic SSL server configuration
ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True)
ssl.config_server_session_id_cache()
# Get our certificate and private key
server_cert = nss.find_cert_from_nickname(server_nickname, password)
priv_key = nss.find_key_by_any_cert(server_cert, password)
server_cert_kea = server_cert.find_kea_type();
#if verbose: print "server cert:\n%s" % server_cert
sock = ssl.SSLSocket(net_addr.family)
# Set server SSL socket options
sock.set_pkcs11_pin_arg(password)
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True)
# If we're doing client authentication then set it up
if client_cert_action >= REQUEST_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True)
if client_cert_action == REQUIRE_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True)
sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb())
# Configure the server SSL socket
sock.config_secure_server(server_cert, priv_key, server_cert_kea)
else:
sock = io.Socket(net_addr.family)
# Bind to our network address and listen for clients
sock.bind(net_addr)
if verbose: print "listening on: %s" % (net_addr)
sock.listen()
while True:
# Accept a connection from a client
client_sock, client_addr = sock.accept()
if use_ssl:
client_sock.set_handshake_callback(handshake_callback)
if verbose: print "client connect from: %s" % (client_addr)
while True:
try:
# Handle the client connection
buf = client_sock.recv(1024)
if not buf:
print >>sys.stderr, "server: lost lost connection to %s" % (client_addr)
break
if info: print "server: received \"%s\"" % (buf)
reply = "{%s}" % buf # echo
if info: print "server: sending \"%s\"" % (reply)
client_sock.send(reply) # echo
time.sleep(sleep_time)
client_sock.shutdown()
client_sock.close()
break
except Exception, e:
print >>sys.stderr, "server: %s" % e
break
break
def server():
if verbose:
print("starting server:")
# Initialize
# Setup an IP Address to listen on any of our interfaces
net_addr = io.NetworkAddress(io.PR_IpAddrAny, port)
if use_ssl:
if info:
print("server: using SSL")
ssl.set_domestic_policy()
nss.set_password_callback(password_callback)
# Perform basic SSL server configuration
ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True)
ssl.config_server_session_id_cache()
# Get our certificate and private key
server_cert = nss.find_cert_from_nickname(server_nickname, password)
priv_key = nss.find_key_by_any_cert(server_cert, password)
server_cert_kea = server_cert.find_kea_type();
#if verbose:
# print("server cert:\n%s" % server_cert)
sock = ssl.SSLSocket(net_addr.family)
# Set server SSL socket options
sock.set_pkcs11_pin_arg(password)
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True)
# If we're doing client authentication then set it up
if client_cert_action >= REQUEST_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True)
if client_cert_action == REQUIRE_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True)
sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb())
# Configure the server SSL socket
sock.config_secure_server(server_cert, priv_key, server_cert_kea)
else:
sock = io.Socket(net_addr.family)
# Bind to our network address and listen for clients
sock.bind(net_addr)
if verbose:
print("listening on: %s" % (net_addr))
sock.listen()
while True:
# Accept a connection from a client
client_sock, client_addr = sock.accept()
if use_ssl:
client_sock.set_handshake_callback(handshake_callback)
if verbose:
print("client connect from: %s" % (client_addr))
while True:
try:
# Handle the client connection
buf = client_sock.readline() # newline is protocol record separator
if not buf:
print("server: lost lost connection to %s" % (client_addr), file=sys.stderr)
break
buf = buf.decode('utf-8')
buf = buf.rstrip() # remove newline record separator
if info:
print("server: received \"%s\"" % (buf))
reply = "{%s}" % buf # echo embedded inside braces
if info:
print("server: sending \"%s\"" % (reply))
data = reply + "\n" # send echo with record separator
client_sock.send(data.encode('utf-8'))
time.sleep(sleep_time)
client_sock.shutdown()
client_sock.close()
break
except Exception as e:
print("server: %s" % e, file=sys.stderr)
break
break
# Clean up
sock.shutdown()
sock.close()
if use_ssl:
ssl.shutdown_server_session_id_cache()
cert = nss.find_cert_from_nickname(chosen_nickname, password)
priv_key = nss.find_key_by_any_cert(cert, password)
if verbose: print "client cert:\n%s" % cert
return cert, priv_key
except NSPRError, e:
print >>sys.stderr, "client_auth_data_callback: %s" % e
return False
else:
nicknames = nss.get_cert_nicknames(certdb, cert.SEC_CERT_NICKNAMES_USER)
for nickname in nicknames:
try:
cert = nss.find_cert_from_nickname(nickname, password)
if verbose: print "client cert:\n%s" % cert
if cert.check_valid_times():
if cert.has_signer_in_ca_names(ca_names):
priv_key = nss.find_key_by_any_cert(cert, password)
return cert, priv_key
except NSPRError, e:
print >>sys.stderr, "client_auth_data_callback: %s" % e
return False
# -----------------------------------------------------------------------------
# Client Implementation
# -----------------------------------------------------------------------------
def client(request):
if use_ssl:
if info: print "client: using SSL"
ssl.set_domestic_policy()
valid_addr = False
def Server():
global family
# Perform basic SSL server configuration
ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True)
ssl.config_server_session_id_cache()
# Get our certificate and private key
server_cert = nss.find_cert_from_nickname(server_nickname, password)
priv_key = nss.find_key_by_any_cert(server_cert, password)
server_cert_kea = server_cert.find_kea_type();
print "server cert:\n%s" % server_cert
# Setup an IP Address to listen on any of our interfaces
if family == io.PR_AF_UNSPEC:
family = io.PR_AF_INET
net_addr = io.NetworkAddress(io.PR_IpAddrAny, port, family)
if use_ssl:
sock = ssl.SSLSocket(net_addr.family)
# Set server SSL socket options
sock.set_pkcs11_pin_arg(password)
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True)
# If we're doing client authentication then set it up
if client_cert_action >= REQUEST_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True)
if client_cert_action == REQUIRE_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True)
sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb())
# Configure the server SSL socket
sock.config_secure_server(server_cert, priv_key, server_cert_kea)
else:
sock = io.Socket(net_addr.family)
# Bind to our network address and listen for clients
sock.bind(net_addr)
print "listening on: %s" % (net_addr)
sock.listen()
while True:
# Accept a connection from a client
client_sock, client_addr = sock.accept()
if use_ssl:
client_sock.set_handshake_callback(handshake_callback)
print "client connect from: %s" % (client_addr)
while True:
try:
# Handle the client connection
buf = client_sock.recv(1024)
if not buf:
print "server lost lost connection to %s" % (client_addr)
break
print "server received: %s" % (buf)
client_sock.send("Goodbye")
try:
client_sock.shutdown(io.PR_SHUTDOWN_RCV)
client_sock.close()
except:
pass
break
except Exception, e:
print e.strerror
break
break
def server():
if verbose:
print("starting server:")
# Initialize
# Setup an IP Address to listen on any of our interfaces
net_addr = io.NetworkAddress(io.PR_IpAddrAny, port)
if use_ssl:
if info:
print("server: using SSL")
ssl.set_domestic_policy()
nss.set_password_callback(password_callback)
# Perform basic SSL server configuration
ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True)
ssl.config_server_session_id_cache()
# Get our certificate and private key
server_cert = nss.find_cert_from_nickname(server_nickname, password)
priv_key = nss.find_key_by_any_cert(server_cert, password)
server_cert_kea = server_cert.find_kea_type()
#if verbose:
# print("server cert:\n%s" % server_cert)
sock = ssl.SSLSocket(net_addr.family)
# Set server SSL socket options
sock.set_pkcs11_pin_arg(password)
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True)
# If we're doing client authentication then set it up
if client_cert_action >= REQUEST_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True)
if client_cert_action == REQUIRE_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True)
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
# Configure the server SSL socket
sock.config_secure_server(server_cert, priv_key, server_cert_kea)
else:
sock = io.Socket(net_addr.family)
# Bind to our network address and listen for clients
sock.bind(net_addr)
if verbose:
print("listening on: %s" % (net_addr))
sock.listen()
while True:
# Accept a connection from a client
client_sock, client_addr = sock.accept()
if use_ssl:
client_sock.set_handshake_callback(handshake_callback)
if verbose:
print("client connect from: %s" % (client_addr))
while True:
try:
# Handle the client connection
buf = client_sock.readline(
) # newline is protocol record separator
if not buf:
print("server: lost lost connection to %s" % (client_addr),
file=sys.stderr)
break
buf = buf.decode('utf-8')
buf = buf.rstrip() # remove newline record separator
if info:
print("server: received \"%s\"" % (buf))
reply = "{%s}" % buf # echo embedded inside braces
if info:
print("server: sending \"%s\"" % (reply))
data = reply + "\n" # send echo with record separator
client_sock.send(data.encode('utf-8'))
time.sleep(sleep_time)
client_sock.shutdown()
client_sock.close()
break
except Exception as e:
print("server: %s" % e, file=sys.stderr)
break
break
# Clean up
sock.shutdown()
sock.close()
if use_ssl:
ssl.shutdown_server_session_id_cache()
def server():
global family
if verbose: print "starting server:"
# Initialize
# Setup an IP Address to listen on any of our interfaces
if family == io.PR_AF_UNSPEC:
family = io.PR_AF_INET
net_addr = io.NetworkAddress(io.PR_IpAddrAny, port, family)
if use_ssl:
if info: print "server: using SSL"
ssl.set_domestic_policy()
nss.set_password_callback(password_callback)
# Perform basic SSL server configuration
ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True)
ssl.config_server_session_id_cache()
# Get our certificate and private key
server_cert = nss.find_cert_from_nickname(server_nickname, password)
priv_key = nss.find_key_by_any_cert(server_cert, password)
server_cert_kea = server_cert.find_kea_type()
#if verbose: print "server cert:\n%s" % server_cert
sock = ssl.SSLSocket(net_addr.family)
# Set server SSL socket options
sock.set_pkcs11_pin_arg(password)
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True)
# If we're doing client authentication then set it up
if client_cert_action >= REQUEST_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True)
if client_cert_action == REQUIRE_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True)
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
# Configure the server SSL socket
sock.config_secure_server(server_cert, priv_key, server_cert_kea)
else:
sock = io.Socket(net_addr.family)
# Bind to our network address and listen for clients
sock.bind(net_addr)
if verbose: print "listening on: %s" % (net_addr)
sock.listen()
while True:
# Accept a connection from a client
client_sock, client_addr = sock.accept()
if use_ssl:
client_sock.set_handshake_callback(handshake_callback)
if verbose: print "client connect from: %s" % (client_addr)
while True:
try:
# Handle the client connection
buf = client_sock.recv(1024)
if not buf:
print >> sys.stderr, "server: lost lost connection to %s" % (
client_addr)
break
if info: print "server: received \"%s\"" % (buf)
reply = "{%s}" % buf # echo
if info: print "server: sending \"%s\"" % (reply)
client_sock.send(reply) # echo
time.sleep(sleep_time)
client_sock.shutdown()
client_sock.close()
break
except Exception, e:
print >> sys.stderr, "server: %s" % e
break
break
def Server():
# Setup an IP Address to listen on any of our interfaces
if options.family == io.PR_AF_UNSPEC:
options.family = io.PR_AF_INET
net_addr = io.NetworkAddress(io.PR_IpAddrAny, options.port, options.family)
if options.use_ssl:
# Perform basic SSL server configuration
ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True)
ssl.config_server_session_id_cache()
# Get our certificate and private key
server_cert = nss.find_cert_from_nickname(options.server_nickname, options.password)
priv_key = nss.find_key_by_any_cert(server_cert, options.password)
server_cert_kea = server_cert.find_kea_type();
print("server cert:\n%s" % server_cert)
sock = ssl.SSLSocket(net_addr.family)
# Set server SSL socket options
sock.set_pkcs11_pin_arg(options.password)
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True)
# If we're doing client authentication then set it up
if options.client_cert_action >= REQUEST_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True)
if options.client_cert_action == REQUIRE_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True)
sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb())
# Configure the server SSL socket
sock.config_secure_server(server_cert, priv_key, server_cert_kea)
else:
sock = io.Socket(net_addr.family)
# Bind to our network address and listen for clients
sock.bind(net_addr)
print("listening on: %s" % (net_addr))
sock.listen()
while True:
# Accept a connection from a client
client_sock, client_addr = sock.accept()
if options.use_ssl:
client_sock.set_handshake_callback(handshake_callback)
print("client connect from: %s" % (client_addr))
while True:
try:
# Handle the client connection
buf = client_sock.readline()
if not buf:
print("server lost lost connection to %s" % (client_addr))
break
buf = buf.decode('utf-8')
buf = buf.rstrip() # remove newline record separator
print("server received: %s" % (buf))
data ='Goodbye' + '\n' # newline is protocol record separator
client_sock.send(data.encode('utf-8'))
try:
client_sock.shutdown(io.PR_SHUTDOWN_RCV)
client_sock.close()
except:
pass
break
except Exception as e:
print(e.strerror)
break
break
try:
sock.shutdown()
sock.close()
if options.use_ssl:
ssl.shutdown_server_session_id_cache()
except Exception as e:
print(e)
pass
priv_key = nss.find_key_by_any_cert(cert, password)
if verbose: print "client cert:\n%s" % cert
return cert, priv_key
except NSPRError, e:
print >> sys.stderr, "client_auth_data_callback: %s" % e
return False
else:
nicknames = nss.get_cert_nicknames(certdb,
cert.SEC_CERT_NICKNAMES_USER)
for nickname in nicknames:
try:
cert = nss.find_cert_from_nickname(nickname, password)
if verbose: print "client cert:\n%s" % cert
if cert.check_valid_times():
if cert.has_signer_in_ca_names(ca_names):
priv_key = nss.find_key_by_any_cert(cert, password)
return cert, priv_key
except NSPRError, e:
print >> sys.stderr, "client_auth_data_callback: %s" % e
return False
# -----------------------------------------------------------------------------
# Client Implementation
# -----------------------------------------------------------------------------
def client(request):
if use_ssl:
if info: print "client: using SSL"
ssl.set_domestic_policy()
def Server():
global family
# Perform basic SSL server configuration
ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True)
ssl.config_server_session_id_cache()
# Get our certificate and private key
server_cert = nss.find_cert_from_nickname(server_nickname, password)
priv_key = nss.find_key_by_any_cert(server_cert, password)
server_cert_kea = server_cert.find_kea_type()
print "server cert:\n%s" % server_cert
# Setup an IP Address to listen on any of our interfaces
if family == io.PR_AF_UNSPEC:
family = io.PR_AF_INET
net_addr = io.NetworkAddress(io.PR_IpAddrAny, port, family)
if use_ssl:
sock = ssl.SSLSocket(net_addr.family)
# Set server SSL socket options
sock.set_pkcs11_pin_arg(password)
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True)
# If we're doing client authentication then set it up
if client_cert_action >= REQUEST_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True)
if client_cert_action == REQUIRE_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True)
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
# Configure the server SSL socket
sock.config_secure_server(server_cert, priv_key, server_cert_kea)
else:
sock = io.Socket(net_addr.family)
# Bind to our network address and listen for clients
sock.bind(net_addr)
print "listening on: %s" % (net_addr)
sock.listen()
while True:
# Accept a connection from a client
client_sock, client_addr = sock.accept()
if use_ssl:
client_sock.set_handshake_callback(handshake_callback)
print "client connect from: %s" % (client_addr)
while True:
try:
# Handle the client connection
buf = client_sock.recv(1024)
if not buf:
print "server lost lost connection to %s" % (client_addr)
break
print "server received: %s" % (buf)
client_sock.send("Goodbye")
try:
client_sock.shutdown(io.PR_SHUTDOWN_RCV)
client_sock.close()
except:
pass
break
except Exception, e:
print e.strerror
break
break
def Server():
# Setup an IP Address to listen on any of our interfaces
if options.family == io.PR_AF_UNSPEC:
options.family = io.PR_AF_INET
net_addr = io.NetworkAddress(io.PR_IpAddrAny, options.port, options.family)
if options.use_ssl:
# Perform basic SSL server configuration
ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True)
ssl.config_server_session_id_cache()
# Get our certificate and private key
server_cert = nss.find_cert_from_nickname(options.server_nickname,
options.password)
priv_key = nss.find_key_by_any_cert(server_cert, options.password)
server_cert_kea = server_cert.find_kea_type()
print("server cert:\n%s" % server_cert)
sock = ssl.SSLSocket(net_addr.family)
# Set server SSL socket options
sock.set_pkcs11_pin_arg(options.password)
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True)
# If we're doing client authentication then set it up
if options.client_cert_action >= REQUEST_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True)
if options.client_cert_action == REQUIRE_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True)
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
# Configure the server SSL socket
sock.config_secure_server(server_cert, priv_key, server_cert_kea)
else:
sock = io.Socket(net_addr.family)
# Bind to our network address and listen for clients
sock.bind(net_addr)
print("listening on: %s" % (net_addr))
sock.listen()
while True:
# Accept a connection from a client
client_sock, client_addr = sock.accept()
if options.use_ssl:
client_sock.set_handshake_callback(handshake_callback)
print("client connect from: %s" % (client_addr))
while True:
try:
# Handle the client connection
buf = client_sock.readline()
if not buf:
print("server lost lost connection to %s" % (client_addr))
break
buf = buf.decode('utf-8')
buf = buf.rstrip() # remove newline record separator
print("server received: %s" % (buf))
data = 'Goodbye' + '\n' # newline is protocol record separator
client_sock.send(data.encode('utf-8'))
try:
client_sock.shutdown(io.PR_SHUTDOWN_RCV)
client_sock.close()
except:
pass
break
except Exception as e:
print(e.strerror)
break
break
try:
sock.shutdown()
sock.close()
if options.use_ssl:
ssl.shutdown_server_session_id_cache()
except Exception as e:
print(e)
pass
