Exemple #1
0
 def __str__(self):
     if (isinstance(self.client_addr, unicode)):
         s = self.client_addr.encode('utf8')
     else:
         s = self.client_addr
     return "%s: %s: %s" % \
         (m2.err_func_error_string(self.err), s,
          m2.err_reason_error_string(self.err))
Exemple #2
0
 def __str__(self):
     if (isinstance(self.client_addr, unicode)):
         s = self.client_addr.encode('utf8')
     else:
         s = self.client_addr
     return "%s: %s: %s" % \
         (m2.err_func_error_string(self.err), s,
          m2.err_reason_error_string(self.err))
Exemple #3
0
Fichier : m2.py Projet : clones/kaa
                # Load CA bundle.
                ctx.load_verify_locations(self._cafile)
                # M2Crypto does no error checking on this function, and at
                # least on my system it yields the delightfully inscrutable
                # "cert already in hash table" error (perhaps my distro's
                # CA bundle has duplicate certs?).  It doesn't seem there's
                # anything that can be done about it, so just eat it.
                # (There may be multiple such errors, so clear them all.)
                while True:
                    err = m2.err_get_error()
                    if not err:
                        break
                    # The magic number is X509_R_CERT_ALREADY_IN_HASH_TABLE, which
                    # is a constant that m2crypto doesn't export. :/
                    if err != 185057381:
                        raise TLSError(m2.err_reason_error_string(err))


        # Create a lower level (SWIG) SSL object using this context.
        self._ssl = _SSLWrapper(m2.ssl_new(ctx.ctx))
        if kwargs['client']:
            self._m2_check_err(m2.ssl_set_connect_state(self._ssl.obj))
        else:
            self._m2_check_err(m2.ssl_set_accept_state(self._ssl.obj))

        # Setup the BIO pair.  This diagram is instructive:
        #
        #     Application         |   TLS layer
        #                         |
        #    Your Code            |
        #     /\    ||            |
Exemple #4
0
def get_error_reason(err):
    return m2.err_reason_error_string(err)
Exemple #5
0
def rsa_error():
    raise RSAError(m2.err_reason_error_string(m2.err_get_error()))
Exemple #6
0
 def set_session_id_ctx(self, id):
     ret = m2.ssl_set_session_id_context(self.ssl, id)
     if not ret:
         raise SSLError(m2.err_reason_error_string(m2.err_get_error()))
Exemple #7
0
def get_error_reason(err):
    # type: (int) -> str
    return six.ensure_text(m2.err_reason_error_string(err))
Exemple #8
0
def get_error_reason(err):
    # type: (int) -> str
    return util.py3str(m2.err_reason_error_string(err))
Exemple #9
0
def rsa_error():
    raise RSAError(m2.err_reason_error_string(m2.err_get_error()))
Exemple #10
0
def ec_error():
    raise ECError(m2.err_reason_error_string(m2.err_get_error()))
Exemple #11
0
    def _sign_request(self, x509_request, lifetime):
        not_before = ASN1.ASN1_UTCTIME()
        not_before.set_datetime(datetime.now(UTC))
        not_after = ASN1.ASN1_UTCTIME()
        not_after.set_datetime(datetime.now(UTC) + lifetime)

        proxy_subject = X509.X509_Name()
        for entry in self.context.x509.get_subject():
            ret = m2.x509_name_add_entry(proxy_subject._ptr(), entry._ptr(), -1, 0)
            if ret == 0:
                raise Exception(
                    "%s: '%s'" % (m2.err_reason_error_string(m2.err_get_error()), entry)
                )

        proxy = X509.X509()
        proxy.set_serial_number(self.context.x509.get_serial_number())
        proxy.set_version(x509_request.get_version())
        proxy.set_issuer(self.context.x509.get_subject())
        proxy.set_pubkey(x509_request.get_pubkey())

        # Extensions are broken in SL5!!
        if _m2crypto_extensions_broken():
            log.warning("X509v3 extensions disabled!")
        else:
            # X509v3 Basic Constraints
            proxy.add_ext(X509.new_extension('basicConstraints', 'CA:FALSE', critical=True))
            # X509v3 Key Usage
            proxy.add_ext(X509.new_extension('keyUsage', 'Digital Signature, Key Encipherment', critical=True))
            #X509v3 Authority Key Identifier
            identifier_ext = _workaround_new_extension(
                'authorityKeyIdentifier', 'keyid', critical=False, issuer=self.context.x509
            )
            proxy.add_ext(identifier_ext)

        any_rfc_proxies = False
        # FTS-1217 Ignore the user input and select the min proxy lifetime available on the list
        min_cert_lifetime = self.context.x509_list[0].get_not_after()
        for cert in self.context.x509_list:
            if cert.get_not_after().get_datetime() < min_cert_lifetime.get_datetime():
                not_after = cert.get_not_after()
                min_cert_lifetime = cert.get_not_after()
            try:
                cert.get_ext('proxyCertInfo')
                any_rfc_proxies = True
            except:
                pass

        proxy.set_not_after(not_after)
        proxy.set_not_before(not_before)

        if any_rfc_proxies:
            if _m2crypto_extensions_broken():
                raise NotImplementedError("X509v3 extensions are disabled, so RFC proxies can not be generated!")
            else:
                _add_rfc3820_extensions(proxy)

        if any_rfc_proxies:
            m2.x509_name_set_by_nid(proxy_subject._ptr(), X509.X509_Name.nid['commonName'], str(int(time.time())))
        else:
            m2.x509_name_set_by_nid(proxy_subject._ptr(), X509.X509_Name.nid['commonName'], 'proxy')

        proxy.set_subject(proxy_subject)
        proxy.set_version(2)
        proxy.sign(self.context.evp_key, 'sha1')

        return proxy
Exemple #12
0
def ec_error():
    # type: () -> ECError
    raise ECError(m2.err_reason_error_string(m2.err_get_error()))
Exemple #13
0
def get_error_reason(err):
    # type: (int) -> str
    return six.ensure_text(m2.err_reason_error_string(err))
Exemple #14
0
Fichier : m2.py Projet : clones/kaa
 def _m2_check_err(self, r=None, cls=TLSError):
     if m2.err_peek_error():
         err = m2.err_reason_error_string(m2.err_get_error())
         raise cls(err)
     return r
Exemple #15
0
def get_error_reason(err):
    # type: (int) -> str
    return util.py3str(m2.err_reason_error_string(err))
Exemple #16
0
def get_error_reason(err):
    # type: (Optional[int]) -> str
    err_str = m2.err_reason_error_string(err)
    return six.ensure_text(err_str) if err_str else ''
Exemple #17
0
def ec_error():
    raise ECError(m2.err_reason_error_string(m2.err_get_error()))
Exemple #18
0
def rsa_error():
    # type: () -> None
    raise RSAError(m2.err_reason_error_string(m2.err_get_error()))
Exemple #19
0
                # Load CA bundle.
                ctx.load_verify_locations(self._cafile)
                # M2Crypto does no error checking on this function, and at
                # least on my system it yields the delightfully inscrutable
                # "cert already in hash table" error (perhaps my distro's
                # CA bundle has duplicate certs?).  It doesn't seem there's
                # anything that can be done about it, so just eat it.
                # (There may be multiple such errors, so clear them all.)
                while True:
                    err = m2.err_get_error()
                    if not err:
                        break
                    # The magic number is X509_R_CERT_ALREADY_IN_HASH_TABLE, which
                    # is a constant that m2crypto doesn't export. :/
                    if err != 185057381:
                        raise TLSError(m2.err_reason_error_string(err))

        # Create a lower level (SWIG) SSL object using this context.
        self._ssl = _SSLWrapper(m2.ssl_new(ctx.ctx))
        if kwargs['client']:
            self._m2_check_err(m2.ssl_set_connect_state(self._ssl.obj))
        else:
            self._m2_check_err(m2.ssl_set_accept_state(self._ssl.obj))

        # Setup the BIO pair.  This diagram is instructive:
        #
        #     Application         |   TLS layer
        #                         |
        #    Your Code            |
        #     /\    ||            |
        #     ||    \/            |
Exemple #20
0
def ec_error():
    # type: () -> ECError
    raise ECError(m2.err_reason_error_string(m2.err_get_error()))
Exemple #21
0
 def _m2_check_err(self, r=None, cls=TLSError):
     if m2.err_peek_error():
         err = m2.err_reason_error_string(m2.err_get_error())
         raise cls(err)
     return r
Exemple #22
0
 def set_session_id_ctx(self, id):
     # type: (bytes) -> int
     ret = m2.ssl_set_session_id_context(self.ssl, id)
     if not ret:
         raise SSLError(m2.err_reason_error_string(m2.err_get_error()))
Exemple #23
0
def get_error_reason(err):
    return m2.err_reason_error_string(err)