def test_set_passwd_cb(self): """ L{Context.set_passwd_cb} accepts a callable which will be invoked when a private key is loaded from an encrypted PEM. """ key = PKey() key.generate_key(TYPE_RSA, 128) pemFile = self.mktemp() fObj = file(pemFile, 'w') passphrase = "foobar" fObj.write(dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)) fObj.close() calledWith = [] def passphraseCallback(maxlen, verify, extra): calledWith.append((maxlen, verify, extra)) return passphrase context = Context(TLSv1_METHOD) context.set_passwd_cb(passphraseCallback) context.use_privatekey_file(pemFile) self.assertTrue(len(calledWith), 1) self.assertTrue(isinstance(calledWith[0][0], int)) self.assertTrue(isinstance(calledWith[0][1], int)) self.assertEqual(calledWith[0][2], None)
def cacheContext(self): # Unfortunate code duplication. ctx = SSLContext(self.sslmethod) # Always disable SSLv2/SSLv3/Compression ctx.set_options(OP_NO_SSLv2) ctx.set_options(OP_NO_SSLv3) ctx.set_options(_OP_NO_COMPRESSION) if self.ciphers is not None: ctx.set_cipher_list(self.ciphers) ctx.set_options(OP_CIPHER_SERVER_PREFERENCE) if self.passwdCallback is not None: ctx.set_passwd_cb(self.passwdCallback) if self.keychainIdentity and hasattr(ctx, "use_keychain_identity"): ctx.use_keychain_identity(self.keychainIdentity) else: if self.certificateFileName: ctx.use_certificate_file(self.certificateFileName) if self.privateKeyFileName: ctx.use_privatekey_file(self.privateKeyFileName) if self.certificateChainFile: ctx.use_certificate_chain_file(self.certificateChainFile) verifyFlags = VERIFY_NONE if self.verifyClient: verifyFlags = VERIFY_PEER if self.requireClientCertificate: verifyFlags |= VERIFY_FAIL_IF_NO_PEER_CERT if self.verifyClientOnce: verifyFlags |= VERIFY_CLIENT_ONCE if self.clientCACertFileNames: store = ctx.get_cert_store() for cert in self.clientCACertFileNames: with open(cert) as f: certpem = f.read() cert = Certificate.loadPEM(certpem) store.add_cert(cert.original) if self.sendCAsToClient: ctx.add_client_ca(cert.original) # When a client certificate is used we also need to set a session context id # to avoid openssl SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED # errors ctx.set_session_id(str(uuid.uuid4()).replace("-", "")) # It'd be nice if pyOpenSSL let us pass None here for this behavior (as # the underlying OpenSSL API call allows NULL to be passed). It # doesn't, so we'll supply a function which does the same thing. def _verifyCallback(conn, cert, errno, depth, preverify_ok): return preverify_ok ctx.set_verify(verifyFlags, _verifyCallback) if self.verifyClientDepth is not None: ctx.set_verify_depth(self.verifyClientDepth) self._context = ctx
def go(): def cb(a, b, c): print count.next() return "foobar" c = Context(TLSv1_METHOD) c.set_passwd_cb(cb) while 1: c.use_privatekey_file('pkey.pem')
def go(): def cb(a, b, c): print count.next() return "foobar" c = Context(TLSv1_METHOD) c.set_passwd_cb(cb) while 1: c.use_privatekey_file('pkey.pem')
def cacheContext(self): # Unfortunate code duplication. ctx = SSLContext(self.sslmethod) if self.ciphers is not None: ctx.set_cipher_list(self.ciphers) if self.passwdCallback is not None: ctx.set_passwd_cb(self.passwdCallback) ctx.use_certificate_file(self.certificateFileName) ctx.use_privatekey_file(self.privateKeyFileName) if self.certificateChainFile != "": ctx.use_certificate_chain_file(self.certificateChainFile) self._context = ctx
def cacheContext(self): # Unfortunate code duplication. ctx = SSLContext(self.sslmethod) # Always disable SSLv2/SSLv3 ctx.set_options(OP_NO_SSLv2) ctx.set_options(OP_NO_SSLv3) if self.ciphers is not None: ctx.set_cipher_list(self.ciphers) ctx.set_options(OP_CIPHER_SERVER_PREFERENCE) if self.passwdCallback is not None: ctx.set_passwd_cb(self.passwdCallback) ctx.use_certificate_file(self.certificateFileName) ctx.use_privatekey_file(self.privateKeyFileName) if self.certificateChainFile != "": ctx.use_certificate_chain_file(self.certificateChainFile) self._context = ctx
def test_set_passwd_cb(self): """ L{Context.set_passwd_cb} accepts a callable which will be invoked when a private key is loaded from an encrypted PEM. """ key = PKey() key.generate_key(TYPE_RSA, 128) pemFile = self.mktemp() fObj = file(pemFile, 'w') passphrase = "foobar" fObj.write(dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)) fObj.close() calledWith = [] def passphraseCallback(maxlen, verify, extra): calledWith.append((maxlen, verify, extra)) return passphrase context = Context(TLSv1_METHOD) context.set_passwd_cb(passphraseCallback) context.use_privatekey_file(pemFile) self.assertTrue(len(calledWith), 1) self.assertTrue(isinstance(calledWith[0][0], int)) self.assertTrue(isinstance(calledWith[0][1], int)) self.assertEqual(calledWith[0][2], None)