def logHandshakeAccepted(self, tpl_r, msg):
"""
"""
# log sent event
tpl = self.encapsule(tpl=tpl_r,
ssl_event=templates.handshake_accepted())
self.logRecvEvent(shortEvt=msg, tplEvt=tpl)
def logHandshakeAccepted(self, tpl_r, cipher, version, bits, certpem ): """ """ self.sslCipher = cipher self.sslVersion = version self.sslBits = bits # log sent event tpl = self.encapsule( tpl=tpl_r, ssl_event=templates.handshake_accepted(cipher=cipher,version=version,bits=bits, certPEM=certpem) ) self.logRecvEvent( shortEvt = "handshake accepted", tplEvt = tpl )
def isConnected(self, tpl, timeout, sslVersion=None, sslCipher=None): """ @param timeout: @type timeout: """ # construct the expected template tpl_ssl = templates.handshake_accepted(version=sslVersion, cipher=sslCipher) expected = self.getExpectedTemplate( mainTpl=tpl, tpl=tpl_ssl) # try to match the template evt = self.received( expected = expected, timeout = timeout ) return evt
def doSslHandshake(self, sock, tpl_s, tpl_r):
"""
Perform the SSL setup handshake.
"""
try:
# log sent event
self.logHandshake(tpl_s=tpl_s)
self.debug('starting handshake ')
# do handshake ssl
sock.do_handshake()
self.debug('handshake done')
# extract ssl informations
self.sslCipher, self.sslVersion, self.sslBits = sock.cipher()
dercert = sock.getpeercert(True)
# decode the certificate
cert_svr_layer = TestTemplatesLib.TemplateLayer(name="")
for k, v in sock.getpeercert().items():
if isinstance(v, tuple):
if k == "subject":
cert_subject_layer = TestTemplatesLib.TemplateLayer(
name="")
for c in list(v):
sk, sv = c[0]
cert_subject_layer.addKey(name="%s" % str(sk),
data="%s" % str(sv))
cert_svr_layer.addKey(name="subject",
data=cert_subject_layer)
else:
cert_svr_layer.addKey(name="%s" % k, data="%s" % str(v))
if self.cfg['check-host']:
sub = cert_svr_layer.get("subject")
if sub is not None:
cn = sub.get("commonName")
if cn is None:
raise Exception(
'common name missing in peer certificate')
if cn != self.cfg['host']:
raise HostnameFailed(
'Host name %s doesnt match certificate host %s' %
(self.cfg['host'], cn))
if dercert is not None:
certPEM = self.getPEMcert(dercert)
else:
certPEM = ''
# log received event
tpl = self.encapsule(tpl=tpl_r,
ssl_event=templates.handshake_accepted(
cipher=self.sslCipher,
version=self.sslVersion,
bits=self.sslBits,
certPEM=certPEM,
cert=cert_svr_layer))
self.logRecvEvent(shortEvt="handshake accepted", tplEvt=tpl)
except ssl.SSLError, x:
# log received event
tpl = self.encapsule(tpl=tpl_r,
ssl_event=templates.handshake_failed(
error=self.getSslError(str(x))))
self.logRecvEvent(shortEvt="handshake failed", tplEvt=tpl)
# raise failure to parent
raise HandshakeFailed()