def _start_https(self, reactor): from gnutls.interfaces.twisted import X509Credentials cert, pKey = TLSConfig.certificate, TLSConfig.private_key if cert is None or pKey is None: log.fatal("the TLS certificates or the private key could not be loaded") sys.exit(1) credentials = X509Credentials(cert, pKey) reactor.listenTLS(ServerConfig.root.port, HTTPFactory(self.site), credentials, interface=ServerConfig.address) log.msg("TLS started")
def __init__(self, host=None, use_tls=None, port=None, credentials=None): if host is not None: self.host = host.decode() if isinstance(host, bytes) else host if use_tls is not None: self.use_tls = use_tls if port is not None: self.port = port self.credentials = credentials if self.use_tls and self.credentials is None: self.credentials = X509Credentials(None, None)
def __init__(self, host=None, use_tls=None, port=None, credentials=None): if host is not None: self.host = host if use_tls is not None: self.use_tls = use_tls if port is not None: self.port = port self.credentials = credentials if self.use_tls and self.credentials is None: self.credentials = X509Credentials(None, None)
def tls_credentials(self): # This property can be optimized to cache the credentials it loads from disk, # however this is not a time consuming operation (~ 3000 req/sec). -Luci settings = SIPSimpleSettings() tls_certificate = self.tls.certificate or settings.tls.certificate certificate = None private_key = None if tls_certificate is not None: try: certificate_data = open(tls_certificate.normalized).read() certificate = X509Certificate(certificate_data) private_key = X509PrivateKey(certificate_data) except (FileNotFoundError, GNUTLSError, UnicodeDecodeError): pass trusted_cas = [] ca_list = self.tls.ca_list or settings.tls.ca_list if ca_list is not None: if len(self.trusted_cas) > 0: trusted_cas = self.trusted_cas else: crt = None start = False try: ca_text = open(ca_list.normalized).read() except (FileNotFoundError, GNUTLSError, UnicodeDecodeError): ca_text = '' for line in ca_text.split("\n"): if "BEGIN CERT" in line: start = True crt = line + "\n" elif "END CERT" in line: crt = crt + line + "\n" end = True start = False try: trusted_cas.append(X509Certificate(crt)) except (GNUTLSError, ValueError) as e: continue elif start: crt = crt + line + "\n" self.trusted_cas = trusted_cas self.ca_list = ca_list credentials = X509Credentials(certificate, private_key, trusted_cas) credentials.verify_peer = self.tls.verify_server or settings.tls.certificate return credentials
def start(self, roles): # Needs to be called from a green thread log.msg('Publishing %s roles to SIPThor' % roles) self.node = ThorEntity(SIPConfig.local_ip.normalized, roles, version=sylk.__version__) self.networks = {} self.presence_message = ThorEvent('Thor.Presence', self.node.id) self.shutdown_message = ThorEvent('Thor.Leave', self.node.id) credentials = X509Credentials(ThorNodeConfig.certificate, ThorNodeConfig.private_key, [ThorNodeConfig.ca]) credentials.verify_peer = True tls_context = TLSContext(credentials) EventServiceClient.__init__(self, ThorNodeConfig.domain, tls_context)
def _start_https(self, reactor): from gnutls.interfaces.twisted import X509Credentials from gnutls.connection import TLSContext, TLSContextServerOptions cert, pKey = TLSConfig.certificate, TLSConfig.private_key if cert is None or pKey is None: log.fatal("the TLS certificates or the private key could not be loaded") sys.exit(1) credentials = X509Credentials(cert, pKey) tls_context = TLSContext(credentials, server_options=TLSContextServerOptions(certificate_request=None)) reactor.listenTLS(ServerConfig.root.port, HTTPFactory(self.site), tls_context, interface=ServerConfig.address) log.msg("TLS started")
def __init__(self, host=None, use_tls=None, port=None, credentials=None): if host is not None: self.host = host if use_tls is not None: self.use_tls = use_tls if port is not None: self.port = port self.credentials = credentials if self.use_tls and self.credentials is None: from gnutls.interfaces.twisted import X509Credentials self.credentials = X509Credentials(None, None)
def __init__(self): self.node = ThorEntity(host.default_ip, ['call_control'], version=__version__) self.networks = {} self.rating_connections = {} self.presence_message = ThorEvent('Thor.Presence', self.node.id) self.shutdown_message = ThorEvent('Thor.Leave', self.node.id) credentials = X509Credentials(ThorNodeConfig.certificate, ThorNodeConfig.private_key, [ThorNodeConfig.ca]) credentials.verify_peer = True tls_context = TLSContext(credentials) EventServiceClient.__init__(self, ThorNodeConfig.domain, tls_context)
def __init__(self): self.node = ThorEntity(host.default_ip, ['msrprelay_server'], version=__version__) self.networks = {} self.presence_message = ThorEvent('Thor.Presence', self.node.id) self.shutdown_message = ThorEvent('Thor.Leave', self.node.id) credentials = X509Credentials(Config.certificate, Config.private_key, [Config.ca]) credentials.verify_peer = True tls_context = TLSContext(credentials) EventServiceClient.__init__(self, ThorNetworkConfig.domain, tls_context) process.signals.add_handler(signal.SIGHUP, self._handle_signal) process.signals.add_handler(signal.SIGINT, self._handle_signal) process.signals.add_handler(signal.SIGTERM, self._handle_signal)
def tls_credentials(self): # This property can be optimized to cache the credentials it loads from disk, # however this is not a time consuming operation (~ 3000 req/sec). -Luci settings = SIPSimpleSettings() tls_certificate = self.tls.certificate or settings.tls.certificate if tls_certificate is not None: certificate_data = open(tls_certificate.normalized).read() certificate = X509Certificate(certificate_data) private_key = X509PrivateKey(certificate_data) else: certificate = None private_key = None credentials = X509Credentials(certificate, private_key, []) credentials.verify_peer = False return credentials
def test_server_connectionMade_never_called(self): # trigger case when protocol instance is created, # but it's connectionMade is never called from gnutls.interfaces.twisted import X509Credentials from gnutls.errors import GNUTLSError cred = X509Credentials(None, None) ev = Event() def handle(conn): ev.send("handle must not be called") s = reactor.listenTLS( 0, pr.SpawnFactory(handle, LineOnlyReceiverTransport), cred) creator = pr.GreenClientCreator(reactor, LineOnlyReceiverTransport) try: conn = creator.connectTLS('127.0.0.1', s.getHost().port, cred) except GNUTLSError: pass assert ev.poll() is None, repr(ev.poll())
def __init__(self): self._database = DatabaseConnection() self.node = ThorEntity(host.default_ip if ServerConfig.address == '0.0.0.0' else ServerConfig.address, ['xcap_server'], version=xcap.__version__) self.networks = {} self.presence_message = ThorEvent('Thor.Presence', self.node.id) self.shutdown_message = ThorEvent('Thor.Leave', self.node.id) credentials = X509Credentials(ThorNodeConfig.certificate, ThorNodeConfig.private_key, [ThorNodeConfig.ca]) credentials.verify_peer = True tls_context = TLSContext(credentials) self.control = ControlLink(tls_context) EventServiceClient.__init__(self, ThorNodeConfig.domain, tls_context) process.signals.add_handler(signal.SIGHUP, self._handle_SIGHUP) process.signals.add_handler(signal.SIGINT, self._handle_SIGINT) process.signals.add_handler(signal.SIGTERM, self._handle_SIGTERM)
def _parseTLS(factory, port, privateKey='server.pem', certKey=None, sslmethod=None, interface='', backlog=50): from gnutls.interfaces.twisted import X509Credentials from gnutls.crypto import X509Certificate, X509PrivateKey if certKey is None: certKey = privateKey cert = X509Certificate(open(certKey).read()) key = X509PrivateKey(open(privateKey).read()) cf = X509Credentials(cert, key) return ((int(port), factory, cf), { 'interface': interface, 'backlog': int(backlog) })
def tls_credentials(self): # This property can be optimized to cache the credentials it loads from disk, # however this is not a time consuming operation (~ 3000 req/sec). -Luci settings = SIPSimpleSettings() if self.tls.certificate is not None: certificate_data = open(self.tls.certificate.normalized).read() certificate = X509Certificate(certificate_data) private_key = X509PrivateKey(certificate_data) else: certificate = None private_key = None if settings.tls.ca_list is not None: # we should read all certificates in the file, rather than just the first -Luci trusted = [ X509Certificate(open(settings.tls.ca_list.normalized).read()) ] else: trusted = [] credentials = X509Credentials(certificate, private_key, trusted) credentials.verify_peer = self.tls.verify_server return credentials
count = options.count active = count succesful = 0 failed = 0 certs_path = os.path.join(gnutls_path, 'examples/certs') certs_path = os.path.join(gnutls_path, 'examples/certs') cert = X509Certificate(open(certs_path + '/valid.crt').read()) key = X509PrivateKey(open(certs_path + '/valid.key').read()) ca = X509Certificate(open(certs_path + '/ca.pem').read()) crl = X509CRL(open(certs_path + '/crl.pem').read()) if options.send_certs: cred = X509Credentials(cert, key, [ca]) else: cred = X509Credentials(trusted=[ca]) cred.verify_peer = options.verify context = TLSContext(cred) echo_factory = EchoFactory() start_time = time() for x in range(count): reactor.connectSSL(host, port, echo_factory, context) reactor.run() duration = time() - start_time rate = count / duration
from twisted.names.srvconnect import SRVConnector from gnutls.interfaces.twisted import TLSContext, X509Credentials from eventlet.twistedutil.protocol import GreenClientCreator from eventlet.twistedutil.protocols.basic import LineOnlyReceiverTransport class NoisySRVConnector(SRVConnector): def pickServer(self): host, port = SRVConnector.pickServer(self) print 'Resolved _%s._%s.%s --> %s:%s' % (self.service, self.protocol, self.domain, host, port) return host, port cred = X509Credentials(None, None) ctx = TLSContext(cred) creator = GreenClientCreator(reactor, LineOnlyReceiverTransport) conn = creator.connectSRV('msrps', 'ag-projects.com', connectFuncName='connectTLS', connectFuncArgs=(ctx, ), ConnectorClass=NoisySRVConnector) request = """MSRP 49fh AUTH To-Path: msrps://[email protected];tcp From-Path: msrps://alice.example.com:9892/98cjs;tcp -------49fh$ """.replace('\n', '\r\n') print 'Sending:\n%s' % request
print 'MAC algorithm:', session.mac_algorithm print 'Compression: ', session.compression def lineReceived(self, line): if line == 'quit': self.transport.loseConnection() return self.sendLine('hello') def connectionLost(self, reason): if reason.type != ConnectionDone: print "Connection was lost:", str(reason.value) class EchoFactory(Factory): protocol = EchoProtocol certs_path = 'certs' cert = X509Certificate(open(certs_path + '/valid.crt').read()) key = X509PrivateKey(open(certs_path + '/valid.key').read()) cred = X509Credentials(cert, key) cred.session_params.protocols = (PROTO_TLS1_2, ) cred.session_params.ciphers = (GNUTLS_CIPHER_AES_256_CBC, ) cred.session_params.compressions = (COMP_DEFLATE, COMP_NULL) reactor.listenTLS(10000, EchoFactory(), cred) reactor.run()
print 'Compression: %s' % session.compression def lineReceived(self, line): if line == 'quit': self.transport.loseConnection() return self.sendLine(line) def connectionLost(self, reason): if reason.type != ConnectionDone: print "Connection was lost: %s" % reason.value class EchoFactory(Factory): protocol = EchoProtocol script_path = os.path.realpath(os.path.dirname(sys.argv[0])) certs_path = os.path.join(script_path, 'certs') cert = X509Certificate(open(certs_path + '/valid.crt').read()) key = X509PrivateKey(open(certs_path + '/valid.key').read()) ca = X509Certificate(open(certs_path + '/ca.pem').read()) crl = X509CRL(open(certs_path + '/crl.pem').read()) cred = X509Credentials(cert, key, [ca], [crl]) cred.verify_peer = True context = TLSContext(cred, session_parameters="NORMAL:+COMP-DEFLATE") reactor.listenTLS(10000, EchoFactory(), context) reactor.run()
class TLSMixin(object): use_tls = True cert = X509Certificate(open('valid.crt').read()) key = X509PrivateKey(open('valid.key').read()) server_credentials = X509Credentials(cert, key)
class EchoProtocol(LineOnlyReceiver): def connectionMade(self): self.sendLine('echo') def lineReceived(self, line): print 'received: ', line self.transport.loseConnection() def connectionLost(self, reason): reactor.stop() class EchoFactory(ClientFactory): protocol = EchoProtocol def clientConnectionFailed(self, connector, err): print err.value reactor.stop() cred = X509Credentials() cred.session_params.protocols = (PROTO_TLS1_2,) cred.session_params.ciphers = (GNUTLS_CIPHER_AES_256_CBC,) cred.session_params.compressions = (COMP_DEFLATE, COMP_NULL) reactor.connectTLS('localhost', 10000, EchoFactory(), cred) reactor.run()