def ssl_server_credentials( private_key_certificate_chain_pairs, root_certificates=None, require_client_auth=False): """Creates a ServerCredentials for use with an SSL-enabled Server. Args: private_key_certificate_chain_pairs: A nonempty sequence each element of which is a pair the first element of which is a PEM-encoded private key and the second element of which is the corresponding PEM-encoded certificate chain. root_certificates: PEM-encoded client root certificates to be used for verifying authenticated clients. If omitted, require_client_auth must also be omitted or be False. require_client_auth: A boolean indicating whether or not to require clients to be authenticated. May only be True if root_certificates is not None. Returns: A ServerCredentials for use with an SSL-enabled Server. """ if len(private_key_certificate_chain_pairs) == 0: raise ValueError( 'At least one private key-certificate chain pair is required!') elif require_client_auth and root_certificates is None: raise ValueError( 'Illegal to require client auth without providing root certificates!') else: return ServerCredentials( _cygrpc.server_credentials_ssl( root_certificates, [_cygrpc.SslPemKeyCertPair(key, pem) for key, pem in private_key_certificate_chain_pairs], require_client_auth))
def ssl_server_credentials(private_key_certificate_chain_pairs, root_certificates=None, require_client_auth=False): """Creates a ServerCredentials for use with an SSL-enabled Server. Args: private_key_certificate_chain_pairs: A nonempty sequence each element of which is a pair the first element of which is a PEM-encoded private key and the second element of which is the corresponding PEM-encoded certificate chain. root_certificates: PEM-encoded client root certificates to be used for verifying authenticated clients. If omitted, require_client_auth must also be omitted or be False. require_client_auth: A boolean indicating whether or not to require clients to be authenticated. May only be True if root_certificates is not None. Returns: A ServerCredentials for use with an SSL-enabled Server. """ if len(private_key_certificate_chain_pairs) == 0: raise ValueError( 'At least one private key-certificate chain pair is required!') elif require_client_auth and root_certificates is None: raise ValueError( 'Illegal to require client auth without providing root certificates!' ) else: return ServerCredentials( _cygrpc.server_credentials_ssl(root_certificates, [ _cygrpc.SslPemKeyCertPair(key, pem) for key, pem in private_key_certificate_chain_pairs ], require_client_auth))
def setUp(self): server_credentials = cygrpc.server_credentials_ssl( None, [cygrpc.SslPemKeyCertPair(resources.private_key(), resources.certificate_chain())], False) client_credentials = cygrpc.channel_credentials_ssl( resources.test_root_certificates(), None) self.setUpMixin(server_credentials, client_credentials, _SSL_HOST_OVERRIDE)
def ssl_server_credentials(private_key_certificate_chain_pairs, root_certificates=None, require_client_auth=False): """Creates a ServerCredentials for use with an SSL-enabled Server. Args: private_key_certificate_chain_pairs: A list of pairs of the form [PEM-encoded private key, PEM-encoded certificate chain]. root_certificates: An optional byte string of PEM-encoded client root certificates that the server will use to verify client authentication. If omitted, require_client_auth must also be False. require_client_auth: A boolean indicating whether or not to require clients to be authenticated. May only be True if root_certificates is not None. Returns: A ServerCredentials for use with an SSL-enabled Server. Typically, this object is an argument to add_secure_port() method during server setup. """ if len(private_key_certificate_chain_pairs) == 0: raise ValueError( 'At least one private key-certificate chain pair is required!') elif require_client_auth and root_certificates is None: raise ValueError( 'Illegal to require client auth without providing root certificates!' ) else: return ServerCredentials( _cygrpc.server_credentials_ssl(root_certificates, [ _cygrpc.SslPemKeyCertPair(key, pem) for key, pem in private_key_certificate_chain_pairs ], require_client_auth))
def setUp(self): server_credentials = cygrpc.server_credentials_ssl( None, [cygrpc.SslPemKeyCertPair(resources.private_key(), resources.certificate_chain())], False) channel_credentials = cygrpc.channel_credentials_ssl( resources.test_root_certificates(), None) self.server_completion_queue = cygrpc.CompletionQueue() self.server = cygrpc.Server() self.server.register_completion_queue(self.server_completion_queue) self.port = self.server.add_http2_port('[::]:0', server_credentials) self.server.start() self.client_completion_queue = cygrpc.CompletionQueue() client_channel_arguments = cygrpc.ChannelArgs([ cygrpc.ChannelArg(cygrpc.ChannelArgKey.ssl_target_name_override, _SSL_HOST_OVERRIDE)]) self.client_channel = cygrpc.Channel( 'localhost:{}'.format(self.port), client_channel_arguments, channel_credentials)
def setUp(self): server_credentials = cygrpc.server_credentials_ssl( None, [ cygrpc.SslPemKeyCertPair(resources.private_key(), resources.certificate_chain()) ], False) channel_credentials = cygrpc.channel_credentials_ssl( resources.test_root_certificates(), None) self.server_completion_queue = cygrpc.CompletionQueue() self.server = cygrpc.Server() self.server.register_completion_queue(self.server_completion_queue) self.port = self.server.add_http2_port('[::]:0', server_credentials) self.server.start() self.client_completion_queue = cygrpc.CompletionQueue() client_channel_arguments = cygrpc.ChannelArgs([ cygrpc.ChannelArg(cygrpc.ChannelArgKey.ssl_target_name_override, _SSL_HOST_OVERRIDE) ]) self.client_channel = cygrpc.Channel('localhost:{}'.format(self.port), client_channel_arguments, channel_credentials)
def server_credentials_ssl(root_credentials, pair_sequence, force_client_auth): return cygrpc.server_credentials_ssl( root_credentials, [cygrpc.SslPemKeyCertPair(key, pem) for key, pem in pair_sequence], force_client_auth)