Python SSLIOStreamの例

コード例 #1

ファイル: tornado.py プロジェクト: snower/TorMySQL

    def _run_ssl_connect_callback(self):
        if self._state & self.io_loop.WRITE:
            self._state = self._state & ~self.io_loop.WRITE
            self.io_loop.update_handler(self.fileno(), self._state)

        if hasattr(BaseSSLIOStream, "_finish_ssl_connect"):
            BaseSSLIOStream._finish_ssl_connect(self)
        else:
            BaseSSLIOStream._run_ssl_connect_callback(self)

コード例 #2

ファイル: irc.py プロジェクト: ketralnis/iobot

    def connect(self, reconnecting=False):
        self.logger.debug('CONNECTING...')
        _sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)

        if self.ssl is None:
            self._stream = IOStream(_sock)
        elif self.ssl is True:
            self._stream = SSLIOStream(_sock)
        else:
            self._stream = SSLIOStream(_sock, ssl_options=self.ssl)

        self._stream.connect((self.address, self.port), self._register)

コード例 #3

ファイル: iostream_test.py プロジェクト: 102hailan/tornado

    def connect_to_server(self, server_cls):
        server = client = None
        try:
            sock, port = bind_unused_port()
            server = server_cls(ssl_options=_server_ssl_options())
            server.add_socket(sock)

            client = SSLIOStream(socket.socket(),
                                 ssl_options=dict(cert_reqs=ssl.CERT_NONE))
            yield client.connect(('127.0.0.1', port))
            self.assertIsNotNone(client.socket.cipher())
        finally:
            if server is not None:
                server.stop()
            if client is not None:
                client.close()

コード例 #4

ファイル: stream_reader.py プロジェクト: SinnerShanky/Visualiser

 def _connect(self):
     nodes=[]
     edges=[]
     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
     self._stream = SSLIOStream(s)
     log.info('Connecting to %s', self._address)
     self._stream.connect(self._address)

コード例 #5

ファイル: stream_reader.py プロジェクト: eagle12td/StackOverflow-Question-17534033

class SSLStreamReader(object):
    def __init__(self, host, port):
        self._address = (host, port)
        self._stream = None
        self._clients = set()

    def add(self, client):
        self._clients.add(client)
        log.debug('Added client %s', client)
        if self._stream is None:
            self._connect()
            self._read_stream()

    def remove(self, client):
        self._clients.remove(client)
        log.debug('Removed client %s', client)

    @staticmethod
    def process(data):
        return data

    @staticmethod
    def write_message(client, data):
        pass

    def _connect(self):
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
        self._stream = SSLIOStream(s)
        log.debug('Connecting to %s', self._address)
        self._stream.connect(self._address)

    def _disconnect(self):
        self._stream.close()
        self._stream = None
        log.debug('Disconnected from %s', self._address)

    @coroutine
    def _read_stream(self):
        log.debug('Reading stream from %s', self._address)
        while self._clients:
            data = yield Task(self._stream.read_until, "\n")
            output = self.process(data)
            for client in self._clients:
                self.write_message(client, output)
        self._disconnect()
        return

コード例 #6

ファイル: messaging.py プロジェクト: abhinavsingh/secure-messaging

 def __init__(self, uid, port):
     super(Client, self).__init__('client')
     
     self.uid = uid
     self.port = port
     
     self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     self.conn = SSLIOStream(self.sock, ssl_options={'ca_certs':SERVER_CRT_PATH, 'cert_reqs':ssl.CERT_REQUIRED})
     self.conn.connect(('127.0.0.1', self.port), self.on_connect)

コード例 #7

ファイル: connection.py プロジェクト: barbuza/apnstornado

class FeedbackConn():
    def __init__(self, host=None, certfile=None, loop=None):
        self.ioloop = loop or ioloop.IOLoop.instance()
        self.host = host or settings.get('feedback_host')
        self.certfile = certfile or settings.get('certfile')
        self.connect()

    def connect(self):
        self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
        self.stream = SSLIOStream(self.s, read_chunk_size=38, ssl_options=dict(certfile=self.certfile))
        self.stream.connect(self.host, self._on_connect)
        self.stream.read_until_close(self._on_close, streaming_callback=self._on_read)

    def _on_connect(self):
        logging.info("connected to %s:%d" % (self.host[0], self.host[1]))

    def _on_read(self, data):
        #logging.info("read %d bytes" % len(data))
        if len(data) == 38:
            timestamp, toklen, token = struct.unpack_from('!IH32s', data, 0)
            logging.info("flagging user %s at %d" % (token.encode('hex'), timestamp))
            mc.set(token.encode('hex'), timestamp)

    def _on_close(self, data):
        logging.info("disconnected %s:%d" % (self.host[0], self.host[1]))
        try:
            self.stream.close()
            self.s.close()
        except:
            pass
        self.ioloop.add_timeout(time.time()+settings.get('feedback_reconnect_lag'), self.connect)

コード例 #8

ファイル: apns.py プロジェクト: 00zhengfu00/viewfinder

 def _Connect(self):
   try:
     ssl_options = {'certfile': secrets.GetSecretFile(self._settings['certfile'])}
     self._sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
     self._stream = SSLIOStream(self._sock, io_loop=self._io_loop, ssl_options=ssl_options)
     self._stream.set_close_callback(self._OnClose)
     self._stream.connect(self._host, self._OnConnect)
   except KeyError:
     logging.warning('failed to initialize connection to APN service at %s:%d '
                     'whose certificate is missing from secrets/%s' %
                     (self._host[0], self._host[1], self._settings['certfile']))
     return
   except:
     self._stream = None
     raise

コード例 #9

ファイル: apns.py プロジェクト: 00zhengfu00/viewfinder

class _BaseSSLService(object):
  """Base SSL connection to Apple's push notification servers. Retry on
  disconnect is handled via an exponential backoff.
  """
  _MAX_BACKOFF_SECS = 600.0  # 10 minutes
  _PUSH_TOKEN_FMT = '%s:%s'

  def __init__(self, settings, host_key):
    self._settings = settings
    self._host = settings[host_key]
    self._retries = 0
    self._io_loop = IOLoop.current()
    self._ResetBackoff()
    self._Connect()

  def IsValid(self):
    return self._stream is not None

  def _FormatPushToken(self, token):
    return _BaseSSLService._PUSH_TOKEN_FMT % (self._settings['token-prefix'], token)

  def _Connect(self):
    try:
      ssl_options = {'certfile': secrets.GetSecretFile(self._settings['certfile'])}
      self._sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
      self._stream = SSLIOStream(self._sock, io_loop=self._io_loop, ssl_options=ssl_options)
      self._stream.set_close_callback(self._OnClose)
      self._stream.connect(self._host, self._OnConnect)
    except KeyError:
      logging.warning('failed to initialize connection to APN service at %s:%d '
                      'whose certificate is missing from secrets/%s' %
                      (self._host[0], self._host[1], self._settings['certfile']))
      return
    except:
      self._stream = None
      raise

  def _OnConnect(self):
    logging.info("connected to %s:%d" % (self._host[0], self._host[1]))

  def _ResetBackoff(self):
    """Resets backoff to 'reconnect_lag' setting."""
    self._backoff = self._settings.get('reconnect_lag')

  def _OnClose(self):
    logging.info("disconnected from %s:%d" % (self._host[0], self._host[1]))
    try:
      self._stream.close()
    except:
      pass
    finally:
      self._stream = None

    timeout = time.time() + self._backoff
    self._io_loop.add_timeout(timeout, self._Connect)
    self._backoff = min(_BaseSSLService._MAX_BACKOFF_SECS, self._backoff * 2)

コード例 #10

ファイル: tcpserver.py プロジェクト: wdmx666/recognition_pre_fog_simpler

    def _handle_connection(self, connection, address):
        if self.ssl_options is not None:
            assert ssl, "Python 2.6+ and OpenSSL required for SSL"
            try:
                connection = ssl_wrap_socket(connection,
                                             self.ssl_options,
                                             server_side=True,
                                             do_handshake_on_connect=False)
            except ssl.SSLError as err:
                if err.args[0] == ssl.SSL_ERROR_EOF:
                    return connection.close()
                else:
                    raise
            except socket.error as err:
                # If the connection is closed immediately after it is created
                # (as in a port scan), we can get one of several errors.
                # wrap_socket makes an internal call to getpeername,
                # which may return either EINVAL (Mac OS X) or ENOTCONN
                # (Linux).  If it returns ENOTCONN, this error is
                # silently swallowed by the ssl module, so we need to
                # catch another error later on (AttributeError in
                # SSLIOStream._do_ssl_handshake).
                # To test this behavior, try nmap with the -sT flag.
                # https://github.com/tornadoweb/tornado/pull/750
                if errno_from_exception(err) in (errno.ECONNABORTED,
                                                 errno.EINVAL):
                    return connection.close()
                else:
                    raise
        try:
            if self.ssl_options is not None:
                stream = SSLIOStream(connection,
                                     max_buffer_size=self.max_buffer_size,
                                     read_chunk_size=self.read_chunk_size)
            else:
                stream = IOStream(connection,
                                  max_buffer_size=self.max_buffer_size,
                                  read_chunk_size=self.read_chunk_size)

            future = self.handle_stream(stream, address)
            if future is not None:
                IOLoop.current().add_future(gen.convert_yielded(future),
                                            lambda f: f.result())
        except Exception:
            app_log.error("Error in connection callback", exc_info=True)

コード例 #11

ファイル: simple_httpclient.py プロジェクト: theghostofjohnknox/tornado

    def _create_stream(self, addrinfo):
        af = addrinfo[0][0]
        if self.parsed.scheme == "https":
            ssl_options = {}
            if self.request.validate_cert:
                ssl_options["cert_reqs"] = ssl.CERT_REQUIRED
            if self.request.ca_certs is not None:
                ssl_options["ca_certs"] = self.request.ca_certs
            else:
                ssl_options["ca_certs"] = _DEFAULT_CA_CERTS
            if self.request.client_key is not None:
                ssl_options["keyfile"] = self.request.client_key
            if self.request.client_cert is not None:
                ssl_options["certfile"] = self.request.client_cert

            # SSL interoperability is tricky.  We want to disable
            # SSLv2 for security reasons; it wasn't disabled by default
            # until openssl 1.0.  The best way to do this is to use
            # the SSL_OP_NO_SSLv2, but that wasn't exposed to python
            # until 3.2.  Python 2.7 adds the ciphers argument, which
            # can also be used to disable SSLv2.  As a last resort
            # on python 2.6, we set ssl_version to TLSv1.  This is
            # more narrow than we'd like since it also breaks
            # compatibility with servers configured for SSLv3 only,
            # but nearly all servers support both SSLv3 and TLSv1:
            # http://blog.ivanristic.com/2011/09/ssl-survey-protocol-support.html
            if sys.version_info >= (2, 7):
                # In addition to disabling SSLv2, we also exclude certain
                # classes of insecure ciphers.
                ssl_options["ciphers"] = "DEFAULT:!SSLv2:!EXPORT:!DES"
            else:
                # This is really only necessary for pre-1.0 versions
                # of openssl, but python 2.6 doesn't expose version
                # information.
                ssl_options["ssl_version"] = ssl.PROTOCOL_TLSv1

            return SSLIOStream(socket.socket(af),
                               io_loop=self.io_loop,
                               ssl_options=ssl_options,
                               max_buffer_size=self.max_buffer_size)
        else:
            return IOStream(socket.socket(af),
                            io_loop=self.io_loop,
                            max_buffer_size=self.max_buffer_size)

コード例 #12

    def __init__(self, io_loop, client, request, callback):
        self.start_time = time.time()
        self.io_loop = io_loop
        self.client = client
        self.request = request
        self.callback = callback
        self.code = None
        self.headers = None
        self.chunks = None
        self._decompressor = None
        # Timeout handle returned by IOLoop.add_timeout
        self._timeout = None
        with stack_context.StackContext(self.cleanup):
            parsed = urlparse.urlsplit(self.request.url)
            if ":" in parsed.netloc:
                host, _, port = parsed.netloc.partition(":")
                port = int(port)
            else:
                host = parsed.netloc
                port = 443 if parsed.scheme == "https" else 80
            if self.client.hostname_mapping is not None:
                host = self.client.hostname_mapping.get(host, host)

            if parsed.scheme == "https":
                ssl_options = {}
                if request.validate_cert:
                    ssl_options["cert_reqs"] = ssl.CERT_REQUIRED
                if request.ca_certs is not None:
                    ssl_options["ca_certs"] = request.ca_certs
                else:
                    ssl_options["ca_certs"] = _DEFAULT_CA_CERTS
                self.stream = SSLIOStream(socket.socket(),
                                          io_loop=self.io_loop,
                                          ssl_options=ssl_options)
            else:
                self.stream = IOStream(socket.socket(), io_loop=self.io_loop)
            timeout = min(request.connect_timeout, request.request_timeout)
            if timeout:
                self._connect_timeout = self.io_loop.add_timeout(
                    self.start_time + timeout, self._on_timeout)
            self.stream.set_close_callback(self._on_close)
            self.stream.connect((host, port),
                                functools.partial(self._on_connect, parsed))

コード例 #13

 def _handle_connection(self, connection, address):
     if self.ssl_options is not None:
         assert ssl, "Python 2.6+ and OpenSSL required for SSL"
         try:
             connection = ssl_wrap_socket(connection,
                                          self.ssl_options,
                                          server_side=True,
                                          do_handshake_on_connect=False)
         except ssl.SSLError as err:
             if err.args[0] == ssl.SSL_ERROR_EOF:
                 return connection.close()
             else:
                 raise
         except socket.error as err:
             # If the connection is closed immediately after it is created
             # (as in a port scan), we can get one of several errors.
             # wrap_socket makes an internal call to getpeername,
             # which may return either EINVAL (Mac OS X) or ENOTCONN
             # (Linux).  If it returns ENOTCONN, this error is
             # silently swallowed by the ssl module, so we need to
             # catch another error later on (AttributeError in
             # SSLIOStream._do_ssl_handshake).
             # To test this behavior, try nmap with the -sT flag.
             # https://github.com/facebook/tornado/pull/750
             if err.args[0] in (errno.ECONNABORTED, errno.EINVAL):
                 return connection.close()
             else:
                 raise
     try:
         if self.ssl_options is not None:
             stream = SSLIOStream(connection,
                                  io_loop=self.io_loop,
                                  max_buffer_size=self.max_buffer_size)
         else:
             stream = IOStream(connection,
                               io_loop=self.io_loop,
                               max_buffer_size=self.max_buffer_size)
         self.handle_stream(stream, address)
         # 这个_handle_conntion基本是用在底层iostream的处理上面，
         # 而路由的分发，我猜测应该是在生成request对象那个时候才开始的
     except Exception:
         app_log.error("Error in connection callback", exc_info=True)

コード例 #14

 def _make_iostream(self, s):
     assert ssl, "Python 2.6+ and OpenSSL required for SSL"
     try:
         s = ssl.wrap_socket(s,
                             server_side=True,
                             do_handshake_on_connect=False,
                             **self.ssl_options)
     except ssl.SSLError as err:
         if err.args[0] == ssl.SSL_ERROR_EOF:
             s.close()
             return
         else:
             raise
     except socket.error as err:
         if err.args[0] == errno.ECONNABORTED:
             s.close()
             return
         else:
             raise
     return SSLIOStream(s)

コード例 #15

    def _handle_connection(self, connection, address):
        if self.ssl_options is not None:
            assert ssl, "Python 2.6+ and OpenSSL required for SSL"
            try:
                connection = ssl_wrap_socket(connection,
                                             self.ssl_options,
                                             server_side=True,
                                             do_handshake_on_connect=False)
            except ssl.SSLError as err:
                if err.args[0] == ssl.SSL_ERROR_EOF:
                    return connection.close()
                else:
                    raise
            except socket.error as err:
                if errno_from_exception(err) in (errno.ECONNABORTED,
                                                 errno.EINVAL):
                    return connection.close()
                else:
                    raise
        try:
            if self.ssl_options is not None:
                stream = SSLIOStream(connection,
                                     io_loop=self.io_loop,
                                     max_buffer_size=self.max_buffer_size,
                                     read_chunk_size=self.read_chunk_size)
            else:
                stream = IOStream(connection,
                                  io_loop=self.io_loop,
                                  max_buffer_size=self.max_buffer_size,
                                  read_chunk_size=self.read_chunk_size)
            future = self.handle_stream(stream, address)

            if future is not None:
                self.io_loop.add_future(future, lambda f: f.result())

        except Exception:
            app_log.error("Error in connection callback", exc_info=True)

コード例 #16

class FeedbackConn():
    def __init__(self, host=None, certfile=None, loop=None):
        self.ioloop = loop or ioloop.IOLoop.instance()
        self.host = host or settings.get('feedback_host')
        self.certfile = certfile or settings.get('certfile')
        self.connect()

    def connect(self):
        self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
        self.stream = SSLIOStream(self.s,
                                  read_chunk_size=38,
                                  ssl_options=dict(certfile=self.certfile))
        self.stream.connect(self.host, self._on_connect)
        self.stream.read_until_close(self._on_close,
                                     streaming_callback=self._on_read)

    def _on_connect(self):
        logging.info("connected to %s:%d" % (self.host[0], self.host[1]))

    def _on_read(self, data):
        #logging.info("read %d bytes" % len(data))
        if len(data) == 38:
            timestamp, toklen, token = struct.unpack_from('!IH32s', data, 0)
            logging.info("flagging user %s at %d" %
                         (token.encode('hex'), timestamp))
            mc.set(token.encode('hex'), timestamp)

    def _on_close(self, data):
        logging.info("disconnected %s:%d" % (self.host[0], self.host[1]))
        try:
            self.stream.close()
            self.s.close()
        except:
            pass
        self.ioloop.add_timeout(
            time.time() + settings.get('feedback_reconnect_lag'), self.connect)

コード例 #17

ファイル: __init__.py プロジェクト: ChrisWren/monocle

                                server_side=True,
                                do_handshake_on_connect=False,
                                **self.ssl_options)
        except ssl.SSLError, err:
            if err.args[0] == ssl.SSL_ERROR_EOF:
                s.close()
                return
            else:
                raise
        except socket.error, err:
            if err.args[0] == errno.ECONNABORTED:
                s.close()
                return
            else:
                raise
        return SSLIOStream(s)


class Client(TornadoConnection):
    def __init__(self, *args, **kwargs):
        Connection.__init__(self, *args, **kwargs)
        self.ssl_options = None

    @_o
    def connect(self, host, port):
        s = socket.socket()
        iostream = self._make_iostream(s)
        self._stack_conn = _Connection(iostream)
        self._stack_conn.attach(self)
        self._stack_conn.connect((host, port))

コード例 #18

class APNSConn():
    def __init__(self, host=None, certfile=None, loop=None):
        self.stats = {
            'disconnects': 0,
            'notifications': 0,
            'invalid_tokens': 0,
        }
        self.started = time.time()
        self.ioloop = loop or ioloop.IOLoop.instance()
        self.host = host or settings.get('apns_host')
        self.certfile = certfile or settings.get('certfile')
        self.write_queue = deque()
        self.recent = deque(maxlen=100)
        # N.B. Python upgrades ints to longs and this is a binary protocol so...
        self.generation = ctypes.c_uint32(0)
        self.connect()

    def get_stats(self):
        stats = self.stats.copy()
        stats['queue_len'] = len(self.write_queue)
        stats['uptime'] = time.time() - self.started
        return stats

    def push(self,
             token,
             alert=None,
             badge=None,
             sound=None,
             expiry=None,
             extra=None,
             timestamp=None):
        '''
        This is really the only api you want to use. Pushes a notification onto the queue
        for non-flagged users. The queue is processed in the tornado event loop.
        '''
        flagged = mc.get(token)
        if flagged:
            if not timestamp or timestamp > flagged:
                self.stats['invalid_tokens'] += 1
                return False

        self.generation.value += 1
        identifier = self.generation.value
        msg = create_message(token,
                             alert=alert,
                             badge=badge,
                             sound=sound,
                             identifier=identifier,
                             expiry=expiry,
                             extra=extra)
        if len(msg) > MAX_PAYLOAD_BYTES:
            raise ValueError, u"max payload(%d) exceeded: %d" % (
                MAX_PAYLOAD_BYTES, len(msg))

        self.write_queue.append(msg)
        self.recent.append(dict(identifier=identifier, token=token))
        self.ioloop.add_callback(self.push_one)
        return True

    def push_one(self):
        if len(self.write_queue) and not self.stream.closed():
            msg = self.write_queue.popleft()
            try:
                self.stream.write(msg)
                self.stats['notifications'] += 1
            except:
                self.write_queue.appendleft(msg)
                return False
            return True
        return False

    def connect(self):
        self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
        self.stream = SSLIOStream(self.s,
                                  ssl_options=dict(certfile=self.certfile))
        self.stream.connect(self.host, self._on_connect)
        self.stream.read_until_close(self._on_close,
                                     streaming_callback=self._on_read)

    def _on_connect(self):
        '''
        Process the backlog, hoss.
        '''
        logging.info('connected to %s:%d' % (self.host[0], self.host[1]))
        while self.push_one():
            continue

    def _on_read(self, data):
        '''
        The only message we expect here is an error response... sadly, followed by
        a disconnect. 
        '''
        logging.info('_on_read: %d bytes' % (len(data)))
        try:
            status, identifier, err_string = parse_response(data)
            logging.warning('_on_read err: %d %d %s' %
                            (status, identifier, err_string))
            if status == 8:
                for msg in self.recent:
                    if msg['identifier'] == identifier:
                        token = msg['token']
                        logging.info('flagging token: %s' % (token))
                        self.stats['invalid_tokens'] += 1
                        mc.set(token, int(time.time()))
        except:
            logging.info('parse_response failed')

    def _on_close(self, data):
        '''
        This triggers the reconnect given reconnect_lag from settings. This should
        probably be an exponential backoff.
        '''
        logging.info('_on_close')
        self.stats['disconnects'] += 1
        try:
            self.stream.close()
            self.s.close()
        except:
            pass
        self.ioloop.add_timeout(
            time.time() + settings.get('apns_reconnect_lag'), self.connect)

コード例 #19

ファイル: tornado_http2_client.py プロジェクト: junk13/http2-ddos-attack

class H2Client(object):

    ALPN_HTTP2_PROTOCOL = b'h2'
    USER_AGENT = 'Tornado 4.3 hyper-h2/1.0.0'

    def __init__(self, io_loop=None, config=None):
        self.io_loop = io_loop or IOLoop.current()
        self.conn = H2Connection()
        self.known_proto = None

        self.authority = None
        self.io_stream = None

        self.ssl_context = ssl.create_default_context(
            purpose=ssl.Purpose.SERVER_AUTH)
        self.ssl_context.check_hostname = False
        self.ssl_context.verify_mode = ssl.CERT_NONE
        self.ssl_context.set_alpn_protocols([self.ALPN_HTTP2_PROTOCOL])

        self.are_settings_acked = False
        self.pending_requests = []

        #self.settings_acked_future = Future()

        self.responses = {}
        self.pushes = {}

        self.data_received_size = 0
        self.last_time_data_recvd = None

    @gen.coroutine
    def connect(self, host, port):
        self.authority = host
        s = socket.socket()
        self.io_stream = SSLIOStream(s, ssl_options=self.ssl_context)

        yield self.io_stream.connect((host, port), server_hostname=host)
        logger.debug("Connected!")
        self.known_proto = self.io_stream.socket.selected_alpn_protocol()

        assert self.known_proto == self.ALPN_HTTP2_PROTOCOL, "ALPN protocol was not h2, was {} instead".format(
            self.known_proto)

        self.io_stream.set_close_callback(self.connection_lost)

        logger.debug("Talking to a valid HTTP2 server! Sending preamble")
        self.conn.initiate_connection()

        self.io_stream.read_until_close(streaming_callback=self.data_received)
        data = self.conn.data_to_send()
        yield self.io_stream.write(data)
        logger.debug("Preamble Sent! Should be connected now")

    @gen.coroutine
    def close_connection(self):
        self.io_stream.set_close_callback(lambda: None)
        self.conn.close_connection()

        data = self.conn.data_to_send()
        yield self.io_stream.write(data)

#    @gen.coroutine

    def data_received(self, data):
        """
        Called by Tornado when data is received on the connection.

        We need to check a few things here. Firstly, we want to validate that
        we actually negotiated HTTP/2: if we didn't, we shouldn't proceed!

        Then, we want to pass the data to the protocol stack and check what
        events occurred.
        """

        self.data_received_size += len(data)
        self.last_time_data_recvd = time.time()

        if not self.known_proto:
            self.known_proto = self.io_stream.socket.selected_alpn_protocol()
            assert self.known_proto == b'h2'

        events = self.conn.receive_data(data)

        for event in events:
            #print("Processing event: {}".format(event))
            if isinstance(event, ResponseReceived):
                self.handle_response(event)
            elif isinstance(event, DataReceived):
                self.handle_data(event)
            elif isinstance(event, StreamEnded):
                #self.end_stream(event)
                logger.debug("Got event Stream ended for stream {}".format(
                    event.stream_id))
            elif isinstance(event, SettingsAcknowledged):
                self.settings_acked(event)
            elif isinstance(event, StreamReset):
                logger.debug("A Stream reset!: %d" % event.error_code)
            elif isinstance(event, WindowUpdated):
                self.window_updated(event)
            elif isinstance(event, PushedStreamReceived):
                self.handle_push(event)
            elif isinstance(event, TrailersReceived):
                self.handle_response(event, response_type="trailers")
            else:
                logger.debug(
                    "Received an event we don't handle: {}".format(event))

        data = self.conn.data_to_send()
        if data:
            #print("Responding to the server: {}".format(data))
            self.io_stream.write(data)

    def settings_acked(self, event):
        """
        Called when the remote party ACKs our settings. We send a SETTINGS
        frame as part of the preamble, so if we want to be very polite we can
        wait until the ACK for that frame comes before we start sending our
        request.
        """
        self.are_settings_acked = True
        #self.settings_acked_future.set_result(True)

    def _get_stream_response_holder(self, stream_id):
        try:
            return self.responses[stream_id]
        except KeyError:
            return self.pushes[stream_id]

    def handle_response(self, event, response_type="headers"):
        """
        Handle the response by storing the response headers.
        """
        try:
            response = self._get_stream_response_holder(event.stream_id)
        except KeyError:
            logger.exception(
                "Unable to find a response future for stream {} while handling a response"
                .format(event.stream_id))
        else:
            response[response_type] = event.headers
            if event.stream_ended is not None:
                try:
                    future = response.pop("future")
                except KeyError:
                    logger.exception(
                        "No future associated with the response for stream {} while handling a response"
                        .format(event.stream_id))
                else:
                    future.set_result(response)

                try:
                    self.end_stream(event.stream_ended)
                except H2StreamClosedError as e:
                    logger.exception(
                        "Got an exception trying to end a stream after handling a response for stream: {}"
                        .format(e.stream_id))

    def handle_data(self, event):
        """
        We handle data that's received
        """

        self.conn.acknowledge_received_data(event.flow_controlled_length,
                                            event.stream_id)
        try:
            response = self._get_stream_response_holder(event.stream_id)
        except KeyError:
            logger.debug(
                "Unable to find a response future for stream {} while handling a data. Adding one now"
                .format(event.stream_id))
            # response = {'future': Future()}
            # self.responses[event.stream_id] = response
        else:
            if "data" not in response:
                response["data"] = event.data
            else:
                response["data"] = response["data"] + event.data
            if event.stream_ended is not None:
                try:
                    future = response.pop("future")
                except KeyError:
                    logger.debug(
                        "No future associated with the response for stream {} while handling data"
                        .format(event.stream_id))
                else:
                    future.set_result(response)

                try:
                    self.end_stream(event.stream_ended)
                except H2StreamClosedError as e:
                    logger.exception(
                        "Got an exception trying to end a stream after handling a response for stream: {}"
                        .format(e.stream_id))

    def handle_push(self, event):
        self.pushes[event.pushed_stream_id] = {
            "parent_stream_id": event.parent_stream_id,
            "request_headers": event.headers
        }

#    @gen.coroutine

    def end_stream(self, event):
        """
        We call this when the stream is cleanly ended by the remote peer. That
        means that the response is complete.
        """
        self.conn.end_stream(event.stream_id)
        yield self.io_stream.write(self.conn.data_to_send())
        logger.debug("Closed Stream {}".format(event.stream_id))

    def window_updated(self, event):
        """
        I don't think I actually need to do anything with this in Tornado, since sending data uses futures to continue
        """
        pass

    def connection_lost(self):
        """
        Called by Twisted when the connection is gone. Regardless of whether
        it was clean or not, we want to stop the reactor.
        """
        logger.debug("Connection was lost!")

    def get_request(self, path):
        return self.send_bodyless_request(path, "GET")

    fetch = get_request

    def head_request(self, path):
        return self.send_bodyless_request(path, "HEAD")

    @gen.coroutine
    def send_bodyless_request(self, path, method):
        # if not self.settings_acked_future.done():
        #     print("Settings haven't been acked, yield until they are")
        #     yield self.settings_acked_future
        #     print("Settings acked! Let's send this pending request")

        request_headers = [
            (':method', method),
            (':authority', self.authority),
            (':scheme', 'https'),
            (':path', path),
            ('user-agent', self.USER_AGENT),
        ]

        stream_id = self.conn.get_next_available_stream_id()
        logger.debug("Generating HEADER frame to send for stream_id {}".format(
            stream_id))
        self.conn.send_headers(stream_id, request_headers, end_stream=True)

        response_future = Future()
        self.responses[stream_id] = {'future': response_future}

        logger.debug("Writing out to the stream")
        yield self.io_stream.write(self.conn.data_to_send())
        logger.debug("Request sent! Waiting for response")

        result = yield response_future
        logger.debug("Got a result")
        raise gen.Return(result)

    def post_file_request(self, path, file_path):

        # First, we need to work out how large the file is.
        file_size = os.stat(file_path).st_size

        # Next, we want to guess a content-type and content-encoding.
        content_type, content_encoding = mimetypes.guess_type(file_path)

        # We can now open the file.
        file_obj = open(file_path, 'rb')

        self.post_request(path=path,
                          file_obj=file_obj,
                          file_size=file_size,
                          content_type=content_type,
                          content_encoding=content_encoding)

    def post_request(self,
                     path,
                     file_obj,
                     file_size=None,
                     content_type=None,
                     content_encoding=None):
        """
        Send the POST request.

        A POST request is made up of one headers frame, and then 0+ data
        frames. This method begins by sending the headers, and then starts a
        series of calls to send data.
        """

        # if not self.settings_acked_future.done():
        #     print("Settings haven't been acked, yield until they are")
        #     yield self.settings_acked_future
        #     print("Settings acked! Let's send this pending post request")

        if type(file_obj) is str:
            file_size = len(file_obj)
            file_obj = StringIO(file_obj)

        # Now we can build a header block.
        request_headers = [
            (':method', 'POST'),
            (':authority', self.authority),
            (':scheme', 'https'),
            (':path', path),
            ('user-agent', self.USER_AGENT),
            ('content-length', str(file_size)),
        ]

        if content_type is not None:
            request_headers.append(('content-type', content_type))

            if content_encoding is not None:
                request_headers.append(('content-encoding', content_encoding))

        stream_id = self.conn.get_next_available_stream_id()

        self.conn.send_headers(stream_id, request_headers)

        # We now need to send all the relevant data. We do this by checking
        # what the acceptable amount of data is to send, and sending it. If we
        # find ourselves blocked behind flow control, we then place a deferred
        # and wait until that deferred fires.

        response_future = Future()

        self.responses[stream_id] = {'future': response_future}

        # We now need to send a number of data frames.
        try:
            while file_size > 0:
                # Firstly, check what the flow control window is for the current stream.
                window_size = self.conn.local_flow_control_window(
                    stream_id=stream_id)

                # Next, check what the maximum frame size is.
                max_frame_size = self.conn.max_outbound_frame_size

                # We will send no more than the window size or the remaining file size
                # of data in this call, whichever is smaller.
                bytes_to_send = min(window_size, file_size)

                while bytes_to_send > 0:
                    chunk_size = min(bytes_to_send, max_frame_size)
                    data_chunk = file_obj.read(chunk_size)
                    self.conn.send_data(stream_id=stream_id, data=data_chunk)

                    yield self.io_stream.write(self.conn.data_to_send())

                    bytes_to_send -= chunk_size
                    file_size -= chunk_size
        except StreamClosedError:
            logger.warning(
                "Connection was lost while sending stream {}".format(
                    stream_id))
        else:
            self.conn.end_stream(stream_id=stream_id)
        finally:
            file_obj.close()

        result = yield response_future
        raise gen.Return(result)

    @gen.coroutine
    def update_settings(self, new_settings):
        self.conn.update_settings(new_settings=new_settings)
        data = self.conn.data_to_send()
        if data:
            self.io_stream.write(data)

コード例 #20

ファイル: simple_httpclient.py プロジェクト: kingel/tornado

    def __init__(self, io_loop, client, request, release_callback,
                 final_callback, max_buffer_size):
        self.start_time = time.time()
        self.io_loop = io_loop
        self.client = client
        self.request = request
        self.release_callback = release_callback
        self.final_callback = final_callback
        self.code = None
        self.headers = None
        self.chunks = None
        self._decompressor = None
        # Timeout handle returned by IOLoop.add_timeout
        self._timeout = None
        with stack_context.StackContext(self.cleanup):
            parsed = urlparse.urlsplit(_unicode(self.request.url))
            if ssl is None and parsed.scheme == "https":
                raise ValueError("HTTPS requires either python2.6+ or "
                                 "curl_httpclient")
            if parsed.scheme not in ("http", "https"):
                raise ValueError("Unsupported url scheme: %s" %
                                 self.request.url)
            # urlsplit results have hostname and port results, but they
            # didn't support ipv6 literals until python 2.7.
            netloc = parsed.netloc
            if "@" in netloc:
                userpass, _, netloc = netloc.rpartition("@")
            match = re.match(r'^(.+):(\d+)$', netloc)
            if match:
                host = match.group(1)
                port = int(match.group(2))
            else:
                host = netloc
                port = 443 if parsed.scheme == "https" else 80
            if re.match(r'^\[.*\]$', host):
                # raw ipv6 addresses in urls are enclosed in brackets
                host = host[1:-1]
            if self.client.hostname_mapping is not None:
                host = self.client.hostname_mapping.get(host, host)

            if request.allow_ipv6:
                af = socket.AF_UNSPEC
            else:
                # We only try the first IP we get from getaddrinfo,
                # so restrict to ipv4 by default.
                af = socket.AF_INET

            addrinfo = socket.getaddrinfo(host, port, af, socket.SOCK_STREAM,
                                          0, 0)
            af, socktype, proto, canonname, sockaddr = addrinfo[0]

            if parsed.scheme == "https":
                ssl_options = {}
                if request.validate_cert:
                    ssl_options["cert_reqs"] = ssl.CERT_REQUIRED
                if request.ca_certs is not None:
                    ssl_options["ca_certs"] = request.ca_certs
                else:
                    ssl_options["ca_certs"] = _DEFAULT_CA_CERTS
                if request.client_key is not None:
                    ssl_options["keyfile"] = request.client_key
                if request.client_cert is not None:
                    ssl_options["certfile"] = request.client_cert

                # SSL interoperability is tricky.  We want to disable
                # SSLv2 for security reasons; it wasn't disabled by default
                # until openssl 1.0.  The best way to do this is to use
                # the SSL_OP_NO_SSLv2, but that wasn't exposed to python
                # until 3.2.  Python 2.7 adds the ciphers argument, which
                # can also be used to disable SSLv2.  As a last resort
                # on python 2.6, we set ssl_version to SSLv3.  This is
                # more narrow than we'd like since it also breaks
                # compatibility with servers configured for TLSv1 only,
                # but nearly all servers support SSLv3:
                # http://blog.ivanristic.com/2011/09/ssl-survey-protocol-support.html
                if sys.version_info >= (2, 7):
                    ssl_options["ciphers"] = "DEFAULT:!SSLv2"
                else:
                    # This is really only necessary for pre-1.0 versions
                    # of openssl, but python 2.6 doesn't expose version
                    # information.
                    ssl_options["ssl_version"] = ssl.PROTOCOL_SSLv3

                self.stream = SSLIOStream(socket.socket(af, socktype, proto),
                                          io_loop=self.io_loop,
                                          ssl_options=ssl_options,
                                          max_buffer_size=max_buffer_size)
            else:
                self.stream = IOStream(socket.socket(af, socktype, proto),
                                       io_loop=self.io_loop,
                                       max_buffer_size=max_buffer_size)
            timeout = min(request.connect_timeout, request.request_timeout)
            if timeout:
                self._timeout = self.io_loop.add_timeout(
                    self.start_time + timeout, self._on_timeout)
            self.stream.set_close_callback(self._on_close)
            self.stream.connect(sockaddr,
                                functools.partial(self._on_connect, parsed))

コード例 #21

 def _make_server_iostream(self, connection, **kwargs):
     connection = ssl.wrap_socket(connection,
                                  server_side=True,
                                  do_handshake_on_connect=False,
                                  **_server_ssl_options())
     return SSLIOStream(connection, **kwargs)

コード例 #22

ファイル: app.py プロジェクト: irccloud/ms3

                                             do_handshake_on_connect=False,
                                             **self.ssl_options)
            except ssl.SSLError, err:
                if err.args[0] == ssl.SSL_ERROR_EOF:
                    return connection.close()
                else:
                    raise
            except socket.error, err:
                if err.args[0] == errno.ECONNABORTED:
                    return connection.close()
                else:
                    raise
        try:
            if self.ssl_options is not None:
                stream = SSLIOStream(connection, io_loop=self.io_loop,
                                     max_buffer_size=max_buffer_size,
                                     read_chunk_size=read_chunk_size)
            else:
                stream = IOStream(connection, io_loop=self.io_loop,
                                  max_buffer_size=max_buffer_size,
                                  read_chunk_size=read_chunk_size)
            self.handle_stream(stream, address)
        except Exception:
            _logger.error("Error in connection callback", exc_info=True)

    tornado.netutil.TCPServer._handle_connection = _handle_connection


class MS3App(tornado.web.Application):
    """ """
    def __init__(self, args=None, debug=False):

コード例 #23

ファイル: stream_readerback.py プロジェクト: SinnerShanky/Visualiser

 def _connect(self):
     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
     self._stream = SSLIOStream(s)
     log.debug('Connecting to %s', self._address)
     self._stream.connect(self._address)

コード例 #24

ファイル: stream_reader.py プロジェクト: eagle12td/StackOverflow-Question-17534033

 def _connect(self):
     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
     self._stream = SSLIOStream(s)
     log.debug('Connecting to %s', self._address)
     self._stream.connect(self._address)

コード例 #25

ファイル: tcpserver.py プロジェクト: haishiniu/tornado3.1.1_search

    def _handle_connection(self, connection, address):

        # _handle_connection就比较简单了，跳过那些ssl的处理，简化为两句：
        # stream = IOStream(connection, io_loop=self.io_loop)和
        # self.handle_stream()。
        # 这里IOStream代表了【IO层】(也就是读写方面的东西)，以后再说，反正读写是不愁了。
        # 接着是调用handle_stream。我们可以看到，不论应用层是什么协议
        # （或者自定义协议），当有新连接到来时走的流程是差不多的，都要经历一番上诉的回调，
        # 不同之处就在于这个handle_stream方法。这个方法是由【子类自定义覆盖的】，
        # 它的HTTP实现已经在上一节看过了。

        #

        if self.ssl_options is not None:
            assert ssl, "Python 2.6+ and OpenSSL required for SSL"
            try:
                connection = ssl_wrap_socket(connection,
                                             self.ssl_options,
                                             server_side=True,
                                             do_handshake_on_connect=False)
            except ssl.SSLError as err:
                if err.args[0] == ssl.SSL_ERROR_EOF:
                    return connection.close()
                else:
                    raise
            except socket.error as err:
                # If the connection is closed immediately after it is created
                # (as in a port scan), we can get one of several errors.
                # wrap_socket makes an internal call to getpeername,
                # which may return either EINVAL (Mac OS X) or ENOTCONN
                # (Linux).  If it returns ENOTCONN, this error is
                # silently swallowed by the ssl module, so we need to
                # catch another error later on (AttributeError in
                # SSLIOStream._do_ssl_handshake).
                # To test this behavior, try nmap with the -sT flag.
                # https://github.com/facebook/tornado/pull/750
                if err.args[0] in (errno.ECONNABORTED, errno.EINVAL):
                    return connection.close()
                else:
                    raise
        try:
            if self.ssl_options is not None:
                stream = SSLIOStream(connection,
                                     io_loop=self.io_loop,
                                     max_buffer_size=self.max_buffer_size)
            else:
                stream = IOStream(connection,
                                  io_loop=self.io_loop,
                                  max_buffer_size=self.max_buffer_size)

            # 调用handle_stream，传入创建的IOStream对象初始化一个HTTPConnection对象，
            # HTTPConnection封装了IOStream的一些操作，用于处理HTTPRequest并返回。

            # 1.1.0 中的写法：
            # ====important=====#
            # HTTPConnection(stream, address, self.request_callback, self.no_keep_alive, self.xheaders)

            self.handle_stream(stream, address)

        # 思路是很清晰的，客户端连接在这里被转化成一个IOStream。然后由handle_stream函数处理。
        # 这个handle_stream就是我们前面提到过的未直接实现的接口，它是由HTTPServer类实现的。
        # def handle_stream(self, stream, address):
        #     HTTPConnection(stream, address, self.request_callback,
        #         self.no_keep_alive, self.xheaders, self.protocol)
        # 最后，处理流程又回到了HTTPServer类中。可以预见，在HTTConnection这个类中，
        # stream将和我们注册的RequestHandler协作，一边读客户端请求，一边调用相应的handler处理。

        except Exception:
            app_log.error("Error in connection callback", exc_info=True)

コード例 #26

 def _make_client_iostream(self, connection, **kwargs):
     return SSLIOStream(connection, io_loop=self.io_loop, **kwargs)

コード例 #27

    def __init__(self, io_loop, client, request, release_callback,
                 final_callback, max_buffer_size):
        self.start_time = time.time()
        self.io_loop = io_loop
        self.client = client
        self.request = request
        self.release_callback = release_callback
        self.final_callback = final_callback
        self.code = None
        self.headers = None
        self.chunks = None
        self._decompressor = None
        # Timeout handle returned by IOLoop.add_timeout
        self._timeout = None
        with stack_context.StackContext(self.cleanup):
            parsed = urlparse.urlsplit(_unicode(self.request.url))
            if ssl is None and parsed.scheme == "https":
                raise ValueError("HTTPS requires either python2.6+ or "
                                 "curl_httpclient")
            if parsed.scheme not in ("http", "https"):
                raise ValueError("Unsupported url scheme: %s" %
                                 self.request.url)
            # urlsplit results have hostname and port results, but they
            # didn't support ipv6 literals until python 2.7.
            netloc = parsed.netloc
            if "@" in netloc:
                userpass, _, netloc = netloc.rpartition("@")
            match = re.match(r'^(.+):(\d+)$', netloc)
            if match:
                host = match.group(1)
                port = int(match.group(2))
            else:
                host = netloc
                port = 443 if parsed.scheme == "https" else 80
            if re.match(r'^\[.*\]$', host):
                # raw ipv6 addresses in urls are enclosed in brackets
                host = host[1:-1]
            if self.client.hostname_mapping is not None:
                host = self.client.hostname_mapping.get(host, host)

            if request.allow_ipv6:
                af = socket.AF_UNSPEC
            else:
                # We only try the first IP we get from getaddrinfo,
                # so restrict to ipv4 by default.
                af = socket.AF_INET

            addrinfo = socket.getaddrinfo(host, port, af, socket.SOCK_STREAM,
                                          0, 0)
            af, socktype, proto, canonname, sockaddr = addrinfo[0]

            if parsed.scheme == "https":
                ssl_options = {}
                if request.validate_cert:
                    ssl_options["cert_reqs"] = ssl.CERT_REQUIRED
                if request.ca_certs is not None:
                    ssl_options["ca_certs"] = request.ca_certs
                else:
                    ssl_options["ca_certs"] = _DEFAULT_CA_CERTS
                if request.client_key is not None:
                    ssl_options["keyfile"] = request.client_key
                if request.client_cert is not None:
                    ssl_options["certfile"] = request.client_cert
                self.stream = SSLIOStream(socket.socket(af, socktype, proto),
                                          io_loop=self.io_loop,
                                          ssl_options=ssl_options,
                                          max_buffer_size=max_buffer_size)
            else:
                self.stream = IOStream(socket.socket(af, socktype, proto),
                                       io_loop=self.io_loop,
                                       max_buffer_size=max_buffer_size)
            timeout = min(request.connect_timeout, request.request_timeout)
            if timeout:
                self._timeout = self.io_loop.add_timeout(
                    self.start_time + timeout,
                    self._on_timeout)
            self.stream.set_close_callback(self._on_close)
            self.stream.connect(sockaddr,
                                functools.partial(self._on_connect, parsed))

コード例 #28

ファイル: connection.py プロジェクト: barbuza/apnstornado

 def connect(self):
     self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
     self.stream = SSLIOStream(self.s, ssl_options=dict(certfile=self.certfile))
     self.stream.connect(self.host, self._on_connect)
     self.stream.read_until_close(self._on_close, streaming_callback=self._on_read)

コード例 #29

ファイル: connection.py プロジェクト: barbuza/apnstornado

class APNSConn():
    def __init__(self, host=None, certfile=None, loop=None):
        self.stats = {
            'disconnects':0,
            'notifications':0,
            'invalid_tokens':0,
        }
        self.started = time.time()
        self.ioloop = loop or ioloop.IOLoop.instance()
        self.host = host or settings.get('apns_host')
        self.certfile = certfile or settings.get('certfile')
        self.write_queue = deque()
        self.recent = deque(maxlen=100)
        # N.B. Python upgrades ints to longs and this is a binary protocol so...
        self.generation = ctypes.c_uint32(0)
        self.connect()

    def get_stats(self):
        stats = self.stats.copy()
        stats['queue_len'] = len(self.write_queue)
        stats['uptime'] = time.time() - self.started
        return stats
        
    def push(self, token, alert=None, badge=None, sound=None, expiry=None, extra=None, timestamp=None):
        '''
        This is really the only api you want to use. Pushes a notification onto the queue
        for non-flagged users. The queue is processed in the tornado event loop.
        '''
        flagged = mc.get(token)
        if flagged:
            if not timestamp or timestamp > flagged:
                self.stats['invalid_tokens'] += 1
                return False

        self.generation.value += 1
        identifier = self.generation.value
        msg = create_message(token, alert=alert, badge=badge, sound=sound,
            identifier=identifier, expiry=expiry, extra=extra)
        if len(msg) > MAX_PAYLOAD_BYTES:
            raise ValueError, u"max payload(%d) exceeded: %d" % (MAX_PAYLOAD_BYTES, len(msg))

        self.write_queue.append(msg)
        self.recent.append(dict(identifier=identifier, token=token))
        self.ioloop.add_callback(self.push_one)
        return True

    def push_one(self):
        if len(self.write_queue) and not self.stream.closed():
            msg = self.write_queue.popleft()
            try:
                self.stream.write(msg)
                self.stats['notifications'] += 1
            except:
                self.write_queue.appendleft(msg)
                return False
            return True
        return False

    def connect(self):
        self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
        self.stream = SSLIOStream(self.s, ssl_options=dict(certfile=self.certfile))
        self.stream.connect(self.host, self._on_connect)
        self.stream.read_until_close(self._on_close, streaming_callback=self._on_read)

    def _on_connect(self):
        '''
        Process the backlog, hoss.
        '''
        logging.info('connected to %s:%d' % (self.host[0], self.host[1]))
        while self.push_one(): continue

    def _on_read(self, data):
        '''
        The only message we expect here is an error response... sadly, followed by
        a disconnect. 
        '''
        logging.info('_on_read: %d bytes' % (len(data)))
        try:
            status, identifier, err_string = parse_response(data)
            logging.warning('_on_read err: %d %d %s' % (status, identifier, err_string))
            if status == 8:
                for msg in self.recent:
                    if msg['identifier'] == identifier:
                        token = msg['token']
                        logging.info('flagging token: %s' % (token))
                        self.stats['invalid_tokens'] += 1
                        mc.set(token, int(time.time()))
        except:
            logging.info('parse_response failed')

    def _on_close(self, data):
        '''
        This triggers the reconnect given reconnect_lag from settings. This should
        probably be an exponential backoff.
        '''
        logging.info('_on_close')
        self.stats['disconnects'] += 1
        try:
            self.stream.close()
            self.s.close()
        except:
            pass
        self.ioloop.add_timeout(time.time()+settings.get('apns_reconnect_lag'), self.connect)

コード例 #30

ファイル: tornado.py プロジェクト: zuohd/TorMySQL

    def _run_ssl_connect_callback(self):
        if self._state & self.io_loop.WRITE:
            self._state = self._state & ~self.io_loop.WRITE
            self.io_loop.update_handler(self.fileno(), self._state)

        BaseSSLIOStream._run_ssl_connect_callback(self)

コード例 #31

ファイル: __init__.py プロジェクト: ChrisWren/monocle

 def _make_iostream(self, s):
     return SSLIOStream(s, ssl_options=self.ssl_options)

コード例 #32

ファイル: stream_readerback.py プロジェクト: SinnerShanky/Visualiser

class SSLStreamReader(object):
    def __init__(self, host, port):
        self._address = (host, port)
        self._stream = None
        self._clients = set()
        self._nodes=[]
        self._edges=[]

    def add(self, client):
        self._clients.add(client)
        log.debug('Added client %s', client)
        if self._stream is None:
            self._connect()
            self._read_stream()

    def remove(self, client):
        self._clients.remove(client)
        log.debug('Removed client %s', client)

    @staticmethod
    def process(data):
        return data

    @staticmethod
    def write_message(client, data):
        pass

    def _connect(self):
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
        self._stream = SSLIOStream(s)
        log.debug('Connecting to %s', self._address)
        self._stream.connect(self._address)

    def _disconnect(self):
        self._stream.close()
        self._stream = None
        log.debug('Disconnected from %s', self._address)

    @coroutine
    def _read_stream(self):
        log.info('Reading stream from %s', self._address)
        lastVertex=None
        while self._clients:
            
            data = yield Task(self._stream.read_until, "\n")
            resultObject=None
            if '<hwstats' in data:
                result=None
                if lastVertex==None:
                    resultObject=None
                else:
                    result=[]
                    result.append('{"type":"vertex", "event":"update", ')
                    result.append('"id":')
                    result.append(lastVertex)
                    result.append(', "details":{"Temperature":')
                    Start=data.find('temperature="')+13
                    End=data.find('" ',Start)
                    result.append(data[Start:End])
                    result.append(', "Hostname":')
                    Start=data.find('hostname="')+9
                    End=data.find('"',Start+1)+1
                    result.append(data[Start:End])
                    result.append(', "CPU":')
                    Start=data.find('" cpuLoad="')+11
                    End=data.find('" ',Start)
                    result.append(data[Start:End])
                    result.append(', "Free Memory":')
                    Start=data.find('freeMem="')+9
                    End=data.find('" ',Start)
                    result.append(data[Start:End])
                    result.append('}}')
                resultObject=result
                lastVertex=None
            
            elif '<vertex' in data or ('<edge' in data and 'type="2"' in data):
                resultObject = self.process(data)
                
                if '<vertex' in data:
                    if 'add' in data:
                        start=data.find('id="')+4
                        end=data.find('"',start)
                        lastVertex=data[start:end]
                    if '"add", ' in resultObject and '"vertex",'  in resultObject:
                        for i in range(len(self._nodes)):
                            if (resultObject[5]==self._nodes[i][5]):
                                self._nodes.pop(i)
                                self._nodes.append(resultObject)
                                resultObject[3]='"update", '
                            elif i==len(self._nodes)-1:
                                self._nodes.append(resultObject)
                            
                        if len(self._nodes)==0:
                           self._nodes.append(resultObject)
                        
                    
                    elif('"remove", ' in resultObject):
                    
                        for i in range(len(self._nodes)):
                            if ((resultObject[5]==self._nodes[i][5])):
                                self._nodes.pop(i)
                                break
                        for i in range(len(self._edges)):
                            if resultObject[5]==self._edges[i][5] or resultObject[5]==self._edges[i][7]:
                                self._edges.pop(i)
                        
                elif '<edge' in data:
                    if 'event="add"' in resultObject and '"edge",'  in resultObject:
                        for i in range(len(self._edges)):
                            if(resultObject[0:8]==self._edges[i][0:8] and resultObject!=self._edges[i] ):
                                self._edges[i]=resultObject
                                resultObject[3]='"update",'
                                break
                            elif (i==len(self._edges)-1):
                                self._edges.append(resultObject)
                        if len(self._edges)==0:
                            self.edges.append(resultObject)
                    elif '"remove", ' in resultObject and '"edge", ' in resultObject:
                        for i in range(len(self._edges)):
                            if (resultObject[5] == self._edges[i][5] and resultObject[7] == self._edges[i][7]) or (resultObject[5] == self._edges[i][7] and resultObject[7] == self._edges[i][5]):
                                self._edges.pop(i)
            if resultObject!=None:            
                resultObject=''.join(resultObject)
                for client in self._clients:
                    print('data: '+data+'\nsending: '+resultObject)
                    self.write_message(client, resultObject)
        self._disconnect()
        return

コード例 #33

 def _wrap_socket(self, sock):
     return SSLIOStream(sock, ssl_options=self.ssl_options)

コード例 #34

ファイル: messaging.py プロジェクト: abhinavsingh/secure-messaging

class Client(Protocol):
    '''ssl client implementation.'''

    def __init__(self, uid, port):
        super(Client, self).__init__('client')
        
        self.uid = uid
        self.port = port
        
        self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        self.conn = SSLIOStream(self.sock, ssl_options={'ca_certs':SERVER_CRT_PATH, 'cert_reqs':ssl.CERT_REQUIRED})
        self.conn.connect(('127.0.0.1', self.port), self.on_connect)
    
    def on_connect(self):
        self.conn.set_close_callback(self.on_close)
        self.pubkey, self.privkey = None, None
        self.init_keys()
        self.write(OP_PUBKEY, self.pubkey)
        # this is hardcoded currently in absence of proper tests
        if self.uid == 2:
            self.send_message(1, 'hello world')
            logger.debug('Client %s: Sending message "Hello World" to user with uid 1' % self.uid)
        self.read_line()
    
    def read_line(self):
        self.conn.read_until(CRLF, self.handle_line)

    def on_close(self):
        self.conn = None
        self.sock = None

    def init_keys(self):
        if os.path.isfile(CLIENT_PUB_PATH % self.uid) and os.path.isfile(CLIENT_PRIV_PATH % self.uid):
            with open(CLIENT_PUB_PATH % self.uid, 'rb') as pubfile, open(CLIENT_PRIV_PATH % self.uid, 'rb') as privfile:
                self.pubkey = pubfile.read().strip()
                self.privkey = privfile.read().strip()
                logger.debug('read existing pub/priv key for uid %s' % self.uid)
        else:
            self.pubkey, self.privkey = self.generate_keys()
            with open(CLIENT_PUB_PATH % self.uid, 'wb') as pubfile, open(CLIENT_PRIV_PATH % self.uid, 'wb') as privfile:
                pubfile.write(self.pubkey)
                privfile.write(self.privkey)
                logger.debug('written pub/priv key for uid %s' % self.uid)

    def write(self, *messages):
        for message in messages:
            self.conn.write('%s%s' % (message, CRLF))

    def send_message(self, uid, message):
        with open(CLIENT_PUB_PATH % uid, 'rb') as pubfile:
            pubkey = pubfile.read()
            # encrypt message using receiver public key
            enc = self.encrypt_message(message, pubkey)
            # sign encrypted message for digital verification
            sig = self.generate_signature(enc[0])
            message = (OP_MESSAGE, pubkey, enc[0], sig[0],)
            self.write(*message)

    @staticmethod
    def generate_keys():
        random_generator = Random.new().read
        priv = RSA.generate(1024, random_generator)
        pub = priv.publickey()
        return (pub.exportKey().strip(), priv.exportKey().strip())

    def generate_signature(self, message):
        '''sign messaging using our priv key'''
        k = RSA.importKey(self.privkey)
        h = MD5.new(message).digest()
        return k.sign(h, '')

    @staticmethod
    def verify_signature(pubkey, signature, message):
        '''verify signature using signing user public key'''
        k = RSA.importKey(pubkey)
        h = MD5.new(message).digest()
        return k.verify(h, signature)

    @staticmethod
    def encrypt_message(message, pubkey):
        '''encrypt message using receiving user public key'''
        k = RSA.importKey(pubkey)
        return k.encrypt(message, 32)

    def decrypt_message(self, enc):
        '''decrypt message using our priv key'''
        k = RSA.importKey(self.privkey)
        return k.decrypt(enc)

コード例 #35

class _APNConn(object):
    def __init__(self, prev_buffers, cert_file, svr_tuple, encode_func):
        """
        :param cert_file: 证书文件路径
        :param prev_buffers: 之前残留的推送链表

        按照苹果的尿性推送协议
        谁也不知道到底有没有成功
        F**K JOBS!
        """
        self.__io_loop = IOLoop.instance()
        self.__cert = path.join(CERT_ROOT, cert_file)
        self.__svr_addr = svr_tuple
        self.__encode_func = encode_func

        self.__stream = None
        self.__connected = False
        #list自身的索引作为
        self.sending_buffer = []
        if prev_buffers and isinstance(prev_buffers, (list, tuple)):
            self.sending_buffer.extend(prev_buffers)

        self.__recv_buf = ''
        self.__connection_close_ts = None
        #从read读到的错误消息id，便于
        self.__recv_err_msgid = None
        self.critical = False

    def force_close(self):
        self.__connected = False
        self.__stream.close_fd()
        self.__stream = None
        self.critical = True

    def connect(self):
        self.__stream = SSLIOStream(
            socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0),
            io_loop=self.__io_loop,
            ssl_options={
                'ssl_version': ssl.PROTOCOL_TLSv1,
                # 'ca_certs': path.join(CERT_ROOT, 'entrust_root_ca.pem'),
                'certfile': self.__cert,
                # 'cert_reqs': ssl.CERT_REQUIRED
            })
        self.__stream.set_close_callback(self._on_close)
        self.__stream.connect(self.__svr_addr, self.__on_connect)

    def __on_connect(self):
        self.__connected = True
        self.__stream.set_nodelay(True)
        self.__stream.read_until_close(self._last_closd_recv, self._on_recv)
        self.__send_batch()

    def __do_check(self, sent_len):
        if self.__recv_err_msgid:
            logger.debug('CHECK: %r' % self.__recv_err_msgid)

        if self.__recv_err_msgid is None:
            self.sending_buffer = self.sending_buffer[sent_len:]
            self.__send_batch()
            return

        self.sending_buffer = self.sending_buffer[self.__recv_err_msgid:]
        self.__recv_err_msgid = None
        self.__stream.close_fd()
        self.__stream = None
        self.critical = True

    def __send_batch(self):
        """
        连接断开后就停了
        """
        if not self.__connected:
            return
        if not self.__stream:
            return
        l = self.sending_buffer[:QUEUE_CAPACITY]
        for i, b in enumerate(l):
            self.__stream.write(self.__encode_func(i, *b))
            logger.debug('>> %d - %s' % (i, b))
        self.__io_loop.add_timeout(timedelta(seconds=CHECK_TIMESPAN),
                                   partial(self.__do_check, len(l)))

    def append(self, device_token, payload):
        """
        :param device_token: app从apns服务器获取的64字节串
        :param payload: 报文dict
        """
        self.sending_buffer.append((device_token, payload))

    def _last_closd_recv(self, buf):
        """
        socket关闭时最后几个字节
        """
        if not buf:
            return
        self._on_recv(buf)

    def _on_recv(self, buf):
        logger.debug('<< %r' % buf)
        self.__recv_buf = self.__recv_buf + buf
        _ = err_resp(self.__recv_buf)
        if _ is None:
            return
        self.__recv_buf = ''
        errno, self.__recv_err_msgid = _
        logger.fatal('apns err: %d - %d - %s' %
                     (self.__recv_err_msgid, errno, resp_errno.get(errno)))

    def _on_close(self):
        self.critical = True
        logger.warn('closed')
        self.__connected = False
        self.__stream = None

コード例 #36

 def _make_client_iostream(self):
     return SSLIOStream(socket.socket(),
                        ssl_options=dict(cert_reqs=ssl.CERT_NONE))

コード例 #37

                                             server_side=True,
                                             do_handshake_on_connect=False,
                                             **self.ssl_options)
            except ssl.SSLError, err:
                if err.args[0] == ssl.SSL_ERROR_EOF:
                    return connection.close()
                else:
                    raise
            except socket.error, err:
                if err.args[0] == errno.ECONNABORTED:
                    return connection.close()
                else:
                    raise
        try:
            if self.ssl_options is not None:
                stream = SSLIOStream(connection, io_loop=self.io_loop)
            else:
                stream = IOStream(connection, io_loop=self.io_loop)
            stream._debug_info = 'TCPServer._handle_connection'
            self.handle_stream(stream, address)
        except Exception:
            logging.error("Error in connection callback", exc_info=True)



def bind_sockets(port, address=None, family=socket.AF_UNSPEC, backlog=128):
    """Creates listening sockets bound to the given port and address.

    Returns a list of socket objects (multiple sockets are returned if
    the given address maps to multiple IP addresses, which is most common
    for mixed IPv4 and IPv6 use).

コード例 #38

 def _make_client_iostream(self, connection, **kwargs):
     return SSLIOStream(connection,
                        ssl_options=dict(cert_reqs=ssl.CERT_NONE),
                        **kwargs)

コード例 #39

class _BaseSSLService(object):
    """Base SSL connection to Apple's push notification servers. Retry on
  disconnect is handled via an exponential backoff.
  """
    _MAX_BACKOFF_SECS = 600.0  # 10 minutes
    _PUSH_TOKEN_FMT = '%s:%s'

    def __init__(self, settings, host_key):
        self._settings = settings
        self._host = settings[host_key]
        self._retries = 0
        self._io_loop = IOLoop.current()
        self._ResetBackoff()
        self._Connect()

    def IsValid(self):
        return self._stream is not None

    def _FormatPushToken(self, token):
        return _BaseSSLService._PUSH_TOKEN_FMT % (
            self._settings['token-prefix'], token)

    def _Connect(self):
        try:
            ssl_options = {
                'certfile': secrets.GetSecretFile(self._settings['certfile'])
            }
            self._sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
            self._stream = SSLIOStream(self._sock,
                                       io_loop=self._io_loop,
                                       ssl_options=ssl_options)
            self._stream.set_close_callback(self._OnClose)
            self._stream.connect(self._host, self._OnConnect)
        except KeyError:
            logging.warning(
                'failed to initialize connection to APN service at %s:%d '
                'whose certificate is missing from secrets/%s' %
                (self._host[0], self._host[1], self._settings['certfile']))
            return
        except:
            self._stream = None
            raise

    def _OnConnect(self):
        logging.info("connected to %s:%d" % (self._host[0], self._host[1]))

    def _ResetBackoff(self):
        """Resets backoff to 'reconnect_lag' setting."""
        self._backoff = self._settings.get('reconnect_lag')

    def _OnClose(self):
        logging.info("disconnected from %s:%d" %
                     (self._host[0], self._host[1]))
        try:
            self._stream.close()
        except:
            pass
        finally:
            self._stream = None

        timeout = time.time() + self._backoff
        self._io_loop.add_timeout(timeout, self._Connect)
        self._backoff = min(_BaseSSLService._MAX_BACKOFF_SECS,
                            self._backoff * 2)

コード例 #40

                                             server_side=True,
                                             do_handshake_on_connect=False,
                                             **self.ssl_options)
            except ssl.SSLError, err:
                if err.args[0] == ssl.SSL_ERROR_EOF:
                    return connection.close()
                else:
                    raise
            except socket.error, err:
                if err.args[0] == errno.ECONNABORTED:
                    return connection.close()
                else:
                    raise
        try:
            if self.ssl_options is not None:
                stream = SSLIOStream(connection, io_loop=self.io_loop)
            else:
                stream = IOStream(connection, io_loop=self.io_loop)
            self.handle_stream(stream, address)
        except Exception:
            app_log.error("Error in connection callback", exc_info=True)


def bind_sockets(port, address=None, family=socket.AF_UNSPEC, backlog=128, flags=None):
    """Creates listening sockets bound to the given port and address.

    Returns a list of socket objects (multiple sockets are returned if
    the given address maps to multiple IP addresses, which is most common
    for mixed IPv4 and IPv6 use).

    Address may be either an IP address or hostname.  If it's a hostname,

コード例 #41

 def _make_client_iostream(self, connection, **kwargs):
     context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
     context.check_hostname = False
     context.verify_mode = ssl.CERT_NONE
     return SSLIOStream(connection, ssl_options=context, **kwargs)

コード例 #42

 def _make_client_iostream(self):
     return SSLIOStream(socket.socket(), io_loop=self.io_loop)

コード例 #43

ファイル: irc.py プロジェクト: ketralnis/iobot

class IrcConnection(object):
    def __init__(self, bot, server_name, address, port, nick, user,
            realname, owners, channels=None, password=None, ssl=None):
        self.bot = bot
        self.server_name = server_name
        self.owners = owners
        self.address = address
        self.port = port
        self.nick = nick
        self.user = user
        self.password = password
        self.ssl = ssl
        self.realname = realname
        self.initial_channels = set(channels) if channels else set()

        self.logger = getLogger(__name__)

        self._protocol_events = dict()
        self.channels = dict()
        self.users = dict()
        self.init_protocol_events()

    def init_protocol_events(self):
        self._protocol_events = {
            'PRIVMSG' : self.on_privmsg,
            'PING'    : self.on_ping,
            'JOIN'    : self.on_join,
            '401'     : self.on_nochan,
            '001'     : self.on_welcome,
            'KICK'    : self.on_kick,
            'PART'    : self.on_part,
            '353'     : self.on_names,
            'NICK'    : self.on_nick
        }

    def connect(self, reconnecting=False):
        self.logger.debug('CONNECTING...')
        _sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)

        if self.ssl is None:
            self._stream = IOStream(_sock)
        elif self.ssl is True:
            self._stream = SSLIOStream(_sock)
        else:
            self._stream = SSLIOStream(_sock, ssl_options=self.ssl)

        self._stream.connect((self.address, self.port), self._register)

    def _register(self):
        self.logger.debug('CONNECTED')

        if self.password:
            # TODO need to check for error responses
            self.authenticate()

        self.set_nick(self.nick)
        self.write_raw('USER %s 0 * :%s' % (self.user, self.realname))

        self._next()

    def add_channel(self, channel):
        self.channels[channel] = []

    def remove_channel(self, channel):
        del self.channels[channel]

    def add_user(self, channel, user):
        self.channels[channel].append(user)
        self.users[user.nick] = user

    def remove_user(self, channel, user):
        self.channels[channels].remove(user)
        del self.users[user.nick]

    def user_change_nick(self, old_nick, new_nick):
        user = self.users.pop(old_nick)
        user.nick = new_nick
        self.users[new_nick] = user

    def authenticate(self):
        self.logger.debug("Authenticating (%s)", self.password)
        self.write_raw('PASS %s' % self.password)

    def set_nick(self, nick):
        if not nick:
            raise IrcError('Cannot set empty nick')
        self.logger.debug('SETTING NICK {nick: %s}' % nick)
        self.write_raw('NICK %s' % nick)

    def join_channel(self, *channels):
        if not all([c for c in channels]):
            raise IrcError('Empty channel')
        self.logger.debug('JOINING CHANNEL(S): {channels: %s}' % repr(channels))
        chan_def = ','.join(channels)
        self.write_raw('JOIN %s' % chan_def)

    def part_channel(self, *channels):
        if not all([c for c in channels]):
            raise IrcError('Empty channel')
        self.logger.debug('PARTING CHANNEL: {channels: %s}' % repr(channels))
        chan_def = ','.join(channels)
        self.write_raw('PART :%s' % chan_def)

    def private_message(self, destination, message):
        if not message:
            raise IrcError('Cannot send empty message')
        if not destination:
            raise IrcError('Cannot send to empty destination')
        self.logger.debug('SENDING PRIVMSG: {destination: %s, message: %s}' % (destination, message))
        self.write_raw('PRIVMSG %s :%s' % (destination, message))

    def reply(self, event, message):
        if event.destination and event.destination != self.nick:
            destination = event.destination
        else:
            destination = event.nick
        self.private_message(destination, message)

    def reply_with_nick(self, event, message):
        if event.destination:
            message = '%s: %s' % (event.nick, message)
        self.reply(event, message)

    def kick(self, channel, user, comment=None):
        if not channel:
            raise IrcError('Cannot kick from empty channel')
        if not user:
            raise IrcError('Cannot kick empty player')
        self.logger.debug('KICKING {channel: %s, user: %s}' % (channel, user))
        kick_str = 'KICK %s %s' % (channel, user)
        if comment:
            kick_str += ' :%s' % comment
        self.write_raw(kick_str)

    def write_raw(self, line):
        line.replace(EOL, '')
        self.logger.debug('WRITE RAW: {line: %s}' % line)
        self._stream.write(line + EOL)

    def read_raw(self, line):
        self.logger.debug('READ RAW: {line: %s}' % line.replace(EOL, ''))
        event = IrcEvent(self.nick, line)
        self.handle(event)
        self.bot.process_hooks(self, event)
        self.bot.process_plugins(self, event)
        self._next()

    def handle(self, event):
        if event.type in self._protocol_events:
            self._protocol_events[event.type](event)

    def _next(self):
        self._stream.read_until(EOL, self.read_raw)

    def on_welcome(self, event):
        self.logger.debug('RECIEVED RPL_WELCOME')
        if self.initial_channels:
            self.join_channel(*self.initial_channels)

    def on_ping(self, event):
        # One ping only, please
        self.logger.debug('RECIEVED PING')
        self.write_raw("PONG %s\r\n" % event.text)

    def on_privmsg(self, event):
        # :[email protected] PRIVMSG #xx :hi
        self.logger.debug('RECIEVED PRIVMSG {destination: %s,'
                ' message: %s}' % (event.destination, event.text))
        pass

    def on_nick(self, event):
        old_nick = event.nick
        new_nick = event.text
        self.logger.debug('RECIEVED NICK {old_nick: %s, new_nick: %s}' %
                (old_nick, new_nick))
        if event.nick == self.nick:
            self.nick = new_nick
        else:
            self.user_change_nick(old_nick, new_nick)

    def on_join(self, event):
        channel = event.destination
        nick = event.nick
        self.logger.debug('RECIEVED JOIN {channel: %s, nick: %s}' % (channel, nick))
        if self.nick == nick:
            self.add_channel(channel)
        else:
            self.add_user(channel, IrcUser(nick))

    def on_names(self, event):
        nick_chan, nicks_raw = event.parameters_raw.split(':')
        nicks = nicks_raw.split()
        if '@' in nick_chan:
            channel = nick_chan.split('@')[-1].strip()
        elif '=' in nick_chan:
            channel = nick_chan.split('=')[-1].strip()
        else:
            raise Exception
        self.logger.debug('RECIEVED NAMES {channel: %s, nick_count: %d}' % (
            channel, len(nicks)))
        for nr in nicks:
            if nr[0] == '@':
                nick = nr[1:]
            elif nr[0] == '+':
                nick = nr[1:]
            else:
                nick = nr
            user = IrcUser(nick)
            self.add_user(channel, user)

    def on_nochan(self, event):
        channel = event.parameters[0]
        self.logger.debug('RECIEVED ERR_NOSUCHCHANNEL {channel: %s}' % channel)
        # :senor.crunchybueno.com 401 nodnc  #xx :No such nick/channel
        self.remove_channel(channel)

    def on_part(self, event):
        nick = event.nick
        channel = event.destination
        self.logger.debug('RECIEVED PART {channel: %s, nick: %s}' % (channel,
            nick))
        if event.nick == self.nick:
            self.logger.debug('IOBot parted from %s' % channel)
            self.remove_channel(channel)

    def on_kick(self, event):
        nick = event.parameters[0]
        channel = event.destination
        self.logger.debug('RECIEVED KICK {channel: %s, nick: %s}' % (channel,
            nick))
        if event.parameters[0] == self.nick:
            self.logger.warning('IOBot was KICKed from %s' % channel)
            self.remove_channel(channel)

コード例 #44

 def _make_client_iostream(self, connection, **kwargs):
     context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
     return SSLIOStream(connection,
                        io_loop=self.io_loop,
                        ssl_options=context,
                        **kwargs)

コード例 #45

ファイル: messaging.py プロジェクト: abhinavsingh/secure-messaging

class Client(Protocol):
    '''ssl client implementation.'''
    def __init__(self, uid, port):
        super(Client, self).__init__('client')

        self.uid = uid
        self.port = port

        self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        self.conn = SSLIOStream(self.sock,
                                ssl_options={
                                    'ca_certs': SERVER_CRT_PATH,
                                    'cert_reqs': ssl.CERT_REQUIRED
                                })
        self.conn.connect(('127.0.0.1', self.port), self.on_connect)

    def on_connect(self):
        self.conn.set_close_callback(self.on_close)
        self.pubkey, self.privkey = None, None
        self.init_keys()
        self.write(OP_PUBKEY, self.pubkey)
        # this is hardcoded currently in absence of proper tests
        if self.uid == 2:
            self.send_message(1, 'hello world')
            logger.debug(
                'Client %s: Sending message "Hello World" to user with uid 1' %
                self.uid)
        self.read_line()

    def read_line(self):
        self.conn.read_until(CRLF, self.handle_line)

    def on_close(self):
        self.conn = None
        self.sock = None

    def init_keys(self):
        if os.path.isfile(CLIENT_PUB_PATH % self.uid) and os.path.isfile(
                CLIENT_PRIV_PATH % self.uid):
            with open(CLIENT_PUB_PATH % self.uid,
                      'rb') as pubfile, open(CLIENT_PRIV_PATH % self.uid,
                                             'rb') as privfile:
                self.pubkey = pubfile.read().strip()
                self.privkey = privfile.read().strip()
                logger.debug('read existing pub/priv key for uid %s' %
                             self.uid)
        else:
            self.pubkey, self.privkey = self.generate_keys()
            with open(CLIENT_PUB_PATH % self.uid,
                      'wb') as pubfile, open(CLIENT_PRIV_PATH % self.uid,
                                             'wb') as privfile:
                pubfile.write(self.pubkey)
                privfile.write(self.privkey)
                logger.debug('written pub/priv key for uid %s' % self.uid)

    def write(self, *messages):
        for message in messages:
            self.conn.write('%s%s' % (message, CRLF))

    def send_message(self, uid, message):
        with open(CLIENT_PUB_PATH % uid, 'rb') as pubfile:
            pubkey = pubfile.read()
            # encrypt message using receiver public key
            enc = self.encrypt_message(message, pubkey)
            # sign encrypted message for digital verification
            sig = self.generate_signature(enc[0])
            message = (
                OP_MESSAGE,
                pubkey,
                enc[0],
                sig[0],
            )
            self.write(*message)

    @staticmethod
    def generate_keys():
        random_generator = Random.new().read
        priv = RSA.generate(1024, random_generator)
        pub = priv.publickey()
        return (pub.exportKey().strip(), priv.exportKey().strip())

    def generate_signature(self, message):
        '''sign messaging using our priv key'''
        k = RSA.importKey(self.privkey)
        h = MD5.new(message).digest()
        return k.sign(h, '')

    @staticmethod
    def verify_signature(pubkey, signature, message):
        '''verify signature using signing user public key'''
        k = RSA.importKey(pubkey)
        h = MD5.new(message).digest()
        return k.verify(h, signature)

    @staticmethod
    def encrypt_message(message, pubkey):
        '''encrypt message using receiving user public key'''
        k = RSA.importKey(pubkey)
        return k.encrypt(message, 32)

    def decrypt_message(self, enc):
        '''decrypt message using our priv key'''
        k = RSA.importKey(self.privkey)
        return k.decrypt(enc)