def x509_name_entry2tuple(entry): bio = BIO.MemoryBuffer() m2.asn1_string_print(bio._ptr(), m2.x509_name_entry_get_data(entry._ptr())) return ( six.ensure_text(m2.obj_obj2txt( m2.x509_name_entry_get_object(entry._ptr()), 0)), six.ensure_text(bio.getvalue()))
def get_error(): # type: () -> Optional[str] err = BIO.MemoryBuffer() m2.err_print_errors(err.bio_ptr()) err_msg = err.read() if err_msg: return six.ensure_text(err_msg)
def get_error(): # type: () -> Optional[str] err = BIO.MemoryBuffer() m2.err_print_errors(err.bio_ptr()) err_msg = err.read() if err_msg: return six.ensure_text(err_msg)
def __str__(self): # type: () -> str assert m2.asn1_time_type_check(self.asn1_time), \ "'asn1_time' type error'" buf = BIO.MemoryBuffer() m2.asn1_time_print(buf.bio_ptr(), self.asn1_time) return six.ensure_text(buf.read_all())
def __str__(self): # type: () -> str assert m2.asn1_time_type_check(self.asn1_time), \ "'asn1_time' type error'" buf = BIO.MemoryBuffer() m2.asn1_time_print(buf.bio_ptr(), self.asn1_time) return six.ensure_text(buf.read_all())
def test_HTTPSConnection(self): pid = self.start_server(self.args) try: c = httpslib.HTTPSConnection(srv_host, self.srv_port) c.request('GET', '/') data = c.getresponse().read() c.close() finally: self.stop_server(pid) self.assertIn('s_server -quiet -www', six.ensure_text(data))
def as_text(self): # type: () -> str """ Return CRL in PEM format in a string. :return: String containing the CRL in PEM format. """ buf = BIO.MemoryBuffer() m2.x509_crl_print(buf.bio_ptr(), self.crl) return six.ensure_text(buf.read_all())
def as_text(self): # type: () -> str """ Return CRL in PEM format in a string. :return: String containing the CRL in PEM format. """ buf = BIO.MemoryBuffer() m2.x509_crl_print(buf.bio_ptr(), self.crl) return six.ensure_text(buf.read_all())
def test_HTTPSConnection(self): pid = self.start_server(self.args) try: c = httpslib.HTTPSConnection(srv_host, self.srv_port) c.request('GET', '/') data = c.getresponse().read() c.close() finally: self.stop_server(pid) self.assertIn('s_server -quiet -www', six.ensure_text(data))
def rand_file_name(): # type: () -> str """ Generate a default path for the random seed file. :return: string with the filename. The seed file is $RANDFILE if that environment variable is set, $HOME/.rnd otherwise. If $HOME is not set either, an error occurs. """ return six.ensure_text(m2.rand_file_name()) # pylint: disable=no-member
def __getattr__(self, attr): # type: (str) -> str if attr in self.nid: assert m2.x509_name_type_check(self.x509_name), \ "'x509_name' type error" return six.ensure_text(m2.x509_name_by_nid(self.x509_name, self.nid[attr])) if attr in self.__dict__: return self.__dict__[attr] raise AttributeError(self, attr)
def rand_file_name(): # type: () -> str """ Generate a default path for the random seed file. :return: string with the filename. The seed file is $RANDFILE if that environment variable is set, $HOME/.rnd otherwise. If $HOME is not set either, an error occurs. """ return six.ensure_text(m2.rand_file_name()) # pylint: disable=no-member
def get_value(self, flag=0, indent=0): # type: (int, int) -> str """ Get the extension value, for example 'DNS:www.example.com'. :param flag: Flag to control what and how to print. :param indent: How many spaces to print before actual value. """ buf = BIO.MemoryBuffer() m2.x509_ext_print(buf.bio_ptr(), self.x509_ext, flag, indent) return six.ensure_text(buf.read_all())
def __getattr__(self, attr): # type: (str) -> str if attr in self.nid: assert m2.x509_name_type_check(self.x509_name), \ "'x509_name' type error" return six.ensure_text(m2.x509_name_by_nid(self.x509_name, self.nid[attr])) if attr in self.__dict__: return self.__dict__[attr] raise AttributeError(self, attr)
def get_value(self, flag=0, indent=0): # type: (int, int) -> str """ Get the extension value, for example 'DNS:www.example.com'. :param flag: Flag to control what and how to print. :param indent: How many spaces to print before actual value. """ buf = BIO.MemoryBuffer() m2.x509_ext_print(buf.bio_ptr(), self.x509_ext, flag, indent) return six.ensure_text(buf.read_all())
def http_get(self, s): s.send(b'GET / HTTP/1.0\n\n') resp = b'' while 1: try: r = s.recv(4096) if not r: break except SSL.SSLError: # s_server throws an 'unexpected eof'... break resp = resp + r return six.ensure_text(resp)
def as_text(self, flags=0): # type: (int) -> str """Output an ASN1_STRING structure according to the set flags. :param flags: determine the format of the output by using predetermined constants, see ASN1_STRING_print_ex(3) manpage for their meaning. :return: output an ASN1_STRING structure. """ buf = BIO.MemoryBuffer() m2.asn1_string_print_ex(buf.bio_ptr(), self.asn1str, flags) return six.ensure_text(buf.read_all())
def as_text(self, flags=0): # type: (int) -> str """Output an ASN1_STRING structure according to the set flags. :param flags: determine the format of the output by using predetermined constants, see ASN1_STRING_print_ex(3) manpage for their meaning. :return: output an ASN1_STRING structure. """ buf = BIO.MemoryBuffer() m2.asn1_string_print_ex(buf.bio_ptr(), self.asn1str, flags) return six.ensure_text(buf.read_all())
def http_get(self, s): s.send(b'GET / HTTP/1.0\n\n') resp = b'' while 1: try: r = s.recv(4096) if not r: break except SSL.SSLError: # s_server throws an 'unexpected eof'... break resp = resp + r return six.ensure_text(resp)
def test_HTTPSConnection_secure_context(self): pid = self.start_server(self.args) try: self.ctx.set_verify( SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9) self.ctx.load_verify_locations('tests/ca.pem') c = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=self.ctx) c.request('GET', '/') data = six.ensure_text(c.getresponse().read()) c.close() finally: self.stop_server(pid) self.assertIn('s_server -quiet -www', data)
def test_HTTPSConnection_secure_context(self): pid = self.start_server(self.args) try: self.ctx.set_verify( SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9) self.ctx.load_verify_locations('tests/ca.pem') c = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=self.ctx) c.request('GET', '/') data = six.ensure_text(c.getresponse().read()) c.close() finally: self.stop_server(pid) self.assertIn('s_server -quiet -www', data)
def as_text(self, indent=0, flags=m2.XN_FLAG_COMPAT): # type: (int, int) -> str """ as_text returns the name as a string. :param indent: Each line in multiline format is indented by this many spaces. :param flags: Flags that control how the output should be formatted. """ assert m2.x509_name_type_check(self.x509_name), \ "'x509_name' type error" buf = BIO.MemoryBuffer() m2.x509_name_print_ex(buf.bio_ptr(), self.x509_name, indent, flags) return six.ensure_text(buf.read_all())
def get_fingerprint(self, md='md5'): # type: (str) -> str """ Get the fingerprint of the certificate. :param md: Message digest algorithm to use. :return: String containing the fingerprint in hex format. """ der = self.as_der() md = EVP.MessageDigest(md) md.update(der) digest = md.final() return six.ensure_text(binascii.hexlify(digest).upper())
def as_text(self, indent=0, flags=m2.XN_FLAG_COMPAT): # type: (int, int) -> str """ as_text returns the name as a string. :param indent: Each line in multiline format is indented by this many spaces. :param flags: Flags that control how the output should be formatted. """ assert m2.x509_name_type_check(self.x509_name), \ "'x509_name' type error" buf = BIO.MemoryBuffer() m2.x509_name_print_ex(buf.bio_ptr(), self.x509_name, indent, flags) return six.ensure_text(buf.read_all())
def get_fingerprint(self, md='md5'): # type: (str) -> str """ Get the fingerprint of the certificate. :param md: Message digest algorithm to use. :return: String containing the fingerprint in hex format. """ der = self.as_der() md = EVP.MessageDigest(md) md.update(der) digest = md.final() return six.ensure_text(binascii.hexlify(digest).upper())
def test_HTTPSConnection_resume_session(self): pid = self.start_server(self.args) try: self.ctx.load_verify_locations(cafile='tests/ca.pem') self.ctx.load_cert('tests/x509.pem') self.ctx.set_verify( SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 1) self.ctx.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT) c = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=self.ctx) c.request('GET', '/') ses = c.get_session() t = ses.as_text() data = c.getresponse().read() # Appearently closing connection here screws session; Ali Polatel? # c.close() ctx2 = SSL.Context() ctx2.load_verify_locations(cafile='tests/ca.pem') ctx2.load_cert('tests/x509.pem') ctx2.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 1) ctx2.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT) c2 = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=ctx2) c2.set_session(ses) c2.request('GET', '/') ses2 = c2.get_session() t2 = ses2.as_text() data = six.ensure_text(c2.getresponse().read()) c.close() c2.close() self.assertEqual( t, t2, "Sessions did not match: t = %s, t2 = %s" % ( t, t2, )) finally: self.stop_server(pid) self.assertIn('s_server -quiet -www', data)
def test_HTTPSConnection_resume_session(self): pid = self.start_server(self.args) try: self.ctx.load_verify_locations(cafile='tests/ca.pem') self.ctx.load_cert('tests/x509.pem') self.ctx.set_verify( SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 1) self.ctx.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT) c = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=self.ctx) c.request('GET', '/') ses = c.get_session() t = ses.as_text() data = c.getresponse().read() # Appearently closing connection here screws session; Ali Polatel? # c.close() ctx2 = SSL.Context() ctx2.load_verify_locations(cafile='tests/ca.pem') ctx2.load_cert('tests/x509.pem') ctx2.set_verify( SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 1) ctx2.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT) c2 = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=ctx2) c2.set_session(ses) c2.request('GET', '/') ses2 = c2.get_session() t2 = ses2.as_text() data = six.ensure_text(c2.getresponse().read()) c.close() c2.close() self.assertEqual(t, t2, "Sessions did not match: t = %s, t2 = %s" % (t, t2,)) finally: self.stop_server(pid) self.assertIn('s_server -quiet -www', data)
def get_error_func(err): # type: (int) -> str return six.ensure_text(m2.err_func_error_string(err))
def get_x509_verify_error(err): # type: (Optional[int]) -> str err_str = m2.x509_get_verify_error(err) return six.ensure_text(err_str) if err_str else ''
def name(self): # type: () -> str return six.ensure_text(m2.ssl_cipher_get_name(self.cipher))
def as_text(self): # type: () -> str assert m2.x509_type_check(self.x509), "'x509' type error" buf = BIO.MemoryBuffer() m2.x509_print(buf.bio_ptr(), self.x509) return six.ensure_text(buf.read_all())
def __str__(self): # type: () -> str return six.ensure_text(self.__bytes__())
def stop_server(self, pid): pid.terminate() out, err = pid.communicate() return six.ensure_text(out), six.ensure_text(err)
def test_py3str_None(self): with self.assertRaises(TypeError): six.ensure_text(None)
def get_name(self): # type: () -> str """ Get the extension name, for example 'subjectAltName'. """ return six.ensure_text(m2.x509_extension_get_name(self.x509_ext))
def test_py3str_str(self): self.assertIsInstance(six.ensure_text(u'test'), six.string_types)
def get_error_message(): # type: () -> str return six.ensure_text(get_error_reason(get_error_code()))
def as_text(self): # type: () -> str buf = BIO.MemoryBuffer() m2.x509_req_print(buf.bio_ptr(), self.req) return six.ensure_text(buf.read_all())
def test_py3str_bytes(self): self.assertIsInstance(six.ensure_text(b'test'), six.text_type)
def get_x509_verify_error(err): # type: (int) -> str return six.ensure_text(m2.x509_get_verify_error(err))
def as_text(self): # type: () -> str assert m2.x509_type_check(self.x509), "'x509' type error" buf = BIO.MemoryBuffer() m2.x509_print(buf.bio_ptr(), self.x509) return six.ensure_text(buf.read_all())
def get_name(self): # type: () -> str """ Get the extension name, for example 'subjectAltName'. """ return six.ensure_text(m2.x509_extension_get_name(self.x509_ext))
def get_error_message(): # type: () -> str return six.ensure_text(get_error_reason(get_error_code()))
def get_version(self): # type: () -> str """Return the TLS/SSL protocol version for this connection.""" return six.ensure_text(m2.ssl_get_version(self.ssl))
def get_error_reason(err): # type: (Optional[int]) -> str err_str = m2.err_reason_error_string(err) return six.ensure_text(err_str) if err_str else ''
def get_error_reason(err): # type: (int) -> str return six.ensure_text(m2.err_reason_error_string(err))
def name(self): # type: () -> str return six.ensure_text(m2.ssl_cipher_get_name(self.cipher))
def as_text(self): # type: () -> str buf = BIO.MemoryBuffer() m2.x509_req_print(buf.bio_ptr(), self.req) return six.ensure_text(buf.read_all())
def get_cipher_list(self, idx=0): # type: (int) -> str """Return the cipher suites for this connection as a string object.""" return six.ensure_text(m2.ssl_get_cipher_list(self.ssl, idx))
def __str__(self): # type: () -> str s = 'Peer certificate %s does not match host, expected %s, got %s' \ % (self.fieldName, self.expectedHost, self.actualHost) return six.ensure_text(s)
def test_py3str_str(self): self.assertIsInstance(six.ensure_text(u'test'), six.string_types)
def test_py3str_bytes(self): self.assertIsInstance(six.ensure_text(b'test'), six.text_type)
def test_py3str_None(self): with self.assertRaises(TypeError): six.ensure_text(None)
def __str__(self): # type: () -> str return six.ensure_text(self.__bytes__())
def __call__(self, peerCert, host=None): # type: (X509.X509, Optional[str]) -> bool if peerCert is None: raise NoCertificate('peer did not return certificate') if host is not None: self.host = host # type: str if self.fingerprint: if self.digest not in ('sha1', 'md5'): raise ValueError('unsupported digest "%s"' % self.digest) if self.digest == 'sha1': expected_len = 40 elif self.digest == 'md5': expected_len = 32 else: raise ValueError('Unexpected digest {0}'.format(self.digest)) if len(self.fingerprint) != expected_len: raise WrongCertificate( ('peer certificate fingerprint length does not match\n' + 'fingerprint: {0}\nexpected = {1}\n' + 'observed = {2}').format(self.fingerprint, expected_len, len(self.fingerprint))) expected_fingerprint = six.ensure_text(self.fingerprint) observed_fingerprint = peerCert.get_fingerprint(md=self.digest) if observed_fingerprint != expected_fingerprint: raise WrongCertificate( ('peer certificate fingerprint does not match\n' + 'expected = {0},\n' + 'observed = {1}').format(expected_fingerprint, observed_fingerprint)) if self.host: hostValidationPassed = False self.useSubjectAltNameOnly = False # subjectAltName=DNS:somehost[, ...]* try: subjectAltName = peerCert.get_ext('subjectAltName').get_value() if self._splitSubjectAltName(self.host, subjectAltName): hostValidationPassed = True elif self.useSubjectAltNameOnly: raise WrongHost(expectedHost=self.host, actualHost=subjectAltName, fieldName='subjectAltName') except LookupError: pass # commonName=somehost[, ...]* if not hostValidationPassed: hasCommonName = False commonNames = '' for entry in peerCert.get_subject().get_entries_by_nid( m2.NID_commonName): hasCommonName = True commonName = entry.get_data().as_text() if not commonNames: commonNames = commonName else: commonNames += ',' + commonName if self._match(self.host, commonName): hostValidationPassed = True break if not hasCommonName: raise WrongCertificate('no commonName in peer certificate') if not hostValidationPassed: raise WrongHost(expectedHost=self.host, actualHost=commonNames, fieldName='commonName') return True
def stop_server(self, pid): pid.terminate() out, err = pid.communicate() return six.ensure_text(out), six.ensure_text(err)