def set_own_cert(self, cert, key, passwd=None):
"""
Configure own certificate and key.
"""
cert_char = pynng.nng.to_char(cert)
key_char = pynng.nng.to_char(key)
passwd_char = pynng.nng.to_char(passwd) if passwd is not None else pynng.ffi.NULL
err = pynng.lib.nng_tls_config_own_cert(self._tls_config, cert_char, key_char, passwd_char)
pynng.check_err(err)
def _getopt_string(py_obj, option):
"""Gets the specified string option"""
opt = pynng.ffi.new('char *[]', 1)
opt_as_char = pynng.nng.to_char(option)
obj, lib_func = _get_inst_and_func(py_obj, 'string', 'get')
ret = lib_func(obj, opt_as_char, opt)
pynng.check_err(ret)
py_string = pynng.ffi.string(opt[0]).decode()
pynng.lib.nng_strfree(opt[0])
return py_string
def _setopt_string(py_obj, option, value):
"""Sets the specified option to the specified value
This is different than the library's nng_setopt_string, because it
expects the string to be NULL terminated, and we don't.
"""
opt_as_char = pynng.nng.to_char(option)
val_as_char = pynng.nng.to_char(value)
obj, lib_func = _get_inst_and_func(py_obj, 'string', 'set')
ret = lib_func(obj, opt_as_char, val_as_char, len(value))
pynng.check_err(ret)
def set_cert_key_file(self, path, passwd=None):
"""
Load own certificate and key from file.
"""
path_char = pynng.nng.to_char(path)
passwd_char = pynng.nng.to_char(
passwd) if passwd is not None else pynng.ffi.NULL
err = pynng.lib.nng_tls_config_cert_key_file(self._tls_config,
path_char, passwd_char)
pynng.check_err(err)
def set_ca_chain(self, chain, crl=None):
"""
Configure certificate authority certificate chain.
"""
chain_char = pynng.nng.to_char(chain)
crl_char = pynng.nng.to_char(
crl) if crl is not None else pynng.ffi.NULL
err = pynng.lib.nng_tls_config_ca_chain(self._tls_config, chain_char,
crl_char)
pynng.check_err(err)
def _setopt_int(py_obj, option, value):
"""Sets the specified option to the specified value"""
opt_as_char = pynng.nng.to_char(option)
# attempt to accept floats that are exactly int
if not int(value) == value:
msg = 'Invalid value {} of type {}. Expected int.'
msg = msg.format(value, type(value))
raise ValueError(msg)
obj, lib_func = _get_inst_and_func(py_obj, 'int', 'set')
value = int(value)
err = lib_func(obj, opt_as_char, value)
pynng.check_err(err)
def _setopt_ptr(py_obj, option, value):
if isinstance(value, pynng.tls.TLSConfig):
value_ptr = value._tls_config
else:
msg = 'Invalid value {} of type {}. Expected TLSConfig.'
msg = msg.format(value, type(value))
raise ValueError(msg)
option_char = pynng.nng.to_char(option)
obj, lib_func = _get_inst_and_func(py_obj, 'ptr', 'set')
ret = lib_func(obj, option_char, value_ptr)
pynng.check_err(ret)
def __init__(self,
mode,
server_name=None,
ca_string=None,
own_key_string=None,
own_cert_string=None,
auth_mode=None,
ca_files=None,
cert_key_file=None,
passwd=None):
if ca_string and ca_files:
raise ValueError("Cannot set both ca_string and ca_files!")
if (own_cert_string or own_key_string) and cert_key_file:
raise ValueError(
"Cannot set both own_{key,cert}_string an cert_key_file!")
if bool(own_cert_string) != bool(own_key_string):
raise ValueError(
"own_key_string and own_cert_string must be both set or unset")
if isinstance(ca_files, str):
# assume the user really intended to only set a single ca file.
ca_files = [ca_files]
tls_config_p = pynng.ffi.new('nng_tls_config **')
pynng.check_err(pynng.lib.nng_tls_config_alloc(tls_config_p, mode))
self._tls_config = tls_config_p[0]
if server_name:
self.set_server_name(server_name)
if ca_string:
self.set_ca_chain(ca_string)
if own_key_string and own_cert_string:
self.set_own_cert(own_cert_string, own_key_string, passwd)
if auth_mode:
self.set_auth_mode(auth_mode)
if ca_files:
for f in ca_files:
self.add_ca_file(f)
if cert_key_file:
self.set_cert_key_file(cert_key_file, passwd)
def __init__(self, mode,
server_name=None,
ca_string=None,
own_key_string=None,
own_cert_string=None,
auth_mode=None,
ca_files=None,
cert_key_file=None,
passwd=None):
"""
Create a new tls config object. mode must be ether MODE_CLIENT or
MODE_SERVER
"""
if ca_string and ca_files:
raise ValueError("Cannot set both ca_string and ca_files!")
if (own_cert_string or own_key_string) and cert_key_file:
raise ValueError("Cannot set both own_{key,cert}_string an cert_key_file!")
if bool(own_cert_string) != bool(own_key_string):
raise ValueError("own_key_string and own_cert_string must be both set or unset")
tls_config_p = pynng.ffi.new('nng_tls_config **')
pynng.check_err(pynng.lib.nng_tls_config_alloc(tls_config_p, mode))
self._tls_config = tls_config_p[0]
if server_name:
self.set_server_name(server_name)
if ca_string:
self.set_ca_chain(ca_string)
if own_key_string and own_cert_string:
self.set_own_cert(own_cert_string, own_key_string, passwd)
if auth_mode:
self.set_auth_mode(auth_mode)
if ca_files:
for f in ca_files:
self.add_ca_file(f)
if cert_key_file:
self.set_cert_key_file(cert_key_file, passwd)
def _setopt_bool(py_obj, option, value):
"""Sets the specified option to the specified value."""
opt_as_char = pynng.nng.to_char(option)
obj, lib_func = _get_inst_and_func(py_obj, 'bool', 'set')
ret = lib_func(obj, opt_as_char, value)
pynng.check_err(ret)
def set_auth_mode(self, mode):
"""
Configure authentication mode.
"""
err = pynng.lib.nng_tls_config_auth_mode(self._tls_config, mode)
pynng.check_err(err)
