def get_node_context(self): _, certfile = tempfile.mkstemp() _, keyfile = tempfile.mkstemp() try: open(certfile, 'w').write(self._node_cert) open(keyfile, 'w').write(self._node_prikey) context = Context() context.load_cert(certfile, keyfile) return context finally: os.unlink(certfile) os.unlink(keyfile)
def __int_call(self, node_address, packet, conn_timeout, read_timeout=None): sock = None try: address = node_address.split(':') if len(address) != 2: raise FriException('Node address %s is invalid! ' \ 'Address should be in format <hostname>:<port>'%node_address) hostname = address[0] try: port = int(address[1]) if 0 > port > 65535: raise ValueError() except ValueError: raise FriException('Node address %s is invalid! ' \ 'Port should be integer in range 0...65535'%node_address) if not isinstance(packet, FabnetPacket): raise Exception('FRI request packet should be an object of FabnetPacket') packet.session_id = self.session_id data = packet.dump() if self.is_ssl: context = Context() context.set_verify(0, depth = 0) sock = Connection(context) sock.set_post_connection_check_callback(None) sock.set_socket_read_timeout(M2Crypto.SSL.timeout(sec=conn_timeout)) else: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(conn_timeout) sock.connect((hostname, port)) sock.sendall(data) if self.is_ssl: sock.set_socket_read_timeout(M2Crypto.SSL.timeout(sec=read_timeout)) else: sock.settimeout(read_timeout) ret_packet = self.__read_packet(sock) if ret_packet.get('ret_code', -1) == RC_REQ_CERTIFICATE: self.__send_cert(sock) ret_packet = self.__read_packet(sock) return ret_packet finally: if sock: sock.close()
def _reset_proxy(self): parsed = urlparse(self.url.lower()) self.transport = None # This scheme is used for debugging and looping back if parsed.scheme == "test": self.proxy = BasicAuthServerProxy( test_to_http(self.url), username=self.username, password=self.password, transport=TestClientTransport()) elif parsed.scheme == "https": from M2Crypto.m2xmlrpclib import SSL_Transport from M2Crypto.SSL import Context self.transport = SSL_Transport(Context(protocol='tlsv1')) self.proxy = BasicAuthServerProxy(self.url, username=self.username, password=self.password, transport=self.transport, #verbose=getattr(settings, "DEBUG", False)) verbose=False) self.set_verify_certs() else: self.proxy = BasicAuthServerProxy(self.url, username=self.username, password=self.password)
def usage(): # form context by passing cert and private key file context = Context(); context.set_allow_unknown_ca(False) context.load_cert(certfile='cert.pem', keyfile='key.pem') # make server verification # capath should contain hash soft link to CA certifiates context.load_verify_info(capath='./') context.set_verify(SSL.verify_peer, 3) # context.set_verify(SSL.verify_none, 3) # using MyHTTPS to send request send_request(context)
def stop(self): if self.stopped: return self.operator.stop() self.__conn_handler_thread.stop() self.__check_neighbours_thread.stop() sock = None try: if self.keystorage: context = Context() context.set_verify(0, depth = 0) sock = Connection(context) sock.set_post_connection_check_callback(None) sock.set_socket_read_timeout(M2Crypto.SSL.timeout(sec=1)) else: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(1.0) if self.hostname == '0.0.0.0': hostname = '127.0.0.1' else: hostname = self.hostname sock.connect((hostname, self.port)) except socket.error: pass finally: if sock: sock.close() del sock self.__workers_manager_thread.stop() #waiting threads finishing... self.__workers_manager_thread.join() self.__conn_handler_thread.join() self.__check_neighbours_thread.join() self.stopped = True
def _reset(self): parsed = urlparse(self.url.lower()) assert parsed.scheme == "https" self.transport = None from M2Crypto.m2xmlrpclib import SSL_Transport from M2Crypto.SSL import Context self.transport = SSL_Transport(Context(protocol='tlsv1')) new_url = add_basic_auth(self.url, self.username, self.password) self.proxy = xmlrpclib.ServerProxy(str(new_url), transport=self.transport, verbose=False)
def ssl_verify_callback(ssl_ctx_ptr, x509_ptr, errnum, errdepth, ok): # Deprecated from M2Crypto.SSL import Context ssl_ctx = Context.map()[long(ssl_ctx_ptr)] if errnum in unknown_issuer: if ssl_ctx.get_allow_unknown_ca(): sys.stderr.write("policy: %s: permitted...\n" % (m2.x509_get_verify_error(errnum))) sys.stderr.flush() ok = 1 # CRL checking goes here... if ok: if ssl_ctx.get_verify_depth() >= errdepth: ok = 1 else: ok = 0 return ok
def usage1(): context = Context(); context.set_allow_unknown_ca(False) # add client site certificate and private key # to support Client verification context.load_cert(certfile='cert.pem', keyfile='key.pem') # add server site trusted CA certifications # to support server verification context.load_verify_info(capath='./') opener = m2urllib2.build_opener(context) response = opener.open("https://sjmcm1csa2/") print 'html: ', response.read() print 'info: ', response.info() print 'url: ', response.geturl()
def usage1(): # form context by passing cert and private key content context = Context(); context.set_allow_unknown_ca(False) cert_file = open('/opt/cisco/creds/id.cert', 'rb').read().encode('ascii') cert_file = X509.load_cert_string(cert_file) key_file = open('/opt/cisco/creds/id.cert', 'rb').read().encode('ascii') # pem-encoded pkey key_file = EVP.load_key_string(key_file) m2.ssl_ctx_use_x509(context.ctx, cert_file.x509) m2.ssl_ctx_use_pkey_privkey(context.ctx, key_file.pkey) # make server verification # capath should contain hash soft link to CA certifiates context.load_verify_info(capath='./') context.set_verify(SSL.verify_peer, 3) # context.set_verify(SSL.verify_none, 3) # using MyHTTPS to send request send_request(context)
def _reset_proxy(self): parsed = urlparse(self.url.lower()) self.transport = None # This scheme is used for debugging and looping back if parsed.scheme == "test": self.proxy = BasicAuthServerProxy(self.url.lower().replace( "test", "http"), username=self.username, password=self.password, transport=TestClientTransport()) elif parsed.scheme == "https": from M2Crypto.m2xmlrpclib import SSL_Transport from M2Crypto.SSL import Context self.transport = SSL_Transport(Context(protocol='tlsv1')) self.proxy = BasicAuthServerProxy(self.url, username=self.username, password=self.password, transport=self.transport) self.set_verify_certs() else: self.proxy = BasicAuthServerProxy(self.url, username=self.username, password=self.password)
log.debug('Entered FTPSServer.GetDownloadDescriptor') descriptor = urlparse.urlunparse(("ftps", "%s:%d" % (self.hostname, self.port), "%s/%s" % (prefix, urllib.quote(fil)), "", "", "")) log.debug(' descriptor = %s', descriptor) return descriptor if __name__ == '__main__': from M2Crypto.SSL import Context import socket ssl_ctx = Context('sslv23') ssl_ctx.load_cert('server.pem') # cheat to get the ca cert dir if sys.platform == 'win32': caDir = r'c:\\program files\\AGTk-2.4\\Config\CAcertificates' elif sys.platform == 'linux2': caDir = '/etc/AccessGrid/Config/CAcertificates' elif sys.platform == 'darwin': caDir = '/Applications/AccessGridToolkit.app/Contents/Resources/Config/CAcertificates/' else: print 'Unrecognized platform: ', sys.platform sys.exit(1) ssl_ctx.load_verify_locations(capath=caDir) ssl_ctx.set_cipher_list('LOW:TLSv1:@STRENGTH') ssl_ctx.set_verify(SSL.verify_peer,10) ssl_ctx.set_session_id_ctx('127.0.0.1:8006')
''' Get the download descriptor for the specified file ''' log.debug('Entered FTPSServer.GetDownloadDescriptor') descriptor = urlparse.urlunparse( ("ftps", "%s:%d" % (self.hostname, self.port), "%s/%s" % (prefix, urllib.quote(fil)), "", "", "")) log.debug(' descriptor = %s', descriptor) return descriptor if __name__ == '__main__': from M2Crypto.SSL import Context import socket ssl_ctx = Context('sslv23') ssl_ctx.load_cert('server.pem') # cheat to get the ca cert dir if sys.platform == 'win32': caDir = r'c:\\program files\\AGTk-2.4\\Config\CAcertificates' elif sys.platform == 'linux2': caDir = '/etc/AccessGrid/Config/CAcertificates' elif sys.platform == 'darwin': caDir = '/Applications/AccessGridToolkit.app/Contents/Resources/Config/CAcertificates/' else: print 'Unrecognized platform: ', sys.platform sys.exit(1) ssl_ctx.load_verify_locations(capath=caDir) ssl_ctx.set_cipher_list('LOW:TLSv1:@STRENGTH') ssl_ctx.set_verify(SSL.verify_peer, 10) ssl_ctx.set_session_id_ctx('127.0.0.1:8006')
def getContext(self): ctx = Context() ctx.load_cert(certfile="cert.pem", keyfile="key.pem") return ctx