def __init__(self, name, options):
self.name = name
self.options = options
self.proto = "sslv23" # XXX
self.cert_factory = CertFactory()
# handle --server= option
if self.options.server != None:
# fetch X.509 certificate from user-specified server
self.server_x509_cert = self.cert_factory.grab_server_x509_cert(self.options.server)
else:
self.server_x509_cert = None
# handle --user-cert= and --user-key= options
if (self.options.user_cert_file != None) and (self.options.user_key_file != None):
try:
self.user_certnkey = self.cert_factory.load_certnkey_files(
self.options.user_cert_file, self.options.user_key_file
)
except IOError as ex:
raise IOError(ex)
else:
self.user_certnkey = None
# handle --user-ca-cert= and --user-ca-key= options
if (self.options.user_ca_cert_file != None) and (self.options.user_ca_key_file != None):
try:
self.user_ca_certnkey = self.cert_factory.load_certnkey_files(
self.options.user_ca_cert_file, self.options.user_ca_key_file
)
except IOError as ex:
raise IOError(ex)
else:
self.user_ca_certnkey = None
self.auditors = []
self.init_user_cert()
self.init_self_signed()
self.init_user_cert_signed()
self.init_user_ca_signed()
ClientAuditorSet.__init__(self, self.auditors)
class SSLClientAuditorSet(ClientAuditorSet):
def __init__(self, name, options):
self.name = name
self.options = options
self.proto = "sslv23" # XXX
self.cert_factory = CertFactory()
# handle --server= option
if self.options.server != None:
# fetch X.509 certificate from user-specified server
self.server_x509_cert = self.cert_factory.grab_server_x509_cert(self.options.server)
else:
self.server_x509_cert = None
# handle --user-cert= and --user-key= options
if (self.options.user_cert_file != None) and (self.options.user_key_file != None):
try:
self.user_certnkey = self.cert_factory.load_certnkey_files(
self.options.user_cert_file, self.options.user_key_file
)
except IOError as ex:
raise IOError(ex)
else:
self.user_certnkey = None
# handle --user-ca-cert= and --user-ca-key= options
if (self.options.user_ca_cert_file != None) and (self.options.user_ca_key_file != None):
try:
self.user_ca_certnkey = self.cert_factory.load_certnkey_files(
self.options.user_ca_cert_file, self.options.user_ca_key_file
)
except IOError as ex:
raise IOError(ex)
else:
self.user_ca_certnkey = None
self.auditors = []
self.init_user_cert()
self.init_self_signed()
self.init_user_cert_signed()
self.init_user_ca_signed()
ClientAuditorSet.__init__(self, self.auditors)
def init_user_cert(self):
"""
This method initializes an auditor using user-supplied certificate as is
"""
if self.user_certnkey != None:
auditor = SSLClientConnectionAuditor(self.proto, self.user_certnkey)
self.auditors.append(auditor)
def init_self_signed(self):
"""
This method initializes auditors using self-signed certificates
"""
if not self.options.no_self_signed:
self._init_signed(ca_certnkey=None)
def init_user_cert_signed(self):
"""
This method initializes auditors using user-supplied certificate as CA
"""
if self.user_certnkey != None:
self._init_signed(ca_certnkey=self.user_certnkey)
def init_user_ca_signed(self):
"""
This method initializes auditors using certificates signed by known good CA
"""
if self.user_ca_certnkey != None:
self._init_signed(ca_certnkey=self.user_ca_certnkey)
def _init_signed(self, ca_certnkey):
"""
This method initializes auditors using signed certificates: self signed or by a CA.
"""
if not self.options.no_default_cn:
self._init_signedtests(DEFAULT_CN, ca_certnkey)
if self.options.user_cn != None:
self._init_signedtests(self.options.user_cn, ca_certnkey)
if self.server_x509_cert != None:
# automatically generated certificate, replicated after server cert, selfsigned
if ca_certnkey == None:
certnkey = self.cert_factory.mk_selfsigned_replica_certnkey(self.server_x509_cert)
else:
raise NotImplemented()
auditor = SSLClientConnectionAuditor(self.proto, certnkey)
self.auditors.append(auditor)
def _init_signedtests(self, cn, ca_certnkey):
certnkey = self.cert_factory.new_certnkey(cn, ca_certnkey=ca_certnkey)
auditor = SSLClientConnectionAuditor(self.proto, certnkey)
self.auditors.append(auditor)
