def __init__(self, filename, private, *certs):
self.private = tlsapi.parsePEMKey(open(filename).read(), private=private)
self.certificate = tlsapi.X509()
self.certificate.parse(open(filename).read())
chain = []
for cert in (filename, ) + certs:
x509 = tlsapi.X509()
x509.parse(open(cert).read())
chain.append(x509)
self.certificate.chain = tlsapi.X509CertChain(chain)
def __init__(self, filename, private, *certs):
self.private = tlsapi.parsePEMKey(open(filename).read(),
private=private)
self.certificate = tlsapi.X509()
self.certificate.parse(open(filename).read())
chain = []
for cert in (filename, ) + certs:
x509 = tlsapi.X509()
x509.parse(open(cert).read())
chain.append(x509)
self.certificate.chain = tlsapi.X509CertChain(chain)
def __init__(self, config):
ThreadPoolServer.__init__(self, config)
cert = open(config.ssl_certificate).read()
x509 = X509()
x509.parse(cert)
self.certChain = X509CertChain([x509])
priv = open(config.ssl_privkey).read()
self.privateKey = parsePEMKey(priv, private=True)
self.sessionCache = SessionCache()
def _LoadKey(self, keystr):
"""Load a key and return a key object.
Args:
keystr: str, key in PEM format
Returns:
tlslite.utils.RSAKey instance
Raises:
ValueError: keystr is improperly formed
"""
try:
key = tlslite_api.parsePEMKey(keystr)
except (SyntaxError, AttributeError), e:
raise ValueError('invalid PEM key format: %s' % str(e))
def _LoadKey(self, keystr):
"""Load a key and return a key object.
Args:
keystr: str, key in PEM format
Returns:
tlslite.utils.RSAKey instance
Raises:
ValueError: keystr is improperly formed
"""
try:
key = tlslite_api.parsePEMKey(keystr)
except (SyntaxError, AttributeError), e:
raise ValueError('invalid PEM key format: %s' % str(e))
def LoadRSAPrivateKeyFromPEM(s):
"""Load a RSA Private key from PEM format.
Args:
s: str, key in PEM format, including newlines
Returns:
X509Certificate object
Raises:
PEMFormatError: general format error.
HeaderMissingPEMFormatError: header is missing.
FooterMissingPEMFormatError: footer is missing.
RSAPrivateKeyPEMFormatError: the RSA priv key cannot be loaded.
"""
lines = LoadPemGeneric(s, 'BEGIN RSA PRIVATE KEY', 'END RSA PRIVATE KEY')
# tlslite expects to see the header too.
pem_rsa_key = '\n'.join(lines)
try:
return tlslite_api.parsePEMKey(pem_rsa_key)
except SyntaxError, e:
raise RSAPrivateKeyPEMFormatError(str(e))
def handle_args(argv, arg_string, flags_list=[]):
"""
Convert argument array to usable format
"""
getOptArgString = ":".join(arg_string) + ":"
try:
opts, argv = getopt.getopt(argv, getOptArgString, flags_list)
except getopt.GetoptError as e:
print_error(e)
# Default values if arg not present
user_name = None
display_name = None
rp_id = None
encoded_certificate = None
server_cert_path = None
server_key_path = None
db_path = None
encryption_key = None
resident_key = False
for opt, arg in opts:
if opt == "-n" or opt == "--name":
user_name = arg
elif opt == "-d" or opt == "--display-name":
display_name = arg
elif opt == "-r" or opt == "--rp-id":
rp_id = arg
elif opt == "-c" or opt == "--cert":
if not path.isfile(arg):
print_error("Invalid path to client certificate")
cert_chain = X509CertChain()
data = open(arg, "rb").read()
data = str(data, 'utf-8')
cert_chain.parsePemList(data)
if cert_chain.getNumCerts() == 0:
print_error("Invalid certificate provided")
encoded_certificate = data
elif opt == "-s" or opt == "--server-cert":
if not path.isfile(arg):
print_error("Invalid path to server certificate")
server_cert_path = arg
elif opt == "-k" or opt == "--server-key":
if not path.isfile(arg):
print_error("Invalid path to server key")
server_key_path = arg
elif opt == "-p" or opt == "--db-path":
db_path = arg
elif opt == "-e" or opt == "--encrypt":
key_string = open(arg, "rb").read()
key_string = str(key_string, 'utf-8')
encryption_key = parsePEMKey(key_string, private=True,
implementations=["python"])
elif opt == "--resident-key":
resident_key = True
ret_list = []
if "n" in arg_string or "name=" in flags_list:
ret_list.append(user_name)
if "d" in arg_string or "display-name=" in flags_list:
ret_list.append(display_name)
if "r" in arg_string or "rp-id=" in flags_list:
ret_list.append(rp_id)
if "c" in arg_string or "cert=" in flags_list:
ret_list.append(encoded_certificate)
if "s" in arg_string or "server-cert=" in flags_list:
ret_list.append(server_cert_path)
if "k" in arg_string or "server-key=" in flags_list:
ret_list.append(server_key_path)
if "p" in arg_string or "db-path=" in flags_list:
ret_list.append(db_path)
if "e" in arg_string or "encryption-key=" in flags_list:
ret_list.append(encryption_key)
if "resident-key" in flags_list:
ret_list.append(resident_key)
return ret_list
