def _start_https(self, reactor):
from gnutls.interfaces.twisted import X509Credentials
cert, pKey = TLSConfig.certificate, TLSConfig.private_key
if cert is None or pKey is None:
log.fatal("the TLS certificates or the private key could not be loaded")
sys.exit(1)
credentials = X509Credentials(cert, pKey)
reactor.listenTLS(ServerConfig.root.port, HTTPFactory(self.site), credentials, interface=ServerConfig.address)
log.msg("TLS started")
def __init__(self, host=None, use_tls=None, port=None, credentials=None):
if host is not None:
self.host = host.decode() if isinstance(host, bytes) else host
if use_tls is not None:
self.use_tls = use_tls
if port is not None:
self.port = port
self.credentials = credentials
if self.use_tls and self.credentials is None:
self.credentials = X509Credentials(None, None)
def __init__(self, host=None, use_tls=None, port=None, credentials=None):
if host is not None:
self.host = host
if use_tls is not None:
self.use_tls = use_tls
if port is not None:
self.port = port
self.credentials = credentials
if self.use_tls and self.credentials is None:
self.credentials = X509Credentials(None, None)
def tls_credentials(self):
# This property can be optimized to cache the credentials it loads from disk,
# however this is not a time consuming operation (~ 3000 req/sec). -Luci
settings = SIPSimpleSettings()
tls_certificate = self.tls.certificate or settings.tls.certificate
certificate = None
private_key = None
if tls_certificate is not None:
try:
certificate_data = open(tls_certificate.normalized).read()
certificate = X509Certificate(certificate_data)
private_key = X509PrivateKey(certificate_data)
except (FileNotFoundError, GNUTLSError, UnicodeDecodeError):
pass
trusted_cas = []
ca_list = self.tls.ca_list or settings.tls.ca_list
if ca_list is not None:
if len(self.trusted_cas) > 0:
trusted_cas = self.trusted_cas
else:
crt = None
start = False
try:
ca_text = open(ca_list.normalized).read()
except (FileNotFoundError, GNUTLSError, UnicodeDecodeError):
ca_text = ''
for line in ca_text.split("\n"):
if "BEGIN CERT" in line:
start = True
crt = line + "\n"
elif "END CERT" in line:
crt = crt + line + "\n"
end = True
start = False
try:
trusted_cas.append(X509Certificate(crt))
except (GNUTLSError, ValueError) as e:
continue
elif start:
crt = crt + line + "\n"
self.trusted_cas = trusted_cas
self.ca_list = ca_list
credentials = X509Credentials(certificate, private_key, trusted_cas)
credentials.verify_peer = self.tls.verify_server or settings.tls.certificate
return credentials
def start(self, roles):
# Needs to be called from a green thread
log.msg('Publishing %s roles to SIPThor' % roles)
self.node = ThorEntity(SIPConfig.local_ip.normalized, roles, version=sylk.__version__)
self.networks = {}
self.presence_message = ThorEvent('Thor.Presence', self.node.id)
self.shutdown_message = ThorEvent('Thor.Leave', self.node.id)
credentials = X509Credentials(ThorNodeConfig.certificate, ThorNodeConfig.private_key, [ThorNodeConfig.ca])
credentials.verify_peer = True
tls_context = TLSContext(credentials)
EventServiceClient.__init__(self, ThorNodeConfig.domain, tls_context)
def _start_https(self, reactor):
from gnutls.interfaces.twisted import X509Credentials
from gnutls.connection import TLSContext, TLSContextServerOptions
cert, pKey = TLSConfig.certificate, TLSConfig.private_key
if cert is None or pKey is None:
log.fatal("the TLS certificates or the private key could not be loaded")
sys.exit(1)
credentials = X509Credentials(cert, pKey)
tls_context = TLSContext(credentials, server_options=TLSContextServerOptions(certificate_request=None))
reactor.listenTLS(ServerConfig.root.port, HTTPFactory(self.site), tls_context, interface=ServerConfig.address)
log.msg("TLS started")
def __init__(self, host=None, use_tls=None, port=None, credentials=None):
if host is not None:
self.host = host
if use_tls is not None:
self.use_tls = use_tls
if port is not None:
self.port = port
self.credentials = credentials
if self.use_tls and self.credentials is None:
from gnutls.interfaces.twisted import X509Credentials
self.credentials = X509Credentials(None, None)
def __init__(self):
self.node = ThorEntity(host.default_ip, ['call_control'],
version=__version__)
self.networks = {}
self.rating_connections = {}
self.presence_message = ThorEvent('Thor.Presence', self.node.id)
self.shutdown_message = ThorEvent('Thor.Leave', self.node.id)
credentials = X509Credentials(ThorNodeConfig.certificate,
ThorNodeConfig.private_key,
[ThorNodeConfig.ca])
credentials.verify_peer = True
tls_context = TLSContext(credentials)
EventServiceClient.__init__(self, ThorNodeConfig.domain, tls_context)
def __init__(self):
self.node = ThorEntity(host.default_ip, ['msrprelay_server'],
version=__version__)
self.networks = {}
self.presence_message = ThorEvent('Thor.Presence', self.node.id)
self.shutdown_message = ThorEvent('Thor.Leave', self.node.id)
credentials = X509Credentials(Config.certificate, Config.private_key,
[Config.ca])
credentials.verify_peer = True
tls_context = TLSContext(credentials)
EventServiceClient.__init__(self, ThorNetworkConfig.domain,
tls_context)
process.signals.add_handler(signal.SIGHUP, self._handle_signal)
process.signals.add_handler(signal.SIGINT, self._handle_signal)
process.signals.add_handler(signal.SIGTERM, self._handle_signal)
def tls_credentials(self):
# This property can be optimized to cache the credentials it loads from disk,
# however this is not a time consuming operation (~ 3000 req/sec). -Luci
settings = SIPSimpleSettings()
tls_certificate = self.tls.certificate or settings.tls.certificate
if tls_certificate is not None:
certificate_data = open(tls_certificate.normalized).read()
certificate = X509Certificate(certificate_data)
private_key = X509PrivateKey(certificate_data)
else:
certificate = None
private_key = None
credentials = X509Credentials(certificate, private_key, [])
credentials.verify_peer = False
return credentials
def test_server_connectionMade_never_called(self):
# trigger case when protocol instance is created,
# but it's connectionMade is never called
from gnutls.interfaces.twisted import X509Credentials
from gnutls.errors import GNUTLSError
cred = X509Credentials(None, None)
ev = Event()
def handle(conn):
ev.send("handle must not be called")
s = reactor.listenTLS(
0, pr.SpawnFactory(handle, LineOnlyReceiverTransport), cred)
creator = pr.GreenClientCreator(reactor, LineOnlyReceiverTransport)
try:
conn = creator.connectTLS('127.0.0.1', s.getHost().port, cred)
except GNUTLSError:
pass
assert ev.poll() is None, repr(ev.poll())
def __init__(self):
self._database = DatabaseConnection()
self.node = ThorEntity(host.default_ip if ServerConfig.address
== '0.0.0.0' else ServerConfig.address,
['xcap_server'],
version=xcap.__version__)
self.networks = {}
self.presence_message = ThorEvent('Thor.Presence', self.node.id)
self.shutdown_message = ThorEvent('Thor.Leave', self.node.id)
credentials = X509Credentials(ThorNodeConfig.certificate,
ThorNodeConfig.private_key,
[ThorNodeConfig.ca])
credentials.verify_peer = True
tls_context = TLSContext(credentials)
self.control = ControlLink(tls_context)
EventServiceClient.__init__(self, ThorNodeConfig.domain, tls_context)
process.signals.add_handler(signal.SIGHUP, self._handle_SIGHUP)
process.signals.add_handler(signal.SIGINT, self._handle_SIGINT)
process.signals.add_handler(signal.SIGTERM, self._handle_SIGTERM)
def _parseTLS(factory,
port,
privateKey='server.pem',
certKey=None,
sslmethod=None,
interface='',
backlog=50):
from gnutls.interfaces.twisted import X509Credentials
from gnutls.crypto import X509Certificate, X509PrivateKey
if certKey is None:
certKey = privateKey
cert = X509Certificate(open(certKey).read())
key = X509PrivateKey(open(privateKey).read())
cf = X509Credentials(cert, key)
return ((int(port), factory, cf), {
'interface': interface,
'backlog': int(backlog)
})
def tls_credentials(self):
# This property can be optimized to cache the credentials it loads from disk,
# however this is not a time consuming operation (~ 3000 req/sec). -Luci
settings = SIPSimpleSettings()
if self.tls.certificate is not None:
certificate_data = open(self.tls.certificate.normalized).read()
certificate = X509Certificate(certificate_data)
private_key = X509PrivateKey(certificate_data)
else:
certificate = None
private_key = None
if settings.tls.ca_list is not None:
# we should read all certificates in the file, rather than just the first -Luci
trusted = [
X509Certificate(open(settings.tls.ca_list.normalized).read())
]
else:
trusted = []
credentials = X509Credentials(certificate, private_key, trusted)
credentials.verify_peer = self.tls.verify_server
return credentials
count = options.count
active = count
succesful = 0
failed = 0
certs_path = os.path.join(gnutls_path, 'examples/certs')
certs_path = os.path.join(gnutls_path, 'examples/certs')
cert = X509Certificate(open(certs_path + '/valid.crt').read())
key = X509PrivateKey(open(certs_path + '/valid.key').read())
ca = X509Certificate(open(certs_path + '/ca.pem').read())
crl = X509CRL(open(certs_path + '/crl.pem').read())
if options.send_certs:
cred = X509Credentials(cert, key, [ca])
else:
cred = X509Credentials(trusted=[ca])
cred.verify_peer = options.verify
context = TLSContext(cred)
echo_factory = EchoFactory()
start_time = time()
for x in range(count):
reactor.connectSSL(host, port, echo_factory, context)
reactor.run()
duration = time() - start_time
rate = count / duration
from twisted.names.srvconnect import SRVConnector
from gnutls.interfaces.twisted import TLSContext, X509Credentials
from eventlet.twistedutil.protocol import GreenClientCreator
from eventlet.twistedutil.protocols.basic import LineOnlyReceiverTransport
class NoisySRVConnector(SRVConnector):
def pickServer(self):
host, port = SRVConnector.pickServer(self)
print 'Resolved _%s._%s.%s --> %s:%s' % (self.service, self.protocol,
self.domain, host, port)
return host, port
cred = X509Credentials(None, None)
ctx = TLSContext(cred)
creator = GreenClientCreator(reactor, LineOnlyReceiverTransport)
conn = creator.connectSRV('msrps',
'ag-projects.com',
connectFuncName='connectTLS',
connectFuncArgs=(ctx, ),
ConnectorClass=NoisySRVConnector)
request = """MSRP 49fh AUTH
To-Path: msrps://[email protected];tcp
From-Path: msrps://alice.example.com:9892/98cjs;tcp
-------49fh$
""".replace('\n', '\r\n')
print 'Sending:\n%s' % request
print 'MAC algorithm:', session.mac_algorithm
print 'Compression: ', session.compression
def lineReceived(self, line):
if line == 'quit':
self.transport.loseConnection()
return
self.sendLine('hello')
def connectionLost(self, reason):
if reason.type != ConnectionDone:
print "Connection was lost:", str(reason.value)
class EchoFactory(Factory):
protocol = EchoProtocol
certs_path = 'certs'
cert = X509Certificate(open(certs_path + '/valid.crt').read())
key = X509PrivateKey(open(certs_path + '/valid.key').read())
cred = X509Credentials(cert, key)
cred.session_params.protocols = (PROTO_TLS1_2, )
cred.session_params.ciphers = (GNUTLS_CIPHER_AES_256_CBC, )
cred.session_params.compressions = (COMP_DEFLATE, COMP_NULL)
reactor.listenTLS(10000, EchoFactory(), cred)
reactor.run()
print 'Compression: %s' % session.compression
def lineReceived(self, line):
if line == 'quit':
self.transport.loseConnection()
return
self.sendLine(line)
def connectionLost(self, reason):
if reason.type != ConnectionDone:
print "Connection was lost: %s" % reason.value
class EchoFactory(Factory):
protocol = EchoProtocol
script_path = os.path.realpath(os.path.dirname(sys.argv[0]))
certs_path = os.path.join(script_path, 'certs')
cert = X509Certificate(open(certs_path + '/valid.crt').read())
key = X509PrivateKey(open(certs_path + '/valid.key').read())
ca = X509Certificate(open(certs_path + '/ca.pem').read())
crl = X509CRL(open(certs_path + '/crl.pem').read())
cred = X509Credentials(cert, key, [ca], [crl])
cred.verify_peer = True
context = TLSContext(cred, session_parameters="NORMAL:+COMP-DEFLATE")
reactor.listenTLS(10000, EchoFactory(), context)
reactor.run()
class TLSMixin(object):
use_tls = True
cert = X509Certificate(open('valid.crt').read())
key = X509PrivateKey(open('valid.key').read())
server_credentials = X509Credentials(cert, key)
class EchoProtocol(LineOnlyReceiver):
def connectionMade(self):
self.sendLine('echo')
def lineReceived(self, line):
print 'received: ', line
self.transport.loseConnection()
def connectionLost(self, reason):
reactor.stop()
class EchoFactory(ClientFactory):
protocol = EchoProtocol
def clientConnectionFailed(self, connector, err):
print err.value
reactor.stop()
cred = X509Credentials()
cred.session_params.protocols = (PROTO_TLS1_2,)
cred.session_params.ciphers = (GNUTLS_CIPHER_AES_256_CBC,)
cred.session_params.compressions = (COMP_DEFLATE, COMP_NULL)
reactor.connectTLS('localhost', 10000, EchoFactory(), cred)
reactor.run()