Пример #1
0
    def _createSSLEngine(self, addr, hostname=None, cert_file=None, key_file=None):
        trust_managers = [NoVerifyX509TrustManager()]
        if self.verify_mode == CERT_REQUIRED:
            tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
            tmf.init(self._trust_store)
            trust_managers = [CompositeX509TrustManager(tmf.getTrustManagers())]

        context = _JavaSSLContext.getInstance(self._protocol_name)

        if self._key_managers is None:
            context.init(
                _get_openssl_key_manager(
                    cert_file=cert_file, key_file=key_file).getKeyManagers(),
                trust_managers, None)
        else:
            context.init(
                self._key_managers.getKeyManagers(),
                trust_managers, None)

        # addr could be ipv6, only extract relevant parts
        engine = context.createSSLEngine((hostname or addr[0]), addr[1])

        # apparently this can be used to enforce hostname verification
        if hostname is not None and self._check_hostname:
            params = engine.getSSLParameters()
            params.setEndpointIdentificationAlgorithm('HTTPS')
            engine.setSSLParameters(params)

        if self._ciphers is not None:
            engine.setEnabledCipherSuites(self._ciphers)

        return engine
Пример #2
0
    def _createSSLEngine(self, addr, hostname=None, cert_file=None, key_file=None):
        trust_managers = [NoVerifyX509TrustManager()]
        if self.verify_mode == CERT_REQUIRED:
            tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
            tmf.init(self._trust_store)
            trust_managers = [CompositeX509TrustManager(tmf.getTrustManagers())]

        context = _JavaSSLContext.getInstance(self._protocol_name)

        if self._key_managers is None:
            context.init(
                _get_openssl_key_manager(
                    cert_file=cert_file, key_file=key_file).getKeyManagers(),
                trust_managers, None)
        else:
            context.init(
                self._key_managers.getKeyManagers(),
                trust_managers, None)

        if hostname is not None:
            engine = context.createSSLEngine(hostname, addr[1])
        else:
            engine = context.createSSLEngine(*addr)

        # apparently this can be used to enforce hostname verification
        if hostname is not None and self._check_hostname:
            params = engine.getSSLParameters()
            params.setEndpointIdentificationAlgorithm('HTTPS')
            engine.setSSLParameters(params)

        if self._ciphers is not None:
            engine.setEnabledCipherSuites(self._ciphers)

        return engine
Пример #3
0
def DefaultTrustManager():
    trustManagerFactory = TrustManagerFactory.getInstance(
        TrustManagerFactory.getDefaultAlgorithm())
    trustManagerFactory.init(None)
    for trustManager in trustManagerFactory.getTrustManagers():
        if isinstance(trustManager, X509TrustManager):
            return trustManager
    return None
Пример #4
0
def _get_ca_certs_trust_manager(ca_certs):
    trust_store = KeyStore.getInstance(KeyStore.getDefaultType())
    trust_store.load(None, None)
    with open(ca_certs) as f:
        cf = CertificateFactory.getInstance("X.509")
        for cert in cf.generateCertificates(BufferedInputStream(f)):
            trust_store.setCertificateEntry(str(uuid.uuid4()), cert)

    tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
    tmf.init(trust_store)
    return tmf
Пример #5
0
def _get_ca_certs_trust_manager(ca_certs):
    trust_store = KeyStore.getInstance(KeyStore.getDefaultType())
    trust_store.load(None, None)
    num_certs_installed = 0
    with open(ca_certs) as f:
        cf = CertificateFactory.getInstance("X.509")
        for cert in cf.generateCertificates(BufferedInputStream(f)):
            trust_store.setCertificateEntry(str(uuid.uuid4()), cert)
            num_certs_installed += 1
    tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
    tmf.init(trust_store)
    log.debug("Installed %s certificates", num_certs_installed, extra={"sock": "*"})
    return tmf
Пример #6
0
def _get_ca_certs_trust_manager(ca_certs=None):
    trust_store = KeyStore.getInstance(KeyStore.getDefaultType())
    trust_store.load(None, None)
    num_certs_installed = 0
    if ca_certs is not None:
        with open(ca_certs) as f:
            cf = CertificateFactory.getInstance("X.509")
            for cert in cf.generateCertificates(BufferedInputStream(f)):
                trust_store.setCertificateEntry(str(uuid.uuid4()), cert)
                num_certs_installed += 1
    tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
    tmf.init(trust_store)
    log.debug("Installed %s certificates", num_certs_installed, extra={"sock": "*"})
    return tmf
Пример #7
0
 def trustSpecificCertificate(self, pemCertificateFile, pemCertificateAlias):
         from java.io import BufferedInputStream, FileInputStream
         from java.security import KeyStore
         from java.security.cert import CertificateFactory, X509Certificate
         from javax.net.ssl import SSLContext, TrustManagerFactory
         
         fis = FileInputStream(pemCertificateFile)
         bis = BufferedInputStream(fis)
         ca = CertificateFactory.getInstance("X.509").generateCertificate(bis)
         ks = KeyStore.getInstance(KeyStore.getDefaultType())
         ks.load(None, None)
         ks.setCertificateEntry(pemCertificateAlias, ca)
         tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
         tmf.init(ks)
         context = SSLContext.getInstance("SSL")
         context.init(None, tmf.getTrustManagers(), None)
         SSLContext.setDefault(context)
Пример #8
0
    def _createSSLEngine(self):
        trust_managers = [NoVerifyX509TrustManager()]
        if self.verify_mode == CERT_REQUIRED:
            tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
            tmf.init(self._trust_store)
            trust_managers = tmf.getTrustManagers()

        if self._key_managers is None:  # get an e
            self._context.init(_get_openssl_key_manager().getKeyManagers(), trust_managers, None)
        else:
            self._context.init(self._key_managers.getKeyManagers(), trust_managers, None)

        engine = self._context.createSSLEngine()

        if self._ciphers is not None:
            engine.setEnabledCipherSuites(self._ciphers)

        return engine
Пример #9
0
    def trustSpecificCertificate(self, pemCertificateFile,
                                 pemCertificateAlias):
        from java.io import BufferedInputStream, FileInputStream
        from java.security import KeyStore
        from java.security.cert import CertificateFactory, X509Certificate
        from javax.net.ssl import SSLContext, TrustManagerFactory

        fis = FileInputStream(pemCertificateFile)
        bis = BufferedInputStream(fis)
        ca = CertificateFactory.getInstance("X.509").generateCertificate(bis)
        ks = KeyStore.getInstance(KeyStore.getDefaultType())
        ks.load(None, None)
        ks.setCertificateEntry(pemCertificateAlias, ca)
        tmf = TrustManagerFactory.getInstance(
            TrustManagerFactory.getDefaultAlgorithm())
        tmf.init(ks)
        context = SSLContext.getInstance("SSL")
        context.init(None, tmf.getTrustManagers(), None)
        SSLContext.setDefault(context)
Пример #10
0
    def _createSSLEngine(self):
        trust_managers = [NoVerifyX509TrustManager()]
        if self.verify_mode == CERT_REQUIRED:
            tmf = TrustManagerFactory.getInstance(
                TrustManagerFactory.getDefaultAlgorithm())
            tmf.init(self._trust_store)
            trust_managers = tmf.getTrustManagers()

        if self._key_managers is None:  # get an e
            self._context.init(_get_openssl_key_manager().getKeyManagers(),
                               trust_managers, None)
        else:
            self._context.init(self._key_managers.getKeyManagers(),
                               trust_managers, None)

        engine = self._context.createSSLEngine()

        if self._ciphers is not None:
            engine.setEnabledCipherSuites(self._ciphers)

        return engine