def __init__(self): self.accounting = [ __import__('mediaproxy.interfaces.accounting.%s' % mod.lower(), globals(), locals(), ['']).Accounting() for mod in set(DispatcherConfig.accounting) ] self.cred = X509Credentials(cert_name='dispatcher') self.tls_context = TLSContext(self.cred) self.relay_factory = RelayFactory(self) dispatcher_addr, dispatcher_port = DispatcherConfig.listen self.relay_listener = reactor.listenTLS(dispatcher_port, self.relay_factory, self.tls_context, interface=dispatcher_addr) self.opensips_factory = OpenSIPSControlFactory(self) socket_path = process.runtime.file(DispatcherConfig.socket_path) unlink(socket_path) self.opensips_listener = reactor.listenUNIX(socket_path, self.opensips_factory) self.opensips_management = opensips.ManagementInterface() self.management_factory = ManagementControlFactory(self) management_addr, management_port = DispatcherConfig.listen_management if DispatcherConfig.management_use_tls: self.management_listener = reactor.listenTLS( management_port, self.management_factory, self.tls_context, interface=management_addr) else: self.management_listener = reactor.listenTCP( management_port, self.management_factory, interface=management_addr)
def _start_https(self, reactor): from gnutls.interfaces.twisted import TLSContext, X509Credentials cert, pKey = TLSConfig.certificate, TLSConfig.private_key if cert is None or pKey is None: log.fatal("the TLS certificates or the private key could not be loaded") sys.exit(1) credentials = X509Credentials(cert, pKey) tls_context = TLSContext(credentials) reactor.listenTLS(ServerConfig.root.port, HTTPFactory(self.site), tls_context, interface=ServerConfig.address) log.msg("TLS started")
def _start_https(self, reactor): from gnutls.interfaces.twisted import X509Credentials from gnutls.connection import TLSContext, TLSContextServerOptions cert, pKey = TLSConfig.certificate, TLSConfig.private_key if cert is None or pKey is None: log.fatal("the TLS certificates or the private key could not be loaded") sys.exit(1) credentials = X509Credentials(cert, pKey) tls_context = TLSContext(credentials, server_options=TLSContextServerOptions(certificate_request=None)) reactor.listenTLS(ServerConfig.root.port, HTTPFactory(self.site), tls_context, interface=ServerConfig.address) log.msg("TLS started")
def _start_https(self, reactor): from gnutls.interfaces.twisted import X509Credentials from gnutls.connection import TLSContext, TLSContextServerOptions cert, pKey = TLSConfig.certificate, TLSConfig.private_key if cert is None or pKey is None: log.critical('The TLS certificate/key could not be loaded') sys.exit(1) credentials = X509Credentials(cert, pKey) tls_context = TLSContext( credentials, server_options=TLSContextServerOptions(certificate_request=None)) reactor.listenTLS(ServerConfig.root.port, HTTPFactory(self.site), tls_context, interface=ServerConfig.address) log.info('TLS started')
def __init__(self): self.accounting = [__import__("mediaproxy.interfaces.accounting.%s" % mod.lower(), globals(), locals(), [""]).Accounting() for mod in set(DispatcherConfig.accounting)] self.cred = X509Credentials(cert_name='dispatcher') self.relay_factory = RelayFactory(self) dispatcher_addr, dispatcher_port = DispatcherConfig.listen self.relay_listener = reactor.listenTLS(dispatcher_port, self.relay_factory, self.cred, interface=dispatcher_addr) self.opensips_factory = OpenSIPSControlFactory(self) socket_path = process.runtime_file(DispatcherConfig.socket_path) unlink(socket_path) self.opensips_listener = reactor.listenUNIX(socket_path, self.opensips_factory) self.opensips_management = opensips.ManagementInterface() self.management_factory = ManagementControlFactory(self) management_addr, management_port = DispatcherConfig.listen_management if DispatcherConfig.management_use_tls: self.management_listener = reactor.listenTLS(management_port, self.management_factory, self.cred, interface=management_addr) else: self.management_listener = reactor.listenTCP(management_port, self.management_factory, interface=management_addr)
def startService(self): factory = ITFactory(self.database_pool, self.database_type, self.storage_path, self.server_test, self.detection_path) if self.encryption_enabled == 'True': log.msg('Server started to listen for TLS connections') c = mycertificates.TLSCertificates(certs_path=self.encryption_ca) reactor.listenTLS(int(self.server_port), factory, c.credentials) elif self.encryption == 'False': log.msg('Server started to listen for TCP connections') reactor.listenTCP(int(self.server_port), factory) else: log.msg('Encryption in server.conf should be either True or False, invalid encryption specified: ', self.encryption_enabled) reactor.run()
def test_server_connectionMade_never_called(self): # trigger case when protocol instance is created, # but it's connectionMade is never called from gnutls.interfaces.twisted import X509Credentials from gnutls.errors import GNUTLSError cred = X509Credentials(None, None) ev = Event() def handle(conn): ev.send("handle must not be called") s = reactor.listenTLS(0, pr.SpawnFactory(handle, LineOnlyReceiverTransport), cred) creator = pr.GreenClientCreator(reactor, LineOnlyReceiverTransport) try: conn = creator.connectTLS('127.0.0.1', s.getHost().port, cred) except GNUTLSError: pass assert ev.poll() is None, repr(ev.poll())
def _listen(self, local_uri, factory): from twisted.internet import reactor if local_uri.use_tls: port = reactor.listenTLS(local_uri.port or 0, factory, TLSContext(local_uri.credentials), interface=local_uri.host) else: port = reactor.listenTCP(local_uri.port or 0, factory, interface=local_uri.host) local_uri.port = port.getHost().port self.logger.info('Listening for incoming %s connections on %s:%s' % (local_uri.scheme.upper(), port.getHost().host, port.getHost().port)) return port
def test_server_connectionMade_never_called(self): # trigger case when protocol instance is created, # but it's connectionMade is never called from gnutls.interfaces.twisted import X509Credentials from gnutls.errors import GNUTLSError cred = X509Credentials(None, None) ev = Event() def handle(conn): ev.send("handle must not be called") s = reactor.listenTLS( 0, pr.SpawnFactory(handle, LineOnlyReceiverTransport), cred) creator = pr.GreenClientCreator(reactor, LineOnlyReceiverTransport) try: conn = creator.connectTLS('127.0.0.1', s.getHost().port, cred) except GNUTLSError: pass assert ev.poll() is None, repr(ev.poll())
print 'Compression: %s' % session.compression def lineReceived(self, line): if line == 'quit': self.transport.loseConnection() return self.sendLine(line) def connectionLost(self, reason): if reason.type != ConnectionDone: print "Connection was lost: %s" % reason.value class EchoFactory(Factory): protocol = EchoProtocol script_path = os.path.realpath(os.path.dirname(sys.argv[0])) certs_path = os.path.join(script_path, 'certs') cert = X509Certificate(open(certs_path + '/valid.crt').read()) key = X509PrivateKey(open(certs_path + '/valid.key').read()) ca = X509Certificate(open(certs_path + '/ca.pem').read()) crl = X509CRL(open(certs_path + '/crl.pem').read()) cred = X509Credentials(cert, key, [ca], [crl]) cred.verify_peer = True context = TLSContext(cred, session_parameters="NORMAL:+COMP-DEFLATE") reactor.listenTLS(10000, EchoFactory(), context) reactor.run()
print 'MAC algorithm: %s' % session.mac_algorithm print 'Compression: %s' % session.compression def lineReceived(self, line): if line == 'quit': self.transport.loseConnection() return self.sendLine(line) def connectionLost(self, reason): if reason.type != ConnectionDone: print "Connection was lost: %s" % reason.value class EchoFactory(Factory): protocol = EchoProtocol script_path = os.path.realpath(os.path.dirname(sys.argv[0])) certs_path = os.path.join(script_path, 'certs') cert = X509Certificate(open(certs_path + '/valid.crt').read()) key = X509PrivateKey(open(certs_path + '/valid.key').read()) ca = X509Certificate(open(certs_path + '/ca.pem').read()) crl = X509CRL(open(certs_path + '/crl.pem').read()) cred = X509Credentials(cert, key, [ca], [crl]) cred.verify_peer = True cred.session_params.compressions = (COMP_LZO, COMP_DEFLATE, COMP_NULL) reactor.listenTLS(10000, EchoFactory(), cred) reactor.run()
print 'MAC algorithm: %s' % session.mac_algorithm print 'Compression: %s' % session.compression def lineReceived(self, line): if line == 'quit': self.transport.loseConnection() return self.sendLine(line) def connectionLost(self, reason): if reason.type != ConnectionDone: print "Connection was lost: %s" % reason.value class EchoFactory(Factory): protocol = EchoProtocol script_path = os.path.realpath(os.path.dirname(sys.argv[0])) certs_path = os.path.join(script_path, 'certs') cert = X509Certificate(open(certs_path + '/valid.crt').read()) key = X509PrivateKey(open(certs_path + '/valid.key').read()) ca = X509Certificate(open(certs_path + '/ca.pem').read()) crl = X509CRL(open(certs_path + '/crl.pem').read()) cred = X509Credentials(cert, key, [ca], [crl]) cred.verify_peer = True context = TLSContext(cred, session_parameters="NORMAL:+COMP-DEFLATE") reactor.listenTLS(10000, EchoFactory(), context) reactor.run()
print 'MAC algorithm:', session.mac_algorithm print 'Compression: ', session.compression def lineReceived(self, line): if line == 'quit': self.transport.loseConnection() return self.sendLine('hello') def connectionLost(self, reason): if reason.type != ConnectionDone: print "Connection was lost:", str(reason.value) class EchoFactory(Factory): protocol = EchoProtocol certs_path = 'certs' cert = X509Certificate(open(certs_path + '/valid.crt').read()) key = X509PrivateKey(open(certs_path + '/valid.key').read()) cred = X509Credentials(cert, key) cred.session_params.protocols = (PROTO_TLS1_2, ) cred.session_params.ciphers = (GNUTLS_CIPHER_AES_256_CBC, ) cred.session_params.compressions = (COMP_DEFLATE, COMP_NULL) reactor.listenTLS(10000, EchoFactory(), cred) reactor.run()
action="store_true", default=0, help="verbose output") parser.add_option("-m", "--memory", dest="memory", action="store_true", default=0, help="debug memory leaks") options, args = parser.parse_args() if options.memory: from application.debug.memory import * certs_path = os.path.join(gnutls_path, 'examples/certs') cert = X509Certificate(open(certs_path + '/valid.crt').read()) key = X509PrivateKey(open(certs_path + '/valid.key').read()) ca = X509Certificate(open(certs_path + '/ca.pem').read()) crl = X509CRL(open(certs_path + '/crl.pem').read()) cred = X509Credentials(cert, key, [ca], [crl]) cred.verify_peer = options.verify context = TLSContext(cred) reactor.listenTLS(options.port, EchoFactory(), context) reactor.run() if options.memory: memory_dump()
help="specify port to listen on (default = 10000)", metavar="port") parser.add_option("-v", "--verify", dest="verify", action="store_true", default=0, help="verify peer certificates") parser.add_option("-V", "--verbose", dest="verbose", action="store_true", default=0, help="verbose output") parser.add_option("-m", "--memory", dest="memory", action="store_true", default=0, help="debug memory leaks") options, args = parser.parse_args() if options.memory: from application.debug.memory import * certs_path = os.path.join(gnutls_path, 'examples/certs') cert = X509Certificate(open(certs_path + '/valid.crt').read()) key = X509PrivateKey(open(certs_path + '/valid.key').read()) ca = X509Certificate(open(certs_path + '/ca.pem').read()) crl = X509CRL(open(certs_path + '/crl.pem').read()) cred = X509Credentials(cert, key, [ca], [crl]) cred.verify_peer = options.verify context = TLSContext(cred) reactor.listenTLS(options.port, EchoFactory(), context) reactor.run() if options.memory: memory_dump()