class NSPRConnection(httplib.HTTPConnection): default_port = httplib.HTTPConnection.default_port def __init__(self, host, port=None, strict=None): httplib.HTTPConnection.__init__(self, host, port, strict) logging.debug('%s init %s', self.__class__.__name__, host) if not nss.nss_is_initialized(): nss.nss_init_nodb() self.sock = None def connect(self): logging.debug("connect: host=%s port=%s", self.host, self.port) try: addr_info = io.AddrInfo(self.host) except Exception, e: logging.error("could not resolve host address \"%s\"", self.host) raise for net_addr in addr_info: net_addr.port = self.port self.sock = io.Socket(net_addr.family) try: logging.debug("try connect: %s", net_addr) self.sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs)) logging.debug("connected to: %s", net_addr) return except Exception, e: logging.debug("connect failed: %s (%s)", net_addr, e)
def connect(self): log.info("connect: host=%s port=%s", self.host, self.port) try: addr_info = io.AddrInfo(self.host) except Exception as e: log.error("could not resolve host address '%s'", self.host) raise for net_addr in addr_info: net_addr.port = self.port self._create_socket(net_addr.family) try: log.info("try connect: %s", net_addr) self.sock.connect(net_addr, timeout=io.seconds_to_interval( self._timeout)) except Exception as e: log.info("connect failed: %s (%s)", net_addr, e) else: log.info("connected to: %s", net_addr) break else: raise IOError( errno.ENOTCONN, "Could not connect to %s at port %d" % (self.host, self.port))
def ssl_connect(): print("SSL connect to: %s" % options.hostname) valid_addr = False # Get the IP Address of our server try: addr_info = io.AddrInfo(options.hostname) except: print("ERROR: could not resolve hostname \"%s\"" % options.hostname) return for net_addr in addr_info: net_addr.port = options.port sock = ssl.SSLSocket(net_addr.family) # Set client SSL socket options sock.set_ssl_option(ssl.SSL_SECURITY, True) sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True) sock.set_hostname(options.hostname) try: sock.set_ssl_version_range("tls1.0", "tls1.3") except NSPRError as e: print("Cannot enable TLS 1.3, {}".format(e)) # Provide a callback which notifies us when the SSL handshake is # complete sock.set_handshake_callback(handshake_callback) try: print("try connecting to: %s" % (net_addr)) sock.connect(net_addr, timeout=io.seconds_to_interval(TIMEOUT_SECS)) print("connected to: %s" % (net_addr)) valid_addr = True break except: continue if not valid_addr: print("ERROR: could not connect to \"%s\"" % options.hostname) return try: # Talk to the server n_received = 0 sock.send(REQUEST.encode('utf-8')) while True: buf = sock.recv(1024) n_received += len(buf) if not buf: break except Exception as e: print(e) sock.shutdown() return sock.shutdown() return
def client(): valid_addr = False # Get the IP Address of our server try: addr_info = io.AddrInfo(options.hostname) except: print("ERROR: could not resolve hostname \"%s\"" % options.hostname) return for net_addr in addr_info: net_addr.port = options.port sock = ssl.SSLSocket(net_addr.family) # Set client SSL socket options sock.set_ssl_option(ssl.SSL_SECURITY, True) sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True) sock.set_hostname(options.hostname) # Provide a callback which notifies us when the SSL handshake is # complete sock.set_handshake_callback(handshake_callback) # Provide a callback to verify the servers certificate sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) try: print("try connecting to: %s" % (net_addr)) sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs)) print("connected to: %s" % (net_addr)) valid_addr = True break except: continue if not valid_addr: print("ERROR: could not connect to \"%s\"" % options.hostname) return try: # Talk to the server n_received = 0 sock.send(request.encode('utf-8')) while True: buf = sock.recv(1024) n_received += len(buf) if not buf: print("\nclient lost connection, received %d bytes" % (n_received)) break except Exception as e: print(e) sock.shutdown() return sock.shutdown() return
def settimeout(self, timeout): if timeout is socket._GLOBAL_DEFAULT_TIMEOUT: timeout = socket.getdefaulttimeout() if timeout is None: timeout = io.PR_INTERVAL_NO_TIMEOUT elif isinstance(timeout, float): # fraction of seconds timeout = int(TICKS_SEC * timeout) else: timeout = io.seconds_to_interval(timeout) self._timeout = timeout
def client(): valid_addr = False # Get the IP Address of our server try: addr_info = io.AddrInfo(hostname) except: print "ERROR: could not resolve hostname \"%s\"" % hostname return for net_addr in addr_info: net_addr.port = port sock = ssl.SSLSocket(net_addr.family) # Set client SSL socket options sock.set_ssl_option(ssl.SSL_SECURITY, True) sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True) sock.set_hostname(hostname) # Provide a callback which notifies us when the SSL handshake is # complete sock.set_handshake_callback(handshake_callback) # Provide a callback to verify the servers certificate sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) try: print "try connecting to: %s" % (net_addr) sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs)) print "connected to: %s" % (net_addr) valid_addr = True break except: continue if not valid_addr: print "ERROR: could not connect to \"%s\"" % hostname return try: # Talk to the server n_received = 0 sock.send(request) while True: buf = sock.recv(1024) n_received += len(buf) if not buf: print "\nclient lost connection, received %d bytes" % (n_received) break except Exception, e: print e.strerror sock.shutdown() return
class NSSConnection(httplib.HTTPConnection): default_port = httplib.HTTPSConnection.default_port def __init__(self, host, port=None, strict=None, dbdir=None, nickname=None, password=None): httplib.HTTPConnection.__init__(self, host, port, strict) if not dbdir: raise RuntimeError("dbdir is required") logging.debug('%s init host=%s dbdir=%s', self.__class__.__name__, host, dbdir) if not nss.nss_is_initialized(): nss.nss_init(dbdir) self.nickname = nickname self.password = password self.sock = None ssl.set_domestic_policy() nss.set_password_callback(password_callback) def _create_socket(self, family): self.sock = ssl.SSLSocket(family) self.sock.set_ssl_option(ssl.SSL_SECURITY, True) self.sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True) self.sock.set_hostname(self.host) # Provide a callback which notifies us when the SSL handshake is complete self.sock.set_handshake_callback(handshake_callback) # Provide a callback to verify the servers certificate self.sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) if self.nickname and self.password: self.sock.set_client_auth_data_callback(client_auth_data_callback, self.nickname,self.password, nss.get_default_certdb()) def connect(self): logging.debug("connect: host=%s port=%s", self.host, self.port) try: addr_info = io.AddrInfo(self.host) except Exception, e: logging.error("could not resolve host address \"%s\"", self.host) raise for net_addr in addr_info: net_addr.port = self.port self._create_socket(net_addr.family) try: logging.debug("try connect: %s", net_addr) self.sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs)) logging.debug("connected to: %s", net_addr) return except Exception, e: logging.debug("connect failed: %s (%s)", net_addr, e)
def connect(self): logging.debug("connect: host=%s port=%s", self.host, self.port) try: addr_info = io.AddrInfo(self.host) except Exception as e: logging.error("could not resolve host address \"%s\"", self.host) raise for net_addr in addr_info: net_addr.port = self.port self.sock = io.Socket(net_addr.family) try: logging.debug("try connect: %s", net_addr) self.sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs)) logging.debug("connected to: %s", net_addr) return except Exception as e: logging.debug("connect failed: %s (%s)", net_addr, e) raise IOError(errno.ENOTCONN, "could not connect to %s at port %d" % (self.host, self.port))
def connect(self): log.info("connect: host=%s port=%s", self.host, self.port) try: addr_info = io.AddrInfo(self.host) except Exception as e: log.error("could not resolve host address '%s'", self.host) raise for net_addr in addr_info: net_addr.port = self.port self._create_socket(net_addr.family) try: log.info("try connect: %s", net_addr) self.sock.connect(net_addr, timeout=io.seconds_to_interval(self._timeout)) except Exception as e: log.info("connect failed: %s (%s)", net_addr, e) else: log.info("connected to: %s", net_addr) break else: raise IOError(errno.ENOTCONN, "Could not connect to %s at port %d" % (self.host, self.port))
def client(request): if use_ssl: if info: print("client: using SSL") ssl.set_domestic_policy() # Get the IP Address of our server try: addr_info = io.AddrInfo(hostname) except Exception as e: print("client: could not resolve host address \"%s\"" % hostname, file=sys.stderr) return for net_addr in addr_info: net_addr.port = port if use_ssl: sock = ssl.SSLSocket(net_addr.family) # Set client SSL socket options sock.set_ssl_option(ssl.SSL_SECURITY, True) sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True) sock.set_hostname(hostname) # Provide a callback which notifies us when the SSL handshake is complete sock.set_handshake_callback(handshake_callback) # Provide a callback to supply our client certificate info sock.set_client_auth_data_callback(client_auth_data_callback, client_nickname, password, nss.get_default_certdb()) # Provide a callback to verify the servers certificate sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) else: sock = io.Socket(net_addr.family) try: if verbose: print("client trying connection to: %s" % (net_addr)) sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs)) if verbose: print("client connected to: %s" % (net_addr)) break except Exception as e: sock.close() print("client: connection to: %s failed (%s)" % (net_addr, e), file=sys.stderr) # Talk to the server try: if info: print("client: sending \"%s\"" % (request)) data = request + "\n"; # newline is protocol record separator sock.send(data.encode('utf-8')) buf = sock.readline() if not buf: print("client: lost connection", file=sys.stderr) sock.close() return buf = buf.decode('utf-8') buf = buf.rstrip() # remove newline record separator if info: print("client: received \"%s\"" % (buf)) except Exception as e: print("client: %s" % e, file=sys.stderr) try: sock.close() except: pass return try: sock.shutdown() except Exception as e: print("client: %s" % e, file=sys.stderr) try: sock.close() if use_ssl: ssl.clear_session_cache() except Exception as e: print("client: %s" % e, file=sys.stderr) return buf
# Provide a callback which notifies us when the SSL handshake is complete sock.set_handshake_callback(handshake_callback) # Provide a callback to supply our client certificate info sock.set_client_auth_data_callback(client_auth_data_callback, client_nickname, password, nss.get_default_certdb()) # Provide a callback to verify the servers certificate sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) else: sock = io.Socket(net_addr.family) try: if verbose: print "client trying connection to: %s" % (net_addr) sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs)) if verbose: print "client connected to: %s" % (net_addr) valid_addr = True break except Exception, e: sock.close() print >>sys.stderr, "client: connection to: %s failed (%s)" % (net_addr, e) if not valid_addr: print >>sys.stderr, "Could not establish valid address for \"%s\" in family %s" % \ (hostname, io.addr_family_name(family)) return # Talk to the server try: if info: print "client: sending \"%s\"" % (request)
def client(request): if use_ssl: if info: print("client: using SSL") ssl.set_domestic_policy() # Get the IP Address of our server try: addr_info = io.AddrInfo(hostname) except Exception as e: print("client: could not resolve host address \"%s\"" % hostname, file=sys.stderr) return for net_addr in addr_info: net_addr.port = port if use_ssl: sock = ssl.SSLSocket(net_addr.family) # Set client SSL socket options sock.set_ssl_option(ssl.SSL_SECURITY, True) sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True) sock.set_hostname(hostname) # Provide a callback which notifies us when the SSL handshake is complete sock.set_handshake_callback(handshake_callback) # Provide a callback to supply our client certificate info sock.set_client_auth_data_callback(client_auth_data_callback, client_nickname, password, nss.get_default_certdb()) # Provide a callback to verify the servers certificate sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) else: sock = io.Socket(net_addr.family) try: if verbose: print("client trying connection to: %s" % (net_addr)) sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs)) if verbose: print("client connected to: %s" % (net_addr)) break except Exception as e: sock.close() print("client: connection to: %s failed (%s)" % (net_addr, e), file=sys.stderr) # Talk to the server try: if info: print("client: sending \"%s\"" % (request)) data = request + "\n" # newline is protocol record separator sock.send(data.encode('utf-8')) buf = sock.readline() if not buf: print("client: lost connection", file=sys.stderr) sock.close() return buf = buf.decode('utf-8') buf = buf.rstrip() # remove newline record separator if info: print("client: received \"%s\"" % (buf)) except Exception as e: print("client: %s" % e, file=sys.stderr) try: sock.close() except: pass return try: sock.shutdown() except Exception as e: print("client: %s" % e, file=sys.stderr) try: sock.close() if use_ssl: ssl.clear_session_cache() except Exception as e: print("client: %s" % e, file=sys.stderr) return buf
# Provide a callback to supply our client certificate info sock.set_client_auth_data_callback(client_auth_data_callback, client_nickname, password, nss.get_default_certdb()) # Provide a callback to verify the servers certificate sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) else: sock = io.Socket(net_addr.family) try: if verbose: print "client trying connection to: %s" % (net_addr) sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs)) if verbose: print "client connected to: %s" % (net_addr) valid_addr = True break except Exception, e: sock.close() print >> sys.stderr, "client: connection to: %s failed (%s)" % ( net_addr, e) if not valid_addr: print >>sys.stderr, "Could not establish valid address for \"%s\" in family %s" % \ (hostname, io.addr_family_name(family)) return # Talk to the server try:
def Client(): valid_addr = False # Get the IP Address of our server try: addr_info = io.AddrInfo(options.hostname) except Exception as e: print("could not resolve host address \"%s\"" % options.hostname) return for net_addr in addr_info: if options.family != io.PR_AF_UNSPEC: if net_addr.family != options.family: continue net_addr.port = options.port if options.use_ssl: sock = ssl.SSLSocket(net_addr.family) # Set client SSL socket options sock.set_ssl_option(ssl.SSL_SECURITY, True) sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True) sock.set_hostname(options.hostname) # Provide a callback which notifies us when the SSL handshake is complete sock.set_handshake_callback(handshake_callback) # Provide a callback to supply our client certificate info sock.set_client_auth_data_callback( client_auth_data_callback, options.client_nickname, options.password, nss.get_default_certdb(), ) # Provide a callback to verify the servers certificate sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) else: sock = io.Socket(net_addr.family) try: print("client trying connection to: %s" % (net_addr)) sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs)) print("client connected to: %s" % (net_addr)) valid_addr = True break except Exception as e: sock.close() print("client connection to: %s failed (%s)" % (net_addr, e)) if not valid_addr: print("Could not establish valid address for \"%s\" in family %s" % (options.hostname, io.addr_family_name(options.family))) return # Talk to the server try: data = 'Hello' + '\n' # newline is protocol record separator sock.send(data.encode('utf-8')) buf = sock.readline() if not buf: print("client lost connection") sock.close() return buf = buf.decode('utf-8') buf = buf.rstrip() # remove newline record separator print("client received: %s" % (buf)) except Exception as e: print(e.strerror) try: sock.close() except: pass return # End of (simple) protocol session? if buf == 'Goodbye': try: sock.shutdown() except: pass try: sock.close() if options.use_ssl: ssl.clear_session_cache() except Exception as e: print(e)
def Client(): valid_addr = False # Get the IP Address of our server try: addr_info = io.AddrInfo(options.hostname) except Exception as e: print("could not resolve host address \"%s\"" % options.hostname) return for net_addr in addr_info: if options.family != io.PR_AF_UNSPEC: if net_addr.family != options.family: continue net_addr.port = options.port if options.use_ssl: sock = ssl.SSLSocket(net_addr.family) # Set client SSL socket options sock.set_ssl_option(ssl.SSL_SECURITY, True) sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True) sock.set_hostname(options.hostname) # Provide a callback which notifies us when the SSL handshake is complete sock.set_handshake_callback(handshake_callback) # Provide a callback to supply our client certificate info sock.set_client_auth_data_callback(client_auth_data_callback, options.client_nickname, options.password, nss.get_default_certdb()) # Provide a callback to verify the servers certificate sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) else: sock = io.Socket(net_addr.family) try: print("client trying connection to: %s" % (net_addr)) sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs)) print("client connected to: %s" % (net_addr)) valid_addr = True break except Exception as e: sock.close() print("client connection to: %s failed (%s)" % (net_addr, e)) if not valid_addr: print("Could not establish valid address for \"%s\" in family %s" % \ (options.hostname, io.addr_family_name(options.family))) return # Talk to the server try: data = 'Hello' + '\n' # newline is protocol record separator sock.send(data.encode('utf-8')) buf = sock.readline() if not buf: print("client lost connection") sock.close() return buf = buf.decode('utf-8') buf = buf.rstrip() # remove newline record separator print("client received: %s" % (buf)) except Exception as e: print(e.strerror) try: sock.close() except: pass return # End of (simple) protocol session? if buf == 'Goodbye': try: sock.shutdown() except: pass try: sock.close() if options.use_ssl: ssl.clear_session_cache() except Exception as e: print(e)
# Provide a callback which notifies us when the SSL handshake is complete sock.set_handshake_callback(handshake_callback) # Provide a callback to supply our client certificate info sock.set_client_auth_data_callback(client_auth_data_callback, client_nickname, password, nss.get_default_certdb()) # Provide a callback to verify the servers certificate sock.set_auth_certificate_callback(auth_certificate_callback, nss.get_default_certdb()) else: sock = io.Socket(net_addr.family) try: print "client trying connection to: %s" % (net_addr) sock.connect(net_addr, timeout=io.seconds_to_interval(timeout_secs)) print "client connected to: %s" % (net_addr) valid_addr = True break except Exception, e: sock.close() print "client connection to: %s failed (%s)" % (net_addr, e) if not valid_addr: print "Could not establish valid address for \"%s\" in family %s" % \ (hostname, io.addr_family_name(family)) return # Talk to the server try: sock.send("Hello")
try: from nss.ssl import SSL_REQUIRE_SAFE_NEGOTIATION from nss.ssl import SSL_ENABLE_RENEGOTIATION from nss.ssl import SSL_RENEGOTIATE_REQUIRES_XTN except ImportError: SSL_REQUIRE_SAFE_NEGOTIATION = 21 SSL_ENABLE_RENEGOTIATION = 21 SSL_RENEGOTIATE_REQUIRES_XTN = 2 logger = logging.getLogger('nssta') DEFAULT_TIMEOUT = io.PR_INTERVAL_NO_TIMEOUT TW_TIMEOUT = io.PR_INTERVAL_NO_TIMEOUT - 1 TICKS_SEC = io.seconds_to_interval(1) SEC_TICKS = 1. / TICKS_SEC class NSSAdapterException(Exception): pass class TimeoutWrapper(object): """Wrap NSS socket to support timeout on an object level nss.io.Socket and nss.ssl.SSLSocket objects don't have a gettimeout() and settimeout() method. Their methods like connect() and recv() have a timeout argument instead. """ __slots__ = ('_sock', '_timeout')