def set_own_cert(self, cert, key, passwd=None): """ Configure own certificate and key. """ cert_char = pynng.nng.to_char(cert) key_char = pynng.nng.to_char(key) passwd_char = pynng.nng.to_char(passwd) if passwd is not None else pynng.ffi.NULL err = pynng.lib.nng_tls_config_own_cert(self._tls_config, cert_char, key_char, passwd_char) pynng.check_err(err)
def _getopt_string(py_obj, option): """Gets the specified string option""" opt = pynng.ffi.new('char *[]', 1) opt_as_char = pynng.nng.to_char(option) obj, lib_func = _get_inst_and_func(py_obj, 'string', 'get') ret = lib_func(obj, opt_as_char, opt) pynng.check_err(ret) py_string = pynng.ffi.string(opt[0]).decode() pynng.lib.nng_strfree(opt[0]) return py_string
def _setopt_string(py_obj, option, value): """Sets the specified option to the specified value This is different than the library's nng_setopt_string, because it expects the string to be NULL terminated, and we don't. """ opt_as_char = pynng.nng.to_char(option) val_as_char = pynng.nng.to_char(value) obj, lib_func = _get_inst_and_func(py_obj, 'string', 'set') ret = lib_func(obj, opt_as_char, val_as_char, len(value)) pynng.check_err(ret)
def set_cert_key_file(self, path, passwd=None): """ Load own certificate and key from file. """ path_char = pynng.nng.to_char(path) passwd_char = pynng.nng.to_char( passwd) if passwd is not None else pynng.ffi.NULL err = pynng.lib.nng_tls_config_cert_key_file(self._tls_config, path_char, passwd_char) pynng.check_err(err)
def set_ca_chain(self, chain, crl=None): """ Configure certificate authority certificate chain. """ chain_char = pynng.nng.to_char(chain) crl_char = pynng.nng.to_char( crl) if crl is not None else pynng.ffi.NULL err = pynng.lib.nng_tls_config_ca_chain(self._tls_config, chain_char, crl_char) pynng.check_err(err)
def _setopt_int(py_obj, option, value): """Sets the specified option to the specified value""" opt_as_char = pynng.nng.to_char(option) # attempt to accept floats that are exactly int if not int(value) == value: msg = 'Invalid value {} of type {}. Expected int.' msg = msg.format(value, type(value)) raise ValueError(msg) obj, lib_func = _get_inst_and_func(py_obj, 'int', 'set') value = int(value) err = lib_func(obj, opt_as_char, value) pynng.check_err(err)
def _setopt_ptr(py_obj, option, value): if isinstance(value, pynng.tls.TLSConfig): value_ptr = value._tls_config else: msg = 'Invalid value {} of type {}. Expected TLSConfig.' msg = msg.format(value, type(value)) raise ValueError(msg) option_char = pynng.nng.to_char(option) obj, lib_func = _get_inst_and_func(py_obj, 'ptr', 'set') ret = lib_func(obj, option_char, value_ptr) pynng.check_err(ret)
def __init__(self, mode, server_name=None, ca_string=None, own_key_string=None, own_cert_string=None, auth_mode=None, ca_files=None, cert_key_file=None, passwd=None): if ca_string and ca_files: raise ValueError("Cannot set both ca_string and ca_files!") if (own_cert_string or own_key_string) and cert_key_file: raise ValueError( "Cannot set both own_{key,cert}_string an cert_key_file!") if bool(own_cert_string) != bool(own_key_string): raise ValueError( "own_key_string and own_cert_string must be both set or unset") if isinstance(ca_files, str): # assume the user really intended to only set a single ca file. ca_files = [ca_files] tls_config_p = pynng.ffi.new('nng_tls_config **') pynng.check_err(pynng.lib.nng_tls_config_alloc(tls_config_p, mode)) self._tls_config = tls_config_p[0] if server_name: self.set_server_name(server_name) if ca_string: self.set_ca_chain(ca_string) if own_key_string and own_cert_string: self.set_own_cert(own_cert_string, own_key_string, passwd) if auth_mode: self.set_auth_mode(auth_mode) if ca_files: for f in ca_files: self.add_ca_file(f) if cert_key_file: self.set_cert_key_file(cert_key_file, passwd)
def __init__(self, mode, server_name=None, ca_string=None, own_key_string=None, own_cert_string=None, auth_mode=None, ca_files=None, cert_key_file=None, passwd=None): """ Create a new tls config object. mode must be ether MODE_CLIENT or MODE_SERVER """ if ca_string and ca_files: raise ValueError("Cannot set both ca_string and ca_files!") if (own_cert_string or own_key_string) and cert_key_file: raise ValueError("Cannot set both own_{key,cert}_string an cert_key_file!") if bool(own_cert_string) != bool(own_key_string): raise ValueError("own_key_string and own_cert_string must be both set or unset") tls_config_p = pynng.ffi.new('nng_tls_config **') pynng.check_err(pynng.lib.nng_tls_config_alloc(tls_config_p, mode)) self._tls_config = tls_config_p[0] if server_name: self.set_server_name(server_name) if ca_string: self.set_ca_chain(ca_string) if own_key_string and own_cert_string: self.set_own_cert(own_cert_string, own_key_string, passwd) if auth_mode: self.set_auth_mode(auth_mode) if ca_files: for f in ca_files: self.add_ca_file(f) if cert_key_file: self.set_cert_key_file(cert_key_file, passwd)
def _setopt_bool(py_obj, option, value): """Sets the specified option to the specified value.""" opt_as_char = pynng.nng.to_char(option) obj, lib_func = _get_inst_and_func(py_obj, 'bool', 'set') ret = lib_func(obj, opt_as_char, value) pynng.check_err(ret)
def set_auth_mode(self, mode): """ Configure authentication mode. """ err = pynng.lib.nng_tls_config_auth_mode(self._tls_config, mode) pynng.check_err(err)