diff options
| -rw-r--r-- | scripts/http-client.py | 40 | ||||
| -rw-r--r-- | scripts/http-server.py | 70 | ||||
| -rw-r--r-- | scripts/rpki/https.py | 65 |
3 files changed, 58 insertions, 117 deletions
diff --git a/scripts/http-client.py b/scripts/http-client.py index 02af3659..ed1019fa 100644 --- a/scripts/http-client.py +++ b/scripts/http-client.py @@ -1,40 +1,6 @@ # $Id$ -import httplib, tlslite.api +import rpki.https -certChain = [] -for file in ("biz-certs/Dave-EE.cer", "biz-certs/Dave-CA.cer"): - f = open(file, "r") - x509 = tlslite.api.X509() - x509.parse(f.read()) - f.close() - certChain.append(x509) -certChain = tlslite.api.X509CertChain(certChain) - -f = open("biz-certs/Dave-EE.key", "r") -privateKey = tlslite.api.parsePEMKey(f.read(), private=True) -f.close() - -x509TrustList = [] -for file in ("biz-certs/Alice-Root.cer", "biz-certs/Bob-Root.cer", "biz-certs/Carol-Root.cer"): - f = open(file, "r") - x509 = tlslite.api.X509() - x509.parse(f.read()) - f.close() - x509TrustList.append(x509) - -https = tlslite.api.HTTPTLSConnection(host="localhost", port=4433, certChain=certChain, privateKey=privateKey, x509TrustList=x509TrustList) - -https.connect() -https.request("POST", "/", "This is a test. This is only a test. Had this been real you would now be really confused.\n", {"Content-Type":"application/wombat"}) -response = https.getresponse() - -for h in response.getheaders(): - print "%s: %s" % h -print -if response.status == httplib.OK: - print "OK" -else: - print "Ouch" -print -print response.read() +certInfo = rpki.https.CertInfo("Dave") +print rpki.https.client(certInfo=certInfo, msg="This is a test. This is only a test. Had this been real you would now be really confused.\n") diff --git a/scripts/http-server.py b/scripts/http-server.py index 4417bf84..8c302b9b 100644 --- a/scripts/http-server.py +++ b/scripts/http-server.py @@ -1,54 +1,26 @@ # $Id$ -import BaseHTTPServer, tlslite.api - -class requestHandler(BaseHTTPServer.BaseHTTPRequestHandler): - - def do_POST(self): - echo = "" - for h in self.headers: - echo += "%s: %s\n" % (h, self.headers[h]) - self.query_string = self.rfile.read(int(self.headers["Content-Length"])) - echo += self.query_string - - if False: - f = open("http-server.log", "a") - f.write(echo) - f.close() - - self.send_response(200) - self.send_header("Content-Type", "application/x-wombat") - self.end_headers() - - self.wfile.write(echo) - -certChain = [] -for file in ("biz-certs/Carol-EE.cer", "biz-certs/Carol-CA.cer"): - f = open(file, "r") - x509 = tlslite.api.X509() - x509.parse(f.read()) +import rpki.https, tlslite.api + +if False: + certInfo = rpki.https.CertInfo("Carol") +else: + certInfo = rpki.https.CertInfo() + + certChain = [] + for file in ("biz-certs/Carol-EE.cer", "biz-certs/Carol-CA.cer"): + f = open(file, "r") + x509 = tlslite.api.X509() + x509.parse(f.read()) + f.close() + certChain.append(x509) + certInfo.certChain = tlslite.api.X509CertChain(certChain) + + f = open("biz-certs/Carol-EE.key", "r") + certInfo.privateKey = tlslite.api.parsePEMKey(f.read(), private=True) f.close() - certChain.append(x509) -certChain = tlslite.api.X509CertChain(certChain) - -f = open("biz-certs/Carol-EE.key", "r") -privateKey = tlslite.api.parsePEMKey(f.read(), private=True) -f.close() - -sessionCache = tlslite.api.SessionCache() - -class httpServer(tlslite.api.TLSSocketServerMixIn, BaseHTTPServer.HTTPServer): - def handshake(self, tlsConnection): - try: - tlsConnection.handshakeServer(certChain=certChain, - privateKey=privateKey, - sessionCache=sessionCache) - tlsConnection.ignoreAbruptClose = True - return True - except tlslite.api.TLSError, error: - print "TLS handshake failure:", str(error) - return False +def handler(self, query): + return 200, "I got:\n" + query -httpd = httpServer(("", 4433), requestHandler) -httpd.serve_forever() +rpki.https.server(certInfo=certInfo, handler=handler) diff --git a/scripts/rpki/https.py b/scripts/rpki/https.py index f63b12ba..7d89fe3e 100644 --- a/scripts/rpki/https.py +++ b/scripts/rpki/https.py @@ -14,39 +14,40 @@ rpki_content_type = "application/x-rpki" class CertInfo(object): - self.cert-dir = "biz-certs/" + cert_dir = "biz-certs/" - def __init__(self, myname): + def __init__(self, myname=None): - f = open(self.cert-dir + myname + "-EE.key", "r") - self.privateKey = tlslite.api.parsePEMKey(f.read(), private=True) - f.close() + if myname is not None: - chain = [] - for file in glob.glob(self.cert-dir + myname + "-*.cer"): - f = open(file, "r") - x509 = tlslite.api.X509() - x509.parse(f.read()) + f = open(self.cert_dir + myname + "-EE.key", "r") + self.privateKey = tlslite.api.parsePEMKey(f.read(), private=True) f.close() - chain.append(x509) - self.certChain = tlslite.api.X509CertChain(chain) - self.x509TrustList = [] - for file in glob.glob(self.cert-dir + "*-Root.cer"): - if file != self.cert-dir + myname + "-Root.cer": + chain = [] + for file in glob.glob(self.cert_dir + myname + "-*.cer"): f = open(file, "r") x509 = tlslite.api.X509() x509.parse(f.read()) f.close() - x509TrustList.append(x509) - - return {"privateKey" : privateKey, - "certChain" : certChain, - "x509TrustList" : x509TrustList} - + chain.append(x509) + self.certChain = tlslite.api.X509CertChain(chain) + + self.x509TrustList = [] + for file in glob.glob(self.cert_dir + "*-Root.cer"): + if file != self.cert_dir + myname + "-Root.cer": + f = open(file, "r") + x509 = tlslite.api.X509() + x509.parse(f.read()) + f.close() + self.x509TrustList.append(x509) def client(msg, certInfo, host="localhost", port=4433, url="/"): - httpc = tlslite.api.HTTPTLSConnection(host, port, privateKey=certInfo.privatekey, certChain=certInfo.certChain, x509TrustList=certInfo.x509TrustList) + httpc = tlslite.api.HTTPTLSConnection(host=host, + port=port, + certChain=certInfo.certChain, + privateKey=certInfo.privateKey, + x509TrustList=certInfo.x509TrustList) httpc.connect() httpc.request("POST", url, msg, {"Content-Type" : rpki_content_type}) response = httpc.getresponse() @@ -68,13 +69,15 @@ class requestHandler(BaseHTTPServer.BaseHTTPRequestHandler): class httpServer(tlslite.api.TLSSocketServerMixIn, BaseHTTPServer.HTTPServer): - rpki_certChain = None # Must be set - rpki_privateKey = None # Must be set - rpki_sessionCache = None # Must be set - + rpki_certChain = None + rpki_privateKey = None + rpki_sessionCache = None + def handshake(self, tlsConnection): + assert self.rpki_certChain is not None + assert self.rpki_privateKey is not None + assert self.rpki_sessionCache is not None try: - assert sessionCache tlsConnection.handshakeServer(certChain=self.rpki_certChain, privateKey=self.rpki_privateKey, sessionCache=self.rpki_sessionCache) @@ -84,7 +87,7 @@ class httpServer(tlslite.api.TLSSocketServerMixIn, BaseHTTPServer.HTTPServer): print "TLS handshake failure:", str(error) return False -def server(handler=None, port=4433, privateKey=None, certChain=None, **kwargs): +def server(handler, certInfo, port=4433, host=""): # BaseHTTPServer.HTTPServer takes a class, not an instance, so # binding our handler requires creating a new subclass. Weird. @@ -92,9 +95,9 @@ def server(handler=None, port=4433, privateKey=None, certChain=None, **kwargs): class boundRequestHandler(requestHandler): rpki_handler = handler - httpd = httpServer(("", 4433), boundRequestHandler) - httpd.rpki_privateKey = privateKey - httpd.rpki_certChain = certChain + httpd = httpServer((host, port), boundRequestHandler) + httpd.rpki_privateKey = certInfo.privateKey + httpd.rpki_certChain = certInfo.certChain httpd.rpki_sessionCache = tlslite.api.SessionCache() httpd.serve_forever() |