aboutsummaryrefslogtreecommitdiff
path: root/scripts/Old/tls-client.py
blob: ef879a5ce0f244772c40fcf9a89a52d4602b79fe (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

# $Id$

import socket, POW, time

key = POW.pemRead(POW.RSA_PRIVATE_KEY, open("Carol.key", "r").read())
cer = POW.pemRead(POW.X509_CERTIFICATE, open("Carol.cer", "r").read())
ta  = POW.pemRead(POW.X509_CERTIFICATE, open("Alice-TA.cer", "r").read())

s = socket.socket()
s.connect(('',6666))

ssl = POW.Ssl(POW.TLSV1_CLIENT_METHOD)

ssl.useCertificate(cer)
ssl.useKey(key)
ssl.setVerifyMode(POW.SSL_VERIFY_PEER | POW.SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
ssl.trustCertificate(ta)

ssl.setFd(s.fileno())
ssl.connect()

peer = ssl.peerCertificate()
if peer is not None:
  print peer.pprint()

print ssl.read(100)
ssl.write("Bye")
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-23 06:14:03 +0000
an>, arg, *cmd): i, o = func(cmd) i.write(arg) i.close() value = o.read() o.close() return value def encode(xml, cer, key): return run(os.popen2, xml, "openssl", "smime", "-sign", "-nodetach", "-outform", "PEM", "-signer", cer, "-inkey", key) def decode(cms, dir): return run(os.popen2, cms, "openssl", "smime", "-verify", "-inform", "PEM", "-CApath", dir) def relaxng(xml, rng): return run(os.popen4, xml, "xmllint", "--noout", "--relaxng", rng, "-") def main(): dir = "biz-certs" cer = "biz-certs/Alice-EE.cer" key = "biz-certs/Alice-EE.key" rng = "up-down-medium-schema.rng" for x in xml: print x e = encode(x, cer, key) print e d = decode(e, dir) print d v = relaxng(d, rng) print v print "=====\n" # Ugly inline stuff here for initial testing xml = [ '''<?xml version="1.0" encoding="UTF-8"?> <message xmlns="http://www.apnic.net/specs/rescerts/up-down/" version="1" sender="sender name" recipient="recipient name" msg_ref="42" type="error_response"> <status>2001</status> <last_msg_processed>17</last_msg_processed> <description xml:lang="en-US">[Readable text]</description> </message> ''', '''<?xml version="1.0" encoding="UTF-8"?> <message xmlns="http://www.apnic.net/specs/rescerts/up-down/" version="1" sender="sender name" recipient="recipient name" msg_ref="42" type="issue"> <request class_name="class name" req_resource_set_as="" req_resource_set_ipv4="10.0.0.44/32" req_resource_set_ipv6="dead:beef::/32"> deadbeef </request> </message> ''', '''<?xml version="1.0" encoding="UTF-8"?> <message xmlns="http://www.apnic.net/specs/rescerts/up-down/" version="1" sender="sender name" recipient="recipient name" msg_ref="1" type="issue_response"> <class class_name="class name" cert_url="url" cert_ski="g(ski)" resource_set_as="22,42,44444-5555555" resource_set_ipv4="10.0.0.44-10.3.0.44,10.6.0.2/32" resource_set_ipv6="dead:beef::/128"> <certificate cert_url="url" cert_ski="g(ski)" cert_aki="g(aki)" cert_serial="1" resource_set_as="14-17" resource_set_ipv4="128.224.1.136/22" resource_set_ipv6="0:0::/22" req_resource_set_as="" req_resource_set_ipv4="10.0.0.77/16,127.0.0.1/8" req_resource_set_ipv6="dead:beef::/16" status="match"> deadbeef </certificate> <issuer>deadbeef</issuer> </class> </message> ''', '''<?xml version="1.0" encoding="UTF-8"?> <message xmlns="http://www.apnic.net/specs/rescerts/up-down/" version="1" sender="sender name" recipient="recipient name" msg_ref="42" type="list"/> ''', '''<?xml version="1.0" encoding="UTF-8"?> <message xmlns="http://www.apnic.net/specs/rescerts/up-down/" version="1" sender="sender name" recipient="recipient name" msg_ref="42" type="list_response"> <class class_name="class name" cert_url="url" cert_ski="g(ski)" resource_set_as="1,2,4,6,16-32" resource_set_ipv4="128.224.1.1-128.22.4.32" resource_set_ipv6="" suggested_sia_head="rsync://wombat.example/fnord/"> <certificate cert_url="url" cert_ski="g(ski)" cert_aki="g(aki)" cert_serial="1" resource_set_as="" resource_set_ipv4="" resource_set_ipv6="" req_resource_set_as="" req_resource_set_ipv4="" req_resource_set_ipv6="" status="match"> deadbeef </certificate> <!-- Repeated for each current certificate naming the client as subject --> <issuer>deadbeef</issuer> </class> </message> ''', '''<?xml version="1.0" encoding="UTF-8"?> <message xmlns="http://www.apnic.net/specs/rescerts/up-down/" version="1" sender="sender name" recipient="recipient name" msg_ref="42" type="revoke"> <key class_name="class name" ski="g(ski)"/> </message> ''', '''<?xml version="1.0" encoding="UTF-8"?> <message xmlns="http://www.apnic.net/specs/rescerts/up-down/" version="1" sender="sender name" recipient="recipient name" msg_ref="42" type="revoke_response"> <key class_name="class name" ski="g(ski)"/> </message> ''' ] main()
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-23 06:14:01 +0000