本文整理汇总了Python中twisted.internet.ssl.CertificateOptions方法的典型用法代码示例。如果您正苦于以下问题:Python ssl.CertificateOptions方法的具体用法?Python ssl.CertificateOptions怎么用?Python ssl.CertificateOptions使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类twisted.internet.ssl的用法示例。
在下文中一共展示了ssl.CertificateOptions方法的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_certificateVerifyContext
# 需要导入模块: from twisted.internet import ssl [as 别名]
# 或者: from twisted.internet.ssl import CertificateOptions [as 别名]
def test_certificateVerifyContext(self):
"""
A custom contextFactory is passed through to startTLS.
"""
ctx = CertificateOptions()
self.init = xmlstream.TLSInitiatingInitializer(
self.xmlstream, configurationForTLS=ctx)
self.init.contextFactory = ctx
def fakeStartTLS(contextFactory):
self.assertIs(ctx, contextFactory)
self.done.append('TLS')
self.xmlstream.transport = proto_helpers.StringTransport()
self.xmlstream.transport.startTLS = fakeStartTLS
self.xmlstream.reset = lambda: self.done.append('reset')
self.xmlstream.sendHeader = lambda: self.done.append('header')
d = self.init.start()
self.xmlstream.dataReceived("<proceed xmlns='%s'/>" % NS_XMPP_TLS)
self.assertEqual(['TLS', 'reset', 'header'], self.done)
return d 示例2: __init__
# 需要导入模块: from twisted.internet import ssl [as 别名]
# 或者: from twisted.internet.ssl import CertificateOptions [as 别名]
def __init__(self):
# Use CA root certs provided by OpenSSL
trust_root = platformTrust()
# "insecurelyLowerMinimumTo" is the argument that will go lower than
# Twisted's default, which is why it is marked as "insecure" (since
# Twisted's defaults are reasonably secure). But, since Twisted is
# moving to TLS 1.2 by default, we want to respect the config option if
# it is set to 1.0 (which the alternate option, raiseMinimumTo, will not
# let us do).
minTLS = TLSVersion.TLSv1_2
self._verify_ssl = CertificateOptions(
trustRoot=trust_root, insecurelyLowerMinimumTo=minTLS
)
self._verify_ssl_context = self._verify_ssl.getContext()
self._verify_ssl_context.set_info_callback(self._context_info_cb) 示例3: options
# 需要导入模块: from twisted.internet import ssl [as 别名]
# 或者: from twisted.internet.ssl import CertificateOptions [as 别名]
def options(self, *authorities):
"""
Behaves like L{twisted.internet.ssl.PrivateCertificate.options}().
"""
if not self.client:
# do some crud with sslverify to generate a temporary self-signed
# certificate. This is SLOOOWWWWW so it is only in the absolute
# worst, most naive case.
# We have to do this because OpenSSL will not let both the server
# and client be anonymous.
sharedDN = DN(CN='TEMPORARY CERTIFICATE')
key = KeyPair.generate()
cr = key.certificateRequest(sharedDN)
sscrd = key.signCertificateRequest(sharedDN, cr, lambda dn: True, 1)
cert = key.newCertificate(sscrd)
return cert.options(*authorities)
options = dict()
if authorities:
options.update(dict(verify=True,
requireCertificate=True,
caCerts=[auth.original for auth in authorities]))
occo = CertificateOptions(**options)
return occo 示例4: certificateOptionsFromPileOfPEM
# 需要导入模块: from twisted.internet import ssl [as 别名]
# 或者: from twisted.internet.ssl import CertificateOptions [as 别名]
def certificateOptionsFromPileOfPEM(pemdata):
objects = objectsFromPEM(pemdata)
if len(objects.keys) != 1:
raise ValueError("Expected 1 private key, found %d"
% tuple([len(objects.keys)]))
privateKey = objects.keys[0]
certificatesByFingerprint = dict(
[(certificate.getPublicKey().keyHash(), certificate)
for certificate in objects.certificates]
)
if privateKey.keyHash() not in certificatesByFingerprint:
raise ValueError("No certificate matching %s found")
openSSLCert = certificatesByFingerprint.pop(privateKey.keyHash()).original
openSSLKey = privateKey.original
openSSLChain = [c.original for c in certificatesByFingerprint.values()]
return CertificateOptions(certificate=openSSLCert, privateKey=openSSLKey,
extraCertChain=openSSLChain) 示例5: onProceed
# 需要导入模块: from twisted.internet import ssl [as 别名]
# 或者: from twisted.internet.ssl import CertificateOptions [as 别名]
def onProceed(self, obj):
"""
Proceed with TLS negotiation and reset the XML stream.
"""
self.xmlstream.removeObserver('/failure', self.onFailure)
ctx = ssl.CertificateOptions()
self.xmlstream.transport.startTLS(ctx)
self.xmlstream.reset()
self.xmlstream.sendHeader()
self._deferred.callback(Reset) 示例6: _parseClientSSLOptions
# 需要导入模块: from twisted.internet import ssl [as 别名]
# 或者: from twisted.internet.ssl import CertificateOptions [as 别名]
def _parseClientSSLOptions(kwargs):
"""
Parse common arguments for SSL endpoints, creating an L{CertificateOptions}
instance.
@param kwargs: A dict of keyword arguments to be parsed, potentially
containing keys C{certKey}, C{privateKey}, C{caCertsDir}, and
C{hostname}. See L{_parseClientSSL}.
@type kwargs: L{dict}
@return: The remaining arguments, including a new key C{sslContextFactory}.
"""
hostname = kwargs.pop('hostname', None)
clientCertificate = _privateCertFromPaths(kwargs.pop('certKey', None),
kwargs.pop('privateKey', None))
trustRoot = _parseTrustRootPath(kwargs.pop('caCertsDir', None))
if hostname is not None:
configuration = optionsForClientTLS(
_idnaText(hostname), trustRoot=trustRoot,
clientCertificate=clientCertificate
)
else:
# _really_ though, you should specify a hostname.
if clientCertificate is not None:
privateKeyOpenSSL = clientCertificate.privateKey.original
certificateOpenSSL = clientCertificate.original
else:
privateKeyOpenSSL = None
certificateOpenSSL = None
configuration = CertificateOptions(
trustRoot=trustRoot,
privateKey=privateKeyOpenSSL,
certificate=certificateOpenSSL,
)
kwargs['sslContextFactory'] = configuration
return kwargs 示例7: connectClient
# 需要导入模块: from twisted.internet import ssl [as 别名]
# 或者: from twisted.internet.ssl import CertificateOptions [as 别名]
def connectClient(self, address, portNumber, clientCreator):
"""
Create an SSL client using L{IReactorSSL.connectSSL}.
"""
contextFactory = ssl.CertificateOptions()
return clientCreator.connectSSL(address, portNumber, contextFactory) 示例8: start_responding
# 需要导入模块: from twisted.internet import ssl [as 别名]
# 或者: from twisted.internet.ssl import CertificateOptions [as 别名]
def start_responding(self, server_name, challenge, response):
"""
Put a context into the mapping.
"""
server_name = response.z_domain.decode('ascii')
cert, pkey = generate_tls_sni_01_cert(
server_name, _generate_private_key=self._generate_private_key)
server_name = server_name.encode('utf-8')
self._challenge_options[server_name] = CertificateOptions(
certificate=crypto.X509.from_cryptography(cert),
privateKey=crypto.PKey.from_cryptography_key(pkey)) 示例9: test_tlsConfiguration
# 需要导入模块: from twisted.internet import ssl [as 别名]
# 或者: from twisted.internet.ssl import CertificateOptions [as 别名]
def test_tlsConfiguration(self):
"""
A TLS configuration is passed to the TLS initializer.
"""
configs = []
def init(self, xs, required=True, configurationForTLS=None):
configs.append(configurationForTLS)
self.client_jid = jid.JID('user@example.com/resource')
# Get an XmlStream instance. Note that it gets initialized with the
# XMPPAuthenticator (that has its associateWithXmlStream called) that
# is in turn initialized with the arguments to the factory.
configurationForTLS = ssl.CertificateOptions()
factory = client.XMPPClientFactory(
self.client_jid, 'secret',
configurationForTLS=configurationForTLS)
self.patch(xmlstream.TLSInitiatingInitializer, "__init__", init)
xs = factory.buildProtocol(None)
# test list of initializers
version, tls, sasl, bind, session = xs.initializers
self.assertIsInstance(tls, xmlstream.TLSInitiatingInitializer)
self.assertIs(configurationForTLS, configs[0]) 示例10: __init__
# 需要导入模块: from twisted.internet import ssl [as 别名]
# 或者: from twisted.internet.ssl import CertificateOptions [as 别名]
def __init__(self, config):
verify_requests = config.getboolean("http", "federation.verifycerts")
if verify_requests:
self._options = ssl.CertificateOptions(trustRoot=ssl.platformTrust())
else:
self._options = ssl.CertificateOptions() 示例11: _ssl_options
# 需要导入模块: from twisted.internet import ssl [as 别名]
# 或者: from twisted.internet.ssl import CertificateOptions [as 别名]
def _ssl_options(sslkey, sslcert):
with open(sslkey) as keyfile:
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, keyfile.read())
with open(sslcert) as certfile:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, certfile.read())
acceptable = ssl.AcceptableCiphers.fromOpenSSLCipherString(
u'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH')
options = ssl.CertificateOptions(privateKey=pkey,
certificate=cert,
method=SSL.TLSv1_2_METHOD,
acceptableCiphers=acceptable)
return options 示例12: __init__
# 需要导入模块: from twisted.internet import ssl [as 别名]
# 或者: from twisted.internet.ssl import CertificateOptions [as 别名]
def __init__(self, mapping):
self.mapping = mapping
self._negotiationDataForContext = collections.defaultdict(
_NegotiationData
)
try:
self.context = self.mapping['DEFAULT'].getContext()
except KeyError:
self.context = CertificateOptions().getContext()
self.context.set_tlsext_servername_callback(
self.selectContext
) 示例13: connectionMade
# 需要导入模块: from twisted.internet import ssl [as 别名]
# 或者: from twisted.internet.ssl import CertificateOptions [as 别名]
def connectionMade(self):
"""
Called by twisted when a client connects to the
proxy. Makes an TLS connection from the proxy to
the server to complete the chain.
"""
print("Connection made from CLIENT => PROXY")
proxy_to_server_factory = protocol.ClientFactory()
proxy_to_server_factory.protocol = ProxyToServerProtocol
proxy_to_server_factory.server = self
reactor.connectSSL(DST_IP, DST_PORT,
proxy_to_server_factory,
twisted_ssl.CertificateOptions()) 示例14: _parseClientSSL
# 需要导入模块: from twisted.internet import ssl [as 别名]
# 或者: from twisted.internet.ssl import CertificateOptions [as 别名]
def _parseClientSSL(**kwargs):
"""
Perform any argument value coercion necessary for SSL client parameters.
Valid keyword arguments to this function are all L{IReactorSSL.connectSSL}
arguments except for C{contextFactory}. Instead, C{certKey} (the path name
of the certificate file) C{privateKey} (the path name of the private key
associated with the certificate) are accepted and used to construct a
context factory.
@param caCertsDir: The one parameter which is not part of
L{IReactorSSL.connectSSL}'s signature, this is a path name used to
construct a list of certificate authority certificates. The directory
will be scanned for files ending in C{.pem}, all of which will be
considered valid certificate authorities for this connection.
@type caCertsDir: C{str}
@return: The coerced values as a C{dict}.
"""
from twisted.internet import ssl
kwargs = _parseClientTCP(**kwargs)
certKey = kwargs.pop('certKey', None)
privateKey = kwargs.pop('privateKey', None)
caCertsDir = kwargs.pop('caCertsDir', None)
if certKey is not None:
certx509 = ssl.Certificate.loadPEM(
FilePath(certKey).getContent()).original
else:
certx509 = None
if privateKey is not None:
privateKey = ssl.PrivateCertificate.loadPEM(
FilePath(privateKey).getContent()).privateKey.original
else:
privateKey = None
if caCertsDir is not None:
verify = True
caCerts = _loadCAsFromDir(FilePath(caCertsDir))
else:
verify = False
caCerts = None
kwargs['sslContextFactory'] = ssl.CertificateOptions(
method=ssl.SSL.SSLv23_METHOD,
certificate=certx509,
privateKey=privateKey,
verify=verify,
caCerts=caCerts
)
return kwargs