annotate sat/tools/common/tls.py @ 3859:3ef988734869

core: fix calls to `domish.Element.elements`: domish.Element.elements should be called with namespace and element name as 2 arguments, but it has been confused in several places with the call to `domish.Element.addElement` which is often done with a `(namespace, name)` tuple. Unfortunately calling with a tuple is accepted and doesn't raise any error in `elements`, but this result in a wrong element returned. This patch fixes the erroneous calls.
author Goffi <goffi@goffi.org>
date Wed, 20 Jul 2022 17:12:29 +0200
parents 7550ae9cfbac
children 524856bd7b19
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3287
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
1 #!/usr/bin/env python3
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
2
3480
7550ae9cfbac Renamed the project from "Salut à Toi" to "Libervia":
Goffi <goffi@goffi.org>
parents: 3479
diff changeset
3 # Libervia: an XMPP client
3479
be6d91572633 date update
Goffi <goffi@goffi.org>
parents: 3380
diff changeset
4 # Copyright (C) 2009-2021 Jérôme Poisson (goffi@goffi.org)
3287
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
5
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
6 # This program is free software: you can redistribute it and/or modify
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
7 # it under the terms of the GNU Affero General Public License as published by
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
8 # the Free Software Foundation, either version 3 of the License, or
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
9 # (at your option) any later version.
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
10
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
11 # This program is distributed in the hope that it will be useful,
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
14 # GNU Affero General Public License for more details.
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
15
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
16 # You should have received a copy of the GNU Affero General Public License
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
17 # along with this program. If not, see <http://www.gnu.org/licenses/>.
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
18
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
19 """TLS handling with twisted"""
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
20
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
21 from sat.core.log import getLogger
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
22 from sat.core import exceptions
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
23 from sat.tools import config as tools_config
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
24
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
25
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
26 try:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
27 import OpenSSL
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
28 from twisted.internet import ssl
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
29 except ImportError:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
30 ssl = None
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
31
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
32
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
33 log = getLogger(__name__)
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
34
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
35
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
36 def getOptionsFromConfig(config, section=""):
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
37 options = {}
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
38 for option in ('tls_certificate', 'tls_private_key', 'tls_chain'):
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
39 options[option] = tools_config.getConfig(config, section, option)
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
40 return options
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
41
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
42
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
43 def TLSOptionsCheck(options):
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
44 """Check options coherence if TLS is activated, and update missing values
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
45
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
46 Must be called only if TLS is activated
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
47 """
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
48 if not options["tls_certificate"]:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
49 raise exceptions.ConfigError(
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
50 "a TLS certificate is needed to activate HTTPS connection")
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
51 if not options["tls_private_key"]:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
52 options["tls_private_key"] = options["tls_certificate"]
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
53
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
54
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
55 def loadCertificates(f):
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
56 """Read a .pem file with a list of certificates
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
57
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
58 @param f (file): file obj (opened .pem file)
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
59 @return (list[OpenSSL.crypto.X509]): list of certificates
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
60 @raise OpenSSL.crypto.Error: error while parsing the file
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
61 """
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
62 # XXX: didn't found any method to load a .pem file with several certificates
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
63 # so the certificates split is done here
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
64 certificates = []
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
65 buf = []
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
66 while True:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
67 line = f.readline()
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
68 buf.append(line)
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
69 if "-----END CERTIFICATE-----" in line:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
70 certificates.append(
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
71 OpenSSL.crypto.load_certificate(
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
72 OpenSSL.crypto.FILETYPE_PEM, "".join(buf)
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
73 )
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
74 )
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
75 buf = []
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
76 elif not line:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
77 log.debug(f"{len(certificates)} certificate(s) found")
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
78 return certificates
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
79
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
80
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
81 def loadPKey(f):
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
82 """Read a private key from a .pem file
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
83
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
84 @param f (file): file obj (opened .pem file)
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
85 @return (list[OpenSSL.crypto.PKey]): private key object
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
86 @raise OpenSSL.crypto.Error: error while parsing the file
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
87 """
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
88 return OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, f.read())
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
89
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
90
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
91 def loadCertificate(f):
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
92 """Read a public certificate from a .pem file
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
93
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
94 @param f (file): file obj (opened .pem file)
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
95 @return (list[OpenSSL.crypto.X509]): public certificate
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
96 @raise OpenSSL.crypto.Error: error while parsing the file
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
97 """
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
98 return OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, f.read())
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
99
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
100
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
101 def getTLSContextFactory(options):
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
102 """Load TLS certificate and build the context factory needed for listenSSL"""
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
103 if ssl is None:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
104 raise ImportError("Python module pyOpenSSL is not installed!")
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
105
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
106 cert_options = {}
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
107
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
108 for name, option, method in [
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
109 ("privateKey", "tls_private_key", loadPKey),
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
110 ("certificate", "tls_certificate", loadCertificate),
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
111 ("extraCertChain", "tls_chain", loadCertificates),
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
112 ]:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
113 path = options[option]
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
114 if not path:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
115 assert option == "tls_chain"
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
116 continue
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
117 log.debug(f"loading {option} from {path}")
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
118 try:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
119 with open(path) as f:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
120 cert_options[name] = method(f)
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
121 except IOError as e:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
122 raise exceptions.DataError(
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
123 f"Error while reading file {path} for option {option}: {e}"
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
124 )
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
125 except OpenSSL.crypto.Error:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
126 raise exceptions.DataError(
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
127 f"Error while parsing file {path} for option {option}, are you sure "
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
128 f"it is a valid .pem file?"
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
129 )
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
130 if (
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
131 option == "tls_private_key"
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
132 and options["tls_certificate"] == path
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
133 ):
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
134 raise exceptions.ConfigError(
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
135 f"You are using the same file for private key and public "
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
136 f"certificate, make sure that both a in {path} or use "
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
137 f"--tls_private_key option"
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
138 )
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
139
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
140 return ssl.CertificateOptions(**cert_options)