Mercurial > libervia-backend
annotate sat/tools/common/tls.py @ 4065:34c8e7e4fa52
tests (units): tests for plugin XEP-0338:
fix 440
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Tue, 30 May 2023 22:23:37 +0200 |
| parents | 524856bd7b19 |
| children |
| rev | line source |
|---|---|
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
1 #!/usr/bin/env python3 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
2 |
|
3480
7550ae9cfbac
Renamed the project from "Salut à Toi" to "Libervia":
Goffi <goffi@goffi.org>
parents:
3479
diff
changeset
|
3 # Libervia: an XMPP client |
| 3479 | 4 # Copyright (C) 2009-2021 Jérôme Poisson (goffi@goffi.org) |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
5 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
6 # This program is free software: you can redistribute it and/or modify |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
7 # it under the terms of the GNU Affero General Public License as published by |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
8 # the Free Software Foundation, either version 3 of the License, or |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
9 # (at your option) any later version. |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
10 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
11 # This program is distributed in the hope that it will be useful, |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
14 # GNU Affero General Public License for more details. |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
15 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
16 # You should have received a copy of the GNU Affero General Public License |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
18 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
19 """TLS handling with twisted""" |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
20 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
21 from sat.core.log import getLogger |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
22 from sat.core import exceptions |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
23 from sat.tools import config as tools_config |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
24 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
25 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
26 try: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
27 import OpenSSL |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
28 from twisted.internet import ssl |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
29 except ImportError: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
30 ssl = None |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
31 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
32 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
33 log = getLogger(__name__) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
34 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
35 |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
36 def get_options_from_config(config, section=""): |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
37 options = {} |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
38 for option in ('tls_certificate', 'tls_private_key', 'tls_chain'): |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
39 options[option] = tools_config.config_get(config, section, option) |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
40 return options |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
41 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
42 |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
43 def tls_options_check(options): |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
44 """Check options coherence if TLS is activated, and update missing values |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
45 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
46 Must be called only if TLS is activated |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
47 """ |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
48 if not options["tls_certificate"]: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
49 raise exceptions.ConfigError( |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
50 "a TLS certificate is needed to activate HTTPS connection") |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
51 if not options["tls_private_key"]: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
52 options["tls_private_key"] = options["tls_certificate"] |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
53 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
54 |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
55 def load_certificates(f): |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
56 """Read a .pem file with a list of certificates |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
57 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
58 @param f (file): file obj (opened .pem file) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
59 @return (list[OpenSSL.crypto.X509]): list of certificates |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
60 @raise OpenSSL.crypto.Error: error while parsing the file |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
61 """ |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
62 # XXX: didn't found any method to load a .pem file with several certificates |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
63 # so the certificates split is done here |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
64 certificates = [] |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
65 buf = [] |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
66 while True: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
67 line = f.readline() |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
68 buf.append(line) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
69 if "-----END CERTIFICATE-----" in line: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
70 certificates.append( |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
71 OpenSSL.crypto.load_certificate( |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
72 OpenSSL.crypto.FILETYPE_PEM, "".join(buf) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
73 ) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
74 ) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
75 buf = [] |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
76 elif not line: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
77 log.debug(f"{len(certificates)} certificate(s) found") |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
78 return certificates |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
79 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
80 |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
81 def load_p_key(f): |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
82 """Read a private key from a .pem file |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
83 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
84 @param f (file): file obj (opened .pem file) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
85 @return (list[OpenSSL.crypto.PKey]): private key object |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
86 @raise OpenSSL.crypto.Error: error while parsing the file |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
87 """ |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
88 return OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, f.read()) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
89 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
90 |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
91 def load_certificate(f): |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
92 """Read a public certificate from a .pem file |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
93 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
94 @param f (file): file obj (opened .pem file) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
95 @return (list[OpenSSL.crypto.X509]): public certificate |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
96 @raise OpenSSL.crypto.Error: error while parsing the file |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
97 """ |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
98 return OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, f.read()) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
99 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
100 |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
101 def get_tls_context_factory(options): |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
102 """Load TLS certificate and build the context factory needed for listenSSL""" |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
103 if ssl is None: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
104 raise ImportError("Python module pyOpenSSL is not installed!") |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
105 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
106 cert_options = {} |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
107 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
108 for name, option, method in [ |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
109 ("privateKey", "tls_private_key", load_p_key), |
|
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
110 ("certificate", "tls_certificate", load_certificate), |
|
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
111 ("extraCertChain", "tls_chain", load_certificates), |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
112 ]: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
113 path = options[option] |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
114 if not path: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
115 assert option == "tls_chain" |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
116 continue |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
117 log.debug(f"loading {option} from {path}") |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
118 try: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
119 with open(path) as f: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
120 cert_options[name] = method(f) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
121 except IOError as e: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
122 raise exceptions.DataError( |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
123 f"Error while reading file {path} for option {option}: {e}" |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
124 ) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
125 except OpenSSL.crypto.Error: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
126 raise exceptions.DataError( |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
127 f"Error while parsing file {path} for option {option}, are you sure " |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
128 f"it is a valid .pem file?" |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
129 ) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
130 if ( |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
131 option == "tls_private_key" |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
132 and options["tls_certificate"] == path |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
133 ): |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
134 raise exceptions.ConfigError( |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
135 f"You are using the same file for private key and public " |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
136 f"certificate, make sure that both a in {path} or use " |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
137 f"--tls_private_key option" |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
138 ) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
139 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
140 return ssl.CertificateOptions(**cert_options) |