Mercurial > libervia-backend
annotate libervia/backend/tools/common/tls.py @ 4332:71c939e34ca6
XEP-0373 (OX): Adjust to gpgme updates: generate with explicit algorithm and subkeys
author | Syndace <me@syndace.dev> |
---|---|
date | Sat, 13 Jul 2024 18:28:28 +0200 |
parents | 0d7bb4df2343 |
children |
rev | line source |
---|---|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
1 #!/usr/bin/env python3 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
2 |
3480
7550ae9cfbac
Renamed the project from "Salut à Toi" to "Libervia":
Goffi <goffi@goffi.org>
parents:
3479
diff
changeset
|
3 # Libervia: an XMPP client |
3479 | 4 # Copyright (C) 2009-2021 Jérôme Poisson (goffi@goffi.org) |
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
5 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
6 # This program is free software: you can redistribute it and/or modify |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
7 # it under the terms of the GNU Affero General Public License as published by |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
8 # the Free Software Foundation, either version 3 of the License, or |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
9 # (at your option) any later version. |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
10 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
11 # This program is distributed in the hope that it will be useful, |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
14 # GNU Affero General Public License for more details. |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
15 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
16 # You should have received a copy of the GNU Affero General Public License |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
18 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
19 """TLS handling with twisted""" |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
20 |
4071
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
21 from libervia.backend.core.log import getLogger |
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
22 from libervia.backend.core import exceptions |
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
23 from libervia.backend.tools import config as tools_config |
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
24 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
25 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
26 try: |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
27 import OpenSSL |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
28 from twisted.internet import ssl |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
29 except ImportError: |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
30 ssl = None |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
31 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
32 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
33 log = getLogger(__name__) |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
34 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
35 |
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
36 def get_options_from_config(config, section=""): |
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
37 options = {} |
4270
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
38 for option in ("tls_certificate", "tls_private_key", "tls_chain"): |
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
39 options[option] = tools_config.config_get(config, section, option) |
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
40 return options |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
41 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
42 |
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
43 def tls_options_check(options): |
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
44 """Check options coherence if TLS is activated, and update missing values |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
45 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
46 Must be called only if TLS is activated |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
47 """ |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
48 if not options["tls_certificate"]: |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
49 raise exceptions.ConfigError( |
4270
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
50 "a TLS certificate is needed to activate HTTPS connection" |
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
51 ) |
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
52 if not options["tls_private_key"]: |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
53 options["tls_private_key"] = options["tls_certificate"] |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
54 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
55 |
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
56 def load_certificates(f): |
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
57 """Read a .pem file with a list of certificates |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
58 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
59 @param f (file): file obj (opened .pem file) |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
60 @return (list[OpenSSL.crypto.X509]): list of certificates |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
61 @raise OpenSSL.crypto.Error: error while parsing the file |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
62 """ |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
63 # XXX: didn't found any method to load a .pem file with several certificates |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
64 # so the certificates split is done here |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
65 certificates = [] |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
66 buf = [] |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
67 while True: |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
68 line = f.readline() |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
69 buf.append(line) |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
70 if "-----END CERTIFICATE-----" in line: |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
71 certificates.append( |
4270
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
72 OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, "".join(buf)) |
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
73 ) |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
74 buf = [] |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
75 elif not line: |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
76 log.debug(f"{len(certificates)} certificate(s) found") |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
77 return certificates |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
78 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
79 |
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
80 def load_p_key(f): |
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
81 """Read a private key from a .pem file |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
82 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
83 @param f (file): file obj (opened .pem file) |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
84 @return (list[OpenSSL.crypto.PKey]): private key object |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
85 @raise OpenSSL.crypto.Error: error while parsing the file |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
86 """ |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
87 return OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, f.read()) |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
88 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
89 |
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
90 def load_certificate(f): |
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
91 """Read a public certificate from a .pem file |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
92 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
93 @param f (file): file obj (opened .pem file) |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
94 @return (list[OpenSSL.crypto.X509]): public certificate |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
95 @raise OpenSSL.crypto.Error: error while parsing the file |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
96 """ |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
97 return OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, f.read()) |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
98 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
99 |
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
100 def get_tls_context_factory(options): |
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
101 """Load TLS certificate and build the context factory needed for listenSSL""" |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
102 if ssl is None: |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
103 raise ImportError("Python module pyOpenSSL is not installed!") |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
104 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
105 cert_options = {} |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
106 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
107 for name, option, method in [ |
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
108 ("privateKey", "tls_private_key", load_p_key), |
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
109 ("certificate", "tls_certificate", load_certificate), |
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
110 ("extraCertChain", "tls_chain", load_certificates), |
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
111 ]: |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
112 path = options[option] |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
113 if not path: |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
114 assert option == "tls_chain" |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
115 continue |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
116 log.debug(f"loading {option} from {path}") |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
117 try: |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
118 with open(path) as f: |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
119 cert_options[name] = method(f) |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
120 except IOError as e: |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
121 raise exceptions.DataError( |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
122 f"Error while reading file {path} for option {option}: {e}" |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
123 ) |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
124 except OpenSSL.crypto.Error: |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
125 raise exceptions.DataError( |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
126 f"Error while parsing file {path} for option {option}, are you sure " |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
127 f"it is a valid .pem file?" |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
128 ) |
4270
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
129 if option == "tls_private_key" and options["tls_certificate"] == path: |
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
130 raise exceptions.ConfigError( |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
131 f"You are using the same file for private key and public " |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
132 f"certificate, make sure that both a in {path} or use " |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
133 f"--tls_private_key option" |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
134 ) |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
135 |
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
136 return ssl.CertificateOptions(**cert_options) |