annotate sat/tools/common/tls.py @ 3287:a4b8c9bcfb57

tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
author Goffi <goffi@goffi.org>
date Fri, 29 May 2020 21:07:10 +0200
parents
children 4dbf9fcbf26d
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3287
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
1 #!/usr/bin/env python3
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
2
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
3 # SàT: a XMPP client
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
4 # Copyright (C) 2009-2020 Jérôme Poisson (goffi@goffi.org)
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
5
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
6 # This program is free software: you can redistribute it and/or modify
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
7 # it under the terms of the GNU Affero General Public License as published by
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
8 # the Free Software Foundation, either version 3 of the License, or
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
9 # (at your option) any later version.
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
10
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
11 # This program is distributed in the hope that it will be useful,
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
14 # GNU Affero General Public License for more details.
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
15
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
16 # You should have received a copy of the GNU Affero General Public License
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
17 # along with this program. If not, see <http://www.gnu.org/licenses/>.
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
18
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
19 """TLS handling with twisted"""
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
20
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
21 from twisted.internet import reactor
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
22 from sat.core.log import getLogger
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
23 from sat.core import exceptions
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
24 from sat.tools import config as tools_config
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
25
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
26
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
27 try:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
28 import OpenSSL
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
29 from twisted.internet import ssl
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
30 except ImportError:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
31 ssl = None
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
32
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
33
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
34 log = getLogger(__name__)
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
35
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
36
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
37 def getOptionsFromConfig(config, section=""):
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
38 options = {}
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
39 for option in ('tls_certificate', 'tls_private_key', 'tls_chain'):
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
40 options[option] = tools_config.getConfig(config, section, option)
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
41 return options
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
42
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
43
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
44 def TLSOptionsCheck(options):
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
45 """Check options coherence if TLS is activated, and update missing values
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
46
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
47 Must be called only if TLS is activated
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
48 """
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
49 if not options["tls_certificate"]:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
50 raise exceptions.ConfigError(
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
51 "a TLS certificate is needed to activate HTTPS connection")
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
52 if not options["tls_private_key"]:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
53 options["tls_private_key"] = options["tls_certificate"]
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
54
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
55
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
56 def loadCertificates(f):
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
57 """Read a .pem file with a list of certificates
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
58
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
59 @param f (file): file obj (opened .pem file)
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
60 @return (list[OpenSSL.crypto.X509]): list of certificates
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
61 @raise OpenSSL.crypto.Error: error while parsing the file
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
62 """
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
63 # XXX: didn't found any method to load a .pem file with several certificates
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
64 # so the certificates split is done here
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
65 certificates = []
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
66 buf = []
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
67 while True:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
68 line = f.readline()
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
69 buf.append(line)
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
70 if "-----END CERTIFICATE-----" in line:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
71 certificates.append(
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
72 OpenSSL.crypto.load_certificate(
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
73 OpenSSL.crypto.FILETYPE_PEM, "".join(buf)
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
74 )
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
75 )
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
76 buf = []
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
77 elif not line:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
78 log.debug(f"{len(certificates)} certificate(s) found")
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
79 return certificates
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
80
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
81
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
82 def loadPKey(f):
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
83 """Read a private key from a .pem file
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
84
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
85 @param f (file): file obj (opened .pem file)
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
86 @return (list[OpenSSL.crypto.PKey]): private key object
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
87 @raise OpenSSL.crypto.Error: error while parsing the file
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
88 """
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
89 return OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, f.read())
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
90
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
91
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
92 def loadCertificate(f):
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
93 """Read a public certificate from a .pem file
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
94
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
95 @param f (file): file obj (opened .pem file)
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
96 @return (list[OpenSSL.crypto.X509]): public certificate
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
97 @raise OpenSSL.crypto.Error: error while parsing the file
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
98 """
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
99 return OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, f.read())
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
100
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
101
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
102 def getTLSContextFactory(options):
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
103 """Load TLS certificate and build the context factory needed for listenSSL"""
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
104 if ssl is None:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
105 raise ImportError("Python module pyOpenSSL is not installed!")
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
106
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
107 cert_options = {}
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
108
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
109 for name, option, method in [
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
110 ("privateKey", "tls_private_key", loadPKey),
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
111 ("certificate", "tls_certificate", loadCertificate),
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
112 ("extraCertChain", "tls_chain", loadCertificates),
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
113 ]:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
114 path = options[option]
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
115 if not path:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
116 assert option == "tls_chain"
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
117 continue
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
118 log.debug(f"loading {option} from {path}")
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
119 try:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
120 with open(path) as f:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
121 cert_options[name] = method(f)
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
122 except IOError as e:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
123 raise exceptions.DataError(
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
124 f"Error while reading file {path} for option {option}: {e}"
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
125 )
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
126 except OpenSSL.crypto.Error:
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
127 raise exceptions.DataError(
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
128 f"Error while parsing file {path} for option {option}, are you sure "
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
129 f"it is a valid .pem file?"
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
130 )
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
131 if (
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
132 option == "tls_private_key"
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
133 and options["tls_certificate"] == path
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
134 ):
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
135 raise exceptions.ConfigError(
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
136 f"You are using the same file for private key and public "
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
137 f"certificate, make sure that both a in {path} or use "
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
138 f"--tls_private_key option"
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
139 )
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
140
a4b8c9bcfb57 tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff changeset
141 return ssl.CertificateOptions(**cert_options)