Mercurial > libervia-backend
annotate libervia/backend/tools/common/tls.py @ 4094:c3b68fdc2de7
component AP gateway: fix handling of XMPP comments authors:
the gateway was supposing that comments where emitted from PEP of author. While this is
the case for most blog posts, it's not for comments. Instead the component is now using
`author_jid` which is retrieved by XEP-0277 plugin, and reject the item if the auhor is
not verified (i.e. if `publisher` attribute is not set by XMPP service).
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Mon, 12 Jun 2023 14:50:43 +0200 |
| parents | 4b842c1fb686 |
| children | 0d7bb4df2343 |
| rev | line source |
|---|---|
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
1 #!/usr/bin/env python3 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
2 |
|
3480
7550ae9cfbac
Renamed the project from "Salut à Toi" to "Libervia":
Goffi <goffi@goffi.org>
parents:
3479
diff
changeset
|
3 # Libervia: an XMPP client |
| 3479 | 4 # Copyright (C) 2009-2021 Jérôme Poisson (goffi@goffi.org) |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
5 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
6 # This program is free software: you can redistribute it and/or modify |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
7 # it under the terms of the GNU Affero General Public License as published by |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
8 # the Free Software Foundation, either version 3 of the License, or |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
9 # (at your option) any later version. |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
10 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
11 # This program is distributed in the hope that it will be useful, |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
14 # GNU Affero General Public License for more details. |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
15 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
16 # You should have received a copy of the GNU Affero General Public License |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
18 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
19 """TLS handling with twisted""" |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
20 |
|
4071
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
21 from libervia.backend.core.log import getLogger |
|
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
22 from libervia.backend.core import exceptions |
|
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
23 from libervia.backend.tools import config as tools_config |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
24 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
25 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
26 try: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
27 import OpenSSL |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
28 from twisted.internet import ssl |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
29 except ImportError: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
30 ssl = None |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
31 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
32 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
33 log = getLogger(__name__) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
34 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
35 |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
36 def get_options_from_config(config, section=""): |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
37 options = {} |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
38 for option in ('tls_certificate', 'tls_private_key', 'tls_chain'): |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
39 options[option] = tools_config.config_get(config, section, option) |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
40 return options |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
41 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
42 |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
43 def tls_options_check(options): |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
44 """Check options coherence if TLS is activated, and update missing values |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
45 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
46 Must be called only if TLS is activated |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
47 """ |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
48 if not options["tls_certificate"]: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
49 raise exceptions.ConfigError( |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
50 "a TLS certificate is needed to activate HTTPS connection") |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
51 if not options["tls_private_key"]: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
52 options["tls_private_key"] = options["tls_certificate"] |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
53 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
54 |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
55 def load_certificates(f): |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
56 """Read a .pem file with a list of certificates |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
57 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
58 @param f (file): file obj (opened .pem file) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
59 @return (list[OpenSSL.crypto.X509]): list of certificates |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
60 @raise OpenSSL.crypto.Error: error while parsing the file |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
61 """ |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
62 # XXX: didn't found any method to load a .pem file with several certificates |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
63 # so the certificates split is done here |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
64 certificates = [] |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
65 buf = [] |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
66 while True: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
67 line = f.readline() |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
68 buf.append(line) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
69 if "-----END CERTIFICATE-----" in line: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
70 certificates.append( |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
71 OpenSSL.crypto.load_certificate( |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
72 OpenSSL.crypto.FILETYPE_PEM, "".join(buf) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
73 ) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
74 ) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
75 buf = [] |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
76 elif not line: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
77 log.debug(f"{len(certificates)} certificate(s) found") |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
78 return certificates |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
79 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
80 |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
81 def load_p_key(f): |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
82 """Read a private key from a .pem file |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
83 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
84 @param f (file): file obj (opened .pem file) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
85 @return (list[OpenSSL.crypto.PKey]): private key object |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
86 @raise OpenSSL.crypto.Error: error while parsing the file |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
87 """ |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
88 return OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, f.read()) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
89 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
90 |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
91 def load_certificate(f): |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
92 """Read a public certificate from a .pem file |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
93 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
94 @param f (file): file obj (opened .pem file) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
95 @return (list[OpenSSL.crypto.X509]): public certificate |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
96 @raise OpenSSL.crypto.Error: error while parsing the file |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
97 """ |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
98 return OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, f.read()) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
99 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
100 |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
101 def get_tls_context_factory(options): |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
102 """Load TLS certificate and build the context factory needed for listenSSL""" |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
103 if ssl is None: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
104 raise ImportError("Python module pyOpenSSL is not installed!") |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
105 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
106 cert_options = {} |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
107 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
108 for name, option, method in [ |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
109 ("privateKey", "tls_private_key", load_p_key), |
|
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
110 ("certificate", "tls_certificate", load_certificate), |
|
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3480
diff
changeset
|
111 ("extraCertChain", "tls_chain", load_certificates), |
|
3287
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
112 ]: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
113 path = options[option] |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
114 if not path: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
115 assert option == "tls_chain" |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
116 continue |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
117 log.debug(f"loading {option} from {path}") |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
118 try: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
119 with open(path) as f: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
120 cert_options[name] = method(f) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
121 except IOError as e: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
122 raise exceptions.DataError( |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
123 f"Error while reading file {path} for option {option}: {e}" |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
124 ) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
125 except OpenSSL.crypto.Error: |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
126 raise exceptions.DataError( |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
127 f"Error while parsing file {path} for option {option}, are you sure " |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
128 f"it is a valid .pem file?" |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
129 ) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
130 if ( |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
131 option == "tls_private_key" |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
132 and options["tls_certificate"] == path |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
133 ): |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
134 raise exceptions.ConfigError( |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
135 f"You are using the same file for private key and public " |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
136 f"certificate, make sure that both a in {path} or use " |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
137 f"--tls_private_key option" |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
138 ) |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
139 |
|
a4b8c9bcfb57
tools/common (tls): moved re-usable Twisted TLS code from Libervia to tools/common
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
140 return ssl.CertificateOptions(**cert_options) |