[Freevo-cvslog] Kaa r3155 - trunk/base/src/net

Dirk Meyer Tue, 04 Mar 2008 07:06:09 -0800

Author: dmeyer
Date: Tue Mar  4 10:06:01 2008
New Revision: 3155

Log:
Add basic TLS server support



Modified:
   trunk/base/src/net/tls.py

Modified: trunk/base/src/net/tls.py
==============================================================================
--- trunk/base/src/net/tls.py   (original)
+++ trunk/base/src/net/tls.py   Tue Mar  4 10:06:01 2008
@@ -44,14 +44,7 @@
     kaa.notifier support.
     """
     @kaa.coroutine()
-    def handshakeClientCert(self, certChain=None, privateKey=None, 
session=None,
-                            settings=None, checker=None):
-        """
-        Perform a certificate-based handshake in the role of client.
-        """
-        handshake = tlslite.api.TLSConnection.handshakeClientCert(
-            self, certChain=certChain, privateKey=privateKey, session=session,
-            settings=settings, checker=checker, async=True)
+    def _iterate_handshake(self, handshake):
         try:
             while True:
                 n = handshake.next()
@@ -65,8 +58,29 @@
                 disp.unregister()
         except StopIteration:
             pass
-        yield True
 
+    @kaa.coroutine()
+    def handshakeClientCert(self, certChain=None, privateKey=None, 
session=None,
+                            settings=None, checker=None):
+        """
+        Perform a certificate-based handshake in the role of client.
+        """
+        handshake = tlslite.api.TLSConnection.handshakeClientCert(
+            self, certChain=certChain, privateKey=privateKey, session=session,
+            settings=settings, checker=checker, async=True)
+        yield self._iterate_handshake(handshake)
+
+    @kaa.coroutine()
+    def handshakeServer(self, sharedKeyDB=None, verifierDB=None, 
certChain=None,
+                        privateKey=None, reqCert=None, sessionCache=None,
+                        settings=None, checker=None):
+        """
+        Start a server handshake operation on the TLS connection.
+        """
+        handshake = tlslite.api.TLSConnection.handshakeServerAsync(
+            self, sharedKeyDB, verifierDB, certChain, privateKey, reqCert,
+            sessionCache, settings, checker)
+        yield self._iterate_handshake(handshake)
 
     def fileno(self):
         """
@@ -77,7 +91,7 @@
 
 
 
-class Socket(kaa.Socket):
+class TlsSocket(kaa.Socket):
     """
     Special version of kaa.Socket with TLS support.
     """
@@ -86,6 +100,34 @@
         self.signals['tls'] = kaa.Signal()
 
 
+    def _accept(self):
+        """
+        Accept a new connection and return a new Socket object.
+        """
+        sock, addr = self._socket.accept()
+        client_socket = TlsSocket()
+        client_socket.wrap(sock, addr)
+        self.signals['new-client'].emit(client_socket)
+
+    def _update_read_monitor(self, signal = None, change = None):
+        # This function is broken in TlsSocket for two reasons:
+        # 1. auto-reconnect while doing a tls handshake is wrong
+        # 2. Passing self._socket to register does not work,
+        #    self._socket.fileno() is needed. Always using fileno()
+        #    does not work for some strange reason.
+        pass
+
+    def wrap(self, sock, addr = None):
+        """
+        Wraps an existing low-level socket object.  addr specifies the address
+        corresponding to the socket.
+        """
+        super(TlsSocket, self).wrap(sock, addr)
+        # since _update_read_monitor is deactivated we need to always register
+        # the rmon to the notifier.
+        if not self._rmon.active():
+            self._rmon.register(self._socket.fileno(), kaa.IO_READ)
+
     @kaa.coroutine()
     def starttls_client(self, session=None):
         """
@@ -101,3 +143,34 @@
         self._socket = c
         self.signals['tls'].emit()
         self._rmon.register(self._socket.fileno(), kaa.IO_READ)
+
+
+    @kaa.coroutine()
+    def starttls_server(self, key, cert_chain, client_cert=None):
+        """
+        Start a certificate-based handshake in the role of a TLS server.
+        Note: this function DOES NOT check the client key if requested.
+        """
+        c = TLSConnection(self._socket)
+        self._rmon.unregister()
+       yield c.handshakeServer(
+            privateKey=key, certChain=cert_chain, reqCert=client_cert)
+        self._socket = c
+        self.signals['tls'].emit()
+        self._rmon.register(self._socket.fileno(), kaa.IO_READ)
+
+
+def loadkey(filename, private=False):
+    """
+    Load a key in PEM format from file.
+    """
+    return parsePEMKey(open(filename).read(), private=private)
+
+
+def loadcert(filename):
+    """
+    Load a X509 certificate and create a chain.
+    """
+    x509 = X509()
+    x509.parse(open(filename).read())
+    return X509CertChain([x509])

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Freevo-cvslog mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/freevo-cvslog

[Freevo-cvslog] Kaa r3155 - trunk/base/src/net

Reply via email to