Here are the examples of the python api twisted.internet._sslverify._idnaBytes taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.
2 Examples
0
Source : endpoints.py
with MIT License
from fbla-competitive-events
with MIT License
from fbla-competitive-events
def _parseClientTLS(reactor, host, port, timeout=b'30', bindAddress=None,
certificate=None, privateKey=None, trustRoots=None,
endpoint=None, **kwargs):
"""
Internal method to construct an endpoint from string parameters.
@param reactor: The reactor passed to L{clientFromString}.
@param host: The hostname to connect to.
@type host: L{bytes} or L{unicode}
@param port: The port to connect to.
@type port: L{bytes} or L{unicode}
@param timeout: For each individual connection attempt, the number of
seconds to wait before assuming the connection has failed.
@type timeout: L{bytes} or L{unicode}
@param bindAddress: The address to which to bind outgoing connections.
@type bindAddress: L{bytes} or L{unicode}
@param certificate: a string representing a filesystem path to a
PEM-encoded certificate.
@type certificate: L{bytes} or L{unicode}
@param privateKey: a string representing a filesystem path to a PEM-encoded
certificate.
@type privateKey: L{bytes} or L{unicode}
@param endpoint: an optional string endpoint description of an endpoint to
wrap; if this is passed then C{host} is used only for certificate
verification.
@type endpoint: L{bytes} or L{unicode}
@return: a client TLS endpoint
@rtype: L{IStreamClientEndpoint}
"""
if kwargs:
raise TypeError('unrecognized keyword arguments present',
list(kwargs.keys()))
host = host if isinstance(host, unicode) else host.decode("utf-8")
bindAddress = (bindAddress
if isinstance(bindAddress, unicode) or bindAddress is None
else bindAddress.decode("utf-8"))
port = int(port)
timeout = int(timeout)
return wrapClientTLS(
optionsForClientTLS(
host, trustRoot=_parseTrustRootPath(trustRoots),
clientCertificate=_privateCertFromPaths(certificate,
privateKey)),
clientFromString(reactor, endpoint) if endpoint is not None
else HostnameEndpoint(reactor, _idnaBytes(host), port, timeout,
bindAddress)
)
@implementer(IPlugin, IStreamClientEndpointStringParserWithReactor)
0
Source : test_sslverify.py
with MIT License
from fbla-competitive-events
with MIT License
from fbla-competitive-events
def serviceIdentitySetup(self, clientHostname, serverHostname,
serverContextSetup=lambda ctx: None,
validCertificate=True,
clientPresentsCertificate=False,
validClientCertificate=True,
serverVerifies=False,
buggyInfoCallback=False,
fakePlatformTrust=False,
useDefaultTrust=False):
"""
Connect a server and a client.
@param clientHostname: The I{client's idea} of the server's hostname;
passed as the C{hostname} to the
L{sslverify.OpenSSLCertificateOptions} instance.
@type clientHostname: L{unicode}
@param serverHostname: The I{server's own idea} of the server's
hostname; present in the certificate presented by the server.
@type serverHostname: L{unicode}
@param serverContextSetup: a 1-argument callable invoked with the
L{OpenSSL.SSL.Context} after it's produced.
@type serverContextSetup: L{callable} taking L{OpenSSL.SSL.Context}
returning L{None}.
@param validCertificate: Is the server's certificate valid? L{True} if
so, L{False} otherwise.
@type validCertificate: L{bool}
@param clientPresentsCertificate: Should the client present a
certificate to the server? Defaults to 'no'.
@type clientPresentsCertificate: L{bool}
@param validClientCertificate: If the client presents a certificate,
should it actually be a valid one, i.e. signed by the same CA that
the server is checking? Defaults to 'yes'.
@type validClientCertificate: L{bool}
@param serverVerifies: Should the server verify the client's
certificate? Defaults to 'no'.
@type serverVerifies: L{bool}
@param buggyInfoCallback: Should we patch the implementation so that
the C{info_callback} passed to OpenSSL to have a bug and raise an
exception (L{ZeroDivisionError})? Defaults to 'no'.
@type buggyInfoCallback: L{bool}
@param fakePlatformTrust: Should we fake the platformTrust to be the
same as our fake server certificate authority, so that we can test
it's being used? Defaults to 'no' and we just pass platform trust.
@type fakePlatformTrust: L{bool}
@param useDefaultTrust: Should we avoid passing the C{trustRoot} to
L{ssl.optionsForClientTLS}? Defaults to 'no'.
@type useDefaultTrust: L{bool}
@return: see L{connectedServerAndClient}.
@rtype: see L{connectedServerAndClient}.
"""
serverIDNA = sslverify._idnaBytes(serverHostname)
serverCA, serverCert = certificatesForAuthorityAndServer(serverIDNA)
other = {}
passClientCert = None
clientCA, clientCert = certificatesForAuthorityAndServer(u'client')
if serverVerifies:
other.update(trustRoot=clientCA)
if clientPresentsCertificate:
if validClientCertificate:
passClientCert = clientCert
else:
bogusCA, bogus = certificatesForAuthorityAndServer(u'client')
passClientCert = bogus
serverOpts = sslverify.OpenSSLCertificateOptions(
privateKey=serverCert.privateKey.original,
certificate=serverCert.original,
**other
)
serverContextSetup(serverOpts.getContext())
if not validCertificate:
serverCA, otherServer = certificatesForAuthorityAndServer(
serverIDNA
)
if buggyInfoCallback:
def broken(*a, **k):
"""
Raise an exception.
@param a: Arguments for an C{info_callback}
@param k: Keyword arguments for an C{info_callback}
"""
1 / 0
self.patch(
sslverify.ClientTLSOptions, "_identityVerifyingInfoCallback",
broken,
)
signature = {'hostname': clientHostname}
if passClientCert:
signature.update(clientCertificate=passClientCert)
if not useDefaultTrust:
signature.update(trustRoot=serverCA)
if fakePlatformTrust:
self.patch(sslverify, "platformTrust", lambda: serverCA)
clientOpts = sslverify.optionsForClientTLS(**signature)
class GreetingServer(protocol.Protocol):
greeting = b"greetings!"
lostReason = None
data = b''
def connectionMade(self):
self.transport.write(self.greeting)
def dataReceived(self, data):
self.data += data
def connectionLost(self, reason):
self.lostReason = reason
class GreetingClient(protocol.Protocol):
greeting = b'cheerio!'
data = b''
lostReason = None
def connectionMade(self):
self.transport.write(self.greeting)
def dataReceived(self, data):
self.data += data
def connectionLost(self, reason):
self.lostReason = reason
self.serverOpts = serverOpts
self.clientOpts = clientOpts
clientFactory = TLSMemoryBIOFactory(
clientOpts, isClient=True,
wrappedFactory=protocol.Factory.forProtocol(GreetingClient)
)
serverFactory = TLSMemoryBIOFactory(
serverOpts, isClient=False,
wrappedFactory=protocol.Factory.forProtocol(GreetingServer)
)
return connectedServerAndClient(
lambda: serverFactory.buildProtocol(None),
lambda: clientFactory.buildProtocol(None),
)
def test_invalidHostname(self):