OLD | NEW |
1 #!/usr/bin/python2.4 | 1 #!/usr/bin/python2.4 |
2 # Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. | 2 # Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. |
3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
5 | 5 |
6 """This is a simple HTTP server used for testing Chrome. | 6 """This is a simple HTTP server used for testing Chrome. |
7 | 7 |
8 It supports several test URLs, as specified by the handlers in TestPageHandler. | 8 It supports several test URLs, as specified by the handlers in TestPageHandler. |
9 It defaults to living on localhost:8888. | 9 It defaults to living on localhost:8888. |
10 It can use https if you specify the flag --https=CERT where CERT is the path | 10 It can use https if you specify the flag --https=CERT where CERT is the path |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
57 self.stop = False | 57 self.stop = False |
58 self.nonce_time = None | 58 self.nonce_time = None |
59 while not self.stop: | 59 while not self.stop: |
60 self.handle_request() | 60 self.handle_request() |
61 self.socket.close() | 61 self.socket.close() |
62 | 62 |
63 class HTTPSServer(tlslite.api.TLSSocketServerMixIn, StoppableHTTPServer): | 63 class HTTPSServer(tlslite.api.TLSSocketServerMixIn, StoppableHTTPServer): |
64 """This is a specialization of StoppableHTTPerver that add https support.""" | 64 """This is a specialization of StoppableHTTPerver that add https support.""" |
65 | 65 |
66 def __init__(self, server_address, request_hander_class, cert_path, | 66 def __init__(self, server_address, request_hander_class, cert_path, |
67 ssl_client_auth, ssl_client_cas): | 67 ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers): |
68 s = open(cert_path).read() | 68 s = open(cert_path).read() |
69 x509 = tlslite.api.X509() | 69 x509 = tlslite.api.X509() |
70 x509.parse(s) | 70 x509.parse(s) |
71 self.cert_chain = tlslite.api.X509CertChain([x509]) | 71 self.cert_chain = tlslite.api.X509CertChain([x509]) |
72 s = open(cert_path).read() | 72 s = open(cert_path).read() |
73 self.private_key = tlslite.api.parsePEMKey(s, private=True) | 73 self.private_key = tlslite.api.parsePEMKey(s, private=True) |
74 self.ssl_client_auth = ssl_client_auth | 74 self.ssl_client_auth = ssl_client_auth |
75 self.ssl_client_cas = [] | 75 self.ssl_client_cas = [] |
76 for ca_file in ssl_client_cas: | 76 for ca_file in ssl_client_cas: |
77 s = open(ca_file).read() | 77 s = open(ca_file).read() |
78 x509 = tlslite.api.X509() | 78 x509 = tlslite.api.X509() |
79 x509.parse(s) | 79 x509.parse(s) |
80 self.ssl_client_cas.append(x509.subject) | 80 self.ssl_client_cas.append(x509.subject) |
| 81 self.ssl_handshake_settings = tlslite.api.HandshakeSettings() |
| 82 if ssl_bulk_ciphers is not None: |
| 83 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers |
81 | 84 |
82 self.session_cache = tlslite.api.SessionCache() | 85 self.session_cache = tlslite.api.SessionCache() |
83 StoppableHTTPServer.__init__(self, server_address, request_hander_class) | 86 StoppableHTTPServer.__init__(self, server_address, request_hander_class) |
84 | 87 |
85 def handshake(self, tlsConnection): | 88 def handshake(self, tlsConnection): |
86 """Creates the SSL connection.""" | 89 """Creates the SSL connection.""" |
87 try: | 90 try: |
88 tlsConnection.handshakeServer(certChain=self.cert_chain, | 91 tlsConnection.handshakeServer(certChain=self.cert_chain, |
89 privateKey=self.private_key, | 92 privateKey=self.private_key, |
90 sessionCache=self.session_cache, | 93 sessionCache=self.session_cache, |
91 reqCert=self.ssl_client_auth, | 94 reqCert=self.ssl_client_auth, |
| 95 settings=self.ssl_handshake_settings, |
92 reqCAs=self.ssl_client_cas) | 96 reqCAs=self.ssl_client_cas) |
93 tlsConnection.ignoreAbruptClose = True | 97 tlsConnection.ignoreAbruptClose = True |
94 return True | 98 return True |
95 except tlslite.api.TLSAbruptCloseError: | 99 except tlslite.api.TLSAbruptCloseError: |
96 # Ignore abrupt close. | 100 # Ignore abrupt close. |
97 return True | 101 return True |
98 except tlslite.api.TLSError, error: | 102 except tlslite.api.TLSError, error: |
99 print "Handshake failure:", str(error) | 103 print "Handshake failure:", str(error) |
100 return False | 104 return False |
101 | 105 |
(...skipping 1060 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1162 if not os.path.isfile(options.cert): | 1166 if not os.path.isfile(options.cert): |
1163 print 'specified server cert file not found: ' + options.cert + \ | 1167 print 'specified server cert file not found: ' + options.cert + \ |
1164 ' exiting...' | 1168 ' exiting...' |
1165 return | 1169 return |
1166 for ca_cert in options.ssl_client_ca: | 1170 for ca_cert in options.ssl_client_ca: |
1167 if not os.path.isfile(ca_cert): | 1171 if not os.path.isfile(ca_cert): |
1168 print 'specified trusted client CA file not found: ' + ca_cert + \ | 1172 print 'specified trusted client CA file not found: ' + ca_cert + \ |
1169 ' exiting...' | 1173 ' exiting...' |
1170 return | 1174 return |
1171 server = HTTPSServer(('127.0.0.1', port), TestPageHandler, options.cert, | 1175 server = HTTPSServer(('127.0.0.1', port), TestPageHandler, options.cert, |
1172 options.ssl_client_auth, options.ssl_client_ca) | 1176 options.ssl_client_auth, options.ssl_client_ca, |
| 1177 options.ssl_bulk_cipher) |
1173 print 'HTTPS server started on port %d...' % port | 1178 print 'HTTPS server started on port %d...' % port |
1174 else: | 1179 else: |
1175 server = StoppableHTTPServer(('127.0.0.1', port), TestPageHandler) | 1180 server = StoppableHTTPServer(('127.0.0.1', port), TestPageHandler) |
1176 print 'HTTP server started on port %d...' % port | 1181 print 'HTTP server started on port %d...' % port |
1177 | 1182 |
1178 server.data_dir = MakeDataDir() | 1183 server.data_dir = MakeDataDir() |
1179 server.file_root_url = options.file_root_url | 1184 server.file_root_url = options.file_root_url |
1180 server._sync_handler = None | 1185 server._sync_handler = None |
1181 | 1186 |
1182 # means FTP Server | 1187 # means FTP Server |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1233 option_parser.add_option('', '--data-dir', dest='data_dir', | 1238 option_parser.add_option('', '--data-dir', dest='data_dir', |
1234 help='Directory from which to read the files.') | 1239 help='Directory from which to read the files.') |
1235 option_parser.add_option('', '--https', dest='cert', | 1240 option_parser.add_option('', '--https', dest='cert', |
1236 help='Specify that https should be used, specify ' | 1241 help='Specify that https should be used, specify ' |
1237 'the path to the cert containing the private key ' | 1242 'the path to the cert containing the private key ' |
1238 'the server should use.') | 1243 'the server should use.') |
1239 option_parser.add_option('', '--ssl-client-auth', action='store_true', | 1244 option_parser.add_option('', '--ssl-client-auth', action='store_true', |
1240 help='Require SSL client auth on every connection.') | 1245 help='Require SSL client auth on every connection.') |
1241 option_parser.add_option('', '--ssl-client-ca', action='append', default=[], | 1246 option_parser.add_option('', '--ssl-client-ca', action='append', default=[], |
1242 help='Specify that the client certificate request ' | 1247 help='Specify that the client certificate request ' |
1243 'should indicate that it supports the CA contained ' | 1248 'should include the CA named in the subject of ' |
1244 'in the specified certificate file') | 1249 'the DER-encoded certificate contained in the ' |
| 1250 'specified file. This option may appear multiple ' |
| 1251 'times, indicating multiple CA names should be ' |
| 1252 'sent in the request.') |
| 1253 option_parser.add_option('', '--ssl-bulk-cipher', action='append', |
| 1254 help='Specify the bulk encryption algorithm(s)' |
| 1255 'that will be accepted by the SSL server. Valid ' |
| 1256 'values are "aes256", "aes128", "3des", "rc4". If ' |
| 1257 'omitted, all algorithms will be used. This ' |
| 1258 'option may appear multiple times, indicating ' |
| 1259 'multiple algorithms should be enabled.'); |
1245 option_parser.add_option('', '--file-root-url', default='/files/', | 1260 option_parser.add_option('', '--file-root-url', default='/files/', |
1246 help='Specify a root URL for files served.') | 1261 help='Specify a root URL for files served.') |
1247 option_parser.add_option('', '--startup-pipe', type='int', | 1262 option_parser.add_option('', '--startup-pipe', type='int', |
1248 dest='startup_pipe', | 1263 dest='startup_pipe', |
1249 help='File handle of pipe to parent process') | 1264 help='File handle of pipe to parent process') |
1250 options, args = option_parser.parse_args() | 1265 options, args = option_parser.parse_args() |
1251 | 1266 |
1252 sys.exit(main(options, args)) | 1267 sys.exit(main(options, args)) |
OLD | NEW |