Chromium Code Reviews Chromium Code Reviews
Issue 1347503002:
Add flags to python test server for channel id, extended master secret, and token binding (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 #!/usr/bin/env python | 1 #!/usr/bin/env python |
| 2 # Copyright 2013 The Chromium Authors. All rights reserved. | 2 # Copyright 2013 The Chromium Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 | 5 |
| 6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for | 6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for |
| 7 testing Chrome. | 7 testing Chrome. |
| 8 | 8 |
| 9 It supports several test URLs, as specified by the handlers in TestPageHandler. | 9 It supports several test URLs, as specified by the handlers in TestPageHandler. |
| 10 By default, it listens on an ephemeral port and sends the port number back to | 10 By default, it listens on an ephemeral port and sends the port number back to |
| (...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 151 testserver_base.StoppableHTTPServer): | 151 testserver_base.StoppableHTTPServer): |
| 152 """This is a specialization of StoppableHTTPServer that add https support and | 152 """This is a specialization of StoppableHTTPServer that add https support and |
| 153 client verification.""" | 153 client verification.""" |
| 154 | 154 |
| 155 def __init__(self, server_address, request_hander_class, pem_cert_and_key, | 155 def __init__(self, server_address, request_hander_class, pem_cert_and_key, |
| 156 ssl_client_auth, ssl_client_cas, ssl_client_cert_types, | 156 ssl_client_auth, ssl_client_cas, ssl_client_cert_types, |
| 157 ssl_bulk_ciphers, ssl_key_exchanges, enable_npn, | 157 ssl_bulk_ciphers, ssl_key_exchanges, enable_npn, |
| 158 record_resume_info, tls_intolerant, | 158 record_resume_info, tls_intolerant, |
| 159 tls_intolerance_type, signed_cert_timestamps, | 159 tls_intolerance_type, signed_cert_timestamps, |
| 160 fallback_scsv_enabled, ocsp_response, | 160 fallback_scsv_enabled, ocsp_response, |
| 161 alert_after_handshake): | 161 alert_after_handshake, disable_channel_id, disable_ems, |
| 162 token_binding_params): | |
|
davidben
2015/09/15 15:58:35
No need for this CL, but there may be something to
nharper
2015/09/15 23:49:19
I agree it's getting unwieldy.
| |
| 162 self.cert_chain = tlslite.api.X509CertChain() | 163 self.cert_chain = tlslite.api.X509CertChain() |
| 163 self.cert_chain.parsePemList(pem_cert_and_key) | 164 self.cert_chain.parsePemList(pem_cert_and_key) |
| 164 # Force using only python implementation - otherwise behavior is different | 165 # Force using only python implementation - otherwise behavior is different |
| 165 # depending on whether m2crypto Python module is present (error is thrown | 166 # depending on whether m2crypto Python module is present (error is thrown |
| 166 # when it is). m2crypto uses a C (based on OpenSSL) implementation under | 167 # when it is). m2crypto uses a C (based on OpenSSL) implementation under |
| 167 # the hood. | 168 # the hood. |
| 168 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, | 169 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, |
| 169 private=True, | 170 private=True, |
| 170 implementations=['python']) | 171 implementations=['python']) |
| 171 self.ssl_client_auth = ssl_client_auth | 172 self.ssl_client_auth = ssl_client_auth |
| (...skipping 25 matching lines...) Expand all Loading... | |
| 197 self.ssl_handshake_settings.minVersion = (3, 0) | 198 self.ssl_handshake_settings.minVersion = (3, 0) |
| 198 if ssl_bulk_ciphers is not None: | 199 if ssl_bulk_ciphers is not None: |
| 199 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers | 200 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers |
| 200 if ssl_key_exchanges is not None: | 201 if ssl_key_exchanges is not None: |
| 201 self.ssl_handshake_settings.keyExchangeNames = ssl_key_exchanges | 202 self.ssl_handshake_settings.keyExchangeNames = ssl_key_exchanges |
| 202 if tls_intolerant != 0: | 203 if tls_intolerant != 0: |
| 203 self.ssl_handshake_settings.tlsIntolerant = (3, tls_intolerant) | 204 self.ssl_handshake_settings.tlsIntolerant = (3, tls_intolerant) |
| 204 self.ssl_handshake_settings.tlsIntoleranceType = tls_intolerance_type | 205 self.ssl_handshake_settings.tlsIntoleranceType = tls_intolerance_type |
| 205 if alert_after_handshake: | 206 if alert_after_handshake: |
| 206 self.ssl_handshake_settings.alertAfterHandshake = True | 207 self.ssl_handshake_settings.alertAfterHandshake = True |
| 208 if disable_channel_id: | |
| 209 self.ssl_handshake_settings.enableChannelID = False | |
| 210 if disable_ems: | |
| 211 self.ssl_handshake_settings.enableExtendedMasterSecret = False | |
| 212 self.ssl_handshake_settings.supportedTokenBindingParams = \ | |
| 213 [int(param) for param in token_binding_params] | |
|
davidben
2015/09/15 15:58:35
I think you can avoid explicitly calling int and p
nharper
2015/09/15 23:49:19
Yes, that works. Thanks.
| |
| 207 | 214 |
| 208 if record_resume_info: | 215 if record_resume_info: |
| 209 # If record_resume_info is true then we'll replace the session cache with | 216 # If record_resume_info is true then we'll replace the session cache with |
| 210 # an object that records the lookups and inserts that it sees. | 217 # an object that records the lookups and inserts that it sees. |
| 211 self.session_cache = RecordingSSLSessionCache() | 218 self.session_cache = RecordingSSLSessionCache() |
| 212 else: | 219 else: |
| 213 self.session_cache = tlslite.api.SessionCache() | 220 self.session_cache = tlslite.api.SessionCache() |
| 214 testserver_base.StoppableHTTPServer.__init__(self, | 221 testserver_base.StoppableHTTPServer.__init__(self, |
| 215 server_address, | 222 server_address, |
| 216 request_hander_class) | 223 request_hander_class) |
| (...skipping 1833 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2050 self.options.ssl_bulk_cipher, | 2057 self.options.ssl_bulk_cipher, |
| 2051 self.options.ssl_key_exchange, | 2058 self.options.ssl_key_exchange, |
| 2052 self.options.enable_npn, | 2059 self.options.enable_npn, |
| 2053 self.options.record_resume, | 2060 self.options.record_resume, |
| 2054 self.options.tls_intolerant, | 2061 self.options.tls_intolerant, |
| 2055 self.options.tls_intolerance_type, | 2062 self.options.tls_intolerance_type, |
| 2056 self.options.signed_cert_timestamps_tls_ext.decode( | 2063 self.options.signed_cert_timestamps_tls_ext.decode( |
| 2057 "base64"), | 2064 "base64"), |
| 2058 self.options.fallback_scsv, | 2065 self.options.fallback_scsv, |
| 2059 stapled_ocsp_response, | 2066 stapled_ocsp_response, |
| 2060 self.options.alert_after_handshake) | 2067 self.options.alert_after_handshake, |
| 2068 self.options.disable_channel_id, | |
| 2069 self.options.disable_extended_master_secret, | |
| 2070 self.options.token_binding_params) | |
| 2061 print 'HTTPS server started on https://%s:%d...' % \ | 2071 print 'HTTPS server started on https://%s:%d...' % \ |
| 2062 (host, server.server_port) | 2072 (host, server.server_port) |
| 2063 else: | 2073 else: |
| 2064 server = HTTPServer((host, port), TestPageHandler) | 2074 server = HTTPServer((host, port), TestPageHandler) |
| 2065 print 'HTTP server started on http://%s:%d...' % \ | 2075 print 'HTTP server started on http://%s:%d...' % \ |
| 2066 (host, server.server_port) | 2076 (host, server.server_port) |
| 2067 | 2077 |
| 2068 server.data_dir = self.__make_data_dir() | 2078 server.data_dir = self.__make_data_dir() |
| 2069 server.file_root_url = self.options.file_root_url | 2079 server.file_root_url = self.options.file_root_url |
| 2070 server_data['port'] = server.server_port | 2080 server_data['port'] = server.server_port |
| (...skipping 225 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2296 self.option_parser.add_option('--alert-after-handshake', | 2306 self.option_parser.add_option('--alert-after-handshake', |
| 2297 dest='alert_after_handshake', | 2307 dest='alert_after_handshake', |
| 2298 default=False, action='store_true', | 2308 default=False, action='store_true', |
| 2299 help='If set, the server will send a fatal ' | 2309 help='If set, the server will send a fatal ' |
| 2300 'alert immediately after the handshake.') | 2310 'alert immediately after the handshake.') |
| 2301 self.option_parser.add_option('--no-anonymous-ftp-user', | 2311 self.option_parser.add_option('--no-anonymous-ftp-user', |
| 2302 dest='no_anonymous_ftp_user', | 2312 dest='no_anonymous_ftp_user', |
| 2303 default=False, action='store_true', | 2313 default=False, action='store_true', |
| 2304 help='If set, the FTP server will not create ' | 2314 help='If set, the FTP server will not create ' |
| 2305 'an anonymous user.') | 2315 'an anonymous user.') |
| 2316 self.option_parser.add_option('--disable-channel-id', action='store_true') | |
| 2317 self.option_parser.add_option('--disable-extended-master-secret', | |
| 2318 action='store_true') | |
| 2319 self.option_parser.add_option('--token-binding-params', action='append', | |
| 2320 default=[]) | |
| 2306 | 2321 |
| 2307 | 2322 |
| 2308 if __name__ == '__main__': | 2323 if __name__ == '__main__': |
| 2309 sys.exit(ServerRunner().main()) | 2324 sys.exit(ServerRunner().main()) |
| OLD | NEW |
