| OLD | NEW |
|---|
| 1 #!/usr/bin/env python | 1 #!/usr/bin/env python |
| 2 # Copyright 2013 The Chromium Authors. All rights reserved. | 2 # Copyright 2013 The Chromium Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 | 5 |
| 6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for | 6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for |
| 7 testing Chrome. | 7 testing Chrome. |
| 8 | 8 |
| 9 It supports several test URLs, as specified by the handlers in TestPageHandler. | 9 It supports several test URLs, as specified by the handlers in TestPageHandler. |
| 10 By default, it listens on an ephemeral port and sends the port number back to | 10 By default, it listens on an ephemeral port and sends the port number back to |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 146 | 146 |
| 147 class HTTPSServer(tlslite.api.TLSSocketServerMixIn, | 147 class HTTPSServer(tlslite.api.TLSSocketServerMixIn, |
| 148 testserver_base.ClientRestrictingServerMixIn, | 148 testserver_base.ClientRestrictingServerMixIn, |
| 149 testserver_base.BrokenPipeHandlerMixIn, | 149 testserver_base.BrokenPipeHandlerMixIn, |
| 150 testserver_base.StoppableHTTPServer): | 150 testserver_base.StoppableHTTPServer): |
| 151 """This is a specialization of StoppableHTTPServer that add https support and | 151 """This is a specialization of StoppableHTTPServer that add https support and |
| 152 client verification.""" | 152 client verification.""" |
| 153 | 153 |
| 154 def __init__(self, server_address, request_hander_class, pem_cert_and_key, | 154 def __init__(self, server_address, request_hander_class, pem_cert_and_key, |
| 155 ssl_client_auth, ssl_client_cas, | 155 ssl_client_auth, ssl_client_cas, |
| 156 ssl_bulk_ciphers, ssl_key_exchanges, | 156 ssl_bulk_ciphers, ssl_key_exchanges, enable_npn, |
| 157 record_resume_info, tls_intolerant, signed_cert_timestamps, | 157 record_resume_info, tls_intolerant, signed_cert_timestamps, |
| 158 fallback_scsv_enabled, ocsp_response): | 158 fallback_scsv_enabled, ocsp_response): |
| 159 self.cert_chain = tlslite.api.X509CertChain() | 159 self.cert_chain = tlslite.api.X509CertChain() |
| 160 self.cert_chain.parsePemList(pem_cert_and_key) | 160 self.cert_chain.parsePemList(pem_cert_and_key) |
| 161 # Force using only python implementation - otherwise behavior is different | 161 # Force using only python implementation - otherwise behavior is different |
| 162 # depending on whether m2crypto Python module is present (error is thrown | 162 # depending on whether m2crypto Python module is present (error is thrown |
| 163 # when it is). m2crypto uses a C (based on OpenSSL) implementation under | 163 # when it is). m2crypto uses a C (based on OpenSSL) implementation under |
| 164 # the hood. | 164 # the hood. |
| 165 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, | 165 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, |
| 166 private=True, | 166 private=True, |
| 167 implementations=['python']) | 167 implementations=['python']) |
| 168 self.ssl_client_auth = ssl_client_auth | 168 self.ssl_client_auth = ssl_client_auth |
| 169 self.ssl_client_cas = [] | 169 self.ssl_client_cas = [] |
| 170 if enable_npn: |
| 171 self.next_protos = ['http/1.1'] |
| 172 else: |
| 173 self.next_protos = None |
| 170 if tls_intolerant == 0: | 174 if tls_intolerant == 0: |
| 171 self.tls_intolerant = None | 175 self.tls_intolerant = None |
| 172 else: | 176 else: |
| 173 self.tls_intolerant = (3, tls_intolerant) | 177 self.tls_intolerant = (3, tls_intolerant) |
| 174 self.signed_cert_timestamps = signed_cert_timestamps | 178 self.signed_cert_timestamps = signed_cert_timestamps |
| 175 self.fallback_scsv_enabled = fallback_scsv_enabled | 179 self.fallback_scsv_enabled = fallback_scsv_enabled |
| 176 self.ocsp_response = ocsp_response | 180 self.ocsp_response = ocsp_response |
| 177 | 181 |
| 178 for ca_file in ssl_client_cas: | 182 for ca_file in ssl_client_cas: |
| 179 s = open(ca_file).read() | 183 s = open(ca_file).read() |
| (...skipping 20 matching lines...) Expand all Loading... |
| 200 """Creates the SSL connection.""" | 204 """Creates the SSL connection.""" |
| 201 | 205 |
| 202 try: | 206 try: |
| 203 self.tlsConnection = tlsConnection | 207 self.tlsConnection = tlsConnection |
| 204 tlsConnection.handshakeServer(certChain=self.cert_chain, | 208 tlsConnection.handshakeServer(certChain=self.cert_chain, |
| 205 privateKey=self.private_key, | 209 privateKey=self.private_key, |
| 206 sessionCache=self.session_cache, | 210 sessionCache=self.session_cache, |
| 207 reqCert=self.ssl_client_auth, | 211 reqCert=self.ssl_client_auth, |
| 208 settings=self.ssl_handshake_settings, | 212 settings=self.ssl_handshake_settings, |
| 209 reqCAs=self.ssl_client_cas, | 213 reqCAs=self.ssl_client_cas, |
| 214 nextProtos=self.next_protos, |
| 210 tlsIntolerant=self.tls_intolerant, | 215 tlsIntolerant=self.tls_intolerant, |
| 211 signedCertTimestamps= | 216 signedCertTimestamps= |
| 212 self.signed_cert_timestamps, | 217 self.signed_cert_timestamps, |
| 213 fallbackSCSV=self.fallback_scsv_enabled, | 218 fallbackSCSV=self.fallback_scsv_enabled, |
| 214 ocspResponse = self.ocsp_response) | 219 ocspResponse = self.ocsp_response) |
| 215 tlsConnection.ignoreAbruptClose = True | 220 tlsConnection.ignoreAbruptClose = True |
| 216 return True | 221 return True |
| 217 except tlslite.api.TLSAbruptCloseError: | 222 except tlslite.api.TLSAbruptCloseError: |
| 218 # Ignore abrupt close. | 223 # Ignore abrupt close. |
| 219 return True | 224 return True |
| (...skipping 1759 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1979 | 1984 |
| 1980 stapled_ocsp_response = None | 1985 stapled_ocsp_response = None |
| 1981 if self.__ocsp_server and self.options.staple_ocsp_response: | 1986 if self.__ocsp_server and self.options.staple_ocsp_response: |
| 1982 stapled_ocsp_response = self.__ocsp_server.ocsp_response | 1987 stapled_ocsp_response = self.__ocsp_server.ocsp_response |
| 1983 | 1988 |
| 1984 server = HTTPSServer((host, port), TestPageHandler, pem_cert_and_key, | 1989 server = HTTPSServer((host, port), TestPageHandler, pem_cert_and_key, |
| 1985 self.options.ssl_client_auth, | 1990 self.options.ssl_client_auth, |
| 1986 self.options.ssl_client_ca, | 1991 self.options.ssl_client_ca, |
| 1987 self.options.ssl_bulk_cipher, | 1992 self.options.ssl_bulk_cipher, |
| 1988 self.options.ssl_key_exchange, | 1993 self.options.ssl_key_exchange, |
| 1994 self.options.enable_npn, |
| 1989 self.options.record_resume, | 1995 self.options.record_resume, |
| 1990 self.options.tls_intolerant, | 1996 self.options.tls_intolerant, |
| 1991 self.options.signed_cert_timestamps_tls_ext.decode( | 1997 self.options.signed_cert_timestamps_tls_ext.decode( |
| 1992 "base64"), | 1998 "base64"), |
| 1993 self.options.fallback_scsv, | 1999 self.options.fallback_scsv, |
| 1994 stapled_ocsp_response) | 2000 stapled_ocsp_response) |
| 1995 print 'HTTPS server started on %s:%d...' % (host, server.server_port) | 2001 print 'HTTPS server started on %s:%d...' % (host, server.server_port) |
| 1996 else: | 2002 else: |
| 1997 server = HTTPServer((host, port), TestPageHandler) | 2003 server = HTTPServer((host, port), TestPageHandler) |
| 1998 print 'HTTP server started on %s:%d...' % (host, server.server_port) | 2004 print 'HTTP server started on %s:%d...' % (host, server.server_port) |
| (...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2175 'appear multiple times, indicating ' | 2181 'appear multiple times, indicating ' |
| 2176 'multiple algorithms should be enabled.'); | 2182 'multiple algorithms should be enabled.'); |
| 2177 self.option_parser.add_option('--ssl-key-exchange', action='append', | 2183 self.option_parser.add_option('--ssl-key-exchange', action='append', |
| 2178 help='Specify the key exchange algorithm(s)' | 2184 help='Specify the key exchange algorithm(s)' |
| 2179 'that will be accepted by the SSL server. ' | 2185 'that will be accepted by the SSL server. ' |
| 2180 'Valid values are "rsa", "dhe_rsa". If ' | 2186 'Valid values are "rsa", "dhe_rsa". If ' |
| 2181 'omitted, all algorithms will be used. This ' | 2187 'omitted, all algorithms will be used. This ' |
| 2182 'option may appear multiple times, ' | 2188 'option may appear multiple times, ' |
| 2183 'indicating multiple algorithms should be ' | 2189 'indicating multiple algorithms should be ' |
| 2184 'enabled.'); | 2190 'enabled.'); |
| 2191 # TODO(davidben): Add ALPN support to tlslite. |
| 2192 self.option_parser.add_option('--enable-npn', dest='enable_npn', |
| 2193 default=False, const=True, |
| 2194 action='store_const', |
| 2195 help='Enable server support for the NPN ' |
| 2196 'extension. The server will advertise ' |
| 2197 'support for exactly one protocol, http/1.1') |
| 2185 self.option_parser.add_option('--file-root-url', default='/files/', | 2198 self.option_parser.add_option('--file-root-url', default='/files/', |
| 2186 help='Specify a root URL for files served.') | 2199 help='Specify a root URL for files served.') |
| 2187 | 2200 |
| 2188 | 2201 |
| 2189 if __name__ == '__main__': | 2202 if __name__ == '__main__': |
| 2190 sys.exit(ServerRunner().main()) | 2203 sys.exit(ServerRunner().main()) |
| OLD | NEW |
|---|
Chromium Code Reviews
