| OLD | NEW |
|---|
| 1 #!/usr/bin/env python | 1 #!/usr/bin/env python |
| 2 # Copyright 2013 The Chromium Authors. All rights reserved. | 2 # Copyright 2013 The Chromium Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 | 5 |
| 6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for | 6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for |
| 7 testing Chrome. | 7 testing Chrome. |
| 8 | 8 |
| 9 It supports several test URLs, as specified by the handlers in TestPageHandler. | 9 It supports several test URLs, as specified by the handlers in TestPageHandler. |
| 10 By default, it listens on an ephemeral port and sends the port number back to | 10 By default, it listens on an ephemeral port and sends the port number back to |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 73 SERVER_HTTP = 0 | 73 SERVER_HTTP = 0 |
| 74 SERVER_FTP = 1 | 74 SERVER_FTP = 1 |
| 75 SERVER_TCP_ECHO = 2 | 75 SERVER_TCP_ECHO = 2 |
| 76 SERVER_UDP_ECHO = 3 | 76 SERVER_UDP_ECHO = 3 |
| 77 SERVER_BASIC_AUTH_PROXY = 4 | 77 SERVER_BASIC_AUTH_PROXY = 4 |
| 78 SERVER_WEBSOCKET = 5 | 78 SERVER_WEBSOCKET = 5 |
| 79 | 79 |
| 80 # Default request queue size for WebSocketServer. | 80 # Default request queue size for WebSocketServer. |
| 81 _DEFAULT_REQUEST_QUEUE_SIZE = 128 | 81 _DEFAULT_REQUEST_QUEUE_SIZE = 128 |
| 82 | 82 |
| 83 OCSP_STATES_NO_SINGLE_RESPONSE = { |
| 84 minica.OCSP_STATE_INVALID_RESPONSE, |
| 85 minica.OCSP_STATE_UNAUTHORIZED, |
| 86 minica.OCSP_STATE_TRY_LATER, |
| 87 minica.OCSP_STATE_INVALID_RESPONSE_DATA, |
| 88 } |
| 89 |
| 83 class WebSocketOptions: | 90 class WebSocketOptions: |
| 84 """Holds options for WebSocketServer.""" | 91 """Holds options for WebSocketServer.""" |
| 85 | 92 |
| 86 def __init__(self, host, port, data_dir): | 93 def __init__(self, host, port, data_dir): |
| 87 self.request_queue_size = _DEFAULT_REQUEST_QUEUE_SIZE | 94 self.request_queue_size = _DEFAULT_REQUEST_QUEUE_SIZE |
| 88 self.server_host = host | 95 self.server_host = host |
| 89 self.port = port | 96 self.port = port |
| 90 self.websock_handlers = data_dir | 97 self.websock_handlers = data_dir |
| 91 self.scan_dir = None | 98 self.scan_dir = None |
| 92 self.allow_handlers_outside_root_dir = False | 99 self.allow_handlers_outside_root_dir = False |
| (...skipping 1796 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1889 raise testserver_base.OptionError( | 1896 raise testserver_base.OptionError( |
| 1890 'specified server cert file not found: ' + | 1897 'specified server cert file not found: ' + |
| 1891 self.options.cert_and_key_file + ' exiting...') | 1898 self.options.cert_and_key_file + ' exiting...') |
| 1892 pem_cert_and_key = file(self.options.cert_and_key_file, 'r').read() | 1899 pem_cert_and_key = file(self.options.cert_and_key_file, 'r').read() |
| 1893 else: | 1900 else: |
| 1894 # generate a new certificate and run an OCSP server for it. | 1901 # generate a new certificate and run an OCSP server for it. |
| 1895 self.__ocsp_server = OCSPServer((host, 0), OCSPHandler) | 1902 self.__ocsp_server = OCSPServer((host, 0), OCSPHandler) |
| 1896 print ('OCSP server started on %s:%d...' % | 1903 print ('OCSP server started on %s:%d...' % |
| 1897 (host, self.__ocsp_server.server_port)) | 1904 (host, self.__ocsp_server.server_port)) |
| 1898 | 1905 |
| 1899 ocsp_state = None | 1906 ocsp_states = list() |
| 1907 for ocsp_state_arg in self.options.ocsp.split(':'): |
| 1908 if ocsp_state_arg == 'ok': |
| 1909 ocsp_state = minica.OCSP_STATE_GOOD |
| 1910 elif ocsp_state_arg == 'revoked': |
| 1911 ocsp_state = minica.OCSP_STATE_REVOKED |
| 1912 elif ocsp_state_arg == 'invalid': |
| 1913 ocsp_state = minica.OCSP_STATE_INVALID_RESPONSE |
| 1914 elif ocsp_state_arg == 'unauthorized': |
| 1915 ocsp_state = minica.OCSP_STATE_UNAUTHORIZED |
| 1916 elif ocsp_state_arg == 'unknown': |
| 1917 ocsp_state = minica.OCSP_STATE_UNKNOWN |
| 1918 elif ocsp_state_arg == 'later': |
| 1919 ocsp_state = minica.OCSP_STATE_TRY_LATER |
| 1920 elif ocsp_state_arg == 'invalid_data': |
| 1921 ocsp_state = minica.OCSP_STATE_INVALID_RESPONSE_DATA |
| 1922 elif ocsp_state_arg == "mismatched_serial": |
| 1923 ocsp_state = minica.OCSP_STATE_MISMATCHED_SERIAL |
| 1924 else: |
| 1925 raise testserver_base.OptionError('unknown OCSP status: ' + |
| 1926 ocsp_state_arg) |
| 1927 ocsp_states.append(ocsp_state) |
| 1900 | 1928 |
| 1901 if self.options.ocsp == 'ok': | 1929 if len(ocsp_states) > 1: |
| 1902 ocsp_state = minica.OCSP_STATE_GOOD | 1930 if set(ocsp_states) & OCSP_STATES_NO_SINGLE_RESPONSE: |
| 1903 elif self.options.ocsp == 'revoked': | 1931 raise testserver_base.OptionError('Multiple OCSP responses ' |
| 1904 ocsp_state = minica.OCSP_STATE_REVOKED | 1932 'incompatible with states ' + str(ocsp_states)) |
| 1905 elif self.options.ocsp == 'invalid': | 1933 |
| 1906 ocsp_state = minica.OCSP_STATE_INVALID | 1934 ocsp_dates = list() |
| 1907 elif self.options.ocsp == 'unauthorized': | 1935 for ocsp_date_arg in self.options.ocsp_date.split(':'): |
| 1908 ocsp_state = minica.OCSP_STATE_UNAUTHORIZED | 1936 if ocsp_date_arg == 'valid': |
| 1909 elif self.options.ocsp == 'unknown': | 1937 ocsp_date = minica.OCSP_DATE_VALID |
| 1910 ocsp_state = minica.OCSP_STATE_UNKNOWN | 1938 elif ocsp_date_arg == 'old': |
| 1939 ocsp_date = minica.OCSP_DATE_OLD |
| 1940 elif ocsp_date_arg == 'early': |
| 1941 ocsp_date = minica.OCSP_DATE_EARLY |
| 1942 elif ocsp_date_arg == 'long': |
| 1943 ocsp_date = minica.OCSP_DATE_LONG |
| 1944 elif ocsp_date_arg == 'before_cert': |
| 1945 ocsp_date = minica.OCSP_DATE_AFTER_CERT |
| 1946 elif ocsp_date_arg == 'after_cert': |
| 1947 ocsp_date = minica.OCSP_DATE_AFTER_CERT |
| 1948 else: |
| 1949 raise testserver_base.OptionError('unknown OCSP date: ' + |
| 1950 ocsp_date_arg) |
| 1951 ocsp_dates.append(ocsp_date) |
| 1952 |
| 1953 if len(ocsp_states) != len(ocsp_dates): |
| 1954 raise testserver_base.OptionError('mismatched ocsp and ocsp-date ' |
| 1955 'count') |
| 1956 |
| 1957 ocsp_produced = None |
| 1958 if self.options.ocsp_produced == 'valid': |
| 1959 ocsp_produced = minica.OCSP_PRODUCED_VALID |
| 1960 elif self.options.ocsp_produced == 'before': |
| 1961 ocsp_produced = minica.OCSP_PRODUCED_BEFORE_CERT |
| 1962 elif self.options.ocsp_produced == 'after': |
| 1963 ocsp_produced = minica.OCSP_PRODUCED_AFTER_CERT |
| 1911 else: | 1964 else: |
| 1912 raise testserver_base.OptionError('unknown OCSP status: ' + | 1965 raise testserver_base.OptionError('unknown OCSP produced: ' + |
| 1913 self.options.ocsp_status) | 1966 self.options.ocsp_produced) |
| 1914 | 1967 |
| 1915 (pem_cert_and_key, ocsp_der) = minica.GenerateCertKeyAndOCSP( | 1968 (pem_cert_and_key, ocsp_der) = minica.GenerateCertKeyAndOCSP( |
| 1916 subject = "127.0.0.1", | 1969 subject = "127.0.0.1", |
| 1917 ocsp_url = ("http://%s:%d/ocsp" % | 1970 ocsp_url = ("http://%s:%d/ocsp" % |
| 1918 (host, self.__ocsp_server.server_port)), | 1971 (host, self.__ocsp_server.server_port)), |
| 1919 ocsp_state = ocsp_state, | 1972 ocsp_states = ocsp_states, |
| 1973 ocsp_dates = ocsp_dates, |
| 1974 ocsp_produced = ocsp_produced, |
| 1920 serial = self.options.cert_serial) | 1975 serial = self.options.cert_serial) |
| 1921 | 1976 |
| 1922 if self.options.ocsp_server_unavailable: | 1977 if self.options.ocsp_server_unavailable: |
| 1923 # SEQUENCE containing ENUMERATED with value 3 (tryLater). | 1978 # SEQUENCE containing ENUMERATED with value 3 (tryLater). |
| 1924 self.__ocsp_server.ocsp_response = '30030a0103'.decode('hex') | 1979 self.__ocsp_server.ocsp_response = '30030a0103'.decode('hex') |
| 1925 else: | 1980 else: |
| 1926 self.__ocsp_server.ocsp_response = ocsp_der | 1981 self.__ocsp_server.ocsp_response = ocsp_der |
| 1927 | 1982 |
| 1928 for ca_cert in self.options.ssl_client_ca: | 1983 for ca_cert in self.options.ssl_client_ca: |
| 1929 if not os.path.isfile(ca_cert): | 1984 if not os.path.isfile(ca_cert): |
| (...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2081 'should be used.') | 2136 'should be used.') |
| 2082 self.option_parser.add_option('--cert-and-key-file', | 2137 self.option_parser.add_option('--cert-and-key-file', |
| 2083 dest='cert_and_key_file', help='specify the ' | 2138 dest='cert_and_key_file', help='specify the ' |
| 2084 'path to the file containing the certificate ' | 2139 'path to the file containing the certificate ' |
| 2085 'and private key for the server in PEM ' | 2140 'and private key for the server in PEM ' |
| 2086 'format') | 2141 'format') |
| 2087 self.option_parser.add_option('--ocsp', dest='ocsp', default='ok', | 2142 self.option_parser.add_option('--ocsp', dest='ocsp', default='ok', |
| 2088 help='The type of OCSP response generated ' | 2143 help='The type of OCSP response generated ' |
| 2089 'for the automatically generated ' | 2144 'for the automatically generated ' |
| 2090 'certificate. One of [ok,revoked,invalid]') | 2145 'certificate. One of [ok,revoked,invalid]') |
| 2146 self.option_parser.add_option('--ocsp-date', dest='ocsp_date', |
| 2147 default='valid', help='The validity of the ' |
| 2148 'range between thisUpdate and nextUpdate') |
| 2149 self.option_parser.add_option('--ocsp-produced', dest='ocsp_produced', |
| 2150 default='valid', help='producedAt relative ' |
| 2151 'to certificate expiry') |
| 2091 self.option_parser.add_option('--cert-serial', dest='cert_serial', | 2152 self.option_parser.add_option('--cert-serial', dest='cert_serial', |
| 2092 default=0, type=int, | 2153 default=0, type=int, |
| 2093 help='If non-zero then the generated ' | 2154 help='If non-zero then the generated ' |
| 2094 'certificate will have this serial number') | 2155 'certificate will have this serial number') |
| 2095 self.option_parser.add_option('--tls-intolerant', dest='tls_intolerant', | 2156 self.option_parser.add_option('--tls-intolerant', dest='tls_intolerant', |
| 2096 default='0', type='int', | 2157 default='0', type='int', |
| 2097 help='If nonzero, certain TLS connections ' | 2158 help='If nonzero, certain TLS connections ' |
| 2098 'will be aborted in order to test version ' | 2159 'will be aborted in order to test version ' |
| 2099 'fallback. 1 means all TLS versions will be ' | 2160 'fallback. 1 means all TLS versions will be ' |
| 2100 'aborted. 2 means TLS 1.1 or higher will be ' | 2161 'aborted. 2 means TLS 1.1 or higher will be ' |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2198 'an anonymous user.') | 2259 'an anonymous user.') |
| 2199 self.option_parser.add_option('--disable-channel-id', action='store_true') | 2260 self.option_parser.add_option('--disable-channel-id', action='store_true') |
| 2200 self.option_parser.add_option('--disable-extended-master-secret', | 2261 self.option_parser.add_option('--disable-extended-master-secret', |
| 2201 action='store_true') | 2262 action='store_true') |
| 2202 self.option_parser.add_option('--token-binding-params', action='append', | 2263 self.option_parser.add_option('--token-binding-params', action='append', |
| 2203 default=[], type='int') | 2264 default=[], type='int') |
| 2204 | 2265 |
| 2205 | 2266 |
| 2206 if __name__ == '__main__': | 2267 if __name__ == '__main__': |
| 2207 sys.exit(ServerRunner().main()) | 2268 sys.exit(ServerRunner().main()) |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2100303002:
Add OCSPVerifyResult for tracking stapled OCSP responses cross-platform. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@ocsp-date-check