OLD | NEW |
---|---|
1 #!/usr/bin/env python | 1 #!/usr/bin/env python |
2 # Copyright 2013 The Chromium Authors. All rights reserved. | 2 # Copyright 2013 The Chromium Authors. All rights reserved. |
3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
5 | 5 |
6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for | 6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for |
7 testing Chrome. | 7 testing Chrome. |
8 | 8 |
9 It supports several test URLs, as specified by the handlers in TestPageHandler. | 9 It supports several test URLs, as specified by the handlers in TestPageHandler. |
10 By default, it listens on an ephemeral port and sends the port number back to | 10 By default, it listens on an ephemeral port and sends the port number back to |
(...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
142 | 142 |
143 | 143 |
144 class HTTPSServer(tlslite.api.TLSSocketServerMixIn, | 144 class HTTPSServer(tlslite.api.TLSSocketServerMixIn, |
145 testserver_base.ClientRestrictingServerMixIn, | 145 testserver_base.ClientRestrictingServerMixIn, |
146 testserver_base.BrokenPipeHandlerMixIn, | 146 testserver_base.BrokenPipeHandlerMixIn, |
147 testserver_base.StoppableHTTPServer): | 147 testserver_base.StoppableHTTPServer): |
148 """This is a specialization of StoppableHTTPServer that add https support and | 148 """This is a specialization of StoppableHTTPServer that add https support and |
149 client verification.""" | 149 client verification.""" |
150 | 150 |
151 def __init__(self, server_address, request_hander_class, pem_cert_and_key, | 151 def __init__(self, server_address, request_hander_class, pem_cert_and_key, |
152 ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers, | 152 ssl_client_auth, ssl_client_cas, |
153 ssl_bulk_ciphers, ssl_key_exchanges, | |
153 record_resume_info, tls_intolerant, signed_cert_timestamps, | 154 record_resume_info, tls_intolerant, signed_cert_timestamps, |
154 fallback_scsv_enabled, ocsp_response): | 155 fallback_scsv_enabled, ocsp_response): |
155 self.cert_chain = tlslite.api.X509CertChain() | 156 self.cert_chain = tlslite.api.X509CertChain() |
156 self.cert_chain.parsePemList(pem_cert_and_key) | 157 self.cert_chain.parsePemList(pem_cert_and_key) |
157 # Force using only python implementation - otherwise behavior is different | 158 # Force using only python implementation - otherwise behavior is different |
158 # depending on whether m2crypto Python module is present (error is thrown | 159 # depending on whether m2crypto Python module is present (error is thrown |
159 # when it is). m2crypto uses a C (based on OpenSSL) implementation under | 160 # when it is). m2crypto uses a C (based on OpenSSL) implementation under |
160 # the hood. | 161 # the hood. |
161 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, | 162 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, |
162 private=True, | 163 private=True, |
163 implementations=['python']) | 164 implementations=['python']) |
164 self.ssl_client_auth = ssl_client_auth | 165 self.ssl_client_auth = ssl_client_auth |
165 self.ssl_client_cas = [] | 166 self.ssl_client_cas = [] |
166 if tls_intolerant == 0: | 167 if tls_intolerant == 0: |
167 self.tls_intolerant = None | 168 self.tls_intolerant = None |
168 else: | 169 else: |
169 self.tls_intolerant = (3, tls_intolerant) | 170 self.tls_intolerant = (3, tls_intolerant) |
170 self.signed_cert_timestamps = signed_cert_timestamps | 171 self.signed_cert_timestamps = signed_cert_timestamps |
171 self.fallback_scsv_enabled = fallback_scsv_enabled | 172 self.fallback_scsv_enabled = fallback_scsv_enabled |
172 self.ocsp_response = ocsp_response | 173 self.ocsp_response = ocsp_response |
173 | 174 |
174 for ca_file in ssl_client_cas: | 175 for ca_file in ssl_client_cas: |
175 s = open(ca_file).read() | 176 s = open(ca_file).read() |
176 x509 = tlslite.api.X509() | 177 x509 = tlslite.api.X509() |
177 x509.parse(s) | 178 x509.parse(s) |
178 self.ssl_client_cas.append(x509.subject) | 179 self.ssl_client_cas.append(x509.subject) |
179 self.ssl_handshake_settings = tlslite.api.HandshakeSettings() | 180 self.ssl_handshake_settings = tlslite.api.HandshakeSettings() |
180 if ssl_bulk_ciphers is not None: | 181 if ssl_bulk_ciphers is not None: |
181 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers | 182 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers |
183 if ssl_key_exchanges is not None: | |
184 self.ssl_handshake_settings.keyExchangeNames = ssl_key_exchanges | |
182 | 185 |
183 if record_resume_info: | 186 if record_resume_info: |
184 # If record_resume_info is true then we'll replace the session cache with | 187 # If record_resume_info is true then we'll replace the session cache with |
185 # an object that records the lookups and inserts that it sees. | 188 # an object that records the lookups and inserts that it sees. |
186 self.session_cache = RecordingSSLSessionCache() | 189 self.session_cache = RecordingSSLSessionCache() |
187 else: | 190 else: |
188 self.session_cache = tlslite.api.SessionCache() | 191 self.session_cache = tlslite.api.SessionCache() |
189 testserver_base.StoppableHTTPServer.__init__(self, | 192 testserver_base.StoppableHTTPServer.__init__(self, |
190 server_address, | 193 server_address, |
191 request_hander_class) | 194 request_hander_class) |
(...skipping 1780 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1972 ' exiting...') | 1975 ' exiting...') |
1973 | 1976 |
1974 stapled_ocsp_response = None | 1977 stapled_ocsp_response = None |
1975 if self.__ocsp_server and self.options.staple_ocsp_response: | 1978 if self.__ocsp_server and self.options.staple_ocsp_response: |
1976 stapled_ocsp_response = self.__ocsp_server.ocsp_response | 1979 stapled_ocsp_response = self.__ocsp_server.ocsp_response |
1977 | 1980 |
1978 server = HTTPSServer((host, port), TestPageHandler, pem_cert_and_key, | 1981 server = HTTPSServer((host, port), TestPageHandler, pem_cert_and_key, |
1979 self.options.ssl_client_auth, | 1982 self.options.ssl_client_auth, |
1980 self.options.ssl_client_ca, | 1983 self.options.ssl_client_ca, |
1981 self.options.ssl_bulk_cipher, | 1984 self.options.ssl_bulk_cipher, |
1985 self.options.ssl_key_exchange, | |
1982 self.options.record_resume, | 1986 self.options.record_resume, |
1983 self.options.tls_intolerant, | 1987 self.options.tls_intolerant, |
1984 self.options.signed_cert_timestamps_tls_ext.decode( | 1988 self.options.signed_cert_timestamps_tls_ext.decode( |
1985 "base64"), | 1989 "base64"), |
1986 self.options.fallback_scsv, | 1990 self.options.fallback_scsv, |
1987 stapled_ocsp_response) | 1991 stapled_ocsp_response) |
1988 print 'HTTPS server started on %s:%d...' % (host, server.server_port) | 1992 print 'HTTPS server started on %s:%d...' % (host, server.server_port) |
1989 else: | 1993 else: |
1990 server = HTTPServer((host, port), TestPageHandler) | 1994 server = HTTPServer((host, port), TestPageHandler) |
1991 print 'HTTP server started on %s:%d...' % (host, server.server_port) | 1995 print 'HTTP server started on %s:%d...' % (host, server.server_port) |
(...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2160 'times, indicating multiple CA names should ' | 2164 'times, indicating multiple CA names should ' |
2161 'be sent in the request.') | 2165 'be sent in the request.') |
2162 self.option_parser.add_option('--ssl-bulk-cipher', action='append', | 2166 self.option_parser.add_option('--ssl-bulk-cipher', action='append', |
2163 help='Specify the bulk encryption ' | 2167 help='Specify the bulk encryption ' |
2164 'algorithm(s) that will be accepted by the ' | 2168 'algorithm(s) that will be accepted by the ' |
2165 'SSL server. Valid values are "aes256", ' | 2169 'SSL server. Valid values are "aes256", ' |
2166 '"aes128", "3des", "rc4". If omitted, all ' | 2170 '"aes128", "3des", "rc4". If omitted, all ' |
2167 'algorithms will be used. This option may ' | 2171 'algorithms will be used. This option may ' |
2168 'appear multiple times, indicating ' | 2172 'appear multiple times, indicating ' |
2169 'multiple algorithms should be enabled.'); | 2173 'multiple algorithms should be enabled.'); |
2174 self.option_parser.add_option('--ssl-key-exchange', action='append', | |
2175 help='Specify the key exchange algorithm(s)' | |
2176 'that will be accepted by the SSL server. ' | |
2177 'Valid values are "rsa", "dhe_rsa". If ' | |
wtc
2014/04/02 19:11:29
"srp_sha, "srp_sha_rsa", "dh_anon" are also suppor
davidben
2014/04/03 18:45:48
_serverGetClientHello only enables certain sets of
| |
2178 'omitted, all algorithms will be used. This ' | |
2179 'option may appear multiple times, ' | |
2180 'indicating multiple algorithms should be ' | |
2181 'enabled.'); | |
2170 self.option_parser.add_option('--file-root-url', default='/files/', | 2182 self.option_parser.add_option('--file-root-url', default='/files/', |
2171 help='Specify a root URL for files served.') | 2183 help='Specify a root URL for files served.') |
2172 | 2184 |
2173 | 2185 |
2174 if __name__ == '__main__': | 2186 if __name__ == '__main__': |
2175 sys.exit(ServerRunner().main()) | 2187 sys.exit(ServerRunner().main()) |
OLD | NEW |