OLD | NEW |
1 # Copyright 2014 The Chromium Authors. All rights reserved. | 1 # Copyright 2014 The Chromium Authors. All rights reserved. |
2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
4 | 4 |
5 """An https server that forwards requests to another server. This allows a | 5 """An https server that forwards requests to another server. This allows a |
6 server that supports http only to be accessed over https. | 6 server that supports http only to be accessed over https. |
7 """ | 7 """ |
8 | 8 |
9 import BaseHTTPServer | 9 import BaseHTTPServer |
10 import minica | 10 import minica |
11 import re | 11 import re |
| 12 import socket |
12 import SocketServer | 13 import SocketServer |
13 import sys | 14 import sys |
14 import urllib2 | 15 import urllib2 |
15 import urlparse | 16 import urlparse |
16 import testserver_base | 17 import testserver_base |
17 import tlslite.api | 18 import tlslite.api |
18 | 19 |
19 | 20 |
20 class RedirectSuppressor(urllib2.HTTPErrorProcessor): | 21 class RedirectSuppressor(urllib2.HTTPErrorProcessor): |
21 """Prevents urllib2 from following http redirects. | 22 """Prevents urllib2 from following http redirects. |
(...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
154 server_data: Dictionary that holds information about the server. | 155 server_data: Dictionary that holds information about the server. |
155 Returns: | 156 Returns: |
156 The started server. | 157 The started server. |
157 """ | 158 """ |
158 # The server binds to |host:port| but the certificate is issued to | 159 # The server binds to |host:port| but the certificate is issued to |
159 # |ssl_host| instead. | 160 # |ssl_host| instead. |
160 port = self.options.port | 161 port = self.options.port |
161 host = self.options.host | 162 host = self.options.host |
162 ssl_host = self.options.ssl_host | 163 ssl_host = self.options.ssl_host |
163 | 164 |
| 165 # Allow |ssl_host| to be an IP address or a domain name, and ensure |
| 166 # it gets added as the appropriate subjectAltName of the generated |
| 167 # certificate. |
| 168 dns_sans = None |
| 169 ip_sans = None |
| 170 ip = None |
| 171 if ip is None: |
| 172 try: |
| 173 ip = socket.inet_pton(socket.AF_INET, ssl_host) |
| 174 ip_sans = [ip] |
| 175 except socket.error: |
| 176 pass |
| 177 if ip is None: |
| 178 try: |
| 179 ip = socket.inet_pton(socket.AF_INET6, ssl_host) |
| 180 ip_sans = [ip] |
| 181 except socket.error: |
| 182 pass |
| 183 if ip is None: |
| 184 dns_sans = [ssl_host] |
| 185 |
164 (pem_cert_and_key, ocsp_der) = minica.GenerateCertKeyAndOCSP( | 186 (pem_cert_and_key, ocsp_der) = minica.GenerateCertKeyAndOCSP( |
165 subject = self.options.ssl_host, | 187 subject = self.options.ssl_host, |
166 ocsp_url = None) | 188 ocsp_url = None, |
| 189 ip_sans = ip_sans, |
| 190 dns_sans = dns_sans) |
167 | 191 |
168 server = MultiThreadedHTTPSServer((host, port), | 192 server = MultiThreadedHTTPSServer((host, port), |
169 RequestForwarder, | 193 RequestForwarder, |
170 pem_cert_and_key) | 194 pem_cert_and_key) |
171 print 'HTTPS server started on %s:%d...' % (host, server.server_port) | 195 print 'HTTPS server started on %s:%d...' % (host, server.server_port) |
172 | 196 |
173 forward_target = urlparse.urlparse(self.options.forward_target) | 197 forward_target = urlparse.urlparse(self.options.forward_target) |
174 server.forward_scheme = forward_target[0] | 198 server.forward_scheme = forward_target[0] |
175 server.forward_netloc = forward_target[1] | 199 server.forward_netloc = forward_target[1] |
176 server.forward_path = forward_target[2].rstrip('/') | 200 server.forward_path = forward_target[2].rstrip('/') |
(...skipping 16 matching lines...) Expand all Loading... |
193 self.option_parser.add_option('--ocsp-produced', help='Ignored (provided ' | 217 self.option_parser.add_option('--ocsp-produced', help='Ignored (provided ' |
194 'for compatibility only).') | 218 'for compatibility only).') |
195 self.option_parser.add_option('--ssl-host', help='The host name that the ' | 219 self.option_parser.add_option('--ssl-host', help='The host name that the ' |
196 'certificate should be issued to.') | 220 'certificate should be issued to.') |
197 self.option_parser.add_option('--forward-target', help='The URL prefix to ' | 221 self.option_parser.add_option('--forward-target', help='The URL prefix to ' |
198 'which requests will be forwarded.') | 222 'which requests will be forwarded.') |
199 | 223 |
200 | 224 |
201 if __name__ == '__main__': | 225 if __name__ == '__main__': |
202 sys.exit(ServerRunner().main()) | 226 sys.exit(ServerRunner().main()) |
OLD | NEW |