OLD | NEW |
---|---|
1 #!/usr/bin/env python | 1 #!/usr/bin/env python |
2 # Copyright 2013 The Chromium Authors. All rights reserved. | 2 # Copyright 2013 The Chromium Authors. All rights reserved. |
3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
5 | 5 |
6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for | 6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for |
7 testing Chrome. | 7 testing Chrome. |
8 | 8 |
9 It supports several test URLs, as specified by the handlers in TestPageHandler. | 9 It supports several test URLs, as specified by the handlers in TestPageHandler. |
10 By default, it listens on an ephemeral port and sends the port number back to | 10 By default, it listens on an ephemeral port and sends the port number back to |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
121 | 121 |
122 class HTTPSServer(tlslite.api.TLSSocketServerMixIn, | 122 class HTTPSServer(tlslite.api.TLSSocketServerMixIn, |
123 testserver_base.ClientRestrictingServerMixIn, | 123 testserver_base.ClientRestrictingServerMixIn, |
124 testserver_base.BrokenPipeHandlerMixIn, | 124 testserver_base.BrokenPipeHandlerMixIn, |
125 testserver_base.StoppableHTTPServer): | 125 testserver_base.StoppableHTTPServer): |
126 """This is a specialization of StoppableHTTPServer that add https support and | 126 """This is a specialization of StoppableHTTPServer that add https support and |
127 client verification.""" | 127 client verification.""" |
128 | 128 |
129 def __init__(self, server_address, request_hander_class, pem_cert_and_key, | 129 def __init__(self, server_address, request_hander_class, pem_cert_and_key, |
130 ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers, | 130 ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers, |
131 record_resume_info, tls_intolerant): | 131 record_resume_info, tls_intolerant, signed_cert_timestamps): |
132 self.cert_chain = tlslite.api.X509CertChain().parseChain(pem_cert_and_key) | 132 self.cert_chain = tlslite.api.X509CertChain().parseChain(pem_cert_and_key) |
133 # Force using only python implementation - otherwise behavior is different | 133 # Force using only python implementation - otherwise behavior is different |
134 # depending on whether m2crypto Python module is present (error is thrown | 134 # depending on whether m2crypto Python module is present (error is thrown |
135 # when it is). m2crypto uses a C (based on OpenSSL) implementation under | 135 # when it is). m2crypto uses a C (based on OpenSSL) implementation under |
136 # the hood. | 136 # the hood. |
137 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, | 137 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, |
138 private=True, | 138 private=True, |
139 implementations=['python']) | 139 implementations=['python']) |
140 self.ssl_client_auth = ssl_client_auth | 140 self.ssl_client_auth = ssl_client_auth |
141 self.ssl_client_cas = [] | 141 self.ssl_client_cas = [] |
142 self.tls_intolerant = tls_intolerant | 142 self.tls_intolerant = tls_intolerant |
143 self.signed_cert_timestamps = signed_cert_timestamps | |
143 | 144 |
144 for ca_file in ssl_client_cas: | 145 for ca_file in ssl_client_cas: |
145 s = open(ca_file).read() | 146 s = open(ca_file).read() |
146 x509 = tlslite.api.X509() | 147 x509 = tlslite.api.X509() |
147 x509.parse(s) | 148 x509.parse(s) |
148 self.ssl_client_cas.append(x509.subject) | 149 self.ssl_client_cas.append(x509.subject) |
149 self.ssl_handshake_settings = tlslite.api.HandshakeSettings() | 150 self.ssl_handshake_settings = tlslite.api.HandshakeSettings() |
150 if ssl_bulk_ciphers is not None: | 151 if ssl_bulk_ciphers is not None: |
151 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers | 152 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers |
152 | 153 |
(...skipping 11 matching lines...) Expand all Loading... | |
164 """Creates the SSL connection.""" | 165 """Creates the SSL connection.""" |
165 | 166 |
166 try: | 167 try: |
167 self.tlsConnection = tlsConnection | 168 self.tlsConnection = tlsConnection |
168 tlsConnection.handshakeServer(certChain=self.cert_chain, | 169 tlsConnection.handshakeServer(certChain=self.cert_chain, |
169 privateKey=self.private_key, | 170 privateKey=self.private_key, |
170 sessionCache=self.session_cache, | 171 sessionCache=self.session_cache, |
171 reqCert=self.ssl_client_auth, | 172 reqCert=self.ssl_client_auth, |
172 settings=self.ssl_handshake_settings, | 173 settings=self.ssl_handshake_settings, |
173 reqCAs=self.ssl_client_cas, | 174 reqCAs=self.ssl_client_cas, |
174 tlsIntolerant=self.tls_intolerant) | 175 tlsIntolerant=self.tls_intolerant, |
176 signedCertTimestamps= | |
177 self.signed_cert_timestamps) | |
175 tlsConnection.ignoreAbruptClose = True | 178 tlsConnection.ignoreAbruptClose = True |
176 return True | 179 return True |
177 except tlslite.api.TLSAbruptCloseError: | 180 except tlslite.api.TLSAbruptCloseError: |
178 # Ignore abrupt close. | 181 # Ignore abrupt close. |
179 return True | 182 return True |
180 except tlslite.api.TLSError, error: | 183 except tlslite.api.TLSError, error: |
181 print "Handshake failure:", str(error) | 184 print "Handshake failure:", str(error) |
182 return False | 185 return False |
183 | 186 |
184 | 187 |
(...skipping 1741 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1926 for ca_cert in self.options.ssl_client_ca: | 1929 for ca_cert in self.options.ssl_client_ca: |
1927 if not os.path.isfile(ca_cert): | 1930 if not os.path.isfile(ca_cert): |
1928 raise testserver_base.OptionError( | 1931 raise testserver_base.OptionError( |
1929 'specified trusted client CA file not found: ' + ca_cert + | 1932 'specified trusted client CA file not found: ' + ca_cert + |
1930 ' exiting...') | 1933 ' exiting...') |
1931 server = HTTPSServer((host, port), TestPageHandler, pem_cert_and_key, | 1934 server = HTTPSServer((host, port), TestPageHandler, pem_cert_and_key, |
1932 self.options.ssl_client_auth, | 1935 self.options.ssl_client_auth, |
1933 self.options.ssl_client_ca, | 1936 self.options.ssl_client_ca, |
1934 self.options.ssl_bulk_cipher, | 1937 self.options.ssl_bulk_cipher, |
1935 self.options.record_resume, | 1938 self.options.record_resume, |
1936 self.options.tls_intolerant) | 1939 self.options.tls_intolerant, |
1940 self.options.signed_cert_timestamps) | |
1937 print 'HTTPS server started on %s:%d...' % (host, server.server_port) | 1941 print 'HTTPS server started on %s:%d...' % (host, server.server_port) |
1938 else: | 1942 else: |
1939 server = HTTPServer((host, port), TestPageHandler) | 1943 server = HTTPServer((host, port), TestPageHandler) |
1940 print 'HTTP server started on %s:%d...' % (host, server.server_port) | 1944 print 'HTTP server started on %s:%d...' % (host, server.server_port) |
1941 | 1945 |
1942 server.data_dir = self.__make_data_dir() | 1946 server.data_dir = self.__make_data_dir() |
1943 server.file_root_url = self.options.file_root_url | 1947 server.file_root_url = self.options.file_root_url |
1944 server_data['port'] = server.server_port | 1948 server_data['port'] = server.server_port |
1945 elif self.options.server_type == SERVER_WEBSOCKET: | 1949 elif self.options.server_type == SERVER_WEBSOCKET: |
1946 # Launch pywebsocket via WebSocketServer. | 1950 # Launch pywebsocket via WebSocketServer. |
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2064 help='If non-zero then the generated ' | 2068 help='If non-zero then the generated ' |
2065 'certificate will have this serial number') | 2069 'certificate will have this serial number') |
2066 self.option_parser.add_option('--tls-intolerant', dest='tls_intolerant', | 2070 self.option_parser.add_option('--tls-intolerant', dest='tls_intolerant', |
2067 default='0', type='int', | 2071 default='0', type='int', |
2068 help='If nonzero, certain TLS connections ' | 2072 help='If nonzero, certain TLS connections ' |
2069 'will be aborted in order to test version ' | 2073 'will be aborted in order to test version ' |
2070 'fallback. 1 means all TLS versions will be ' | 2074 'fallback. 1 means all TLS versions will be ' |
2071 'aborted. 2 means TLS 1.1 or higher will be ' | 2075 'aborted. 2 means TLS 1.1 or higher will be ' |
2072 'aborted. 3 means TLS 1.2 or higher will be ' | 2076 'aborted. 3 means TLS 1.2 or higher will be ' |
2073 'aborted.') | 2077 'aborted.') |
2078 self.option_parser.add_option('--signed-cert-timestamps', | |
2079 dest='signed_cert_timestamps', | |
2080 default='', | |
wtc
2013/11/26 17:32:55
I assume the option's value is a string. What is t
ekasper
2013/11/26 19:33:54
I've made them base64-encoded.
| |
2081 help='If set, server will respond with a ' | |
2082 'signed_certificate_timestamp TLS extension ' | |
2083 'whenever the client supports it.') | |
2074 self.option_parser.add_option('--https-record-resume', | 2084 self.option_parser.add_option('--https-record-resume', |
2075 dest='record_resume', const=True, | 2085 dest='record_resume', const=True, |
2076 default=False, action='store_const', | 2086 default=False, action='store_const', |
2077 help='Record resumption cache events rather ' | 2087 help='Record resumption cache events rather ' |
2078 'than resuming as normal. Allows the use of ' | 2088 'than resuming as normal. Allows the use of ' |
2079 'the /ssl-session-cache request') | 2089 'the /ssl-session-cache request') |
2080 self.option_parser.add_option('--ssl-client-auth', action='store_true', | 2090 self.option_parser.add_option('--ssl-client-auth', action='store_true', |
2081 help='Require SSL client auth on every ' | 2091 help='Require SSL client auth on every ' |
2082 'connection.') | 2092 'connection.') |
2083 self.option_parser.add_option('--ssl-client-ca', action='append', | 2093 self.option_parser.add_option('--ssl-client-ca', action='append', |
(...skipping 11 matching lines...) Expand all Loading... | |
2095 '"aes128", "3des", "rc4". If omitted, all ' | 2105 '"aes128", "3des", "rc4". If omitted, all ' |
2096 'algorithms will be used. This option may ' | 2106 'algorithms will be used. This option may ' |
2097 'appear multiple times, indicating ' | 2107 'appear multiple times, indicating ' |
2098 'multiple algorithms should be enabled.'); | 2108 'multiple algorithms should be enabled.'); |
2099 self.option_parser.add_option('--file-root-url', default='/files/', | 2109 self.option_parser.add_option('--file-root-url', default='/files/', |
2100 help='Specify a root URL for files served.') | 2110 help='Specify a root URL for files served.') |
2101 | 2111 |
2102 | 2112 |
2103 if __name__ == '__main__': | 2113 if __name__ == '__main__': |
2104 sys.exit(ServerRunner().main()) | 2114 sys.exit(ServerRunner().main()) |
OLD | NEW |