OLD | NEW |
1 #!/usr/bin/env python | 1 #!/usr/bin/env python |
2 # Copyright 2013 The Chromium Authors. All rights reserved. | 2 # Copyright 2013 The Chromium Authors. All rights reserved. |
3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
5 | 5 |
6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for | 6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for |
7 testing Chrome. | 7 testing Chrome. |
8 | 8 |
9 It supports several test URLs, as specified by the handlers in TestPageHandler. | 9 It supports several test URLs, as specified by the handlers in TestPageHandler. |
10 By default, it listens on an ephemeral port and sends the port number back to | 10 By default, it listens on an ephemeral port and sends the port number back to |
(...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
150 testserver_base.BrokenPipeHandlerMixIn, | 150 testserver_base.BrokenPipeHandlerMixIn, |
151 testserver_base.StoppableHTTPServer): | 151 testserver_base.StoppableHTTPServer): |
152 """This is a specialization of StoppableHTTPServer that add https support and | 152 """This is a specialization of StoppableHTTPServer that add https support and |
153 client verification.""" | 153 client verification.""" |
154 | 154 |
155 def __init__(self, server_address, request_hander_class, pem_cert_and_key, | 155 def __init__(self, server_address, request_hander_class, pem_cert_and_key, |
156 ssl_client_auth, ssl_client_cas, ssl_client_cert_types, | 156 ssl_client_auth, ssl_client_cas, ssl_client_cert_types, |
157 ssl_bulk_ciphers, ssl_key_exchanges, enable_npn, | 157 ssl_bulk_ciphers, ssl_key_exchanges, enable_npn, |
158 record_resume_info, tls_intolerant, | 158 record_resume_info, tls_intolerant, |
159 tls_intolerance_type, signed_cert_timestamps, | 159 tls_intolerance_type, signed_cert_timestamps, |
160 fallback_scsv_enabled, ocsp_response): | 160 fallback_scsv_enabled, ocsp_response, |
| 161 alert_after_handshake): |
161 self.cert_chain = tlslite.api.X509CertChain() | 162 self.cert_chain = tlslite.api.X509CertChain() |
162 self.cert_chain.parsePemList(pem_cert_and_key) | 163 self.cert_chain.parsePemList(pem_cert_and_key) |
163 # Force using only python implementation - otherwise behavior is different | 164 # Force using only python implementation - otherwise behavior is different |
164 # depending on whether m2crypto Python module is present (error is thrown | 165 # depending on whether m2crypto Python module is present (error is thrown |
165 # when it is). m2crypto uses a C (based on OpenSSL) implementation under | 166 # when it is). m2crypto uses a C (based on OpenSSL) implementation under |
166 # the hood. | 167 # the hood. |
167 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, | 168 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, |
168 private=True, | 169 private=True, |
169 implementations=['python']) | 170 implementations=['python']) |
170 self.ssl_client_auth = ssl_client_auth | 171 self.ssl_client_auth = ssl_client_auth |
(...skipping 24 matching lines...) Expand all Loading... |
195 self.ssl_handshake_settings = tlslite.api.HandshakeSettings() | 196 self.ssl_handshake_settings = tlslite.api.HandshakeSettings() |
196 # Enable SSLv3 for testing purposes. | 197 # Enable SSLv3 for testing purposes. |
197 self.ssl_handshake_settings.minVersion = (3, 0) | 198 self.ssl_handshake_settings.minVersion = (3, 0) |
198 if ssl_bulk_ciphers is not None: | 199 if ssl_bulk_ciphers is not None: |
199 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers | 200 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers |
200 if ssl_key_exchanges is not None: | 201 if ssl_key_exchanges is not None: |
201 self.ssl_handshake_settings.keyExchangeNames = ssl_key_exchanges | 202 self.ssl_handshake_settings.keyExchangeNames = ssl_key_exchanges |
202 if tls_intolerant != 0: | 203 if tls_intolerant != 0: |
203 self.ssl_handshake_settings.tlsIntolerant = (3, tls_intolerant) | 204 self.ssl_handshake_settings.tlsIntolerant = (3, tls_intolerant) |
204 self.ssl_handshake_settings.tlsIntoleranceType = tls_intolerance_type | 205 self.ssl_handshake_settings.tlsIntoleranceType = tls_intolerance_type |
| 206 if alert_after_handshake: |
| 207 self.ssl_handshake_settings.alertAfterHandshake = True |
205 | 208 |
206 if record_resume_info: | 209 if record_resume_info: |
207 # If record_resume_info is true then we'll replace the session cache with | 210 # If record_resume_info is true then we'll replace the session cache with |
208 # an object that records the lookups and inserts that it sees. | 211 # an object that records the lookups and inserts that it sees. |
209 self.session_cache = RecordingSSLSessionCache() | 212 self.session_cache = RecordingSSLSessionCache() |
210 else: | 213 else: |
211 self.session_cache = tlslite.api.SessionCache() | 214 self.session_cache = tlslite.api.SessionCache() |
212 testserver_base.StoppableHTTPServer.__init__(self, | 215 testserver_base.StoppableHTTPServer.__init__(self, |
213 server_address, | 216 server_address, |
214 request_hander_class) | 217 request_hander_class) |
(...skipping 1823 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2038 self.options.ssl_client_cert_type, | 2041 self.options.ssl_client_cert_type, |
2039 self.options.ssl_bulk_cipher, | 2042 self.options.ssl_bulk_cipher, |
2040 self.options.ssl_key_exchange, | 2043 self.options.ssl_key_exchange, |
2041 self.options.enable_npn, | 2044 self.options.enable_npn, |
2042 self.options.record_resume, | 2045 self.options.record_resume, |
2043 self.options.tls_intolerant, | 2046 self.options.tls_intolerant, |
2044 self.options.tls_intolerance_type, | 2047 self.options.tls_intolerance_type, |
2045 self.options.signed_cert_timestamps_tls_ext.decode( | 2048 self.options.signed_cert_timestamps_tls_ext.decode( |
2046 "base64"), | 2049 "base64"), |
2047 self.options.fallback_scsv, | 2050 self.options.fallback_scsv, |
2048 stapled_ocsp_response) | 2051 stapled_ocsp_response, |
| 2052 self.options.alert_after_handshake) |
2049 print 'HTTPS server started on https://%s:%d...' % \ | 2053 print 'HTTPS server started on https://%s:%d...' % \ |
2050 (host, server.server_port) | 2054 (host, server.server_port) |
2051 else: | 2055 else: |
2052 server = HTTPServer((host, port), TestPageHandler) | 2056 server = HTTPServer((host, port), TestPageHandler) |
2053 print 'HTTP server started on http://%s:%d...' % \ | 2057 print 'HTTP server started on http://%s:%d...' % \ |
2054 (host, server.server_port) | 2058 (host, server.server_port) |
2055 | 2059 |
2056 server.data_dir = self.__make_data_dir() | 2060 server.data_dir = self.__make_data_dir() |
2057 server.file_root_url = self.options.file_root_url | 2061 server.file_root_url = self.options.file_root_url |
2058 server_data['port'] = server.server_port | 2062 server_data['port'] = server.server_port |
(...skipping 212 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2271 # TODO(ricea): Generalize this to support basic auth for HTTP too. | 2275 # TODO(ricea): Generalize this to support basic auth for HTTP too. |
2272 self.option_parser.add_option('--ws-basic-auth', action='store_true', | 2276 self.option_parser.add_option('--ws-basic-auth', action='store_true', |
2273 dest='ws_basic_auth', | 2277 dest='ws_basic_auth', |
2274 help='Enable basic-auth for WebSocket') | 2278 help='Enable basic-auth for WebSocket') |
2275 self.option_parser.add_option('--ocsp-server-unavailable', | 2279 self.option_parser.add_option('--ocsp-server-unavailable', |
2276 dest='ocsp_server_unavailable', | 2280 dest='ocsp_server_unavailable', |
2277 default=False, action='store_true', | 2281 default=False, action='store_true', |
2278 help='If set, the OCSP server will return ' | 2282 help='If set, the OCSP server will return ' |
2279 'a tryLater status rather than the actual ' | 2283 'a tryLater status rather than the actual ' |
2280 'OCSP response.') | 2284 'OCSP response.') |
| 2285 self.option_parser.add_option('--alert-after-handshake', |
| 2286 dest='alert_after_handshake', |
| 2287 default=False, action='store_true', |
| 2288 help='If set, the server will send a fatal ' |
| 2289 'alert immediately after the handshake.') |
2281 | 2290 |
2282 | 2291 |
2283 if __name__ == '__main__': | 2292 if __name__ == '__main__': |
2284 sys.exit(ServerRunner().main()) | 2293 sys.exit(ServerRunner().main()) |
OLD | NEW |