commit
3d6dc0879b
|
@ -1,41 +0,0 @@
|
|||
from __future__ import (absolute_import, print_function, division)
|
||||
from cffi import FFI
|
||||
import OpenSSL
|
||||
|
||||
xffi = FFI()
|
||||
xffi.cdef("""
|
||||
struct rsa_meth_st {
|
||||
int flags;
|
||||
...;
|
||||
};
|
||||
struct rsa_st {
|
||||
int pad;
|
||||
long version;
|
||||
struct rsa_meth_st *meth;
|
||||
...;
|
||||
};
|
||||
""")
|
||||
xffi.verify(
|
||||
"""#include <openssl/rsa.h>""",
|
||||
extra_compile_args=['-w']
|
||||
)
|
||||
|
||||
|
||||
def handle(privkey):
|
||||
new = xffi.new("struct rsa_st*")
|
||||
newbuf = xffi.buffer(new)
|
||||
rsa = OpenSSL.SSL._lib.EVP_PKEY_get1_RSA(privkey._pkey)
|
||||
oldbuf = OpenSSL.SSL._ffi.buffer(rsa)
|
||||
newbuf[:] = oldbuf[:]
|
||||
return new
|
||||
|
||||
|
||||
def set_flags(privkey, val):
|
||||
hdl = handle(privkey)
|
||||
hdl.meth.flags = val
|
||||
return privkey
|
||||
|
||||
|
||||
def get_flags(privkey):
|
||||
hdl = handle(privkey)
|
||||
return hdl.meth.flags
|
|
@ -333,12 +333,6 @@ class CertStore(object):
|
|||
|
||||
return entry.cert, entry.privatekey, entry.chain_file
|
||||
|
||||
def gen_pkey(self, cert_):
|
||||
# FIXME: We should do something with cert here?
|
||||
from . import certffi
|
||||
certffi.set_flags(self.default_privatekey, 1)
|
||||
return self.default_privatekey
|
||||
|
||||
|
||||
class _GeneralName(univ.Choice):
|
||||
# We are only interested in dNSNames. We use a default handler to ignore
|
||||
|
|
33
setup.py
33
setup.py
|
@ -1,5 +1,3 @@
|
|||
from distutils.command.build import build
|
||||
from setuptools.command.install import install
|
||||
from setuptools import setup, find_packages
|
||||
from codecs import open
|
||||
import os
|
||||
|
@ -15,25 +13,6 @@ here = os.path.abspath(os.path.dirname(__file__))
|
|||
with open(os.path.join(here, 'README.mkd'), encoding='utf-8') as f:
|
||||
long_description = f.read()
|
||||
|
||||
|
||||
def get_ext_modules():
|
||||
from netlib import certffi
|
||||
return [certffi.xffi.verifier.get_extension()]
|
||||
|
||||
|
||||
class CFFIBuild(build):
|
||||
|
||||
def finalize_options(self):
|
||||
self.distribution.ext_modules = get_ext_modules()
|
||||
build.finalize_options(self)
|
||||
|
||||
|
||||
class CFFIInstall(install):
|
||||
|
||||
def finalize_options(self):
|
||||
self.distribution.ext_modules = get_ext_modules()
|
||||
install.finalize_options(self)
|
||||
|
||||
setup(
|
||||
name="netlib",
|
||||
version=version.VERSION,
|
||||
|
@ -62,16 +41,12 @@ setup(
|
|||
include_package_data=True,
|
||||
zip_safe=False,
|
||||
install_requires=[
|
||||
"cffi",
|
||||
"pyasn1>=0.1.7",
|
||||
"pyOpenSSL>=0.15.1",
|
||||
"cryptography>=0.9",
|
||||
"passlib>=1.6.2",
|
||||
"hpack>=1.0.1",
|
||||
"certifi"],
|
||||
setup_requires=[
|
||||
"cffi",
|
||||
"pyOpenSSL>=0.15.1",
|
||||
"certifi"
|
||||
],
|
||||
extras_require={
|
||||
'dev': [
|
||||
|
@ -84,9 +59,7 @@ setup(
|
|||
"wheel>=0.24.0",
|
||||
"pathod>=%s, <%s" %
|
||||
(version.MINORVERSION,
|
||||
version.NEXT_MINORVERSION)]},
|
||||
cmdclass={
|
||||
"build": CFFIBuild,
|
||||
"install": CFFIInstall,
|
||||
version.NEXT_MINORVERSION)
|
||||
]
|
||||
},
|
||||
)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
import os
|
||||
from netlib import certutils, certffi
|
||||
from netlib import certutils
|
||||
import tutils
|
||||
|
||||
# class TestDNTree:
|
||||
|
@ -92,24 +92,6 @@ class TestCertStore:
|
|||
ret = ca1.get_cert("foo.com", [])
|
||||
assert ret[0].serial == dc[0].serial
|
||||
|
||||
def test_gen_pkey(self):
|
||||
try:
|
||||
with tutils.tmpdir() as d:
|
||||
ca1 = certutils.CertStore.from_store(
|
||||
os.path.join(
|
||||
d,
|
||||
"ca1"),
|
||||
"test")
|
||||
ca2 = certutils.CertStore.from_store(
|
||||
os.path.join(
|
||||
d,
|
||||
"ca2"),
|
||||
"test")
|
||||
cert = ca1.get_cert("foo.com", [])
|
||||
assert certffi.get_flags(ca2.gen_pkey(cert[0])) == 1
|
||||
finally:
|
||||
certffi.set_flags(ca2.default_privatekey, 0)
|
||||
|
||||
|
||||
class TestDummyCert:
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ import mock
|
|||
from OpenSSL import SSL
|
||||
import OpenSSL
|
||||
|
||||
from netlib import tcp, certutils, certffi
|
||||
from netlib import tcp, certutils
|
||||
from . import tutils, tservers
|
||||
|
||||
|
||||
|
@ -566,42 +566,6 @@ class TestDHParams(tservers.ServerTestBase):
|
|||
assert os.path.exists(filename)
|
||||
|
||||
|
||||
class TestPrivkeyGen(tservers.ServerTestBase):
|
||||
|
||||
class handler(tcp.BaseHandler):
|
||||
|
||||
def handle(self):
|
||||
with tutils.tmpdir() as d:
|
||||
ca1 = certutils.CertStore.from_store(d, "test2")
|
||||
ca2 = certutils.CertStore.from_store(d, "test3")
|
||||
cert, _, _ = ca1.get_cert("foo.com", [])
|
||||
key = ca2.gen_pkey(cert)
|
||||
self.convert_to_ssl(cert, key)
|
||||
|
||||
def test_privkey(self):
|
||||
c = tcp.TCPClient(("127.0.0.1", self.port))
|
||||
c.connect()
|
||||
tutils.raises("bad record mac", c.convert_to_ssl)
|
||||
|
||||
|
||||
class TestPrivkeyGenNoFlags(tservers.ServerTestBase):
|
||||
|
||||
class handler(tcp.BaseHandler):
|
||||
|
||||
def handle(self):
|
||||
with tutils.tmpdir() as d:
|
||||
ca1 = certutils.CertStore.from_store(d, "test2")
|
||||
ca2 = certutils.CertStore.from_store(d, "test3")
|
||||
cert, _, _ = ca1.get_cert("foo.com", [])
|
||||
certffi.set_flags(ca2.default_privatekey, 0)
|
||||
self.convert_to_ssl(cert, ca2.default_privatekey)
|
||||
|
||||
def test_privkey(self):
|
||||
c = tcp.TCPClient(("127.0.0.1", self.port))
|
||||
c.connect()
|
||||
tutils.raises("sslv3 alert handshake failure", c.convert_to_ssl)
|
||||
|
||||
|
||||
class TestTCPClient:
|
||||
|
||||
def test_conerr(self):
|
||||
|
|
Loading…
Reference in New Issue