OLD | NEW |
1 #!/usr/bin/env python | 1 #!/usr/bin/env python |
2 # Copyright (c) 2012 The Chromium Authors. All rights reserved. | 2 # Copyright (c) 2012 The Chromium Authors. All rights reserved. |
3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
5 | 5 |
6 """This is a simple HTTP/FTP/SYNC/TCP/UDP/ server used for testing Chrome. | 6 """This is a simple HTTP/FTP/SYNC/TCP/UDP/ server used for testing Chrome. |
7 | 7 |
8 It supports several test URLs, as specified by the handlers in TestPageHandler. | 8 It supports several test URLs, as specified by the handlers in TestPageHandler. |
9 By default, it listens on an ephemeral port and sends the port number back to | 9 By default, it listens on an ephemeral port and sends the port number back to |
10 the originating process over a pipe. The originating process can specify an | 10 the originating process over a pipe. The originating process can specify an |
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
126 self.thread.join() | 126 self.thread.join() |
127 | 127 |
128 class HTTPSServer(tlslite.api.TLSSocketServerMixIn, | 128 class HTTPSServer(tlslite.api.TLSSocketServerMixIn, |
129 ClientRestrictingServerMixIn, | 129 ClientRestrictingServerMixIn, |
130 StoppableHTTPServer): | 130 StoppableHTTPServer): |
131 """This is a specialization of StoppableHTTPServer that add https support and | 131 """This is a specialization of StoppableHTTPServer that add https support and |
132 client verification.""" | 132 client verification.""" |
133 | 133 |
134 def __init__(self, server_address, request_hander_class, pem_cert_and_key, | 134 def __init__(self, server_address, request_hander_class, pem_cert_and_key, |
135 ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers, | 135 ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers, |
136 record_resume_info): | 136 record_resume_info, tls_intolerant): |
137 self.cert_chain = tlslite.api.X509CertChain().parseChain(pem_cert_and_key) | 137 self.cert_chain = tlslite.api.X509CertChain().parseChain(pem_cert_and_key) |
138 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, private=True) | 138 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, private=True) |
139 self.ssl_client_auth = ssl_client_auth | 139 self.ssl_client_auth = ssl_client_auth |
140 self.ssl_client_cas = [] | 140 self.ssl_client_cas = [] |
| 141 self.tls_intolerant = tls_intolerant |
| 142 |
141 for ca_file in ssl_client_cas: | 143 for ca_file in ssl_client_cas: |
142 s = open(ca_file).read() | 144 s = open(ca_file).read() |
143 x509 = tlslite.api.X509() | 145 x509 = tlslite.api.X509() |
144 x509.parse(s) | 146 x509.parse(s) |
145 self.ssl_client_cas.append(x509.subject) | 147 self.ssl_client_cas.append(x509.subject) |
146 self.ssl_handshake_settings = tlslite.api.HandshakeSettings() | 148 self.ssl_handshake_settings = tlslite.api.HandshakeSettings() |
147 if ssl_bulk_ciphers is not None: | 149 if ssl_bulk_ciphers is not None: |
148 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers | 150 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers |
149 | 151 |
150 if record_resume_info: | 152 if record_resume_info: |
151 # If record_resume_info is true then we'll replace the session cache with | 153 # If record_resume_info is true then we'll replace the session cache with |
152 # an object that records the lookups and inserts that it sees. | 154 # an object that records the lookups and inserts that it sees. |
153 self.session_cache = RecordingSSLSessionCache() | 155 self.session_cache = RecordingSSLSessionCache() |
154 else: | 156 else: |
155 self.session_cache = tlslite.api.SessionCache() | 157 self.session_cache = tlslite.api.SessionCache() |
156 StoppableHTTPServer.__init__(self, server_address, request_hander_class) | 158 StoppableHTTPServer.__init__(self, server_address, request_hander_class) |
157 | 159 |
158 def handshake(self, tlsConnection): | 160 def handshake(self, tlsConnection): |
159 """Creates the SSL connection.""" | 161 """Creates the SSL connection.""" |
160 try: | 162 try: |
161 tlsConnection.handshakeServer(certChain=self.cert_chain, | 163 tlsConnection.handshakeServer(certChain=self.cert_chain, |
162 privateKey=self.private_key, | 164 privateKey=self.private_key, |
163 sessionCache=self.session_cache, | 165 sessionCache=self.session_cache, |
164 reqCert=self.ssl_client_auth, | 166 reqCert=self.ssl_client_auth, |
165 settings=self.ssl_handshake_settings, | 167 settings=self.ssl_handshake_settings, |
166 reqCAs=self.ssl_client_cas) | 168 reqCAs=self.ssl_client_cas, |
| 169 tlsIntolerant=self.tls_intolerant) |
167 tlsConnection.ignoreAbruptClose = True | 170 tlsConnection.ignoreAbruptClose = True |
168 return True | 171 return True |
169 except tlslite.api.TLSAbruptCloseError: | 172 except tlslite.api.TLSAbruptCloseError: |
170 # Ignore abrupt close. | 173 # Ignore abrupt close. |
171 return True | 174 return True |
172 except tlslite.api.TLSError, error: | 175 except tlslite.api.TLSError, error: |
173 print "Handshake failure:", str(error) | 176 print "Handshake failure:", str(error) |
174 return False | 177 return False |
175 | 178 |
176 | 179 |
(...skipping 1861 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2038 | 2041 |
2039 ocsp_server.ocsp_response = ocsp_der | 2042 ocsp_server.ocsp_response = ocsp_der |
2040 | 2043 |
2041 for ca_cert in options.ssl_client_ca: | 2044 for ca_cert in options.ssl_client_ca: |
2042 if not os.path.isfile(ca_cert): | 2045 if not os.path.isfile(ca_cert): |
2043 print 'specified trusted client CA file not found: ' + ca_cert + \ | 2046 print 'specified trusted client CA file not found: ' + ca_cert + \ |
2044 ' exiting...' | 2047 ' exiting...' |
2045 return | 2048 return |
2046 server = HTTPSServer((host, port), TestPageHandler, pem_cert_and_key, | 2049 server = HTTPSServer((host, port), TestPageHandler, pem_cert_and_key, |
2047 options.ssl_client_auth, options.ssl_client_ca, | 2050 options.ssl_client_auth, options.ssl_client_ca, |
2048 options.ssl_bulk_cipher, options.record_resume) | 2051 options.ssl_bulk_cipher, options.record_resume, |
| 2052 options.tls_intolerant) |
2049 print 'HTTPS server started on %s:%d...' % (host, server.server_port) | 2053 print 'HTTPS server started on %s:%d...' % (host, server.server_port) |
2050 else: | 2054 else: |
2051 server = HTTPServer((host, port), TestPageHandler) | 2055 server = HTTPServer((host, port), TestPageHandler) |
2052 print 'HTTP server started on %s:%d...' % (host, server.server_port) | 2056 print 'HTTP server started on %s:%d...' % (host, server.server_port) |
2053 | 2057 |
2054 server.data_dir = MakeDataDir() | 2058 server.data_dir = MakeDataDir() |
2055 server.file_root_url = options.file_root_url | 2059 server.file_root_url = options.file_root_url |
2056 server_data['port'] = server.server_port | 2060 server_data['port'] = server.server_port |
2057 server._device_management_handler = None | 2061 server._device_management_handler = None |
2058 server.policy_keys = options.policy_keys | 2062 server.policy_keys = options.policy_keys |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2165 option_parser.add_option('', '--https', action='store_true', dest='https', | 2169 option_parser.add_option('', '--https', action='store_true', dest='https', |
2166 help='Specify that https should be used.') | 2170 help='Specify that https should be used.') |
2167 option_parser.add_option('', '--cert-and-key-file', dest='cert_and_key_file', | 2171 option_parser.add_option('', '--cert-and-key-file', dest='cert_and_key_file', |
2168 help='specify the path to the file containing the ' | 2172 help='specify the path to the file containing the ' |
2169 'certificate and private key for the server in PEM ' | 2173 'certificate and private key for the server in PEM ' |
2170 'format') | 2174 'format') |
2171 option_parser.add_option('', '--ocsp', dest='ocsp', default='ok', | 2175 option_parser.add_option('', '--ocsp', dest='ocsp', default='ok', |
2172 help='The type of OCSP response generated for the ' | 2176 help='The type of OCSP response generated for the ' |
2173 'automatically generated certificate. One of ' | 2177 'automatically generated certificate. One of ' |
2174 '[ok,revoked,invalid]') | 2178 '[ok,revoked,invalid]') |
| 2179 option_parser.add_option('', '--tls-intolerant', dest='tls_intolerant', |
| 2180 const=True, default=False, action='store_const', |
| 2181 help='If true, TLS connections will be abruptly ' |
| 2182 'closed in order to test SSLv3 fallback.') |
2175 option_parser.add_option('', '--https-record-resume', dest='record_resume', | 2183 option_parser.add_option('', '--https-record-resume', dest='record_resume', |
2176 const=True, default=False, action='store_const', | 2184 const=True, default=False, action='store_const', |
2177 help='Record resumption cache events rather than' | 2185 help='Record resumption cache events rather than' |
2178 ' resuming as normal. Allows the use of the' | 2186 ' resuming as normal. Allows the use of the' |
2179 ' /ssl-session-cache request') | 2187 ' /ssl-session-cache request') |
2180 option_parser.add_option('', '--ssl-client-auth', action='store_true', | 2188 option_parser.add_option('', '--ssl-client-auth', action='store_true', |
2181 help='Require SSL client auth on every connection.') | 2189 help='Require SSL client auth on every connection.') |
2182 option_parser.add_option('', '--ssl-client-ca', action='append', default=[], | 2190 option_parser.add_option('', '--ssl-client-ca', action='append', default=[], |
2183 help='Specify that the client certificate request ' | 2191 help='Specify that the client certificate request ' |
2184 'should include the CA named in the subject of ' | 2192 'should include the CA named in the subject of ' |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2217 dest='host', | 2225 dest='host', |
2218 help='Hostname or IP upon which the server will ' | 2226 help='Hostname or IP upon which the server will ' |
2219 'listen. Client connections will also only be ' | 2227 'listen. Client connections will also only be ' |
2220 'allowed from this address.') | 2228 'allowed from this address.') |
2221 option_parser.add_option('', '--auth-token', dest='auth_token', | 2229 option_parser.add_option('', '--auth-token', dest='auth_token', |
2222 help='Specify the auth token which should be used' | 2230 help='Specify the auth token which should be used' |
2223 'in the authorization header for GData.') | 2231 'in the authorization header for GData.') |
2224 options, args = option_parser.parse_args() | 2232 options, args = option_parser.parse_args() |
2225 | 2233 |
2226 sys.exit(main(options, args)) | 2234 sys.exit(main(options, args)) |
OLD | NEW |