From bd599a8b678c97018c4037d5e2f366ac2ca12ca8 Mon Sep 17 00:00:00 2001 From: jMyles Date: Sat, 4 Nov 2017 11:56:57 -0700 Subject: [PATCH] First semblance of Twisted TLS upgrade. --- nkms/network/_temp_client.py | 33 +++++++++++++++++++++++++++++++++ nkms/network/generate_certs.py | 29 +++++++++++++++++++++++++++++ nkms/network/upgrade.py | 0 3 files changed, 62 insertions(+) create mode 100644 nkms/network/_temp_client.py create mode 100644 nkms/network/generate_certs.py create mode 100644 nkms/network/upgrade.py diff --git a/nkms/network/_temp_client.py b/nkms/network/_temp_client.py new file mode 100644 index 000000000..0f35e27c2 --- /dev/null +++ b/nkms/network/_temp_client.py @@ -0,0 +1,33 @@ +from twisted.python.filepath import FilePath +from twisted.internet.endpoints import SSL4ClientEndpoint +from twisted.internet.ssl import ( + PrivateCertificate, Certificate, optionsForClientTLS) +from twisted.internet.defer import Deferred, inlineCallbacks +from twisted.internet.task import react +from twisted.internet.protocol import Protocol, Factory + +from nkms.network import generate_certs + + +class SendAnyData(Protocol): + def connectionMade(self): + self.deferred = Deferred() + self.transport.write(b"HELLO\r\n") + def connectionLost(self, reason): + self.deferred.callback(None) + + +@inlineCallbacks +def main(reactor): + pem = generate_certs.and_generate() + caPem = FilePath(b"ca-private-cert.pem").getContent() + clientEndpoint = SSL4ClientEndpoint( + reactor, u"localhost", 4321, + optionsForClientTLS(u"the-authority", Certificate.loadPEM(caPem), + PrivateCertificate.loadPEM(pem)), + ) + proto = yield clientEndpoint.connect(Factory.forProtocol(SendAnyData)) + yield proto.deferred + +what_happened = react(main) +print(what_happened) \ No newline at end of file diff --git a/nkms/network/generate_certs.py b/nkms/network/generate_certs.py new file mode 100644 index 000000000..d7c1ac384 --- /dev/null +++ b/nkms/network/generate_certs.py @@ -0,0 +1,29 @@ +from twisted.python.filepath import FilePath +from twisted.internet.ssl import PrivateCertificate, KeyPair, DN + + +def getCAPrivateCert(): + privatePath = FilePath(b"ca-private-cert.pem") + if privatePath.exists(): + return PrivateCertificate.loadPEM(privatePath.getContent()) + else: + caKey = KeyPair.generate(size=4096) + caCert = caKey.selfSignedCert(1, CN="the-authority") + privatePath.setContent(caCert.dumpPEM()) + return caCert + + +def clientCertFor(name): + signingCert = getCAPrivateCert() + clientKey = KeyPair.generate(size=4096) + csr = clientKey.requestObject(DN(CN=name), "sha1") + clientCert = signingCert.signRequestObject( + csr, serialNumber=1, digestAlgorithm="sha1") + return PrivateCertificate.fromCertificateAndKeyPair(clientCert, clientKey) + + +def and_generate(): + name = "llamas" + pem = clientCertFor(name.encode("utf-8")).dumpPEM() + FilePath(name.encode("utf-8") + b".client.private.pem").setContent(pem) + return pem \ No newline at end of file diff --git a/nkms/network/upgrade.py b/nkms/network/upgrade.py new file mode 100644 index 000000000..e69de29bb