mirror of https://github.com/nucypher/nucypher.git
First semblance of Twisted TLS upgrade.
jMyles
parent
2d321f230d
commit
bd599a8b67
|
|
@ -0,0 +1,33 @@
|
||||||
|
from twisted.python.filepath import FilePath
|
||||||
|
from twisted.internet.endpoints import SSL4ClientEndpoint
|
||||||
|
from twisted.internet.ssl import (
|
||||||
|
PrivateCertificate, Certificate, optionsForClientTLS)
|
||||||
|
from twisted.internet.defer import Deferred, inlineCallbacks
|
||||||
|
from twisted.internet.task import react
|
||||||
|
from twisted.internet.protocol import Protocol, Factory
|
||||||
|
|
||||||
|
from nkms.network import generate_certs
|
||||||
|
|
||||||
|
|
||||||
|
class SendAnyData(Protocol):
|
||||||
|
def connectionMade(self):
|
||||||
|
self.deferred = Deferred()
|
||||||
|
self.transport.write(b"HELLO\r\n")
|
||||||
|
def connectionLost(self, reason):
|
||||||
|
self.deferred.callback(None)
|
||||||
|
|
||||||
|
|
||||||
|
@inlineCallbacks
|
||||||
|
def main(reactor):
|
||||||
|
pem = generate_certs.and_generate()
|
||||||
|
caPem = FilePath(b"ca-private-cert.pem").getContent()
|
||||||
|
clientEndpoint = SSL4ClientEndpoint(
|
||||||
|
reactor, u"localhost", 4321,
|
||||||
|
optionsForClientTLS(u"the-authority", Certificate.loadPEM(caPem),
|
||||||
|
PrivateCertificate.loadPEM(pem)),
|
||||||
|
)
|
||||||
|
proto = yield clientEndpoint.connect(Factory.forProtocol(SendAnyData))
|
||||||
|
yield proto.deferred
|
||||||
|
|
||||||
|
what_happened = react(main)
|
||||||
|
print(what_happened)
|
||||||
|
|
@ -0,0 +1,29 @@
|
||||||
|
from twisted.python.filepath import FilePath
|
||||||
|
from twisted.internet.ssl import PrivateCertificate, KeyPair, DN
|
||||||
|
|
||||||
|
|
||||||
|
def getCAPrivateCert():
|
||||||
|
privatePath = FilePath(b"ca-private-cert.pem")
|
||||||
|
if privatePath.exists():
|
||||||
|
return PrivateCertificate.loadPEM(privatePath.getContent())
|
||||||
|
else:
|
||||||
|
caKey = KeyPair.generate(size=4096)
|
||||||
|
caCert = caKey.selfSignedCert(1, CN="the-authority")
|
||||||
|
privatePath.setContent(caCert.dumpPEM())
|
||||||
|
return caCert
|
||||||
|
|
||||||
|
|
||||||
|
def clientCertFor(name):
|
||||||
|
signingCert = getCAPrivateCert()
|
||||||
|
clientKey = KeyPair.generate(size=4096)
|
||||||
|
csr = clientKey.requestObject(DN(CN=name), "sha1")
|
||||||
|
clientCert = signingCert.signRequestObject(
|
||||||
|
csr, serialNumber=1, digestAlgorithm="sha1")
|
||||||
|
return PrivateCertificate.fromCertificateAndKeyPair(clientCert, clientKey)
|
||||||
|
|
||||||
|
|
||||||
|
def and_generate():
|
||||||
|
name = "llamas"
|
||||||
|
pem = clientCertFor(name.encode("utf-8")).dumpPEM()
|
||||||
|
FilePath(name.encode("utf-8") + b".client.private.pem").setContent(pem)
|
||||||
|
return pem
|
||||||
Loading…
Reference in New Issue