mirror of https://github.com/nucypher/nucypher.git
First semblance of Twisted TLS upgrade.
jMyles
parent
2d321f230d
commit
bd599a8b67
|
|
@ -0,0 +1,33 @@
|
|||
from twisted.python.filepath import FilePath
|
||||
from twisted.internet.endpoints import SSL4ClientEndpoint
|
||||
from twisted.internet.ssl import (
|
||||
PrivateCertificate, Certificate, optionsForClientTLS)
|
||||
from twisted.internet.defer import Deferred, inlineCallbacks
|
||||
from twisted.internet.task import react
|
||||
from twisted.internet.protocol import Protocol, Factory
|
||||
|
||||
from nkms.network import generate_certs
|
||||
|
||||
|
||||
class SendAnyData(Protocol):
|
||||
def connectionMade(self):
|
||||
self.deferred = Deferred()
|
||||
self.transport.write(b"HELLO\r\n")
|
||||
def connectionLost(self, reason):
|
||||
self.deferred.callback(None)
|
||||
|
||||
|
||||
@inlineCallbacks
|
||||
def main(reactor):
|
||||
pem = generate_certs.and_generate()
|
||||
caPem = FilePath(b"ca-private-cert.pem").getContent()
|
||||
clientEndpoint = SSL4ClientEndpoint(
|
||||
reactor, u"localhost", 4321,
|
||||
optionsForClientTLS(u"the-authority", Certificate.loadPEM(caPem),
|
||||
PrivateCertificate.loadPEM(pem)),
|
||||
)
|
||||
proto = yield clientEndpoint.connect(Factory.forProtocol(SendAnyData))
|
||||
yield proto.deferred
|
||||
|
||||
what_happened = react(main)
|
||||
print(what_happened)
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
from twisted.python.filepath import FilePath
|
||||
from twisted.internet.ssl import PrivateCertificate, KeyPair, DN
|
||||
|
||||
|
||||
def getCAPrivateCert():
|
||||
privatePath = FilePath(b"ca-private-cert.pem")
|
||||
if privatePath.exists():
|
||||
return PrivateCertificate.loadPEM(privatePath.getContent())
|
||||
else:
|
||||
caKey = KeyPair.generate(size=4096)
|
||||
caCert = caKey.selfSignedCert(1, CN="the-authority")
|
||||
privatePath.setContent(caCert.dumpPEM())
|
||||
return caCert
|
||||
|
||||
|
||||
def clientCertFor(name):
|
||||
signingCert = getCAPrivateCert()
|
||||
clientKey = KeyPair.generate(size=4096)
|
||||
csr = clientKey.requestObject(DN(CN=name), "sha1")
|
||||
clientCert = signingCert.signRequestObject(
|
||||
csr, serialNumber=1, digestAlgorithm="sha1")
|
||||
return PrivateCertificate.fromCertificateAndKeyPair(clientCert, clientKey)
|
||||
|
||||
|
||||
def and_generate():
|
||||
name = "llamas"
|
||||
pem = clientCertFor(name.encode("utf-8")).dumpPEM()
|
||||
FilePath(name.encode("utf-8") + b".client.private.pem").setContent(pem)
|
||||
return pem
|
||||
Loading…
Reference in New Issue