b:@sddlmZddlZddlZddlZddlZddlZddlZddlZy.ddl Z ddl Tddl Tddl TWnFe k rddlmZ ddlTddlTddlmZYnXedkrdddlTddlmZmZmZmZmZdd lmZdd lmZdd lm Z ydd l!m"Z"Wne k rwYnXdd dZ#ddZ$gddZ%ddZ&ddZ'ddZ(ddZ)edkre*ej+dkre#dnej+ddde*ej+dkrDe(ej+ddnYej+ddde*ej+dkre)ej+ddne#d ej+ddS)!)print_functionN)*)client)SimpleHTTPRequestHandler__main__z4This must be run as a command, not used as a module!) CipherSuite HashAlgorithmSignatureAlgorithm GroupNameSignatureScheme) __version__)b2a_hex)is_valid_hostname)TackcCs|rtd|tdtdttdtdttdtdtrktdn tdtrtdn td trtd n td trtd n td tdtdtjddS)Nz ERROR: %sz Version: %szRNG: %szModules:z tackpy : Loadedz tackpy : Not Loadedz M2Crypto : Loadedz M2Crypto : Not Loadedz pycrypto : Loadedz pycrypto : Not Loadedz GMPY : Loadedz GMPY : Not Loadeda8Commands: server [-k KEY] [-c CERT] [-t TACK] [-v VERIFIERDB] [-d DIR] [-l LABEL] [-L LENGTH] [--reqcert] [--param DHFILE] HOST:PORT client [-k KEY] [-c CERT] [-u USER] [-p PASS] [-l LABEL] [-L LENGTH] [-a ALPN] HOST:PORT LABEL - TLS exporter label LENGTH - amount of info to export using TLS exporter ALPN - name of protocol for ALPN negotiation, can be present multiple times in client to specify multiple protocols supported DHFILE - file that includes Diffie-Hellman parameters to be used with DHE key exchange ) printr ZprngName tackpyLoadedZm2cryptoLoadedZpycryptoLoadedZ gmpyLoadedsysexit)srG/tmp/pip-build-9lspz_kf/tlslite-ng/tlslite_ng-0.7.6.data/scripts/tls.py printUsage-s0             rcCs%tjjd|tjddS)zPrint error message and exitz ERROR: %s rNr)rstderrwriter)rrrr printError\srcCsdj|d}ytj|||\}}Wn2tjk rf}zt|WYdd}~XnXd}d}d}d} d} d} d} d} d}d}g}d}xE|D]=\}}|dkr#t|dj}tjddkrt|d}t |d d d d g}q|d krt|dj}tjddkrft|d}t }|j |t |g}q|dkr|}q|dkr|} q|dkrt rt|dj}tj|} q|dkrt|} | jq|dkr+|} q|dkr@d } q|dkrU|}q|dkrpt|}q|dkr|jt|dq|dkrt|dj}tjddkrt|d}t|}qdstqW|sd}|stdt|dkr/td|d}|jd}t|dkrftd|dt|df}|g}d|kr|j|d|kr|j|d |kr|j|d!|kr|j| d"|kr|j| d#|kr|j| d$|kr8|j| d%|krQ|j| d&|krj|j|d'|kr|j|d(|kr|j|d)|kr|j||S)*N:Fz-krbrzutf-8ZprivateTZimplementationspythonz-cz-uz-pz-trUz-vz-dz --reqcertz-lz-Lz-az--paramzMissing addressrzToo many argumentszMust specify :kcuptvdreqcertlLazparam=)joingetopt GetoptErrorropenreadr version_infostrZ parsePEMKeyZX509parseZ X509CertChainrrZcreateFromPemListZ VerifierDBintappend bytearrayZparseDHAssertionErrorlensplit SyntaxError)argvZ argStringZ flagsListZgetOptArgStringoptse privateKey certChainusernamepasswordtacks verifierDBreqCert directoryexpLabel expLengthalpndhparamoptargrx509addressZretListrrr handleArgsbs                                                  rRcCstd|td|jtd|j|jftdjtj|jj|jj rtd|jj |jj rtd|jj j n td|jj rtd|jj j |j dkr\|jdk r\tj|j}|dkrId jtj|jd tj|jd }td j||jdk rtdjtj|j|jdk rtdj|j|jjrtd|jj|jjr|jjrd}nd}td|tt|jj|jjrHtdj|jjjdtd|jtdj|jtdj|jdS)Nz Handshake time: %.3f secondsz Version: %sz Cipher: %s %sz Ciphersuite: {0}z Client SRP username: %sz# Client X.509 SHA1 fingerprint: %sz( No client certificate provided by peerz# Server X.509 SHA1 fingerprint: %sr!z{1}+{0}rrz Key exchange signature: {0}z" Group used for key exchange: {0}z DH group size: {0} bitsz SNI: %sz (via TLS Extension)z (via TACK Certificate)z TACK: %sz, Application Layer Protocol negotiated: {0}zutf-8z Next-Protocol Negotiated: %sz Encrypt-then-MAC: {0}z Extended Master Secret: {0})r!r!) rZgetVersionNameZ getCipherNameZgetCipherImplementationformatrZ ietfNamessessionZ cipherSuiteZ srpUsernameZclientCertChainZgetFingerprintZserverCertChainversionZ serverSigAlgr ZtoReprrZtoStrr Z ecdhCurver Z dhGroupSize serverNameZtackExtZtackInHelloExtr6ZappProtodecodeZ next_protoZencryptThenMACZextendedMasterSecret) connectionsecondsschemeZemptyStrrrrprintGoodConnectionsT              r[cCs|dkrdSt|d}|j||}t|j}tdj|tdj|tdj|dS)Nzutf-8z Exporter label: {0}z Exporter length: {0}z Keying material: {0})r:ZkeyingMaterialExporterr upperrrS)rXrJrKexprrr printExporters r^cCst|d\}}}}}}}}|r4| sA| rM|rMtd|rZ| sg| rs|rstd|r|rtd|dk r| rtdtjtjtj} | jd| j|t| } t } d| _ y{t j } |r8|r8| j ||d| d |d n&| j||d| d |d d |t j } td Wntk r}z:|jtjkrtt|ntjdWYdd}~Xntk rz}z|jtjkr|rtdq[nM|jtjkr9|r3tdq[n"|jtjkrXtdntjdWYdd}~XnXt| | | t| ||| jdS)NZkcuplLaz"Must specify CERT and KEY togetherzMust specify USER with PASSz-Can use SRP or client cert for auth, not bothzLabel must be non-emptyTsettingsrVrrLzHandshake successrzUnknown usernamezBad username or passwordz2Unable to negotiate mutually acceptable parametersrr)rRr> ValueErrorsocketAF_INET SOCK_STREAM settimeoutconnectZ TLSConnectionHandshakeSettingsuseExperimentalTackExtensiontimeclockZhandshakeClientSRPZhandshakeClientCertr TLSLocalAlert descriptionAlertDescription user_canceledr6rrTLSRemoteAlertunknown_psk_identitybad_record_machandshake_failurer[r^close)r?rQrBrCrDrErJrKrLsockrXr`startstopr/rrr clientCmdsZ'                 rwc st|dddg\ } }rC sP r\r\tdru rutdtd|d|df|rtj|td tjrrtd  rtd rtd rtd td dt|dr-|dG f dddtt t }||t }|j dS)NZkctbvdlLr,zparam=z"Must specify CERT and KEY togetherzMust specify CERT with Tacksz1I am an HTTPS test server, I will listen on %s:%drrzServing files from %sz$Using certificate and private key...zUsing verifier DB...zUsing Tacks...z!Asking for client certificates...c s@eZdZ f ddZdS)zserverCmd..MyHTTPServercstdd}rItdkr1d}ntdkrId}ytj}t}d|_|_|jddd d d |d d |ddgdtdgdd tj}Wnt k r(}z.|j t j krtt |dSWYdd}~Xntk r}z|j t jkrf r`tddSnO|j t jkr rtddSn#|j t jkrtddSWYdd}~XnXd|_t|||t|dS)NzAbout to handshake...rrr$r!TrCrBrGrFactivationFlags sessionCacher`Z nextProtosshttp/1.1rLrHsniFzUnknown usernamezBad username or passwordz2Unable to negotiate mutually acceptable parameters)rr<rirjrgrhZdhParamsZhandshakeServerr:rorlrmrnr6rkrprqrrZignoreAbruptCloser[r^)selfrXrxrur`rvr/) rCrMrJrKrBrHryrzrFrDrGrr handshakees`           z)serverCmd..MyHTTPServer.handshakeN)__name__ __module__ __qualname__r|r) rCrMrJrKrBrHryrzrFrDrGrr MyHTTPServerds r) rRr>roschdirgetcwdZ SessionCacherThreadingMixInZTLSSocketServerMixInZ HTTPServerr serve_forever)r?rQrIrZhttpdr) rCrMrJrKrBrHryrzrFrDrGr serverCmdCs6 -           @;rr$zMissing commandrrserverzUnknown command: %s), __future__rrros.pathrbrir1binasciihttplib SocketServerBaseHTTPServerSimpleHTTPServer ImportErrorhttpr socketserverZ http.serverrr}Z tlslite.apiZtlslite.constantsrrr r r Ztlsliter Ztlslite.utils.compatr Ztlslite.utils.dns_utilsrZtack.structures.TackrrrrRr[r^rwrr<r?rrrr sV               ( / m . < `  **