Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

_newtls.py 8.9KB

1 year ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255
  1. # -*- test-case-name: twisted.test.test_ssl -*-
  2. # Copyright (c) Twisted Matrix Laboratories.
  3. # See LICENSE for details.
  4. """
  5. This module implements memory BIO based TLS support. It is the preferred
  6. implementation and will be used whenever pyOpenSSL 0.10 or newer is installed
  7. (whenever L{twisted.protocols.tls} is importable).
  8. @since: 11.1
  9. """
  10. from zope.interface import directlyProvides
  11. from twisted.internet.abstract import FileDescriptor
  12. from twisted.internet.interfaces import ISSLTransport
  13. from twisted.protocols.tls import TLSMemoryBIOFactory, TLSMemoryBIOProtocol
  14. class _BypassTLS:
  15. """
  16. L{_BypassTLS} is used as the transport object for the TLS protocol object
  17. used to implement C{startTLS}. Its methods skip any TLS logic which
  18. C{startTLS} enables.
  19. @ivar _base: A transport class L{_BypassTLS} has been mixed in with to which
  20. methods will be forwarded. This class is only responsible for sending
  21. bytes over the connection, not doing TLS.
  22. @ivar _connection: A L{Connection} which TLS has been started on which will
  23. be proxied to by this object. Any method which has its behavior
  24. altered after C{startTLS} will be skipped in favor of the base class's
  25. implementation. This allows the TLS protocol object to have direct
  26. access to the transport, necessary to actually implement TLS.
  27. """
  28. def __init__(self, base, connection):
  29. self._base = base
  30. self._connection = connection
  31. def __getattr__(self, name):
  32. """
  33. Forward any extra attribute access to the original transport object.
  34. For example, this exposes C{getHost}, the behavior of which does not
  35. change after TLS is enabled.
  36. """
  37. return getattr(self._connection, name)
  38. def write(self, data):
  39. """
  40. Write some bytes directly to the connection.
  41. """
  42. return self._base.write(self._connection, data)
  43. def writeSequence(self, iovec):
  44. """
  45. Write a some bytes directly to the connection.
  46. """
  47. return self._base.writeSequence(self._connection, iovec)
  48. def loseConnection(self, *args, **kwargs):
  49. """
  50. Close the underlying connection.
  51. """
  52. return self._base.loseConnection(self._connection, *args, **kwargs)
  53. def registerProducer(self, producer, streaming):
  54. """
  55. Register a producer with the underlying connection.
  56. """
  57. return self._base.registerProducer(self._connection, producer, streaming)
  58. def unregisterProducer(self):
  59. """
  60. Unregister a producer with the underlying connection.
  61. """
  62. return self._base.unregisterProducer(self._connection)
  63. def startTLS(transport, contextFactory, normal, bypass):
  64. """
  65. Add a layer of SSL to a transport.
  66. @param transport: The transport which will be modified. This can either by
  67. a L{FileDescriptor<twisted.internet.abstract.FileDescriptor>} or a
  68. L{FileHandle<twisted.internet.iocpreactor.abstract.FileHandle>}. The
  69. actual requirements of this instance are that it have:
  70. - a C{_tlsClientDefault} attribute indicating whether the transport is
  71. a client (C{True}) or a server (C{False})
  72. - a settable C{TLS} attribute which can be used to mark the fact
  73. that SSL has been started
  74. - settable C{getHandle} and C{getPeerCertificate} attributes so
  75. these L{ISSLTransport} methods can be added to it
  76. - a C{protocol} attribute referring to the L{IProtocol} currently
  77. connected to the transport, which can also be set to a new
  78. L{IProtocol} for the transport to deliver data to
  79. @param contextFactory: An SSL context factory defining SSL parameters for
  80. the new SSL layer.
  81. @type contextFactory: L{twisted.internet.interfaces.IOpenSSLContextFactory}
  82. @param normal: A flag indicating whether SSL will go in the same direction
  83. as the underlying transport goes. That is, if the SSL client will be
  84. the underlying client and the SSL server will be the underlying server.
  85. C{True} means it is the same, C{False} means they are switched.
  86. @type normal: L{bool}
  87. @param bypass: A transport base class to call methods on to bypass the new
  88. SSL layer (so that the SSL layer itself can send its bytes).
  89. @type bypass: L{type}
  90. """
  91. # Figure out which direction the SSL goes in. If normal is True,
  92. # we'll go in the direction indicated by the subclass. Otherwise,
  93. # we'll go the other way (client = not normal ^ _tlsClientDefault,
  94. # in other words).
  95. if normal:
  96. client = transport._tlsClientDefault
  97. else:
  98. client = not transport._tlsClientDefault
  99. # If we have a producer, unregister it, and then re-register it below once
  100. # we've switched to TLS mode, so it gets hooked up correctly:
  101. producer, streaming = None, None
  102. if transport.producer is not None:
  103. producer, streaming = transport.producer, transport.streamingProducer
  104. transport.unregisterProducer()
  105. tlsFactory = TLSMemoryBIOFactory(contextFactory, client, None)
  106. tlsProtocol = TLSMemoryBIOProtocol(tlsFactory, transport.protocol, False)
  107. transport.protocol = tlsProtocol
  108. transport.getHandle = tlsProtocol.getHandle
  109. transport.getPeerCertificate = tlsProtocol.getPeerCertificate
  110. # Mark the transport as secure.
  111. directlyProvides(transport, ISSLTransport)
  112. # Remember we did this so that write and writeSequence can send the
  113. # data to the right place.
  114. transport.TLS = True
  115. # Hook it up
  116. transport.protocol.makeConnection(_BypassTLS(bypass, transport))
  117. # Restore producer if necessary:
  118. if producer:
  119. transport.registerProducer(producer, streaming)
  120. class ConnectionMixin:
  121. """
  122. A mixin for L{twisted.internet.abstract.FileDescriptor} which adds an
  123. L{ITLSTransport} implementation.
  124. @ivar TLS: A flag indicating whether TLS is currently in use on this
  125. transport. This is not a good way for applications to check for TLS,
  126. instead use L{twisted.internet.interfaces.ISSLTransport}.
  127. """
  128. TLS = False
  129. def startTLS(self, ctx, normal=True):
  130. """
  131. @see: L{ITLSTransport.startTLS}
  132. """
  133. startTLS(self, ctx, normal, FileDescriptor)
  134. def write(self, bytes):
  135. """
  136. Write some bytes to this connection, passing them through a TLS layer if
  137. necessary, or discarding them if the connection has already been lost.
  138. """
  139. if self.TLS:
  140. if self.connected:
  141. self.protocol.write(bytes)
  142. else:
  143. FileDescriptor.write(self, bytes)
  144. def writeSequence(self, iovec):
  145. """
  146. Write some bytes to this connection, scatter/gather-style, passing them
  147. through a TLS layer if necessary, or discarding them if the connection
  148. has already been lost.
  149. """
  150. if self.TLS:
  151. if self.connected:
  152. self.protocol.writeSequence(iovec)
  153. else:
  154. FileDescriptor.writeSequence(self, iovec)
  155. def loseConnection(self):
  156. """
  157. Close this connection after writing all pending data.
  158. If TLS has been negotiated, perform a TLS shutdown.
  159. """
  160. if self.TLS:
  161. if self.connected and not self.disconnecting:
  162. self.protocol.loseConnection()
  163. else:
  164. FileDescriptor.loseConnection(self)
  165. def registerProducer(self, producer, streaming):
  166. """
  167. Register a producer.
  168. If TLS is enabled, the TLS connection handles this.
  169. """
  170. if self.TLS:
  171. # Registering a producer before we're connected shouldn't be a
  172. # problem. If we end up with a write(), that's already handled in
  173. # the write() code above, and there are no other potential
  174. # side-effects.
  175. self.protocol.registerProducer(producer, streaming)
  176. else:
  177. FileDescriptor.registerProducer(self, producer, streaming)
  178. def unregisterProducer(self):
  179. """
  180. Unregister a producer.
  181. If TLS is enabled, the TLS connection handles this.
  182. """
  183. if self.TLS:
  184. self.protocol.unregisterProducer()
  185. else:
  186. FileDescriptor.unregisterProducer(self)
  187. class ClientMixin:
  188. """
  189. A mixin for L{twisted.internet.tcp.Client} which just marks it as a client
  190. for the purposes of the default TLS handshake.
  191. @ivar _tlsClientDefault: Always C{True}, indicating that this is a client
  192. connection, and by default when TLS is negotiated this class will act as
  193. a TLS client.
  194. """
  195. _tlsClientDefault = True
  196. class ServerMixin:
  197. """
  198. A mixin for L{twisted.internet.tcp.Server} which just marks it as a server
  199. for the purposes of the default TLS handshake.
  200. @ivar _tlsClientDefault: Always C{False}, indicating that this is a server
  201. connection, and by default when TLS is negotiated this class will act as
  202. a TLS server.
  203. """
  204. _tlsClientDefault = False