Home Explore Help
Sign In
RISCI_ATOM
/
sydent
mirror of https://github.com/matrix-org/sydent.git
1
0
Fork 0
Files Issues 0 Wiki
Branch: bbz/info_mainline-20210217
Branches Tags
sydent
/
sydent
/
http
/
httpcommon.py

httpcommon.py 2.5 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 
  1. # -*- coding: utf-8 -*-
    2. 

  2. 

  3. # Copyright 2014 OpenMarket Ltd
    4. 

  4. #
    5. 

  5. # Licensed under the Apache License, Version 2.0 (the "License");
    6. 

  6. # you may not use this file except in compliance with the License.
    7. 

  7. # You may obtain a copy of the License at
    8. 

  8. #
    9. 

  9. #     http://www.apache.org/licenses/LICENSE-2.0
    10. 

  10. #
    11. 

  11. # Unless required by applicable law or agreed to in writing, software
    12. 

  12. # distributed under the License is distributed on an "AS IS" BASIS,
    13. 

  13. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14. 

  14. # See the License for the specific language governing permissions and
    15. 

  15. # limitations under the License.
    16. 

  16. 

  17. import logging
    18. 

  18. 

  19. import twisted.internet.ssl
    20. 

  20. 

  21. logger = logging.getLogger(__name__)
    22. 

  22. 

  23. class SslComponents:
    24. 

  24.     def __init__(self, sydent):
    25. 

  25.         self.sydent = sydent
    26. 

  26. 

  27.         self.myPrivateCertificate = self.makeMyCertificate()
    28. 

  28.         self.trustRoot = self.makeTrustRoot()
    29. 

  29. 

  30.     def makeMyCertificate(self):
    31. 

  31.         privKeyAndCertFilename = self.sydent.cfg.get('http', 'replication.https.certfile')
    32. 

  32.         if privKeyAndCertFilename == '':
    33. 

  33.             logger.warn("No HTTPS private key / cert found: not starting replication server "
    34. 

  34.                         "or doing replication pushes")
    35. 

  35.             return None
    36. 

  36. 

  37.         try:
    38. 

  38.             fp = open(privKeyAndCertFilename)
    39. 

  39.         except IOError:
    40. 

  40.             logger.warn("Unable to read private key / cert file from %s: not starting the replication HTTPS server "
    41. 

  41.                         "or doing replication pushes.",
    42. 

  42.                         privKeyAndCertFilename)
    43. 

  43.             return None
    44. 

  44. 

  45.         authData = fp.read()
    46. 

  46.         fp.close()
    47. 

  47.         return twisted.internet.ssl.PrivateCertificate.loadPEM(authData)
    48. 

  48. 

  49.     def makeTrustRoot(self):
    50. 

  50.         # If this option is specified, use a specific root CA cert. This is useful for testing when it's not
    51. 

  51.         # practical to get the client cert signed by a real root CA but should never be used on a production server.
    52. 

  52.         caCertFilename = self.sydent.cfg.get('http', 'replication.https.cacert')
    53. 

  53.         if len(caCertFilename) > 0:
    54. 

  54.             try:
    55. 

  55.                 fp = open(caCertFilename)
    56. 

  56.                 caCert = twisted.internet.ssl.Certificate.loadPEM(fp.read())
    57. 

  57.                 fp.close()
    58. 

  58.             except:
    59. 

  59.                 logger.warn("Failed to open CA cert file %s", caCertFilename)
    60. 

  60.                 raise
    61. 

  61.             logger.warn("Using custom CA cert file: %s", caCertFilename)
    62. 

  62.             return twisted.internet._sslverify.OpenSSLCertificateAuthorities([caCert.original])
    63. 

  63.         else:
    64. 

  64.             return twisted.internet.ssl.OpenSSLDefaultPaths()
    65.