226 lines
9.7 KiB
C
226 lines
9.7 KiB
C
/*
|
|
* This file is part of the MicroPython project, http://micropython.org/
|
|
*
|
|
* The MIT License (MIT)
|
|
*
|
|
* SPDX-FileCopyrightText: Copyright (c) 2020 Scott Shawcroft for Adafruit Industries
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
* in the Software without restriction, including without limitation the rights
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
* THE SOFTWARE.
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
|
|
#include "extmod/vfs.h"
|
|
#include "py/objtuple.h"
|
|
#include "py/objlist.h"
|
|
#include "py/objproperty.h"
|
|
#include "py/runtime.h"
|
|
#include "py/mperrno.h"
|
|
|
|
#include "shared-bindings/ssl/SSLContext.h"
|
|
|
|
//| class SSLContext:
|
|
//| """Settings related to SSL that can be applied to a socket by wrapping it.
|
|
//| This is useful to provide SSL certificates to specific connections
|
|
//| rather than all of them."""
|
|
//|
|
|
|
|
STATIC mp_obj_t ssl_sslcontext_make_new(const mp_obj_type_t *type, size_t n_args, size_t n_kw, const mp_obj_t *args) {
|
|
mp_arg_check_num(n_args, n_kw, 0, 1, false);
|
|
|
|
ssl_sslcontext_obj_t *s = mp_obj_malloc(ssl_sslcontext_obj_t, &ssl_sslcontext_type);
|
|
|
|
common_hal_ssl_sslcontext_construct(s);
|
|
|
|
return MP_OBJ_FROM_PTR(s);
|
|
}
|
|
|
|
//| def load_cert_chain(self, certfile: str, keyfile: str) -> None:
|
|
//| """Load a private key and the corresponding certificate.
|
|
//|
|
|
//| The certfile string must be the path to a single file in PEM format
|
|
//| containing the certificate as well as any number of CA certificates
|
|
//| needed to establish the certificate's authenticity. The keyfile string
|
|
//| must point to a file containing the private key.
|
|
//| """
|
|
|
|
STATIC void get_file_contents(mp_obj_t name_obj, mp_buffer_info_t *bufinfo) {
|
|
mp_obj_t file = mp_call_function_2(MP_OBJ_FROM_PTR(&mp_builtin_open_obj), name_obj, MP_OBJ_NEW_QSTR(MP_QSTR_rb));
|
|
mp_obj_t dest[2];
|
|
mp_load_method(file, MP_QSTR_read, dest);
|
|
mp_obj_t result = mp_call_method_n_kw(0, 0, dest);
|
|
mp_get_buffer_raise(result, bufinfo, MP_BUFFER_READ);
|
|
}
|
|
|
|
STATIC mp_obj_t ssl_sslcontext_load_cert_chain(size_t n_args, const mp_obj_t *pos_args, mp_map_t *kw_args) {
|
|
enum { ARG_certfile, ARG_keyfile };
|
|
static const mp_arg_t allowed_args[] = {
|
|
{ MP_QSTR_certfile, MP_ARG_REQUIRED | MP_ARG_OBJ, {.u_obj = mp_const_none} },
|
|
{ MP_QSTR_keyfile, MP_ARG_OBJ, {.u_obj = mp_const_none} },
|
|
};
|
|
ssl_sslcontext_obj_t *self = MP_OBJ_TO_PTR(pos_args[0]);
|
|
|
|
mp_arg_val_t args[MP_ARRAY_SIZE(allowed_args)];
|
|
mp_arg_parse_all(n_args - 1, pos_args + 1, kw_args, MP_ARRAY_SIZE(allowed_args), allowed_args, args);
|
|
|
|
mp_buffer_info_t cert_buf, key_buf;
|
|
get_file_contents(args[ARG_certfile].u_obj, &cert_buf);
|
|
if (args[ARG_keyfile].u_obj != mp_const_none) {
|
|
get_file_contents(args[ARG_keyfile].u_obj, &key_buf);
|
|
} else {
|
|
key_buf = cert_buf;
|
|
}
|
|
|
|
common_hal_ssl_sslcontext_load_cert_chain(self, &cert_buf, &key_buf);
|
|
return mp_const_none;
|
|
}
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_KW(ssl_sslcontext_load_cert_chain_obj, 1, ssl_sslcontext_load_cert_chain);
|
|
|
|
//| def load_verify_locations(
|
|
//| self,
|
|
//| cafile: Optional[str] = None,
|
|
//| capath: Optional[str] = None,
|
|
//| cadata: Optional[str] = None,
|
|
//| ) -> None:
|
|
//| """
|
|
//| Load a set of certification authority (CA) certificates used to validate
|
|
//| other peers' certificates.
|
|
//|
|
|
//| :param str cafile: path to a file of contcatenated CA certificates in PEM format. **Not implemented**.
|
|
//| :param str capath: path to a directory of CA certificate files in PEM format. **Not implemented**.
|
|
//| :param str cadata: A single CA certificate in PEM format. **Limitation**: CPython allows one
|
|
//| or more certificates, but this implementation is limited to one.
|
|
//| """
|
|
STATIC mp_obj_t ssl_sslcontext_load_verify_locations(size_t n_args, const mp_obj_t *pos_args, mp_map_t *kw_args) {
|
|
enum { ARG_cafile, ARG_capath, ARG_cadata };
|
|
static const mp_arg_t allowed_args[] = {
|
|
{ MP_QSTR_cafile, MP_ARG_OBJ, {.u_obj = mp_const_none} },
|
|
{ MP_QSTR_capath, MP_ARG_OBJ, {.u_obj = mp_const_none} },
|
|
{ MP_QSTR_cadata, MP_ARG_OBJ, {.u_obj = mp_const_none} },
|
|
};
|
|
ssl_sslcontext_obj_t *self = MP_OBJ_TO_PTR(pos_args[0]);
|
|
|
|
mp_arg_val_t args[MP_ARRAY_SIZE(allowed_args)];
|
|
mp_arg_parse_all(n_args - 1, pos_args + 1, kw_args, MP_ARRAY_SIZE(allowed_args), allowed_args, args);
|
|
|
|
if (args[ARG_cafile].u_obj != mp_const_none) {
|
|
mp_raise_NotImplementedError_varg(MP_ERROR_TEXT("%q"), MP_QSTR_cafile);
|
|
}
|
|
|
|
if (args[ARG_capath].u_obj != mp_const_none) {
|
|
mp_raise_NotImplementedError_varg(MP_ERROR_TEXT("%q"), MP_QSTR_capath);
|
|
}
|
|
|
|
const char *cadata = mp_obj_str_get_str(args[ARG_cadata].u_obj);
|
|
|
|
common_hal_ssl_sslcontext_load_verify_locations(self, cadata);
|
|
return mp_const_none;
|
|
}
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_KW(ssl_sslcontext_load_verify_locations_obj, 1, ssl_sslcontext_load_verify_locations);
|
|
|
|
//| def set_default_verify_paths(self) -> None:
|
|
//| """Load a set of default certification authority (CA) certificates."""
|
|
|
|
STATIC mp_obj_t ssl_sslcontext_set_default_verify_paths(size_t n_args, const mp_obj_t *pos_args, mp_map_t *kw_args) {
|
|
ssl_sslcontext_obj_t *self = MP_OBJ_TO_PTR(pos_args[0]);
|
|
|
|
common_hal_ssl_sslcontext_set_default_verify_paths(self);
|
|
return mp_const_none;
|
|
}
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_KW(ssl_sslcontext_set_default_verify_paths_obj, 1, ssl_sslcontext_set_default_verify_paths);
|
|
|
|
//| check_hostname: bool
|
|
//| """Whether to match the peer certificate's hostname."""
|
|
|
|
STATIC mp_obj_t ssl_sslcontext_get_check_hostname(mp_obj_t self_in) {
|
|
ssl_sslcontext_obj_t *self = MP_OBJ_TO_PTR(self_in);
|
|
|
|
return mp_obj_new_bool(common_hal_ssl_sslcontext_get_check_hostname(self));
|
|
}
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_1(ssl_sslcontext_get_check_hostname_obj, ssl_sslcontext_get_check_hostname);
|
|
|
|
STATIC mp_obj_t ssl_sslcontext_set_check_hostname(mp_obj_t self_in, mp_obj_t value) {
|
|
ssl_sslcontext_obj_t *self = MP_OBJ_TO_PTR(self_in);
|
|
|
|
common_hal_ssl_sslcontext_set_check_hostname(self, mp_obj_is_true(value));
|
|
return mp_const_none;
|
|
}
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_2(ssl_sslcontext_set_check_hostname_obj, ssl_sslcontext_set_check_hostname);
|
|
|
|
MP_PROPERTY_GETSET(ssl_sslcontext_check_hostname_obj,
|
|
(mp_obj_t)&ssl_sslcontext_get_check_hostname_obj,
|
|
(mp_obj_t)&ssl_sslcontext_set_check_hostname_obj);
|
|
|
|
//| def wrap_socket(
|
|
//| self,
|
|
//| sock: socketpool.Socket,
|
|
//| *,
|
|
//| server_side: bool = False,
|
|
//| server_hostname: Optional[str] = None
|
|
//| ) -> ssl.SSLSocket:
|
|
//| """Wraps the socket into a socket-compatible class that handles SSL negotiation.
|
|
//| The socket must be of type SOCK_STREAM."""
|
|
//|
|
|
|
|
STATIC mp_obj_t ssl_sslcontext_wrap_socket(size_t n_args, const mp_obj_t *pos_args, mp_map_t *kw_args) {
|
|
enum { ARG_sock, ARG_server_side, ARG_server_hostname };
|
|
static const mp_arg_t allowed_args[] = {
|
|
{ MP_QSTR_sock, MP_ARG_OBJ | MP_ARG_REQUIRED },
|
|
{ MP_QSTR_server_side, MP_ARG_KW_ONLY | MP_ARG_BOOL, {.u_bool = false} },
|
|
{ MP_QSTR_server_hostname, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_obj = mp_const_none} },
|
|
};
|
|
ssl_sslcontext_obj_t *self = MP_OBJ_TO_PTR(pos_args[0]);
|
|
|
|
mp_arg_val_t args[MP_ARRAY_SIZE(allowed_args)];
|
|
mp_arg_parse_all(n_args - 1, pos_args + 1, kw_args, MP_ARRAY_SIZE(allowed_args), allowed_args, args);
|
|
|
|
const char *server_hostname = NULL;
|
|
if (args[ARG_server_hostname].u_obj != mp_const_none) {
|
|
server_hostname = mp_obj_str_get_str(args[ARG_server_hostname].u_obj);
|
|
}
|
|
bool server_side = args[ARG_server_side].u_bool;
|
|
if (server_side && server_hostname != NULL) {
|
|
mp_raise_ValueError(MP_ERROR_TEXT("Server side context cannot have hostname"));
|
|
}
|
|
|
|
socketpool_socket_obj_t *sock = args[ARG_sock].u_obj;
|
|
|
|
return common_hal_ssl_sslcontext_wrap_socket(self, sock, server_side, server_hostname);
|
|
}
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_KW(ssl_sslcontext_wrap_socket_obj, 1, ssl_sslcontext_wrap_socket);
|
|
|
|
STATIC const mp_rom_map_elem_t ssl_sslcontext_locals_dict_table[] = {
|
|
{ MP_ROM_QSTR(MP_QSTR_wrap_socket), MP_ROM_PTR(&ssl_sslcontext_wrap_socket_obj) },
|
|
{ MP_ROM_QSTR(MP_QSTR_load_cert_chain), MP_ROM_PTR(&ssl_sslcontext_load_cert_chain_obj) },
|
|
{ MP_ROM_QSTR(MP_QSTR_load_verify_locations), MP_ROM_PTR(&ssl_sslcontext_load_verify_locations_obj) },
|
|
{ MP_ROM_QSTR(MP_QSTR_set_default_verify_paths), MP_ROM_PTR(&ssl_sslcontext_set_default_verify_paths_obj) },
|
|
{ MP_ROM_QSTR(MP_QSTR_check_hostname), MP_ROM_PTR(&ssl_sslcontext_check_hostname_obj) },
|
|
};
|
|
|
|
STATIC MP_DEFINE_CONST_DICT(ssl_sslcontext_locals_dict, ssl_sslcontext_locals_dict_table);
|
|
|
|
MP_DEFINE_CONST_OBJ_TYPE(
|
|
ssl_sslcontext_type,
|
|
MP_QSTR_SSLContext,
|
|
MP_TYPE_FLAG_HAS_SPECIAL_ACCESSORS,
|
|
make_new, ssl_sslcontext_make_new,
|
|
locals_dict, &ssl_sslcontext_locals_dict
|
|
);
|