[Twisted-Python] twisted.web HTTPS client certificate

Mon, 12 Jul 2021 00:08:57 -0700

I am trying to work out how to retrieve on the server a X.509 certificate presented by the HTTPS client.  This code tries to tell me the transport has no peer certificate.
same error when I use wget as a client so I think my problem is in the server code. I'm using self-signed certificates 

Any clues as to what I'm doing wrong?

Ian


from twisted.internet import reactor, endpoints
from twisted.internet.ssl import Certificate
from twisted.web.server import Site
from twisted.web.resource import Resource


class CertPage(Resource):
    isLeaf = True

    def render_GET(self, request):
        HTML = """
<html><body><pre>
getPeerCertificate %r %r
</pre></body></html>"""
        cert = Certificate.peerFromTransport(request.transport)
        return bytes(HTML % (type(cert), cert), "ascii")


resource = CertPage()
site = Site(resource)
e = endpoints.serverFromString(
    reactor, "ssl:8443:certKey=server.crt:privateKey=server.key"
)
e.listen(site)
reactor.run()

from zope.interface import implementer

from OpenSSL.crypto import FILETYPE_PEM
from twisted.internet.ssl import (
    optionsForClientTLS,
    Certificate,
    PrivateCertificate,
    KeyPair,
)
from twisted.trial import unittest
from twisted.internet import reactor
from twisted.web.iweb import IPolicyForHTTPS
from twisted.web.client import Agent, ResponseFailed, readBody


@implementer(IPolicyForHTTPS)
class LoadClientCert:
    def __init__(self, hostmap, server_cert, client_cert, client_key):
        self.hostmap = hostmap
        with open(server_cert) as fd:
            self.server_cert = Certificate.loadPEM(fd.read())
        with open(client_cert) as fd:
            client_cert = Certificate.loadPEM(fd.read())
        with open(client_key) as fd:
            client_key = KeyPair.load(fd.read(), FILETYPE_PEM)
        self.client_cert = PrivateCertificate.fromCertificateAndKeyPair(
            client_cert, client_key
        )

    def creatorForNetloc(self, hostname, port):
        hostname = hostname.decode("ascii")
        if hostname in self.hostmap:
            hostname = self.hostmap[hostname]

        import pdb

        pdb.set_trace()
        return optionsForClientTLS(hostname, self.server_cert, self.client_cert)


def getPage(url, server_cert, client_cert, client_key, hostmap={}):
    a = Agent(reactor, LoadClientCert(hostmap, server_cert, client_cert, client_key))
    d = a.request(b"GET", url.encode("ascii"))

    def cb_getBody(response):
        return readBody(response)

    return d.addCallback(cb_getBody)


class HubTest(unittest.TestCase):
    def test_getpage(self):
        def cb_print(s):

            print(s)

        DIR = "/home/ian/athen/hub/"
        d = getPage(
            "https://localhost:8443/";,
            DIR + "server.crt",
            DIR + "client.crt",
            DIR + "client.key",
            {"localhost": "mintbox"},
        )
        d.addCallback(cb_print)
        return d

_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python






















					Reply via email to