aboutsummaryrefslogtreecommitdiffstats
path: root/netlib
diff options
context:
space:
mode:
Diffstat (limited to 'netlib')
-rw-r--r--netlib/http2/frame.py24
-rw-r--r--netlib/http2/protocol.py99
-rw-r--r--netlib/tcp.py18
3 files changed, 84 insertions, 57 deletions
diff --git a/netlib/http2/frame.py b/netlib/http2/frame.py
index 4a305d82..98ced904 100644
--- a/netlib/http2/frame.py
+++ b/netlib/http2/frame.py
@@ -113,16 +113,13 @@ class Frame(object):
def payload_human_readable(self): # pragma: no cover
raise NotImplementedError()
- def human_readable(self):
+ def human_readable(self, direction="-"):
+ self.length = len(self.payload_bytes())
+
return "\n".join([
- "============================================================",
- "length: %d bytes" % self.length,
- "type: %s (%#x)" % (self.__class__.__name__, self.TYPE),
- "flags: %#x" % self.flags,
- "stream_id: %#x" % self.stream_id,
- "------------------------------------------------------------",
+ "%s: %s | length: %d | flags: %#x | stream_id: %d" % (direction, self.__class__.__name__, self.length, self.flags, self.stream_id),
self.payload_human_readable(),
- "============================================================",
+ "===============================================================",
])
def __eq__(self, other):
@@ -461,7 +458,10 @@ class PushPromiseFrame(Frame):
s.append("padding: %d" % self.pad_length)
s.append("promised stream: %#x" % self.promised_stream)
- s.append("header_block_fragment: %s" % str(self.header_block_fragment))
+ s.append(
+ "header_block_fragment: %s" %
+ self.header_block_fragment.encode('hex'))
+
return "\n".join(s)
@@ -605,7 +605,11 @@ class ContinuationFrame(Frame):
return self.header_block_fragment
def payload_human_readable(self):
- return "header_block_fragment: %s" % str(self.header_block_fragment)
+ s = []
+ s.append(
+ "header_block_fragment: %s" %
+ self.header_block_fragment.encode('hex'))
+ return "\n".join(s)
_FRAME_CLASSES = [
DataFrame,
diff --git a/netlib/http2/protocol.py b/netlib/http2/protocol.py
index 1e722dfb..ac89bac4 100644
--- a/netlib/http2/protocol.py
+++ b/netlib/http2/protocol.py
@@ -31,7 +31,7 @@ class HTTP2Protocol(object):
ALPN_PROTO_H2 = 'h2'
- def __init__(self, tcp_handler, is_server=False):
+ def __init__(self, tcp_handler, is_server=False, dump_frames=False):
self.tcp_handler = tcp_handler
self.is_server = is_server
@@ -40,6 +40,7 @@ class HTTP2Protocol(object):
self.encoder = Encoder()
self.decoder = Decoder()
self.connection_preface_performed = False
+ self.dump_frames = dump_frames
def check_alpn(self):
alp = self.tcp_handler.get_alpn_proto_negotiated()
@@ -48,16 +49,19 @@ class HTTP2Protocol(object):
"HTTP2Protocol can not handle unknown ALP: %s" % alp)
return True
- def _receive_settings(self):
- frm = frame.Frame.from_file(self.tcp_handler.rfile, self)
- assert isinstance(frm, frame.SettingsFrame)
- self._apply_settings(frm.settings)
+ def _receive_settings(self, hide=False):
+ while True:
+ frm = self.read_frame(hide)
+ if isinstance(frm, frame.SettingsFrame):
+ break
- def _read_settings_ack(self):
- settings_ack_frame = self.read_frame()
- assert isinstance(settings_ack_frame, frame.SettingsFrame)
- assert settings_ack_frame.flags & frame.Frame.FLAG_ACK
- assert len(settings_ack_frame.settings) == 0
+ def _read_settings_ack(self, hide=False): # pragma no cover
+ while True:
+ frm = self.read_frame(hide)
+ if isinstance(frm, frame.SettingsFrame):
+ assert settings_ack_frame.flags & frame.Frame.FLAG_ACK
+ assert len(settings_ack_frame.settings) == 0
+ break
def perform_server_connection_preface(self, force=False):
if force or not self.connection_preface_performed:
@@ -67,9 +71,8 @@ class HTTP2Protocol(object):
magic = self.tcp_handler.rfile.safe_read(magic_length)
assert magic == self.CLIENT_CONNECTION_PREFACE
- self.send_frame(frame.SettingsFrame(state=self))
- self._receive_settings()
- self._read_settings_ack()
+ self.send_frame(frame.SettingsFrame(state=self), hide=True)
+ self._receive_settings(hide=True)
def perform_client_connection_preface(self, force=False):
if force or not self.connection_preface_performed:
@@ -77,9 +80,8 @@ class HTTP2Protocol(object):
self.tcp_handler.wfile.write(self.CLIENT_CONNECTION_PREFACE)
- self.send_frame(frame.SettingsFrame(state=self))
- self._receive_settings()
- self._read_settings_ack()
+ self.send_frame(frame.SettingsFrame(state=self), hide=True)
+ self._receive_settings(hide=True)
def next_stream_id(self):
if self.current_stream_id is None:
@@ -93,30 +95,37 @@ class HTTP2Protocol(object):
self.current_stream_id += 2
return self.current_stream_id
- def send_frame(self, frame):
- raw_bytes = frame.to_bytes()
+ def send_frame(self, frm, hide=False):
+ raw_bytes = frm.to_bytes()
self.tcp_handler.wfile.write(raw_bytes)
self.tcp_handler.wfile.flush()
+ if not hide and self.dump_frames: # pragma no cover
+ print(frm.human_readable(">>"))
- def read_frame(self):
+ def read_frame(self, hide=False):
frm = frame.Frame.from_file(self.tcp_handler.rfile, self)
- if isinstance(frm, frame.SettingsFrame):
- self._apply_settings(frm.settings)
+ if not hide and self.dump_frames: # pragma no cover
+ print(frm.human_readable("<<"))
+ if isinstance(frm, frame.SettingsFrame) and not frm.flags & frame.Frame.FLAG_ACK:
+ self._apply_settings(frm.settings, hide)
return frm
- def _apply_settings(self, settings):
+ def _apply_settings(self, settings, hide=False):
for setting, value in settings.items():
old_value = self.http2_settings[setting]
if not old_value:
old_value = '-'
-
self.http2_settings[setting] = value
self.send_frame(
frame.SettingsFrame(
state=self,
- flags=frame.Frame.FLAG_ACK))
+ flags=frame.Frame.FLAG_ACK),
+ hide)
+
+ # be liberal in what we expect from the other end
+ # to be more strict use: self._read_settings_ack(hide)
def _create_headers(self, headers, stream_id, end_stream=True):
# TODO: implement max frame size checks and sending in chunks
@@ -127,12 +136,16 @@ class HTTP2Protocol(object):
header_block_fragment = self.encoder.encode(headers)
- bytes = frame.HeadersFrame(
+ frm = frame.HeadersFrame(
state=self,
flags=flags,
stream_id=stream_id,
- header_block_fragment=header_block_fragment).to_bytes()
- return [bytes]
+ header_block_fragment=header_block_fragment)
+
+ if self.dump_frames: # pragma no cover
+ print(frm.human_readable(">>"))
+
+ return [frm.to_bytes()]
def _create_body(self, body, stream_id):
if body is None or len(body) == 0:
@@ -141,18 +154,26 @@ class HTTP2Protocol(object):
# TODO: implement max frame size checks and sending in chunks
# TODO: implement flow-control window
- bytes = frame.DataFrame(
+ frm = frame.DataFrame(
state=self,
flags=frame.Frame.FLAG_END_STREAM,
stream_id=stream_id,
- payload=body).to_bytes()
- return [bytes]
+ payload=body)
+
+ if self.dump_frames: # pragma no cover
+ print(frm.human_readable(">>"))
+
+ return [frm.to_bytes()]
+
def create_request(self, method, path, headers=None, body=None):
if headers is None:
headers = []
authority = self.tcp_handler.sni if self.tcp_handler.sni else self.tcp_handler.address.host
+ if self.tcp_handler.address.port != 443:
+ authority += ":%d" % self.tcp_handler.address.port
+
headers = [
(b':method', bytes(method)),
(b':path', bytes(path)),
@@ -167,7 +188,7 @@ class HTTP2Protocol(object):
self._create_body(body, stream_id)))
def read_response(self):
- headers, body = self._receive_transmission()
+ stream_id, headers, body = self._receive_transmission()
return headers[':status'], headers, body
def read_request(self):
@@ -176,6 +197,7 @@ class HTTP2Protocol(object):
def _receive_transmission(self):
body_expected = True
+ stream_id = 0
header_block_fragment = b''
body = b''
@@ -183,10 +205,11 @@ class HTTP2Protocol(object):
frm = self.read_frame()
if isinstance(frm, frame.HeadersFrame)\
or isinstance(frm, frame.ContinuationFrame):
+ stream_id = frm.stream_id
header_block_fragment += frm.header_block_fragment
+ if frm.flags & frame.Frame.FLAG_END_STREAM:
+ body_expected = False
if frm.flags & frame.Frame.FLAG_END_HEADERS:
- if frm.flags & frame.Frame.FLAG_END_STREAM:
- body_expected = False
break
while body_expected:
@@ -201,16 +224,18 @@ class HTTP2Protocol(object):
for header, value in self.decoder.decode(header_block_fragment):
headers[header] = value
- return headers, body
+ return stream_id, headers, body
- def create_response(self, code, headers=None, body=None):
+ def create_response(self, code, stream_id=None, headers=None, body=None):
if headers is None:
headers = []
headers = [(b':status', bytes(str(code)))] + headers
- stream_id = self.next_stream_id()
+ if not stream_id:
+ stream_id = self.next_stream_id()
return list(itertools.chain(
self._create_headers(headers, stream_id, end_stream=(body is None)),
- self._create_body(body, stream_id)))
+ self._create_body(body, stream_id),
+ ))
diff --git a/netlib/tcp.py b/netlib/tcp.py
index 953cef6e..cafc3ed9 100644
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@@ -22,11 +22,6 @@ TLSv1_METHOD = SSL.TLSv1_METHOD
TLSv1_1_METHOD = SSL.TLSv1_1_METHOD
TLSv1_2_METHOD = SSL.TLSv1_2_METHOD
-OP_NO_SSLv2 = SSL.OP_NO_SSLv2
-OP_NO_SSLv3 = SSL.OP_NO_SSLv3
-VERIFY_NONE = SSL.VERIFY_NONE
-
-
class NetLibError(Exception):
pass
@@ -374,8 +369,8 @@ class _Connection(object):
def _create_ssl_context(self,
method=SSLv23_METHOD,
- options=(OP_NO_SSLv2 | OP_NO_SSLv3),
- verify_options=VERIFY_NONE,
+ options=(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_CIPHER_SERVER_PREFERENCE | SSL.OP_NO_COMPRESSION),
+ verify_options=SSL.VERIFY_NONE,
ca_path=None,
ca_pemfile=None,
cipher_list=None,
@@ -397,7 +392,7 @@ class _Connection(object):
context.set_options(options)
# Verify Options (NONE/PEER/PEER|FAIL_IF_... and trusted CAs)
- if verify_options is not None and verify_options is not VERIFY_NONE:
+ if verify_options is not None and verify_options is not SSL.VERIFY_NONE:
def verify_cert(conn, cert, errno, err_depth, is_cert_verified):
if is_cert_verified:
return True
@@ -419,6 +414,9 @@ class _Connection(object):
if cipher_list:
try:
context.set_cipher_list(cipher_list)
+
+ # TODO: maybe change this to with newer pyOpenSSL APIs
+ context.set_tmp_ecdh(OpenSSL.crypto.get_elliptic_curve('prime256v1'))
except SSL.Error as v:
raise NetLibError("SSL cipher specification error: %s" % str(v))
@@ -529,7 +527,7 @@ class TCPClient(_Connection):
if OpenSSL._util.lib.Cryptography_HAS_ALPN and self.ssl_established:
return self.connection.get_alpn_proto_negotiated()
else:
- return None
+ return ""
class BaseHandler(_Connection):
@@ -639,7 +637,7 @@ class BaseHandler(_Connection):
if OpenSSL._util.lib.Cryptography_HAS_ALPN and self.ssl_established:
return self.connection.get_alpn_proto_negotiated()
else:
- return None
+ return ""
class TCPServer(object):
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-29 09:06:50 +0000