Edouard@2313: from __future__ import absolute_import Edouard@2313: from __future__ import print_function Edouard@2312: Edouard@2313: import socket Edouard@2314: import re Edouard@2312: import sslpsk Edouard@2312: import Pyro Edouard@2314: from Pyro.core import PyroURI Edouard@2312: from Pyro.protocol import _connect_socket,TCPConnection,PYROAdapter Edouard@2312: from Pyro.errors import ConnectionDeniedError, ProtocolError Edouard@2312: from Pyro.util import Log Edouard@2312: Edouard@2312: # Edouard@2312: # The TLS-PSK adapter that handles SSL connections instead of regular sockets, Edouard@2312: # but using Pre Shared Keys instead of Certificates Edouard@2312: # Edouard@2312: class PYROPSKAdapter(PYROAdapter): Edouard@2312: # This is essentialy the same as in Pyro/protocol.py Edouard@2312: # only raw_sock wrapping into sock through sslpsk.wrap_socket was added Edouard@2312: # Pyro unfortunately doesn't allow cleaner customization Edouard@2312: def bindToURI(self,URI): Edouard@2312: with self.lock: # only 1 thread at a time can bind the URI Edouard@2312: try: Edouard@2312: self.URI=URI Edouard@2312: Edouard@2312: # This are the statements that differ from Pyro/protocol.py Edouard@2312: raw_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) Edouard@2312: _connect_socket(raw_sock, URI.address, URI.port, self.timeout) Edouard@2312: sock = sslpsk.wrap_socket( Edouard@2313: raw_sock, psk=Pyro.config.PYROPSK, server_side=False, Edouard@2313: ciphers="PSK-AES256-GCM-SHA384:PSK-AES256-CBC-SHA") Edouard@2312: # all the rest is the same as in Pyro/protocol.py Edouard@2312: Edouard@2312: conn=TCPConnection(sock, sock.getpeername()) Edouard@2312: # receive the authentication challenge string, and use that to build the actual identification string. Edouard@2312: try: Edouard@2312: authChallenge=self.recvAuthChallenge(conn) Edouard@2312: except ProtocolError,x: Edouard@2312: # check if we were denied Edouard@2312: if hasattr(x,"partialMsg") and x.partialMsg[:len(self.denyMSG)]==self.denyMSG: Edouard@2312: raise ConnectionDeniedError(Pyro.constants.deniedReasons[int(x.partialMsg[-1])]) Edouard@2312: else: Edouard@2312: raise Edouard@2312: # reply with our ident token, generated from the ident passphrase and the challenge Edouard@2312: msg = self._sendConnect(sock,self.newConnValidator.createAuthToken(self.ident, authChallenge, conn.addr, self.URI, None) ) Edouard@2312: if msg==self.acceptMSG: Edouard@2312: self.conn=conn Edouard@2312: self.conn.connected=1 Edouard@2312: Log.msg('PYROAdapter','connected to',str(URI)) Edouard@2314: if URI.protocol=='PYROLOCPSK': Edouard@2314: self.resolvePYROLOC_URI("PYROPSK") # updates self.URI Edouard@2312: elif msg[:len(self.denyMSG)]==self.denyMSG: Edouard@2312: try: Edouard@2312: raise ConnectionDeniedError(Pyro.constants.deniedReasons[int(msg[-1])]) Edouard@2312: except (KeyError,ValueError): Edouard@2312: raise ConnectionDeniedError('invalid response') Edouard@2312: except socket.error: Edouard@2312: Log.msg('PYROAdapter','connection failed to URI',str(URI)) Edouard@2312: raise ProtocolError('connection failed') Edouard@2312: Edouard@2312: _getProtocolAdapter = Pyro.protocol.getProtocolAdapter Edouard@2312: def getProtocolAdapter(protocol): Edouard@2312: if protocol in ('PYROPSK', 'PYROLOCPSK'): Edouard@2312: return PYROPSKAdapter() Edouard@2312: _getProtocolAdapter(protocol) Edouard@2312: Edouard@2312: Pyro.protocol.getProtocolAdapter = getProtocolAdapter Edouard@2312: Edouard@2314: _processStringURI = Pyro.core.processStringURI Edouard@2314: def processStringURI(URI): Edouard@2314: x=re.match(r'(?PPYROLOCPSK)://(?P[^\s:]+):?(?P\d+)?/(?P\S*)',URI) Edouard@2314: if x: Edouard@2314: protocol=x.group('protocol') Edouard@2314: hostname=x.group('hostname') Edouard@2314: port=x.group('port') Edouard@2314: if port: Edouard@2314: port=int(port) Edouard@2314: else: Edouard@2314: port=0 Edouard@2314: name=x.group('name') Edouard@2314: return PyroURI(hostname,name,port,protocol) Edouard@2314: return _processStringURI(URI) Edouard@2314: Pyro.core.processStringURI = processStringURI