91 lines
3.2 KiB
Python
91 lines
3.2 KiB
Python
|
|
||
|
|
||
|
class SSLCapability(object):
|
||
|
CAPABILITY_TYPE = ["version", "cipher_suite", "fragment_size", # for hello capability negotiation
|
||
|
"verify_server", "verify_client", # if support verify server/client
|
||
|
"key_algorithm", "key_encoding", "pem_encryption", # what kind of private it supports
|
||
|
"certificate_encoding", "certificate_digest", # what kind of certificate it supports
|
||
|
]
|
||
|
SSL_TYPE = ("TargetClient", "TargetServer", "PCClient", "PCServer")
|
||
|
|
||
|
def __init__(self, typ, **kwargs):
|
||
|
assert typ in self.SSL_TYPE
|
||
|
self.type = typ
|
||
|
self.capability = dict.fromkeys(self.CAPABILITY_TYPE, None)
|
||
|
for kw in kwargs:
|
||
|
self.capability[kw] = kwargs[kw]
|
||
|
for kw in self.capability:
|
||
|
assert self.capability[kw] is not None
|
||
|
pass
|
||
|
|
||
|
def get(self, kw):
|
||
|
return self.capability[kw]
|
||
|
|
||
|
def set(self, **kwargs):
|
||
|
for kw in kwargs:
|
||
|
self.capability[kw] = kwargs[kw]
|
||
|
pass
|
||
|
|
||
|
|
||
|
class TargetSSLCapability(SSLCapability):
|
||
|
DEFAULT_CAPABILITY = {
|
||
|
"version": ["SSLv23_2"],
|
||
|
"cipher_suite": ["TLS_RSA_WITH_AES_128_CBC_SHA",
|
||
|
"TLS_RSA_WITH_AES_256_CBC_SHA",
|
||
|
"TLS_RSA_WITH_RC4_128_SHA",
|
||
|
"TLS_RSA_WITH_RC4_128_MD5"],
|
||
|
"fragment_size": [2048, 4096, 8192],
|
||
|
"verify_server": True,
|
||
|
"verify_client": False,
|
||
|
"key_algorithm": ["RSA512", "RSA1024", "RSA2048", "RSA4096"],
|
||
|
"key_encoding": ["PEM", "DER"],
|
||
|
"pem_encryption": [None, "aes128", "aes256"],
|
||
|
"certificate_encoding": ["PEM", "DER"],
|
||
|
"certificate_digest": ["md5", "sha1", "sha256", "sha384", "sha512"],
|
||
|
}
|
||
|
|
||
|
def __init__(self, typ, **kwargs):
|
||
|
assert typ == "TargetClient" or typ == "TargetServer"
|
||
|
capability = dict(self.DEFAULT_CAPABILITY)
|
||
|
for kw in kwargs:
|
||
|
capability[kw] = kwargs[kw]
|
||
|
SSLCapability.__init__(self, typ, **capability)
|
||
|
pass
|
||
|
pass
|
||
|
|
||
|
|
||
|
class PCSSLCapability(SSLCapability):
|
||
|
DEFAULT_CAPABILITY = {
|
||
|
"version": ["SSLv23", "SSLv20", "SSLv30", "TLSv10", "TLSv11", "TLSv12"],
|
||
|
"cipher_suite": ["TLS_RSA_WITH_AES_128_CBC_SHA",
|
||
|
"TLS_RSA_WITH_AES_256_CBC_SHA",
|
||
|
"TLS_RSA_WITH_RC4_128_SHA",
|
||
|
"TLS_RSA_WITH_RC4_128_MD5",
|
||
|
"TLS_DH_DSS_WITH_AES_128_CBC_SHA",
|
||
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"],
|
||
|
"fragment_size": [16384],
|
||
|
"verify_server": True,
|
||
|
"verify_client": True,
|
||
|
"key_algorithm": ["RSA512", "RSA1024", "RSA2048", "RSA4096"],
|
||
|
"key_encoding": ["PEM"],
|
||
|
"pem_encryption": [None],
|
||
|
"certificate_encoding": ["PEM"],
|
||
|
"certificate_digest": ["md5", "sha1", "sha256", "sha384", "sha512"],
|
||
|
}
|
||
|
|
||
|
def __init__(self, typ):
|
||
|
assert typ == "PCClient" or typ == "PCServer"
|
||
|
SSLCapability.__init__(self, typ, **self.DEFAULT_CAPABILITY)
|
||
|
pass
|
||
|
pass
|
||
|
|
||
|
|
||
|
def main():
|
||
|
pc = PCSSLCapability("PCClient")
|
||
|
target = TargetSSLCapability("TargetClient")
|
||
|
pass
|
||
|
|
||
|
|
||
|
if __name__ == '__main__':
|
||
|
main()
|