Skip to content

Latest commit

 

History

History
executable file
·
133 lines (94 loc) · 7.71 KB

tls.md

File metadata and controls

executable file
·
133 lines (94 loc) · 7.71 KB

Module: anynet.tls

Provides classes to work with TCP/TLS connections.

class X509Name
Represents a subject or issuer name.

class TLSCertificate
An X.509 certificate.

class TLSPrivateKey
An RSA private key.

class TLSContext
A TLS context.

class TLSClient
A TCP client with TLS support.

def load_certificate_chain(filename: str) -> list[TLSCertificate]
Loads one or more certificates from a PEM-encoded certificate chain file.

async with connect(host: str, port: int, context: TLSContext = None) -> TLSClient
Creates a TCP/TLS client and connects it to the given address. Blocks until the connection is ready and the TLS handshake has been performed. If no context is provided, the client uses plain TCP without TLS.

async with serve(handler: Callable, host: str = "", port: int = 0, context: TLSContext = None) -> None
Creates a TCP/TLS server and binds it to the given address. If host is empty, the local address of the default gateway is used. If port is 0, it is chosen by the operating system. handler must be an async function that accepts a TLSClient. The client is closed automatically when handler returns. If no context is provided, the server uses plain TCP without TLS.

Global Constants

TYPE_DER (0)
Specifies binary encoding (DER)
TYPE_PEM (1)
Specifies text encoding (PEM)

X509Name

This class represents a subject or issuer name. There are two ways to access its fields: either by item lookup (subject["CN"]) or by attribute lookup (subject.common_name). The following items and attributes are currently defined:

Item Attribute
C country_name
ST state_or_province_name
L locality_name
O organization_name
OU organizational_unit_name
CN common_name
E email_address

TLSCertificate

This class should not be instantiated directly. Instead, one of the static methods should be used.

subject: X509Name = X509Name()
The subject name.

issuer: X509Name = X509Name()
The issuer name.

def sign(key: TLSPrivateKey, alg: str = "sha256") -> None
Signs the certificate with the given private key and hash function.

def save(filename: str, format: int) -> None
Saves the certificate in the given format, which should be either TYPE_DER or TYPE_PEM.

def encode(format: int) -> bytes
Encodes the certificate in the given format, which should be either TYPE_DER or TYPE_PEM.

@classmethod
def load(filename: str, format: int) -> TLSCertificate
Loads the certificate from a file with the given format, which should be either TYPE_DER or TYPE_PEM.

@classmethod
def parse(data: bytes, format: int) -> TLSCertificate
Loads the certificate from a buffer with the given format, which should be either TYPE_DER or TYPE_PEM.

@classmethod
def generate(key: TLSPrivateKey) -> TLSCertificate
Generates a certificate with the given private key. Subject and issuer name must be filled in manually, and the certificate must be signed with the sign method.

TLSPrivateKey

This class should not be instantiated directly. Instead, one of the static methods should be used.

def save(filename: str, format: int) -> None
Saves the private key in the given format, which should be either TYPE_DER or TYPE_PEM.

def encode(format: int) -> bytes
Encodes the private key in the given format, which should be either TYPE_DER or TYPE_PEM.

@classmethod
def load(filename: str, format: int) -> TLSPrivateKey
Loads the private key from a file with the given format, which should be either TYPE_DER or TYPE_PEM.

@classmethod
def parse(data: bytes, format: int) -> TLSPrivateKey
Loads the private key from a buffer with the given format, which should be either TYPE_DER or TYPE_PEM.

@classmethod
def generate(size: int = 2048) -> TLSPrivateKey
Generates a random private key with the given number of bits.

TLSContext

def _init_()
Creates a new TLS context.

def set_certificate(cert: TLSCertificate, key: TLSPrivateKey) -> None
Specifies the certificate and its private key. If you want to provide intermediate certificates as well, use the set_certificate_chain method instead.

def set_certificate_chain(certs: list[TLSCertificate], key: TLSPrivateKey) -> None
Specifies a list of certificates and the private key.

def set_authority(cert: TLSCertificate) -> None
Verifies the certificate with the given CA.

def get(server: bool) -> ssl.SSLContext
Returns the TLS context as a standard ssl.SSLContext.

TLSClient

async def send(data: bytes) -> None
Sends data through the connection. Blocks if the send buffer is full.

async def recv(num: int = 65536) -> bytes
Receives at most num bytes. Blocks if no data is available.

async def close() -> None
Closes the connection.

def local_address() -> tuple[str, int]
Returns the local address of the client.

def remote_address() -> tuple[str, int]
Returns the remote address of the client.

def remote_ceritifcate() -> TLSCertificate
Returns the certificate that was provided by the other side of the connection. Returns None if the connection is not secured with TLS, or if the other side of the connection did not provide a client certificate.