protocol-quic 0.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- checksums.yaml.gz.sig +0 -0
- data/ext/ngtcp2/AUTHORS +44 -0
- data/ext/ngtcp2/CMakeLists.txt +431 -0
- data/ext/ngtcp2/CMakeOptions.txt +17 -0
- data/ext/ngtcp2/COPYING +22 -0
- data/ext/ngtcp2/ChangeLog +0 -0
- data/ext/ngtcp2/Makefile.am +60 -0
- data/ext/ngtcp2/NEWS +0 -0
- data/ext/ngtcp2/README +1 -0
- data/ext/ngtcp2/README.rst +258 -0
- data/ext/ngtcp2/ci/build_boringssl.sh +10 -0
- data/ext/ngtcp2/ci/build_nghttp3.sh +9 -0
- data/ext/ngtcp2/ci/build_openssl1.sh +8 -0
- data/ext/ngtcp2/ci/build_openssl1_cross.sh +9 -0
- data/ext/ngtcp2/ci/build_openssl3.sh +8 -0
- data/ext/ngtcp2/ci/build_picotls.sh +26 -0
- data/ext/ngtcp2/ci/build_wolfssl.sh +9 -0
- data/ext/ngtcp2/ci/gen-certificate.sh +8 -0
- data/ext/ngtcp2/cmake/ExtractValidFlags.cmake +31 -0
- data/ext/ngtcp2/cmake/FindCUnit.cmake +40 -0
- data/ext/ngtcp2/cmake/FindJemalloc.cmake +40 -0
- data/ext/ngtcp2/cmake/FindLibev.cmake +38 -0
- data/ext/ngtcp2/cmake/FindLibnghttp3.cmake +41 -0
- data/ext/ngtcp2/cmake/Findwolfssl.cmake +41 -0
- data/ext/ngtcp2/cmake/Version.cmake +11 -0
- data/ext/ngtcp2/cmakeconfig.h.in +36 -0
- data/ext/ngtcp2/configure.ac +755 -0
- data/ext/ngtcp2/crypto/CMakeLists.txt +56 -0
- data/ext/ngtcp2/crypto/Makefile.am +49 -0
- data/ext/ngtcp2/crypto/boringssl/CMakeLists.txt +64 -0
- data/ext/ngtcp2/crypto/boringssl/Makefile.am +39 -0
- data/ext/ngtcp2/crypto/boringssl/boringssl.c +630 -0
- data/ext/ngtcp2/crypto/boringssl/libngtcp2_crypto_boringssl.pc.in +33 -0
- data/ext/ngtcp2/crypto/gnutls/CMakeLists.txt +86 -0
- data/ext/ngtcp2/crypto/gnutls/Makefile.am +43 -0
- data/ext/ngtcp2/crypto/gnutls/gnutls.c +644 -0
- data/ext/ngtcp2/crypto/gnutls/libngtcp2_crypto_gnutls.pc.in +33 -0
- data/ext/ngtcp2/crypto/includes/CMakeLists.txt +56 -0
- data/ext/ngtcp2/crypto/includes/Makefile.am +45 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto.h +893 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_boringssl.h +104 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_gnutls.h +107 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_openssl.h +132 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_picotls.h +246 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_wolfssl.h +106 -0
- data/ext/ngtcp2/crypto/openssl/CMakeLists.txt +86 -0
- data/ext/ngtcp2/crypto/openssl/Makefile.am +43 -0
- data/ext/ngtcp2/crypto/openssl/libngtcp2_crypto_openssl.pc.in +33 -0
- data/ext/ngtcp2/crypto/openssl/openssl.c +807 -0
- data/ext/ngtcp2/crypto/picotls/CMakeLists.txt +65 -0
- data/ext/ngtcp2/crypto/picotls/Makefile.am +39 -0
- data/ext/ngtcp2/crypto/picotls/libngtcp2_crypto_picotls.pc.in +33 -0
- data/ext/ngtcp2/crypto/picotls/picotls.c +707 -0
- data/ext/ngtcp2/crypto/shared.c +1431 -0
- data/ext/ngtcp2/crypto/shared.h +350 -0
- data/ext/ngtcp2/crypto/wolfssl/CMakeLists.txt +84 -0
- data/ext/ngtcp2/crypto/wolfssl/Makefile.am +43 -0
- data/ext/ngtcp2/crypto/wolfssl/libngtcp2_crypto_wolfssl.pc.in +33 -0
- data/ext/ngtcp2/crypto/wolfssl/wolfssl.c +534 -0
- data/ext/ngtcp2/doc/Makefile.am +65 -0
- data/ext/ngtcp2/doc/make.bat +35 -0
- data/ext/ngtcp2/doc/mkapiref.py +356 -0
- data/ext/ngtcp2/doc/source/conf.py.in +94 -0
- data/ext/ngtcp2/doc/source/index.rst +22 -0
- data/ext/ngtcp2/doc/source/programmers-guide.rst +476 -0
- data/ext/ngtcp2/docker/Dockerfile +39 -0
- data/ext/ngtcp2/examples/CMakeLists.txt +361 -0
- data/ext/ngtcp2/examples/Makefile.am +228 -0
- data/ext/ngtcp2/examples/client.cc +3049 -0
- data/ext/ngtcp2/examples/client.h +192 -0
- data/ext/ngtcp2/examples/client_base.cc +202 -0
- data/ext/ngtcp2/examples/client_base.h +213 -0
- data/ext/ngtcp2/examples/debug.cc +298 -0
- data/ext/ngtcp2/examples/debug.h +124 -0
- data/ext/ngtcp2/examples/examplestest.cc +84 -0
- data/ext/ngtcp2/examples/gtlssimpleclient.c +720 -0
- data/ext/ngtcp2/examples/h09client.cc +2601 -0
- data/ext/ngtcp2/examples/h09client.h +196 -0
- data/ext/ngtcp2/examples/h09server.cc +3024 -0
- data/ext/ngtcp2/examples/h09server.h +237 -0
- data/ext/ngtcp2/examples/http.cc +138 -0
- data/ext/ngtcp2/examples/http.h +44 -0
- data/ext/ngtcp2/examples/network.h +80 -0
- data/ext/ngtcp2/examples/server.cc +3731 -0
- data/ext/ngtcp2/examples/server.h +256 -0
- data/ext/ngtcp2/examples/server_base.cc +58 -0
- data/ext/ngtcp2/examples/server_base.h +195 -0
- data/ext/ngtcp2/examples/shared.cc +385 -0
- data/ext/ngtcp2/examples/shared.h +96 -0
- data/ext/ngtcp2/examples/simpleclient.c +683 -0
- data/ext/ngtcp2/examples/template.h +71 -0
- data/ext/ngtcp2/examples/tests/README.rst +60 -0
- data/ext/ngtcp2/examples/tests/__init__.py +0 -0
- data/ext/ngtcp2/examples/tests/config.ini.in +32 -0
- data/ext/ngtcp2/examples/tests/conftest.py +28 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/__init__.py +6 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/certs.py +476 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/client.py +187 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/env.py +191 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/log.py +101 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/server.py +137 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/tls.py +983 -0
- data/ext/ngtcp2/examples/tests/test_01_handshake.py +30 -0
- data/ext/ngtcp2/examples/tests/test_02_resume.py +46 -0
- data/ext/ngtcp2/examples/tests/test_03_earlydata.py +56 -0
- data/ext/ngtcp2/examples/tests/test_04_clientcert.py +57 -0
- data/ext/ngtcp2/examples/tests/test_05_ciphers.py +46 -0
- data/ext/ngtcp2/examples/tls_client_context.h +52 -0
- data/ext/ngtcp2/examples/tls_client_context_boringssl.cc +126 -0
- data/ext/ngtcp2/examples/tls_client_context_boringssl.h +49 -0
- data/ext/ngtcp2/examples/tls_client_context_gnutls.cc +74 -0
- data/ext/ngtcp2/examples/tls_client_context_gnutls.h +50 -0
- data/ext/ngtcp2/examples/tls_client_context_openssl.cc +137 -0
- data/ext/ngtcp2/examples/tls_client_context_openssl.h +49 -0
- data/ext/ngtcp2/examples/tls_client_context_picotls.cc +158 -0
- data/ext/ngtcp2/examples/tls_client_context_picotls.h +53 -0
- data/ext/ngtcp2/examples/tls_client_context_wolfssl.cc +177 -0
- data/ext/ngtcp2/examples/tls_client_context_wolfssl.h +51 -0
- data/ext/ngtcp2/examples/tls_client_session.h +52 -0
- data/ext/ngtcp2/examples/tls_client_session_boringssl.cc +110 -0
- data/ext/ngtcp2/examples/tls_client_session_boringssl.h +52 -0
- data/ext/ngtcp2/examples/tls_client_session_gnutls.cc +190 -0
- data/ext/ngtcp2/examples/tls_client_session_gnutls.h +52 -0
- data/ext/ngtcp2/examples/tls_client_session_openssl.cc +113 -0
- data/ext/ngtcp2/examples/tls_client_session_openssl.h +52 -0
- data/ext/ngtcp2/examples/tls_client_session_picotls.cc +147 -0
- data/ext/ngtcp2/examples/tls_client_session_picotls.h +52 -0
- data/ext/ngtcp2/examples/tls_client_session_wolfssl.cc +160 -0
- data/ext/ngtcp2/examples/tls_client_session_wolfssl.h +52 -0
- data/ext/ngtcp2/examples/tls_server_context.h +52 -0
- data/ext/ngtcp2/examples/tls_server_context_boringssl.cc +257 -0
- data/ext/ngtcp2/examples/tls_server_context_boringssl.h +54 -0
- data/ext/ngtcp2/examples/tls_server_context_gnutls.cc +99 -0
- data/ext/ngtcp2/examples/tls_server_context_gnutls.h +59 -0
- data/ext/ngtcp2/examples/tls_server_context_openssl.cc +338 -0
- data/ext/ngtcp2/examples/tls_server_context_openssl.h +54 -0
- data/ext/ngtcp2/examples/tls_server_context_picotls.cc +321 -0
- data/ext/ngtcp2/examples/tls_server_context_picotls.h +58 -0
- data/ext/ngtcp2/examples/tls_server_context_wolfssl.cc +284 -0
- data/ext/ngtcp2/examples/tls_server_context_wolfssl.h +55 -0
- data/ext/ngtcp2/examples/tls_server_session.h +52 -0
- data/ext/ngtcp2/examples/tls_server_session_boringssl.cc +84 -0
- data/ext/ngtcp2/examples/tls_server_session_boringssl.h +47 -0
- data/ext/ngtcp2/examples/tls_server_session_gnutls.cc +155 -0
- data/ext/ngtcp2/examples/tls_server_session_gnutls.h +46 -0
- data/ext/ngtcp2/examples/tls_server_session_openssl.cc +54 -0
- data/ext/ngtcp2/examples/tls_server_session_openssl.h +47 -0
- data/ext/ngtcp2/examples/tls_server_session_picotls.cc +70 -0
- data/ext/ngtcp2/examples/tls_server_session_picotls.h +47 -0
- data/ext/ngtcp2/examples/tls_server_session_wolfssl.cc +55 -0
- data/ext/ngtcp2/examples/tls_server_session_wolfssl.h +47 -0
- data/ext/ngtcp2/examples/tls_session_base_gnutls.cc +87 -0
- data/ext/ngtcp2/examples/tls_session_base_gnutls.h +51 -0
- data/ext/ngtcp2/examples/tls_session_base_openssl.cc +54 -0
- data/ext/ngtcp2/examples/tls_session_base_openssl.h +52 -0
- data/ext/ngtcp2/examples/tls_session_base_picotls.cc +56 -0
- data/ext/ngtcp2/examples/tls_session_base_picotls.h +54 -0
- data/ext/ngtcp2/examples/tls_session_base_wolfssl.cc +54 -0
- data/ext/ngtcp2/examples/tls_session_base_wolfssl.h +54 -0
- data/ext/ngtcp2/examples/tls_shared_picotls.cc +59 -0
- data/ext/ngtcp2/examples/tls_shared_picotls.h +36 -0
- data/ext/ngtcp2/examples/util.cc +646 -0
- data/ext/ngtcp2/examples/util.h +361 -0
- data/ext/ngtcp2/examples/util_gnutls.cc +136 -0
- data/ext/ngtcp2/examples/util_openssl.cc +131 -0
- data/ext/ngtcp2/examples/util_test.cc +237 -0
- data/ext/ngtcp2/examples/util_test.h +45 -0
- data/ext/ngtcp2/examples/util_wolfssl.cc +130 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/ack +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/ack_ecn +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/connection_close +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/crypto +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/data_blocked +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/datagram +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/datagram_len +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/max_data +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/max_stream_data +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/max_streams +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/new_connection_id +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/new_token +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/path_challenge +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/path_response +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/reset_stream +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/retire_connection_id +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/stop_sending +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/stream +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/stream_data_blocked +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/stream_len +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/streams_blocked +0 -0
- data/ext/ngtcp2/fuzz/corpus/ksl/random +0 -0
- data/ext/ngtcp2/fuzz/decode_frame.cc +25 -0
- data/ext/ngtcp2/fuzz/ksl.cc +77 -0
- data/ext/ngtcp2/interop/Dockerfile +39 -0
- data/ext/ngtcp2/interop/run_endpoint.sh +93 -0
- data/ext/ngtcp2/lib/CMakeLists.txt +110 -0
- data/ext/ngtcp2/lib/Makefile.am +122 -0
- data/ext/ngtcp2/lib/includes/CMakeLists.txt +4 -0
- data/ext/ngtcp2/lib/includes/Makefile.am +25 -0
- data/ext/ngtcp2/lib/includes/ngtcp2/ngtcp2.h +5843 -0
- data/ext/ngtcp2/lib/includes/ngtcp2/version.h.in +51 -0
- data/ext/ngtcp2/lib/libngtcp2.pc.in +33 -0
- data/ext/ngtcp2/lib/ngtcp2_acktr.c +335 -0
- data/ext/ngtcp2/lib/ngtcp2_acktr.h +221 -0
- data/ext/ngtcp2/lib/ngtcp2_addr.c +117 -0
- data/ext/ngtcp2/lib/ngtcp2_addr.h +69 -0
- data/ext/ngtcp2/lib/ngtcp2_balloc.c +90 -0
- data/ext/ngtcp2/lib/ngtcp2_balloc.h +91 -0
- data/ext/ngtcp2/lib/ngtcp2_bbr.c +693 -0
- data/ext/ngtcp2/lib/ngtcp2_bbr.h +157 -0
- data/ext/ngtcp2/lib/ngtcp2_bbr2.c +1490 -0
- data/ext/ngtcp2/lib/ngtcp2_bbr2.h +149 -0
- data/ext/ngtcp2/lib/ngtcp2_buf.c +56 -0
- data/ext/ngtcp2/lib/ngtcp2_buf.h +108 -0
- data/ext/ngtcp2/lib/ngtcp2_cc.c +616 -0
- data/ext/ngtcp2/lib/ngtcp2_cc.h +422 -0
- data/ext/ngtcp2/lib/ngtcp2_cid.c +147 -0
- data/ext/ngtcp2/lib/ngtcp2_cid.h +175 -0
- data/ext/ngtcp2/lib/ngtcp2_conn.c +13731 -0
- data/ext/ngtcp2/lib/ngtcp2_conn.h +1119 -0
- data/ext/ngtcp2/lib/ngtcp2_conn_stat.h +131 -0
- data/ext/ngtcp2/lib/ngtcp2_conv.c +291 -0
- data/ext/ngtcp2/lib/ngtcp2_conv.h +208 -0
- data/ext/ngtcp2/lib/ngtcp2_crypto.c +895 -0
- data/ext/ngtcp2/lib/ngtcp2_crypto.h +148 -0
- data/ext/ngtcp2/lib/ngtcp2_err.c +154 -0
- data/ext/ngtcp2/lib/ngtcp2_err.h +34 -0
- data/ext/ngtcp2/lib/ngtcp2_gaptr.c +167 -0
- data/ext/ngtcp2/lib/ngtcp2_gaptr.h +98 -0
- data/ext/ngtcp2/lib/ngtcp2_idtr.c +79 -0
- data/ext/ngtcp2/lib/ngtcp2_idtr.h +89 -0
- data/ext/ngtcp2/lib/ngtcp2_ksl.c +819 -0
- data/ext/ngtcp2/lib/ngtcp2_ksl.h +345 -0
- data/ext/ngtcp2/lib/ngtcp2_log.c +822 -0
- data/ext/ngtcp2/lib/ngtcp2_log.h +123 -0
- data/ext/ngtcp2/lib/ngtcp2_macro.h +58 -0
- data/ext/ngtcp2/lib/ngtcp2_map.c +336 -0
- data/ext/ngtcp2/lib/ngtcp2_map.h +136 -0
- data/ext/ngtcp2/lib/ngtcp2_mem.c +113 -0
- data/ext/ngtcp2/lib/ngtcp2_mem.h +72 -0
- data/ext/ngtcp2/lib/ngtcp2_net.h +136 -0
- data/ext/ngtcp2/lib/ngtcp2_objalloc.c +40 -0
- data/ext/ngtcp2/lib/ngtcp2_objalloc.h +140 -0
- data/ext/ngtcp2/lib/ngtcp2_opl.c +46 -0
- data/ext/ngtcp2/lib/ngtcp2_opl.h +65 -0
- data/ext/ngtcp2/lib/ngtcp2_path.c +77 -0
- data/ext/ngtcp2/lib/ngtcp2_path.h +49 -0
- data/ext/ngtcp2/lib/ngtcp2_pkt.c +2527 -0
- data/ext/ngtcp2/lib/ngtcp2_pkt.h +1235 -0
- data/ext/ngtcp2/lib/ngtcp2_pmtud.c +160 -0
- data/ext/ngtcp2/lib/ngtcp2_pmtud.h +123 -0
- data/ext/ngtcp2/lib/ngtcp2_ppe.c +230 -0
- data/ext/ngtcp2/lib/ngtcp2_ppe.h +153 -0
- data/ext/ngtcp2/lib/ngtcp2_pq.c +164 -0
- data/ext/ngtcp2/lib/ngtcp2_pq.h +126 -0
- data/ext/ngtcp2/lib/ngtcp2_pv.c +172 -0
- data/ext/ngtcp2/lib/ngtcp2_pv.h +194 -0
- data/ext/ngtcp2/lib/ngtcp2_qlog.c +1219 -0
- data/ext/ngtcp2/lib/ngtcp2_qlog.h +161 -0
- data/ext/ngtcp2/lib/ngtcp2_range.c +61 -0
- data/ext/ngtcp2/lib/ngtcp2_range.h +80 -0
- data/ext/ngtcp2/lib/ngtcp2_rcvry.h +40 -0
- data/ext/ngtcp2/lib/ngtcp2_ringbuf.c +121 -0
- data/ext/ngtcp2/lib/ngtcp2_ringbuf.h +132 -0
- data/ext/ngtcp2/lib/ngtcp2_rob.c +319 -0
- data/ext/ngtcp2/lib/ngtcp2_rob.h +197 -0
- data/ext/ngtcp2/lib/ngtcp2_rst.c +138 -0
- data/ext/ngtcp2/lib/ngtcp2_rst.h +86 -0
- data/ext/ngtcp2/lib/ngtcp2_rtb.c +1676 -0
- data/ext/ngtcp2/lib/ngtcp2_rtb.h +468 -0
- data/ext/ngtcp2/lib/ngtcp2_str.c +233 -0
- data/ext/ngtcp2/lib/ngtcp2_str.h +94 -0
- data/ext/ngtcp2/lib/ngtcp2_strm.c +698 -0
- data/ext/ngtcp2/lib/ngtcp2_strm.h +310 -0
- data/ext/ngtcp2/lib/ngtcp2_unreachable.c +71 -0
- data/ext/ngtcp2/lib/ngtcp2_unreachable.h +46 -0
- data/ext/ngtcp2/lib/ngtcp2_vec.c +243 -0
- data/ext/ngtcp2/lib/ngtcp2_vec.h +120 -0
- data/ext/ngtcp2/lib/ngtcp2_version.c +39 -0
- data/ext/ngtcp2/lib/ngtcp2_window_filter.c +99 -0
- data/ext/ngtcp2/lib/ngtcp2_window_filter.h +65 -0
- data/ext/ngtcp2/m4/ax_check_compile_flag.m4 +74 -0
- data/ext/ngtcp2/m4/ax_cxx_compile_stdcxx.m4 +1009 -0
- data/ext/ngtcp2/tests/CMakeLists.txt +68 -0
- data/ext/ngtcp2/tests/Makefile.am +94 -0
- data/ext/ngtcp2/tests/main.c +358 -0
- data/ext/ngtcp2/tests/ngtcp2_acktr_test.c +367 -0
- data/ext/ngtcp2/tests/ngtcp2_acktr_test.h +37 -0
- data/ext/ngtcp2/tests/ngtcp2_conn_test.c +9821 -0
- data/ext/ngtcp2/tests/ngtcp2_conn_test.h +104 -0
- data/ext/ngtcp2/tests/ngtcp2_conv_test.c +430 -0
- data/ext/ngtcp2/tests/ngtcp2_conv_test.h +46 -0
- data/ext/ngtcp2/tests/ngtcp2_crypto_test.c +667 -0
- data/ext/ngtcp2/tests/ngtcp2_crypto_test.h +35 -0
- data/ext/ngtcp2/tests/ngtcp2_gaptr_test.c +127 -0
- data/ext/ngtcp2/tests/ngtcp2_gaptr_test.h +36 -0
- data/ext/ngtcp2/tests/ngtcp2_idtr_test.c +79 -0
- data/ext/ngtcp2/tests/ngtcp2_idtr_test.h +34 -0
- data/ext/ngtcp2/tests/ngtcp2_ksl_test.c +502 -0
- data/ext/ngtcp2/tests/ngtcp2_ksl_test.h +39 -0
- data/ext/ngtcp2/tests/ngtcp2_map_test.c +206 -0
- data/ext/ngtcp2/tests/ngtcp2_map_test.h +38 -0
- data/ext/ngtcp2/tests/ngtcp2_pkt_test.c +1645 -0
- data/ext/ngtcp2/tests/ngtcp2_pkt_test.h +68 -0
- data/ext/ngtcp2/tests/ngtcp2_pmtud_test.c +153 -0
- data/ext/ngtcp2/tests/ngtcp2_pmtud_test.h +34 -0
- data/ext/ngtcp2/tests/ngtcp2_pv_test.c +129 -0
- data/ext/ngtcp2/tests/ngtcp2_pv_test.h +35 -0
- data/ext/ngtcp2/tests/ngtcp2_range_test.c +105 -0
- data/ext/ngtcp2/tests/ngtcp2_range_test.h +36 -0
- data/ext/ngtcp2/tests/ngtcp2_ringbuf_test.c +91 -0
- data/ext/ngtcp2/tests/ngtcp2_ringbuf_test.h +35 -0
- data/ext/ngtcp2/tests/ngtcp2_rob_test.c +552 -0
- data/ext/ngtcp2/tests/ngtcp2_rob_test.h +37 -0
- data/ext/ngtcp2/tests/ngtcp2_rtb_test.c +470 -0
- data/ext/ngtcp2/tests/ngtcp2_rtb_test.h +38 -0
- data/ext/ngtcp2/tests/ngtcp2_str_test.c +96 -0
- data/ext/ngtcp2/tests/ngtcp2_str_test.h +36 -0
- data/ext/ngtcp2/tests/ngtcp2_strm_test.c +575 -0
- data/ext/ngtcp2/tests/ngtcp2_strm_test.h +36 -0
- data/ext/ngtcp2/tests/ngtcp2_test_helper.c +404 -0
- data/ext/ngtcp2/tests/ngtcp2_test_helper.h +191 -0
- data/ext/ngtcp2/tests/ngtcp2_vec_test.c +426 -0
- data/ext/ngtcp2/tests/ngtcp2_vec_test.h +36 -0
- data/ext/ngtcp2/third-party/CMakeLists.txt +34 -0
- data/ext/ngtcp2/third-party/Makefile.am +31 -0
- data/ext/ngtcp2/third-party/http-parser/AUTHORS +68 -0
- data/ext/ngtcp2/third-party/http-parser/LICENSE-MIT +23 -0
- data/ext/ngtcp2/third-party/http-parser/Makefile +157 -0
- data/ext/ngtcp2/third-party/http-parser/README.md +246 -0
- data/ext/ngtcp2/third-party/http-parser/bench.c +111 -0
- data/ext/ngtcp2/third-party/http-parser/contrib/parsertrace.c +160 -0
- data/ext/ngtcp2/third-party/http-parser/contrib/url_parser.c +47 -0
- data/ext/ngtcp2/third-party/http-parser/http_parser.c +2419 -0
- data/ext/ngtcp2/third-party/http-parser/http_parser.gyp +111 -0
- data/ext/ngtcp2/third-party/http-parser/http_parser.h +431 -0
- data/ext/ngtcp2/third-party/http-parser/test.c +4411 -0
- data/lib/protocol/quic/version.rb +10 -0
- data/lib/protocol/quic.rb +9 -0
- data/license.md +21 -0
- data.tar.gz.sig +1 -0
- metadata +424 -0
- metadata.gz.sig +1 -0
@@ -0,0 +1,71 @@
|
|
1
|
+
/*
|
2
|
+
* ngtcp2
|
3
|
+
*
|
4
|
+
* Copyright (c) 2017 ngtcp2 contributors
|
5
|
+
* Copyright (c) 2015 ngttp2 contributors
|
6
|
+
*
|
7
|
+
* Permission is hereby granted, free of charge, to any person obtaining
|
8
|
+
* a copy of this software and associated documentation files (the
|
9
|
+
* "Software"), to deal in the Software without restriction, including
|
10
|
+
* without limitation the rights to use, copy, modify, merge, publish,
|
11
|
+
* distribute, sublicense, and/or sell copies of the Software, and to
|
12
|
+
* permit persons to whom the Software is furnished to do so, subject to
|
13
|
+
* the following conditions:
|
14
|
+
*
|
15
|
+
* The above copyright notice and this permission notice shall be
|
16
|
+
* included in all copies or substantial portions of the Software.
|
17
|
+
*
|
18
|
+
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
19
|
+
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
20
|
+
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
21
|
+
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
22
|
+
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
23
|
+
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
24
|
+
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
25
|
+
*/
|
26
|
+
#ifndef TEMPLATE_H
|
27
|
+
#define TEMPLATE_H
|
28
|
+
|
29
|
+
#include <functional>
|
30
|
+
#include <utility>
|
31
|
+
#include <type_traits>
|
32
|
+
|
33
|
+
// inspired by <http://blog.korfuri.fr/post/go-defer-in-cpp/>, but our
|
34
|
+
// template can take functions returning other than void.
|
35
|
+
template <typename F, typename... T> struct Defer {
|
36
|
+
Defer(F &&f, T &&...t)
|
37
|
+
: f(std::bind(std::forward<F>(f), std::forward<T>(t)...)) {}
|
38
|
+
Defer(Defer &&o) noexcept : f(std::move(o.f)) {}
|
39
|
+
~Defer() { f(); }
|
40
|
+
|
41
|
+
using ResultType = std::invoke_result_t<F, T...>;
|
42
|
+
std::function<ResultType()> f;
|
43
|
+
};
|
44
|
+
|
45
|
+
template <typename F, typename... T> Defer<F, T...> defer(F &&f, T &&...t) {
|
46
|
+
return Defer<F, T...>(std::forward<F>(f), std::forward<T>(t)...);
|
47
|
+
}
|
48
|
+
|
49
|
+
template <typename T, size_t N> constexpr size_t array_size(T (&)[N]) {
|
50
|
+
return N;
|
51
|
+
}
|
52
|
+
|
53
|
+
template <typename T, size_t N> constexpr size_t str_size(T (&)[N]) {
|
54
|
+
return N - 1;
|
55
|
+
}
|
56
|
+
|
57
|
+
// User-defined literals for K, M, and G (powers of 1024)
|
58
|
+
|
59
|
+
constexpr unsigned long long operator"" _k(unsigned long long k) {
|
60
|
+
return k * 1024;
|
61
|
+
}
|
62
|
+
|
63
|
+
constexpr unsigned long long operator"" _m(unsigned long long m) {
|
64
|
+
return m * 1024 * 1024;
|
65
|
+
}
|
66
|
+
|
67
|
+
constexpr unsigned long long operator"" _g(unsigned long long g) {
|
68
|
+
return g * 1024 * 1024 * 1024;
|
69
|
+
}
|
70
|
+
|
71
|
+
#endif // TEMPLATE_H
|
@@ -0,0 +1,60 @@
|
|
1
|
+
Examples Tests
|
2
|
+
==============
|
3
|
+
|
4
|
+
This is a ``pytest`` suite intended to verify interoperability between
|
5
|
+
the different example clients and servers built.
|
6
|
+
|
7
|
+
You run it by executing ``pytest`` on top level project dir or in
|
8
|
+
the examples/tests directory.
|
9
|
+
|
10
|
+
.. code-block:: text
|
11
|
+
|
12
|
+
examples/test> pytest
|
13
|
+
ngtcp2-examples: [0.9.0-DEV, crypto_libs=['openssl', 'wolfssl']]
|
14
|
+
...
|
15
|
+
|
16
|
+
Requirements
|
17
|
+
------------
|
18
|
+
|
19
|
+
You need a Python3 (3.8 is probably sufficient), ``pytest`` and the
|
20
|
+
Python ``cryptography`` module installed.
|
21
|
+
|
22
|
+
Usage
|
23
|
+
-----
|
24
|
+
|
25
|
+
If you run ``pytest`` without arguments, it will print the test suite
|
26
|
+
and a ``.`` for every test case passed. Add ``-v`` and all test cases
|
27
|
+
will be listed in the full name. Adding several ``v`` will increase the
|
28
|
+
logging level on failure output.
|
29
|
+
|
30
|
+
The name of test cases include the crypto libs of the server and client
|
31
|
+
used. For example:
|
32
|
+
|
33
|
+
.. code-block:: text
|
34
|
+
|
35
|
+
test_01_handshake.py::TestHandshake::test_01_01_get[openssl-openssl] PASSED [ 16%]
|
36
|
+
test_01_handshake.py::TestHandshake::test_01_01_get[openssl-wolfssl] PASSED
|
37
|
+
|
38
|
+
Here, ``test_01_01`` is run first with the OpenSSL server and client and then
|
39
|
+
with the OpenSSL server and wolfSSL client. By default, the test suite runs
|
40
|
+
all combinations of servers and clients that have been configured in the project.
|
41
|
+
|
42
|
+
To track down problems, you can restrict the test cases that are run by
|
43
|
+
matching patterns:
|
44
|
+
|
45
|
+
.. code-block:: text
|
46
|
+
|
47
|
+
# only tests with wolfSSL example server
|
48
|
+
> pytest -v -k 'wolfssl-'
|
49
|
+
# only tests with wolfSSL example client
|
50
|
+
> pytest -v -k 'test and -wolfssl'
|
51
|
+
# tests with a specific combination
|
52
|
+
> pytest -v -k 'openssl-wolfssl'
|
53
|
+
|
54
|
+
|
55
|
+
Analysing
|
56
|
+
---------
|
57
|
+
|
58
|
+
To make analysis of a broken test case easier, you best run only that
|
59
|
+
test case. Use ``pytest -vv`` (or more) to get more verbose logging.
|
60
|
+
Inspect server and client log files in ``examples/tests/gen``.
|
File without changes
|
@@ -0,0 +1,32 @@
|
|
1
|
+
[ngtcp2]
|
2
|
+
version = @PACKAGE_VERSION@
|
3
|
+
examples = @EXAMPLES_ENABLED@
|
4
|
+
|
5
|
+
[crypto]
|
6
|
+
openssl = @have_openssl@
|
7
|
+
gnutls = @have_gnutls@
|
8
|
+
boringssl = @have_boringssl@
|
9
|
+
picotls = @have_picotls@
|
10
|
+
wolfssl = @have_wolfssl@
|
11
|
+
|
12
|
+
[examples]
|
13
|
+
port = 4433
|
14
|
+
openssl = @EXAMPLES_OPENSSL@
|
15
|
+
gnutls = @EXAMPLES_GNUTLS@
|
16
|
+
boringssl = @EXAMPLES_BORINGSSL@
|
17
|
+
picotls = @EXAMPLES_PICOTLS@
|
18
|
+
wolfssl = @EXAMPLES_WOLFSSL@
|
19
|
+
|
20
|
+
[clients]
|
21
|
+
openssl = client
|
22
|
+
gnutls = gtlsclient
|
23
|
+
boringssl = bsslclient
|
24
|
+
picotls = ptlsclient
|
25
|
+
wolfssl = wsslclient
|
26
|
+
|
27
|
+
[servers]
|
28
|
+
openssl = server
|
29
|
+
gnutls = gtlsserver
|
30
|
+
boringssl = bsslserver
|
31
|
+
picotls = ptlsserver
|
32
|
+
wolfssl = wsslserver
|
@@ -0,0 +1,28 @@
|
|
1
|
+
import logging
|
2
|
+
import pytest
|
3
|
+
|
4
|
+
from .ngtcp2test import Env
|
5
|
+
|
6
|
+
|
7
|
+
@pytest.mark.usefixtures("env")
|
8
|
+
def pytest_report_header(config):
|
9
|
+
env = Env()
|
10
|
+
return [
|
11
|
+
f"ngtcp2-examples: [{env.version}, crypto_libs={env.crypto_libs}]",
|
12
|
+
f"example clients: {env.clients}",
|
13
|
+
f"example servers: {env.servers}",
|
14
|
+
]
|
15
|
+
|
16
|
+
|
17
|
+
@pytest.fixture(scope="package")
|
18
|
+
def env(pytestconfig) -> Env:
|
19
|
+
console = logging.StreamHandler()
|
20
|
+
console.setFormatter(logging.Formatter('%(levelname)s: %(message)s'))
|
21
|
+
logging.getLogger('').addHandler(console)
|
22
|
+
env = Env(pytestconfig=pytestconfig)
|
23
|
+
level = logging.DEBUG if env.verbose > 0 else logging.INFO
|
24
|
+
console.setLevel(level)
|
25
|
+
logging.getLogger('').setLevel(level=level)
|
26
|
+
env.setup()
|
27
|
+
|
28
|
+
return env
|
@@ -0,0 +1,476 @@
|
|
1
|
+
import os
|
2
|
+
import re
|
3
|
+
from datetime import timedelta, datetime
|
4
|
+
from typing import List, Any, Optional
|
5
|
+
|
6
|
+
from cryptography import x509
|
7
|
+
from cryptography.hazmat.backends import default_backend
|
8
|
+
from cryptography.hazmat.primitives import hashes
|
9
|
+
from cryptography.hazmat.primitives.asymmetric import ec, rsa
|
10
|
+
from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateKey
|
11
|
+
from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey
|
12
|
+
from cryptography.hazmat.primitives.serialization import Encoding, PrivateFormat, NoEncryption, load_pem_private_key
|
13
|
+
from cryptography.x509 import ExtendedKeyUsageOID, NameOID
|
14
|
+
|
15
|
+
|
16
|
+
EC_SUPPORTED = {}
|
17
|
+
EC_SUPPORTED.update([(curve.name.upper(), curve) for curve in [
|
18
|
+
ec.SECP192R1,
|
19
|
+
ec.SECP224R1,
|
20
|
+
ec.SECP256R1,
|
21
|
+
ec.SECP384R1,
|
22
|
+
]])
|
23
|
+
|
24
|
+
|
25
|
+
def _private_key(key_type):
|
26
|
+
if isinstance(key_type, str):
|
27
|
+
key_type = key_type.upper()
|
28
|
+
m = re.match(r'^(RSA)?(\d+)$', key_type)
|
29
|
+
if m:
|
30
|
+
key_type = int(m.group(2))
|
31
|
+
|
32
|
+
if isinstance(key_type, int):
|
33
|
+
return rsa.generate_private_key(
|
34
|
+
public_exponent=65537,
|
35
|
+
key_size=key_type,
|
36
|
+
backend=default_backend()
|
37
|
+
)
|
38
|
+
if not isinstance(key_type, ec.EllipticCurve) and key_type in EC_SUPPORTED:
|
39
|
+
key_type = EC_SUPPORTED[key_type]
|
40
|
+
return ec.generate_private_key(
|
41
|
+
curve=key_type,
|
42
|
+
backend=default_backend()
|
43
|
+
)
|
44
|
+
|
45
|
+
|
46
|
+
class CertificateSpec:
|
47
|
+
|
48
|
+
def __init__(self, name: str = None, domains: List[str] = None,
|
49
|
+
email: str = None,
|
50
|
+
key_type: str = None, single_file: bool = False,
|
51
|
+
valid_from: timedelta = timedelta(days=-1),
|
52
|
+
valid_to: timedelta = timedelta(days=89),
|
53
|
+
client: bool = False,
|
54
|
+
sub_specs: List['CertificateSpec'] = None):
|
55
|
+
self._name = name
|
56
|
+
self.domains = domains
|
57
|
+
self.client = client
|
58
|
+
self.email = email
|
59
|
+
self.key_type = key_type
|
60
|
+
self.single_file = single_file
|
61
|
+
self.valid_from = valid_from
|
62
|
+
self.valid_to = valid_to
|
63
|
+
self.sub_specs = sub_specs
|
64
|
+
|
65
|
+
@property
|
66
|
+
def name(self) -> Optional[str]:
|
67
|
+
if self._name:
|
68
|
+
return self._name
|
69
|
+
elif self.domains:
|
70
|
+
return self.domains[0]
|
71
|
+
return None
|
72
|
+
|
73
|
+
@property
|
74
|
+
def type(self) -> Optional[str]:
|
75
|
+
if self.domains and len(self.domains):
|
76
|
+
return "server"
|
77
|
+
elif self.client:
|
78
|
+
return "client"
|
79
|
+
elif self.name:
|
80
|
+
return "ca"
|
81
|
+
return None
|
82
|
+
|
83
|
+
|
84
|
+
class Credentials:
|
85
|
+
|
86
|
+
def __init__(self, name: str, cert: Any, pkey: Any, issuer: 'Credentials' = None):
|
87
|
+
self._name = name
|
88
|
+
self._cert = cert
|
89
|
+
self._pkey = pkey
|
90
|
+
self._issuer = issuer
|
91
|
+
self._cert_file = None
|
92
|
+
self._pkey_file = None
|
93
|
+
self._store = None
|
94
|
+
|
95
|
+
@property
|
96
|
+
def name(self) -> str:
|
97
|
+
return self._name
|
98
|
+
|
99
|
+
@property
|
100
|
+
def subject(self) -> x509.Name:
|
101
|
+
return self._cert.subject
|
102
|
+
|
103
|
+
@property
|
104
|
+
def key_type(self):
|
105
|
+
if isinstance(self._pkey, RSAPrivateKey):
|
106
|
+
return f"rsa{self._pkey.key_size}"
|
107
|
+
elif isinstance(self._pkey, EllipticCurvePrivateKey):
|
108
|
+
return f"{self._pkey.curve.name}"
|
109
|
+
else:
|
110
|
+
raise Exception(f"unknown key type: {self._pkey}")
|
111
|
+
|
112
|
+
@property
|
113
|
+
def private_key(self) -> Any:
|
114
|
+
return self._pkey
|
115
|
+
|
116
|
+
@property
|
117
|
+
def certificate(self) -> Any:
|
118
|
+
return self._cert
|
119
|
+
|
120
|
+
@property
|
121
|
+
def cert_pem(self) -> bytes:
|
122
|
+
return self._cert.public_bytes(Encoding.PEM)
|
123
|
+
|
124
|
+
@property
|
125
|
+
def pkey_pem(self) -> bytes:
|
126
|
+
return self._pkey.private_bytes(
|
127
|
+
Encoding.PEM,
|
128
|
+
PrivateFormat.TraditionalOpenSSL if self.key_type.startswith('rsa') else PrivateFormat.PKCS8,
|
129
|
+
NoEncryption())
|
130
|
+
|
131
|
+
@property
|
132
|
+
def issuer(self) -> Optional['Credentials']:
|
133
|
+
return self._issuer
|
134
|
+
|
135
|
+
def set_store(self, store: 'CertStore'):
|
136
|
+
self._store = store
|
137
|
+
|
138
|
+
def set_files(self, cert_file: str, pkey_file: str = None):
|
139
|
+
self._cert_file = cert_file
|
140
|
+
self._pkey_file = pkey_file
|
141
|
+
|
142
|
+
@property
|
143
|
+
def cert_file(self) -> str:
|
144
|
+
return self._cert_file
|
145
|
+
|
146
|
+
@property
|
147
|
+
def pkey_file(self) -> Optional[str]:
|
148
|
+
return self._pkey_file
|
149
|
+
|
150
|
+
def get_first(self, name) -> Optional['Credentials']:
|
151
|
+
creds = self._store.get_credentials_for_name(name) if self._store else []
|
152
|
+
return creds[0] if len(creds) else None
|
153
|
+
|
154
|
+
def get_credentials_for_name(self, name) -> List['Credentials']:
|
155
|
+
return self._store.get_credentials_for_name(name) if self._store else []
|
156
|
+
|
157
|
+
def issue_certs(self, specs: List[CertificateSpec],
|
158
|
+
chain: List['Credentials'] = None) -> List['Credentials']:
|
159
|
+
return [self.issue_cert(spec=spec, chain=chain) for spec in specs]
|
160
|
+
|
161
|
+
def issue_cert(self, spec: CertificateSpec, chain: List['Credentials'] = None) -> 'Credentials':
|
162
|
+
key_type = spec.key_type if spec.key_type else self.key_type
|
163
|
+
creds = None
|
164
|
+
if self._store:
|
165
|
+
creds = self._store.load_credentials(
|
166
|
+
name=spec.name, key_type=key_type, single_file=spec.single_file, issuer=self)
|
167
|
+
if creds is None:
|
168
|
+
creds = Ngtcp2TestCA.create_credentials(spec=spec, issuer=self, key_type=key_type,
|
169
|
+
valid_from=spec.valid_from, valid_to=spec.valid_to)
|
170
|
+
if self._store:
|
171
|
+
self._store.save(creds, single_file=spec.single_file)
|
172
|
+
if spec.type == "ca":
|
173
|
+
self._store.save_chain(creds, "ca", with_root=True)
|
174
|
+
|
175
|
+
if spec.sub_specs:
|
176
|
+
if self._store:
|
177
|
+
sub_store = CertStore(fpath=os.path.join(self._store.path, creds.name))
|
178
|
+
creds.set_store(sub_store)
|
179
|
+
subchain = chain.copy() if chain else []
|
180
|
+
subchain.append(self)
|
181
|
+
creds.issue_certs(spec.sub_specs, chain=subchain)
|
182
|
+
return creds
|
183
|
+
|
184
|
+
|
185
|
+
class CertStore:
|
186
|
+
|
187
|
+
def __init__(self, fpath: str):
|
188
|
+
self._store_dir = fpath
|
189
|
+
if not os.path.exists(self._store_dir):
|
190
|
+
os.makedirs(self._store_dir)
|
191
|
+
self._creds_by_name = {}
|
192
|
+
|
193
|
+
@property
|
194
|
+
def path(self) -> str:
|
195
|
+
return self._store_dir
|
196
|
+
|
197
|
+
def save(self, creds: Credentials, name: str = None,
|
198
|
+
chain: List[Credentials] = None,
|
199
|
+
single_file: bool = False) -> None:
|
200
|
+
name = name if name is not None else creds.name
|
201
|
+
cert_file = self.get_cert_file(name=name, key_type=creds.key_type)
|
202
|
+
pkey_file = self.get_pkey_file(name=name, key_type=creds.key_type)
|
203
|
+
if single_file:
|
204
|
+
pkey_file = None
|
205
|
+
with open(cert_file, "wb") as fd:
|
206
|
+
fd.write(creds.cert_pem)
|
207
|
+
if chain:
|
208
|
+
for c in chain:
|
209
|
+
fd.write(c.cert_pem)
|
210
|
+
if pkey_file is None:
|
211
|
+
fd.write(creds.pkey_pem)
|
212
|
+
if pkey_file is not None:
|
213
|
+
with open(pkey_file, "wb") as fd:
|
214
|
+
fd.write(creds.pkey_pem)
|
215
|
+
creds.set_files(cert_file, pkey_file)
|
216
|
+
self._add_credentials(name, creds)
|
217
|
+
|
218
|
+
def save_chain(self, creds: Credentials, infix: str, with_root=False):
|
219
|
+
name = creds.name
|
220
|
+
chain = [creds]
|
221
|
+
while creds.issuer is not None:
|
222
|
+
creds = creds.issuer
|
223
|
+
chain.append(creds)
|
224
|
+
if not with_root and len(chain) > 1:
|
225
|
+
chain = chain[:-1]
|
226
|
+
chain_file = os.path.join(self._store_dir, f'{name}-{infix}.pem')
|
227
|
+
with open(chain_file, "wb") as fd:
|
228
|
+
for c in chain:
|
229
|
+
fd.write(c.cert_pem)
|
230
|
+
|
231
|
+
def _add_credentials(self, name: str, creds: Credentials):
|
232
|
+
if name not in self._creds_by_name:
|
233
|
+
self._creds_by_name[name] = []
|
234
|
+
self._creds_by_name[name].append(creds)
|
235
|
+
|
236
|
+
def get_credentials_for_name(self, name) -> List[Credentials]:
|
237
|
+
return self._creds_by_name[name] if name in self._creds_by_name else []
|
238
|
+
|
239
|
+
def get_cert_file(self, name: str, key_type=None) -> str:
|
240
|
+
key_infix = ".{0}".format(key_type) if key_type is not None else ""
|
241
|
+
return os.path.join(self._store_dir, f'{name}{key_infix}.cert.pem')
|
242
|
+
|
243
|
+
def get_pkey_file(self, name: str, key_type=None) -> str:
|
244
|
+
key_infix = ".{0}".format(key_type) if key_type is not None else ""
|
245
|
+
return os.path.join(self._store_dir, f'{name}{key_infix}.pkey.pem')
|
246
|
+
|
247
|
+
def load_pem_cert(self, fpath: str) -> x509.Certificate:
|
248
|
+
with open(fpath) as fd:
|
249
|
+
return x509.load_pem_x509_certificate("".join(fd.readlines()).encode())
|
250
|
+
|
251
|
+
def load_pem_pkey(self, fpath: str):
|
252
|
+
with open(fpath) as fd:
|
253
|
+
return load_pem_private_key("".join(fd.readlines()).encode(), password=None)
|
254
|
+
|
255
|
+
def load_credentials(self, name: str, key_type=None, single_file: bool = False, issuer: Credentials = None):
|
256
|
+
cert_file = self.get_cert_file(name=name, key_type=key_type)
|
257
|
+
pkey_file = cert_file if single_file else self.get_pkey_file(name=name, key_type=key_type)
|
258
|
+
if os.path.isfile(cert_file) and os.path.isfile(pkey_file):
|
259
|
+
cert = self.load_pem_cert(cert_file)
|
260
|
+
pkey = self.load_pem_pkey(pkey_file)
|
261
|
+
creds = Credentials(name=name, cert=cert, pkey=pkey, issuer=issuer)
|
262
|
+
creds.set_store(self)
|
263
|
+
creds.set_files(cert_file, pkey_file)
|
264
|
+
self._add_credentials(name, creds)
|
265
|
+
return creds
|
266
|
+
return None
|
267
|
+
|
268
|
+
|
269
|
+
class Ngtcp2TestCA:
|
270
|
+
|
271
|
+
@classmethod
|
272
|
+
def create_root(cls, name: str, store_dir: str, key_type: str = "rsa2048") -> Credentials:
|
273
|
+
store = CertStore(fpath=store_dir)
|
274
|
+
creds = store.load_credentials(name="ca", key_type=key_type, issuer=None)
|
275
|
+
if creds is None:
|
276
|
+
creds = Ngtcp2TestCA._make_ca_credentials(name=name, key_type=key_type)
|
277
|
+
store.save(creds, name="ca")
|
278
|
+
creds.set_store(store)
|
279
|
+
return creds
|
280
|
+
|
281
|
+
@staticmethod
|
282
|
+
def create_credentials(spec: CertificateSpec, issuer: Credentials, key_type: Any,
|
283
|
+
valid_from: timedelta = timedelta(days=-1),
|
284
|
+
valid_to: timedelta = timedelta(days=89),
|
285
|
+
) -> Credentials:
|
286
|
+
"""Create a certificate signed by this CA for the given domains.
|
287
|
+
:returns: the certificate and private key PEM file paths
|
288
|
+
"""
|
289
|
+
if spec.domains and len(spec.domains):
|
290
|
+
creds = Ngtcp2TestCA._make_server_credentials(name=spec.name, domains=spec.domains,
|
291
|
+
issuer=issuer, valid_from=valid_from,
|
292
|
+
valid_to=valid_to, key_type=key_type)
|
293
|
+
elif spec.client:
|
294
|
+
creds = Ngtcp2TestCA._make_client_credentials(name=spec.name, issuer=issuer,
|
295
|
+
email=spec.email, valid_from=valid_from,
|
296
|
+
valid_to=valid_to, key_type=key_type)
|
297
|
+
elif spec.name:
|
298
|
+
creds = Ngtcp2TestCA._make_ca_credentials(name=spec.name, issuer=issuer,
|
299
|
+
valid_from=valid_from, valid_to=valid_to,
|
300
|
+
key_type=key_type)
|
301
|
+
else:
|
302
|
+
raise Exception(f"unrecognized certificate specification: {spec}")
|
303
|
+
return creds
|
304
|
+
|
305
|
+
@staticmethod
|
306
|
+
def _make_x509_name(org_name: str = None, common_name: str = None, parent: x509.Name = None) -> x509.Name:
|
307
|
+
name_pieces = []
|
308
|
+
if org_name:
|
309
|
+
oid = NameOID.ORGANIZATIONAL_UNIT_NAME if parent else NameOID.ORGANIZATION_NAME
|
310
|
+
name_pieces.append(x509.NameAttribute(oid, org_name))
|
311
|
+
elif common_name:
|
312
|
+
name_pieces.append(x509.NameAttribute(NameOID.COMMON_NAME, common_name))
|
313
|
+
if parent:
|
314
|
+
name_pieces.extend([rdn for rdn in parent])
|
315
|
+
return x509.Name(name_pieces)
|
316
|
+
|
317
|
+
@staticmethod
|
318
|
+
def _make_csr(
|
319
|
+
subject: x509.Name,
|
320
|
+
pkey: Any,
|
321
|
+
issuer_subject: Optional[Credentials],
|
322
|
+
valid_from_delta: timedelta = None,
|
323
|
+
valid_until_delta: timedelta = None
|
324
|
+
):
|
325
|
+
pubkey = pkey.public_key()
|
326
|
+
issuer_subject = issuer_subject if issuer_subject is not None else subject
|
327
|
+
|
328
|
+
valid_from = datetime.now()
|
329
|
+
if valid_until_delta is not None:
|
330
|
+
valid_from += valid_from_delta
|
331
|
+
valid_until = datetime.now()
|
332
|
+
if valid_until_delta is not None:
|
333
|
+
valid_until += valid_until_delta
|
334
|
+
|
335
|
+
return (
|
336
|
+
x509.CertificateBuilder()
|
337
|
+
.subject_name(subject)
|
338
|
+
.issuer_name(issuer_subject)
|
339
|
+
.public_key(pubkey)
|
340
|
+
.not_valid_before(valid_from)
|
341
|
+
.not_valid_after(valid_until)
|
342
|
+
.serial_number(x509.random_serial_number())
|
343
|
+
.add_extension(
|
344
|
+
x509.SubjectKeyIdentifier.from_public_key(pubkey),
|
345
|
+
critical=False,
|
346
|
+
)
|
347
|
+
)
|
348
|
+
|
349
|
+
@staticmethod
|
350
|
+
def _add_ca_usages(csr: Any) -> Any:
|
351
|
+
return csr.add_extension(
|
352
|
+
x509.BasicConstraints(ca=True, path_length=9),
|
353
|
+
critical=True,
|
354
|
+
).add_extension(
|
355
|
+
x509.KeyUsage(
|
356
|
+
digital_signature=True,
|
357
|
+
content_commitment=False,
|
358
|
+
key_encipherment=False,
|
359
|
+
data_encipherment=False,
|
360
|
+
key_agreement=False,
|
361
|
+
key_cert_sign=True,
|
362
|
+
crl_sign=True,
|
363
|
+
encipher_only=False,
|
364
|
+
decipher_only=False),
|
365
|
+
critical=True
|
366
|
+
).add_extension(
|
367
|
+
x509.ExtendedKeyUsage([
|
368
|
+
ExtendedKeyUsageOID.CLIENT_AUTH,
|
369
|
+
ExtendedKeyUsageOID.SERVER_AUTH,
|
370
|
+
ExtendedKeyUsageOID.CODE_SIGNING,
|
371
|
+
]),
|
372
|
+
critical=True
|
373
|
+
)
|
374
|
+
|
375
|
+
@staticmethod
|
376
|
+
def _add_leaf_usages(csr: Any, domains: List[str], issuer: Credentials) -> Any:
|
377
|
+
return csr.add_extension(
|
378
|
+
x509.BasicConstraints(ca=False, path_length=None),
|
379
|
+
critical=True,
|
380
|
+
).add_extension(
|
381
|
+
x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
|
382
|
+
issuer.certificate.extensions.get_extension_for_class(
|
383
|
+
x509.SubjectKeyIdentifier).value),
|
384
|
+
critical=False
|
385
|
+
).add_extension(
|
386
|
+
x509.SubjectAlternativeName([x509.DNSName(domain) for domain in domains]),
|
387
|
+
critical=True,
|
388
|
+
).add_extension(
|
389
|
+
x509.ExtendedKeyUsage([
|
390
|
+
ExtendedKeyUsageOID.SERVER_AUTH,
|
391
|
+
]),
|
392
|
+
critical=True
|
393
|
+
)
|
394
|
+
|
395
|
+
@staticmethod
|
396
|
+
def _add_client_usages(csr: Any, issuer: Credentials, rfc82name: str = None) -> Any:
|
397
|
+
cert = csr.add_extension(
|
398
|
+
x509.BasicConstraints(ca=False, path_length=None),
|
399
|
+
critical=True,
|
400
|
+
).add_extension(
|
401
|
+
x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
|
402
|
+
issuer.certificate.extensions.get_extension_for_class(
|
403
|
+
x509.SubjectKeyIdentifier).value),
|
404
|
+
critical=False
|
405
|
+
)
|
406
|
+
if rfc82name:
|
407
|
+
cert.add_extension(
|
408
|
+
x509.SubjectAlternativeName([x509.RFC822Name(rfc82name)]),
|
409
|
+
critical=True,
|
410
|
+
)
|
411
|
+
cert.add_extension(
|
412
|
+
x509.ExtendedKeyUsage([
|
413
|
+
ExtendedKeyUsageOID.CLIENT_AUTH,
|
414
|
+
]),
|
415
|
+
critical=True
|
416
|
+
)
|
417
|
+
return cert
|
418
|
+
|
419
|
+
@staticmethod
|
420
|
+
def _make_ca_credentials(name, key_type: Any,
|
421
|
+
issuer: Credentials = None,
|
422
|
+
valid_from: timedelta = timedelta(days=-1),
|
423
|
+
valid_to: timedelta = timedelta(days=89),
|
424
|
+
) -> Credentials:
|
425
|
+
pkey = _private_key(key_type=key_type)
|
426
|
+
if issuer is not None:
|
427
|
+
issuer_subject = issuer.certificate.subject
|
428
|
+
issuer_key = issuer.private_key
|
429
|
+
else:
|
430
|
+
issuer_subject = None
|
431
|
+
issuer_key = pkey
|
432
|
+
subject = Ngtcp2TestCA._make_x509_name(org_name=name, parent=issuer.subject if issuer else None)
|
433
|
+
csr = Ngtcp2TestCA._make_csr(subject=subject,
|
434
|
+
issuer_subject=issuer_subject, pkey=pkey,
|
435
|
+
valid_from_delta=valid_from, valid_until_delta=valid_to)
|
436
|
+
csr = Ngtcp2TestCA._add_ca_usages(csr)
|
437
|
+
cert = csr.sign(private_key=issuer_key,
|
438
|
+
algorithm=hashes.SHA256(),
|
439
|
+
backend=default_backend())
|
440
|
+
return Credentials(name=name, cert=cert, pkey=pkey, issuer=issuer)
|
441
|
+
|
442
|
+
@staticmethod
|
443
|
+
def _make_server_credentials(name: str, domains: List[str], issuer: Credentials,
|
444
|
+
key_type: Any,
|
445
|
+
valid_from: timedelta = timedelta(days=-1),
|
446
|
+
valid_to: timedelta = timedelta(days=89),
|
447
|
+
) -> Credentials:
|
448
|
+
name = name
|
449
|
+
pkey = _private_key(key_type=key_type)
|
450
|
+
subject = Ngtcp2TestCA._make_x509_name(common_name=name, parent=issuer.subject)
|
451
|
+
csr = Ngtcp2TestCA._make_csr(subject=subject,
|
452
|
+
issuer_subject=issuer.certificate.subject, pkey=pkey,
|
453
|
+
valid_from_delta=valid_from, valid_until_delta=valid_to)
|
454
|
+
csr = Ngtcp2TestCA._add_leaf_usages(csr, domains=domains, issuer=issuer)
|
455
|
+
cert = csr.sign(private_key=issuer.private_key,
|
456
|
+
algorithm=hashes.SHA256(),
|
457
|
+
backend=default_backend())
|
458
|
+
return Credentials(name=name, cert=cert, pkey=pkey, issuer=issuer)
|
459
|
+
|
460
|
+
@staticmethod
|
461
|
+
def _make_client_credentials(name: str,
|
462
|
+
issuer: Credentials, email: Optional[str],
|
463
|
+
key_type: Any,
|
464
|
+
valid_from: timedelta = timedelta(days=-1),
|
465
|
+
valid_to: timedelta = timedelta(days=89),
|
466
|
+
) -> Credentials:
|
467
|
+
pkey = _private_key(key_type=key_type)
|
468
|
+
subject = Ngtcp2TestCA._make_x509_name(common_name=name, parent=issuer.subject)
|
469
|
+
csr = Ngtcp2TestCA._make_csr(subject=subject,
|
470
|
+
issuer_subject=issuer.certificate.subject, pkey=pkey,
|
471
|
+
valid_from_delta=valid_from, valid_until_delta=valid_to)
|
472
|
+
csr = Ngtcp2TestCA._add_client_usages(csr, issuer=issuer, rfc82name=email)
|
473
|
+
cert = csr.sign(private_key=issuer.private_key,
|
474
|
+
algorithm=hashes.SHA256(),
|
475
|
+
backend=default_backend())
|
476
|
+
return Credentials(name=name, cert=cert, pkey=pkey, issuer=issuer)
|