atomicshop 3.3.16__py3-none-any.whl → 3.3.17__py3-none-any.whl

atomicshop/__init__.py

@@ -1,4 +1,4 @@
 """Atomic Basic functions and classes to make developer life easier"""
 
 __author__ = "Den Kras"
-__version__ = '3.3.16'
+__version__ = '3.3.17'

atomicshop/mitm/import_config.py

@@ -116,7 +116,15 @@ def import_engines_configs(print_kwargs: dict) -> int:
         return result_code
 
     # Assigning all the engines domains to all time domains, that will be responsible for adding new domains.
-    config_static.Certificates.domains_all_times = list(domains_engine_list_full)
+    domains_all_times_with_ports: list[str] = list(domains_engine_list_full)
+
+    domains_all_times: list[str] = list()
+    for domain_and_port in domains_all_times_with_ports:
+        domain: str = domain_and_port.split(':')[0]
+        if domain not in domains_engine_list_full:
+            domains_all_times.append(domain)
+
+    config_static.Certificates.domains_all_times = domains_all_times
 
     config_static.ENGINES_LIST = engines_list
     config_static.REFERENCE_MODULE = reference_module

atomicshop/mitm/mitm_main.py

@@ -20,6 +20,14 @@ from .connection_thread_worker import thread_worker_main
 from . import config_static, recs_files
 
 
+# If you have 'pip-system-certs' package installed, this section overrides this behavior, since it injects
+# the ssl default behavior, which we don't need when using ssl and sockets.
+import ssl, importlib
+if getattr(ssl.SSLContext.wrap_socket, "__module__", "").startswith("pip._vendor.truststore"):
+    # Truststore injection is active; restore stdlib ssl
+    importlib.reload(ssl)
+
+
 class NetworkSettings:
     """
     Class to store network settings.
@@ -162,7 +170,7 @@ def startup_output(system_logger, script_version: str):
             f"Default server certificate usage enabled, if no SNI available: "
             f"{config_static.MainConfig.default_server_certificate_filepath}")
 
-    if config_static.Certificates.sni_server_certificates_cache_directory:
+    if config_static.Certificates.sni_create_server_certificate_for_each_domain:
         system_logger.info(
             f"SNI function certificates creation enabled. Certificates cache: "
             f"{config_static.Certificates.sni_server_certificates_cache_directory}")

atomicshop/wrappers/socketw/creator.py

@@ -25,20 +25,36 @@ def add_reusable_address_option(socket_instance):
     socket_instance.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
 
 
-def create_ssl_context_for_server() -> ssl.SSLContext:
+def create_ssl_context_for_server(allow_legacy=False) -> ssl.SSLContext:
     # Creating context with SSL certificate and the private key before the socket
     # https://docs.python.org/3/library/ssl.html
     # Creating context for SSL wrapper, specifying "PROTOCOL_TLS_SERVER" will pick the best TLS version protocol for
     # the server.
 
-    ssl_context: ssl.SSLContext = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+    # ssl_context: ssl.SSLContext = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
 
     # # Enforce the use of TLS 1.2 only (disable TLS 1.0, TLS 1.1, and TLS 1.3)
     # ssl_context.options |= ssl.OP_NO_TLSv1           # Disable TLS 1.0
     # ssl_context.options |= ssl.OP_NO_TLSv1_1         # Disable TLS 1.1
     # ssl_context.options |= ssl.OP_NO_TLSv1_3         # Disable TLS 1.3
 
-    # return ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+    # Correct factory for servers
+    ssl_context: ssl.SSLContext = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+
+    # Modern default; relax only if you must
+    ssl_context.minimum_version = ssl.TLSVersion.TLSv1_2
+
+    # Don't verify client certificates.
+    ssl_context.verify_mode = ssl.CERT_NONE
+    ssl_context.check_hostname = False
+
+    # If you must support old clients that only offer TLS_RSA_* suites under OpenSSL 3:
+    if allow_legacy:
+        # This enables RSA key exchange and other legacy bits at security level 1
+        ssl_context.set_ciphers('DEFAULT:@SECLEVEL=1')
+        # If you truly have TLS 1.0/1.1 clients, uncomment the next line (not recommended):
+        ssl_context.minimum_version = ssl.TLSVersion.TLSv1
+
     return ssl_context
 
 
@@ -138,9 +154,44 @@ def load_certificate_and_key_into_server_ssl_context(
             print_api(message, error_type=True, logger_method="critical", **print_kwargs)
 
 
-def create_server_ssl_context___load_certificate_and_key(certificate_file_path: str, key_file_path) -> ssl.SSLContext:
+def copy_server_ctx_settings(src: ssl.SSLContext, dst: ssl.SSLContext) -> None:
+    # Versions & options
+    try: dst.minimum_version = src.minimum_version
+    except Exception: pass
+    try: dst.maximum_version = src.maximum_version
+    except Exception: pass
+    try: dst.options = src.options
+    except Exception: pass
+
+    # Verification knobs (server usually CERT_NONE unless you do mTLS)
+    try: dst.verify_mode = src.verify_mode
+    except Exception: pass
+    try: dst.check_hostname = src.check_hostname
+    except Exception: pass
+
+    # Cipher policy – replicate current enabled list
+    try:
+        cipher_names = ':'.join(c['name'] for c in src.get_ciphers())
+        if cipher_names:
+            dst.set_ciphers(cipher_names)
+    except Exception:
+        pass
+
+    # (ALPN/curves/etc. don’t have public getters; set them the same way you set them on src, if applicable)
+
+
+def create_server_ssl_context___load_certificate_and_key(
+        certificate_file_path: str,
+        key_file_path: str | None,
+        inherit_from: ssl.SSLContext | None = None
+) -> ssl.SSLContext:
     # Create and set ssl context for server.
-    ssl_context: ssl.SSLContext = create_ssl_context_for_server()
+    ssl_context: ssl.SSLContext = create_ssl_context_for_server(True)
+
+    # If you replaced contexts during SNI, copy policy from the old one
+    if inherit_from is not None:
+        copy_server_ctx_settings(inherit_from, ssl_context)
+
     # Load certificate into context.
     load_certificate_and_key_into_server_ssl_context(ssl_context, certificate_file_path, key_file_path)
     # Return ssl context only.

atomicshop/wrappers/socketw/exception_wrapper.py

@@ -75,18 +75,25 @@ def connection_exception_decorator(function_name):
                 pass
             pass
         except ssl.SSLError as exception_object:
-            # Getting the exact reason of "ssl.SSLError"
-            if exception_object.reason == "HTTP_REQUEST":
-                message = f"Socket Accept: HTTP Request on SSL Socket: " \
-                          f"{base.get_source_destination(kwargs['socket_object'])}"
-                wrapper_handle_connection_exceptions.message = message
-                print_api(message, logger_method='error', traceback_string=True, oneline=True, **kwargs['print_kwargs'])
-            elif exception_object.reason == "TSV1_ALERT_UNKNOWN_CA":
-                message = f"Socket Accept: Check CA certificate on the client " \
-                          f"{base.get_source_destination(kwargs['socket_object'])}"
-                wrapper_handle_connection_exceptions.message = message
-                print_api(message, logger_method='error', traceback_string=True, oneline=True, **kwargs['print_kwargs'])
-            else:
+            excepted: bool = False
+            if getattr(exception_object, "reason", None):
+                # Getting the exact reason of "ssl.SSLError"
+                if exception_object.reason == "HTTP_REQUEST":
+                    message = f"Socket Accept: HTTP Request on SSL Socket: " \
+                              f"{base.get_source_destination(kwargs['socket_object'])}"
+                    wrapper_handle_connection_exceptions.message = message
+                    print_api(message, logger_method='error', traceback_string=True, oneline=True, **kwargs['print_kwargs'])
+
+                    excepted = True
+                elif exception_object.reason == "TSV1_ALERT_UNKNOWN_CA":
+                    message = f"Socket Accept: Check CA certificate on the client " \
+                              f"{base.get_source_destination(kwargs['socket_object'])}"
+                    wrapper_handle_connection_exceptions.message = message
+                    print_api(message, logger_method='error', traceback_string=True, oneline=True, **kwargs['print_kwargs'])
+
+                    excepted = True
+
+            if not excepted:
                 # Not all requests have the server name passed through Client Hello.
                 # If it is not passed an error of undefined variable will be raised.
                 # So, we'll check if the variable as a string is in the "locals()" variable pool.
@@ -102,21 +109,19 @@ def connection_exception_decorator(function_name):
                     f"Socket Accept: {domain_from_dns_server}:{port}: {message}"
                 wrapper_handle_connection_exceptions.message = message
                 print_api(message, logger_method='error', oneline=True, **kwargs['print_kwargs'])
-            pass
+
         except FileNotFoundError:
             message = "'SSLSocket.accept()' crashed: 'FileNotFoundError'. Some problem with SSL during Handshake - " \
                       "Could be certificate, client, or server."
             message = f"Socket Accept: {domain_from_dns_server}:{port}: {message}"
             wrapper_handle_connection_exceptions.message = message
             print_api(message, logger_method='error', traceback_string=True, oneline=True, **kwargs['print_kwargs'])
-            pass
         except Exception as e:
             _ = e
             message = "Undocumented exception on accept."
             message = f"Socket Accept: {domain_from_dns_server}:{port}: {message}"
             wrapper_handle_connection_exceptions.message = message
             print_api(message, logger_method='error', traceback_string=True, oneline=True, **kwargs['print_kwargs'])
-            pass
 
     wrapper_handle_connection_exceptions.message = None
     return wrapper_handle_connection_exceptions

atomicshop/wrappers/socketw/sni.py

@@ -82,7 +82,7 @@ class SNISetup:
     ):
 
         # Create SSL Socket to wrap the raw socket with.
-        ssl_context: ssl.SSLContext = creator.create_ssl_context_for_server()
+        ssl_context: ssl.SSLContext = creator.create_ssl_context_for_server(True)
 
         self.certificator_instance = certificator.Certificator(
             ca_certificate_name=self.ca_certificate_name,
@@ -149,7 +149,8 @@ class SNISetup:
         # The function is actually called at "accept()" method of the "ssl.SSLSocket"
         # This needs to be set only once on the listening socket
         if self.sni_custom_callback_function:
-            ssl_context.sni_callback = self.sni_custom_callback_function
+            # ssl_context.sni_callback = self.sni_custom_callback_function
+            ssl_context.set_servername_callback(self.sni_custom_callback_function)
 
         if self.sni_use_default_callback_function:
             sni_handler_instance = SNIHandler(
@@ -320,8 +321,13 @@ class SNIHandler:
                 # Since new default certificate was created we need to create new SSLContext and add the certificate.
                 # You need to build new context and exchange the context that being inherited from the main socket,
                 # or else the context will receive previous certificate each time.
-                self.sni_received_parameters.ssl_socket.context = \
-                    creator.create_server_ssl_context___load_certificate_and_key(default_server_certificate_path, None)
+                self.sni_received_parameters.ssl_socket.context = (
+                    creator.create_server_ssl_context___load_certificate_and_key(
+                        default_server_certificate_path,
+                        None,
+                        inherit_from=self.sni_received_parameters.ssl_socket.context
+                    )
+                )
             else:
                 message = f"Couldn't create / overwrite Default Server Certificate: {default_server_certificate_path}"
                 raise SNIDefaultCertificateCreationError(message)

atomicshop/wrappers/socketw/socket_wrapper.py

@@ -378,7 +378,8 @@ class SocketWrapper:
 
             os.makedirs(self.sni_server_certificates_cache_directory, exist_ok=True)
             print_api("Removed cached server certificates.", logger=self.logger)
-
+        else:
+            os.makedirs(self.sni_server_certificates_cache_directory, exist_ok=True)
 
         if self.install_ca_certificate_to_root_store:
             if not self.ca_certificate_filepath:
@@ -613,6 +614,12 @@ class SocketWrapper:
                                 print_kwargs={'logger': self.logger}
                             )
 
+                        if ssl_client_socket:
+                            # Handshake is done at this point, so version/cipher are available
+                            self.logger.info(
+                                f"TLS version={ssl_client_socket.version()} cipher={ssl_client_socket.cipher()}"
+                            )
+
                         if accept_error_message:
                             # Write statistics after wrap is there was an error.
                             self.statistics_writer.write_accept_error(

{atomicshop-3.3.16.dist-info → atomicshop-3.3.17.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: atomicshop
-Version: 3.3.16
+Version: 3.3.17
 Summary: Atomic functions and classes to make developer life easier
 Author: Denis Kras
 License-Expression: MIT

{atomicshop-3.3.16.dist-info → atomicshop-3.3.17.dist-info}/RECORD

@@ -1,4 +1,4 @@
-atomicshop/__init__.py,sha256=kyelTQilS2JfdchICQN4bok9iSdZmHH9FoIHAGcgZ-w,123
+atomicshop/__init__.py,sha256=Dpoh5myDY76x-yt8GnffOAHw--mjow5KnNkH5ARBuyc,123
 atomicshop/_basics_temp.py,sha256=6cu2dd6r2dLrd1BRNcVDKTHlsHs_26Gpw8QS6v32lQ0,3699
 atomicshop/_create_pdf_demo.py,sha256=Yi-PGZuMg0RKvQmLqVeLIZYadqEZwUm-4A9JxBl_vYA,3713
 atomicshop/_patch_import.py,sha256=ENp55sKVJ0e6-4lBvZnpz9PQCt3Otbur7F6aXDlyje4,6334
@@ -128,10 +128,10 @@ atomicshop/mitm/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 atomicshop/mitm/config_static.py,sha256=KzO8DjZjRHfkQMYSIGTkW4jLNPzMR8visTqs1H6ZQ-U,8926
 atomicshop/mitm/config_toml_editor.py,sha256=2p1CMcktWRR_NW-SmyDwylu63ad5e0-w1QPMa8ZLDBw,1635
 atomicshop/mitm/connection_thread_worker.py,sha256=p-93_zdq3HzWpR7NF-gIq0JvvX0L8jz3_TSD3tBhV4o,33255
-atomicshop/mitm/import_config.py,sha256=6fPiV_3v2ym1LgiLlbGoiIPaB6pfRNM9UBXmRnP-pMQ,18560
+atomicshop/mitm/import_config.py,sha256=7aLfKqflc3ZnzKc2_Y4T0eenzQpKG94M0r-PaVwF99M,18881
 atomicshop/mitm/initialize_engines.py,sha256=qzz5jzh_lKC03bI1w5ebngVXo1K-RV3poAyW-nObyqo,11042
 atomicshop/mitm/message.py,sha256=CDhhm4BTuZE7oNZCjvIZ4BuPOW4MuIzQLOg91hJaxDI,3065
-atomicshop/mitm/mitm_main.py,sha256=ucmdCr2p1F4c18DE8qJG3uG3FkkVLWdMEIWevN5BNKE,38967
+atomicshop/mitm/mitm_main.py,sha256=u9q4BYIhScw9W9M7AS4h217gKQXkuppOFxvprEBVPGE,39366
 atomicshop/mitm/recs_files.py,sha256=tv8XFhYZMkBv4DauvpiAdPgvSo0Bcm1CghnmwO7dx8M,5018
 atomicshop/mitm/shared_functions.py,sha256=0lzeyINd44sVEfFbahJxQmz6KAMWbYrW5ou3UYfItvw,1777
 atomicshop/mitm/statistic_analyzer.py,sha256=D7DzpgqZN303jS8hfXn5HKq1edbTil7CpJr85bk9ERA,28489
@@ -301,23 +301,23 @@ atomicshop/wrappers/socketw/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMp
 atomicshop/wrappers/socketw/accepter.py,sha256=4I9ORugRDvwaqSzm_gWSjZnRwQGY8hDTlCdsYHwH_ZE,2377
 atomicshop/wrappers/socketw/base.py,sha256=EcosGkD8VzgBY3GeIHDSG29ThQfXwg3-GQPmBTAqTdw,3048
 atomicshop/wrappers/socketw/certificator.py,sha256=mtWPJ_ew3OSwt0-1W4jaoco1VIY4NRCrMv3mDUxb_Cc,12418
-atomicshop/wrappers/socketw/creator.py,sha256=LLqPEI00pDN1HxHo_QVVuNmrmjmjhIBNMsgpZd3wS_4,13969
+atomicshop/wrappers/socketw/creator.py,sha256=8cRX8mfU36rDCZ6eUPqPw1_GVX6inr4x4LEuWoV-esE,15866
 atomicshop/wrappers/socketw/dns_server.py,sha256=GOYMvHvS6Fx7s-DRygGqO7_o8_Qt9on3HmKxgOSznRE,55956
-atomicshop/wrappers/socketw/exception_wrapper.py,sha256=qW_1CKyPgGlsIt7_jusKkMV4A4hih4bX324u0PLnoO8,7382
+atomicshop/wrappers/socketw/exception_wrapper.py,sha256=_p98OdOaKYSMqJ23pHLXBUA7NkbVmpgqcSJAdWr6wwc,7560
 atomicshop/wrappers/socketw/get_process.py,sha256=aJC-_qFUv3NgWCSUzDI72E4z8_-VTZE9NVZ0CwUoNlM,5698
 atomicshop/wrappers/socketw/receiver.py,sha256=9B3MvcDqr4C3x2fsnjG5SQognd1wRqsBgikxZa0wXG8,8243
 atomicshop/wrappers/socketw/sender.py,sha256=aX_K8l_rHjd5AWb8bi5mt8-YTkMYVRDB6DnPqK_XDUE,4754
-atomicshop/wrappers/socketw/sni.py,sha256=wsouhMreR3AmigW-3iZDvRsnhBS4S01a6SGGYFtBIvA,17907
+atomicshop/wrappers/socketw/sni.py,sha256=uj6KKYKmSrzXcKBhVLaHQhYn1wNfIUpdnmcvn21V9iE,18176
 atomicshop/wrappers/socketw/socket_client.py,sha256=WWIiCxUX9irN9aWzJ6-1xrXNB_iv_diq3ha1yrWsNGU,22671
 atomicshop/wrappers/socketw/socket_server_tester.py,sha256=Qobmh4XV8ZxLUaw-eW4ESKAbeSLecCKn2OWFzMhadk0,6420
-atomicshop/wrappers/socketw/socket_wrapper.py,sha256=VZe27EQhExaiLQ0FEW4ePJhNSwPMyPzgcl6oljMSbGg,41185
+atomicshop/wrappers/socketw/socket_wrapper.py,sha256=8tRoccWvnDNXaK2iYsT68RyxHHjILdPjw2R7SxPC6go,41621
 atomicshop/wrappers/socketw/ssl_base.py,sha256=62-hPm7zla1rh3m_WvDnXqKH-sDUTdiRptD8STCkgdk,2313
 atomicshop/wrappers/socketw/statistics_csv.py,sha256=_gA8bMX6Sw_UCXKi2y9wNAwlqifgExgDGfQIa9pFxQA,5543
 atomicshop/wrappers/winregw/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 atomicshop/wrappers/winregw/winreg_installed_software.py,sha256=Qzmyktvob1qp6Tjk2DjLfAqr_yXV0sgWzdMW_9kwNjY,2345
 atomicshop/wrappers/winregw/winreg_network.py,sha256=ih0BVNwByLvf9F_Lac4EdmDYYJA3PzMvmG0PieDZrsE,9905
-atomicshop-3.3.16.dist-info/licenses/LICENSE.txt,sha256=lLU7EYycfYcK2NR_1gfnhnRC8b8ccOTElACYplgZN88,1094
-atomicshop-3.3.16.dist-info/METADATA,sha256=t1-CnwQ6Go6D2SMdoVOws7Cs_Kc_gcurJKt8KOCHJhE,9345
-atomicshop-3.3.16.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-atomicshop-3.3.16.dist-info/top_level.txt,sha256=EgKJB-7xcrAPeqTRF2laD_Np2gNGYkJkd4OyXqpJphA,11
-atomicshop-3.3.16.dist-info/RECORD,,
+atomicshop-3.3.17.dist-info/licenses/LICENSE.txt,sha256=lLU7EYycfYcK2NR_1gfnhnRC8b8ccOTElACYplgZN88,1094
+atomicshop-3.3.17.dist-info/METADATA,sha256=rJmcAVoJKVxK4eEyafjPZ2rCdQDLlyHewEpgEiYM9eQ,9345
+atomicshop-3.3.17.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+atomicshop-3.3.17.dist-info/top_level.txt,sha256=EgKJB-7xcrAPeqTRF2laD_Np2gNGYkJkd4OyXqpJphA,11
+atomicshop-3.3.17.dist-info/RECORD,,