ircrobots/ircrobots/security.py

import ssl
from dataclasses import dataclass
from typing import Optional, Tuple

@dataclass
class TLS:
    client_keypair: Optional[Tuple[str, str]] = None

# tls without verification
class TLSNoVerify(TLS):
    pass

# verify via CAs
class TLSVerifyChain(TLS):
    pass

# verify by a pinned hash
class TLSVerifyHash(TLSNoVerify):
    def __init__(self, sum: str):
        self.sum = sum.lower()
class TLSVerifySHA512(TLSVerifyHash):
    pass

def tls_context(verify: bool=True) -> ssl.SSLContext:
    ctx = ssl.create_default_context()
    if not verify:
        ctx.check_hostname = False
        ctx.verify_mode = ssl.CERT_NONE
    return ctx
add ConnectionParams.ssl_verify 2020-04-02 21:43:34 +00:00			`import ssl`
support specifying tls client keypair 2023-02-06 19:42:27 +00:00			`from dataclasses import dataclass`
			`from typing import Optional, Tuple`
add ConnectionParams.ssl_verify 2020-04-02 21:43:34 +00:00
support specifying tls client keypair 2023-02-06 19:42:27 +00:00			`@dataclass`
combine params.tls and .tls_verify, support pinned certs 2022-01-23 16:52:27 +00:00			`class TLS:`
support specifying tls client keypair 2023-02-06 19:42:27 +00:00			`client_keypair: Optional[Tuple[str, str]] = None`
combine params.tls and .tls_verify, support pinned certs 2022-01-23 16:52:27 +00:00
			`# tls without verification`
			`class TLSNoVerify(TLS):`
			`pass`

			`# verify via CAs`
			`class TLSVerifyChain(TLS):`
			`pass`

			`# verify by a pinned hash`
			`class TLSVerifyHash(TLSNoVerify):`
			`def __init__(self, sum: str):`
			`self.sum = sum.lower()`
			`class TLSVerifySHA512(TLSVerifyHash):`
			`pass`

refactor TCP logic in to ITCPTransport (we can mock this for unittests) 2020-04-06 12:22:17 +00:00			`def tls_context(verify: bool=True) -> ssl.SSLContext:`
combine params.tls and .tls_verify, support pinned certs 2022-01-23 16:52:27 +00:00			`ctx = ssl.create_default_context()`
			`if not verify:`
			`ctx.check_hostname = False`
			`ctx.verify_mode = ssl.CERT_NONE`
			`return ctx`