MCPcopy Index your code
hub / github.com/secdev/scapy / handler

Method handler

scapy/fwdmachine.py:334–499  ·  view source on GitHub ↗

Handler of a client socket

(self, sock, addr, dest)

Source from the content-addressed store, hash-verified

332 return privkey, certs
333
334 def handler(self, sock, addr, dest):
335 """
336 Handler of a client socket
337 """
338 ctx = self.CONTEXT(addr, dest) # we have a context object
339 # Initialize peer socket
340 ss = self._getpeersock(dest)
341 # Wrap both server and peer sockets in SSL
342 if self.tls:
343 # Build client SSL context
344 clisslcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
345 clisslcontext.load_default_certs()
346 clisslcontext.check_hostname = False
347 clisslcontext.verify_mode = ssl.CERT_NONE
348
349 # This acts as follows:
350 # - start the server-side TLS handshake
351 # - use the SNI callback to pop a client-side socket (using the real
352 # provided SNI)
353 # - serve the certificate
354
355 _clisock = [ss]
356
357 def cb_sni(sock, server_name, _):
358 """
359 This callback occurs after the TLSClientHello is received by the server
360 """
361 ss = _clisock[0]
362 ctx.tls_sni_name = server_name # the requested SNI
363 # Use that SNI to wrap the client socket
364 ss = clisslcontext.wrap_socket(ss, server_hostname=server_name)
365 # Get certificate chain
366 cas = ss._sslobj.get_unverified_chain()
367 if self.crtfile is None:
368 # SELF-SIGNED mode
369 # Generate private key based on the type of certificate
370 privkey, certs = self.get_key_and_alike_chain(
371 cas, dest, server_name
372 )
373 # Load result certificate our SSL server
374 # (this is dumb but we need to store them on disk)
375 certfile = get_temp_file()
376 with open(certfile, "w") as fd:
377 for c in certs:
378 fd.write(c.pem)
379 keyfile = get_temp_file()
380 with open(keyfile, "wb") as fd:
381 password = os.urandom(32)
382 fd.write(
383 privkey.key.private_bytes(
384 encoding=serialization.Encoding.PEM,
385 format=serialization.PrivateFormat.PKCS8,
386 encryption_algorithm=serialization.BestAvailableEncryption( # noqa: E501
387 password
388 ),
389 )
390 )
391 else:

Callers

nothing calls this directly

Calls 7

_getpeersockMethod · 0.95
print_replyMethod · 0.95
shutdownMethod · 0.80
closeMethod · 0.45
selectMethod · 0.45
recvMethod · 0.45
sendMethod · 0.45

Tested by

no test coverage detected