rev280, The whole project reformatted to PEP8, UiRequest getPosted to query posted variables

src/Crypt/CryptConnection.py

@@ -4,103 +4,104 @@ import os
 import ssl
 
 from Config import config
-import gevent
 from util import SslPatch
 
 
 class CryptConnectionManager:
-	def __init__(self):
-		# OpenSSL params
-		if sys.platform.startswith("win"): 
-			self.openssl_bin = "src\\lib\\opensslVerify\\openssl.exe"
-		else: 
-			self.openssl_bin = "openssl"
-		self.openssl_env = {"OPENSSL_CONF": "src/lib/opensslVerify/openssl.cnf"}
+    def __init__(self):
+        # OpenSSL params
+        if sys.platform.startswith("win"):
+            self.openssl_bin = "src\\lib\\opensslVerify\\openssl.exe"
+        else:
+            self.openssl_bin = "openssl"
+        self.openssl_env = {"OPENSSL_CONF": "src/lib/opensslVerify/openssl.cnf"}
 
-		self.crypt_supported = [] # Supported cryptos
+        self.crypt_supported = []  # Supported cryptos
+
+    # Select crypt that supported by both sides
+    # Return: Name of the crypto
+    def selectCrypt(self, client_supported):
+        for crypt in self.crypt_supported:
+            if crypt in client_supported:
+                return crypt
+        return False
+
+    # Wrap socket for crypt
+    # Return: wrapped socket
+    def wrapSocket(self, sock, crypt, server=False):
+        if crypt == "tls-rsa":
+            ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES128-SHA256:HIGH:"
+            ciphers += "!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK"
+            if server:
+                return ssl.wrap_socket(
+                    sock, server_side=server, keyfile='%s/key-rsa.pem' % config.data_dir,
+                    certfile='%s/cert-rsa.pem' % config.data_dir, ciphers=ciphers)
+            else:
+                return ssl.wrap_socket(sock, ciphers=ciphers)
+        else:
+            return sock
+
+    def removeCerts(self):
+        for file_name in ["cert-rsa.pem", "key-rsa.pem"]:
+            file_path = "%s/%s" % (config.data_dir, file_name)
+            if os.path.isfile(file_path):
+                os.unlink(file_path)
+
+    # Load and create cert files is necessary
+    def loadCerts(self):
+        if config.disable_encryption:
+            return False
+
+        if self.loadSslRsaCert():
+            self.crypt_supported.append("tls-rsa")
+
+    # Try to create RSA server cert + sign for connection encryption
+    # Return: True on success
+    def loadSslRsaCert(self):
+        import subprocess
+
+        if os.path.isfile("%s/cert-rsa.pem" % config.data_dir) and os.path.isfile("%s/key-rsa.pem" % config.data_dir):
+            return True  # Files already exits
+
+        back = subprocess.Popen(
+            "%s req -x509 -newkey rsa:2048 -sha256 -batch -keyout %s/key-rsa.pem -out %s/cert-rsa.pem -nodes -config %s" % (
+                self.openssl_bin, config.data_dir, config.data_dir, self.openssl_env["OPENSSL_CONF"]
+            ),
+            shell=True, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, env=self.openssl_env
+        ).stdout.read().strip()
+        logging.debug("Generating RSA cert and key PEM files...%s" % back)
+
+        if os.path.isfile("%s/cert-rsa.pem" % config.data_dir) and os.path.isfile("%s/key-rsa.pem" % config.data_dir):
+            return True
+        else:
+            logging.error("RSA ECC SSL cert generation failed, cert or key files not exits.")
+            return False
+
+    # Not used yet: Missing on some platform
+    def createSslEccCert(self):
+        return False
+        import subprocess
+
+        # Create ECC privatekey
+        back = subprocess.Popen(
+            "%s ecparam -name prime256v1 -genkey -out %s/key-ecc.pem" % (self.openssl_bin, config.data_dir),
+            shell=True, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, env=self.openssl_env
+        ).stdout.read().strip()
+        self.log.debug("Generating ECC privatekey PEM file...%s" % back)
+
+        # Create ECC cert
+        back = subprocess.Popen(
+            "%s req -new -key %s/key-ecc.pem -x509 -nodes -out %s/cert-ecc.pem -config %s" % (
+                self.openssl_bin, config.data_dir, config.data_dir, self.openssl_env["OPENSSL_CONF"]),
+            shell=True, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, env=self.openssl_env
+        ).stdout.read().strip()
+        self.log.debug("Generating ECC cert PEM file...%s" % back)
+
+        if os.path.isfile("%s/cert-ecc.pem" % config.data_dir) and os.path.isfile("%s/key-ecc.pem" % config.data_dir):
+            return True
+        else:
+            self.logging.error("ECC SSL cert generation failed, cert or key files not exits.")
+            return False
 
 
-	# Select crypt that supported by both sides
-	# Return: Name of the crypto
-	def selectCrypt(self, client_supported):
-		for crypt in self.crypt_supported:
-			if crypt in client_supported:
-				return crypt
-		return False
-
-
-	# Wrap socket for crypt
-	# Return: wrapped socket
-	def wrapSocket(self, sock, crypt, server=False):
-		if crypt == "tls-rsa":
-			ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES128-SHA256:HIGH:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK" 
-			if server:
-				return ssl.wrap_socket(sock, server_side=server, keyfile='%s/key-rsa.pem' % config.data_dir, certfile='%s/cert-rsa.pem' % config.data_dir, ciphers=ciphers)
-			else:
-				return ssl.wrap_socket(sock, ciphers=ciphers)
-		else:
-			return sock
-
-
-	def removeCerts(self):
-		for file_name in ["cert-rsa.pem", "key-rsa.pem"]:
-			file_path = "%s/%s" % (config.data_dir, file_name)
-			if os.path.isfile(file_path): os.unlink(file_path)
-
-
-	# Load and create cert files is necessary
-	def loadCerts(self):
-		if config.disable_encryption: return False
-		
-		if self.loadSslRsaCert():
-			self.crypt_supported.append("tls-rsa")
-			
-
-	# Try to create RSA server cert + sign for connection encryption
-	# Return: True on success
-	def loadSslRsaCert(self):
-		import subprocess
-
-		if os.path.isfile("%s/cert-rsa.pem" % config.data_dir) and os.path.isfile("%s/key-rsa.pem" % config.data_dir):
-			return True # Files already exits
-
-		back = subprocess.Popen(
-			"%s req -x509 -newkey rsa:2048 -sha256 -batch -keyout %s/key-rsa.pem -out %s/cert-rsa.pem -nodes -config %s" % (self.openssl_bin, config.data_dir, config.data_dir, self.openssl_env["OPENSSL_CONF"]),
-			shell=True, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, env=self.openssl_env
-		).stdout.read().strip()
-		logging.debug("Generating RSA cert and key PEM files...%s" % back)
-
-		if os.path.isfile("%s/cert-rsa.pem" % config.data_dir) and os.path.isfile("%s/key-rsa.pem" % config.data_dir):
-			return True
-		else:
-			logging.error("RSA ECC SSL cert generation failed, cert or key files not exits.")
-			return False
-
-
-	# Not used yet: Missing on some platform
-	def createSslEccCert(self):
-		return False
-		import subprocess
-
-		# Create ECC privatekey
-		back = subprocess.Popen(
-			"%s ecparam -name prime256v1 -genkey -out %s/key-ecc.pem" % (self.openssl_bin, config.data_dir), 
-			shell=True, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, env=self.openssl_env
-		).stdout.read().strip()
-		self.log.debug("Generating ECC privatekey PEM file...%s" % back)
-
-		# Create ECC cert
-		back = subprocess.Popen(
-			"%s req -new -key %s/key-ecc.pem -x509 -nodes -out %s/cert-ecc.pem -config %s" % (self.openssl_bin, config.data_dir, config.data_dir, self.openssl_env["OPENSSL_CONF"]), 
-			shell=True, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, env=self.openssl_env
-		).stdout.read().strip()
-		self.log.debug("Generating ECC cert PEM file...%s" % back)
-
-		if os.path.isfile("%s/cert-ecc.pem" % config.data_dir) and os.path.isfile("%s/key-ecc.pem" % config.data_dir):
-			return True
-		else:
-			self.logging.error("ECC SSL cert generation failed, cert or key files not exits.")
-			return False
-
-
-manager = CryptConnectionManager()
+manager = CryptConnectionManager()