commit 256e6962edaf218650aac54d2541c14b50c590c7 Author: Ximin Luo infinity0@gmx.com Date: Thu Sep 26 18:39:13 2013 +0100
move common/flashproxy to top-level --- .gitignore | 6 +++++ Makefile | 6 ++--- common/.gitignore | 5 ----- common/flashproxy/keys.py | 54 --------------------------------------------- common/flashproxy/util.py | 52 ------------------------------------------- common/setup.py | 22 ------------------ flashproxy/keys.py | 54 +++++++++++++++++++++++++++++++++++++++++++++ flashproxy/util.py | 52 +++++++++++++++++++++++++++++++++++++++++++ setup-common.py | 22 ++++++++++++++++++ 9 files changed, 137 insertions(+), 136 deletions(-)
diff --git a/.gitignore b/.gitignore index 6195b6c..70f19a2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,13 @@ *.pyc + +# built by setup*.py +/build /dist +/*.egg-info /py2exe-tmp + /websocket-transport/websocket-client /websocket-transport/websocket-server /modules/nodejs/node_modules /modules/nodejs/flashproxy.js + diff --git a/Makefile b/Makefile index 62fd852..fb5a38b 100644 --- a/Makefile +++ b/Makefile @@ -5,14 +5,14 @@ PREFIX = /usr/local BINDIR = $(PREFIX)/bin MANDIR = $(PREFIX)/share/man
-PYTHON ?= PYTHONPATH=common python +PYTHON ?= python export PY2EXE_TMPDIR = py2exe-tmp
CLIENT_BIN = flashproxy-client flashproxy-reg-appspot flashproxy-reg-email flashproxy-reg-http flashproxy-reg-url CLIENT_MAN = doc/flashproxy-client.1 doc/flashproxy-reg-appspot.1 doc/flashproxy-reg-email.1 doc/flashproxy-reg-http.1 doc/flashproxy-reg-url.1 CLIENT_DIST_FILES = $(CLIENT_BIN) README LICENSE ChangeLog torrc CLIENT_DIST_DOC_FILES = $(CLIENT_MAN) -CLIENT_DIST_LIB_COMMON = common/flashproxy/__init__.py common/flashproxy/keys.py common/flashproxy/util.py +CLIENT_DIST_LIB_COMMON = flashproxy/__init__.py flashproxy/keys.py flashproxy/util.py
all: $(CLIENT_DIST_FILES) $(CLIENT_MAN) : @@ -55,7 +55,7 @@ $(PY2EXE_TMPDIR)/dist: $(CLIENT_BIN) dist-exe: DISTNAME := $(DISTNAME)-win32 dist-exe: CLIENT_BIN := $(PY2EXE_TMPDIR)/dist/* dist-exe: CLIENT_MAN := $(addsuffix .txt,$(CLIENT_MAN)) -dist-exe: CLIENT_DIST_LIB_COMMON := # py2exe static-links dependencies +dist-exe: CLIENT_DIST_LIB_COMMON :=# py2exe static-links dependencies # Delegate to the "dist" target using the substitutions above. dist-exe: $(PY2EXE_TMPDIR)/dist setup.py dist
diff --git a/common/.gitignore b/common/.gitignore deleted file mode 100644 index b50e9ab..0000000 --- a/common/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -# built by setup.py -/build -/dist -/MANIFEST -/*.egg-info diff --git a/common/flashproxy/__init__.py b/common/flashproxy/__init__.py deleted file mode 100644 index e69de29..0000000 diff --git a/common/flashproxy/keys.py b/common/flashproxy/keys.py deleted file mode 100644 index 71525c8..0000000 --- a/common/flashproxy/keys.py +++ /dev/null @@ -1,54 +0,0 @@ -# We trust no other CA certificate than this. -# -# To find the certificate to copy here, -# $ strace openssl s_client -connect FRONT_DOMAIN:443 -verify 10 -CApath /etc/ssl/certs 2>&1 | grep /etc/ssl/certs -# stat("/etc/ssl/certs/XXXXXXXX.0", {st_mode=S_IFREG|0644, st_size=YYYY, ...}) = 0 -PIN_GOOGLE_CERT = """\ -subject=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority -issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority ------BEGIN CERTIFICATE----- -MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV -UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy -dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1 -MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx -dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B -AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f -BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A -cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC -AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ -MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm -aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw -ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj -IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF -MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA -A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y -7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh -1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4 ------END CERTIFICATE----- -""" -# SHA-1 digest of expected public keys. Any of these is valid. See -# http://www.imperialviolet.org/2011/05/04/pinning.html for the reason behind -# hashing the public key, not the entire certificate. -PIN_GOOGLE_PUBKEY_SHA1 = ( - # https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security... - # kSPKIHash_Google1024 - "\x40\xc5\x40\x1d\x6f\x8c\xba\xf0\x8b\x00\xed\xef\xb1\xee\x87\xd0\x05\xb3\xb9\xcd", - # kSPKIHash_GoogleG2 - "\x43\xda\xd6\x30\xee\x53\xf8\xa9\x80\xca\x6e\xfd\x85\xf4\x6a\xa3\x79\x90\xe0\xea", -) - -# Registrations are encrypted with this public key before being emailed. Only -# the facilitator operators should have the corresponding private key. Given a -# private key in reg-email, get the public key like this: -# openssl rsa -pubout < reg-email > reg-email.pub -DEFAULT_FACILITATOR_PUBKEY_PEM = """\ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44Mt8c599/4N2fgu6ppN -oatPW1GOgZxxObljFtEy0OWM1eHB35OOn+Kn9MxNHTRxVWwCEi0HYxWNVs2qrXxV -84LmWBz6A65d2qBlgltgLXusiXLrpwxVmJeO+GfmbF8ur0U9JSYxA20cGW/kujNg -XYDGQxO1Gvxq2lHK2LQmBpkfKEE1DMFASmIvlHDQgDj3XBb5lYeOsHZmg16UrGAq -1UH238hgJITPGLXBtwLtJkYbrATJvrEcmvI7QSm57SgYGpaB5ZdCbJL5bag5Pgt6 -M5SDDYYY4xxEPzokjFJfCQv+kcyAnzERNMQ9kR41ePTXG62bpngK5iWGeJ5XdkxG -gwIDAQAB ------END PUBLIC KEY----- -""" diff --git a/common/flashproxy/util.py b/common/flashproxy/util.py deleted file mode 100644 index 47bd87a..0000000 --- a/common/flashproxy/util.py +++ /dev/null @@ -1,52 +0,0 @@ -import re -import socket - -def parse_addr_spec(spec, defhost = None, defport = None): - host = None - port = None - af = 0 - m = None - # IPv6 syntax. - if not m: - m = re.match(ur'^[(.+)]:(\d*)$', spec) - if m: - host, port = m.groups() - af = socket.AF_INET6 - if not m: - m = re.match(ur'^[(.+)]$', spec) - if m: - host, = m.groups() - af = socket.AF_INET6 - # IPv4/hostname/port-only syntax. - if not m: - try: - host, port = spec.split(":", 1) - except ValueError: - host = spec - if re.match(ur'^[\d.]+$', host): - af = socket.AF_INET - else: - af = 0 - host = host or defhost - port = port or defport - if port is not None: - port = int(port) - return host, port - -def format_addr(addr): - host, port = addr - if not host: - return u":%d" % port - # Numeric IPv6 address? - try: - addrs = socket.getaddrinfo(host, port, 0, socket.SOCK_STREAM, socket.IPPROTO_TCP, socket.AI_NUMERICHOST) - af = addrs[0][0] - except socket.gaierror, e: - af = 0 - if af == socket.AF_INET6: - result = u"[%s]" % host - else: - result = "%s" % host - if port is not None: - result += u":%d" % port - return result diff --git a/common/setup.py b/common/setup.py deleted file mode 100755 index 44c9c3e..0000000 --- a/common/setup.py +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env python - -import sys - -from setuptools import setup, find_packages - -setup( - name = "flashproxy-common", - author = "dcf", - author_email = "dcf@torproject.org", - description = ("Common code for flashproxy"), - license = "BSD", - keywords = ['tor', 'flashproxy'], - - packages = find_packages(), - - version = "1.3", - - install_requires = [ - 'setuptools', - ], -) diff --git a/flashproxy/__init__.py b/flashproxy/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/flashproxy/keys.py b/flashproxy/keys.py new file mode 100644 index 0000000..71525c8 --- /dev/null +++ b/flashproxy/keys.py @@ -0,0 +1,54 @@ +# We trust no other CA certificate than this. +# +# To find the certificate to copy here, +# $ strace openssl s_client -connect FRONT_DOMAIN:443 -verify 10 -CApath /etc/ssl/certs 2>&1 | grep /etc/ssl/certs +# stat("/etc/ssl/certs/XXXXXXXX.0", {st_mode=S_IFREG|0644, st_size=YYYY, ...}) = 0 +PIN_GOOGLE_CERT = """\ +subject=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority +issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority +-----BEGIN CERTIFICATE----- +MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy +dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1 +MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx +dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f +BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A +cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC +AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm +aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw +ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj +IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF +MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA +A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y +7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh +1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4 +-----END CERTIFICATE----- +""" +# SHA-1 digest of expected public keys. Any of these is valid. See +# http://www.imperialviolet.org/2011/05/04/pinning.html for the reason behind +# hashing the public key, not the entire certificate. +PIN_GOOGLE_PUBKEY_SHA1 = ( + # https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security... + # kSPKIHash_Google1024 + "\x40\xc5\x40\x1d\x6f\x8c\xba\xf0\x8b\x00\xed\xef\xb1\xee\x87\xd0\x05\xb3\xb9\xcd", + # kSPKIHash_GoogleG2 + "\x43\xda\xd6\x30\xee\x53\xf8\xa9\x80\xca\x6e\xfd\x85\xf4\x6a\xa3\x79\x90\xe0\xea", +) + +# Registrations are encrypted with this public key before being emailed. Only +# the facilitator operators should have the corresponding private key. Given a +# private key in reg-email, get the public key like this: +# openssl rsa -pubout < reg-email > reg-email.pub +DEFAULT_FACILITATOR_PUBKEY_PEM = """\ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44Mt8c599/4N2fgu6ppN +oatPW1GOgZxxObljFtEy0OWM1eHB35OOn+Kn9MxNHTRxVWwCEi0HYxWNVs2qrXxV +84LmWBz6A65d2qBlgltgLXusiXLrpwxVmJeO+GfmbF8ur0U9JSYxA20cGW/kujNg +XYDGQxO1Gvxq2lHK2LQmBpkfKEE1DMFASmIvlHDQgDj3XBb5lYeOsHZmg16UrGAq +1UH238hgJITPGLXBtwLtJkYbrATJvrEcmvI7QSm57SgYGpaB5ZdCbJL5bag5Pgt6 +M5SDDYYY4xxEPzokjFJfCQv+kcyAnzERNMQ9kR41ePTXG62bpngK5iWGeJ5XdkxG +gwIDAQAB +-----END PUBLIC KEY----- +""" diff --git a/flashproxy/util.py b/flashproxy/util.py new file mode 100644 index 0000000..47bd87a --- /dev/null +++ b/flashproxy/util.py @@ -0,0 +1,52 @@ +import re +import socket + +def parse_addr_spec(spec, defhost = None, defport = None): + host = None + port = None + af = 0 + m = None + # IPv6 syntax. + if not m: + m = re.match(ur'^[(.+)]:(\d*)$', spec) + if m: + host, port = m.groups() + af = socket.AF_INET6 + if not m: + m = re.match(ur'^[(.+)]$', spec) + if m: + host, = m.groups() + af = socket.AF_INET6 + # IPv4/hostname/port-only syntax. + if not m: + try: + host, port = spec.split(":", 1) + except ValueError: + host = spec + if re.match(ur'^[\d.]+$', host): + af = socket.AF_INET + else: + af = 0 + host = host or defhost + port = port or defport + if port is not None: + port = int(port) + return host, port + +def format_addr(addr): + host, port = addr + if not host: + return u":%d" % port + # Numeric IPv6 address? + try: + addrs = socket.getaddrinfo(host, port, 0, socket.SOCK_STREAM, socket.IPPROTO_TCP, socket.AI_NUMERICHOST) + af = addrs[0][0] + except socket.gaierror, e: + af = 0 + if af == socket.AF_INET6: + result = u"[%s]" % host + else: + result = "%s" % host + if port is not None: + result += u":%d" % port + return result diff --git a/setup-common.py b/setup-common.py new file mode 100755 index 0000000..44c9c3e --- /dev/null +++ b/setup-common.py @@ -0,0 +1,22 @@ +#!/usr/bin/env python + +import sys + +from setuptools import setup, find_packages + +setup( + name = "flashproxy-common", + author = "dcf", + author_email = "dcf@torproject.org", + description = ("Common code for flashproxy"), + license = "BSD", + keywords = ['tor', 'flashproxy'], + + packages = find_packages(), + + version = "1.3", + + install_requires = [ + 'setuptools', + ], +)