Files @ c11dd0c93877
Branch filter:

Location: C3L-NOC/tls-expiry-tracker/backend/generic_handler.py - annotation

c11dd0c93877 2.2 KiB text/x-python Show Source Show as Raw Download as Raw
x
feat: generalize the verificator for a generic abstract handler
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877
c11dd0c93877

from abc import ABC, abstractmethod
import ssl
from tls_utils import TLSDetails, EXPIRED, REVOKED, SELF_SIGNED, ROOT_NOT_TRUSTED

class GenericHandler(ABC):
    def __init__(self, host: str, port: int, context: ssl.SSLContext):
        self.host = host
        self.port = port
        self.context = context

    @abstractmethod
    def connect(self, verification: bool) -> int:
        raise NotImplementedError()

    @staticmethod
    def create_handler(protocol: str):
        import web, mail
        if protocol == "smtp":
            return mail.SMTPHandler
        elif protocol == "imap":
            return mail.IMAPHandler
        elif protocol == "ssl" or protocol == "tls" or protocol == "https":
            return web.SSLHandler
        else:
            raise ValueError("Invalid protocol")

class Verificator:
    def __init__(self, context: ssl.SSLContext):
        self.context = context
    def connect(self, domain: str, port: int, protocol: str) -> TLSDetails:
        handler = GenericHandler.create_handler(protocol)(domain, port, self.context)
        try:
            expiry = handler.connect(True)
            return TLSDetails(domain_name=domain, expires_in_days=expiry)
        except ssl.SSLCertVerificationError as e:
            if e.verify_code == EXPIRED:
                expiry = handler.connect(False)
                return TLSDetails(domain_name=domain, expires_in_days=expiry)
            elif e.verify_code == REVOKED:
                return TLSDetails(domain_name=domain, error_message="was revoked.")
            elif e.verify_code == SELF_SIGNED:
                return TLSDetails(domain_name=domain, error_message="is self-signed.")
            elif e.verify_code == ROOT_NOT_TRUSTED:
                return TLSDetails(domain_name=domain, error_message="invalid: root not trusted.")
            else:
                return TLSDetails(domain_name=domain, error_message="failed verification: " + e.verify_message + ".")
        except ssl.SSLError as e:
            return TLSDetails(domain_name=domain, error_message="could not establish a secure connection: " + e.reason + ".")
        except Exception as e:
            return TLSDetails(domain_name=domain, error_message="could not connect: " + str(e) + ".")
Server instance: saturn-297544 This site is powered by Kallithea, which is © 2010–2021 by various authors & licensed under GPLv3. – Support