check_dane/https.py

   1 #!/usr/bin/python3
   2
   3 from __future__ import print_function
   4
   5 import sys
   6 import argparse
   7 import logging
   8
   9 from socket import socket
  10
  11 from check_dane.tlsa import get_tlsa_records, match_tlsa_records
  12 from check_dane.cert import verify_certificate, add_certificate_options
  13 from check_dane.abstract import DaneChecker
  14
  15
  16 from ssl import SSLContext, PROTOCOL_TLSv1_2, CERT_REQUIRED
  17
  18
  19 class HttpsDaneChecker(DaneChecker):
  20     def _init_connection(self, family, host, port):
  21         connection = self._sslcontext.wrap_socket(socket(family),
  22                                                   server_hostname=host)
  23         connection.connect((host, port))
  24         connection.send(b"HEAD / HTTP/1.1\r\nHost: %s\r\n\r\n" % host.encode())
  25         answer = connection.recv(512)
  26         logging.debug(answer)
  27
  28         return connection
  29
  30
  31     @property
  32     def port(self):
  33         return 443
  34
  35
  36     def _close_connection(self, connection):
  37         connection.close()
  38
  39
  40     def __init__(self):
  41         DaneChecker.__init__(self)
  42
  43
  44     def set_args(self, args):
  45         DaneChecker.set_args(self, args)
  46
  47         sslcontext = SSLContext(PROTOCOL_TLSv1_2)
  48         sslcontext.verify_mode = CERT_REQUIRED
  49         sslcontext.load_verify_locations(args.castore)
  50
  51         self._sslcontext = sslcontext
  52
  53
  54     def generate_menu(self, argparser):
  55         DaneChecker.generate_menu(self, argparser)
  56         argparser.add_argument("-p", "--port",
  57                                action="store", type=int, default=443,
  58                                help="HTTPS port")
  59
  60
  61
  62
  63 def main():
  64     logging.basicConfig(format='%(levelname)5s %(message)s')
  65     checker = HttpsDaneChecker()
  66     parser = argparse.ArgumentParser()
  67
  68     parser.add_argument("--verbose", action="store_true")
  69     parser.add_argument("--quiet", action="store_true")
  70
  71     checker.generate_menu(parser)
  72     add_certificate_options(parser)
  73
  74     args = parser.parse_args()
  75     checker.set_args(args)
  76
  77     if args.verbose:
  78         logging.getLogger().setLevel(logging.DEBUG)
  79     elif args.quiet:
  80         logging.getLogger().setLevel(logging.WARNING)
  81     else:
  82         logging.getLogger().setLevel(logging.INFO)
  83
  84     return checker.check()
  85
  86 if __name__ == '__main__':
  87     import sys
  88     sys.exit(main())