tlslib.insecure
Insecure options for the abstract interface to TLS for Python.
1"""Insecure options for the abstract interface to TLS for Python.""" 2 3import warnings 4from abc import abstractmethod 5from collections.abc import Callable 6from typing import Generic, Protocol, TypeVar 7 8from ..tlslib import ( 9 ClientContext, 10 ServerContext, 11 TLSClientConfiguration, 12 TLSImplementation, 13 TLSServerConfiguration, 14) 15 16 17class SecurityWarning(Warning): 18 """Warning regarding the insecurity caused by the use of this module""" 19 20 21class InsecureConfiguration: 22 """ 23 Class allowing users to define insecure configuration parameters for testing purposes. 24 It should be noted that making use of any of the options in this class will lead to an 25 insecure deployment of TLS. 26 27 :param _disable_hostname_check bool: 28 Disables hostname_check of the server certificate. This allows anyone positioned 29 in the network to intercept connections between legitimate clients and servers without 30 detection and is insecure. A better option would be to obtain the server's (self-signed) 31 certificate and place it in a newly-created TrustStore object. 32 33 :param disable_verification bool: 34 Disables client verification of the server certificate. This allows anyone positioned 35 in the network to intercept connections between legitimate clients and servers without 36 detection and is insecure. A better option would be to obtain the server's (self-signed) 37 certificate and place it in a newly-created TrustStore object. 38 """ 39 40 __slots__ = ( 41 "_disable_verification", 42 "_disable_hostname_check", 43 ) 44 45 def __init__( 46 self, 47 disable_hostname_check: bool = False, 48 disable_verification: bool = False, 49 ) -> None: 50 """Initializes the InsecureConfiguration.""" 51 warnings.warn( 52 "Using InsecureConfiguration is insecure and should not be used in production.", 53 SecurityWarning, 54 ) 55 56 if not disable_hostname_check and disable_verification: 57 raise ValueError("Cannot disable verification without disabling hostname check") 58 59 self._disable_hostname_check = disable_hostname_check 60 self._disable_verification = disable_verification 61 62 @property 63 def disable_hostname_check(self) -> bool: 64 """Whether client verification of the server hostname should be disabled.""" 65 return self._disable_hostname_check 66 67 @property 68 def disable_verification(self) -> bool: 69 """Whether client verification of the server certificate should be disabled.""" 70 return self._disable_verification 71 72 73class InsecureClientContext(ClientContext, Protocol): 74 """ 75 Class allowing users to make insecure choices for testing purposes. 76 77 :param tls_configuration TLSClientConfiguration 78 The underlying TLS configuration to be used to instantiate the insecure context. 79 80 :param insecure_configuration InsecureConfiguration: 81 The insecure configuration options that will make this context insecure. 82 """ 83 84 @abstractmethod 85 def __init__( 86 self, 87 tls_configuration: TLSClientConfiguration, 88 insecure_configuration: InsecureConfiguration, 89 ) -> None: 90 """ 91 Create a new insecure context object from a given TLS configuration and 92 insecure configuration.""" 93 94 @property 95 @abstractmethod 96 def insecure_configuration(self) -> InsecureConfiguration: 97 """The insecure configuration options that will make this context insecure.""" 98 99 100class InsecureServerContext(ServerContext, Protocol): 101 """ 102 Class allowing users to make insecure choices for testing purposes. 103 104 :param tls_configuration TLSClientConfiguration | TLSServerConfiguration: 105 The underlying TLS configuration to be used to instantiate the insecure context. 106 107 :param insecure_configuration InsecureConfiguration: 108 The insecure configuration options that will make this context insecure. 109 """ 110 111 @abstractmethod 112 def __init__( 113 self, 114 tls_configuration: TLSServerConfiguration, 115 insecure_configuration: InsecureConfiguration, 116 ) -> None: 117 """ 118 Create a new insecure context object from a given TLS configuration and 119 insecure configuration.""" 120 121 @property 122 @abstractmethod 123 def insecure_configuration(self) -> InsecureConfiguration: 124 """The insecure configuration options that will make this context insecure.""" 125 126 127_ClientContext = TypeVar("_ClientContext", bound=ClientContext) 128_ServerContext = TypeVar("_ServerContext", bound=ServerContext) 129_InsecureClientContext = TypeVar("_InsecureClientContext", bound=InsecureClientContext) 130_InsecureServerContext = TypeVar("_InsecureServerContext", bound=InsecureServerContext) 131 132 133class InsecureTLSImplementation( 134 TLSImplementation, Generic[_InsecureClientContext, _InsecureServerContext] 135): 136 """ 137 An insecure version of a TLS API implementation that allows a user to make insecure 138 choices for testing purposes. 139 """ 140 141 __slots__ = ( 142 "_insecure_client_context", 143 "_insecure_server_context", 144 ) 145 146 def __init__( 147 self, 148 client_context: type[_ClientContext], 149 server_context: type[_ServerContext], 150 validate_config: Callable[[TLSClientConfiguration | TLSServerConfiguration], None], 151 insecure_client_context: type[_InsecureClientContext], 152 insecure_server_context: type[_InsecureServerContext], 153 ) -> None: 154 """Initializes all attributes of the implementation.""" 155 156 warnings.warn( 157 "Using an InsecureTLSImplementation is insecure. " 158 "This should not be used in production.", 159 SecurityWarning, 160 ) 161 162 self._insecure_client_context = insecure_client_context 163 self._insecure_server_context = insecure_server_context 164 165 super().__init__( 166 client_context=client_context, 167 server_context=server_context, 168 validate_config=validate_config, 169 ) 170 171 @property 172 def insecure_client_context(self) -> type[_InsecureClientContext]: 173 """The concrete implementation of the PEP 543 Insecure Client Context object used 174 by this TLS implementation. 175 """ 176 return self._insecure_client_context 177 178 @property 179 def insecure_server_context(self) -> type[_InsecureServerContext]: 180 """The concrete implementation of the PEP 543 Insecure Server Context object used 181 by this TLS implementation. 182 """ 183 return self._insecure_server_context
class
SecurityWarning(builtins.Warning):
18class SecurityWarning(Warning): 19 """Warning regarding the insecurity caused by the use of this module"""
Warning regarding the insecurity caused by the use of this module
Inherited Members
- builtins.Warning
- Warning
- builtins.BaseException
- with_traceback
- add_note
- args
class
InsecureConfiguration:
22class InsecureConfiguration: 23 """ 24 Class allowing users to define insecure configuration parameters for testing purposes. 25 It should be noted that making use of any of the options in this class will lead to an 26 insecure deployment of TLS. 27 28 :param _disable_hostname_check bool: 29 Disables hostname_check of the server certificate. This allows anyone positioned 30 in the network to intercept connections between legitimate clients and servers without 31 detection and is insecure. A better option would be to obtain the server's (self-signed) 32 certificate and place it in a newly-created TrustStore object. 33 34 :param disable_verification bool: 35 Disables client verification of the server certificate. This allows anyone positioned 36 in the network to intercept connections between legitimate clients and servers without 37 detection and is insecure. A better option would be to obtain the server's (self-signed) 38 certificate and place it in a newly-created TrustStore object. 39 """ 40 41 __slots__ = ( 42 "_disable_verification", 43 "_disable_hostname_check", 44 ) 45 46 def __init__( 47 self, 48 disable_hostname_check: bool = False, 49 disable_verification: bool = False, 50 ) -> None: 51 """Initializes the InsecureConfiguration.""" 52 warnings.warn( 53 "Using InsecureConfiguration is insecure and should not be used in production.", 54 SecurityWarning, 55 ) 56 57 if not disable_hostname_check and disable_verification: 58 raise ValueError("Cannot disable verification without disabling hostname check") 59 60 self._disable_hostname_check = disable_hostname_check 61 self._disable_verification = disable_verification 62 63 @property 64 def disable_hostname_check(self) -> bool: 65 """Whether client verification of the server hostname should be disabled.""" 66 return self._disable_hostname_check 67 68 @property 69 def disable_verification(self) -> bool: 70 """Whether client verification of the server certificate should be disabled.""" 71 return self._disable_verification
Class allowing users to define insecure configuration parameters for testing purposes. It should be noted that making use of any of the options in this class will lead to an insecure deployment of TLS.
Parameters
_disable_hostname_check bool: Disables hostname_check of the server certificate. This allows anyone positioned in the network to intercept connections between legitimate clients and servers without detection and is insecure. A better option would be to obtain the server's (self-signed) certificate and place it in a newly-created TrustStore object.
disable_verification bool: Disables client verification of the server certificate. This allows anyone positioned in the network to intercept connections between legitimate clients and servers without detection and is insecure. A better option would be to obtain the server's (self-signed) certificate and place it in a newly-created TrustStore object.
InsecureConfiguration( disable_hostname_check: bool = False, disable_verification: bool = False)
46 def __init__( 47 self, 48 disable_hostname_check: bool = False, 49 disable_verification: bool = False, 50 ) -> None: 51 """Initializes the InsecureConfiguration.""" 52 warnings.warn( 53 "Using InsecureConfiguration is insecure and should not be used in production.", 54 SecurityWarning, 55 ) 56 57 if not disable_hostname_check and disable_verification: 58 raise ValueError("Cannot disable verification without disabling hostname check") 59 60 self._disable_hostname_check = disable_hostname_check 61 self._disable_verification = disable_verification
Initializes the InsecureConfiguration.
74class InsecureClientContext(ClientContext, Protocol): 75 """ 76 Class allowing users to make insecure choices for testing purposes. 77 78 :param tls_configuration TLSClientConfiguration 79 The underlying TLS configuration to be used to instantiate the insecure context. 80 81 :param insecure_configuration InsecureConfiguration: 82 The insecure configuration options that will make this context insecure. 83 """ 84 85 @abstractmethod 86 def __init__( 87 self, 88 tls_configuration: TLSClientConfiguration, 89 insecure_configuration: InsecureConfiguration, 90 ) -> None: 91 """ 92 Create a new insecure context object from a given TLS configuration and 93 insecure configuration.""" 94 95 @property 96 @abstractmethod 97 def insecure_configuration(self) -> InsecureConfiguration: 98 """The insecure configuration options that will make this context insecure."""
Class allowing users to make insecure choices for testing purposes.
:param tls_configuration TLSClientConfiguration The underlying TLS configuration to be used to instantiate the insecure context.
Parameters
- insecure_configuration InsecureConfiguration: The insecure configuration options that will make this context insecure.
@abstractmethod
InsecureClientContext( tls_configuration: tlslib.tlslib.TLSClientConfiguration, insecure_configuration: InsecureConfiguration)
85 @abstractmethod 86 def __init__( 87 self, 88 tls_configuration: TLSClientConfiguration, 89 insecure_configuration: InsecureConfiguration, 90 ) -> None: 91 """ 92 Create a new insecure context object from a given TLS configuration and 93 insecure configuration."""
Create a new insecure context object from a given TLS configuration and insecure configuration.
insecure_configuration: InsecureConfiguration
95 @property 96 @abstractmethod 97 def insecure_configuration(self) -> InsecureConfiguration: 98 """The insecure configuration options that will make this context insecure."""
The insecure configuration options that will make this context insecure.
Inherited Members
101class InsecureServerContext(ServerContext, Protocol): 102 """ 103 Class allowing users to make insecure choices for testing purposes. 104 105 :param tls_configuration TLSClientConfiguration | TLSServerConfiguration: 106 The underlying TLS configuration to be used to instantiate the insecure context. 107 108 :param insecure_configuration InsecureConfiguration: 109 The insecure configuration options that will make this context insecure. 110 """ 111 112 @abstractmethod 113 def __init__( 114 self, 115 tls_configuration: TLSServerConfiguration, 116 insecure_configuration: InsecureConfiguration, 117 ) -> None: 118 """ 119 Create a new insecure context object from a given TLS configuration and 120 insecure configuration.""" 121 122 @property 123 @abstractmethod 124 def insecure_configuration(self) -> InsecureConfiguration: 125 """The insecure configuration options that will make this context insecure."""
Class allowing users to make insecure choices for testing purposes.
Parameters
tls_configuration TLSClientConfiguration | TLSServerConfiguration: The underlying TLS configuration to be used to instantiate the insecure context.
insecure_configuration InsecureConfiguration: The insecure configuration options that will make this context insecure.
@abstractmethod
InsecureServerContext( tls_configuration: tlslib.tlslib.TLSServerConfiguration, insecure_configuration: InsecureConfiguration)
112 @abstractmethod 113 def __init__( 114 self, 115 tls_configuration: TLSServerConfiguration, 116 insecure_configuration: InsecureConfiguration, 117 ) -> None: 118 """ 119 Create a new insecure context object from a given TLS configuration and 120 insecure configuration."""
Create a new insecure context object from a given TLS configuration and insecure configuration.
insecure_configuration: InsecureConfiguration
122 @property 123 @abstractmethod 124 def insecure_configuration(self) -> InsecureConfiguration: 125 """The insecure configuration options that will make this context insecure."""
The insecure configuration options that will make this context insecure.
Inherited Members
class
InsecureTLSImplementation(tlslib.tlslib.TLSImplementation, typing.Generic[~_InsecureClientContext, ~_InsecureServerContext]):
134class InsecureTLSImplementation( 135 TLSImplementation, Generic[_InsecureClientContext, _InsecureServerContext] 136): 137 """ 138 An insecure version of a TLS API implementation that allows a user to make insecure 139 choices for testing purposes. 140 """ 141 142 __slots__ = ( 143 "_insecure_client_context", 144 "_insecure_server_context", 145 ) 146 147 def __init__( 148 self, 149 client_context: type[_ClientContext], 150 server_context: type[_ServerContext], 151 validate_config: Callable[[TLSClientConfiguration | TLSServerConfiguration], None], 152 insecure_client_context: type[_InsecureClientContext], 153 insecure_server_context: type[_InsecureServerContext], 154 ) -> None: 155 """Initializes all attributes of the implementation.""" 156 157 warnings.warn( 158 "Using an InsecureTLSImplementation is insecure. " 159 "This should not be used in production.", 160 SecurityWarning, 161 ) 162 163 self._insecure_client_context = insecure_client_context 164 self._insecure_server_context = insecure_server_context 165 166 super().__init__( 167 client_context=client_context, 168 server_context=server_context, 169 validate_config=validate_config, 170 ) 171 172 @property 173 def insecure_client_context(self) -> type[_InsecureClientContext]: 174 """The concrete implementation of the PEP 543 Insecure Client Context object used 175 by this TLS implementation. 176 """ 177 return self._insecure_client_context 178 179 @property 180 def insecure_server_context(self) -> type[_InsecureServerContext]: 181 """The concrete implementation of the PEP 543 Insecure Server Context object used 182 by this TLS implementation. 183 """ 184 return self._insecure_server_context
An insecure version of a TLS API implementation that allows a user to make insecure choices for testing purposes.
insecure_client_context: type[~_InsecureClientContext]
172 @property 173 def insecure_client_context(self) -> type[_InsecureClientContext]: 174 """The concrete implementation of the PEP 543 Insecure Client Context object used 175 by this TLS implementation. 176 """ 177 return self._insecure_client_context
The concrete implementation of the PEP 543 Insecure Client Context object used by this TLS implementation.
insecure_server_context: type[~_InsecureServerContext]
179 @property 180 def insecure_server_context(self) -> type[_InsecureServerContext]: 181 """The concrete implementation of the PEP 543 Insecure Server Context object used 182 by this TLS implementation. 183 """ 184 return self._insecure_server_context
The concrete implementation of the PEP 543 Insecure Server Context object used by this TLS implementation.