Merge branch 'master' of github.com:research/chocolate

2026-01-26 07:41:33 +03:00 · 2012-11-18 23:30:40 -05:00
parent 2655029d5e 99a679209c
commit 5cc5418da2
9 changed files with 20061 additions and 16 deletions
--- a/server-ca/data/alexa-top-10k.txt
+++ b/server-ca/data/alexa-top-10k.txt
--- a/server-ca/data/quantast-top-10k.txt
+++ b/server-ca/data/quantast-top-10k.txt
--- a/server-ca/issue-daemon.py
+++ b/server-ca/issue-daemon.py
@@ -68,5 +68,5 @@ while True:
    elif where == "pending-issue":
        issue(what)
    if clean_shutdown:
-        print "daemon exiting cleanly"
+        print "issue daemon exiting cleanly"
        break
--- a/server-ca/logging-daemon.py
+++ b/server-ca/logging-daemon.py
@@ -20,10 +20,11 @@ for message in ps.listen():
    if message["type"] != "message":
        continue
    if message["channel"] == "logs":
-        if debug: print message["data"]
+        sys.stdout.write(message["data"] + "\n")
+        sys.stdout.flush()
        continue
    if message["channel"] == "exit":
        break
    if clean_shutdown:
-        print "daemon exiting cleanly"
+        print "logging daemon exiting cleanly"
        break
--- a/server-ca/makechallenge-daemon.py
+++ b/server-ca/makechallenge-daemon.py
@@ -66,5 +66,5 @@ while True:
    elif where == "pending-makechallenge":
        makechallenge(what)
    if clean_shutdown:
-        print "daemon exiting cleanly"
+        print "makechallenge daemon exiting cleanly"
        break
--- a/server-ca/payment-daemon.py
+++ b/server-ca/payment-daemon.py
@@ -54,5 +54,5 @@ for message in ps.listen():
    if message["channel"] == "exit":
        break
    if clean_shutdown:
-        print "daemon exiting cleanly"
+        print "payment daemon exiting cleanly"
        break
--- a/server-ca/policy.py
+++ b/server-ca/policy.py
@@ -17,10 +17,54 @@ def payment_required(session):
    """Does this session require a payment?"""
    # Sample policy: require a payment when total number of requested
    # subject names is greater than one.
-    if r.llen("%s:names" % session) > 1:
+    #if r.llen("%s:names" % session) > 1:
+    #    return True
+
+    # Second example: if any of the names are in the Alexa or Quantcast top
+    # 10,000, call for a payment
+    names = r.lrange("%s:names" % session, 0, -1)
+    for name in names: 
+        if in_top_10k(name): return True
+    return False
+
+def in_top_10k(hostname):
+    """Check whether a hostname is part of a top 10,000 website."""
+    # That includes subdomains of top 10,000 sites, but not if the subdomain
+    # is below a public suffix (such as a dynamic DNS provider or hosting
+    # umbrella, perhaps)
+    parts = hostname.lower().split(".")
+    for n in range(2, len(parts)+1):
+      name_or_parent = ".".join(parts[-n:])
+      if name_or_parent in top_10k:
        return True
-    else:
-        return False
+      # XXX if name_or_parent in public_suffix_list: break
+    return False
+
+def check_domain(domain):
+    import string as s
+    allowed = s.ascii_letters + s.digits + "-."  
+    # top 10k domains should contain dots, and ASCII characters (for the TLD,
+    # if nothing else).  
+    # XXX The Alexa top10k contains a few IP addresses.  This currently
+    # excludes them, but perhaps it shouldn't...
+    if len([c for c in domain if c in s.ascii_letters]) == 0: return False
+    if "." not in domain: return False
+    return all([c in allowed for c in domain])
+
+have_top_10k = False
+
+def get_top_10k():
+    data_files = ["data/alexa-top-10k.txt","data/quantast-top-10k.txt"]
+    global top_10k, have_top_10k
+    top_10k = {}
+    for f in data_files:
+        for line in open(f).readlines():
+            domain=line.split()[1]
+            if check_domain(domain):
+                top_10k[domain] = True
+    have_top_10k = True
+
+get_top_10k()

 def expire_session(session, state):
    """Should this session be expired?"""
--- a/server-ca/testchallenge-daemon.py
+++ b/server-ca/testchallenge-daemon.py
@@ -129,5 +129,5 @@ while True:
        with redis_lock(r, "lock-" + what):
            testchallenge(what)
    if clean_shutdown:
-        print "daemon exiting cleanly"
+        print "testchallenge daemon exiting cleanly"
        break
--- a/trustify/client/client.py
+++ b/trustify/client/client.py
@@ -132,18 +132,18 @@ def is_hostname_sane(hostname):
    import string as s
    allowed = s.ascii_letters + s.digits + "-."  # hostnames & IPv4
    if all([c in allowed for c in hostname]):
-      return True
+        return True
    
    if not allow_raw_ipv6_server: return False

    # ipv6 is messy and complicated, can contain %zoneindex etc.  
    import socket
    try:
-      # is this a valid IPv6 address?
-      socket.getaddrinfo(hostname,443,socket.AF_INET6)
-      return True
+        # is this a valid IPv6 address?
+        socket.getaddrinfo(hostname,443,socket.AF_INET6)
+        return True
    except:
-      return False
+        return False



@@ -541,7 +541,7 @@ def authenticate():
    # This should be invoked if a payment is necessary
    # This is being tested and will have to be cleaned and organized 
    # once the protocol is finalized.
-    if r.challenge and all_payment_challenge(r):
+    while r.challenge and all_payment_challenge(r):
        # dont need to change domain names here
        paymentChallenges, temp = challenge_factory(r, os.path.abspath(req_file), os.path.abspath(key_file), config)
        for chall in paymentChallenges:
@@ -556,7 +556,7 @@ def authenticate():
        # Send the proceed message
        r = decode(do(upstream, k))

-        while r.proceed.IsInitialized() or r.challenge:
+        while r.proceed.IsInitialized():
            if r.proceed.IsInitialized():
                delay = min(r.proceed.polldelay, 60)
                logger.debug("waiting %d" % delay)