Author: tmckay
Date: 2011-10-25 16:43:40 +0000 (Tue, 25 Oct 2011)
New Revision: 5092
Added:
branches/lucidity/sage/python/sage/exceptions.py
branches/lucidity/sage/python/sage/https_full.py
Modified:
branches/lucidity/sage/python/sage/aviary/aviaryoperations.py
branches/lucidity/sage/python/sage/https.py
branches/lucidity/sage/python/sage/verifiedhttps.py
branches/lucidity/sage/python/sage/verifiedhttps_m2crypto.py
Log:
Add license statements, split files for clarity.
svn merge -c 5091
svn+ssh://svn.fedorahosted.org/svn/cumin/trunk .
Modified: branches/lucidity/sage/python/sage/aviary/aviaryoperations.py
===================================================================
--- branches/lucidity/sage/python/sage/aviary/aviaryoperations.py 2011-10-25 13:46:51 UTC
(rev 5091)
+++ branches/lucidity/sage/python/sage/aviary/aviaryoperations.py 2011-10-25 16:43:40 UTC
(rev 5092)
@@ -8,12 +8,18 @@
import time
import sage
+from datetime import datetime
from suds import *
from suds.client import Client
from suds.transport.https import HttpAuthenticated
from sage.util import CallSync, CallThread, ObjectPool, host_list
from sage.https import *
-from datetime import datetime
+try:
+ from sage.https_full import HTTPSFullCertTransport
+ has_full_cert = True
+ technology = sage.https_full.technology
+except:
+ has_full_cert = False
log = logging.getLogger("sage.aviary")
@@ -511,8 +517,7 @@
self.cert = cert
self.root_cert = root_cert
self.domain_verify = domain_verify
- self.server_validation_possible = hasattr(sage.https,
- "HTTPSFullCertTransport")
+ self.server_validation_possible = has_full_cert
if self.root_cert == "":
log.info("AviaryOperations: no root certificate file specified, "\
"using client validation only for ssl connections.")
@@ -524,7 +529,7 @@
else:
log.info("AviaryOperations: using client and server "\
"certificate validation for ssl connections, "\
- "solution is %s" % sage.https.technology)
+ "solution is %s" % technology)
log.info("AviaryOperations: verify server domain against "\
"certificate during validation (%s)" %
self.domain_verify)
Copied: branches/lucidity/sage/python/sage/exceptions.py (from rev 5091,
trunk/sage/python/sage/exceptions.py)
===================================================================
--- branches/lucidity/sage/python/sage/exceptions.py (rev 0)
+++ branches/lucidity/sage/python/sage/exceptions.py 2011-10-25 16:43:40 UTC (rev 5092)
@@ -0,0 +1,3 @@
+# Provide common exception classes here
+class SSLVerificationError(Exception):
+ pass
Modified: branches/lucidity/sage/python/sage/https.py
===================================================================
--- branches/lucidity/sage/python/sage/https.py 2011-10-25 13:46:51 UTC (rev 5091)
+++ branches/lucidity/sage/python/sage/https.py 2011-10-25 16:43:40 UTC (rev 5092)
@@ -1,8 +1,5 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
+# Copyright 2011 David Norton, Jr.
#
-# Copyright 2009-2011 Red Hat, Inc.
-#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@@ -15,20 +12,19 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
+#
http://davidnortonjr.com/
+# Copyright 2011 Red Hat, Inc.
+#
+# Modifications: inclusion of doc strings, method and class name changes,
+# provide _get_auth_handler method which can be overloaded
+# in derived classes.
+
# uses Suds -
https://fedorahosted.org/suds/
import urllib2 as u2
-from suds.transport.http import HttpTransport, Reply, TransportError
+from suds.transport.http import HttpTransport
import httplib
-import socket
-technology = "urllib2"
-
-# Provide an exception here that implementation classes
-# can use in common to raise exceptions and return messages
-class SSLVerificationError(Exception):
- pass
-
class HTTPSClientAuthHandler(u2.HTTPSHandler):
def __init__(self, key, cert):
"""
@@ -68,100 +64,9 @@
HttpTransport.__init__(self, *args, **kwargs)
self.key = key
self.cert = cert
+ self.urlopener = u2.build_opener(self._get_auth_handler())
- def u2open(self, u2request):
- """
- Open an ssl connection with client certificate validation.
-
- @param u2request: A urllib2 request.
- @type u2request: urllib2.Request.
- @return: The opened file-like urllib2 object.
- @rtype: fp
- """
- tm = self.options.timeout
- url = u2.build_opener(self._get_auth_handler())
- if self.u2ver() < 2.6:
- socket.setdefaulttimeout(tm)
- return url.open(u2request)
- else:
- return url.open(u2request, timeout=tm)
-
def _get_auth_handler(self):
return HTTPSClientAuthHandler(self.key, self.cert)
-try:
- # If verifiedhttps dependencies can be satisfied,
- # this import will succeed and the following two classes will
- # be available to provide server certificate validation.
- # A module can check for the presence of these two classes
- # after import thusly (with "whatever" enclosing module
- # if necessary):
- # import https
- # if hasattr(<whatever.>https, "HTTPSFullAuthHandler"):
- # ...
- # if hasattr(<whatever.>https, "HTTPSFullCertTransport"):
- # ...
- try:
- # Try a solution that uses the Python ssl module first
- from sage.verifiedhttps import VerifiedHTTPSConnection
- technology = "Python ssl"
- except:
- # Didn't work, try a solution based on m2crypto
- from sage.verifiedhttps_m2crypto import VerifiedHTTPSConnection
- technology = "M2Crypto"
-
- class HTTPSFullAuthHandler(HTTPSClientAuthHandler):
- """
- Add server certificate validation to HTTPSClientAuthHandler
- via a different connection type (VerifiedHTTPSConnection).
- """
- def __init__(self, my_key, my_cert, root_cert, domain_verify):
- """
- @param my_key: full path for the client's private key file
- @param my_cert: full path for the client's PEM certificate file
- @param root_cert: full path for root certificates file used to
- verify server certificates on connection
- @param domain_verify: check server host against the 'commonName'
- field in the server certificate
- """
- HTTPSClientAuthHandler.__init__(self, my_key, my_cert)
- self.root_cert = root_cert
- self.domain_verify = domain_verify
-
- def _get_connection(self, host, timeout=300):
- """
- @return: A connection object derived from httplib types with
- with client and server certificate validation support
- @rtype: VerifiedHTTPSConnection
- """
- return VerifiedHTTPSConnection(host,
- key_file=self.key,
- cert_file=self.cert,
- root_cert=self.root_cert,
- domain_verify=self.domain_verify)
-
- class HTTPSFullCertTransport(HTTPSClientCertTransport):
- """
- Add server certificate validation to HTTPSClientCertTransport
- via a different handler type (HTTPSFullAuthHandler)
- """
- def __init__(self, key, cert, root_cert, domain_verify=True,
- *args, **kwargs):
- """
- @param key: full path for the client's private key file
- @param cert: full path for the client's PEM certificate file
- @param root_cert: full path for root certificates file used to
- verify server certificates on connection
- @param domain_verify: check server host against the 'commonName'
- field in the server certificate
- """
- HTTPSClientCertTransport.__init__(self, key, cert, *args, **kwargs)
- self.root_cert = root_cert
- self.domain_verify = domain_verify
-
- def _get_auth_handler(self):
- return HTTPSFullAuthHandler(self.key, self.cert, self.root_cert,
- self.domain_verify)
-except:
- pass
Copied: branches/lucidity/sage/python/sage/https_full.py (from rev 5091,
trunk/sage/python/sage/https_full.py)
===================================================================
--- branches/lucidity/sage/python/sage/https_full.py (rev 0)
+++ branches/lucidity/sage/python/sage/https_full.py 2011-10-25 16:43:40 UTC (rev 5092)
@@ -0,0 +1,66 @@
+from https import HTTPSClientAuthHandler, HTTPSClientCertTransport
+
+# If verifiedhttps dependencies can be satisfied,
+# this import will succeed and the following two classes will
+# be available to provide server certificate validation.
+try:
+ # Try a solution that uses the Python ssl module first
+ from sage.verifiedhttps import VerifiedHTTPSConnection
+ technology = "Python ssl"
+except:
+ # Didn't work, try a solution based on m2crypto
+ from sage.verifiedhttps_m2crypto import VerifiedHTTPSConnection
+ technology = "M2Crypto"
+
+class HTTPSFullAuthHandler(HTTPSClientAuthHandler):
+ """
+ Add server certificate validation to HTTPSClientAuthHandler
+ via a different connection type (VerifiedHTTPSConnection).
+ """
+ def __init__(self, my_key, my_cert, root_cert, domain_verify):
+ """
+ @param my_key: full path for the client's private key file
+ @param my_cert: full path for the client's PEM certificate file
+ @param root_cert: full path for root certificates file used to
+ verify server certificates on connection
+ @param domain_verify: check server host against the 'commonName'
+ field in the server certificate
+ """
+ self.root_cert = root_cert
+ self.domain_verify = domain_verify
+ HTTPSClientAuthHandler.__init__(self, my_key, my_cert)
+
+ def _get_connection(self, host, timeout=300):
+ """
+ @return: A connection object derived from httplib types with
+ with client and server certificate validation support
+ @rtype: VerifiedHTTPSConnection
+ """
+ return VerifiedHTTPSConnection(host,
+ key_file=self.key,
+ cert_file=self.cert,
+ root_cert=self.root_cert,
+ domain_verify=self.domain_verify)
+
+class HTTPSFullCertTransport(HTTPSClientCertTransport):
+ """
+ Add server certificate validation to HTTPSClientCertTransport
+ via a different handler type (HTTPSFullAuthHandler)
+ """
+ def __init__(self, key, cert, root_cert, domain_verify=True,
+ *args, **kwargs):
+ """
+ @param key: full path for the client's private key file
+ @param cert: full path for the client's PEM certificate file
+ @param root_cert: full path for root certificates file used to
+ verify server certificates on connection
+ @param domain_verify: check server host against the 'commonName'
+ field in the server certificate
+ """
+ self.root_cert = root_cert
+ self.domain_verify = domain_verify
+ HTTPSClientCertTransport.__init__(self, key, cert, *args, **kwargs)
+
+ def _get_auth_handler(self):
+ return HTTPSFullAuthHandler(self.key, self.cert, self.root_cert,
+ self.domain_verify)
Modified: branches/lucidity/sage/python/sage/verifiedhttps.py
===================================================================
--- branches/lucidity/sage/python/sage/verifiedhttps.py 2011-10-25 13:46:51 UTC (rev
5091)
+++ branches/lucidity/sage/python/sage/verifiedhttps.py 2011-10-25 16:43:40 UTC (rev
5092)
@@ -1,7 +1,29 @@
+# Copyright 2011 Joseph Turner
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#
http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Copyright 2011 Red Hat, Inc.
+#
+# Modifications: addition of __init__ routine and
+# member variables timeout, root_cert, server_verify,
+# and domain_verify for per instance control
+
+
import httplib
import socket
import ssl
-from https import SSLVerificationError
+from exceptions import SSLVerificationError
# Note: much thanks to Joseph Turner for showing the world
# how to extend httplib using the ssl module to implement
Modified: branches/lucidity/sage/python/sage/verifiedhttps_m2crypto.py
===================================================================
--- branches/lucidity/sage/python/sage/verifiedhttps_m2crypto.py 2011-10-25 13:46:51 UTC
(rev 5091)
+++ branches/lucidity/sage/python/sage/verifiedhttps_m2crypto.py 2011-10-25 16:43:40 UTC
(rev 5092)
@@ -1,5 +1,20 @@
+# Copyright 2011 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#
http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
from M2Crypto import httpslib, SSL
-from https import SSLVerificationError
+from exceptions import SSLVerificationError
# wrap the creation of a SSL.Context, etc in a class
class VerifiedHTTPSConnection(httpslib.HTTPSConnection):
@@ -51,7 +66,7 @@
# This is mostly for testing with self-signed certificates
# and to provide the same interface as verifiedhttps.py
# In order to squash the report of the mismatched hostnames,
- # we replace the message -- could be considered a leak of
+ # we replace the message -- could be considered as a leak of
# domain and certificate information I suppose.
if self.server_verify and self.domain_verify:
raise SSLVerificationError("Server certificate doesn't match
domain;"\