libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anthonys...@apache.org
Subject [1/5] libcloud git commit: start building signed request adapter for the requests package
Date Sun, 02 Apr 2017 01:55:20 GMT
Repository: libcloud
Updated Branches:
  refs/heads/trunk 4c9d0333a -> d8757c9d3


start building signed request adapter for the requests package


Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/64e0b3c9
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/64e0b3c9
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/64e0b3c9

Branch: refs/heads/trunk
Commit: 64e0b3c9fb7693747c2078adf9c1c3b47b6065e1
Parents: 4c9d033
Author: Anthony Shaw <anthonyshaw@apache.org>
Authored: Sun Apr 2 10:32:49 2017 +1000
Committer: Anthony Shaw <anthonyshaw@apache.org>
Committed: Sun Apr 2 10:32:49 2017 +1000

----------------------------------------------------------------------
 libcloud/common/base.py |  2 --
 libcloud/httplib_ssl.py | 68 ++++++++++++++++++++++++++++++++++++++++++--
 2 files changed, 66 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/libcloud/blob/64e0b3c9/libcloud/common/base.py
----------------------------------------------------------------------
diff --git a/libcloud/common/base.py b/libcloud/common/base.py
index de0c68a..0d458fc 100644
--- a/libcloud/common/base.py
+++ b/libcloud/common/base.py
@@ -468,8 +468,6 @@ class Connection(object):
         if not hasattr(kwargs, 'cert_file') and hasattr(self, 'cert_file'):
             kwargs.update({'cert_file': getattr(self, 'cert_file')})
 
-        #  kwargs = {'host': host, 'port': int(port)}
-
         # Timeout is only supported in Python 2.6 and later
         # http://docs.python.org/library/httplib.html#httplib.HTTPConnection
         if self.timeout and not PY25:

http://git-wip-us.apache.org/repos/asf/libcloud/blob/64e0b3c9/libcloud/httplib_ssl.py
----------------------------------------------------------------------
diff --git a/libcloud/httplib_ssl.py b/libcloud/httplib_ssl.py
index 30579be..a88ea0d 100644
--- a/libcloud/httplib_ssl.py
+++ b/libcloud/httplib_ssl.py
@@ -21,6 +21,8 @@ verification, depending on libcloud.security settings.
 import os
 import warnings
 import requests
+from requests.adapters import HTTPAdapter
+from requests.packages.urllib3.util.ssl_ import create_urllib3_context
 
 import libcloud.security
 from libcloud.utils.py3 import urlparse, PY3
@@ -36,6 +38,59 @@ ALLOW_REDIRECTS = 1
 HTTP_PROXY_ENV_VARIABLE_NAME = 'http_proxy'
 
 
+class SignedX509Adapter(HTTPAdapter):
+    def __init__(self, cert_file=None, key_file=None):
+        self.cert_file = cert_file
+        self.key_file = key_file
+
+    def init_poolmanager(self, *args, **kwargs):
+        self.tls_context = create_urllib3_context()
+        kwargs['ssl_context'] = self.tls_context
+        
+        has_sni = getattr(ssl, 'HAS_SNI', False)
+
+        if has_sni:
+            self.tls_context.verify_mode = ssl.CERT_REQUIRED
+
+            if self.cert_file and self.key_file:
+                self.tls_context.load_cert_chain(
+                    certfile=self.cert_file,
+                    keyfile=self.key_file,
+                    password=None)
+
+            if self.ca_cert:
+                self.tls_context.load_verify_locations(cafile=self.ca_cert)
+
+            try:
+                self.sock = self.tls_context.wrap_socket(
+                    sock,
+                    server_hostname=self.host,
+                )
+            except:
+                exc = sys.exc_info()[1]
+                exc = get_socket_error_exception(ssl_version=ssl_version,
+                                                 exc=exc)
+                raise exc
+        else:
+            # SNI support not available
+            try:
+                self.sock = ssl.wrap_socket(
+                    sock,
+                    self.key_file,
+                    self.cert_file,
+                    cert_reqs=ssl.CERT_REQUIRED,
+                    ca_certs=self.ca_cert,
+                    ssl_version=ssl_version
+                )
+            except:
+                exc = sys.exc_info()[1]
+                exc = get_socket_error_exception(ssl_version=ssl_version,
+                                                 exc=exc)
+                raise exc
+        
+        return super(HTTPAdapter, self).init_poolmanager(*args, **kwargs)
+
+
 class LibcloudBaseConnection(object):
     """
     Base connection class to inherit from.
@@ -139,6 +194,13 @@ class LibcloudBaseConnection(object):
             else:
                 self.ca_cert = libcloud.security.CA_CERTS_PATH
 
+    def _setup_signing(self, cert_file=None, key_file=None):
+        """
+        Setup request signing by mounting a signing
+        adapter to the session
+        """
+        self.session.mount("https", SignedX509Adapter(cert_file, key_file))
+
 
 class LibcloudConnection(LibcloudBaseConnection):
     timeout = None
@@ -158,9 +220,11 @@ class LibcloudConnection(LibcloudBaseConnection):
 
         self._setup_verify()
         self._setup_ca_cert()
-
+        
         LibcloudBaseConnection.__init__(self)
-
+        
+        if 'cert_file' in kwargs or 'key_file' in kwargs:
+            self._setup_signing(**kwargs)
         if proxy_url:
             self.set_http_proxy(proxy_url=proxy_url)
         self.session.timeout = kwargs.get('timeout', 60)


Mime
View raw message