ok
Direktori : /usr/lib/python2.7/site-packages/ndg/httpsclient/ |
Current File : //usr/lib/python2.7/site-packages/ndg/httpsclient/ssl_context_util.py |
"""ndg_httpsclient SSL Context utilities module containing convenience routines for setting SSL context configuration. """ __author__ = "P J Kershaw (STFC)" __date__ = "09/12/11" __copyright__ = "(C) 2012 Science and Technology Facilities Council" __license__ = "BSD - see LICENSE file in top-level directory" __contact__ = "Philip.Kershaw@stfc.ac.uk" __revision__ = '$Id$' import urlparse from OpenSSL import SSL from ndg.httpsclient.ssl_peer_verification import ServerSSLCertVerification class SSlContextConfig(object): """ Holds configuration options for creating a SSL context. This is used as a template to create the contexts with specific verification callbacks. """ def __init__(self, key_file=None, cert_file=None, pem_file=None, ca_dir=None, verify_peer=False): self.key_file = key_file self.cert_file = cert_file self.pem_file = pem_file self.ca_dir = ca_dir self.verify_peer = verify_peer def make_ssl_context_from_config(ssl_config=False, url=None): return make_ssl_context(ssl_config.key_file, ssl_config.cert_file, ssl_config.pem_file, ssl_config.ca_dir, ssl_config.verify_peer, url) def make_ssl_context(key_file=None, cert_file=None, pem_file=None, ca_dir=None, verify_peer=False, url=None, method=SSL.SSLv23_METHOD): """ Creates SSL context containing certificate and key file locations. """ ssl_context = SSL.Context(method) # Key file defaults to certificate file if present. if cert_file: ssl_context.use_certificate_file(cert_file) if key_file: ssl_context.use_privatekey_file(key_file) else: if cert_file: ssl_context.use_privatekey_file(cert_file) if pem_file or ca_dir: ssl_context.load_verify_locations(pem_file, ca_dir) def _callback(conn, x509, errnum, errdepth, preverify_ok): """Default certification verification callback. Performs no checks and returns the status passed in. """ return preverify_ok verify_callback = _callback if verify_peer: ssl_context.set_verify_depth(9) if url: set_peer_verification_for_url_hostname(ssl_context, url) else: ssl_context.set_verify(SSL.VERIFY_PEER, verify_callback) else: ssl_context.set_verify(SSL.VERIFY_NONE, verify_callback) return ssl_context def set_peer_verification_for_url_hostname(ssl_context, url, if_verify_enabled=False): '''Convenience routine to set peer verification callback based on ServerSSLCertVerification class''' if not if_verify_enabled or (ssl_context.get_verify_mode() & SSL.VERIFY_PEER): urlObj = urlparse.urlparse(url) hostname = urlObj.hostname verify_callback = ServerSSLCertVerification(hostname=hostname) ssl_context.set_verify(SSL.VERIFY_PEER, verify_callback)