springsuite: planemo/lib/python3.7/site-packages/boto/https

author	guerler
date	Fri, 31 Jul 2020 00:18:57 -0400
parents
children

rev	line source
0 d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	1 # Copyright 2007,2011 Google Inc.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	2 #
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	3 # Licensed under the Apache License, Version 2.0 (the "License");
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	4 # you may not use this file except in compliance with the License.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	5 # You may obtain a copy of the License at
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	6 #
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	7 # http://www.apache.org/licenses/LICENSE-2.0
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	8 #
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	9 # Unless required by applicable law or agreed to in writing, software
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	10 # distributed under the License is distributed on an "AS IS" BASIS,
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	12 # See the License for the specific language governing permissions and
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	13 # limitations under the License.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	14 #
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	15
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	16 # This file is derived from
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	17 # http://googleappengine.googlecode.com/svn-history/r136/trunk/python/google/appengine/tools/https_wrapper.py
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	18
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	19
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	20 """Extensions to allow HTTPS requests with SSL certificate validation."""
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	21
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	22 import re
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	23 import socket
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	24 import ssl
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	25
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	26 import boto
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	27
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	28 from boto.compat import six, http_client
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	29
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	30
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	31 class InvalidCertificateException(http_client.HTTPException):
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	32 """Raised when a certificate is provided with an invalid hostname."""
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	33
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	34 def __init__(self, host, cert, reason):
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	35 """Constructor.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	36
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	37 Args:
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	38 host: The hostname the connection was made to.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	39 cert: The SSL certificate (as a dictionary) the host returned.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	40 """
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	41 http_client.HTTPException.__init__(self)
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	42 self.host = host
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	43 self.cert = cert
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	44 self.reason = reason
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	45
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	46 def __str__(self):
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	47 return ('Host %s returned an invalid certificate (%s): %s' %
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	48 (self.host, self.reason, self.cert))
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	49
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	50
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	51 def GetValidHostsForCert(cert):
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	52 """Returns a list of valid host globs for an SSL certificate.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	53
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	54 Args:
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	55 cert: A dictionary representing an SSL certificate.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	56 Returns:
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	57 list: A list of valid host globs.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	58 """
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	59 if 'subjectAltName' in cert:
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	60 return [x[1] for x in cert['subjectAltName'] if x[0].lower() == 'dns']
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	61 else:
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	62 return [x[0][1] for x in cert['subject']
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	63 if x[0][0].lower() == 'commonname']
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	64
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	65
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	66 def ValidateCertificateHostname(cert, hostname):
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	67 """Validates that a given hostname is valid for an SSL certificate.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	68
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	69 Args:
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	70 cert: A dictionary representing an SSL certificate.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	71 hostname: The hostname to test.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	72 Returns:
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	73 bool: Whether or not the hostname is valid for this certificate.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	74 """
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	75 hosts = GetValidHostsForCert(cert)
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	76 boto.log.debug(
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	77 "validating server certificate: hostname=%s, certificate hosts=%s",
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	78 hostname, hosts)
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	79 for host in hosts:
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	80 host_re = host.replace('.', '\.').replace('', '[^.]')
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	81 if re.search('^%s$' % (host_re,), hostname, re.I):
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	82 return True
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	83 return False
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	84
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	85
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	86 class CertValidatingHTTPSConnection(http_client.HTTPConnection):
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	87 """An HTTPConnection that connects over SSL and validates certificates."""
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	88
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	89 default_port = http_client.HTTPS_PORT
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	90
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	91 def __init__(self, host, port=default_port, key_file=None, cert_file=None,
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	92 ca_certs=None, strict=None, **kwargs):
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	93 """Constructor.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	94
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	95 Args:
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	96 host: The hostname. Can be in 'host:port' form.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	97 port: The port. Defaults to 443.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	98 key_file: A file containing the client's private key
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	99 cert_file: A file containing the client's certificates
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	100 ca_certs: A file contianing a set of concatenated certificate authority
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	101 certs for validating the server against.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	102 strict: When true, causes BadStatusLine to be raised if the status line
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	103 can't be parsed as a valid HTTP/1.0 or 1.1 status line.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	104 """
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	105 if six.PY2:
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	106 # Python 3.2 and newer have deprecated and removed the strict
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	107 # parameter. Since the params are supported as keyword arguments
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	108 # we conditionally add it here.
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	109 kwargs['strict'] = strict
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	110
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	111 http_client.HTTPConnection.__init__(self, host=host, port=port, **kwargs)
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	112 self.key_file = key_file
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	113 self.cert_file = cert_file
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	114 self.ca_certs = ca_certs
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	115
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	116 def connect(self):
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	117 "Connect to a host on a given (SSL) port."
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	118 if hasattr(self, "timeout"):
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	119 sock = socket.create_connection((self.host, self.port), self.timeout)
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	120 else:
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	121 sock = socket.create_connection((self.host, self.port))
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	122 msg = "wrapping ssl socket; "
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	123 if self.ca_certs:
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	124 msg += "CA certificate file=%s" % self.ca_certs
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	125 else:
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	126 msg += "using system provided SSL certs"
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	127 boto.log.debug(msg)
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	128 self.sock = ssl.wrap_socket(sock, keyfile=self.key_file,
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	129 certfile=self.cert_file,
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	130 cert_reqs=ssl.CERT_REQUIRED,
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	131 ca_certs=self.ca_certs)
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	132 cert = self.sock.getpeercert()
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	133 hostname = self.host.split(':', 0)[0]
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	134 if not ValidateCertificateHostname(cert, hostname):
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	135 raise InvalidCertificateException(hostname,
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	136 cert,
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	137 'remote hostname "%s" does not match '
d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1" guerler parents: diff changeset	138 'certificate' % hostname)

0

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

2 #

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

3 # Licensed under the Apache License, Version 2.0 (the "License");

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

4 # you may not use this file except in compliance with the License.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

5 # You may obtain a copy of the License at

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

6 #

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

7 # http://www.apache.org/licenses/LICENSE-2.0

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

8 #

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

9 # Unless required by applicable law or agreed to in writing, software

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

10 # distributed under the License is distributed on an "AS IS" BASIS,

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

12 # See the License for the specific language governing permissions and

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

13 # limitations under the License.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

14 #

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

15

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

16 # This file is derived from

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

17 # http://googleappengine.googlecode.com/svn-history/r136/trunk/python/google/appengine/tools/https_wrapper.py

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

18

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

19

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

20 """Extensions to allow HTTPS requests with SSL certificate validation."""

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

21

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

22 import re

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

23 import socket

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

24 import ssl

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

25

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

26 import boto

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

27

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

28 from boto.compat import six, http_client

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

29

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

30

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

31 class InvalidCertificateException(http_client.HTTPException):

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

32 """Raised when a certificate is provided with an invalid hostname."""

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

33

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

34 def __init__(self, host, cert, reason):

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

35 """Constructor.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

36

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

37 Args:

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

38 host: The hostname the connection was made to.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

39 cert: The SSL certificate (as a dictionary) the host returned.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

40 """

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

41 http_client.HTTPException.__init__(self)

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

42 self.host = host

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

43 self.cert = cert

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

44 self.reason = reason

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

45

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

46 def __str__(self):

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

47 return ('Host %s returned an invalid certificate (%s): %s' %

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

48 (self.host, self.reason, self.cert))

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

49

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

50

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

51 def GetValidHostsForCert(cert):

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

52 """Returns a list of valid host globs for an SSL certificate.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

53

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

54 Args:

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

55 cert: A dictionary representing an SSL certificate.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

56 Returns:

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

57 list: A list of valid host globs.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

58 """

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

59 if 'subjectAltName' in cert:

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

60 return [x[1] for x in cert['subjectAltName'] if x[0].lower() == 'dns']

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

61 else:

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

62 return [x[0][1] for x in cert['subject']

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

63 if x[0][0].lower() == 'commonname']

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

64

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

65

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

66 def ValidateCertificateHostname(cert, hostname):

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

67 """Validates that a given hostname is valid for an SSL certificate.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

68

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

69 Args:

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

70 cert: A dictionary representing an SSL certificate.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

71 hostname: The hostname to test.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

72 Returns:

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

73 bool: Whether or not the hostname is valid for this certificate.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

74 """

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

75 hosts = GetValidHostsForCert(cert)

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

76 boto.log.debug(

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

77 "validating server certificate: hostname=%s, certificate hosts=%s",

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

78 hostname, hosts)

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

79 for host in hosts:

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

80 host_re = host.replace('.', '\.').replace('*', '[^.]*')

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

81 if re.search('^%s$' % (host_re,), hostname, re.I):

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

82 return True

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

83 return False

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

84

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

85

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

86 class CertValidatingHTTPSConnection(http_client.HTTPConnection):

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

87 """An HTTPConnection that connects over SSL and validates certificates."""

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

88

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

89 default_port = http_client.HTTPS_PORT

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

90

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

91 def __init__(self, host, port=default_port, key_file=None, cert_file=None,

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

92 ca_certs=None, strict=None, **kwargs):

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

93 """Constructor.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

94

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

95 Args:

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

96 host: The hostname. Can be in 'host:port' form.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

97 port: The port. Defaults to 443.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

98 key_file: A file containing the client's private key

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

99 cert_file: A file containing the client's certificates

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

100 ca_certs: A file contianing a set of concatenated certificate authority

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

101 certs for validating the server against.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

102 strict: When true, causes BadStatusLine to be raised if the status line

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

103 can't be parsed as a valid HTTP/1.0 or 1.1 status line.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

104 """

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

105 if six.PY2:

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

106 # Python 3.2 and newer have deprecated and removed the strict

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

107 # parameter. Since the params are supported as keyword arguments

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

108 # we conditionally add it here.

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

109 kwargs['strict'] = strict

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

110

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

111 http_client.HTTPConnection.__init__(self, host=host, port=port, **kwargs)

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

112 self.key_file = key_file

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

113 self.cert_file = cert_file

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

114 self.ca_certs = ca_certs

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

115

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

116 def connect(self):

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

117 "Connect to a host on a given (SSL) port."

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

118 if hasattr(self, "timeout"):

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

119 sock = socket.create_connection((self.host, self.port), self.timeout)

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

120 else:

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

121 sock = socket.create_connection((self.host, self.port))

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

122 msg = "wrapping ssl socket; "

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

123 if self.ca_certs:

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

124 msg += "CA certificate file=%s" % self.ca_certs

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

125 else:

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

126 msg += "using system provided SSL certs"

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

127 boto.log.debug(msg)

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

128 self.sock = ssl.wrap_socket(sock, keyfile=self.key_file,

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

129 certfile=self.cert_file,

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

130 cert_reqs=ssl.CERT_REQUIRED,

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

131 ca_certs=self.ca_certs)

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

132 cert = self.sock.getpeercert()

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

133 hostname = self.host.split(':', 0)[0]

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

134 if not ValidateCertificateHostname(cert, hostname):

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

135 raise InvalidCertificateException(hostname,

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

136 cert,

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

137 'remote hostname "%s" does not match '

d30785e31577 "planemo upload commit 6eee67778febed82ddd413c3ca40b3183a3898f1"

guerler

parents:

diff changeset

138 'certificate' % hostname)

Mercurial > repos > guerler > springsuite

annotate planemo/lib/python3.7/site-packages/boto/https_connection.py @ 0:d30785e31577 draft