Mercurial > repos > shellac > guppy_basecaller
annotate env/lib/python3.7/site-packages/requests_toolbelt/adapters/x509.py @ 0:26e78fe6e8c4 draft
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
| author | shellac |
|---|---|
| date | Sat, 02 May 2020 07:14:21 -0400 |
| parents | |
| children |
| rev | line source |
|---|---|
|
0
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
1 # -*- coding: utf-8 -*- |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
2 """A X509Adapter for use with the requests library. |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
3 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
4 This file contains an implementation of the X509Adapter that will |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
5 allow users to authenticate a request using an arbitrary |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
6 X.509 certificate without needing to convert it to a .pem file |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
7 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
8 """ |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
9 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
10 from OpenSSL.crypto import PKey, X509 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
11 from cryptography import x509 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
12 from cryptography.hazmat.primitives.serialization import (load_pem_private_key, |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
13 load_der_private_key) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
14 from cryptography.hazmat.primitives.serialization import Encoding |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
15 from cryptography.hazmat.backends import default_backend |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
16 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
17 from datetime import datetime |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
18 from requests.adapters import HTTPAdapter |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
19 import requests |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
20 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
21 from .._compat import PyOpenSSLContext |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
22 from .. import exceptions as exc |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
23 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
24 """ |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
25 importing the protocol constants from _ssl instead of ssl because only the |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
26 constants are needed and to handle issues caused by importing from ssl on |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
27 the 2.7.x line. |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
28 """ |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
29 try: |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
30 from _ssl import PROTOCOL_TLS as PROTOCOL |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
31 except ImportError: |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
32 from _ssl import PROTOCOL_SSLv23 as PROTOCOL |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
33 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
34 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
35 class X509Adapter(HTTPAdapter): |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
36 r"""Adapter for use with X.509 certificates. |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
37 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
38 Provides an interface for Requests sessions to contact HTTPS urls and |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
39 authenticate with an X.509 cert by implementing the Transport Adapter |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
40 interface. This class will need to be manually instantiated and mounted |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
41 to the session |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
42 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
43 :param pool_connections: The number of urllib3 connection pools to |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
44 cache. |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
45 :param pool_maxsize: The maximum number of connections to save in the |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
46 pool. |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
47 :param max_retries: The maximum number of retries each connection |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
48 should attempt. Note, this applies only to failed DNS lookups, |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
49 socket connections and connection timeouts, never to requests where |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
50 data has made it to the server. By default, Requests does not retry |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
51 failed connections. If you need granular control over the |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
52 conditions under which we retry a request, import urllib3's |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
53 ``Retry`` class and pass that instead. |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
54 :param pool_block: Whether the connection pool should block for |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
55 connections. |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
56 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
57 :param bytes cert_bytes: |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
58 bytes object containing contents of a cryptography.x509Certificate |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
59 object using the encoding specified by the ``encoding`` parameter. |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
60 :param bytes pk_bytes: |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
61 bytes object containing contents of a object that implements |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
62 ``cryptography.hazmat.primitives.serialization.PrivateFormat`` |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
63 using the encoding specified by the ``encoding`` parameter. |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
64 :param password: |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
65 string or utf8 encoded bytes containing the passphrase used for the |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
66 private key. None if unencrypted. Defaults to None. |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
67 :param encoding: |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
68 Enumeration detailing the encoding method used on the ``cert_bytes`` |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
69 parameter. Can be either PEM or DER. Defaults to PEM. |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
70 :type encoding: |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
71 :class: `cryptography.hazmat.primitives.serialization.Encoding` |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
72 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
73 Usage:: |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
74 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
75 >>> import requests |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
76 >>> from requests_toolbelt.adapters.x509 import X509Adapter |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
77 >>> s = requests.Session() |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
78 >>> a = X509Adapter(max_retries=3, |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
79 cert_bytes=b'...', pk_bytes=b'...', encoding='...' |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
80 >>> s.mount('https://', a) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
81 """ |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
82 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
83 def __init__(self, *args, **kwargs): |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
84 self._check_version() |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
85 cert_bytes = kwargs.pop('cert_bytes', None) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
86 pk_bytes = kwargs.pop('pk_bytes', None) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
87 password = kwargs.pop('password', None) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
88 encoding = kwargs.pop('encoding', Encoding.PEM) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
89 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
90 password_bytes = None |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
91 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
92 if cert_bytes is None or not isinstance(cert_bytes, bytes): |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
93 raise ValueError('Invalid cert content provided. ' |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
94 'You must provide an X.509 cert ' |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
95 'formatted as a byte array.') |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
96 if pk_bytes is None or not isinstance(pk_bytes, bytes): |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
97 raise ValueError('Invalid private key content provided. ' |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
98 'You must provide a private key ' |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
99 'formatted as a byte array.') |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
100 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
101 if isinstance(password, bytes): |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
102 password_bytes = password |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
103 elif password: |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
104 password_bytes = password.encode('utf8') |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
105 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
106 self.ssl_context = create_ssl_context(cert_bytes, pk_bytes, |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
107 password_bytes, encoding) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
108 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
109 super(X509Adapter, self).__init__(*args, **kwargs) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
110 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
111 def init_poolmanager(self, *args, **kwargs): |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
112 if self.ssl_context: |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
113 kwargs['ssl_context'] = self.ssl_context |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
114 return super(X509Adapter, self).init_poolmanager(*args, **kwargs) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
115 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
116 def proxy_manager_for(self, *args, **kwargs): |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
117 if self.ssl_context: |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
118 kwargs['ssl_context'] = self.ssl_context |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
119 return super(X509Adapter, self).proxy_manager_for(*args, **kwargs) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
120 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
121 def _check_version(self): |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
122 if PyOpenSSLContext is None: |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
123 raise exc.VersionMismatchError( |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
124 "The X509Adapter requires at least Requests 2.12.0 to be " |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
125 "installed. Version {0} was found instead.".format( |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
126 requests.__version__ |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
127 ) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
128 ) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
129 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
130 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
131 def check_cert_dates(cert): |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
132 """Verify that the supplied client cert is not invalid.""" |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
133 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
134 now = datetime.utcnow() |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
135 if cert.not_valid_after < now or cert.not_valid_before > now: |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
136 raise ValueError('Client certificate expired: Not After: ' |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
137 '{0:%Y-%m-%d %H:%M:%SZ} ' |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
138 'Not Before: {1:%Y-%m-%d %H:%M:%SZ}' |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
139 .format(cert.not_valid_after, cert.not_valid_before)) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
140 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
141 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
142 def create_ssl_context(cert_byes, pk_bytes, password=None, |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
143 encoding=Encoding.PEM): |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
144 """Create an SSL Context with the supplied cert/password. |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
145 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
146 :param cert_bytes array of bytes containing the cert encoded |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
147 using the method supplied in the ``encoding`` parameter |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
148 :param pk_bytes array of bytes containing the private key encoded |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
149 using the method supplied in the ``encoding`` parameter |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
150 :param password array of bytes containing the passphrase to be used |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
151 with the supplied private key. None if unencrypted. |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
152 Defaults to None. |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
153 :param encoding ``cryptography.hazmat.primitives.serialization.Encoding`` |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
154 details the encoding method used on the ``cert_bytes`` and |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
155 ``pk_bytes`` parameters. Can be either PEM or DER. |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
156 Defaults to PEM. |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
157 """ |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
158 backend = default_backend() |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
159 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
160 cert = None |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
161 key = None |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
162 if encoding == Encoding.PEM: |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
163 cert = x509.load_pem_x509_certificate(cert_byes, backend) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
164 key = load_pem_private_key(pk_bytes, password, backend) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
165 elif encoding == Encoding.DER: |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
166 cert = x509.load_der_x509_certificate(cert_byes, backend) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
167 key = load_der_private_key(pk_bytes, password, backend) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
168 else: |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
169 raise ValueError('Invalid encoding provided: Must be PEM or DER') |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
170 |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
171 if not (cert and key): |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
172 raise ValueError('Cert and key could not be parsed from ' |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
173 'provided data') |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
174 check_cert_dates(cert) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
175 ssl_context = PyOpenSSLContext(PROTOCOL) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
176 ssl_context._ctx.use_certificate(X509.from_cryptography(cert)) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
177 ssl_context._ctx.use_privatekey(PKey.from_cryptography_key(key)) |
|
26e78fe6e8c4
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
shellac
parents:
diff
changeset
|
178 return ssl_context |