Mercurial > repos > shellac > guppy_basecaller

diff env/lib/python3.7/site-packages/boto/https_connection.py @ 0:26e78fe6e8c4 draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
"planemo upload commit c699937486c35866861690329de38ec1a5d9f783"
author shellac
date Sat, 02 May 2020 07:14:21 -0400
parents
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/env/lib/python3.7/site-packages/boto/https_connection.py	Sat May 02 07:14:21 2020 -0400
@@ -0,0 +1,138 @@
+# Copyright 2007,2011 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# This file is derived from
+# http://googleappengine.googlecode.com/svn-history/r136/trunk/python/google/appengine/tools/https_wrapper.py
+
+
+"""Extensions to allow HTTPS requests with SSL certificate validation."""
+
+import re
+import socket
+import ssl
+
+import boto
+
+from boto.compat import six, http_client
+
+
+class InvalidCertificateException(http_client.HTTPException):
+    """Raised when a certificate is provided with an invalid hostname."""
+
+    def __init__(self, host, cert, reason):
+        """Constructor.
+
+        Args:
+          host: The hostname the connection was made to.
+          cert: The SSL certificate (as a dictionary) the host returned.
+        """
+        http_client.HTTPException.__init__(self)
+        self.host = host
+        self.cert = cert
+        self.reason = reason
+
+    def __str__(self):
+        return ('Host %s returned an invalid certificate (%s): %s' %
+                (self.host, self.reason, self.cert))
+
+
+def GetValidHostsForCert(cert):
+    """Returns a list of valid host globs for an SSL certificate.
+
+    Args:
+      cert: A dictionary representing an SSL certificate.
+    Returns:
+      list: A list of valid host globs.
+    """
+    if 'subjectAltName' in cert:
+        return [x[1] for x in cert['subjectAltName'] if x[0].lower() == 'dns']
+    else:
+        return [x[0][1] for x in cert['subject']
+                if x[0][0].lower() == 'commonname']
+
+
+def ValidateCertificateHostname(cert, hostname):
+    """Validates that a given hostname is valid for an SSL certificate.
+
+    Args:
+      cert: A dictionary representing an SSL certificate.
+      hostname: The hostname to test.
+    Returns:
+      bool: Whether or not the hostname is valid for this certificate.
+    """
+    hosts = GetValidHostsForCert(cert)
+    boto.log.debug(
+        "validating server certificate: hostname=%s, certificate hosts=%s",
+        hostname, hosts)
+    for host in hosts:
+        host_re = host.replace('.', '\.').replace('*', '[^.]*')
+        if re.search('^%s$' % (host_re,), hostname, re.I):
+            return True
+    return False
+
+
+class CertValidatingHTTPSConnection(http_client.HTTPConnection):
+    """An HTTPConnection that connects over SSL and validates certificates."""
+
+    default_port = http_client.HTTPS_PORT
+
+    def __init__(self, host, port=default_port, key_file=None, cert_file=None,
+                 ca_certs=None, strict=None, **kwargs):
+        """Constructor.
+
+        Args:
+          host: The hostname. Can be in 'host:port' form.
+          port: The port. Defaults to 443.
+          key_file: A file containing the client's private key
+          cert_file: A file containing the client's certificates
+          ca_certs: A file contianing a set of concatenated certificate authority
+              certs for validating the server against.
+          strict: When true, causes BadStatusLine to be raised if the status line
+              can't be parsed as a valid HTTP/1.0 or 1.1 status line.
+        """
+        if six.PY2:
+            # Python 3.2 and newer have deprecated and removed the strict
+            # parameter. Since the params are supported as keyword arguments
+            # we conditionally add it here.
+            kwargs['strict'] = strict
+
+        http_client.HTTPConnection.__init__(self, host=host, port=port, **kwargs)
+        self.key_file = key_file
+        self.cert_file = cert_file
+        self.ca_certs = ca_certs
+
+    def connect(self):
+        "Connect to a host on a given (SSL) port."
+        if hasattr(self, "timeout"):
+            sock = socket.create_connection((self.host, self.port), self.timeout)
+        else:
+            sock = socket.create_connection((self.host, self.port))
+        msg = "wrapping ssl socket; "
+        if self.ca_certs:
+            msg += "CA certificate file=%s" % self.ca_certs
+        else:
+            msg += "using system provided SSL certs"
+        boto.log.debug(msg)
+        self.sock = ssl.wrap_socket(sock, keyfile=self.key_file,
+                                    certfile=self.cert_file,
+                                    cert_reqs=ssl.CERT_REQUIRED,
+                                    ca_certs=self.ca_certs)
+        cert = self.sock.getpeercert()
+        hostname = self.host.split(':', 0)[0]
+        if not ValidateCertificateHostname(cert, hostname):
+            raise InvalidCertificateException(hostname,
+                                              cert,
+                                              'remote hostname "%s" does not match '
+                                              'certificate' % hostname)