|
|
|
@ -21,16 +21,27 @@ if hasattr(u2,"ssl"):
|
|
|
|
|
import os, re, sys
|
|
|
|
|
from calculate.core.datavars import DataVarsCore
|
|
|
|
|
|
|
|
|
|
from sudsds.transport.http import HttpTransport, SUDSHTTPRedirectHandler, \
|
|
|
|
|
CheckingHTTPSConnection, CheckingHTTPSHandler, \
|
|
|
|
|
PYOPENSSL_AVAILABLE, PyOpenSSLSocket
|
|
|
|
|
from sudsds.transport import Transport
|
|
|
|
|
from sudsds.properties import Unskin
|
|
|
|
|
# from sudsds.transport.http import HttpTransport, SUDSHTTPRedirectHandler, \
|
|
|
|
|
# CheckingHTTPSConnection, CheckingHTTPSHandler, \
|
|
|
|
|
# PYOPENSSL_AVAILABLE, PyOpenSSLSocket
|
|
|
|
|
|
|
|
|
|
from suds.transport.http import HttpTransport
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
from pyopenssl_wrapper import PyOpenSSLSocket
|
|
|
|
|
except ImportError:
|
|
|
|
|
PYOPENSSL_AVAILABLE = False
|
|
|
|
|
else:
|
|
|
|
|
PYOPENSSL_AVAILABLE = True
|
|
|
|
|
|
|
|
|
|
import httplib #http.client in python3
|
|
|
|
|
from suds.transport import Transport
|
|
|
|
|
from suds.properties import Unskin
|
|
|
|
|
from cookielib import CookieJar, DefaultCookiePolicy
|
|
|
|
|
|
|
|
|
|
import socket, ssl
|
|
|
|
|
import OpenSSL, hashlib
|
|
|
|
|
from sudsds.client import Client
|
|
|
|
|
from suds.client import Client
|
|
|
|
|
from logging import getLogger
|
|
|
|
|
from calculate.core.client.cert_verify import verify, VerifyError
|
|
|
|
|
from calculate.lib.utils.files import readFile
|
|
|
|
@ -40,6 +51,124 @@ from more import show_msg, show_question, LabelWordWrap
|
|
|
|
|
flag = 0
|
|
|
|
|
log = getLogger(__name__)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class SUDSHTTPRedirectHandler(u2.HTTPRedirectHandler):
|
|
|
|
|
def redirect_request(self, req, fp, code, msg, headers, newurl):
|
|
|
|
|
"""Return a Request or None in response to a redirect.
|
|
|
|
|
|
|
|
|
|
This is called by the http_error_30x methods,
|
|
|
|
|
it was taken from the original Python version and modified
|
|
|
|
|
to use POST when redirection takes place.
|
|
|
|
|
This allows a SOAP message to be redirected without a loss
|
|
|
|
|
of content.
|
|
|
|
|
"""
|
|
|
|
|
m = req.get_method()
|
|
|
|
|
if (code in (301, 302, 303, 307) and m in ("GET", "HEAD")
|
|
|
|
|
or code in (301, 302, 303) and m == "POST"):
|
|
|
|
|
newurl = newurl.replace(' ', '%20')
|
|
|
|
|
newheaders = dict((k,v) for k,v in req.headers.items()
|
|
|
|
|
if k.lower() not in ("content-length", "content-type")
|
|
|
|
|
)
|
|
|
|
|
log.debug("Redirecting to %s", newurl)
|
|
|
|
|
return u2.Request(newurl,
|
|
|
|
|
data=req.data, # here we pass the original data
|
|
|
|
|
headers=newheaders,
|
|
|
|
|
origin_req_host=req.get_origin_req_host(),
|
|
|
|
|
unverifiable=True,
|
|
|
|
|
)
|
|
|
|
|
else:
|
|
|
|
|
raise u2.HTTPError(req.get_full_url(), code, msg, headers, fp)
|
|
|
|
|
|
|
|
|
|
class MyHTTPResponse(httplib.HTTPResponse):
|
|
|
|
|
|
|
|
|
|
def __init__(self, sock, debuglevel=0, strict=0, method=None):
|
|
|
|
|
|
|
|
|
|
httplib.HTTPResponse.__init__(self, sock, debuglevel, strict, method)
|
|
|
|
|
|
|
|
|
|
class CheckingHTTPSConnection(httplib.HTTPSConnection):
|
|
|
|
|
"""based on httplib.HTTPSConnection code - extended to support
|
|
|
|
|
server certificate verification and client certificate authorization"""
|
|
|
|
|
|
|
|
|
|
response_class = MyHTTPResponse
|
|
|
|
|
|
|
|
|
|
FORCE_SSL_VERSION = None
|
|
|
|
|
SERVER_CERT_CHECK = True # might be turned off when a workaround is needed
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def __init__(self, host, ca_certs=None, cert_verifier=None,
|
|
|
|
|
keyobj=None, certobj=None, **kw):
|
|
|
|
|
"""cert_verifier is a function returning either True or False
|
|
|
|
|
based on whether the certificate was found to be OK,
|
|
|
|
|
keyobj and certobj represent internal PyOpenSSL structures holding
|
|
|
|
|
the key and certificate respectively.
|
|
|
|
|
"""
|
|
|
|
|
httplib.HTTPSConnection.__init__(self, host, **kw)
|
|
|
|
|
self.ca_certs = ca_certs
|
|
|
|
|
self.cert_verifier = cert_verifier
|
|
|
|
|
self.keyobj = keyobj
|
|
|
|
|
self.certobj = certobj
|
|
|
|
|
|
|
|
|
|
def connect(self):
|
|
|
|
|
sock = socket.create_connection((self.host, self.port), self.timeout)
|
|
|
|
|
if hasattr(self, '_tunnel_host') and self._tunnel_host:
|
|
|
|
|
self.sock = sock
|
|
|
|
|
self._tunnel()
|
|
|
|
|
if self.FORCE_SSL_VERSION:
|
|
|
|
|
add = {'ssl_version': self.FORCE_SSL_VERSION}
|
|
|
|
|
else:
|
|
|
|
|
add = {}
|
|
|
|
|
if self.SERVER_CERT_CHECK and self.ca_certs:
|
|
|
|
|
add['cert_reqs'] = ssl.CERT_REQUIRED
|
|
|
|
|
else:
|
|
|
|
|
add['cert_reqs'] = ssl.CERT_NONE
|
|
|
|
|
# try to use PyOpenSSL by default
|
|
|
|
|
if PYOPENSSL_AVAILABLE:
|
|
|
|
|
wrap_class = PyOpenSSLSocket
|
|
|
|
|
add['keyobj'] = self.keyobj
|
|
|
|
|
add['certobj'] = self.certobj
|
|
|
|
|
add['keyfile'] = self.key_file
|
|
|
|
|
add['certfile'] = self.cert_file
|
|
|
|
|
else:
|
|
|
|
|
wrap_class = ssl.SSLSocket
|
|
|
|
|
self.sock = wrap_class(sock, ca_certs=self.ca_certs, **add)
|
|
|
|
|
#if self.cert_verifier and self.SERVER_CERT_CHECK:
|
|
|
|
|
# if not self.cert_verifier(self.sock.getpeercert()):
|
|
|
|
|
# raise Exception("Server certificate did not pass security check.",
|
|
|
|
|
# self.sock.getpeercert())
|
|
|
|
|
|
|
|
|
|
class CheckingHTTPSHandler(u2.HTTPSHandler):
|
|
|
|
|
|
|
|
|
|
def __init__(self, ca_certs=None, cert_verifier=None,
|
|
|
|
|
client_certfile=None, client_keyfile=None,
|
|
|
|
|
client_keyobj=None, client_certobj=None,
|
|
|
|
|
*args, **kw):
|
|
|
|
|
"""cert_verifier is a function returning either True or False
|
|
|
|
|
based on whether the certificate was found to be OK"""
|
|
|
|
|
u2.HTTPSHandler.__init__(self, *args, **kw)
|
|
|
|
|
self.ca_certs = ca_certs
|
|
|
|
|
self.cert_verifier = cert_verifier
|
|
|
|
|
self.client_keyfile = client_keyfile # filename
|
|
|
|
|
self.client_certfile = client_certfile # filename
|
|
|
|
|
self.keyobj = client_keyobj
|
|
|
|
|
self.certobj = client_certobj
|
|
|
|
|
#self.set_http_debuglevel(100)
|
|
|
|
|
|
|
|
|
|
def https_open(self, req):
|
|
|
|
|
def open(*args, **kw):
|
|
|
|
|
new_kw = dict(ca_certs=self.ca_certs,
|
|
|
|
|
cert_verifier=self.cert_verifier,
|
|
|
|
|
cert_file=self.client_certfile,
|
|
|
|
|
key_file=self.client_keyfile,
|
|
|
|
|
keyobj=self.keyobj,
|
|
|
|
|
certobj=self.certobj)
|
|
|
|
|
new_kw.update(kw)
|
|
|
|
|
return CheckingHTTPSConnection(*args, **new_kw)
|
|
|
|
|
return self.do_open(open, req)
|
|
|
|
|
|
|
|
|
|
https_request = u2.AbstractHTTPHandler.do_request_
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class AddServerCert (qt.QDialog):
|
|
|
|
|
def __init__(self, parent, ClientObj, cert):
|
|
|
|
|
super(AddServerCert, self).__init__()
|
|
|
|
|