@ -1,4 +1,4 @@
# -*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
#
#
@ -15,41 +15,51 @@
# limitations under the License.
# limitations under the License.
import urllib2 as u2
import urllib2 as u2
if hasattr ( u2 , " ssl " ) :
if hasattr ( u2 , " ssl " ) :
u2 . ssl . _create_default_https_context = u2 . ssl . _create_unverified_context
u2 . ssl . _create_default_https_context = u2 . ssl . _create_unverified_context
import os , sys
import os
import socket , ssl
import sys
import OpenSSL , hashlib , M2Crypto
import socket
import ssl
import OpenSSL
import hashlib
import M2Crypto
from calculate . core . datavars import DataVarsCore
from calculate . core . datavars import DataVarsCore
from calculate . lib . datavars import DataVars
from calculate . lib . datavars import DataVars
from sudsds . client import Client
from sudsds . client import Client
from cert_verify import verify , get_CRL
from cert_verify import verify , get_CRL
from sudsds . transport . http import HttpTransport , SUDSHTTPRedirectHandler , \
from sudsds . transport . http import ( HttpTransport , SUDSHTTPRedirectHandler ,
CheckingHTTPSConnection , CheckingHTTPSHandler , \
CheckingHTTPSConnection ,
PYOPENSSL_AVAILABLE , PyOpenSSLSocket
CheckingHTTPSHandler ,
PYOPENSSL_AVAILABLE , PyOpenSSLSocket )
from sudsds . transport import Transport
from sudsds . transport import Transport
from sudsds . properties import Unskin
from sudsds . properties import Unskin
from cookielib import CookieJar , DefaultCookiePolicy
from cookielib import CookieJar , DefaultCookiePolicy
from logging import getLogger
from logging import getLogger
from calculate . console . datavars import DataVarsConsole
from calculate . console . datavars import DataVarsConsole
from calculate . lib . cl_lang import setLocalTranslate
from calculate . lib . cl_lang import setLocalTranslate
setLocalTranslate ( ' cl_console3 ' , sys . modules [ __name__ ] )
_ = lambda x : x
setLocalTranslate ( ' cl_console3 ' , sys . modules [ __name__ ] )
log = getLogger ( __name__ )
log = getLogger ( __name__ )
flag = 0
flag = 0
class Client_suds ( Client ) :
class Client_suds ( Client ) :
def set_parameters ( self , path_to_cert , CERT_FILE , PKEY_FILE ) :
def set_parameters ( self , path_to_cert , CERT_FILE , PKEY_FILE ) :
self . path_to_cert = path_to_cert
self . path_to_cert = path_to_cert
if not CERT_FILE :
if not CERT_FILE :
CERT_FILE = ' '
CERT_FILE = ' '
self . CERT_FILE = CERT_FILE
self . CERT_FILE = CERT_FILE
self . REQ_FILE = path_to_cert + ' client.csr '
self . REQ_FILE = path_to_cert + ' client.csr '
self . PKEY_FILE = PKEY_FILE
self . PKEY_FILE = PKEY_FILE
self . SID_FILE = path_to_cert + ' sid.int '
self . SID_FILE = path_to_cert + ' sid.int '
self . CRL_PATH = path_to_cert + ' ca/crl/ '
self . CRL_PATH = path_to_cert + ' ca/crl/ '
if not os . path . exists ( self . CRL_PATH ) :
if not os . path . exists ( self . CRL_PATH ) :
os . makedirs ( self . CRL_PATH )
os . makedirs ( self . CRL_PATH )
class CheckingClientHTTPSConnection ( CheckingHTTPSConnection ) :
class CheckingClientHTTPSConnection ( CheckingHTTPSConnection ) :
""" based on httplib.HTTPSConnection code - extended to support
""" based on httplib.HTTPSConnection code - extended to support
server certificate verification and client certificate authorization """
server certificate verification and client certificate authorization """
@ -63,14 +73,14 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
"""
"""
CheckingHTTPSConnection . __init__ ( self , host , ca_certs , cert_verifier ,
CheckingHTTPSConnection . __init__ ( self , host , ca_certs , cert_verifier ,
keyobj , certobj , * * kw )
keyobj , certobj , * * kw )
# self.ClientObj = ClientObj
# self.ClientObj = ClientObj
self . cert_path = cert_path
self . cert_path = cert_path
self . ca_certs = ca_certs
self . ca_certs = ca_certs
self . CRL_PATH = os . path . join ( cert_path , ' ca/crl/ ' )
self . CRL_PATH = os . path . join ( cert_path , ' ca/crl/ ' )
self . wait_thread = wait_thread
self . wait_thread = wait_thread
# get filename store cert server
# get filename store cert server
def cert_list ( self , host , ca_certs , server_cert ) :
def cert_list ( self , host , ca_certs , server_cert ) :
if host == ' 127.0.0.1 ' :
if host == ' 127.0.0.1 ' :
host = ' localhost '
host = ' localhost '
if not os . path . exists ( self . trusted_path ) :
if not os . path . exists ( self . trusted_path ) :
@ -79,7 +89,7 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
except OSError :
except OSError :
pass
pass
if not os . path . exists ( ca_certs ) :
if not os . path . exists ( ca_certs ) :
fc = open ( ca_certs , " w " )
fc = open ( ca_certs , " w " )
fc . close ( )
fc . close ( )
filename = None
filename = None
try :
try :
@ -107,13 +117,13 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
except :
except :
print _ ( " Failed to open the file " ) , self . trusted_path , filename
print _ ( " Failed to open the file " ) , self . trusted_path , filename
return None
return None
def add_all_ca_cert ( self , list_ca_certs ) :
def add_all_ca_cert ( self , list_ca_certs ) :
# so root cert be first, ca after
# so root cert be first, ca after
clVarsCore = DataVarsCore ( )
clVarsCore = DataVarsCore ( )
clVarsCore . importCore ( )
clVarsCore . importCore ( )
clVarsCore . flIniFile ( )
clVarsCore . flIniFile ( )
list_ca_certs . reverse ( )
list_ca_certs . reverse ( )
system_ca_db = clVarsCore . Get ( ' core.cl_glob_root_cert ' )
system_ca_db = clVarsCore . Get ( ' core.cl_glob_root_cert ' )
@ -121,11 +131,11 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
clVars . flIniFile ( )
clVars . flIniFile ( )
homePath = clVars . Get ( ' ur_home_path ' )
homePath = clVars . Get ( ' ur_home_path ' )
cl_client_cert_dir = clVarsCore . Get ( ' core.cl_client_cert_dir ' )
cl_client_cert_dir = clVarsCore . Get ( ' core.cl_client_cert_dir ' )
cl_client_cert_dir = cl_client_cert_dir . replace ( " ~ " , homePath )
cl_client_cert_dir = cl_client_cert_dir . replace ( " ~ " , homePath )
root_cert_md5 = os . path . join ( cl_client_cert_dir , " ca/cert_list " )
root_cert_md5 = os . path . join ( cl_client_cert_dir , " ca/cert_list " )
user_root_cert = clVarsCore . Get ( ' core.cl_user_root_cert ' )
user_root_cert = clVarsCore . Get ( ' core.cl_user_root_cert ' )
user_root_cert = user_root_cert . replace ( " ~ " , homePath )
user_root_cert = user_root_cert . replace ( " ~ " , homePath )
for cert in list_ca_certs :
for cert in list_ca_certs :
if os . path . exists ( system_ca_db ) :
if os . path . exists ( system_ca_db ) :
@ -141,40 +151,41 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
md5sum = md5 . hexdigest ( )
md5sum = md5 . hexdigest ( )
print " \n ================================================= "
print " \n ================================================= "
print " md5sum = " , md5sum
print " md5sum = " , md5sum
if not os . path . exists ( root_cert_md5 ) :
if not os . path . exists ( root_cert_md5 ) :
fc = open ( root_cert_md5 , " w " )
fc = open ( root_cert_md5 , " w " )
fc . close ( )
fc . close ( )
filename = None
filename = None
with open ( root_cert_md5 ) as fd :
with open ( root_cert_md5 ) as fd :
t = fd . read ( )
t = fd . read ( )
# for each line
# for each line
for line in t . splitlines ( ) :
for line in t . splitlines ( ) :
# Split string into a words list
# Split string into a words list
words = line . split ( ' ' , 1 )
words = line . split ( ' ' , 1 )
if words [ 0 ] == md5sum :
if words [ 0 ] == md5sum :
filename = words [ 1 ]
filename = words [ 1 ]
if not filename :
if not filename :
certobj = OpenSSL . crypto . load_certificate \
certobj = OpenSSL . crypto . load_certificate (
( OpenSSL . SSL . FILETYPE_PEM , cert )
OpenSSL . SSL . FILETYPE_PEM , cert )
Issuer = certobj . get_issuer ( ) . get_components ( )
Issuer = certobj . get_issuer ( ) . get_components ( )
for item in Issuer :
for item in Issuer :
if item [ 0 ] == ' CN ' :
if item [ 0 ] == ' CN ' :
filename = item [ 1 ]
filename = item [ 1 ]
fc = open ( root_cert_md5 , " a " )
fc = open ( root_cert_md5 , " a " )
fc . write ( ' %s %s \n ' % ( md5sum , filename ) )
fc . write ( ' %s %s \n ' % ( md5sum , filename ) )
fc . close ( )
fc . close ( )
if not filename :
if not filename :
print _ ( ' Field " CN " not found in the certificate! ' )
print _ ( ' Field " CN " not found in the certificate! ' )
return 1
return 1
fd = open ( os . path . join ( cl_client_cert_dir , ' ca/ ' , filename ) , ' w ' )
fd = open ( os . path . join ( cl_client_cert_dir , ' ca/ ' , filename ) ,
' w ' )
fd . write ( cert )
fd . write ( cert )
fd . close ( )
fd . close ( )
fa = open ( user_root_cert , ' a ' )
fa = open ( user_root_cert , ' a ' )
fa . write ( cert )
fa . write ( cert )
fa . close ( )
fa . close ( )
@ -185,9 +196,9 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
get_CRL ( cl_client_cert_dir )
get_CRL ( cl_client_cert_dir )
def add_ca_cert ( self , cert , list_ca_certs ) :
def add_ca_cert ( self , cert , list_ca_certs ) :
url = ' https:// %s : %s /?wsdl ' % ( self . host , self . port )
url = ' https:// %s : %s /?wsdl ' % ( self . host , self . port )
client = Client_suds ( url , transport = HTTPSClientCertTransport \
client = Client_suds (
( None , None , self . cert_path ) )
url , transport = HTTPSClientCertTransport ( None , None , self . cert_path ) )
client . wsdl . services [ 0 ] . setlocation ( url )
client . wsdl . services [ 0 ] . setlocation ( url )
cert = client . service . get_ca ( )
cert = client . service . get_ca ( )
if cert == ' 1 ' :
if cert == ' 1 ' :
@ -197,10 +208,10 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
if cert == ' 2 ' :
if cert == ' 2 ' :
print _ ( " CA certificate not found on the server " )
print _ ( " CA certificate not found on the server " )
raise Exception ( 1 )
raise Exception ( 1 )
try :
try :
certobj = OpenSSL . crypto . load_certificate \
certobj = OpenSSL . crypto . load_certificate (
( OpenSSL . SSL . FILETYPE_PEM , cert )
OpenSSL . SSL . FILETYPE_PEM , cert )
except :
except :
print _ ( " Error. Certificate not added to trusted " )
print _ ( " Error. Certificate not added to trusted " )
raise Exception ( 1 )
raise Exception ( 1 )
@ -209,13 +220,13 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
Issuer = certobj . get_issuer ( ) . get_components ( )
Issuer = certobj . get_issuer ( ) . get_components ( )
print ' \n ' , _ ( " Issuer " )
print ' \n ' , _ ( " Issuer " )
for i in Issuer :
for i in Issuer :
print " %s : %s " % ( i [ 0 ] , i [ 1 ] )
print " %s : %s " % ( i [ 0 ] , i [ 1 ] )
Subject = certobj . get_subject ( ) . get_components ( )
Subject = certobj . get_subject ( ) . get_components ( )
print ' \n ' , _ ( " Subject " )
print ' \n ' , _ ( " Subject " )
for subj in Subject :
for subj in Subject :
print " %s : %s " % ( subj [ 0 ] , subj [ 1 ] )
print " %s : %s " % ( subj [ 0 ] , subj [ 1 ] )
ans = raw_input ( _ ( " Add the CA certificate to trusted? y/[n]: " ) )
ans = raw_input ( _ ( " Add the CA certificate to trusted? y/[n]: " ) )
if ans . lower ( ) in [ ' y ' , ' yes ' ] :
if ans . lower ( ) in [ ' y ' , ' yes ' ] :
list_ca_certs . append ( cert )
list_ca_certs . append ( cert )
self . add_all_ca_cert ( list_ca_certs )
self . add_all_ca_cert ( list_ca_certs )
else :
else :
@ -225,35 +236,36 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
def add_server_cert ( self , cert ) :
def add_server_cert ( self , cert ) :
self . wait_thread . stop ( )
self . wait_thread . stop ( )
print _ ( " Untrusted server certificate! " )
print _ ( " Untrusted server certificate! " )
certobj = OpenSSL . crypto . load_certificate \
certobj = OpenSSL . crypto . load_certificate (
( OpenSSL . SSL . FILETYPE_PEM , cert )
OpenSSL . SSL . FILETYPE_PEM , cert )
print ' \n ' + _ ( " Fingerprint = %s " ) % certobj . digest ( ' SHA1 ' )
print ' \n ' + _ ( " Fingerprint = %s " ) % certobj . digest ( ' SHA1 ' )
print _ ( " Serial Number = " ) , certobj . get_serial_number ( )
print _ ( " Serial Number = " ) , certobj . get_serial_number ( )
Issuer = certobj . get_issuer ( ) . get_components ( )
Issuer = certobj . get_issuer ( ) . get_components ( )
print ' \n ' + _ ( " Issuer " )
print ' \n ' + _ ( " Issuer " )
for i in Issuer :
for i in Issuer :
print " %s : %s " % ( i [ 0 ] , i [ 1 ] )
print " %s : %s " % ( i [ 0 ] , i [ 1 ] )
Subject = certobj . get_subject ( ) . get_components ( )
Subject = certobj . get_subject ( ) . get_components ( )
print ' \n ' + _ ( " Subject " )
print ' \n ' + _ ( " Subject " )
for item in Subject :
for item in Subject :
print " %s : %s " % ( item [ 0 ] , item [ 1 ] )
print " %s : %s " % ( item [ 0 ] , item [ 1 ] )
print ' \n ' + _ ( ' Add this server certificate to trusted (s) or ' )
print ' \n ' + _ ( ' Add this server certificate to trusted (s) or ' )
print _ ( ' Try to add the CA and root certificates to trusted (c) or ' )
print _ ( ' Try to add the CA and root certificates to trusted (c) or ' )
choice = raw_input ( _ ( " Quit (q)? s/c/[q]: " ) )
choice = raw_input ( _ ( " Quit (q)? s/c/[q]: " ) )
if choice . lower ( ) in [ ' s ' , ' c ' ] :
if choice . lower ( ) in [ ' s ' , ' c ' ] :
# self.sock = ssl.wrap_socket(sock)
# self.sock = ssl.wrap_socket(sock)
ca_certs = os . path . join ( self . trusted_path , " cert.list " )
ca_certs = os . path . join ( self . trusted_path , " cert.list " )
if not os . path . exists ( ca_certs ) :
if not os . path . exists ( ca_certs ) :
fc = open ( ca_certs , " w " )
fc = open ( ca_certs , " w " )
fc . close ( )
fc . close ( )
if self . host == ' 127.0.0.1 ' :
if self . host == ' 127.0.0.1 ' :
host = ' localhost '
host = ' localhost '
else : host = self . host
else :
host = self . host
filename = host
filename = host
fc = open ( self . trusted_path + filename , " w " )
fc = open ( self . trusted_path + filename , " w " )
fc . write ( cert )
fc . write ( cert )
fc . close ( )
fc . close ( )
with open ( ca_certs ) as fd :
with open ( ca_certs ) as fd :
@ -267,7 +279,7 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
if words [ 0 ] == host :
if words [ 0 ] == host :
return 0
return 0
# Open file with compliance server certificates and server hostname
# Open file with compliance server certificates and server hostname
fcl = open ( ca_certs , " a " )
fcl = open ( ca_certs , " a " )
fcl . write ( host + ' ' + filename + ' \n ' )
fcl . write ( host + ' ' + filename + ' \n ' )
fcl . close ( )
fcl . close ( )
if choice . lower ( ) != ' c ' :
if choice . lower ( ) != ' c ' :
@ -278,26 +290,26 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
clVars . flIniFile ( )
clVars . flIniFile ( )
cl_client_cert_dir = clVars . Get ( ' core.cl_client_cert_dir ' )
cl_client_cert_dir = clVars . Get ( ' core.cl_client_cert_dir ' )
homePath = clVars . Get ( ' ur_home_path ' )
homePath = clVars . Get ( ' ur_home_path ' )
cl_client_cert_dir = cl_client_cert_dir . replace ( " ~ " , homePath )
cl_client_cert_dir = cl_client_cert_dir . replace ( " ~ " , homePath )
root_cert_dir = os . path . join ( cl_client_cert_dir , " ca " )
root_cert_dir = os . path . join ( cl_client_cert_dir , " ca " )
if not os . path . exists ( root_cert_dir ) :
if not os . path . exists ( root_cert_dir ) :
try :
try :
os . makedirs ( root_cert_dir )
os . makedirs ( root_cert_dir )
except OSError :
except OSError :
print _ ( " Failed to create directory %s " ) % root_cert_dir
print _ ( " Failed to create directory %s " ) % root_cert_dir
raise Exception ( 1 )
raise Exception ( 1 )
print ' \n ' + _ ( " Add the CA and root certificates " )
print ' \n ' + _ ( " Add the CA and root certificates " )
self . list_ca_certs = [ ]
self . list_ca_certs = [ ]
self . add_ca_cert ( cert , self . list_ca_certs )
self . add_ca_cert ( cert , self . list_ca_certs )
return 3
return 3
elif not choice . lower ( ) in [ ' c ' , ' s ' ] :
elif not choice . lower ( ) in [ ' c ' , ' s ' ] :
return 4
return 4
def connect_trusted_root ( self , sock , root_cert , crl_certs ) :
def connect_trusted_root ( self , sock , root_cert , crl_certs ) :
self . ca_path = self . cert_path + " ca/ "
self . ca_path = self . cert_path + " ca/ "
server_cert = ssl . get_server_certificate ( addr = ( self . host , self . port ) )
server_cert = ssl . get_server_certificate ( addr = ( self . host , self . port ) )
global flag
global flag
if self . cert_file :
if self . cert_file :
@ -308,6 +320,7 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
raise Exception ( 1 )
raise Exception ( 1 )
else :
else :
import time
import time
time . sleep ( 0.1 )
time . sleep ( 0.1 )
try :
try :
@ -333,7 +346,7 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
def connect_trusted_server ( self , sock , crl_certs ) :
def connect_trusted_server ( self , sock , crl_certs ) :
self . trusted_path = self . cert_path + " trusted/ "
self . trusted_path = self . cert_path + " trusted/ "
ca_cert_list = self . trusted_path + " cert.list "
ca_cert_list = self . trusted_path + " cert.list "
server_cert = ssl . get_server_certificate ( addr = ( self . host , self . port ) )
server_cert = ssl . get_server_certificate ( addr = ( self . host , self . port ) )
global flag
global flag
if self . cert_file :
if self . cert_file :
f = verify ( server_cert , crl_certs , flag )
f = verify ( server_cert , crl_certs , flag )
@ -341,10 +354,10 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
flag = 1
flag = 1
elif f == 1 :
elif f == 1 :
raise Exception ( 1 )
raise Exception ( 1 )
# if not hasattr(HTTPSClientCertTransport, 'filename') or \
# if not hasattr(HTTPSClientCertTransport, 'filename') or \
# HTTPSClientCertTransport.filename == None:
# HTTPSClientCertTransport.filename == None:
HTTPSClientCertTransport . filename = self . cert_list \
HTTPSClientCertTransport . filename = self . cert_list (
( self . host , ca_cert_list , server_cert )
self . host , ca_cert_list , server_cert )
if HTTPSClientCertTransport . filename :
if HTTPSClientCertTransport . filename :
try :
try :
if self . FORCE_SSL_VERSION :
if self . FORCE_SSL_VERSION :
@ -365,7 +378,6 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
return 0
return 0
except Exception :
except Exception :
# print (e)
HTTPSClientCertTransport . filename = None
HTTPSClientCertTransport . filename = None
return 1
return 1
else :
else :
@ -382,47 +394,51 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
self . Vars . flIniFile ( )
self . Vars . flIniFile ( )
user_root_cert = self . Vars . Get ( ' core.cl_user_root_cert ' )
user_root_cert = self . Vars . Get ( ' core.cl_user_root_cert ' )
homePath = self . Vars . Get ( ' ur_home_path ' )
homePath = self . Vars . Get ( ' ur_home_path ' )
user_root_cert = user_root_cert . replace ( " ~ " , homePath )
user_root_cert = user_root_cert . replace ( " ~ " , homePath )
result_user_root = 1
result_user_root = 1
while True :
while True :
if os . path . exists ( user_root_cert ) :
if os . path . exists ( user_root_cert ) :
result_user_root = self . connect_trusted_root ( sock , \
result_user_root = self . connect_trusted_root ( sock ,
user_root_cert , self . CRL_PATH )
user_root_cert ,
self . CRL_PATH )
if result_user_root == 1 :
if result_user_root == 1 :
glob_root_cert = self . Vars . Get ( ' core.cl_glob_root_cert ' )
glob_root_cert = self . Vars . Get ( ' core.cl_glob_root_cert ' )
result_root_con = 1
result_root_con = 1
if os . path . exists ( glob_root_cert ) :
if os . path . exists ( glob_root_cert ) :
sock = socket . create_connection ( ( self . host , self . port ) ,
sock = socket . create_connection ( ( self . host , self . port ) ,
self . timeout , self . source_address )
self . timeout ,
self . source_address )
if self . _tunnel_host :
if self . _tunnel_host :
self . sock = sock
self . sock = sock
self . _tunnel ( )
self . _tunnel ( )
result_root_con = self . connect_trusted_root ( sock , \
result_root_con = self . connect_trusted_root ( sock ,
glob_root_cert , self . CRL_PATH )
glob_root_cert ,
self . CRL_PATH )
if result_root_con == 1 :
if result_root_con == 1 :
sock = socket . create_connection ( ( self . host , self . port ) ,
sock = socket . create_connection ( ( self . host , self . port ) ,
self . timeout , self . source_address )
self . timeout ,
self . source_address )
if self . _tunnel_host :
if self . _tunnel_host :
self . sock = sock
self . sock = sock
self . _tunnel ( )
self . _tunnel ( )
result_server_con = self . connect_trusted_server \
result_server_con = self . connect_trusted_server (
( sock , self . CRL_PATH )
sock , self . CRL_PATH )
if result_server_con in [ 1 , 2 ] :
if result_server_con in [ 1 , 2 ] :
raise Exception ( 1 )
raise Exception ( 1 )
elif result_server_con == 3 :
elif result_server_con == 3 :
continue
continue
elif result_server_con == 4 :
elif result_server_con == 4 :
print _ ( ' This server is not trusted ' )
print _ ( ' This server is not trusted ' )
self . wait_thread . stop ( )
self . wait_thread . stop ( )
sys . exit ( 1 )
sys . exit ( 1 )
# raise Exception (_('This server is not trusted'))
elif result_root_con == 2 :
elif result_root_con == 2 :
raise Exception ( 1 )
raise Exception ( 1 )
elif result_user_root == 2 :
elif result_user_root == 2 :
raise Exception ( 1 )
raise Exception ( 1 )
break
break
class CheckingClientHTTPSHandler ( CheckingHTTPSHandler ) :
class CheckingClientHTTPSHandler ( CheckingHTTPSHandler ) :
def __init__ ( self , cert_path , ca_certs = None , cert_verifier = None ,
def __init__ ( self , cert_path , ca_certs = None , cert_verifier = None ,
client_certfile = None , client_keyfile = None ,
client_certfile = None , client_keyfile = None ,
@ -431,9 +447,9 @@ class CheckingClientHTTPSHandler(CheckingHTTPSHandler):
""" cert_verifier is a function returning either True or False
""" cert_verifier is a function returning either True or False
based on whether the certificate was found to be OK """
based on whether the certificate was found to be OK """
CheckingHTTPSHandler . __init__ ( self , ca_certs , cert_verifier ,
CheckingHTTPSHandler . __init__ ( self , ca_certs , cert_verifier ,
client_keyfile , client_certfile ,
client_keyfile , client_certfile ,
client_keyobj , client_certobj )
client_keyobj , client_certobj )
# self.ClientObj = ClientObj
# self.ClientObj = ClientObj
self . cert_path = cert_path
self . cert_path = cert_path
self . wait_thread = wait_thread
self . wait_thread = wait_thread
@ -448,58 +464,63 @@ class CheckingClientHTTPSHandler(CheckingHTTPSHandler):
new_kw . update ( kw )
new_kw . update ( kw )
return CheckingClientHTTPSConnection ( self . cert_path ,
return CheckingClientHTTPSConnection ( self . cert_path ,
* args , * * new_kw )
* args , * * new_kw )
return self . do_open ( open , req )
return self . do_open ( open , req )
https_request = u2 . AbstractHTTPHandler . do_request_
https_request = u2 . AbstractHTTPHandler . do_request_
class HTTPSClientCertTransport ( HttpTransport ) :
class HTTPSClientCertTransport ( HttpTransport ) :
def __init__ ( self , key , cert , path_to_cert , password = None ,
def __init__ ( self , key , cert , path_to_cert , password = None ,
ca_certs = None , cert_verifier = None ,
ca_certs = None , cert_verifier = None ,
client_keyfile = None , client_certfile = None ,
client_keyfile = None , client_certfile = None ,
client_keyobj = None , client_certobj = None ,
client_keyobj = None , client_certobj = None ,
cookie_callback = None , user_agent_string = None ,
cookie_callback = None , user_agent_string = None ,
wait_thread = None , * * kwargs ) :
wait_thread = None , * * kwargs ) :
Transport . __init__ ( self )
Transport . __init__ ( self )
# self.ClientObj = parent
# self.ClientObj = parent
self . key = key
self . key = key
self . cert = cert
self . cert = cert
self . cert_path = path_to_cert
self . cert_path = path_to_cert
if key :
if key :
client_certobj = OpenSSL . crypto . load_certificate \
client_certobj = OpenSSL . crypto . load_certificate (
( OpenSSL . SSL . FILETYPE_PEM , file ( cert ) . read ( ) )
OpenSSL . SSL . FILETYPE_PEM , file ( cert ) . read ( ) )
if password :
if password :
client_keyobj = OpenSSL . crypto . load_privatekey \
client_keyobj = OpenSSL . crypto . load_privatekey (
( OpenSSL . SSL . FILETYPE_PEM , file ( key ) . read ( ) ,
OpenSSL . SSL . FILETYPE_PEM , file ( key ) . read ( ) , str ( password ) )
str ( password ) )
else :
else :
bio = M2Crypto . BIO . openfile ( key )
bio = M2Crypto . BIO . openfile ( key )
rsa = M2Crypto . m2 . rsa_read_key ( bio . _ptr ( ) , lambda * unused : None )
rsa = M2Crypto . m2 . rsa_read_key ( bio . _ptr ( ) , lambda * unused : None )
if not rsa :
if not rsa :
raise OpenSSL . crypto . Error
raise OpenSSL . crypto . Error
client_keyobj = OpenSSL . crypto . load_privatekey \
client_keyobj = OpenSSL . crypto . load_privatekey (
( OpenSSL . SSL . FILETYPE_PEM , file ( key ) . read ( ) )
OpenSSL . SSL . FILETYPE_PEM , file ( key ) . read ( ) )
Unskin ( self . options ) . update ( kwargs )
Unskin ( self . options ) . update ( kwargs )
self . cookiejar = CookieJar ( DefaultCookiePolicy ( ) )
self . cookiejar = CookieJar ( DefaultCookiePolicy ( ) )
self . cookie_callback = cookie_callback
self . cookie_callback = cookie_callback
self . user_agent_string = user_agent_string
self . user_agent_string = user_agent_string
log . debug ( " Proxy: %s " , self . options . proxy )
log . debug ( " Proxy: %s " , self . options . proxy )
from dslib . network import ProxyManager
from dslib . network import ProxyManager
proxy_handler = ProxyManager . HTTPS_PROXY . create_proxy_handler ( )
proxy_handler = ProxyManager . HTTPS_PROXY . create_proxy_handler ( )
proxy_auth_handler = \
proxy_auth_handler = \
ProxyManager . HTTPS_PROXY . create_proxy_auth_handler ( )
ProxyManager . HTTPS_PROXY . create_proxy_auth_handler ( )
if ca_certs or ( client_keyfile and client_certfile ) \
if ( ca_certs or ( client_keyfile and client_certfile )
or ( client_keyobj and client_certobj ) :
or ( client_keyobj and client_certobj ) ) :
https_handler = CheckingClientHTTPSHandler ( cert_path = path_to_cert ,
https_handler = CheckingClientHTTPSHandler (
ca_certs = ca_certs , cert_verifier = cert_verifier ,
cert_path = path_to_cert ,
client_keyfile = client_keyfile , client_certfile = \
ca_certs = ca_certs ,
client_certfile , client_keyobj = client_keyobj ,
cert_verifier = cert_verifier ,
client_certobj = client_certobj ,
client_keyfile = client_keyfile ,
wait_thread = wait_thread )
client_certfile = client_certfile ,
client_keyobj = client_keyobj ,
client_certobj = client_certobj ,
wait_thread = wait_thread )
else :
else :
https_handler = u2 . HTTPSHandler ( )
https_handler = u2 . HTTPSHandler ( )
self . urlopener = u2 . build_opener ( SUDSHTTPRedirectHandler ( ) ,
self . urlopener = u2 . build_opener ( SUDSHTTPRedirectHandler ( ) ,
u2 . HTTPCookieProcessor ( self . cookiejar ) ,
u2 . HTTPCookieProcessor ( self . cookiejar ) ,
https_handler )
https_handler )
if proxy_handler :
if proxy_handler :
self . urlopener . add_handler ( proxy_handler )
self . urlopener . add_handler ( proxy_handler )
if proxy_auth_handler :
if proxy_auth_handler :