Repository: libcloud Updated Branches: refs/heads/trunk 4c9d0333a -> d8757c9d3
start building signed request adapter for the requests package Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/64e0b3c9 Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/64e0b3c9 Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/64e0b3c9 Branch: refs/heads/trunk Commit: 64e0b3c9fb7693747c2078adf9c1c3b47b6065e1 Parents: 4c9d033 Author: Anthony Shaw <anthonys...@apache.org> Authored: Sun Apr 2 10:32:49 2017 +1000 Committer: Anthony Shaw <anthonys...@apache.org> Committed: Sun Apr 2 10:32:49 2017 +1000 ---------------------------------------------------------------------- libcloud/common/base.py | 2 -- libcloud/httplib_ssl.py | 68 ++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 66 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/libcloud/blob/64e0b3c9/libcloud/common/base.py ---------------------------------------------------------------------- diff --git a/libcloud/common/base.py b/libcloud/common/base.py index de0c68a..0d458fc 100644 --- a/libcloud/common/base.py +++ b/libcloud/common/base.py @@ -468,8 +468,6 @@ class Connection(object): if not hasattr(kwargs, 'cert_file') and hasattr(self, 'cert_file'): kwargs.update({'cert_file': getattr(self, 'cert_file')}) - # kwargs = {'host': host, 'port': int(port)} - # Timeout is only supported in Python 2.6 and later # http://docs.python.org/library/httplib.html#httplib.HTTPConnection if self.timeout and not PY25: http://git-wip-us.apache.org/repos/asf/libcloud/blob/64e0b3c9/libcloud/httplib_ssl.py ---------------------------------------------------------------------- diff --git a/libcloud/httplib_ssl.py b/libcloud/httplib_ssl.py index 30579be..a88ea0d 100644 --- a/libcloud/httplib_ssl.py +++ b/libcloud/httplib_ssl.py @@ -21,6 +21,8 @@ verification, depending on libcloud.security settings. import os import warnings import requests +from requests.adapters import HTTPAdapter +from requests.packages.urllib3.util.ssl_ import create_urllib3_context import libcloud.security from libcloud.utils.py3 import urlparse, PY3 @@ -36,6 +38,59 @@ ALLOW_REDIRECTS = 1 HTTP_PROXY_ENV_VARIABLE_NAME = 'http_proxy' +class SignedX509Adapter(HTTPAdapter): + def __init__(self, cert_file=None, key_file=None): + self.cert_file = cert_file + self.key_file = key_file + + def init_poolmanager(self, *args, **kwargs): + self.tls_context = create_urllib3_context() + kwargs['ssl_context'] = self.tls_context + + has_sni = getattr(ssl, 'HAS_SNI', False) + + if has_sni: + self.tls_context.verify_mode = ssl.CERT_REQUIRED + + if self.cert_file and self.key_file: + self.tls_context.load_cert_chain( + certfile=self.cert_file, + keyfile=self.key_file, + password=None) + + if self.ca_cert: + self.tls_context.load_verify_locations(cafile=self.ca_cert) + + try: + self.sock = self.tls_context.wrap_socket( + sock, + server_hostname=self.host, + ) + except: + exc = sys.exc_info()[1] + exc = get_socket_error_exception(ssl_version=ssl_version, + exc=exc) + raise exc + else: + # SNI support not available + try: + self.sock = ssl.wrap_socket( + sock, + self.key_file, + self.cert_file, + cert_reqs=ssl.CERT_REQUIRED, + ca_certs=self.ca_cert, + ssl_version=ssl_version + ) + except: + exc = sys.exc_info()[1] + exc = get_socket_error_exception(ssl_version=ssl_version, + exc=exc) + raise exc + + return super(HTTPAdapter, self).init_poolmanager(*args, **kwargs) + + class LibcloudBaseConnection(object): """ Base connection class to inherit from. @@ -139,6 +194,13 @@ class LibcloudBaseConnection(object): else: self.ca_cert = libcloud.security.CA_CERTS_PATH + def _setup_signing(self, cert_file=None, key_file=None): + """ + Setup request signing by mounting a signing + adapter to the session + """ + self.session.mount("https", SignedX509Adapter(cert_file, key_file)) + class LibcloudConnection(LibcloudBaseConnection): timeout = None @@ -158,9 +220,11 @@ class LibcloudConnection(LibcloudBaseConnection): self._setup_verify() self._setup_ca_cert() - + LibcloudBaseConnection.__init__(self) - + + if 'cert_file' in kwargs or 'key_file' in kwargs: + self._setup_signing(**kwargs) if proxy_url: self.set_http_proxy(proxy_url=proxy_url) self.session.timeout = kwargs.get('timeout', 60)
