[02dcba5] | 1 | #!/usr/local/bin/python |
---|
| 2 | |
---|
| 3 | import sys |
---|
| 4 | from M2Crypto import SSL |
---|
| 5 | |
---|
| 6 | # Turn off the matching of hostname to certificate ID |
---|
| 7 | SSL.Connection.clientPostConnectionCheck = None |
---|
| 8 | |
---|
| 9 | class ssl_context(SSL.Context): |
---|
| 10 | """ |
---|
| 11 | Simple wrapper around an M2Crypto.SSL.Context to initialize it for use with |
---|
| 12 | self-signed certs. |
---|
| 13 | """ |
---|
| 14 | def __init__(self, my_cert, trusted_certs=None, password=None): |
---|
| 15 | """ |
---|
| 16 | construct a cred_ssl_context |
---|
| 17 | |
---|
| 18 | @param my_cert: PEM file with my certificate in it |
---|
| 19 | @param trusted_certs: PEM file with trusted certs in it (optional) |
---|
| 20 | """ |
---|
| 21 | SSL.Context.__init__(self) |
---|
| 22 | |
---|
| 23 | # load_cert takes a callback to get a password, not a password, so if |
---|
| 24 | # the caller provided a password, this creates a nonce callback using a |
---|
| 25 | # lambda form. |
---|
| 26 | if password != None and not callable(password): |
---|
| 27 | # This is cute. password = lambda *args: password produces a |
---|
| 28 | # function object that returns itself rather than one that returns |
---|
| 29 | # the object itself. This is because password is an object |
---|
| 30 | # reference and after the assignment it's a lambda. So we assign |
---|
| 31 | # to a temp. |
---|
| 32 | pwd = str(password) |
---|
| 33 | password =lambda *args: pwd |
---|
| 34 | |
---|
| 35 | # The calls to str below (and above) are because the underlying SSL |
---|
| 36 | # stuff is intolerant of unicode. |
---|
| 37 | if password != None: |
---|
| 38 | self.load_cert(str(my_cert), callback=password) |
---|
| 39 | else: |
---|
| 40 | self.load_cert(str(my_cert)) |
---|
| 41 | |
---|
| 42 | # If no trusted certificates are specified, allow unknown CAs. |
---|
| 43 | if trusted_certs: |
---|
| 44 | self.load_verify_locations(trusted_certs) |
---|
| 45 | self.set_verify(SSL.verify_peer, 10) |
---|
| 46 | else: |
---|
| 47 | callb = getattr(SSL.cb, "ssl_verify_callback") |
---|
| 48 | self.set_allow_unknown_ca(True) |
---|
| 49 | self.set_verify(SSL.verify_peer, 10, |
---|
| 50 | callback=SSL.cb.ssl_verify_callback_allow_unknown_ca) |
---|
| 51 | |
---|
| 52 | # Python 2.7 broke the MCrypto 2.1 SSL_Transport. If this is an older python, |
---|
| 53 | # use SSL_Transport unchanged, otherwise use a tweaked version. Export them as |
---|
| 54 | # SSLTransport. |
---|
| 55 | if sys.version_info == 2 and sys.version_info < 7: |
---|
| 56 | from M2Crypto.m2xmlrpclib import SSL_Transport |
---|
| 57 | class SSLTransport(SSL_Transport): pass |
---|
| 58 | else: |
---|
| 59 | # Most of this is directly from M2Crypto |
---|
| 60 | import base64, string, sys |
---|
| 61 | |
---|
| 62 | from xmlrpclib import * |
---|
| 63 | import M2Crypto |
---|
| 64 | import M2Crypto.SSL, M2Crypto.httpslib, M2Crypto.m2urllib |
---|
| 65 | |
---|
| 66 | __version__ = M2Crypto.version |
---|
| 67 | |
---|
| 68 | class SSLTransport(Transport): |
---|
| 69 | |
---|
| 70 | user_agent = "M2Crypto_XMLRPC/%s - %s" % (__version__, |
---|
| 71 | Transport.user_agent) |
---|
| 72 | |
---|
| 73 | def __init__(self, ssl_context=None, *args, **kw): |
---|
| 74 | if getattr(Transport, '__init__', None) is not None: |
---|
| 75 | Transport.__init__(self, *args, **kw) |
---|
| 76 | if ssl_context is None: |
---|
| 77 | self.ssl_ctx=M2Crypto.SSL.Context('sslv23') |
---|
| 78 | else: |
---|
| 79 | self.ssl_ctx=ssl_context |
---|
| 80 | |
---|
| 81 | def request(self, host, handler, request_body, verbose=0): |
---|
| 82 | # Handle username and password. |
---|
| 83 | user_passwd, host_port = M2Crypto.m2urllib.splituser(host) |
---|
| 84 | _host, _port = M2Crypto.m2urllib.splitport(host_port) |
---|
| 85 | |
---|
| 86 | # This is a difference, was an (obsolete) HTTPS object, but |
---|
| 87 | # HTTPSConnection is more supported and clear --tvf |
---|
| 88 | h = M2Crypto.httpslib.HTTPSConnection(_host, int(_port), |
---|
| 89 | ssl_context=self.ssl_ctx) |
---|
| 90 | if verbose: |
---|
| 91 | h.set_debuglevel(1) |
---|
| 92 | |
---|
| 93 | # What follows is as in xmlrpclib.Transport. (Except the authz bit.) |
---|
| 94 | h.putrequest("POST", handler) |
---|
| 95 | |
---|
| 96 | # required by HTTP/1.1 |
---|
| 97 | h.putheader("Host", _host) |
---|
| 98 | |
---|
| 99 | # required by XML-RPC |
---|
| 100 | h.putheader("User-Agent", self.user_agent) |
---|
| 101 | h.putheader("Content-Type", "text/xml") |
---|
| 102 | h.putheader("Content-Length", str(len(request_body))) |
---|
| 103 | |
---|
| 104 | # Authorisation. |
---|
| 105 | if user_passwd is not None: |
---|
| 106 | auth=string.strip(base64.encodestring(user_passwd)) |
---|
| 107 | h.putheader('Authorization', 'Basic %s' % auth) |
---|
| 108 | |
---|
| 109 | h.endheaders() |
---|
| 110 | |
---|
| 111 | if request_body: |
---|
| 112 | h.send(request_body) |
---|
| 113 | |
---|
| 114 | # These are the modifications -- tvf |
---|
| 115 | |
---|
| 116 | resp = h.getresponse() |
---|
| 117 | errcode = resp.status |
---|
| 118 | errmsg = resp.reason |
---|
| 119 | |
---|
| 120 | # end mods -- tvf |
---|
| 121 | |
---|
| 122 | if errcode != 200: |
---|
| 123 | raise ProtocolError( |
---|
| 124 | host + handler, |
---|
| 125 | errcode, errmsg, |
---|
| 126 | headers |
---|
| 127 | ) |
---|
| 128 | |
---|
| 129 | self.verbose = verbose |
---|
| 130 | return self.parse_response(resp) |
---|
| 131 | |
---|