def robot_init():
	
	e = Engine.load_dynamic_engine("pkcs11", "/usr/local/lib/engine_pkcs11.so")

        pk = Engine.Engine("pkcs11")
        pk.ctrl_cmd_string("MODULE_PATH", "/usr/lib/libeTPkcs11.so")
        ret = pk.init()

        print "Loading certificate DeRoberto"
        cert = e.load_certificate("30354530383037334131344144353636")
        print "Loading key ..."
        key = e.load_private_key("30354530383037334131344144353636", "indicate#2011")

	ctx = SSL.Context("sslv23")
        ctx.set_cipher_list("HIGH:!aNULL:!eNULL:@STRENGTH")
        ctx.set_session_id_ctx("foobar")
        m2.ssl_ctx_use_x509(ctx.ctx, cert.x509)
        m2.ssl_ctx_use_pkey_privkey(ctx.ctx, key.pkey)

	class SmartRedirectHandler(m2urllib2.HTTPRedirectHandler):
                def http_error_302(self, req, fp, code, msg, headers):
                        redirect = headers['Location']
                        return redirect

        opener = m2urllib2.build_opener(ctx, SmartRedirectHandler())
	return opener
Ejemplo n.º 2
0
 def __init__(self, certfile, keyfile=None):
     """Set up an SSL Context based on the certificate and key file passed
     """
     ctx = self.secure_init(certfile, keyfile)
     opener = m2urllib2.build_opener(ctx, urllib2.HTTPCookieProcessor())
     urllib2.install_opener(opener)
     
     self.install_ndg_client(certfile, keyfile)
Ejemplo n.º 3
0
def installOpener():
    def verifyCallback(preVerifyOK, x509StoreCtx):
        '''callback function used to control the behaviour when the 
        SSL_VERIFY_PEER flag is set
        
        http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html
        
        @type preVerifyOK: int
        @param preVerifyOK: If a verification error is found, this parameter 
        will be set to 0
        @type x509StoreCtx: M2Crypto.X509_Store_Context
        @param x509StoreCtx: locate the certificate to be verified and perform 
        additional verification steps as needed
        @rtype: int
        @return: controls the strategy of the further verification process. 
        - If verify_callback returns 0, the verification process is immediately 
        stopped with "verification failed" state. If SSL_VERIFY_PEER is set, 
        a verification failure alert is sent to the peer and the TLS/SSL 
        handshake is terminated. 
        - If verify_callback returns 1, the verification process is continued. 
        If verify_callback always returns 1, the TLS/SSL handshake will not be 
        terminated with respect to verification failures and the connection 
        will be established. The calling process can however retrieve the error
        code of the last verification error using SSL_get_verify_result(3) or 
        by maintaining its own error storage managed by verify_callback.
        '''
        if preVerifyOK == 0:
            # Something is wrong with the certificate don't bother proceeding
            # any further
            return preVerifyOK
        
        x509Cert = x509StoreCtx.get_current_cert()
        x509Cert.get_subject()
        x509CertChain = x509StoreCtx.get1_chain()
        for cert in x509CertChain:
            subject = cert.get_subject()
            dn = subject.as_text()
            print dn
            
        # If all is OK preVerifyOK will be 1.  Return this to the caller to
        # that it's OK to proceed
        return preVerifyOK
        
    ctx = SSL.Context()

    caDirPath = '../ndg.security.test/ndg/security/test/config/ca'
    ctx.set_verify(SSL.verify_peer|SSL.verify_fail_if_no_peer_cert, 
                   9, 
                   callback=verifyCallback)
#    ctx.set_verify(SSL.verify_peer|SSL.verify_fail_if_no_peer_cert, 1)

    ctx.load_verify_locations(capath=caDirPath)
#    ctx.load_cert(certFilePath, 
#                  keyfile=priKeyFilePath, 
#                  callback=lambda *arg, **kw: priKeyPwd)

    from M2Crypto.m2urllib2 import build_opener
    urllib2.install_opener(build_opener(ssl_context=ctx))
Ejemplo n.º 4
0
	def __init__(self, user, password):

		ctx = SSL.Context('sslv3')

		self.params = urllib.urlencode(dict(i_Login = user, i_Senha = password))
		self.opener = m2urllib2.build_opener(ctx, urllib2.HTTPCookieProcessor())
		urllib2.install_opener(self.opener)

		# Cria Cookie
		f = self.opener.open('https://memphis.ulbranet.com.br/pls/ulbra24/AAmain.login', None, self.txheaders)
		f.close()
Ejemplo n.º 5
0
 def test_urllib2_leak(self):
     pid = self.start_server(self.args)
     try:
         import gc
         o = m2urllib2.build_opener()
         r = o.open('https://%s:%s/' % (srv_host, self.srv_port))
         s = [r.fp._sock.fp]
         r.close()
         self.assertEqual(len(gc.get_referrers(s[0])), 1)
     finally:
         self.stop_server(pid)
Ejemplo n.º 6
0
 def test_urllib2(self):
     pid = self.start_server(self.args)
     try:
         opener = m2urllib2.build_opener()
         opener.addheaders = [('Connection', 'close')]
         u = opener.open('https://%s:%s/' % (srv_host, self.srv_port))
         data = u.read()
         u.close()
     finally:
         self.stop_server(pid)
     self.assertIn(b's_server -quiet -www', data)
Ejemplo n.º 7
0
 def test_transfer_encoding_chunked(self):
     pid = self.start_server(self.args)
     try:
         url = 'https://%s:%s/te_chunked_response.txt' % (srv_host,
                                                          self.srv_port)
         o = m2urllib2.build_opener()
         u = o.open(url)
         data = u.read()
         self.assertEqual(b'foo\nfoobar\n', data)
     finally:
         self.stop_server(pid)
Ejemplo n.º 8
0
 def test_transfer_encoding_chunked(self):
     pid = self.start_server(self.args)
     try:
         url = 'https://%s:%s/te_chunked_response.txt' % (srv_host,
                                                          self.srv_port)
         o = m2urllib2.build_opener()
         u = o.open(url)
         data = u.read()
         self.assertEqual(b'foo\nfoobar\n', data)
     finally:
         self.stop_server(pid)
Ejemplo n.º 9
0
 def test_urllib2(self):
     pid = self.start_server(self.args)
     try:
         opener = m2urllib2.build_opener()
         opener.addheaders = [('Connection', 'close')]
         u = opener.open('https://%s:%s/' % (srv_host, self.srv_port))
         data = u.read()
         u.close()
     finally:
         self.stop_server(pid)
     self.assertIn(b's_server -quiet -www', data)
Ejemplo n.º 10
0
 def test_urllib2(self):
     pid = self.start_server(self.args)
     try:
         from M2Crypto import m2urllib2
         opener = m2urllib2.build_opener()
         opener.addheaders = [('Connection', 'close')]
         u = opener.open('https://%s:%s/' % (srv_host, srv_port))
         data = u.read()
         u.close()
     finally:
         self.stop_server(pid)
     self.failIf(string.find(data, 's_server -quiet -www') == -1)
Ejemplo n.º 11
0
 def test_urllib2_leak(self):
     pid = self.start_server(self.args)
     try:
         import gc
         from M2Crypto import m2urllib2
         o = m2urllib2.build_opener()
         r = o.open('https://%s:%s/' % (srv_host, self.srv_port))
         s = [r.fp._sock.fp]
         r.close()
         self.assertEqual(len(gc.get_referrers(s[0])), 1)
     finally:
         self.stop_server(pid)
Ejemplo n.º 12
0
 def test_urllib2(self):
     pid = self.start_server(self.args)
     try:
         from M2Crypto import m2urllib2
         opener = m2urllib2.build_opener()
         opener.addheaders = [('Connection', 'close')]
         u = opener.open('https://%s:%s/' % (srv_host, self.srv_port))
         data = u.read()
         u.close()
     finally:
         self.stop_server(pid)
     self.failIf(string.find(data, 's_server -quiet -www') == -1)
Ejemplo n.º 13
0
 def test_urllib2_leak(self):
     pid = self.start_server(self.args)
     try:
         o = m2urllib2.build_opener()
         r = o.open('https://%s:%s/' % (srv_host, self.srv_port))
         s = [r.fp._sock.fp]
         r.close()
         # TODO This should be assertEqual 1, but we leak sock
         # somehwere. Not sure how to fix it.
         log.debug('get_referrers = %d', len(gc.get_referrers(s[0])))
         self.assertLessEqual(len(gc.get_referrers(s[0])), 2)
     finally:
         self.stop_server(pid)
Ejemplo n.º 14
0
 def test_urllib2_secure_context_fail(self):
     pid = self.start_server(self.args)
     try:
         ctx = SSL.Context()
         ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9)
         ctx.load_verify_locations('test/server.pem')
         
         from M2Crypto import m2urllib2
         opener = m2urllib2.build_opener(ctx)
         opener.addheaders = [('Connection', 'close')]
         self.assertRaises(SSL.SSLError, opener.open, 'https://%s:%s/' % (srv_host, srv_port))
     finally:
         self.stop_server(pid)
Ejemplo n.º 15
0
 def test_urllib2_leak(self):
     pid = self.start_server(self.args)
     try:
         o = m2urllib2.build_opener()
         r = o.open('https://%s:%s/' % (srv_host, self.srv_port))
         s = [r.fp._sock.fp]
         r.close()
         # TODO This should be assertEqual 1, but we leak sock
         # somehwere. Not sure how to fix it.
         log.debug('get_referrers = %d', len(gc.get_referrers(s[0])))
         self.assertLessEqual(len(gc.get_referrers(s[0])), 2)
     finally:
         self.stop_server(pid)
Ejemplo n.º 16
0
 def test_urllib2_secure_context_fail(self):
     pid = self.start_server(self.args)
     try:
         ctx = SSL.Context()
         ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9)
         ctx.load_verify_locations('tests/server.pem')
         
         from M2Crypto import m2urllib2
         opener = m2urllib2.build_opener(ctx)
         opener.addheaders = [('Connection', 'close')]
         self.assertRaises(SSL.SSLError, opener.open, 'https://%s:%s/' % (srv_host, self.srv_port))
     finally:
         self.stop_server(pid)
Ejemplo n.º 17
0
        def test_z_urllib2_opener(self):
            pid = self.start_server(self.args)
            try:
                ctx = SSL.Context()

                from M2Crypto import m2urllib2
                opener = m2urllib2.build_opener(ctx, m2urllib2.HTTPBasicAuthHandler())
                m2urllib2.install_opener(opener)
                req = m2urllib2.Request('https://%s:%s/' % (srv_host, srv_port))
                u = m2urllib2.urlopen(req)
                data = u.read()
                u.close()
            finally:
                self.stop_server(pid)
            self.failIf(string.find(data, 's_server -quiet -www') == -1)
Ejemplo n.º 18
0
        def test_z_urllib2_opener(self):
            pid = self.start_server(self.args)
            try:
                ctx = SSL.Context()

                from M2Crypto import m2urllib2
                opener = m2urllib2.build_opener(ctx, m2urllib2.HTTPBasicAuthHandler())
                m2urllib2.install_opener(opener)
                req = m2urllib2.Request('https://%s:%s/' % (srv_host, self.srv_port))
                u = m2urllib2.urlopen(req)
                data = u.read()
                u.close()
            finally:
                self.stop_server(pid)
            self.failIf(string.find(data, 's_server -quiet -www') == -1)
Ejemplo n.º 19
0
    def __init__(self, url, version=2):
        """
        Create a Gallery for remote access.
        url - base address of the gallery
        version - version of the gallery being connected to (default 2),
                  either 1 for Gallery1 or 2 for Gallery2
        
        gallery-uploader is able to cope with secured connections, thanks to
        M2Crypto. It won't catch any exception, though: handling i.e. unverified
        certificates is entirely left to higher level applications, which must
        hence be ready to catch M2Crypto exceptions.
        Moreover, gallery-uploader works fine (only emits a warning) also if
        M2Crypto is not available, and in that case connections will NOT be
        secure! If you want to avoid this risk, you can simply assert
        gallery.M2CRYPTO_AVAILABLE .
        """
        self.version = version # Gallery1 or Gallery2
        if version == 1:
            self.url = url + '/gallery_remote2.php'
        else:
            # default to G2
            self.url = url + '/main.php'
        
        # Until proven otherwise:
        self.secured = False
        
        if self.url.startswith( 'https://' ):
            if M2CRYPTO_AVAILABLE:
                self.secured = True
            else:
                print "WARNING: M2Crypto missing, gallery-uploader connections will not be secure!"
        
        self.cookiejar = cookielib.CookieJar()
        
        if self.secured:
            self.ssl_context = SSL.Context()
            self.ssl_context.load_verify_info( capath=CA_SYSTEM_DIR )
            self.ssl_context.set_verify( SSL.verify_peer |
                                         SSL.verify_fail_if_no_peer_cert |
                                         SSL.verify_client_once, 20 )
            self.opener = m2urllib2.build_opener( self.ssl_context, urllib2.HTTPCookieProcessor(self.cookiejar) )
        else:
            self.opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(self.cookiejar))

            
        self.logged_in = 0
        self.protocol_version = '2.5'
        self.auth_token = ''
Ejemplo n.º 20
0
 def test_urllib2_secure_context(self):
     pid = self.start_server(self.args)
     try:
         ctx = SSL.Context()
         ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9)
         ctx.load_verify_locations('tests/ca.pem')
         
         from M2Crypto import m2urllib2
         opener = m2urllib2.build_opener(ctx)
         opener.addheaders = [('Connection', 'close')]           
         u = opener.open('https://%s:%s/' % (srv_host, self.srv_port))
         data = u.read()
         u.close()
     finally:
         self.stop_server(pid)
     self.failIf(string.find(data, 's_server -quiet -www') == -1)
Ejemplo n.º 21
0
    def test_z_urllib2_opener(self):
        pid = self.start_server(self.args)
        try:
            ctx = SSL.Context()

            opener = m2urllib2.build_opener(
                ctx, m2urllib2.HTTPBasicAuthHandler())
            m2urllib2.install_opener(opener)
            req = m2urllib2.Request('https://%s:%s/' %
                                    (srv_host, self.srv_port))
            u = m2urllib2.urlopen(req)
            data = u.read()
            u.close()
        finally:
            self.stop_server(pid)
        self.assertIn(b's_server -quiet -www', data)
Ejemplo n.º 22
0
    def test_z_urllib2_opener(self):
        pid = self.start_server(self.args)
        try:
            ctx = SSL.Context()

            opener = m2urllib2.build_opener(
                ctx, m2urllib2.HTTPBasicAuthHandler())
            m2urllib2.install_opener(opener)
            req = m2urllib2.Request('https://%s:%s/' %
                                    (srv_host, self.srv_port))
            u = m2urllib2.urlopen(req)
            data = u.read()
            u.close()
        finally:
            self.stop_server(pid)
        self.assertIn(b's_server -quiet -www', data)
Ejemplo n.º 23
0
 def test_urllib2_secure_context(self):
     pid = self.start_server(self.args)
     try:
         ctx = SSL.Context()
         ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9)
         ctx.load_verify_locations('test/ca.pem')
         
         from M2Crypto import m2urllib2
         opener = m2urllib2.build_opener(ctx)
         opener.addheaders = [('Connection', 'close')]           
         u = opener.open('https://%s:%s/' % (srv_host, srv_port))
         data = u.read()
         u.close()
     finally:
         self.stop_server(pid)
     self.failIf(string.find(data, 's_server -quiet -www') == -1)
Ejemplo n.º 24
0
def usage1():
    context = Context();
    context.set_allow_unknown_ca(False)

    # add client site certificate and private key
    # to support Client verification
    context.load_cert(certfile='cert.pem', keyfile='key.pem')

    # add server site trusted CA certifications
    # to support server verification
    context.load_verify_info(capath='./')
    opener = m2urllib2.build_opener(context)
    response = opener.open("https://sjmcm1csa2/")

    print 'html: ', response.read()
    print 'info: ', response.info()
    print 'url: ', response.geturl()
Ejemplo n.º 25
0
    def __init__(self, idpConfigFilePath=None, installOpener=False):
        if _M2CRYPTO_NOT_INSTALLED:
            raise ImportError("M2Crypto is required for SSL-based IdP "
                              "validation but it is not installed.")

        super(SSLIdPValidationDriver, self).__init__()
        
        # Context object determines what validation is applied against the
        # peer's certificate in the SSL connection
        self.ctx = SSL.Context()
        
        # Enforce peer cert checking via this classes' __call__ method
        self.ctx.set_verify(SSL.verify_peer|SSL.verify_fail_if_no_peer_cert, 
                            9, 
                            callback=self)

        if installOpener:
            urllib2.install_opener(build_opener(ssl_context=self.ctx))
        
        if idpConfigFilePath is not None:
            self.idPValidators += \
                self.readConfig(idpConfigFilePath=idpConfigFilePath)
            
        log.info("%d IdPValidator(s) initialised", len(self.idPValidators))
Ejemplo n.º 26
0
    def __init__(self, idpConfigFilePath=None, installOpener=False):
        if _M2CRYPTO_NOT_INSTALLED:
            raise ImportError("M2Crypto is required for SSL-based IdP "
                              "validation but it is not installed.")

        super(SSLIdPValidationDriver, self).__init__()

        # Context object determines what validation is applied against the
        # peer's certificate in the SSL connection
        self.ctx = SSL.Context()

        # Enforce peer cert checking via this classes' __call__ method
        self.ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert,
                            9,
                            callback=self)

        if installOpener:
            urllib2.install_opener(build_opener(ssl_context=self.ctx))

        if idpConfigFilePath is not None:
            self.idPValidators += \
                self.readConfig(idpConfigFilePath=idpConfigFilePath)

        log.info("%d IdPValidator(s) initialised", len(self.idPValidators))
Ejemplo n.º 27
0
    'passwordTextField': login_data['password'],
    'success'          : 'https://login.m.o2online.de/ndm/?url=o2activehome&',
    'id13_hf_0'        : ''
}

login_data_encoded = m2urllib.urlencode(login_form_data)

ctx = SSL.Context()

# If you comment out the next 2 lines, the connection won't be secure
ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, depth=9)
ctx.load_verify_locations(O2_SSL_CERTIFICATE)
c = SSL.Connection(ctx)

cj = cookielib.CookieJar()
opener = m2urllib2.build_opener(ctx, m2urllib2.HTTPCookieProcessor(cj))
m2urllib2.install_opener(opener)

print "processing"
try:
    ctx.load_verify_locations(O2_SSL_CERTIFICATE)
    # login
    resp = opener.open(O2_LOGIN, login_data_encoded)
    ctx.load_verify_locations(O2_SSL_CERTIFICATE)

    # go to billing page
    resp = opener.open('http://m.o2online.de/vertrag/rechnung/aktuelle-rechnung')
    last_respone = resp.read();

    print "get billing page"
Ejemplo n.º 28
0
def usage():
    opener = m2urllib2.build_opener()
    response = opener.open('www.google.com')
    print 'html: ', response.read()
    print 'info: ', response.info()
    print 'url: ', response.geturl()
Ejemplo n.º 29
0
    def test_urllib2_opener_handlers(self):
        ctx = SSL.Context()

        m2urllib2.build_opener(ctx, m2urllib2.HTTPBasicAuthHandler())
Ejemplo n.º 30
0
    def test_urllib2_opener_handlers(self):
        ctx = SSL.Context()

        from M2Crypto import m2urllib2
        m2urllib2.build_opener(ctx, m2urllib2.HTTPBasicAuthHandler())
Ejemplo n.º 31
0
def _build_opener(apiurl):
    from osc.core import __version__
    global config

    class OscHTTPBasicAuthHandler(HTTPBasicAuthHandler, object):
        # python2: inherit from object in order to make it a new-style class
        # (HTTPBasicAuthHandler is not a new-style class)
        def _rewind_request(self, req):
            if hasattr(req.data, 'seek'):
                # if the request is issued again (this time with an
                # Authorization header), the file's offset has to be
                # repositioned to the beginning of the file (otherwise,
                # a 0-length body is sent which most likely does not match
                # the Content-Length header (if present))
                req.data.seek(0)

        def retry_http_basic_auth(self, host, req, realm):
            self._rewind_request(req)
            return super(self.__class__,
                         self).retry_http_basic_auth(host, req, realm)

    if 'last_opener' not in _build_opener.__dict__:
        _build_opener.last_opener = (None, None)
    if apiurl == _build_opener.last_opener[0]:
        return _build_opener.last_opener[1]

    # respect no_proxy env variable
    if proxy_bypass(apiurl):
        # initialize with empty dict
        proxyhandler = ProxyHandler({})
    else:
        # read proxies from env
        proxyhandler = ProxyHandler()

    authhandler_class = OscHTTPBasicAuthHandler
    # workaround for http://bugs.python.org/issue9639
    if sys.version_info >= (2, 6, 6) and sys.version_info < (2, 7, 9):

        class OscHTTPBasicAuthHandlerCompat(OscHTTPBasicAuthHandler):
            # The following two functions were backported from upstream 2.7.
            def http_error_auth_reqed(self, authreq, host, req, headers):
                authreq = headers.get(authreq, None)

                if authreq:
                    mo = AbstractBasicAuthHandler.rx.search(authreq)
                    if mo:
                        scheme, quote, realm = mo.groups()
                        if quote not in ['"', "'"]:
                            warnings.warn("Basic Auth Realm was unquoted",
                                          UserWarning, 2)
                        if scheme.lower() == 'basic':
                            return self.retry_http_basic_auth(host, req, realm)

            def retry_http_basic_auth(self, host, req, realm):
                self._rewind_request(req)
                user, pw = self.passwd.find_user_password(realm, host)
                if pw is not None:
                    raw = "%s:%s" % (user, pw)
                    auth = 'Basic %s' % base64.b64encode(raw).strip()
                    if req.get_header(self.auth_header, None) == auth:
                        return None
                    req.add_unredirected_header(self.auth_header, auth)
                    return self.parent.open(req, timeout=req.timeout)
                else:
                    return None

        authhandler_class = OscHTTPBasicAuthHandlerCompat

    options = config['api_host_options'][apiurl]
    # with None as first argument, it will always use this username/password
    # combination for urls for which arg2 (apisrv) is a super-url
    authhandler = authhandler_class( \
        HTTPPasswordMgrWithDefaultRealm())
    authhandler.add_password(None, apiurl, options['user'], options['pass'])

    if options['sslcertck']:
        try:
            from . import oscssl
            from M2Crypto import m2urllib2
        except ImportError as e:
            print(e)
            raise NoSecureSSLError(
                'M2Crypto is needed to access %s in a secure way.\nPlease install python-m2crypto.'
                % apiurl)

        cafile = options.get('cafile', None)
        capath = options.get('capath', None)
        if not cafile and not capath:
            for i in ['/etc/pki/tls/cert.pem', '/etc/ssl/certs']:
                if os.path.isfile(i):
                    cafile = i
                    break
                elif os.path.isdir(i):
                    capath = i
                    break
        if not cafile and not capath:
            raise oscerr.OscIOError(
                None,
                'No CA certificates found. (You may want to install ca-certificates-mozilla package)'
            )
        ctx = oscssl.mySSLContext()
        if ctx.load_verify_locations(capath=capath, cafile=cafile) != 1:
            raise oscerr.OscIOError(
                None,
                'No CA certificates found. (You may want to install ca-certificates-mozilla package)'
            )
        opener = m2urllib2.build_opener(
            ctx, oscssl.myHTTPSHandler(ssl_context=ctx, appname='osc'),
            HTTPCookieProcessor(cookiejar), authhandler, proxyhandler)
    else:
        handlers = [HTTPCookieProcessor(cookiejar), authhandler, proxyhandler]
        try:
            # disable ssl cert check in python >= 2.7.9
            ctx = ssl._create_unverified_context()
            handlers.append(HTTPSHandler(context=ctx))
        except AttributeError:
            pass
        print(
            "WARNING: SSL certificate checks disabled. Connection is insecure!\n",
            file=sys.stderr)
        opener = build_opener(*handlers)
    opener.addheaders = [('User-agent', 'osc/%s' % __version__)]
    _build_opener.last_opener = (apiurl, opener)
    return opener
Ejemplo n.º 32
0
Archivo: conf.py Proyecto: cav71/osc
def _build_opener(apiurl):
    from osc.core import __version__
    global config
    if 'last_opener' not in _build_opener.__dict__:
        _build_opener.last_opener = (None, None)
    if apiurl == _build_opener.last_opener[0]:
        return _build_opener.last_opener[1]

    # respect no_proxy env variable
    if proxy_bypass(apiurl):
        # initialize with empty dict
        proxyhandler = ProxyHandler({})
    else:
        # read proxies from env
        proxyhandler = ProxyHandler()

    # workaround for http://bugs.python.org/issue9639
    authhandler_class = HTTPBasicAuthHandler
    if sys.version_info >= (2, 6, 6) and sys.version_info < (2, 7, 1) \
        and not 'reset_retry_count' in dir(HTTPBasicAuthHandler):
        print('warning: your urllib2 version seems to be broken. ' \
            'Using a workaround for http://bugs.python.org/issue9639', file=sys.stderr)

        class OscHTTPBasicAuthHandler(HTTPBasicAuthHandler):
            def http_error_401(self, *args):
                response = HTTPBasicAuthHandler.http_error_401(self, *args)
                self.retried = 0
                return response

            def http_error_404(self, *args):
                self.retried = 0
                return None

        authhandler_class = OscHTTPBasicAuthHandler
    elif sys.version_info >= (2, 6, 6) and sys.version_info < (2, 7, 1):
        class OscHTTPBasicAuthHandler(HTTPBasicAuthHandler):
            def http_error_404(self, *args):
                self.reset_retry_count()
                return None

        authhandler_class = OscHTTPBasicAuthHandler
    elif sys.version_info >= (2, 6, 5) and sys.version_info < (2, 6, 6):
        # workaround for broken urllib2 in python 2.6.5: wrong credentials
        # lead to an infinite recursion
        class OscHTTPBasicAuthHandler(HTTPBasicAuthHandler):
            def retry_http_basic_auth(self, host, req, realm):
                # don't retry if auth failed
                if req.get_header(self.auth_header, None) is not None:
                    return None
                return HTTPBasicAuthHandler.retry_http_basic_auth(self, host, req, realm)

        authhandler_class = OscHTTPBasicAuthHandler

    options = config['api_host_options'][apiurl]
    # with None as first argument, it will always use this username/password
    # combination for urls for which arg2 (apisrv) is a super-url
    authhandler = authhandler_class( \
        HTTPPasswordMgrWithDefaultRealm())
    authhandler.add_password(None, apiurl, options['user'], options['pass'])

    if options['sslcertck']:
        try:
            from . import oscssl
            from M2Crypto import m2urllib2
        except ImportError as e:
            print(e)
            raise NoSecureSSLError('M2Crypto is needed to access %s in a secure way.\nPlease install python-m2crypto.' % apiurl)

        cafile = options.get('cafile', None)
        capath = options.get('capath', None)
        if not cafile and not capath:
            for i in ['/etc/pki/tls/cert.pem', '/etc/ssl/certs']:
                if os.path.isfile(i):
                    cafile = i
                    break
                elif os.path.isdir(i):
                    capath = i
                    break
        if not cafile and not capath:
            raise oscerr.OscIOError(None, 'No CA certificates found')
        ctx = oscssl.mySSLContext()
        if ctx.load_verify_locations(capath=capath, cafile=cafile) != 1:
            raise oscerr.OscIOError(None, 'No CA certificates found')
        opener = m2urllib2.build_opener(ctx, oscssl.myHTTPSHandler(ssl_context=ctx, appname='osc'), HTTPCookieProcessor(cookiejar), authhandler, proxyhandler)
    else:
        handlers = [HTTPCookieProcessor(cookiejar), authhandler, proxyhandler]
        try:
            # disable ssl cert check in python >= 2.7.9
            ctx = ssl._create_unverified_context()
            handlers.append(HTTPSHandler(context=ctx))
        except AttributeError:
            pass
        print("WARNING: SSL certificate checks disabled. Connection is insecure!\n", file=sys.stderr)
        opener = build_opener(*handlers)
    opener.addheaders = [('User-agent', 'osc/%s' % __version__)]
    _build_opener.last_opener = (apiurl, opener)
    return opener
Ejemplo n.º 33
0
    def test_urllib2_opener_handlers(self):
        ctx = SSL.Context()

        m2urllib2.build_opener(ctx, m2urllib2.HTTPBasicAuthHandler())
Ejemplo n.º 34
0
        def test_urllib2_opener_handlers(self):
            ctx = SSL.Context()

            from M2Crypto import m2urllib2
            opener = m2urllib2.build_opener(ctx,
                                            m2urllib2.HTTPBasicAuthHandler())
Ejemplo n.º 35
0
 def create_opener(self, *handlers):
     return m2urllib2.build_opener(self.ssl_context, *handlers)
Ejemplo n.º 36
0
 def create_opener(self, *handlers):
     return m2urllib2.build_opener(self.ssl_context, *handlers)
Ejemplo n.º 37
0
def _build_opener(apiurl):
    from osc.core import __version__
    global config
    if 'last_opener' not in _build_opener.__dict__:
        _build_opener.last_opener = (None, None)
    if apiurl == _build_opener.last_opener[0]:
        return _build_opener.last_opener[1]

    # respect no_proxy env variable
    if proxy_bypass(apiurl):
        # initialize with empty dict
        proxyhandler = ProxyHandler({})
    else:
        # read proxies from env
        proxyhandler = ProxyHandler()

    # workaround for http://bugs.python.org/issue9639
    authhandler_class = HTTPBasicAuthHandler
    if sys.version_info >= (2, 6, 6) and sys.version_info < (2, 7, 9):
        class OscHTTPBasicAuthHandler(HTTPBasicAuthHandler):
            # The following two functions were backported from upstream 2.7.
            def http_error_auth_reqed(self, authreq, host, req, headers):
                authreq = headers.get(authreq, None)

                if authreq:
                    mo = AbstractBasicAuthHandler.rx.search(authreq)
                    if mo:
                        scheme, quote, realm = mo.groups()
                        if quote not in ['"', "'"]:
                            warnings.warn("Basic Auth Realm was unquoted",
                                          UserWarning, 2)
                        if scheme.lower() == 'basic':
                            return self.retry_http_basic_auth(host, req, realm)

            def retry_http_basic_auth(self, host, req, realm):
                user, pw = self.passwd.find_user_password(realm, host)
                if pw is not None:
                    raw = "%s:%s" % (user, pw)
                    auth = 'Basic %s' % base64.b64encode(raw).strip()
                    if req.get_header(self.auth_header, None) == auth:
                        return None
                    req.add_unredirected_header(self.auth_header, auth)
                    return self.parent.open(req, timeout=req.timeout)
                else:
                    return None

        authhandler_class = OscHTTPBasicAuthHandler

    options = config['api_host_options'][apiurl]
    # with None as first argument, it will always use this username/password
    # combination for urls for which arg2 (apisrv) is a super-url
    authhandler = authhandler_class( \
        HTTPPasswordMgrWithDefaultRealm())
    authhandler.add_password(None, apiurl, options['user'], options['pass'])

    if options['sslcertck']:
        try:
            from . import oscssl
            from M2Crypto import m2urllib2
        except ImportError as e:
            print(e)
            raise NoSecureSSLError('M2Crypto is needed to access %s in a secure way.\nPlease install python-m2crypto.' % apiurl)

        cafile = options.get('cafile', None)
        capath = options.get('capath', None)
        if not cafile and not capath:
            for i in ['/etc/pki/tls/cert.pem', '/etc/ssl/certs']:
                if os.path.isfile(i):
                    cafile = i
                    break
                elif os.path.isdir(i):
                    capath = i
                    break
        if not cafile and not capath:
            raise oscerr.OscIOError(None, 'No CA certificates found. (You may want to install ca-certificates-mozilla package)')
        ctx = oscssl.mySSLContext()
        if ctx.load_verify_locations(capath=capath, cafile=cafile) != 1:
            raise oscerr.OscIOError(None, 'No CA certificates found. (You may want to install ca-certificates-mozilla package)')
        opener = m2urllib2.build_opener(ctx, oscssl.myHTTPSHandler(ssl_context=ctx, appname='osc'), HTTPCookieProcessor(cookiejar), authhandler, proxyhandler)
    else:
        handlers = [HTTPCookieProcessor(cookiejar), authhandler, proxyhandler]
        try:
            # disable ssl cert check in python >= 2.7.9
            ctx = ssl._create_unverified_context()
            handlers.append(HTTPSHandler(context=ctx))
        except AttributeError:
            pass
        print("WARNING: SSL certificate checks disabled. Connection is insecure!\n", file=sys.stderr)
        opener = build_opener(*handlers)
    opener.addheaders = [('User-agent', 'osc/%s' % __version__)]
    _build_opener.last_opener = (apiurl, opener)
    return opener
Ejemplo n.º 38
0
def _build_opener(apiurl):
    from osc.core import __version__
    global config
    if 'last_opener' not in _build_opener.__dict__:
        _build_opener.last_opener = (None, None)
    if apiurl == _build_opener.last_opener[0]:
        return _build_opener.last_opener[1]

    # respect no_proxy env variable
    if proxy_bypass(apiurl):
        # initialize with empty dict
        proxyhandler = ProxyHandler({})
    else:
        # read proxies from env
        proxyhandler = ProxyHandler()

    # workaround for http://bugs.python.org/issue9639
    authhandler_class = HTTPBasicAuthHandler
    if sys.version_info >= (2, 6, 6) and sys.version_info < (2, 7, 1) \
        and not 'reset_retry_count' in dir(HTTPBasicAuthHandler):
        print('warning: your urllib2 version seems to be broken. ' \
            'Using a workaround for http://bugs.python.org/issue9639', file=sys.stderr)

        class OscHTTPBasicAuthHandler(HTTPBasicAuthHandler):
            def http_error_401(self, *args):
                response = HTTPBasicAuthHandler.http_error_401(self, *args)
                self.retried = 0
                return response

            def http_error_404(self, *args):
                self.retried = 0
                return None

        authhandler_class = OscHTTPBasicAuthHandler
    elif sys.version_info >= (2, 6, 6) and sys.version_info < (2, 7, 1):

        class OscHTTPBasicAuthHandler(HTTPBasicAuthHandler):
            def http_error_404(self, *args):
                self.reset_retry_count()
                return None

        authhandler_class = OscHTTPBasicAuthHandler
    elif sys.version_info >= (2, 6, 5) and sys.version_info < (2, 6, 6):
        # workaround for broken urllib2 in python 2.6.5: wrong credentials
        # lead to an infinite recursion
        class OscHTTPBasicAuthHandler(HTTPBasicAuthHandler):
            def retry_http_basic_auth(self, host, req, realm):
                # don't retry if auth failed
                if req.get_header(self.auth_header, None) is not None:
                    return None
                return HTTPBasicAuthHandler.retry_http_basic_auth(
                    self, host, req, realm)

        authhandler_class = OscHTTPBasicAuthHandler

    options = config['api_host_options'][apiurl]
    # with None as first argument, it will always use this username/password
    # combination for urls for which arg2 (apisrv) is a super-url
    authhandler = authhandler_class( \
        HTTPPasswordMgrWithDefaultRealm())
    authhandler.add_password(None, apiurl, options['user'], options['pass'])

    if options['sslcertck']:
        try:
            from . import oscssl
            from M2Crypto import m2urllib2
        except ImportError as e:
            print(e)
            raise NoSecureSSLError(
                'M2Crypto is needed to access %s in a secure way.\nPlease install python-m2crypto.'
                % apiurl)

        cafile = options.get('cafile', None)
        capath = options.get('capath', None)
        if not cafile and not capath:
            for i in ['/etc/pki/tls/cert.pem', '/etc/ssl/certs']:
                if os.path.isfile(i):
                    cafile = i
                    break
                elif os.path.isdir(i):
                    capath = i
                    break
        if not cafile and not capath:
            raise oscerr.OscIOError(None, 'No CA certificates found')
        ctx = oscssl.mySSLContext()
        if ctx.load_verify_locations(capath=capath, cafile=cafile) != 1:
            raise oscerr.OscIOError(None, 'No CA certificates found')
        opener = m2urllib2.build_opener(
            ctx, oscssl.myHTTPSHandler(ssl_context=ctx, appname='osc'),
            HTTPCookieProcessor(cookiejar), authhandler, proxyhandler)
    else:
        handlers = [HTTPCookieProcessor(cookiejar), authhandler, proxyhandler]
        try:
            # disable ssl cert check in python >= 2.7.9
            ctx = ssl._create_unverified_context()
            handlers.append(HTTPSHandler(context=ctx))
        except AttributeError:
            pass
        print(
            "WARNING: SSL certificate checks disabled. Connection is insecure!\n",
            file=sys.stderr)
        opener = build_opener(*handlers)
    opener.addheaders = [('User-agent', 'osc/%s' % __version__)]
    _build_opener.last_opener = (apiurl, opener)
    return opener
Ejemplo n.º 39
0
Archivo: conf.py Proyecto: myMeow/osc
def _build_opener(url):
    from osc.core import __version__

    global config
    apiurl = urljoin(*parse_apisrv_url(None, url))
    if "last_opener" not in _build_opener.__dict__:
        _build_opener.last_opener = (None, None)
    if apiurl == _build_opener.last_opener[0]:
        return _build_opener.last_opener[1]

    # respect no_proxy env variable
    if urllib.proxy_bypass(apiurl):
        # initialize with empty dict
        proxyhandler = urllib2.ProxyHandler({})
    else:
        # read proxies from env
        proxyhandler = urllib2.ProxyHandler()

    # workaround for http://bugs.python.org/issue9639
    authhandler_class = urllib2.HTTPBasicAuthHandler
    if (
        sys.version_info >= (2, 6, 6)
        and sys.version_info < (2, 7, 1)
        and not "reset_retry_count" in dir(urllib2.HTTPBasicAuthHandler)
    ):
        print >> sys.stderr, "warning: your urllib2 version seems to be broken. " "Using a workaround for http://bugs.python.org/issue9639"

        class OscHTTPBasicAuthHandler(urllib2.HTTPBasicAuthHandler):
            def http_error_401(self, *args):
                response = urllib2.HTTPBasicAuthHandler.http_error_401(self, *args)
                self.retried = 0
                return response

            def http_error_404(self, *args):
                self.retried = 0
                return None

        authhandler_class = OscHTTPBasicAuthHandler
    elif sys.version_info >= (2, 6, 6) and sys.version_info < (2, 7, 1):

        class OscHTTPBasicAuthHandler(urllib2.HTTPBasicAuthHandler):
            def http_error_404(self, *args):
                self.reset_retry_count()
                return None

        authhandler_class = OscHTTPBasicAuthHandler
    elif sys.version_info >= (2, 6, 5) and sys.version_info < (2, 6, 6):
        # workaround for broken urllib2 in python 2.6.5: wrong credentials
        # lead to an infinite recursion
        class OscHTTPBasicAuthHandler(urllib2.HTTPBasicAuthHandler):
            def retry_http_basic_auth(self, host, req, realm):
                # don't retry if auth failed
                if req.get_header(self.auth_header, None) is not None:
                    return None
                return urllib2.HTTPBasicAuthHandler.retry_http_basic_auth(self, host, req, realm)

        authhandler_class = OscHTTPBasicAuthHandler

    options = config["api_host_options"][apiurl]
    # with None as first argument, it will always use this username/password
    # combination for urls for which arg2 (apisrv) is a super-url
    authhandler = authhandler_class(urllib2.HTTPPasswordMgrWithDefaultRealm())
    authhandler.add_password(None, apiurl, options["user"], options["pass"])

    if options["sslcertck"]:
        try:
            import oscssl
            from M2Crypto import m2urllib2
        except ImportError, e:
            print e
            raise NoSecureSSLError(
                "M2Crypto is needed to access %s in a secure way.\nPlease install python-m2crypto." % apiurl
            )

        cafile = options.get("cafile", None)
        capath = options.get("capath", None)
        if not cafile and not capath:
            for i in ["/etc/pki/tls/cert.pem", "/etc/ssl/certs"]:
                if os.path.isfile(i):
                    cafile = i
                    break
                elif os.path.isdir(i):
                    capath = i
                    break
        ctx = oscssl.mySSLContext()
        if ctx.load_verify_locations(capath=capath, cafile=cafile) != 1:
            raise Exception("No CA certificates found")
        opener = m2urllib2.build_opener(
            ctx,
            oscssl.myHTTPSHandler(ssl_context=ctx, appname="osc"),
            urllib2.HTTPCookieProcessor(cookiejar),
            authhandler,
            proxyhandler,
        )