Example #1
0
 def test_ssl_context_and_depreicated_values(self):
     try:
         ctx = create_ssl_context()
     except AttributeError:
         raise SkipTest("SSL Context not supported in this version of python")
     self.assertRaises(ImproperlyConfigured, Urllib3HttpConnection, ssl_context=ctx, use_ssl=True)
     self.assertRaises(ImproperlyConfigured, Urllib3HttpConnection, ssl_context=ctx, ca_certs="/some/path/to/cert.crt")
     self.assertRaises(ImproperlyConfigured, Urllib3HttpConnection, ssl_context=ctx, ssl_version=ssl.PROTOCOL_SSLv23)
Example #2
0
def test_ssl_context_is_correctly(event_loop):
    context = create_ssl_context(cafile="test_elasticsearch_async/ca.crt")
    connection = AIOHttpConnection(ssl_context=context, http_auth=('user', 'secret'), loop=event_loop)
    assert connection.session.connector._ssl.get_ca_certs() == [{
        'subject': ((('commonName', 'Elastic Certificate Tool Autogenerated CA'),),),
        'issuer': ((('commonName', 'Elastic Certificate Tool Autogenerated CA'),),),
        'version': 3,
        'serialNumber': 'C732AB792FAC34EB252EE2F03A316CD8CFE203B3',
        'notBefore': 'Aug 26 18:27:28 2017 GMT',
        'notAfter': 'Aug 25 18:27:28 2020 GMT'
    }]
Example #3
0
    def __init__(self,
                 host='localhost',
                 port=9200,
                 http_auth=None,
                 use_ssl=False,
                 verify_certs=False,
                 ca_certs=None,
                 client_cert=None,
                 client_key=None,
                 loop=None,
                 use_dns_cache=True,
                 headers=None,
                 ssl_context=None,
                 trace_config=None,
                 **kwargs):
        super().__init__(host=host, port=port, **kwargs)

        self.loop = asyncio.get_event_loop() if loop is None else loop

        if http_auth is not None:
            if isinstance(http_auth, str):
                http_auth = tuple(http_auth.split(':', 1))

            if isinstance(http_auth, (tuple, list)):
                http_auth = aiohttp.BasicAuth(*http_auth)

        headers = headers or {}
        headers.setdefault('content-type', 'application/json')

        # if providing an SSL context, raise error if any other SSL related flag is used
        if ssl_context and (verify_certs or ca_certs):
            raise ImproperlyConfigured(
                "When using `ssl_context`, `use_ssl`, `verify_certs`, `ca_certs` are not permitted"
            )

        if use_ssl or ssl_context:
            cafile = ca_certs
            if not cafile and not ssl_context and verify_certs:
                # If no ca_certs and no sslcontext passed and asking to verify certs
                # raise error
                raise ImproperlyConfigured(
                    "Root certificates are missing for certificate "
                    "validation. Either pass them in using the ca_certs parameter or "
                    "install certifi to use it automatically.")
            if verify_certs or ca_certs:
                warnings.warn(
                    'Use of `verify_certs`, `ca_certs` have been deprecated in favor of using SSLContext`',
                    DeprecationWarning)

            if not ssl_context:
                # if SSLContext hasn't been passed in, create one.
                # need to skip if sslContext isn't avail
                try:
                    ssl_context = create_ssl_context(cafile=cafile)
                except AttributeError:
                    ssl_context = None

                if not verify_certs and ssl_context is not None:
                    ssl_context.check_hostname = False
                    ssl_context.verify_mode = ssl.CERT_NONE
                    warnings.warn(
                        'Connecting to %s using SSL with verify_certs=False is insecure.'
                        % host)
            if ssl_context:
                verify_certs = True
                use_ssl = True

        trace_configs = [trace_config] if trace_config else None
        max_connections = max(256, kwargs.get("max_connections", 0))
        enable_cleanup_closed = kwargs.get("enable_cleanup_closed", False)
        self.session = aiohttp.ClientSession(
            auth=http_auth,
            timeout=self.timeout,
            connector=aiohttp.TCPConnector(
                loop=self.loop,
                verify_ssl=verify_certs,
                use_dns_cache=use_dns_cache,
                ssl_context=ssl_context,
                limit=max_connections,
                enable_cleanup_closed=enable_cleanup_closed),
            headers=headers,
            trace_configs=trace_configs,
            response_class=RawClientResponse)
        self.scheme = "https" if use_ssl else "http"
    def __init__(self, host='localhost', port=9200, http_auth=None,
            use_ssl=False, verify_certs=False, ca_certs=None, client_cert=None,
            client_key=None, loop=None, use_dns_cache=True, headers=None,
            ssl_context=None, **kwargs):
        super().__init__(host=host, port=port, **kwargs)

        self.loop = asyncio.get_event_loop() if loop is None else loop

        if http_auth is not None:
            if isinstance(http_auth, str):
                http_auth = tuple(http_auth.split(':', 1))

            if isinstance(http_auth, (tuple, list)):
                http_auth = aiohttp.BasicAuth(*http_auth)

        headers = headers or {}
        headers.setdefault('content-type', 'application/json')

        # if providing an SSL context, raise error if any other SSL related flag is used
        if ssl_context and (verify_certs or ca_certs):
            raise ImproperlyConfigured("When using `ssl_context`, `use_ssl`, `verify_certs`, `ca_certs` are not permitted")

        if use_ssl or ssl_context:
            cafile = ca_certs
            if not cafile and not ssl_context and verify_certs:
                # If no ca_certs and no sslcontext passed and asking to verify certs
                # raise error
                raise ImproperlyConfigured("Root certificates are missing for certificate "
                    "validation. Either pass them in using the ca_certs parameter or "
                    "install certifi to use it automatically.")
            if verify_certs or ca_certs:
                warnings.warn('Use of `verify_certs`, `ca_certs` have been deprecated in favor of using SSLContext`', DeprecationWarning)

            if not ssl_context:
                # if SSLContext hasn't been passed in, create one.
                # need to skip if sslContext isn't avail
                try:
                    ssl_context = create_ssl_context(cafile=cafile)
                except AttributeError:
                    ssl_context = None

                if not verify_certs and ssl_context is not None:
                    ssl_context.check_hostname = False
                    ssl_context.verify_mode = ssl.CERT_NONE
                    warnings.warn(
                        'Connecting to %s using SSL with verify_certs=False is insecure.' % host)
            if ssl_context:
                verify_certs = True
                use_ssl = True

        self.session = aiohttp.ClientSession(
            auth=http_auth,
            conn_timeout=self.timeout,
            connector=aiohttp.TCPConnector(
                loop=self.loop,
                verify_ssl=verify_certs,
                use_dns_cache=use_dns_cache,
                ssl_context=ssl_context,
            ),
            headers=headers
        )

        self.base_url = 'http%s://%s:%d%s' % (
            's' if use_ssl else '',
            host, port, self.url_prefix
        )