def initSSL(cls):
if not 'java' in sys.platform or cls.SSL_INITED:
return
logger.info('=============Init Trust All Cert==================')
from javax.net.ssl import X509TrustManager
from javax.net.ssl import SSLContext
class TrustAllX509TrustManager(X509TrustManager):
'''Define a custom TrustManager which will blindly accept all certificates'''
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
trust_managers = [TrustAllX509TrustManager()]
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
# Keep a static reference to the JVM's default SSLContext for restoring at a later time
cls.DEFAULT_CONTEXT = SSLContext.getDefault()
cls.TRUST_ALL_CONTEXT = TRUST_ALL_CONTEXT
cls.SSL_INITED = True
def _get_ssl_context(keyfile, certfile, ca_certs):
if certfile is None and ca_certs is None:
log.debug("Using default SSL context", extra={"sock": "*"})
return SSLContext.getDefault()
else:
log.debug(
"Setting up a specific SSL context for keyfile=%s, certfile=%s, ca_certs=%s",
keyfile,
certfile,
ca_certs,
extra={"sock": "*"})
if ca_certs:
# should support composite usage below
trust_managers = _get_ca_certs_trust_manager(
ca_certs).getTrustManagers()
else:
trust_managers = None
if certfile:
key_managers = _get_openssl_key_manager(certfile,
keyfile).getKeyManagers()
else:
key_managers = None
# FIXME FIXME for performance, cache this lookup in the future
# to avoid re-reading files on every lookup
context = SSLContext.getInstance("SSL")
context.init(key_managers, trust_managers, None)
return context
def initSSL(cls):
import sys
if not 'java' in sys.platform or cls.SSL_INITED:
return
logger.info('=============Init Trust All Cert==================')
from javax.net.ssl import X509TrustManager
from javax.net.ssl import SSLContext
class TrustAllX509TrustManager(X509TrustManager):
'''Define a custom TrustManager which will blindly accept all certificates'''
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
# Create a static reference to an SSLContext which will use
# our custom TrustManager
trust_managers = [TrustAllX509TrustManager()]
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
# Keep a static reference to the JVM's default SSLContext for restoring at a later time
cls.DEFAULT_CONTEXT = SSLContext.getDefault()
cls.TRUST_ALL_CONTEXT = TRUST_ALL_CONTEXT
cls.SSL_INITED = True
def disable_all_ssl_cert_checks(self):
from javax.net.ssl import TrustManager, X509TrustManager
from jarray import array
from javax.net.ssl import SSLContext
class TrustAllX509TrustManager(X509TrustManager):
"""
Define a custom TrustManager which will blindly accept all certificates
"""
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
# Create a static reference to an SSLContext which will use
# our custom TrustManager
self.log.info("Disabling cert check ##############")
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
SSLContext.setDefault(TRUST_ALL_CONTEXT)
# Keep a static reference to the JVM's default SSLContext for restoring
# at a later time
DEFAULT_CONTEXT = SSLContext.getDefault()
def _get_ssl_context(keyfile, certfile, ca_certs):
if certfile is None and ca_certs is None:
return SSLContext.getDefault()
else:
if ca_certs:
# should support composite usage below
trust_managers = _get_ca_certs_trust_manager(ca_certs).getTrustManagers()
else:
trust_managers = None
if certfile:
key_managers = _get_openssl_key_manager(certfile, keyfile).getKeyManagers()
else:
key_managers = None
# cache this lookup in the future to avoid re-reading files on every
# lookup
context = SSLContext.getInstance("SSL")
context.init(key_managers, trust_managers, None)
return context
def _get_ssl_context(keyfile, certfile, ca_certs):
if certfile is None and ca_certs is None:
log.debug("Using default SSL context", extra={"sock": "*"})
return SSLContext.getDefault()
else:
log.debug("Setting up a specific SSL context for keyfile=%s, certfile=%s, ca_certs=%s",
keyfile, certfile, ca_certs, extra={"sock": "*"})
if ca_certs:
# should support composite usage below
trust_managers = _get_ca_certs_trust_manager(ca_certs).getTrustManagers()
else:
trust_managers = None
if certfile:
key_managers = _get_openssl_key_manager(certfile, keyfile).getKeyManagers()
else:
key_managers = None
# FIXME FIXME for performance, cache this lookup in the future
# to avoid re-reading files on every lookup
context = SSLContext.getInstance("SSL")
context.init(key_managers, trust_managers, None)
return context
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
# Create a static reference to an SSLContext which will use
# our custom TrustManager
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
# Keep a static reference to the JVM's default SSLContext for restoring
# at a later time
DEFAULT_CONTEXT = SSLContext.getDefault()
@pytest.fixture
def trust_all_certificates(request):
"""Decorator function that will make it so the context of the decorated
method will run with our TrustManager that accepts all certificates"""
# Only do this if running under Jython
is_java = "java" in sys.platform
if is_java:
from javax.net.ssl import SSLContext
SSLContext.setDefault(TRUST_ALL_CONTEXT)
def fin():
# Copied from http://tech.pedersen-live.com/2010/10/trusting-all-certificates-in-jython/
import sys
# Check if running in Jython
if 'java' in sys.platform:
from javax.net.ssl import TrustManager, X509TrustManager
from jarray import array
from javax.net.ssl import SSLContext
class TrustAllX509TrustManager(X509TrustManager):
"""
Define a custom TrustManager which will blindly accept all certificates
"""
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
# Create a static reference to an SSLContext which will use
# our custom TrustManager
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
# Keep a static reference to the JVM's default SSLContext for restoring
# at a later time
DEFAULT_CONTEXT = SSLContext.getDefault()
def initChannel(self, ch):
pipeline = ch.pipeline()
engine = SSLContext.getDefault().createSSLEngine()
engine.setUseClientMode(True);
pipeline.addLast("ssl", SslHandler(engine))
