def initSSL(cls): if not 'java' in sys.platform or cls.SSL_INITED: return logger.info('=============Init Trust All Cert==================') from javax.net.ssl import X509TrustManager from javax.net.ssl import SSLContext class TrustAllX509TrustManager(X509TrustManager): '''Define a custom TrustManager which will blindly accept all certificates''' def checkClientTrusted(self, chain, auth): pass def checkServerTrusted(self, chain, auth): pass def getAcceptedIssuers(self): return None trust_managers = [TrustAllX509TrustManager()] TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) # Keep a static reference to the JVM's default SSLContext for restoring at a later time cls.DEFAULT_CONTEXT = SSLContext.getDefault() cls.TRUST_ALL_CONTEXT = TRUST_ALL_CONTEXT cls.SSL_INITED = True
def _get_ssl_context(keyfile, certfile, ca_certs): if certfile is None and ca_certs is None: log.debug("Using default SSL context", extra={"sock": "*"}) return SSLContext.getDefault() else: log.debug( "Setting up a specific SSL context for keyfile=%s, certfile=%s, ca_certs=%s", keyfile, certfile, ca_certs, extra={"sock": "*"}) if ca_certs: # should support composite usage below trust_managers = _get_ca_certs_trust_manager( ca_certs).getTrustManagers() else: trust_managers = None if certfile: key_managers = _get_openssl_key_manager(certfile, keyfile).getKeyManagers() else: key_managers = None # FIXME FIXME for performance, cache this lookup in the future # to avoid re-reading files on every lookup context = SSLContext.getInstance("SSL") context.init(key_managers, trust_managers, None) return context
def initSSL(cls): import sys if not 'java' in sys.platform or cls.SSL_INITED: return logger.info('=============Init Trust All Cert==================') from javax.net.ssl import X509TrustManager from javax.net.ssl import SSLContext class TrustAllX509TrustManager(X509TrustManager): '''Define a custom TrustManager which will blindly accept all certificates''' def checkClientTrusted(self, chain, auth): pass def checkServerTrusted(self, chain, auth): pass def getAcceptedIssuers(self): return None # Create a static reference to an SSLContext which will use # our custom TrustManager trust_managers = [TrustAllX509TrustManager()] TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) # Keep a static reference to the JVM's default SSLContext for restoring at a later time cls.DEFAULT_CONTEXT = SSLContext.getDefault() cls.TRUST_ALL_CONTEXT = TRUST_ALL_CONTEXT cls.SSL_INITED = True
def disable_all_ssl_cert_checks(self): from javax.net.ssl import TrustManager, X509TrustManager from jarray import array from javax.net.ssl import SSLContext class TrustAllX509TrustManager(X509TrustManager): """ Define a custom TrustManager which will blindly accept all certificates """ def checkClientTrusted(self, chain, auth): pass def checkServerTrusted(self, chain, auth): pass def getAcceptedIssuers(self): return None # Create a static reference to an SSLContext which will use # our custom TrustManager self.log.info("Disabling cert check ##############") trust_managers = array([TrustAllX509TrustManager()], TrustManager) TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) SSLContext.setDefault(TRUST_ALL_CONTEXT) # Keep a static reference to the JVM's default SSLContext for restoring # at a later time DEFAULT_CONTEXT = SSLContext.getDefault()
def _get_ssl_context(keyfile, certfile, ca_certs): if certfile is None and ca_certs is None: return SSLContext.getDefault() else: if ca_certs: # should support composite usage below trust_managers = _get_ca_certs_trust_manager(ca_certs).getTrustManagers() else: trust_managers = None if certfile: key_managers = _get_openssl_key_manager(certfile, keyfile).getKeyManagers() else: key_managers = None # cache this lookup in the future to avoid re-reading files on every # lookup context = SSLContext.getInstance("SSL") context.init(key_managers, trust_managers, None) return context
def _get_ssl_context(keyfile, certfile, ca_certs): if certfile is None and ca_certs is None: log.debug("Using default SSL context", extra={"sock": "*"}) return SSLContext.getDefault() else: log.debug("Setting up a specific SSL context for keyfile=%s, certfile=%s, ca_certs=%s", keyfile, certfile, ca_certs, extra={"sock": "*"}) if ca_certs: # should support composite usage below trust_managers = _get_ca_certs_trust_manager(ca_certs).getTrustManagers() else: trust_managers = None if certfile: key_managers = _get_openssl_key_manager(certfile, keyfile).getKeyManagers() else: key_managers = None # FIXME FIXME for performance, cache this lookup in the future # to avoid re-reading files on every lookup context = SSLContext.getInstance("SSL") context.init(key_managers, trust_managers, None) return context
pass def checkServerTrusted(self, chain, auth): pass def getAcceptedIssuers(self): return None # Create a static reference to an SSLContext which will use # our custom TrustManager trust_managers = array([TrustAllX509TrustManager()], TrustManager) TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) # Keep a static reference to the JVM's default SSLContext for restoring # at a later time DEFAULT_CONTEXT = SSLContext.getDefault() @pytest.fixture def trust_all_certificates(request): """Decorator function that will make it so the context of the decorated method will run with our TrustManager that accepts all certificates""" # Only do this if running under Jython is_java = "java" in sys.platform if is_java: from javax.net.ssl import SSLContext SSLContext.setDefault(TRUST_ALL_CONTEXT) def fin():
# Copied from http://tech.pedersen-live.com/2010/10/trusting-all-certificates-in-jython/ import sys # Check if running in Jython if 'java' in sys.platform: from javax.net.ssl import TrustManager, X509TrustManager from jarray import array from javax.net.ssl import SSLContext class TrustAllX509TrustManager(X509TrustManager): """ Define a custom TrustManager which will blindly accept all certificates """ def checkClientTrusted(self, chain, auth): pass def checkServerTrusted(self, chain, auth): pass def getAcceptedIssuers(self): return None # Create a static reference to an SSLContext which will use # our custom TrustManager trust_managers = array([TrustAllX509TrustManager()], TrustManager) TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL") TRUST_ALL_CONTEXT.init(None, trust_managers, None) # Keep a static reference to the JVM's default SSLContext for restoring # at a later time DEFAULT_CONTEXT = SSLContext.getDefault()
def initChannel(self, ch): pipeline = ch.pipeline() engine = SSLContext.getDefault().createSSLEngine() engine.setUseClientMode(True); pipeline.addLast("ssl", SslHandler(engine))