def setup_security(allowed_serializers=None, key=None, cert=None, store=None, digest='sha1', serializer='json', app=None): """See :meth:`@Celery.setup_security`.""" if app is None: from celery import current_app app = current_app._get_current_object() _disable_insecure_serializers(allowed_serializers) conf = app.conf if conf.task_serializer != 'auth': return try: from OpenSSL import crypto # noqa except ImportError: raise ImproperlyConfigured(SSL_NOT_INSTALLED) key = key or conf.security_key cert = cert or conf.security_certificate store = store or conf.security_cert_store if not (key and cert and store): raise ImproperlyConfigured(SETTING_MISSING) with open(key) as kf: with open(cert) as cf: register_auth(kf.read(), cf.read(), store, digest, serializer) registry._set_default_serializer('auth')
def setup_security(allowed_serializers=None, key=None, cert=None, store=None, digest='sha1', serializer='json', app=None): """See :meth:`@Celery.setup_security`.""" if app is None: from celery import current_app app = current_app._get_current_object() disable_untrusted_serializers(allowed_serializers) conf = app.conf if conf.CELERY_TASK_SERIALIZER != 'auth': return try: from OpenSSL import crypto # noqa except ImportError: raise ImproperlyConfigured(SSL_NOT_INSTALLED) key = key or conf.CELERY_SECURITY_KEY cert = cert or conf.CELERY_SECURITY_CERTIFICATE store = store or conf.CELERY_SECURITY_CERT_STORE if not (key and cert and store): raise ImproperlyConfigured(SETTING_MISSING) with open(key) as kf: with open(cert) as cf: register_auth(kf.read(), cf.read(), store, digest, serializer) registry._set_default_serializer('auth')
def teardown(self): registry._disabled_content_types.clear() registry._set_default_serializer('json') try: registry.unregister('auth') except SerializerNotInstalled: pass
def setup_security(allowed_serializers=None, key=None, cert=None, store=None, digest=None, serializer='json', app=None): """See :meth:`@Celery.setup_security`.""" if app is None: from celery import current_app app = current_app._get_current_object() _disable_insecure_serializers(allowed_serializers) # check conf for sane security settings conf = app.conf if conf.task_serializer != 'auth' or conf.accept_content != ['auth']: raise ImproperlyConfigured(SETTING_MISSING) key = key or conf.security_key cert = cert or conf.security_certificate store = store or conf.security_cert_store digest = digest or conf.security_digest if not (key and cert and store): raise ImproperlyConfigured(SECURITY_SETTING_MISSING) with open(key, 'r') as kf: with open(cert, 'r') as cf: register_auth(kf.read(), cf.read(), store, digest, serializer) registry._set_default_serializer('auth')
def setup_security( allowed_serializers=None, key=None, cert=None, store=None, digest=None, serializer="json", app=None, ): """See :meth:`@Celery.setup_security`.""" if app is None: from celery import current_app app = current_app._get_current_object() _disable_insecure_serializers(allowed_serializers) # check conf for sane security settings conf = app.conf if conf.task_serializer != "auth" or conf.accept_content != ["auth"]: raise ImproperlyConfigured(SETTING_MISSING) key = key or conf.security_key cert = cert or conf.security_certificate store = store or conf.security_cert_store digest = digest or conf.security_digest if not (key and cert and store): raise ImproperlyConfigured(SECURITY_SETTING_MISSING) with open(key, "r") as kf: with open(cert, "r") as cf: register_auth(kf.read(), cf.read(), store, digest, serializer) registry._set_default_serializer("auth")
def teardown(self): registry._disabled_content_types.clear() registry._set_default_serializer('json') try: registry.unregister('auth') except SerializerNotInstalled: pass
def setup_security(allowed_serializers=None, key=None, cert=None, store=None, digest='sha1', serializer='json', app=None): """See :meth:`@Celery.setup_security`.""" if app is None: from celery import current_app app = current_app._get_current_object() disable_untrusted_serializers(allowed_serializers) conf = app.conf if conf.CELERY_TASK_SERIALIZER != 'auth': return try: from OpenSSL import crypto # noqa except ImportError: raise ImproperlyConfigured(SSL_NOT_INSTALLED) key = key or conf.CELERY_SECURITY_KEY cert = cert or conf.CELERY_SECURITY_CERTIFICATE store = store or conf.CELERY_SECURITY_CERT_STORE if not (key and cert and store): raise ImproperlyConfigured(SETTING_MISSING) with open(key) as kf: with open(cert) as cf: register_auth(kf.read(), cf.read(), store, digest, serializer) registry._set_default_serializer('auth')
def register_auth(key=None, cert=None, store=None, digest='sha1', serializer='json'): """register security serializer""" s = SecureSerializer(key and PrivateKey(key), cert and Certificate(cert), store and FSCertStore(store), digest=digest, serializer=serializer) registry.register('auth', s.serialize, s.deserialize, content_type='application/data', content_encoding='utf-8') registry._set_default_serializer('auth')
def setup_security(allowed_serializers=None, key=None, cert=None, store=None, digest='sha1', serializer='json'): """Setup the message-signing serializer. Disables untrusted serializers and if configured to use the ``auth`` serializer will register the auth serializer with the provided settings into the Kombu serializer registry. :keyword allowed_serializers: List of serializer names, or content_types that should be exempt from being disabled. :keyword key: Name of private key file to use. Defaults to the :setting:`CELERY_SECURITY_KEY` setting. :keyword cert: Name of certificate file to use. Defaults to the :setting:`CELERY_SECURITY_CERTIFICATE` setting. :keyword store: Directory containing certificates. Defaults to the :setting:`CELERY_SECURITY_CERT_STORE` setting. :keyword digest: Digest algorithm used when signing messages. Default is ``sha1``. :keyword serializer: Serializer used to encode messages after they have been signed. See :setting:`CELERY_TASK_SERIALIZER` for the serializers supported. Default is ``json``. """ disable_untrusted_serializers(allowed_serializers) conf = current_app.conf if conf.CELERY_TASK_SERIALIZER != 'auth': return try: from OpenSSL import crypto # noqa except ImportError: raise ImproperlyConfigured(SSL_NOT_INSTALLED) key = key or conf.CELERY_SECURITY_KEY cert = cert or conf.CELERY_SECURITY_CERTIFICATE store = store or conf.CELERY_SECURITY_CERT_STORE if not (key and cert and store): raise ImproperlyConfigured(SETTING_MISSING) with open(key) as kf: with open(cert) as cf: register_auth(kf.read(), cf.read(), store, digest, serializer) registry._set_default_serializer('auth')
def setup_security(allowed_serializers=None, key=None, cert=None, store=None, digest="sha1", serializer="json"): """Setup the message-signing serializer. Disables untrusted serializers and if configured to use the ``auth`` serializer will register the auth serializer with the provided settings into the Kombu serializer registry. :keyword allowed_serializers: List of serializer names, or content_types that should be exempt from being disabled. :keyword key: Name of private key file to use. Defaults to the :setting:`CELERY_SECURITY_KEY` setting. :keyword cert: Name of certificate file to use. Defaults to the :setting:`CELERY_SECURITY_CERTIFICATE` setting. :keyword store: Directory containing certificates. Defaults to the :setting:`CELERY_SECURITY_CERT_STORE` setting. :keyword digest: Digest algorithm used when signing messages. Default is ``sha1``. :keyword serializer: Serializer used to encode messages after they have been signed. See :setting:`CELERY_TASK_SERIALIZER` for the serializers supported. Default is ``json``. """ disable_untrusted_serializers(allowed_serializers) conf = current_app.conf if conf.CELERY_TASK_SERIALIZER != "auth": return try: from OpenSSL import crypto # noqa except ImportError: raise ImproperlyConfigured(SSL_NOT_INSTALLED) key = key or conf.CELERY_SECURITY_KEY cert = cert or conf.CELERY_SECURITY_CERTIFICATE store = store or conf.CELERY_SECURITY_CERT_STORE if not (key and cert and store): raise ImproperlyConfigured(SETTING_MISSING) with open(key) as kf: with open(cert) as cf: register_auth(kf.read(), cf.read(), store, digest, serializer) registry._set_default_serializer("auth")
def test_set_default_serializer_missing(self): with self.assertRaises(SerializerNotInstalled): registry._set_default_serializer('nonexisting')
def test_set_default_serializer_missing(self): with self.assertRaises(SerializerNotInstalled): registry._set_default_serializer('nonexisting')