def ignoreJavaSSL(): """ Creates a dummy socket factory that doesn't verify connections. HttpsURLConnection.setDefaultSSLSocketFactory(...) This code was taken from multiple sources. Only makes since in jython (java). otherwise, just use verify=False! """ import sys if not 'java' in sys.platform: raise RuntimeError('only use if platform (sys.platform) is java!') else: #=================================================================== # set default SSL socket to ignore verification #=================================================================== import javax.net.ssl.X509TrustManager as X509TrustManager # @UnresolvedImport class MyTrustManager(X509TrustManager): def getAcceptedIssuers(self,*args,**keys): return None def checkServerTrusted(self,*args,**keys): pass def checkClientTrusted(self,*args,**keys): pass import com.sun.net.ssl.internal.ssl.Provider # @UnresolvedImport from java.security import Security # @UnresolvedImport Security.addProvider(com.sun.net.ssl.internal.ssl.Provider()) trustAllCerts = [MyTrustManager()] import javax.net.ssl.SSLContext as SSLContext # @UnresolvedImport sc = SSLContext.getInstance("SSL"); import java.security.SecureRandom as SecureRandom # @UnresolvedImport sc.init(None, trustAllCerts,SecureRandom()) import javax.net.ssl.HttpsURLConnection as HttpsURLConnection # @UnresolvedImport HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()) #=================================================================== # Do a test! #=================================================================== ''' # setup proxy import java.net.Proxy as Proxy import java.net.InetSocketAddress as InetSocketAddress p = Proxy(Proxy.Type.HTTP,InetSocketAddress("host",port)) import java.net.URL as URL u = URL("https://www.google.com/") conn = u.openConnection(p) print 'server response: %r',conn.getResponseCode() ''' #=================================================================== # ignore requests's error logging - this is for dev #=================================================================== try: import requests.packages.urllib3 as urllib3 urllib3.disable_warnings() except: pass return 'SSL verification in Java is disabled!'
def _initializeMXPI(serverName, serverPort, protocol, MxpiMain5_1SoapBindingStubClass, VerifyAllHostnameVerifierClass): serverPortName = 'MxpiMain5_1' namespaceURI = "urn:client.v5_1.soap.mx.hp.com" serviceName = "MxpiMainService" wsdlURL = "%s://%s:%s/mxsoap/services/%s?wsdl" % (protocol, serverName, serverPort, serverPortName) # Set trust manager if protocol == 'https': verifyAllHostnameVerifier = VerifyAllHostnameVerifierClass() sslContext = SSLContextManager.getAutoAcceptSSLContext() HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()) HttpsURLConnection.setDefaultHostnameVerifier(verifyAllHostnameVerifier) ## Set trust all SSL Socket to accept all certificates System.setProperty("ssl.SocketFactory.provider", "TrustAllSSLSocketFactory") Security.setProperty("ssl.SocketFactory.provider", "TrustAllSSLSocketFactory") # Try and initialize connection simBindingStub = MxpiMain5_1SoapBindingStubClass() simServiceFactory = ServiceFactory.newInstance() simService = simServiceFactory.createService(URL(wsdlURL), QName(namespaceURI, serviceName)) theMxpiMain = simService.getPort(QName(namespaceURI, serverPortName), simBindingStub.getClass()) return theMxpiMain
def doService(httpMethod, url, credential, requestBody=None): Security.addProvider(MySSLProvider()) Security.setProperty("ssl.TrustManagerFactory.algorithm", "TrustAllCertificates") HttpsURLConnection.setDefaultHostnameVerifier(MyHostnameVerifier()) urlObj = URL(url) con = urlObj.openConnection() con.setRequestProperty("Accept", "application/xml") con.setRequestProperty("Content-Type", "application/xml") con.setRequestProperty("Authorization", credential) con.setDoInput(True); if httpMethod == 'POST': con.setDoOutput(True) con.setRequestMethod(httpMethod) output = DataOutputStream(con.getOutputStream()); if requestBody: output.writeBytes(requestBody); output.close(); responseCode = con.getResponseCode() logger.info('response code: ' + str(responseCode)) responseMessage = con.getResponseMessage() logger.info('response message: ' + str(responseMessage)) contentLength = con.getHeaderField('Content-Length') logger.info('content length: ' + str(contentLength)) stream = None if responseCode == 200 or responseCode == 201 or responseCode == 202: stream = con.getInputStream() elif contentLength: stream = con.getErrorStream() if stream: dataString = getStreamData(stream) logger.info(httpMethod + ' url: ' + url) if not url.endswith('.xsd') and len(dataString) < 4096: xmlStr = Util.prettfyXmlByString(dataString) logger.info(httpMethod + ' result: \n\n' + xmlStr) else: logger.info('response body too big, no print out') if responseCode == 200 or responseCode == 201 or responseCode == 202: return dataString else: ''' to mark the case failed if response code is not 200-202 ''' return None else: logger.error('') logger.error('---------------------------------------------------------------------------------------------------') logger.error('-------->>> Input or Error stream is None, it may be a defect if it is positive test case') logger.error('---------------------------------------------------------------------------------------------------') logger.error('') return None
EncryptionException from org.bouncycastle.openssl.jcajce import JcaPEMKeyConverter, JcePEMDecryptorProviderBuilder except ImportError: # jarjar-ed version from org.python.bouncycastle.asn1.pkcs import PrivateKeyInfo from org.python.bouncycastle.cert import X509CertificateHolder from org.python.bouncycastle.cert.jcajce import JcaX509CertificateConverter from org.python.bouncycastle.jce.provider import BouncyCastleProvider from org.python.bouncycastle.jce import ECNamedCurveTable from org.python.bouncycastle.jce.spec import ECNamedCurveSpec from org.python.bouncycastle.openssl import PEMKeyPair, PEMParser, PEMEncryptedKeyPair, PEMException, \ EncryptionException from org.python.bouncycastle.openssl.jcajce import JcaPEMKeyConverter, JcePEMDecryptorProviderBuilder log = logging.getLogger("_socket") Security.addProvider(BouncyCastleProvider()) RE_BEGIN_KEY_CERT = re.compile(r'^-----BEGIN.*(PRIVATE KEY|CERTIFICATE)-----$') def _get_ca_certs_trust_manager(ca_certs=None): trust_store = KeyStore.getInstance(KeyStore.getDefaultType()) trust_store.load(None, None) num_certs_installed = 0 if ca_certs is not None: with open(ca_certs) as f: cf = CertificateFactory.getInstance("X.509") for cert in cf.generateCertificates(BufferedInputStream(f)): trust_store.setCertificateEntry(str(uuid.uuid4()), cert) num_certs_installed += 1 tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
from org.python.bouncycastle.jce.provider import BouncyCastleProvider from org.python.bouncycastle.openssl import PEMKeyPair, PEMParser from org.python.bouncycastle.openssl.jcajce import JcaPEMKeyConverter except ImportError: # dev version from extlibs from org.bouncycastle.asn1.pkcs import PrivateKeyInfo from org.bouncycastle.cert import X509CertificateHolder from org.bouncycastle.cert.jcajce import JcaX509CertificateConverter from org.bouncycastle.jce.provider import BouncyCastleProvider from org.bouncycastle.openssl import PEMKeyPair, PEMParser from org.bouncycastle.openssl.jcajce import JcaPEMKeyConverter log = logging.getLogger("ssl") # FIXME what happens if reloaded? Security.addProvider(BouncyCastleProvider()) # build the necessary certificate with a CertificateFactory; this can take the pem format: # http://docs.oracle.com/javase/7/docs/api/java/security/cert/CertificateFactory.html#generateCertificate(java.io.InputStream) # not certain if we can include a private key in the pem file; see # http://stackoverflow.com/questions/7216969/getting-rsa-private-key-from-pem-base64-encoded-private-key-file # helpful advice for being able to manage ca_certs outside of Java's keystore # specifically the example ReloadableX509TrustManager # http://jcalcote.wordpress.com/2010/06/22/managing-a-dynamic-java-trust-store/ # in the case of http://docs.python.org/2/library/ssl.html#ssl.CERT_REQUIRED # http://docs.python.org/2/library/ssl.html#ssl.CERT_NONE # https://github.com/rackerlabs/romper/blob/master/romper/trust.py#L15