def authenticate(self, timeout=20): """ Make authentication request to AWS STS service Timeout defaults to 20 seconds""" if self.validate_certs: conn = CertValidatingHTTPSConnection(self.host, self.port, timeout=timeout, **self.kwargs) else: conn = httplib.HTTPSConnection(self.host, self.port, timeout=timeout) headers = {"Content-type": "application/x-www-form-urlencoded"} try: conn.request('POST', '', self.package, headers) response = conn.getresponse() if response.status != 200: raise urllib2.HTTPError(url='', code=response.status, msg=response.reason, hdrs=None, fp=None) body = response.read() # parse AccessKeyId, SecretAccessKey and SessionToken creds = Credentials() h = BotoXmlHandler(creds, None) parseString(body, h) return creds except SSLError as err: if err.message != '': raise urllib2.URLError(err.message) else: raise urllib2.URLError(err[1]) except socket.error as err: raise urllib2.URLError(err.message)
def __init__(self, *args, **kwargs): # No super, it's an old-style class CertValidatingHTTPSConnection.__init__(self, *args, **kwargs) # Defaults to cert validation self.ssl_ctx = ssl.create_default_context(cafile=self.ca_certs) if self.cert_file is not None: self.ssl_ctx.load_cert_chain(certfile=self.cert_file, keyfile=self.key_file)
def __init__(self, *args, **kwargs): # No super, it's an old-style class CertValidatingHTTPSConnection.__init__(self, *args, **kwargs) # Defaults to cert validation self.ssl_ctx = ssl.create_default_context(cafile=self.ca_certs) if self.cert_file is not None: self.ssl_ctx.load_cert_chain(certfile=self.cert_file, keyfile=self.key_file)
def _authenticate_(self, account, user, passwd, new_passwd=None, timeout=15, duration=3600): if user == 'admin' and duration > 3600: # admin cannot have more than 1 hour duration duration = 3600 # because of the variability, we need to keep this here, not in __init__ auth_path = self.TEMPLATE.format(dur=duration) if not self.dns_enabled: auth_path = self.NON_DNS_QUERY_PATH + auth_path else: auth_path = '/' + auth_path host = self.host if self.dns_enabled: host = 'tokens.{0}'.format(host) if self.validate_certs: conn = CertValidatingHTTPSConnection(host, self.port, timeout=timeout, **self.kwargs) else: conn = HttpsConnectionFactory(self.port).https_connection_factory(host, timeout=timeout) if new_passwd: auth_string = u"{user}@{account};{pw}@{new_pw}".format( user=base64.b64encode(user), account=base64.b64encode(account), pw=base64.b64encode(passwd), new_pw=new_passwd ) else: auth_string = u"{user}@{account}:{pw}".format( user=base64.b64encode(user), account=base64.b64encode(account), pw=passwd ) encoded_auth = base64.b64encode(auth_string) headers = {'Authorization': "Basic %s" % encoded_auth} try: conn.request('GET', auth_path, '', headers) response = conn.getresponse() if response.status != 200: raise urllib2.HTTPError(url='', code=response.status, msg=response.reason, hdrs=None, fp=None) body = response.read() # parse AccessKeyId, SecretAccessKey and SessionToken creds = Credentials() h = BotoXmlHandler(creds, None) parseString(body, h) return creds except SSLError as err: if err.message != '': raise urllib2.URLError(str(err)) else: raise urllib2.URLError(err[1]) except socket.error as err: # when dns enabled, but path cloud, we get here with # err=gaierror(8, 'nodename nor servname provided, or not known') # when dns disabled, but path cloud, we get here with # err=gaierror(8, 'nodename nor servname provided, or not known') raise urllib2.URLError(str(err))
def test_boto_stubs(tmpdir): with vcr.use_cassette(str(tmpdir.join('boto-stubs.yml'))): # Perform the imports within the patched context so that # CertValidatingHTTPSConnection refers to the patched version. from boto.https_connection import CertValidatingHTTPSConnection from vcr.stubs.boto_stubs import VCRCertValidatingHTTPSConnection # Prove that the class was patched by the stub and that we can instantiate it. assert issubclass(CertValidatingHTTPSConnection, VCRCertValidatingHTTPSConnection) CertValidatingHTTPSConnection('hostname.does.not.matter')
def authenticate(self, timeout=20): """ Make authentication request to AWS STS service Timeout defaults to 20 seconds""" if self.validate_certs: conn = CertValidatingHTTPSConnection(self.host, self.port, timeout=timeout, **self.kwargs) else: conn = httplib.HTTPSConnection(self.host, self.port, timeout=timeout) headers = {"Content-type": "application/x-www-form-urlencoded"} try: conn.request('POST', '', self.package, headers) response = conn.getresponse() if response.status != 200: raise urllib2.HTTPError(url='', code=response.status, msg=response.reason, hdrs=None, fp=None) body = response.read() # parse AccessKeyId, SecretAccessKey and SessionToken creds = Credentials() h = BotoXmlHandler(creds, None) parseString(body, h) return creds except SSLError as err: if err.message != '': raise urllib2.URLError(err.message) else: raise urllib2.URLError(err[1]) except socket.error as err: raise urllib2.URLError(err.message)
def _authenticate_(self, account, user, passwd, new_passwd=None, timeout=15, duration=3600): auth_path = self.TEMPLATE.format(dur=duration) if not self.dns_enabled: auth_path = self.NON_DNS_QUERY_PATH + auth_path else: auth_path = '/' + auth_path host = self.host if self.dns_enabled: host = 'tokens.{0}'.format(host) if self.validate_certs: conn = CertValidatingHTTPSConnection(host, self.port, timeout=timeout, **self.kwargs) else: conn = HttpsConnectionFactory(self.port).https_connection_factory( host, timeout=timeout) if new_passwd: auth_string = u"{user}@{account};{pw}@{new_pw}".format( user=base64.b64encode(user), account=base64.b64encode(account), pw=base64.b64encode(passwd), new_pw=new_passwd) else: auth_string = u"{user}@{account}:{pw}".format( user=base64.b64encode(user), account=base64.b64encode(account), pw=passwd) encoded_auth = base64.b64encode(auth_string) headers = {'Authorization': "Basic %s" % encoded_auth} try: conn.request('GET', auth_path, '', headers) response = conn.getresponse() if response.status != 200: raise urllib2.HTTPError(url='', code=response.status, msg=response.reason, hdrs=None, fp=None) body = response.read() # parse AccessKeyId, SecretAccessKey and SessionToken creds = Credentials() h = BotoXmlHandler(creds, None) parseString(body, h) return creds except SSLError as err: if err.message != '': raise urllib2.URLError(str(err)) else: raise urllib2.URLError(err[1]) except socket.error as err: # when dns enabled, but path cloud, we get here with # err=gaierror(8, 'nodename nor servname provided, or not known') # when dns disabled, but path cloud, we get here with # err=gaierror(8, 'nodename nor servname provided, or not known') raise urllib2.URLError(str(err))