def _connect(self):
# Host and port for the HTTP(S) connection to the API server.
if self.ca_certs == 'HTTP':
api_port = 80
else:
api_port = 443
if self.port is not None:
api_port = self.port
# Host and port for outer HTTP(S) connection if proxied.
if self.proxy_type is None:
host = self.host
port = api_port
elif self.proxy_type == 'CONNECT':
host = self.proxy_host
port = self.proxy_port
else:
raise NotImplementedError('proxy_type=%s' % (self.proxy_type,))
# Create outer HTTP(S) connection.
if self.ca_certs == 'HTTP':
conn = httplib.HTTPConnection(host, port)
elif self.ca_certs == 'DISABLE':
conn = httplib.HTTPSConnection(host, port)
else:
conn = CertValidatingHTTPSConnection(host,
port,
ca_certs=self.ca_certs)
# Override default socket timeout if requested.
conn.timeout = self.timeout
# Configure CONNECT proxy tunnel, if any.
if self.proxy_type == 'CONNECT':
if hasattr(conn, 'set_tunnel'): # 2.7+
conn.set_tunnel(self.host,
api_port,
self.proxy_headers)
elif hasattr(conn, '_set_tunnel'): # 2.6.3+
# pylint: disable=E1103
conn._set_tunnel(self.host,
api_port,
self.proxy_headers)
# pylint: enable=E1103
return conn
def _connect(self):
# Host and port for the HTTP(S) connection to the API server.
if self.ca_certs == 'HTTP':
api_port = 80
else:
api_port = 443
if self.port is not None:
api_port = self.port
# Host and port for outer HTTP(S) connection if proxied.
if self.proxy_type is None:
host = self.host
port = api_port
elif self.proxy_type == 'CONNECT':
host = self.proxy_host
port = self.proxy_port
else:
raise NotImplementedError('proxy_type=%s' % (self.proxy_type,))
# Create outer HTTP(S) connection.
if self.ca_certs == 'HTTP':
conn = httplib.HTTPConnection(host, port)
elif self.ca_certs == 'DISABLE':
kwargs = {}
if hasattr(ssl, '_create_unverified_context'):
# httplib.HTTPSConnection validates certificates by
# default in Python 2.7.9+.
kwargs['context'] = ssl._create_unverified_context()
conn = httplib.HTTPSConnection(host, port, **kwargs)
else:
conn = CertValidatingHTTPSConnection(host,
port,
ca_certs=self.ca_certs)
# Override default socket timeout if requested.
conn.timeout = self.timeout
# Configure CONNECT proxy tunnel, if any.
if self.proxy_type == 'CONNECT':
if hasattr(conn, 'set_tunnel'): # 2.7+
conn.set_tunnel(self.host,
api_port,
self.proxy_headers)
elif hasattr(conn, '_set_tunnel'): # 2.6.3+
# pylint: disable=E1103
conn._set_tunnel(self.host,
api_port,
self.proxy_headers)
# pylint: enable=E1103
return conn
def call(ikey, skey, host, method, path, ca=None, sig_version=2,
sig_timezone='UTC', **kwargs):
"""
Call a Duo Web API method and return a (status, reason, data) tuple.
ca - Path to CA pem file.
"""
# urllib cannot handle unicode strings properly. quote() excepts,
# and urlencode() replaces them with '?'.
kwargs = encode_params(kwargs)
if sig_timezone == 'UTC':
now = email.utils.formatdate()
elif pytz_error:
raise pytz_error
else:
d = datetime.datetime.now(pytz.timezone(sig_timezone))
now = d.strftime("%a, %d %b %Y %H:%M:%S %z")
auth = sign(ikey, skey, method, host, path, now, sig_version, kwargs)
headers = {'Authorization': auth, 'Date': now}
if method in ['POST', 'PUT']:
headers['Content-type'] = 'application/x-www-form-urlencoded'
body = urllib.urlencode(kwargs, doseq=True)
uri = path
else:
body = None
uri = path + '?' + urllib.urlencode(kwargs, doseq=True)
if ca is None:
ca = ca_certs
if ca == 'HTTP':
conn = httplib.HTTPConnection(host)
elif ca == 'DISABLE':
conn = httplib.HTTPSConnection(host, 443)
else:
conn = CertValidatingHTTPSConnection(host, 443, ca_certs=ca)
conn.request(method, uri, body, headers)
response = conn.getresponse()
data = response.read()
conn.close()
return (response, data)
def call(ikey, skey, host, method, path, **kwargs):
"""
Call a Duo Web API method and return a (status, reason, data) tuple.
"""
headers = {'Authorization': sign(ikey, skey, method, host, path, kwargs)}
if method in ['POST', 'PUT']:
headers['Content-type'] = 'application/x-www-form-urlencoded'
body = urllib.urlencode(kwargs, doseq=True)
uri = path
else:
body = None
uri = path + '?' + urllib.urlencode(kwargs, doseq=True)
conn = CertValidatingHTTPSConnection(host, 443, ca_certs=ca_certs)
conn.request(method, uri, body, headers)
response = conn.getresponse()
data = response.read()
conn.close()
return (response.status, response.reason, data)
def call(ikey, skey, host, method, path, ca=None, sig_version=2, sig_timezone="UTC", **kwargs):
"""
Call a Duo Web API method and return a (status, reason, data) tuple.
ca - Path to CA pem file.
"""
# urllib cannot handle unicode strings properly. quote() excepts,
# and urlencode() replaces them with '?'.
kwargs = encode_params(kwargs)
if sig_timezone == "UTC":
now = email.utils.formatdate()
elif pytz_error:
raise pytz_error
else:
d = datetime.datetime.now(pytz.timezone(sig_timezone))
now = d.strftime("%a, %d %b %Y %H:%M:%S %z")
auth = sign(ikey, skey, method, host, path, now, sig_version, kwargs)
headers = {"Authorization": auth, "Date": now}
if method in ["POST", "PUT"]:
headers["Content-type"] = "application/x-www-form-urlencoded"
body = urllib.urlencode(kwargs, doseq=True)
uri = path
else:
body = None
uri = path + "?" + urllib.urlencode(kwargs, doseq=True)
if ca is None:
ca = ca_certs
if ca == "HTTP":
conn = httplib.HTTPConnection(host)
elif ca == "DISABLE":
conn = httplib.HTTPSConnection(host, 443)
else:
conn = CertValidatingHTTPSConnection(host, 443, ca_certs=ca)
conn.request(method, uri, body, headers)
response = conn.getresponse()
data = response.read()
conn.close()
return (response, data)
def call(ikey, skey, host, method, path, **kwargs):
sig = sign(ikey, skey, method, host, path, kwargs)
headers = {"Authorization": sig, "User-agent": "duo_openvpn/1.0"}
if method in ["POST", "PUT"]:
headers["Content-type"] = "application/x-www-form-urlencoded"
body = urllib.urlencode(kwargs, doseq=True)
uri = path
else:
body = None
uri = path + "?" + urllib.urlencode(kwargs, doseq=True)
conn = CertValidatingHTTPSConnection(host, 443, ca_certs=ca_certs)
conn.request(method, uri, body, headers)
response = conn.getresponse()
data = response.read()
conn.close()
return (response.status, response.reason, data)
def call(ikey, skey, host, method, path, **kwargs):
"""
Call a Duo Web API method and return a (status, reason, data) tuple.
"""
headers = {'Authorization':sign(ikey, skey, method, host, path, kwargs)}
if method in [ 'POST', 'PUT' ]:
headers['Content-type'] = 'application/x-www-form-urlencoded'
body = urllib.urlencode(kwargs, doseq=True)
uri = path
else:
body = None
uri = path + '?' + urllib.urlencode(kwargs, doseq=True)
conn = CertValidatingHTTPSConnection(host, 443, ca_certs=ca_certs)
conn.request(method, uri, body, headers)
response = conn.getresponse()
data = response.read()
conn.close()
return (response.status, response.reason, data)
def api_call(self, method, path, params):
"""
Call a Duo API method. Return a (status, reason, data) tuple.
"""
# urllib cannot handle unicode strings properly. quote() excepts,
# and urlencode() replaces them with '?'.
params = encode_params(params)
if self.sig_timezone == 'UTC':
now = email.utils.formatdate()
elif pytz is None:
raise pytz_error
else:
d = datetime.datetime.now(pytz.timezone(self.sig_timezone))
now = d.strftime("%a, %d %b %Y %H:%M:%S %z")
auth = sign(self.ikey, self.skey, method, self.host, path, now,
self.sig_version, params)
headers = {
'Authorization': auth,
'Date': now,
}
if method in ['POST', 'PUT']:
headers['Content-type'] = 'application/x-www-form-urlencoded'
body = urllib.urlencode(params, doseq=True)
uri = path
else:
body = None
uri = path + '?' + urllib.urlencode(params, doseq=True)
# Host and port for the HTTP(S) connection to the API server.
if self.ca_certs == 'HTTP':
api_port = 80
api_proto = 'http'
else:
api_port = 443
api_proto = 'https'
# Host and port for outer HTTP(S) connection if proxied.
if self.proxy_type is None:
host = self.host
port = api_port
elif self.proxy_type == 'CONNECT':
host = self.proxy_host
port = self.proxy_port
else:
raise NotImplementedError('proxy_type=%s' % (self.proxy_type, ))
# Create outer HTTP(S) connection.
if self.ca_certs == 'HTTP':
conn = httplib.HTTPConnection(host, port)
elif self.ca_certs == 'DISABLE':
conn = httplib.HTTPSConnection(host, port)
else:
conn = CertValidatingHTTPSConnection(host,
port,
ca_certs=self.ca_certs)
# Configure CONNECT proxy tunnel, if any.
if self.proxy_type == 'CONNECT':
# Ensure the request has the correct Host.
uri = ''.join((api_proto, '://', self.host, uri))
if hasattr(conn, 'set_tunnel'): # 2.7+
conn.set_tunnel(self.host, api_port, self.proxy_headers)
elif hasattr(conn, '_set_tunnel'): # 2.6.3+
# pylint: disable=E1103
conn._set_tunnel(self.host, api_port, self.proxy_headers)
# pylint: enable=E1103
conn.request(method, uri, body, headers)
response = conn.getresponse()
data = response.read()
conn.close()
return (response, data)
def api_call(self, method, path, params):
"""
Call a Duo API method. Return a (status, reason, data) tuple.
"""
# urllib cannot handle unicode strings properly. quote() excepts,
# and urlencode() replaces them with '?'.
params = encode_params(params)
if self.sig_timezone == 'UTC':
now = email.utils.formatdate()
elif pytz is None:
raise pytz_error
else:
d = datetime.datetime.now(pytz.timezone(self.sig_timezone))
now = d.strftime("%a, %d %b %Y %H:%M:%S %z")
auth = sign(self.ikey,
self.skey,
method,
self.host,
path,
now,
self.sig_version,
params)
headers = {
'Authorization': auth,
'Date': now,
}
if method in ['POST', 'PUT']:
headers['Content-type'] = 'application/x-www-form-urlencoded'
body = urllib.urlencode(params, doseq=True)
uri = path
else:
body = None
uri = path + '?' + urllib.urlencode(params, doseq=True)
# Host and port for the HTTP(S) connection to the API server.
if self.ca_certs == 'HTTP':
api_port = 80
api_proto = 'http'
else:
api_port = 443
api_proto = 'https'
# Host and port for outer HTTP(S) connection if proxied.
if self.proxy_type is None:
host = self.host
port = api_port
elif self.proxy_type == 'CONNECT':
host = self.proxy_host
port = self.proxy_port
else:
raise NotImplementedError('proxy_type=%s' % (self.proxy_type,))
# Create outer HTTP(S) connection.
if self.ca_certs == 'HTTP':
conn = httplib.HTTPConnection(host, port)
elif self.ca_certs == 'DISABLE':
conn = httplib.HTTPSConnection(host, port)
else:
conn = CertValidatingHTTPSConnection(host,
port,
ca_certs=self.ca_certs)
# Configure CONNECT proxy tunnel, if any.
if self.proxy_type == 'CONNECT':
# Ensure the request has the correct Host.
uri = ''.join((api_proto, '://', self.host, uri))
if hasattr(conn, 'set_tunnel'): # 2.7+
conn.set_tunnel(self.host,
api_port,
self.proxy_headers)
elif hasattr(conn, '_set_tunnel'): # 2.6.3+
# pylint: disable=E1103
conn._set_tunnel(self.host,
api_port,
self.proxy_headers)
# pylint: enable=E1103
conn.request(method, uri, body, headers)
response = conn.getresponse()
data = response.read()
conn.close()
return (response, data)
