def ignoreJavaSSL():
"""
Creates a dummy socket factory that doesn't verify connections.
HttpsURLConnection.setDefaultSSLSocketFactory(...)
This code was taken from multiple sources.
Only makes since in jython (java). otherwise, just use verify=False!
"""
import sys
if not 'java' in sys.platform:
raise RuntimeError('only use if platform (sys.platform) is java!')
else:
#===================================================================
# set default SSL socket to ignore verification
#===================================================================
import javax.net.ssl.X509TrustManager as X509TrustManager # @UnresolvedImport
class MyTrustManager(X509TrustManager):
def getAcceptedIssuers(self,*args,**keys):
return None
def checkServerTrusted(self,*args,**keys):
pass
def checkClientTrusted(self,*args,**keys):
pass
import com.sun.net.ssl.internal.ssl.Provider # @UnresolvedImport
from java.security import Security # @UnresolvedImport
Security.addProvider(com.sun.net.ssl.internal.ssl.Provider())
trustAllCerts = [MyTrustManager()]
import javax.net.ssl.SSLContext as SSLContext # @UnresolvedImport
sc = SSLContext.getInstance("SSL");
import java.security.SecureRandom as SecureRandom # @UnresolvedImport
sc.init(None, trustAllCerts,SecureRandom())
import javax.net.ssl.HttpsURLConnection as HttpsURLConnection # @UnresolvedImport
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory())
#===================================================================
# Do a test!
#===================================================================
'''
# setup proxy
import java.net.Proxy as Proxy
import java.net.InetSocketAddress as InetSocketAddress
p = Proxy(Proxy.Type.HTTP,InetSocketAddress("host",port))
import java.net.URL as URL
u = URL("https://www.google.com/")
conn = u.openConnection(p)
print 'server response: %r',conn.getResponseCode()
'''
#===================================================================
# ignore requests's error logging - this is for dev
#===================================================================
try:
import requests.packages.urllib3 as urllib3
urllib3.disable_warnings()
except: pass
return 'SSL verification in Java is disabled!'
def _initializeMXPI(serverName, serverPort, protocol,
MxpiMain5_1SoapBindingStubClass,
VerifyAllHostnameVerifierClass):
serverPortName = 'MxpiMain5_1'
namespaceURI = "urn:client.v5_1.soap.mx.hp.com"
serviceName = "MxpiMainService"
wsdlURL = "%s://%s:%s/mxsoap/services/%s?wsdl" % (protocol, serverName,
serverPort,
serverPortName)
# Set trust manager
if protocol == 'https':
verifyAllHostnameVerifier = VerifyAllHostnameVerifierClass()
sslContext = SSLContextManager.getAutoAcceptSSLContext()
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory())
HttpsURLConnection.setDefaultHostnameVerifier(verifyAllHostnameVerifier)
## Set trust all SSL Socket to accept all certificates
System.setProperty("ssl.SocketFactory.provider",
"TrustAllSSLSocketFactory")
Security.setProperty("ssl.SocketFactory.provider",
"TrustAllSSLSocketFactory")
# Try and initialize connection
simBindingStub = MxpiMain5_1SoapBindingStubClass()
simServiceFactory = ServiceFactory.newInstance()
simService = simServiceFactory.createService(URL(wsdlURL),
QName(namespaceURI,
serviceName))
theMxpiMain = simService.getPort(QName(namespaceURI, serverPortName),
simBindingStub.getClass())
return theMxpiMain
def doService(httpMethod, url, credential, requestBody=None):
Security.addProvider(MySSLProvider())
Security.setProperty("ssl.TrustManagerFactory.algorithm", "TrustAllCertificates")
HttpsURLConnection.setDefaultHostnameVerifier(MyHostnameVerifier())
urlObj = URL(url)
con = urlObj.openConnection()
con.setRequestProperty("Accept", "application/xml")
con.setRequestProperty("Content-Type", "application/xml")
con.setRequestProperty("Authorization", credential)
con.setDoInput(True);
if httpMethod == 'POST':
con.setDoOutput(True)
con.setRequestMethod(httpMethod)
output = DataOutputStream(con.getOutputStream());
if requestBody:
output.writeBytes(requestBody);
output.close();
responseCode = con.getResponseCode()
logger.info('response code: ' + str(responseCode))
responseMessage = con.getResponseMessage()
logger.info('response message: ' + str(responseMessage))
contentLength = con.getHeaderField('Content-Length')
logger.info('content length: ' + str(contentLength))
stream = None
if responseCode == 200 or responseCode == 201 or responseCode == 202:
stream = con.getInputStream()
elif contentLength:
stream = con.getErrorStream()
if stream:
dataString = getStreamData(stream)
logger.info(httpMethod + ' url: ' + url)
if not url.endswith('.xsd') and len(dataString) < 4096:
xmlStr = Util.prettfyXmlByString(dataString)
logger.info(httpMethod + ' result: \n\n' + xmlStr)
else:
logger.info('response body too big, no print out')
if responseCode == 200 or responseCode == 201 or responseCode == 202:
return dataString
else:
''' to mark the case failed if response code is not 200-202 '''
return None
else:
logger.error('')
logger.error('---------------------------------------------------------------------------------------------------')
logger.error('-------->>> Input or Error stream is None, it may be a defect if it is positive test case')
logger.error('---------------------------------------------------------------------------------------------------')
logger.error('')
return None
EncryptionException
from org.bouncycastle.openssl.jcajce import JcaPEMKeyConverter, JcePEMDecryptorProviderBuilder
except ImportError:
# jarjar-ed version
from org.python.bouncycastle.asn1.pkcs import PrivateKeyInfo
from org.python.bouncycastle.cert import X509CertificateHolder
from org.python.bouncycastle.cert.jcajce import JcaX509CertificateConverter
from org.python.bouncycastle.jce.provider import BouncyCastleProvider
from org.python.bouncycastle.jce import ECNamedCurveTable
from org.python.bouncycastle.jce.spec import ECNamedCurveSpec
from org.python.bouncycastle.openssl import PEMKeyPair, PEMParser, PEMEncryptedKeyPair, PEMException, \
EncryptionException
from org.python.bouncycastle.openssl.jcajce import JcaPEMKeyConverter, JcePEMDecryptorProviderBuilder
log = logging.getLogger("_socket")
Security.addProvider(BouncyCastleProvider())
RE_BEGIN_KEY_CERT = re.compile(r'^-----BEGIN.*(PRIVATE KEY|CERTIFICATE)-----$')
def _get_ca_certs_trust_manager(ca_certs=None):
trust_store = KeyStore.getInstance(KeyStore.getDefaultType())
trust_store.load(None, None)
num_certs_installed = 0
if ca_certs is not None:
with open(ca_certs) as f:
cf = CertificateFactory.getInstance("X.509")
for cert in cf.generateCertificates(BufferedInputStream(f)):
trust_store.setCertificateEntry(str(uuid.uuid4()), cert)
num_certs_installed += 1
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
from org.python.bouncycastle.jce.provider import BouncyCastleProvider
from org.python.bouncycastle.openssl import PEMKeyPair, PEMParser
from org.python.bouncycastle.openssl.jcajce import JcaPEMKeyConverter
except ImportError:
# dev version from extlibs
from org.bouncycastle.asn1.pkcs import PrivateKeyInfo
from org.bouncycastle.cert import X509CertificateHolder
from org.bouncycastle.cert.jcajce import JcaX509CertificateConverter
from org.bouncycastle.jce.provider import BouncyCastleProvider
from org.bouncycastle.openssl import PEMKeyPair, PEMParser
from org.bouncycastle.openssl.jcajce import JcaPEMKeyConverter
log = logging.getLogger("ssl")
# FIXME what happens if reloaded?
Security.addProvider(BouncyCastleProvider())
# build the necessary certificate with a CertificateFactory; this can take the pem format:
# http://docs.oracle.com/javase/7/docs/api/java/security/cert/CertificateFactory.html#generateCertificate(java.io.InputStream)
# not certain if we can include a private key in the pem file; see
# http://stackoverflow.com/questions/7216969/getting-rsa-private-key-from-pem-base64-encoded-private-key-file
# helpful advice for being able to manage ca_certs outside of Java's keystore
# specifically the example ReloadableX509TrustManager
# http://jcalcote.wordpress.com/2010/06/22/managing-a-dynamic-java-trust-store/
# in the case of http://docs.python.org/2/library/ssl.html#ssl.CERT_REQUIRED
# http://docs.python.org/2/library/ssl.html#ssl.CERT_NONE
# https://github.com/rackerlabs/romper/blob/master/romper/trust.py#L15
