Exemplo n.º 1
0
    def _check_ssl_cert(self):
        """Preflight the SSL certificate presented by the backend.

        This isn't 100% bulletproof, in that we're not actually validating the
        transport used to communicate with Stripe, merely that the first
        attempt to does not use a revoked certificate.

        Unfortunately the interface to OpenSSL doesn't make it easy to check
        the certificate before sending potentially sensitive data on the wire.
        This approach raises the bar for an attacker significantly."""

        from stripe import verify_ssl_certs

        if verify_ssl_certs and not self._CERTIFICATE_VERIFIED:
            uri = urlparse.urlparse(stripe.api_base)
            try:
                certificate = ssl.get_server_certificate(
                    (uri.hostname, uri.port or 443))
                der_cert = ssl.PEM_cert_to_DER_cert(certificate)
            except socket.error, e:
                raise error.APIConnectionError(e)
            except TypeError:
                # The Google App Engine development server blocks the C socket
                # module which causes a type error when using the SSL library
                if util.is_appengine_dev():
                    self._CERTIFICATE_VERIFIED = True
                    warnings.warn(
                        'We were unable to verify Stripe\'s SSL certificate '
                        'due to a bug in the Google App Engine development '
                        'server. Please alert us immediately at '
                        '[email protected] if this message appears in your '
                        'production logs.')
                    return
                else:
                    raise
Exemplo n.º 2
0
    def _check_ssl_cert(self):
        """Preflight the SSL certificate presented by the backend.

        This isn't 100% bulletproof, in that we're not actually validating the
        transport used to communicate with Stripe, merely that the first
        attempt to does not use a revoked certificate.

        Unfortunately the interface to OpenSSL doesn't make it easy to check
        the certificate before sending potentially sensitive data on the wire.
        This approach raises the bar for an attacker significantly."""

        from stripe import verify_ssl_certs

        if verify_ssl_certs and not self._CERTIFICATE_VERIFIED:
            uri = urlparse.urlparse(stripe.api_base)
            try:
                certificate = ssl.get_server_certificate(
                    (uri.hostname, uri.port or 443))
                der_cert = ssl.PEM_cert_to_DER_cert(certificate)
            except socket.error, e:
                raise error.APIConnectionError(e)
            except TypeError:
                # The Google App Engine development server blocks the C socket
                # module which causes a type error when using the SSL library
                if util.is_appengine_dev():
                    self._CERTIFICATE_VERIFIED = True
                    warnings.warn(
                        'We were unable to verify Stripe\'s SSL certificate '
                        'due to a bug in the Google App Engine development '
                        'server. Please alert us immediately at '
                        '[email protected] if this message appears in your '
                        'production logs.')
                    return
                else:
                    raise
Exemplo n.º 3
0
import calendar
import datetime
import platform
import time
import socket
import urllib.request, urllib.parse, urllib.error
import urllib.parse
import warnings

import stripe
from stripe import error, http_client, version, util, certificate_blacklist

try:
    import ssl
except ImportError:
    if util.is_appengine_dev():
        warnings.warn(
            'We were unable to import the ssl module due to a bug in the '
            'Google App Engine development server. For more details and '
            'suggested resolutions see: '
            'https://code.google.com/p/googleappengine/issues/detail?id=9246.'
            'Please alert us immediately at [email protected] if this '
            'message appears in your production logs.')
    raise


def _encode_datetime(dttime):
    if dttime.tzinfo and dttime.tzinfo.utcoffset(dttime) is not None:
        utc_timestamp = calendar.timegm(dttime.utctimetuple())
    else:
        utc_timestamp = time.mktime(dttime.timetuple())
Exemplo n.º 4
0
import calendar
import datetime
import platform
import time
import socket
import urllib
import urlparse
import warnings

import stripe
from stripe import error, http_client, version, util, certificate_blacklist

try:
    import ssl
except ImportError:
    if util.is_appengine_dev():
        warnings.warn(
            'We were unable to import the ssl module due to a bug in the '
            'Google App Engine development server. For more details and '
            'suggested resolutions see: '
            'https://code.google.com/p/googleappengine/issues/detail?id=9246.'
            'Please alert us immediately at [email protected] if this '
            'message appears in your production logs.')
    raise


def _encode_datetime(dttime):
    if dttime.tzinfo and dttime.tzinfo.utcoffset(dttime) is not None:
        utc_timestamp = calendar.timegm(dttime.utctimetuple())
    else:
        utc_timestamp = time.mktime(dttime.timetuple())