def setup_security(allowed_serializers=None, key=None, cert=None, store=None,
digest='sha1', serializer='json', app=None):
"""See :meth:`@Celery.setup_security`."""
if app is None:
from celery import current_app
app = current_app._get_current_object()
_disable_insecure_serializers(allowed_serializers)
conf = app.conf
if conf.task_serializer != 'auth':
return
try:
from OpenSSL import crypto # noqa
except ImportError:
raise ImproperlyConfigured(SSL_NOT_INSTALLED)
key = key or conf.security_key
cert = cert or conf.security_certificate
store = store or conf.security_cert_store
if not (key and cert and store):
raise ImproperlyConfigured(SETTING_MISSING)
with open(key) as kf:
with open(cert) as cf:
register_auth(kf.read(), cf.read(), store, digest, serializer)
registry._set_default_serializer('auth')
def setup_security(allowed_serializers=None,
key=None,
cert=None,
store=None,
digest='sha1',
serializer='json',
app=None):
"""See :meth:`@Celery.setup_security`."""
if app is None:
from celery import current_app
app = current_app._get_current_object()
disable_untrusted_serializers(allowed_serializers)
conf = app.conf
if conf.CELERY_TASK_SERIALIZER != 'auth':
return
try:
from OpenSSL import crypto # noqa
except ImportError:
raise ImproperlyConfigured(SSL_NOT_INSTALLED)
key = key or conf.CELERY_SECURITY_KEY
cert = cert or conf.CELERY_SECURITY_CERTIFICATE
store = store or conf.CELERY_SECURITY_CERT_STORE
if not (key and cert and store):
raise ImproperlyConfigured(SETTING_MISSING)
with open(key) as kf:
with open(cert) as cf:
register_auth(kf.read(), cf.read(), store, digest, serializer)
registry._set_default_serializer('auth')
def teardown(self):
registry._disabled_content_types.clear()
registry._set_default_serializer('json')
try:
registry.unregister('auth')
except SerializerNotInstalled:
pass
def setup_security(allowed_serializers=None, key=None, cert=None, store=None,
digest=None, serializer='json', app=None):
"""See :meth:`@Celery.setup_security`."""
if app is None:
from celery import current_app
app = current_app._get_current_object()
_disable_insecure_serializers(allowed_serializers)
# check conf for sane security settings
conf = app.conf
if conf.task_serializer != 'auth' or conf.accept_content != ['auth']:
raise ImproperlyConfigured(SETTING_MISSING)
key = key or conf.security_key
cert = cert or conf.security_certificate
store = store or conf.security_cert_store
digest = digest or conf.security_digest
if not (key and cert and store):
raise ImproperlyConfigured(SECURITY_SETTING_MISSING)
with open(key, 'r') as kf:
with open(cert, 'r') as cf:
register_auth(kf.read(), cf.read(), store, digest, serializer)
registry._set_default_serializer('auth')
def setup_security(
allowed_serializers=None,
key=None,
cert=None,
store=None,
digest=None,
serializer="json",
app=None,
):
"""See :meth:`@Celery.setup_security`."""
if app is None:
from celery import current_app
app = current_app._get_current_object()
_disable_insecure_serializers(allowed_serializers)
# check conf for sane security settings
conf = app.conf
if conf.task_serializer != "auth" or conf.accept_content != ["auth"]:
raise ImproperlyConfigured(SETTING_MISSING)
key = key or conf.security_key
cert = cert or conf.security_certificate
store = store or conf.security_cert_store
digest = digest or conf.security_digest
if not (key and cert and store):
raise ImproperlyConfigured(SECURITY_SETTING_MISSING)
with open(key, "r") as kf:
with open(cert, "r") as cf:
register_auth(kf.read(), cf.read(), store, digest, serializer)
registry._set_default_serializer("auth")
def teardown(self):
registry._disabled_content_types.clear()
registry._set_default_serializer('json')
try:
registry.unregister('auth')
except SerializerNotInstalled:
pass
def setup_security(allowed_serializers=None, key=None, cert=None, store=None,
digest='sha1', serializer='json', app=None):
"""See :meth:`@Celery.setup_security`."""
if app is None:
from celery import current_app
app = current_app._get_current_object()
disable_untrusted_serializers(allowed_serializers)
conf = app.conf
if conf.CELERY_TASK_SERIALIZER != 'auth':
return
try:
from OpenSSL import crypto # noqa
except ImportError:
raise ImproperlyConfigured(SSL_NOT_INSTALLED)
key = key or conf.CELERY_SECURITY_KEY
cert = cert or conf.CELERY_SECURITY_CERTIFICATE
store = store or conf.CELERY_SECURITY_CERT_STORE
if not (key and cert and store):
raise ImproperlyConfigured(SETTING_MISSING)
with open(key) as kf:
with open(cert) as cf:
register_auth(kf.read(), cf.read(), store, digest, serializer)
registry._set_default_serializer('auth')
def register_auth(key=None, cert=None, store=None, digest='sha1',
serializer='json'):
"""register security serializer"""
s = SecureSerializer(key and PrivateKey(key),
cert and Certificate(cert),
store and FSCertStore(store),
digest=digest, serializer=serializer)
registry.register('auth', s.serialize, s.deserialize,
content_type='application/data',
content_encoding='utf-8')
registry._set_default_serializer('auth')
def setup_security(allowed_serializers=None,
key=None,
cert=None,
store=None,
digest='sha1',
serializer='json'):
"""Setup the message-signing serializer.
Disables untrusted serializers and if configured to use the ``auth``
serializer will register the auth serializer with the provided settings
into the Kombu serializer registry.
:keyword allowed_serializers: List of serializer names, or content_types
that should be exempt from being disabled.
:keyword key: Name of private key file to use.
Defaults to the :setting:`CELERY_SECURITY_KEY` setting.
:keyword cert: Name of certificate file to use.
Defaults to the :setting:`CELERY_SECURITY_CERTIFICATE` setting.
:keyword store: Directory containing certificates.
Defaults to the :setting:`CELERY_SECURITY_CERT_STORE` setting.
:keyword digest: Digest algorithm used when signing messages.
Default is ``sha1``.
:keyword serializer: Serializer used to encode messages after
they have been signed. See :setting:`CELERY_TASK_SERIALIZER` for
the serializers supported.
Default is ``json``.
"""
disable_untrusted_serializers(allowed_serializers)
conf = current_app.conf
if conf.CELERY_TASK_SERIALIZER != 'auth':
return
try:
from OpenSSL import crypto # noqa
except ImportError:
raise ImproperlyConfigured(SSL_NOT_INSTALLED)
key = key or conf.CELERY_SECURITY_KEY
cert = cert or conf.CELERY_SECURITY_CERTIFICATE
store = store or conf.CELERY_SECURITY_CERT_STORE
if not (key and cert and store):
raise ImproperlyConfigured(SETTING_MISSING)
with open(key) as kf:
with open(cert) as cf:
register_auth(kf.read(), cf.read(), store, digest, serializer)
registry._set_default_serializer('auth')
def setup_security(allowed_serializers=None, key=None, cert=None, store=None, digest="sha1", serializer="json"):
"""Setup the message-signing serializer.
Disables untrusted serializers and if configured to use the ``auth``
serializer will register the auth serializer with the provided settings
into the Kombu serializer registry.
:keyword allowed_serializers: List of serializer names, or content_types
that should be exempt from being disabled.
:keyword key: Name of private key file to use.
Defaults to the :setting:`CELERY_SECURITY_KEY` setting.
:keyword cert: Name of certificate file to use.
Defaults to the :setting:`CELERY_SECURITY_CERTIFICATE` setting.
:keyword store: Directory containing certificates.
Defaults to the :setting:`CELERY_SECURITY_CERT_STORE` setting.
:keyword digest: Digest algorithm used when signing messages.
Default is ``sha1``.
:keyword serializer: Serializer used to encode messages after
they have been signed. See :setting:`CELERY_TASK_SERIALIZER` for
the serializers supported.
Default is ``json``.
"""
disable_untrusted_serializers(allowed_serializers)
conf = current_app.conf
if conf.CELERY_TASK_SERIALIZER != "auth":
return
try:
from OpenSSL import crypto # noqa
except ImportError:
raise ImproperlyConfigured(SSL_NOT_INSTALLED)
key = key or conf.CELERY_SECURITY_KEY
cert = cert or conf.CELERY_SECURITY_CERTIFICATE
store = store or conf.CELERY_SECURITY_CERT_STORE
if not (key and cert and store):
raise ImproperlyConfigured(SETTING_MISSING)
with open(key) as kf:
with open(cert) as cf:
register_auth(kf.read(), cf.read(), store, digest, serializer)
registry._set_default_serializer("auth")
def test_set_default_serializer_missing(self):
with self.assertRaises(SerializerNotInstalled):
registry._set_default_serializer('nonexisting')
def test_set_default_serializer_missing(self):
with self.assertRaises(SerializerNotInstalled):
registry._set_default_serializer('nonexisting')
