def test05_open_with_subj_alt_names_verification(self):
ctx = SSL.Context(SSL.TLSv1_2_METHOD)
# Set wildcard hostname for subject alternative name matching -
# setting a minimum of two name components for hostname
split_hostname = Constants.HOSTNAME.split('.', 1)
if len(split_hostname) > 1:
_hostname = '*.' + split_hostname[-1]
else:
_hostname = Constants.HOSTNAME
server_ssl_verify = ServerSSLCertVerification(hostname=_hostname)
verify_callback_ = server_ssl_verify.get_verify_server_cert_func()
ctx.set_verify(SSL.VERIFY_PEER, verify_callback_)
# Set default verify paths if testing with peer that has corresponding
# CA cert in bundle provided with the OS. In this case, load verify
# locations is not needed.
#ctx.set_default_verify_paths()
ctx.set_verify_depth(9)
# Set correct location for CA certs to verify with
ctx.load_verify_locations(None, Constants.CACERT_DIR)
opener = build_opener(ssl_context=ctx)
res = opener.open(Constants.TEST_URI)
self.assertTrue(res)
print("res = %s" % res.read())
def test04_open_peer_cert_verification_fails(self):
# Explicitly set empty CA directory to make verification fail
ctx = SSL.Context(SSL.SSLv3_METHOD)
verify_callback = lambda conn, x509, errnum, errdepth, preverify_ok: \
preverify_ok
ctx.set_verify(SSL.VERIFY_PEER, verify_callback)
ctx.load_verify_locations(None, './')
opener = build_opener(ssl_context=ctx)
self.failUnlessRaises(SSL.Error, opener.open, Constants.TEST_URI)
def test04_open_peer_cert_verification_fails(self):
# Explicitly set empty CA directory to make verification fail
ctx = SSL.Context(SSL.SSLv3_METHOD)
verify_callback = lambda conn, x509, errnum, errdepth, preverify_ok: \
preverify_ok
ctx.set_verify(SSL.VERIFY_PEER, verify_callback)
ctx.load_verify_locations(None, './')
opener = build_opener(ssl_context=ctx)
self.failUnlessRaises(SSL.Error, opener.open, Constants.TEST_URI)
def open_url(url, config, data=None, handlers=None):
"""Attempts to open a connection to a specified URL.
@param url: URL to attempt to open
@param config: SSL context configuration
@type config: Configuration
@param data: HTTP POST data
@type data: str
@param handlers: list of custom urllib2 handlers to add to the request
@type handlers: iterable
@return: tuple (
returned HTTP status code or 0 if an error occurred
returned message or error description
response object)
"""
debuglevel = 1 if config.debug else 0
# Set up handlers for URL opener.
if config.cookie:
cj = config.cookie
else:
cj = cookielib.CookieJar()
# Use a cookie processor that accumulates cookies when redirects occur so
# that an application can redirect for authentication and retain both any
# cookies for the application and the security system (c.f.,
# urllib2.HTTPCookieProcessor which replaces cookies).
cookie_handler = AccumulatingHTTPCookieProcessor(cj)
if not handlers:
handlers = []
handlers.append(cookie_handler)
if config.debug:
http_handler = HTTPHandler(debuglevel=debuglevel)
https_handler = HTTPSContextHandler(config.ssl_context,
debuglevel=debuglevel)
handlers.extend([http_handler, https_handler])
if config.http_basicauth:
# currently only supports http basic auth
auth_handler = HTTPBasicAuthHandler(HTTPPasswordMgrWithDefaultRealm())
auth_handler.add_password(realm=None, uri=url,
user=config.httpauth[0],
passwd=config.httpauth[1])
handlers.append(auth_handler)
# Explicitly remove proxy handling if the host is one listed in the value of
# the no_proxy environment variable because urllib2 does use proxy settings
# set via http_proxy and https_proxy, but does not take the no_proxy value
# into account.
if not _should_use_proxy(url, config.no_proxy):
handlers.append(urllib2.ProxyHandler({}))
log.debug("Not using proxy")
elif config.proxies:
handlers.append(urllib2.ProxyHandler(config.proxies))
log.debug("Configuring proxies: %s" % config.proxies)
opener = build_opener(*handlers, ssl_context=config.ssl_context)
headers = config.headers
if headers is None:
headers = {}
request = urllib2.Request(url, data, headers)
# Open the URL and check the response.
return_code = 0
return_message = ''
response = None
try:
response = opener.open(request)
return_message = response.msg
return_code = response.code
if log.isEnabledFor(logging.DEBUG):
for index, cookie in enumerate(cj):
log.debug("%s : %s", index, cookie)
except urllib2.HTTPError, exc:
return_code = exc.code
return_message = "Error: %s" % exc.msg
if log.isEnabledFor(logging.DEBUG):
log.debug("%s %s", exc.code, exc.msg)
def open_url(url, config, data=None, handlers=None):
"""Attempts to open a connection to a specified URL.
@param url: URL to attempt to open
@param config: SSL context configuration
@type config: Configuration
@param data: HTTP POST data
@type data: str
@param handlers: list of custom urllib2 handlers to add to the request
@type handlers: iterable
@return: tuple (
returned HTTP status code or 0 if an error occurred
returned message or error description
response object)
"""
debuglevel = 1 if config.debug else 0
# Set up handlers for URL opener.
if config.cookie:
cj = config.cookie
else:
cj = cookiejar_.CookieJar()
# Use a cookie processor that accumulates cookies when redirects occur so
# that an application can redirect for authentication and retain both any
# cookies for the application and the security system (c.f.,
# urllib2.HTTPCookieProcessor which replaces cookies).
cookie_handler = AccumulatingHTTPCookieProcessor(cj)
if not handlers:
handlers = []
handlers.append(cookie_handler)
if config.debug:
http_handler = HTTPHandler_(debuglevel=debuglevel)
https_handler = HTTPSContextHandler(config.ssl_context,
debuglevel=debuglevel)
handlers.extend([http_handler, https_handler])
if config.http_basicauth:
# currently only supports http basic auth
auth_handler = HTTPBasicAuthHandler_(HTTPPasswordMgrWithDefaultRealm_())
auth_handler.add_password(realm=None, uri=url,
user=config.httpauth[0],
passwd=config.httpauth[1])
handlers.append(auth_handler)
# Explicitly remove proxy handling if the host is one listed in the value of
# the no_proxy environment variable because urllib2 does use proxy settings
# set via http_proxy and https_proxy, but does not take the no_proxy value
# into account.
if not _should_use_proxy(url, config.no_proxy):
handlers.append(ProxyHandler_({}))
log.debug("Not using proxy")
elif config.proxies:
handlers.append(ProxyHandler_(config.proxies))
log.debug("Configuring proxies: %s" % config.proxies)
opener = build_opener(*handlers, ssl_context=config.ssl_context)
headers = config.headers
if headers is None:
headers = {}
request = Request_(url, data, headers)
# Open the URL and check the response.
return_code = 0
return_message = ''
response = None
# FIXME
response = opener.open(request)
try:
response = opener.open(request)
return_message = response.msg
return_code = response.code
if log.isEnabledFor(logging.DEBUG):
for index, cookie in enumerate(cj):
log.debug("%s : %s", index, cookie)
except HTTPError_ as exc:
return_code = exc.code
return_message = "Error: %s" % exc.msg
if log.isEnabledFor(logging.DEBUG):
log.debug("%s %s", exc.code, exc.msg)
except Exception as exc:
return_message = "Error: %s" % exc.__str__()
if log.isEnabledFor(logging.DEBUG):
import traceback
log.debug(traceback.format_exc())
return (return_code, return_message, response)
def test03_open_fails_unknown_loc(self):
opener = build_opener()
self.failUnlessRaises(URLError, opener.open, Constants.TEST_URI2)
def test02_open(self):
opener = build_opener()
res = opener.open(Constants.TEST_URI)
self.assert_(res)
print("res = %s" % res.read())
def test01_urllib2_build_opener(self):
opener = build_opener()
self.assert_(opener)
def test03_open_fails_unknown_loc(self):
opener = build_opener()
self.failUnlessRaises(URLError, opener.open, Constants.TEST_URI2)
def test02_open(self):
opener = build_opener()
res = opener.open(Constants.TEST_URI)
self.assert_(res)
print("res = %s" % res.read())
def test01_urllib2_build_opener(self):
opener = build_opener()
self.assert_(opener)
