def __init__(self, unresolved_address, sock, max_connection_lifetime, *, auth=None, user_agent=None, routing_context=None): self.unresolved_address = unresolved_address self.socket = sock self.server_info = ServerInfo(Address(sock.getpeername()), self.PROTOCOL_VERSION) self.outbox = Outbox() self.inbox = Inbox(self.socket, on_error=self._set_defunct) self.packer = Packer(self.outbox) self.unpacker = Unpacker(self.inbox) self.responses = deque() self._max_connection_lifetime = max_connection_lifetime self._creation_timestamp = perf_counter() self.supports_multiple_results = False self.supports_multiple_databases = False self._is_reset = True self.routing_context = routing_context # Determine the user agent if user_agent: self.user_agent = user_agent else: self.user_agent = get_user_agent() # Determine auth details if not auth: self.auth_dict = {} elif isinstance(auth, tuple) and 2 <= len(auth) <= 3: from neo4j import Auth self.auth_dict = vars(Auth("basic", *auth)) else: try: self.auth_dict = vars(auth) except (KeyError, TypeError): raise AuthError("Cannot determine auth details from %r" % auth) # Check for missing password try: credentials = self.auth_dict["credentials"] except KeyError: pass else: if credentials is None: raise AuthError("Password cannot be None")
class PoolConfig(Config): """ Connection pool configuration. """ #: connect_timeout = 30.0 # seconds #: init_size = 1 #: keep_alive = True #: max_age = 3600 # 1h max_connection_lifetime = DeprecatedAlias("max_age") #: Maximum number of connections per host max_size = 100 max_connection_pool_size = DeprecatedAlias("max_size") #: protocol_version = None #: resolver = None #: secure = False encrypted = DeprecatedAlias("secure") #: user_agent = get_user_agent() #: verify_cert = True def get_ssl_context(self): if not self.secure: return None # See https://docs.python.org/3.7/library/ssl.html#protocol-versions from ssl import SSLContext, PROTOCOL_TLS_CLIENT, OP_NO_TLSv1, OP_NO_TLSv1_1, CERT_REQUIRED ssl_context = SSLContext(PROTOCOL_TLS_CLIENT) ssl_context.options |= OP_NO_TLSv1 ssl_context.options |= OP_NO_TLSv1_1 if self.verify_cert: ssl_context.verify_mode = CERT_REQUIRED ssl_context.set_default_verify_paths() return ssl_context
def __init__(self, unresolved_address, sock, *, auth=None, protocol_version=None, **config): self.config = PoolConfig.consume(config) self.protocol_version = protocol_version self.unresolved_address = unresolved_address self.socket = sock self.server = ServerInfo(Address(sock.getpeername()), protocol_version) self.outbox = Outbox() self.inbox = Inbox(BufferedSocket(self.socket, 32768), on_error=self._set_defunct) self.packer = Packer(self.outbox) self.unpacker = Unpacker(self.inbox) self.responses = deque() self._max_connection_lifetime = self.config.max_age self._creation_timestamp = perf_counter() # Determine the user agent user_agent = self.config.user_agent if user_agent: self.user_agent = user_agent else: self.user_agent = get_user_agent() # Determine auth details if not auth: self.auth_dict = {} elif isinstance(auth, tuple) and 2 <= len(auth) <= 3: from neo4j import Auth self.auth_dict = vars(Auth("basic", *auth)) else: try: self.auth_dict = vars(auth) except (KeyError, TypeError): raise AuthError("Cannot determine auth details from %r" % auth) # Check for missing password try: credentials = self.auth_dict["credentials"] except KeyError: pass else: if credentials is None: raise AuthError("Password cannot be None")
def __init__(self, protocol_version, unresolved_address, sock, **config): self.protocol_version = protocol_version self.unresolved_address = unresolved_address self.socket = sock self.server = ServerInfo(Address(sock.getpeername()), protocol_version) self.outbox = Outbox() self.inbox = Inbox(BufferedSocket(self.socket, 32768), on_error=self._set_defunct) self.packer = Packer(self.outbox) self.unpacker = Unpacker(self.inbox) self.responses = deque() self._max_connection_lifetime = config.get( "max_connection_lifetime", DEFAULT_MAX_CONNECTION_LIFETIME) self._creation_timestamp = perf_counter() # Determine the user agent user_agent = config.get("user_agent") if user_agent: self.user_agent = user_agent else: self.user_agent = get_user_agent() # Determine auth details auth = config.get("auth") if not auth: self.auth_dict = {} elif isinstance(auth, tuple) and 2 <= len(auth) <= 3: self.auth_dict = vars(AuthToken("basic", *auth)) else: try: self.auth_dict = vars(auth) except (KeyError, TypeError): raise AuthError("Cannot determine auth details from %r" % auth) # Check for missing password try: credentials = self.auth_dict["credentials"] except KeyError: pass else: if credentials is None: raise AuthError("Password cannot be None") # Pick up the server certificate, if any self.der_encoded_server_certificate = config.get( "der_encoded_server_certificate")
class PoolConfig(Config): """ Connection pool configuration. """ #: Max Connection Lifetime max_connection_lifetime = 3600 # seconds # The maximum duration the driver will keep a connection for before being removed from the pool. #: Max Connection Pool Size max_connection_pool_size = 100 # The maximum total number of connections allowed, per host (i.e. cluster nodes), to be managed by the connection pool. #: Connection Timeout connection_timeout = 30.0 # seconds # The maximum amount of time to wait for a TCP connection to be established. #: Trust trust = TRUST_SYSTEM_CA_SIGNED_CERTIFICATES # Specify how to determine the authenticity of encryption certificates provided by the Neo4j instance on connection. #: Custom Resolver resolver = None # Custom resolver function, returning list of resolved addresses. #: Encrypted encrypted = False # Specify whether to use an encrypted connection between the driver and server. #: User Agent (Python Driver Specific) user_agent = get_user_agent() # Specify the client agent name. #: Protocol Version (Python Driver Specific) protocol_version = None # Version(4, 0) # Specify a specific Bolt Protocol Version #: Initial Connection Pool Size (Python Driver Specific) init_size = 1 # The other drivers do not seed from the start. # This will seed the pool with the specified number of connections. #: Socket Keep Alive (Python and .NET Driver Specific) keep_alive = True # Specify whether TCP keep-alive should be enabled. def get_ssl_context(self): if not self.encrypted: return None import ssl ssl_context = None # SSL stands for Secure Sockets Layer and was originally created by Netscape. # SSLv2 and SSLv3 are the 2 versions of this protocol (SSLv1 was never publicly released). # After SSLv3, SSL was renamed to TLS. # TLS stands for Transport Layer Security and started with TLSv1.0 which is an upgraded version of SSLv3. # SSLv2 - (Disabled) # SSLv3 - (Disabled) # TLS 1.0 - Released in 1999, published as RFC 2246. (Disabled) # TLS 1.1 - Released in 2006, published as RFC 4346. (Disabled) # TLS 1.2 - Released in 2008, published as RFC 5246. try: # python 3.6+ # https://docs.python.org/3.6/library/ssl.html#ssl.PROTOCOL_TLS_CLIENT ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) # For recommended security options see # https://docs.python.org/3.6/library/ssl.html#protocol-versions ssl_context.options |= ssl.OP_NO_TLSv1 # Python 3.2 ssl_context.options |= ssl.OP_NO_TLSv1_1 # Python 3.4 except AttributeError: # python 3.5 # https://docs.python.org/3.5/library/ssl.html#ssl.PROTOCOL_TLS ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS) # For recommended security options see # https://docs.python.org/3.5/library/ssl.html#protocol-versions ssl_context.options |= ssl.OP_NO_SSLv2 # Python 3.2 ssl_context.options |= ssl.OP_NO_SSLv3 # Python 3.2 ssl_context.options |= ssl.OP_NO_TLSv1 # Python 3.2 ssl_context.options |= ssl.OP_NO_TLSv1_1 # Python 3.4 ssl_context.verify_mode = ssl.CERT_REQUIRED # https://docs.python.org/3.5/library/ssl.html#ssl.SSLContext.verify_mode ssl_context.check_hostname = True # https://docs.python.org/3.5/library/ssl.html#ssl.SSLContext.check_hostname if self.trust == TRUST_ALL_CERTIFICATES: ssl_context.check_hostname = False ssl_context.verify_mode = ssl.CERT_NONE # https://docs.python.org/3.5/library/ssl.html#ssl.CERT_NONE ssl_context.set_default_verify_paths( ) # https://docs.python.org/3.5/library/ssl.html#ssl.SSLContext.set_default_verify_paths return ssl_context