def __init__(self,
unresolved_address,
sock,
max_connection_lifetime,
*,
auth=None,
user_agent=None,
routing_context=None):
self.unresolved_address = unresolved_address
self.socket = sock
self.server_info = ServerInfo(Address(sock.getpeername()),
self.PROTOCOL_VERSION)
self.outbox = Outbox()
self.inbox = Inbox(self.socket, on_error=self._set_defunct)
self.packer = Packer(self.outbox)
self.unpacker = Unpacker(self.inbox)
self.responses = deque()
self._max_connection_lifetime = max_connection_lifetime
self._creation_timestamp = perf_counter()
self.supports_multiple_results = False
self.supports_multiple_databases = False
self._is_reset = True
self.routing_context = routing_context
# Determine the user agent
if user_agent:
self.user_agent = user_agent
else:
self.user_agent = get_user_agent()
# Determine auth details
if not auth:
self.auth_dict = {}
elif isinstance(auth, tuple) and 2 <= len(auth) <= 3:
from neo4j import Auth
self.auth_dict = vars(Auth("basic", *auth))
else:
try:
self.auth_dict = vars(auth)
except (KeyError, TypeError):
raise AuthError("Cannot determine auth details from %r" % auth)
# Check for missing password
try:
credentials = self.auth_dict["credentials"]
except KeyError:
pass
else:
if credentials is None:
raise AuthError("Password cannot be None")
class PoolConfig(Config):
""" Connection pool configuration.
"""
#:
connect_timeout = 30.0 # seconds
#:
init_size = 1
#:
keep_alive = True
#:
max_age = 3600 # 1h
max_connection_lifetime = DeprecatedAlias("max_age")
#: Maximum number of connections per host
max_size = 100
max_connection_pool_size = DeprecatedAlias("max_size")
#:
protocol_version = None
#:
resolver = None
#:
secure = False
encrypted = DeprecatedAlias("secure")
#:
user_agent = get_user_agent()
#:
verify_cert = True
def get_ssl_context(self):
if not self.secure:
return None
# See https://docs.python.org/3.7/library/ssl.html#protocol-versions
from ssl import SSLContext, PROTOCOL_TLS_CLIENT, OP_NO_TLSv1, OP_NO_TLSv1_1, CERT_REQUIRED
ssl_context = SSLContext(PROTOCOL_TLS_CLIENT)
ssl_context.options |= OP_NO_TLSv1
ssl_context.options |= OP_NO_TLSv1_1
if self.verify_cert:
ssl_context.verify_mode = CERT_REQUIRED
ssl_context.set_default_verify_paths()
return ssl_context
def __init__(self,
unresolved_address,
sock,
*,
auth=None,
protocol_version=None,
**config):
self.config = PoolConfig.consume(config)
self.protocol_version = protocol_version
self.unresolved_address = unresolved_address
self.socket = sock
self.server = ServerInfo(Address(sock.getpeername()), protocol_version)
self.outbox = Outbox()
self.inbox = Inbox(BufferedSocket(self.socket, 32768),
on_error=self._set_defunct)
self.packer = Packer(self.outbox)
self.unpacker = Unpacker(self.inbox)
self.responses = deque()
self._max_connection_lifetime = self.config.max_age
self._creation_timestamp = perf_counter()
# Determine the user agent
user_agent = self.config.user_agent
if user_agent:
self.user_agent = user_agent
else:
self.user_agent = get_user_agent()
# Determine auth details
if not auth:
self.auth_dict = {}
elif isinstance(auth, tuple) and 2 <= len(auth) <= 3:
from neo4j import Auth
self.auth_dict = vars(Auth("basic", *auth))
else:
try:
self.auth_dict = vars(auth)
except (KeyError, TypeError):
raise AuthError("Cannot determine auth details from %r" % auth)
# Check for missing password
try:
credentials = self.auth_dict["credentials"]
except KeyError:
pass
else:
if credentials is None:
raise AuthError("Password cannot be None")
def __init__(self, protocol_version, unresolved_address, sock, **config):
self.protocol_version = protocol_version
self.unresolved_address = unresolved_address
self.socket = sock
self.server = ServerInfo(Address(sock.getpeername()), protocol_version)
self.outbox = Outbox()
self.inbox = Inbox(BufferedSocket(self.socket, 32768),
on_error=self._set_defunct)
self.packer = Packer(self.outbox)
self.unpacker = Unpacker(self.inbox)
self.responses = deque()
self._max_connection_lifetime = config.get(
"max_connection_lifetime", DEFAULT_MAX_CONNECTION_LIFETIME)
self._creation_timestamp = perf_counter()
# Determine the user agent
user_agent = config.get("user_agent")
if user_agent:
self.user_agent = user_agent
else:
self.user_agent = get_user_agent()
# Determine auth details
auth = config.get("auth")
if not auth:
self.auth_dict = {}
elif isinstance(auth, tuple) and 2 <= len(auth) <= 3:
self.auth_dict = vars(AuthToken("basic", *auth))
else:
try:
self.auth_dict = vars(auth)
except (KeyError, TypeError):
raise AuthError("Cannot determine auth details from %r" % auth)
# Check for missing password
try:
credentials = self.auth_dict["credentials"]
except KeyError:
pass
else:
if credentials is None:
raise AuthError("Password cannot be None")
# Pick up the server certificate, if any
self.der_encoded_server_certificate = config.get(
"der_encoded_server_certificate")
class PoolConfig(Config):
""" Connection pool configuration.
"""
#: Max Connection Lifetime
max_connection_lifetime = 3600 # seconds
# The maximum duration the driver will keep a connection for before being removed from the pool.
#: Max Connection Pool Size
max_connection_pool_size = 100
# The maximum total number of connections allowed, per host (i.e. cluster nodes), to be managed by the connection pool.
#: Connection Timeout
connection_timeout = 30.0 # seconds
# The maximum amount of time to wait for a TCP connection to be established.
#: Trust
trust = TRUST_SYSTEM_CA_SIGNED_CERTIFICATES
# Specify how to determine the authenticity of encryption certificates provided by the Neo4j instance on connection.
#: Custom Resolver
resolver = None
# Custom resolver function, returning list of resolved addresses.
#: Encrypted
encrypted = False
# Specify whether to use an encrypted connection between the driver and server.
#: User Agent (Python Driver Specific)
user_agent = get_user_agent()
# Specify the client agent name.
#: Protocol Version (Python Driver Specific)
protocol_version = None # Version(4, 0)
# Specify a specific Bolt Protocol Version
#: Initial Connection Pool Size (Python Driver Specific)
init_size = 1 # The other drivers do not seed from the start.
# This will seed the pool with the specified number of connections.
#: Socket Keep Alive (Python and .NET Driver Specific)
keep_alive = True
# Specify whether TCP keep-alive should be enabled.
def get_ssl_context(self):
if not self.encrypted:
return None
import ssl
ssl_context = None
# SSL stands for Secure Sockets Layer and was originally created by Netscape.
# SSLv2 and SSLv3 are the 2 versions of this protocol (SSLv1 was never publicly released).
# After SSLv3, SSL was renamed to TLS.
# TLS stands for Transport Layer Security and started with TLSv1.0 which is an upgraded version of SSLv3.
# SSLv2 - (Disabled)
# SSLv3 - (Disabled)
# TLS 1.0 - Released in 1999, published as RFC 2246. (Disabled)
# TLS 1.1 - Released in 2006, published as RFC 4346. (Disabled)
# TLS 1.2 - Released in 2008, published as RFC 5246.
try:
# python 3.6+
# https://docs.python.org/3.6/library/ssl.html#ssl.PROTOCOL_TLS_CLIENT
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
# For recommended security options see
# https://docs.python.org/3.6/library/ssl.html#protocol-versions
ssl_context.options |= ssl.OP_NO_TLSv1 # Python 3.2
ssl_context.options |= ssl.OP_NO_TLSv1_1 # Python 3.4
except AttributeError:
# python 3.5
# https://docs.python.org/3.5/library/ssl.html#ssl.PROTOCOL_TLS
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS)
# For recommended security options see
# https://docs.python.org/3.5/library/ssl.html#protocol-versions
ssl_context.options |= ssl.OP_NO_SSLv2 # Python 3.2
ssl_context.options |= ssl.OP_NO_SSLv3 # Python 3.2
ssl_context.options |= ssl.OP_NO_TLSv1 # Python 3.2
ssl_context.options |= ssl.OP_NO_TLSv1_1 # Python 3.4
ssl_context.verify_mode = ssl.CERT_REQUIRED # https://docs.python.org/3.5/library/ssl.html#ssl.SSLContext.verify_mode
ssl_context.check_hostname = True # https://docs.python.org/3.5/library/ssl.html#ssl.SSLContext.check_hostname
if self.trust == TRUST_ALL_CERTIFICATES:
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE # https://docs.python.org/3.5/library/ssl.html#ssl.CERT_NONE
ssl_context.set_default_verify_paths(
) # https://docs.python.org/3.5/library/ssl.html#ssl.SSLContext.set_default_verify_paths
return ssl_context
