def __init__(self, configuration, debug=True): super(XMLAPIConnector, self).__init__() self.storage_ip = configuration.emc_nas_server self.username = configuration.emc_nas_login self.password = configuration.emc_nas_password self.debug = debug self.auth_url = 'https://' + self.storage_ip + '/Login' self._url = 'https://{}/servlets/CelerraManagementServices'.format( self.storage_ip) context = enas_utils.create_ssl_context(configuration) if context: https_handler = url_request.HTTPSHandler(context=context) else: https_handler = url_request.HTTPSHandler() cookie_handler = url_request.HTTPCookieProcessor( http_cookiejar.CookieJar()) self.url_opener = url_request.build_opener(https_handler, cookie_handler) self._do_setup()
def open_no_proxy(*args, **kwargs): # NOTE(jamespage): # Deal with more secure certification chain verficiation # introduced in python 2.7.9 under PEP-0476 # https://github.com/python/peps/blob/master/pep-0476.txt if hasattr(ssl, "_create_unverified_context"): opener = urlrequest.build_opener( urlrequest.ProxyHandler({}), urlrequest.HTTPSHandler(context=ssl._create_unverified_context())) else: opener = urlrequest.build_opener(urlrequest.ProxyHandler({})) return opener.open(*args, **kwargs)
def _get_opener(self): if not self.opener: if (CONF.dashboard.disable_ssl_certificate_validation and self._ssl_default_context_supported()): ctx = ssl.create_default_context() ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE self.opener = request.build_opener( request.HTTPSHandler(context=ctx), request.HTTPCookieProcessor()) else: self.opener = request.build_opener( request.HTTPCookieProcessor()) return self.opener
def __init__(self, token=None, url=API_URL_DEFAULT, format=FORMAT_DEFAULT): self.url = url self.token = token self.format = format self.opener = urlrequest.build_opener(urlrequest.HTTPSHandler())
def request(url, timeout=None, debug=False): """Request the given URL using LIGO.ORG SAML authentication. This requires an active Kerberos ticket for the user, to get one: >>> from ligo.org import kinit >>> kinit('albert.einstein') Then request as follows >>> from ligo.org import request >>> response = request(myurl) >>> print(response.read()) Parameters ---------- url : `str` URL path for request timeout : `int`, optional, default: no timeout number of seconds to wait for server response, debug : `bool`, optional, default: `False` Query in verbose debugging mode Returns ------- response : `file`-like the raw response from the URL, probably XML/HTML or JSON Examples -------- >>> from ligo.org import request >>> response = request('https://ldas-jobs.ligo.caltech.edu/') >>> print(response.read()) """ # set debug to 1 to see all HTTP(s) traffic debug = int(debug) # need an instance of HTTPS handler to do HTTPS httpshandler = urllib2.HTTPSHandler(debuglevel=debug) # use a cookie jar to store session cookies jar = http_cookiejar.LWPCookieJar() # if a cookie jar exists open it and read the cookies # and make sure it has the right permissions if os.path.exists(COOKIE_JAR): os.chmod(COOKIE_JAR, stat.S_IRUSR | stat.S_IWUSR) # set ignore_discard so that session cookies are preserved try: jar.load(COOKIE_JAR, ignore_discard=True) except http_cookiejar.LoadError as e: warnings.warn('http_cookiejar.LoadError caught: %s' % str(e)) # create a cookie handler from the cookie jar cookiehandler = urllib2.HTTPCookieProcessor(jar) # need a redirect handler to follow redirects redirecthandler = urllib2.HTTPRedirectHandler() # need an auth handler that can do negotiation. # input parameter is the Kerberos service principal. auth_handler = HTTPNegotiateAuthHandler(service_principal='HTTP@%s' % LIGO_LOGIN_URL) # create the opener. opener = urllib2.build_opener(auth_handler, cookiehandler, httpshandler, redirecthandler) # prepare the request object req = urllib2.Request(url) # use the opener and the request object to make the request. if timeout is None: timeout = socket._GLOBAL_DEFAULT_TIMEOUT response = opener.open(req, timeout=timeout) # save the session cookies to a file so that they can # be used again without having to authenticate jar.save(COOKIE_JAR, ignore_discard=True) return response
def get_handlers(self): handlers = [] if self._verify_cert == False: ctx = ssl.create_default_context() ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE handler = request.HTTPSHandler(context=ctx) handlers.append(handler) from urllib.request import HTTPRedirectHandler redirect_handler = HTTPRedirectHandler() redirect_handler.max_redirections = 30 redirect_handler.max_repeats = 30 handlers.append(redirect_handler) if self._username and self._password: passman = request.HTTPPasswordMgrWithDefaultRealm() passman.add_password(None, self._parsed_org_url, self._username, self._password) handlers.append(request.HTTPBasicAuthHandler(passman)) passman = request.HTTPPasswordMgrWithDefaultRealm() passman.add_password(None, self._parsed_org_url, self._username, self._password) handlers.append(request.HTTPDigestAuthHandler(passman)) if os.name == 'nt': try: from arcgis._impl.common._iwa import NtlmSspiAuthHandler, KerberosSspiAuthHandler auth_krb = KerberosSspiAuthHandler() handlers.append(auth_krb) try: auth_NTLM = NtlmSspiAuthHandler() handlers.append(auth_NTLM) except: pass except Error as err: _log.error( "winkerberos packages is required for IWA authentication (NTLM and Kerberos)." ) _log.error( "Please install it:\n\tconda install winkerberos") _log.error(str(err)) else: _log.error( 'The GIS uses Integrated Windows Authentication which is currently only supported on the Windows platform' ) if self._auth == "PKI" or \ (self.cert_file is not None and self.key_file is not None): handlers.append( HTTPSClientAuthHandler(self.key_file, self.cert_file)) elif self._portal_connection and \ self._portal_connection.cert_file is not None and \ self._portal_connection.key_file is not None: handlers.append( HTTPSClientAuthHandler(self._portal_connection.key_file, self._portal_connection.cert_file)) cj = cookiejar.CookieJar() if self.proxy_host: # Simple Proxy Support from urllib.request import ProxyHandler if self.proxy_port is None: self.proxy_port = 80 proxies = { "http": "http://%s:%s" % (self.proxy_host, self.proxy_port), "https": "https://%s:%s" % (self.proxy_host, self.proxy_port) } proxy_support = ProxyHandler(proxies) handlers.append(proxy_support) handlers.append(request.HTTPCookieProcessor(cj)) return handlers
def request(url, endpoint=IDP_ENDPOINTS['LIGO.ORG'], use_kerberos=None, debug=False): """Request the given URL using ECP shibboleth authentication This requires an active Kerberos ticket for the user, to get one: >>> from ligo.org import kinit >>> kinit('albert.einstein') Then request as follows >>> from ligo.org import request >>> response = request(myurl) >>> print(response.read()) Adapted from https://wiki.shibboleth.net/confluence/download/attachments/4358416/ecp.py Parameters ---------- url : `str` URL path for request endpoint : `str` ECP endpoint URL for request use_kerberos : `bool`, optional use existing kerberos credential for login, default is to try, but fall back to username/password prompt debug : `bool`, optional, default: `False` query in verbose debugging mode Returns ------- response : `str` the raw (decoded) response from the URL, probably XML/HTML or JSON """ login_host = urlparse(endpoint).netloc # create a cookie jar and cookie handler (and read existing cookies) cookie_jar = ECPCookieJar() if os.path.exists(COOKIE_JAR): try: cookie_jar.load(COOKIE_JAR, ignore_discard=True) except http_cookiejar.LoadError as e: warnings.warn('Caught error loading ECP cookie: %s' % str(e)) cookie_handler = urllib_request.HTTPCookieProcessor(cookie_jar) # need an instance of HTTPS handler to do HTTPS httpsHandler = urllib_request.HTTPSHandler(debuglevel=0) if debug: httpsHandler.set_http_debuglevel(1) # create the base opener object opener = urllib_request.build_opener(cookie_handler, httpsHandler) # get kerberos credentials if available if use_kerberos is None: try: creds = klist() except KerberosError: use_kerberos = False else: if creds: use_kerberos = True else: use_kerberos = False if use_kerberos: opener.add_handler( HTTPNegotiateAuthHandler(service_principal='HTTP@%s' % login_host)) # -- intiate ECP request -------------------- # headers needed to indicate to the SP an ECP request headers = { 'Accept': 'text/html; application/vnd.paos+xml', 'PAOS': 'ver="urn:liberty:paos:2003-08";' '"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"', } # request target from SP request = urllib_request.Request(url=url, headers=headers) response = opener.open(request) # convert the SP resonse from string to etree Element object sp_response = etree.XML(response.read()) # pick out the relay state element from the SP so that it can # be included later in the response to the SP namespaces = { 'ecp': 'urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp', 'S': 'http://schemas.xmlsoap.org/soap/envelope/', 'paos': 'urn:liberty:paos:2003-08' } relay_state = sp_response.xpath("//ecp:RelayState", namespaces=namespaces)[0] # make a deep copy of the SP response and then remove the header # in order to create the package for the IdP idp_request = deepcopy(sp_response) header = idp_request[0] idp_request.remove(header) # -- authenticate with endpoint ------------- request = urllib_request.Request(endpoint, data=etree.tostring(idp_request)) request.get_method = lambda: 'POST' request.add_header('Content-Type', 'test/xml; charset=utf-8') # get credentials for non-kerberos request if not use_kerberos: # prompt the user for a password login = input("Enter username for %s: " % login_host) password = getpass.getpass("Enter password for login '%s': " % login) # combine the login and password, base64 encode, and send # using the Authorization header base64string = base64.encodestring( ('%s:%s' % (login, password)).encode()).decode().replace('\n', '') request.add_header('Authorization', 'Basic %s' % base64string) response = opener.open(request) idp_response = etree.XML(response.read()) assertion_consumer_service = idp_response.xpath( "/S:Envelope/S:Header/ecp:Response/@AssertionConsumerServiceURL", namespaces=namespaces)[0] # make a deep copy of the IdP response and replace its # header contents with the relay state initially sent by # the SP sp_package = deepcopy(idp_response) sp_package[0][0] = relay_state headers = {'Content-Type': 'application/vnd.paos+xml'} # POST the package to the SP request = urllib_request.Request(url=assertion_consumer_service, data=etree.tostring(sp_package), headers=headers) request.get_method = lambda: 'POST' response = opener.open(request) # -- cache cookies -------------------------- cookie_jar.save(COOKIE_JAR, ignore_discard=True) # -- actually send GET ---------------------- request = urllib_request.Request(url=url) response = opener.open(request) return response.read()
#!/usr/bin/env python print('If you get error "ImportError: No module named \'six\'"'+\ 'install six:\n$ sudo pip install six') import sys import ssl if sys.version_info[0] == 2: import six from six.moves.urllib import request ctx = ssl.create_default_context() ctx.verify_flags = ssl.VERIFY_DEFAULT opener = request.build_opener( request.ProxyHandler({'http': 'http://127.0.0.1:24000'}), request.HTTPSHandler(context=ctx)) print(opener.open('https://lumtest.com/myip.json').read()) if sys.version_info[0] == 3: import urllib.request ctx = ssl.create_default_context() ctx.verify_flags = ssl.VERIFY_DEFAULT opener = urllib.request.build_opener( urllib.request.ProxyHandler({'http': 'http://127.0.0.1:24000'}), urllib.request.HTTPSHandler(context=ctx)) print(opener.open('https://lumtest.com/myip.json').read())