Add custom cafile, correctly detect 404

2022-01-26 10:22:19 +00:00 · 2022-01-26 10:22:19 +00:00 · acccaa84dd
parent 65b3d4d409
commit acccaa84dd
5 changed files with 27 additions and 20 deletions
--- a/clicada/cli/arg.py
+++ b/clicada/cli/arg.py
@ -73,8 +73,19 @@ class CmdCtrl:

        self.remote_openers = {}
        if self.get('META_URL') != None:
+            sctx = None 
+            if self.cmd_args.cafile != None:
+                import ssl
+                sctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+                sctx.load_verify_locations(self.cmd_args.cafile)
+
            auth_client_session = PGPClientSession(self.__auth)
-            self.remote_openers['meta'] = HTTPSession(self.get('META_URL'), auth=auth_client_session, origin=self.config.get('META_HTTP_ORIGIN'))
+            self.remote_openers['meta'] = HTTPSession(
+                    self.get('META_URL'),
+                    auth=auth_client_session,
+                    origin=self.config.get('META_HTTP_ORIGIN'),
+                    ssl_context=sctx,
+                    )


    def blockchain(self):
--- a/clicada/cli/http.py
+++ b/clicada/cli/http.py
@ -12,6 +12,7 @@ from usumbufu.client.base import (
        )
 from usumbufu.client.bearer import BearerClientSession
 from usumbufu.client.hoba import HobaClientSession
+from urlybird.host import url_apply_port_string

 logg = logging.getLogger(__name__)

@ -21,6 +22,7 @@ class PGPClientSession(HobaClientSession):
    alg = '969'

    def __init__(self, auth):
+        super(PGPClientSession, self).__init__()
        self.auth = auth
        self.origin = None
        self.fingerprint = self.auth.fingerprint()
@ -46,23 +48,12 @@ class HTTPSession:
    
    token_dir = '/run/user/{}/clicada/usumbufu/.token'.format(os.getuid())

-    def __init__(self, url, auth=None, origin=None):
+    def __init__(self, url, auth=None, origin=None, ssl_context=None):
        self.base_url = url
-        url_parts = urllib.parse.urlsplit(self.base_url)
-        url_parts_origin_host = url_parts[1].split(":")
-        host = url_parts_origin_host[0]
-        try:
-            host = host + ':' + url_parts_origin_host[1]
-        except IndexError:
-            host = host + ':' + str(getservbyname(url_parts[0]))
-            logg.info('changed origin with missing port number from {} to {}'.format(url_parts[1], host))
-        url_parts_origin = (url_parts[0], host, '', '', '',)
-            
+
+        if origin == None:
+            origin = url_apply_port_string(url, as_origin=True)
        self.origin = origin
-        if self.origin == None:
-            self.origin = urllib.parse.urlunsplit(url_parts_origin)
-        else:
-            logg.debug('overriding http origin for {} with {}'.format(url, self.origin))

        h = hashlib.sha256()
        h.update(self.base_url.encode('utf-8'))
@ -72,7 +63,7 @@ class HTTPSession:
        os.makedirs(token_store_dir, exist_ok=True)
        self.token_store = BaseTokenStore(path=token_store_dir)

-        self.session = ClientSession(self.origin, token_store=self.token_store)
+        self.session = ClientSession(self.origin, token_store=self.token_store, ssl_context=ssl_context)

        bearer_handler = BearerClientSession(self.origin, token_store=self.token_store)
        self.session.add_subhandler(bearer_handler)
@ -88,6 +79,9 @@ class HTTPSession:
        url = urllib.parse.urljoin(self.base_url, endpoint)
        logg.debug('open {} with opener {}'.format(url, self))
        r = self.opener.open(url)
+        logg.debug('response code {} for {}'.format(r.code, endpoint))
+        if r.code == 404:
+            raise FileNotFoundError()
        return r.read().decode('utf-8')


--- a/clicada/cli/user.py
+++ b/clicada/cli/user.py
@ -29,6 +29,7 @@ tx_normalizer = TxHexNormalizer()
 def process_args(argparser):
    argparser.add_argument('-m', '--method', type=str, help='lookup method')
    argparser.add_argument('--meta-url', dest='meta_url', type=str, help='Url to retrieve metadata from')
+    argparser.add_argument('--cafile', type=str, help='CA certificate chain file to use for verifying SSL session')
    argparser.add_argument('-f', '--force-update', dest='force_update', action='store_true', help='Update records of mutable entries')
    argparser.add_argument('identifier', type=str, help='user identifier')

--- a/clicada/user/file.py
+++ b/clicada/user/file.py
@ -268,7 +268,7 @@ class FileUserStore:
            r = getter.open(ptr)
        except Exception as e:
            logg.debug('no metadata found for {}: {}'.format(address, e))
-        
+       
        if r == None:
            self.failed_entities[address] = True
            raise MetadataNotFoundError()
--- a/requirements.txt
+++ b/requirements.txt
@ -1,5 +1,5 @@
-usumbufu~=0.3.5
-confini~=0.5.3
+usumbufu~=0.3.6
+confini~=0.5.4
 cic-eth-registry~=0.6.1
 cic-types~=0.2.1a8
 phonenumbers==8.12.12
@ -8,3 +8,4 @@ hexathon~=0.1.0
 pycryptodome~=3.10.1
 chainlib-eth~=0.0.21
 chainlib~=0.0.17
+urlybird~=0.0.2