Allow custom SSL ca chain in HTTP client #14
@ -73,8 +73,19 @@ class CmdCtrl:
|
||||
|
||||
self.remote_openers = {}
|
||||
if self.get('META_URL') != None:
|
||||
sctx = None
|
||||
if self.cmd_args.cafile != None:
|
||||
import ssl
|
||||
sctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
||||
sctx.load_verify_locations(self.cmd_args.cafile)
|
||||
|
||||
auth_client_session = PGPClientSession(self.__auth)
|
||||
self.remote_openers['meta'] = HTTPSession(self.get('META_URL'), auth=auth_client_session, origin=self.config.get('META_HTTP_ORIGIN'))
|
||||
self.remote_openers['meta'] = HTTPSession(
|
||||
self.get('META_URL'),
|
||||
auth=auth_client_session,
|
||||
origin=self.config.get('META_HTTP_ORIGIN'),
|
||||
ssl_context=sctx,
|
||||
)
|
||||
|
||||
|
||||
def blockchain(self):
|
||||
|
@ -12,6 +12,7 @@ from usumbufu.client.base import (
|
||||
)
|
||||
from usumbufu.client.bearer import BearerClientSession
|
||||
from usumbufu.client.hoba import HobaClientSession
|
||||
from urlybird.host import url_apply_port_string
|
||||
|
||||
logg = logging.getLogger(__name__)
|
||||
|
||||
@ -21,6 +22,7 @@ class PGPClientSession(HobaClientSession):
|
||||
alg = '969'
|
||||
|
||||
def __init__(self, auth):
|
||||
super(PGPClientSession, self).__init__()
|
||||
self.auth = auth
|
||||
self.origin = None
|
||||
self.fingerprint = self.auth.fingerprint()
|
||||
@ -46,23 +48,12 @@ class HTTPSession:
|
||||
|
||||
token_dir = '/run/user/{}/clicada/usumbufu/.token'.format(os.getuid())
|
||||
|
||||
def __init__(self, url, auth=None, origin=None):
|
||||
def __init__(self, url, auth=None, origin=None, ssl_context=None):
|
||||
self.base_url = url
|
||||
url_parts = urllib.parse.urlsplit(self.base_url)
|
||||
url_parts_origin_host = url_parts[1].split(":")
|
||||
host = url_parts_origin_host[0]
|
||||
try:
|
||||
host = host + ':' + url_parts_origin_host[1]
|
||||
except IndexError:
|
||||
host = host + ':' + str(getservbyname(url_parts[0]))
|
||||
logg.info('changed origin with missing port number from {} to {}'.format(url_parts[1], host))
|
||||
url_parts_origin = (url_parts[0], host, '', '', '',)
|
||||
|
||||
|
||||
if origin == None:
|
||||
origin = url_apply_port_string(url, as_origin=True)
|
||||
self.origin = origin
|
||||
if self.origin == None:
|
||||
self.origin = urllib.parse.urlunsplit(url_parts_origin)
|
||||
else:
|
||||
logg.debug('overriding http origin for {} with {}'.format(url, self.origin))
|
||||
|
||||
h = hashlib.sha256()
|
||||
h.update(self.base_url.encode('utf-8'))
|
||||
@ -72,7 +63,7 @@ class HTTPSession:
|
||||
os.makedirs(token_store_dir, exist_ok=True)
|
||||
self.token_store = BaseTokenStore(path=token_store_dir)
|
||||
|
||||
self.session = ClientSession(self.origin, token_store=self.token_store)
|
||||
self.session = ClientSession(self.origin, token_store=self.token_store, ssl_context=ssl_context)
|
||||
|
||||
bearer_handler = BearerClientSession(self.origin, token_store=self.token_store)
|
||||
self.session.add_subhandler(bearer_handler)
|
||||
@ -88,6 +79,9 @@ class HTTPSession:
|
||||
url = urllib.parse.urljoin(self.base_url, endpoint)
|
||||
logg.debug('open {} with opener {}'.format(url, self))
|
||||
r = self.opener.open(url)
|
||||
logg.debug('response code {} for {}'.format(r.code, endpoint))
|
||||
if r.code == 404:
|
||||
raise FileNotFoundError()
|
||||
return r.read().decode('utf-8')
|
||||
|
||||
|
||||
|
@ -29,6 +29,7 @@ tx_normalizer = TxHexNormalizer()
|
||||
def process_args(argparser):
|
||||
argparser.add_argument('-m', '--method', type=str, help='lookup method')
|
||||
argparser.add_argument('--meta-url', dest='meta_url', type=str, help='Url to retrieve metadata from')
|
||||
argparser.add_argument('--cafile', type=str, help='CA certificate chain file to use for verifying SSL session')
|
||||
argparser.add_argument('-f', '--force-update', dest='force_update', action='store_true', help='Update records of mutable entries')
|
||||
argparser.add_argument('identifier', type=str, help='user identifier')
|
||||
|
||||
|
@ -268,7 +268,7 @@ class FileUserStore:
|
||||
r = getter.open(ptr)
|
||||
except Exception as e:
|
||||
logg.debug('no metadata found for {}: {}'.format(address, e))
|
||||
|
||||
|
||||
if r == None:
|
||||
self.failed_entities[address] = True
|
||||
raise MetadataNotFoundError()
|
||||
|
@ -1,5 +1,5 @@
|
||||
usumbufu~=0.3.5
|
||||
confini~=0.5.3
|
||||
usumbufu~=0.3.6
|
||||
confini~=0.5.4
|
||||
cic-eth-registry~=0.6.1
|
||||
cic-types~=0.2.1a8
|
||||
phonenumbers==8.12.12
|
||||
@ -8,3 +8,4 @@ hexathon~=0.1.0
|
||||
pycryptodome~=3.10.1
|
||||
chainlib-eth~=0.0.21
|
||||
chainlib~=0.0.17
|
||||
urlybird~=0.0.2
|
||||
|
Loading…
Reference in New Issue
Block a user