Allow custom SSL ca chain in HTTP client #14
@ -73,8 +73,19 @@ class CmdCtrl:
|
|||||||
|
|
||||||
self.remote_openers = {}
|
self.remote_openers = {}
|
||||||
if self.get('META_URL') != None:
|
if self.get('META_URL') != None:
|
||||||
|
sctx = None
|
||||||
|
if self.cmd_args.cafile != None:
|
||||||
|
import ssl
|
||||||
|
sctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
||||||
|
sctx.load_verify_locations(self.cmd_args.cafile)
|
||||||
|
|
||||||
auth_client_session = PGPClientSession(self.__auth)
|
auth_client_session = PGPClientSession(self.__auth)
|
||||||
self.remote_openers['meta'] = HTTPSession(self.get('META_URL'), auth=auth_client_session, origin=self.config.get('META_HTTP_ORIGIN'))
|
self.remote_openers['meta'] = HTTPSession(
|
||||||
|
self.get('META_URL'),
|
||||||
|
auth=auth_client_session,
|
||||||
|
origin=self.config.get('META_HTTP_ORIGIN'),
|
||||||
|
ssl_context=sctx,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
def blockchain(self):
|
def blockchain(self):
|
||||||
|
@ -12,6 +12,7 @@ from usumbufu.client.base import (
|
|||||||
)
|
)
|
||||||
from usumbufu.client.bearer import BearerClientSession
|
from usumbufu.client.bearer import BearerClientSession
|
||||||
from usumbufu.client.hoba import HobaClientSession
|
from usumbufu.client.hoba import HobaClientSession
|
||||||
|
from urlybird.host import url_apply_port_string
|
||||||
|
|
||||||
logg = logging.getLogger(__name__)
|
logg = logging.getLogger(__name__)
|
||||||
|
|
||||||
@ -21,6 +22,7 @@ class PGPClientSession(HobaClientSession):
|
|||||||
alg = '969'
|
alg = '969'
|
||||||
|
|
||||||
def __init__(self, auth):
|
def __init__(self, auth):
|
||||||
|
super(PGPClientSession, self).__init__()
|
||||||
self.auth = auth
|
self.auth = auth
|
||||||
self.origin = None
|
self.origin = None
|
||||||
self.fingerprint = self.auth.fingerprint()
|
self.fingerprint = self.auth.fingerprint()
|
||||||
@ -46,23 +48,12 @@ class HTTPSession:
|
|||||||
|
|
||||||
token_dir = '/run/user/{}/clicada/usumbufu/.token'.format(os.getuid())
|
token_dir = '/run/user/{}/clicada/usumbufu/.token'.format(os.getuid())
|
||||||
|
|
||||||
def __init__(self, url, auth=None, origin=None):
|
def __init__(self, url, auth=None, origin=None, ssl_context=None):
|
||||||
self.base_url = url
|
self.base_url = url
|
||||||
url_parts = urllib.parse.urlsplit(self.base_url)
|
|
||||||
url_parts_origin_host = url_parts[1].split(":")
|
|
||||||
host = url_parts_origin_host[0]
|
|
||||||
try:
|
|
||||||
host = host + ':' + url_parts_origin_host[1]
|
|
||||||
except IndexError:
|
|
||||||
host = host + ':' + str(getservbyname(url_parts[0]))
|
|
||||||
logg.info('changed origin with missing port number from {} to {}'.format(url_parts[1], host))
|
|
||||||
url_parts_origin = (url_parts[0], host, '', '', '',)
|
|
||||||
|
|
||||||
|
if origin == None:
|
||||||
|
origin = url_apply_port_string(url, as_origin=True)
|
||||||
self.origin = origin
|
self.origin = origin
|
||||||
if self.origin == None:
|
|
||||||
self.origin = urllib.parse.urlunsplit(url_parts_origin)
|
|
||||||
else:
|
|
||||||
logg.debug('overriding http origin for {} with {}'.format(url, self.origin))
|
|
||||||
|
|
||||||
h = hashlib.sha256()
|
h = hashlib.sha256()
|
||||||
h.update(self.base_url.encode('utf-8'))
|
h.update(self.base_url.encode('utf-8'))
|
||||||
@ -72,7 +63,7 @@ class HTTPSession:
|
|||||||
os.makedirs(token_store_dir, exist_ok=True)
|
os.makedirs(token_store_dir, exist_ok=True)
|
||||||
self.token_store = BaseTokenStore(path=token_store_dir)
|
self.token_store = BaseTokenStore(path=token_store_dir)
|
||||||
|
|
||||||
self.session = ClientSession(self.origin, token_store=self.token_store)
|
self.session = ClientSession(self.origin, token_store=self.token_store, ssl_context=ssl_context)
|
||||||
|
|
||||||
bearer_handler = BearerClientSession(self.origin, token_store=self.token_store)
|
bearer_handler = BearerClientSession(self.origin, token_store=self.token_store)
|
||||||
self.session.add_subhandler(bearer_handler)
|
self.session.add_subhandler(bearer_handler)
|
||||||
@ -88,6 +79,9 @@ class HTTPSession:
|
|||||||
url = urllib.parse.urljoin(self.base_url, endpoint)
|
url = urllib.parse.urljoin(self.base_url, endpoint)
|
||||||
logg.debug('open {} with opener {}'.format(url, self))
|
logg.debug('open {} with opener {}'.format(url, self))
|
||||||
r = self.opener.open(url)
|
r = self.opener.open(url)
|
||||||
|
logg.debug('response code {} for {}'.format(r.code, endpoint))
|
||||||
|
if r.code == 404:
|
||||||
|
raise FileNotFoundError()
|
||||||
return r.read().decode('utf-8')
|
return r.read().decode('utf-8')
|
||||||
|
|
||||||
|
|
||||||
|
@ -29,6 +29,7 @@ tx_normalizer = TxHexNormalizer()
|
|||||||
def process_args(argparser):
|
def process_args(argparser):
|
||||||
argparser.add_argument('-m', '--method', type=str, help='lookup method')
|
argparser.add_argument('-m', '--method', type=str, help='lookup method')
|
||||||
argparser.add_argument('--meta-url', dest='meta_url', type=str, help='Url to retrieve metadata from')
|
argparser.add_argument('--meta-url', dest='meta_url', type=str, help='Url to retrieve metadata from')
|
||||||
|
argparser.add_argument('--cafile', type=str, help='CA certificate chain file to use for verifying SSL session')
|
||||||
argparser.add_argument('-f', '--force-update', dest='force_update', action='store_true', help='Update records of mutable entries')
|
argparser.add_argument('-f', '--force-update', dest='force_update', action='store_true', help='Update records of mutable entries')
|
||||||
argparser.add_argument('identifier', type=str, help='user identifier')
|
argparser.add_argument('identifier', type=str, help='user identifier')
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
usumbufu~=0.3.5
|
usumbufu~=0.3.6
|
||||||
confini~=0.5.3
|
confini~=0.5.4
|
||||||
cic-eth-registry~=0.6.1
|
cic-eth-registry~=0.6.1
|
||||||
cic-types~=0.2.1a8
|
cic-types~=0.2.1a8
|
||||||
phonenumbers==8.12.12
|
phonenumbers==8.12.12
|
||||||
@ -8,3 +8,4 @@ hexathon~=0.1.0
|
|||||||
pycryptodome~=3.10.1
|
pycryptodome~=3.10.1
|
||||||
chainlib-eth~=0.0.21
|
chainlib-eth~=0.0.21
|
||||||
chainlib~=0.0.17
|
chainlib~=0.0.17
|
||||||
|
urlybird~=0.0.2
|
||||||
|
Loading…
Reference in New Issue
Block a user