Allow custom SSL ca chain in HTTP client #14

Open
lash wants to merge 1 commits from lash/custom-ca into master
5 changed files with 27 additions and 20 deletions

View File

@ -73,8 +73,19 @@ class CmdCtrl:
self.remote_openers = {} self.remote_openers = {}
if self.get('META_URL') != None: if self.get('META_URL') != None:
sctx = None
if self.cmd_args.cafile != None:
import ssl
sctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
sctx.load_verify_locations(self.cmd_args.cafile)
auth_client_session = PGPClientSession(self.__auth) auth_client_session = PGPClientSession(self.__auth)
self.remote_openers['meta'] = HTTPSession(self.get('META_URL'), auth=auth_client_session, origin=self.config.get('META_HTTP_ORIGIN')) self.remote_openers['meta'] = HTTPSession(
self.get('META_URL'),
auth=auth_client_session,
origin=self.config.get('META_HTTP_ORIGIN'),
ssl_context=sctx,
)
def blockchain(self): def blockchain(self):

View File

@ -12,6 +12,7 @@ from usumbufu.client.base import (
) )
from usumbufu.client.bearer import BearerClientSession from usumbufu.client.bearer import BearerClientSession
from usumbufu.client.hoba import HobaClientSession from usumbufu.client.hoba import HobaClientSession
from urlybird.host import url_apply_port_string
logg = logging.getLogger(__name__) logg = logging.getLogger(__name__)
@ -21,6 +22,7 @@ class PGPClientSession(HobaClientSession):
alg = '969' alg = '969'
def __init__(self, auth): def __init__(self, auth):
super(PGPClientSession, self).__init__()
self.auth = auth self.auth = auth
self.origin = None self.origin = None
self.fingerprint = self.auth.fingerprint() self.fingerprint = self.auth.fingerprint()
@ -46,23 +48,12 @@ class HTTPSession:
token_dir = '/run/user/{}/clicada/usumbufu/.token'.format(os.getuid()) token_dir = '/run/user/{}/clicada/usumbufu/.token'.format(os.getuid())
def __init__(self, url, auth=None, origin=None): def __init__(self, url, auth=None, origin=None, ssl_context=None):
self.base_url = url self.base_url = url
url_parts = urllib.parse.urlsplit(self.base_url)
url_parts_origin_host = url_parts[1].split(":") if origin == None:
host = url_parts_origin_host[0] origin = url_apply_port_string(url, as_origin=True)
try:
host = host + ':' + url_parts_origin_host[1]
except IndexError:
host = host + ':' + str(getservbyname(url_parts[0]))
logg.info('changed origin with missing port number from {} to {}'.format(url_parts[1], host))
url_parts_origin = (url_parts[0], host, '', '', '',)
self.origin = origin self.origin = origin
if self.origin == None:
self.origin = urllib.parse.urlunsplit(url_parts_origin)
else:
logg.debug('overriding http origin for {} with {}'.format(url, self.origin))
h = hashlib.sha256() h = hashlib.sha256()
h.update(self.base_url.encode('utf-8')) h.update(self.base_url.encode('utf-8'))
@ -72,7 +63,7 @@ class HTTPSession:
os.makedirs(token_store_dir, exist_ok=True) os.makedirs(token_store_dir, exist_ok=True)
self.token_store = BaseTokenStore(path=token_store_dir) self.token_store = BaseTokenStore(path=token_store_dir)
self.session = ClientSession(self.origin, token_store=self.token_store) self.session = ClientSession(self.origin, token_store=self.token_store, ssl_context=ssl_context)
bearer_handler = BearerClientSession(self.origin, token_store=self.token_store) bearer_handler = BearerClientSession(self.origin, token_store=self.token_store)
self.session.add_subhandler(bearer_handler) self.session.add_subhandler(bearer_handler)
@ -88,6 +79,9 @@ class HTTPSession:
url = urllib.parse.urljoin(self.base_url, endpoint) url = urllib.parse.urljoin(self.base_url, endpoint)
logg.debug('open {} with opener {}'.format(url, self)) logg.debug('open {} with opener {}'.format(url, self))
r = self.opener.open(url) r = self.opener.open(url)
logg.debug('response code {} for {}'.format(r.code, endpoint))
if r.code == 404:
raise FileNotFoundError()
return r.read().decode('utf-8') return r.read().decode('utf-8')

View File

@ -29,6 +29,7 @@ tx_normalizer = TxHexNormalizer()
def process_args(argparser): def process_args(argparser):
argparser.add_argument('-m', '--method', type=str, help='lookup method') argparser.add_argument('-m', '--method', type=str, help='lookup method')
argparser.add_argument('--meta-url', dest='meta_url', type=str, help='Url to retrieve metadata from') argparser.add_argument('--meta-url', dest='meta_url', type=str, help='Url to retrieve metadata from')
argparser.add_argument('--cafile', type=str, help='CA certificate chain file to use for verifying SSL session')
argparser.add_argument('-f', '--force-update', dest='force_update', action='store_true', help='Update records of mutable entries') argparser.add_argument('-f', '--force-update', dest='force_update', action='store_true', help='Update records of mutable entries')
argparser.add_argument('identifier', type=str, help='user identifier') argparser.add_argument('identifier', type=str, help='user identifier')

View File

@ -268,7 +268,7 @@ class FileUserStore:
r = getter.open(ptr) r = getter.open(ptr)
except Exception as e: except Exception as e:
logg.debug('no metadata found for {}: {}'.format(address, e)) logg.debug('no metadata found for {}: {}'.format(address, e))
if r == None: if r == None:
self.failed_entities[address] = True self.failed_entities[address] = True
raise MetadataNotFoundError() raise MetadataNotFoundError()

View File

@ -1,5 +1,5 @@
usumbufu~=0.3.5 usumbufu~=0.3.6
confini~=0.5.3 confini~=0.5.4
cic-eth-registry~=0.6.1 cic-eth-registry~=0.6.1
cic-types~=0.2.1a8 cic-types~=0.2.1a8
phonenumbers==8.12.12 phonenumbers==8.12.12
@ -8,3 +8,4 @@ hexathon~=0.1.0
pycryptodome~=3.10.1 pycryptodome~=3.10.1
chainlib-eth~=0.0.21 chainlib-eth~=0.0.21
chainlib~=0.0.17 chainlib~=0.0.17
urlybird~=0.0.2