httxlib.httxcertificates

1 #!/usr/bin/env python 2 # -*- coding: latin-1; py-indent-offset:4 -*- 3 ################################################################################ 4 # 5 # This file is part of HttxLib 6 # 7 # HttxLib is an HTTP(s) Python library suited multithreaded/multidomain 8 # applications 9 # 10 # Copyright (C) 2010-2011 Daniel Rodriguez (aka Daniel Rodriksson) 11 # Copyright (C) 2011 Sensible Odds Ltd 12 # 13 # You can learn more and contact the author at: 14 # 15 # http://code.google.com/p/httxlib/ 16 # 17 # HttxLib is free software: you can redistribute it and/or modify 18 # it under the terms of the GNU General Public License as published by 19 # the Free Software Foundation, either version 3 of the License, or 20 # (at your option) any later version. 21 # 22 # HttxLib is distributed in the hope that it will be useful, 23 # but WITHOUT ANY WARRANTY; without even the implied warranty of 24 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 25 # GNU General Public License for more details. 26 # 27 # You should have received a copy of the GNU General Public License 28 # along with HttxLib. If not, see <http://www.gnu.org/licenses/>. 29 # 30 ################################################################################ 31 ''' 32 Extensions of a L{HttxPassManager} to be used to hold paths 33 to certificate files or values for certificate validation 34 35 The locking semantics are all implemented in the L{HttxPassManager} 36 ''' 37 38 try: 39 from ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED 40 except ImportError: 41 CERT_NONE = 0 42 CERT_OPTIONAL = 1 43 CERT_REQUIRED = 2 44 45 from urlparse import urlsplit 46 47 from httxpassmanager import HttxPassManager 48 49

50 -class HttxCertKeyManager(HttxPassManager):

51 ''' 52 A subclass of L{HttxPassManager} to hold paths to private key and 53 certificate files to be used in client validation in https connections 54 55 Usually the certificate file contains the private key too, but if this 56 is not the case, the path to the file containing the private key has to 57 also be supplied 58 59 The class stores the cert_file/private_key_file tuple for a given url 60 61 A catch_all empty string can be used to validate against any url 62 63 The storage functionality is implemented by the HTTPPasswordManagerWithDefaultRealm 64 used by L{HttxPassManager} and using a default Realm of None 65 ''' 66

67 - def __init__(self):

68 ''' 69 Constructor. It delegates construction to the base class 70 L{HttxPassManager} 71 ''' 72 HttxPassManager.__init__(self)

73 74

75 - def add_certkey(self, url, certfile, keyfile):

76 ''' 77 Add paths to the certificate and private key 78 79 @param url: url to be matched for certificate/private key files 80 @type url: str 81 @param certfile: path to the certificate file 82 @type certfile: str 83 @param keyfile: path to the private key file if not contained in the 84 certificate file 85 @type keyfile: str 86 ''' 87 parsed = urlsplit(url) 88 self.add_password(None, parsed.netloc, certfile, keyfile)

89 90

91 - def find_certkey(self, url):

92 ''' 93 Retrieves a tuple of (certfile, keyfile) for a given url 94 95 @param url: url to be matched for certificate/private key files 96 @type url: str 97 @return: tuple of (certfile, keyfile) that may be None 98 @rtype: tuple 99 ''' 100 parsed = urlsplit(url) 101 certfile, keyfile = self.find_user_password(None, parsed.netloc) 102 return certfile, keyfile

103 104 105

106 -class HttxCertReqManager(HttxPassManager):

107 ''' 108 A subclass of L{HttxPassManager} to hold the requirement for server 109 certificate validation in https connections. 110 111 It stores the requirement on a per url basis by transforming the 112 enumeration value into a string on storage and undoing the operation 113 on retrieval 114 115 A catch_all empty string can be used to validate against any url 116 117 @ivar certReqs: mapping of enumeration to string for storage 118 @type certReques: dict 119 @ivar certReqsInv: inverse mapping of enumeration to string for storage 120 @type certRequesInv: dict 121 ''' 122 123 certReqs = {CERT_NONE: 'CERT_NONE', CERT_OPTIONAL: 'CERT_OPTIONAL', CERT_REQUIRED: 'CERT_REQUIRED'} 124 certReqsInv = {'CERT_NONE': CERT_NONE, 'CERT_OPTIONAL': CERT_OPTIONAL, 'CERT_REQUIRED': CERT_REQUIRED} 125

126 - def __init__(self):

127 ''' 128 Constructor. It delegates construction to the base class 129 L{HttxPassManager} 130 ''' 131 HttxPassManager.__init__(self)

132 133

134 - def add_cert_req(self, url, cert_req):

135 ''' 136 Add validation requirement for the given url 137 138 @param url: url to be matched for certificate/private key files 139 @type url: str 140 @param cert_req: validation requirement from SSL 141 CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED 142 @type cert_req: str 143 ''' 144 parsed = urlsplit(url) 145 self.add_password(None, parsed.netloc, self.certReqs[cert_req], '')

146 147

148 - def find_cert_req(self, url):

149 ''' 150 Retrieve validation requirement for the given url 151 152 @param url: url to be matched for certificate/private key files 153 @type url: str 154 @return: the validation requirement 155 @rtype: int 156 ''' 157 parsed = urlsplit(url) 158 cert_req, emptyField = self.find_user_password(None, parsed.netloc) 159 return self.certReqsInv[cert_req] if cert_req is not None else CERT_NONE

160 161

162 -class HttxCACertManager(HttxPassManager):

163 ''' 164 A subclass of L{HttxPassManager} to hold the path to a file containing 165 the root (chain of) certificate(s) to be used in server certificate 166 validation 167 168 It stores the requirement on a per url basis by transforming the 169 enumeration value into a string on storage and undoing the operation 170 on retrieval 171 172 It is separate from the Validation Requirement storage because this 173 file may be use for all servers, but validation may not be required 174 for all servers 175 176 A catch_all empty string can be used to validate against any url 177 ''' 178

179 - def __init__(self):

180 ''' 181 Constructor. It delegates construction to the base class 182 L{HttxPassManager} 183 ''' 184 HttxPassManager.__init__(self)

185 186

187 - def add_ca_cert(self, url, cacert):

188 ''' 189 Add a path to a file with a root (chain of) certificates 190 for the given url 191 192 @param url: url to be matched for certificate/private key files 193 @type url: str 194 @param cacert: path to a file containing the certificates 195 @type cacert: str 196 ''' 197 parsed = urlsplit(url) 198 self.add_password(None, parsed.netloc, cacert, '')

199 200

201 - def find_ca_cert(self, url):

202 ''' 203 Retrieve the path to a file containing the root certificates 204 for the given url 205 206 @param url: url to be matched for certificate/private key files 207 @type url: str 208 @return: the path to the file with the root certificates or None 209 @rtype: str|None 210 ''' 211 parsed = urlsplit(url) 212 cacert, emptyField = self.find_user_password(None, parsed.netloc) 213 return cacert

214

Source Code for Module httxlib.httxcertificates