From 9eea189ca6f328a61e36b43ad7e677d22319c19f Mon Sep 17 00:00:00 2001 From: pjkersha Date: Tue, 13 Nov 2012 11:27:31 +0000 Subject: [PATCH] * Added support for key file pass-phrase for make_ssl_context func in ndg.httpsclient.ssl_context_util git-svn-id: http://proj.badc.rl.ac.uk/svn/ndg-security/trunk/ndg_httpsclient@8258 051b1e3e-aa0c-0410-b6c2-bfbade6052be --- ndg/httpsclient/ssl_context_util.py | 15 +++++++++++---- ndg/httpsclient/utils.py | 5 +++++ 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/ndg/httpsclient/ssl_context_util.py b/ndg/httpsclient/ssl_context_util.py index 18258cc..c62d103 100644 --- a/ndg/httpsclient/ssl_context_util.py +++ b/ndg/httpsclient/ssl_context_util.py @@ -36,7 +36,8 @@ def make_ssl_context_from_config(ssl_config=False, url=None): def make_ssl_context(key_file=None, cert_file=None, pem_file=None, ca_dir=None, - verify_peer=False, url=None, method=SSL.SSLv23_METHOD): + verify_peer=False, url=None, method=SSL.SSLv23_METHOD, + key_file_passphrase=None): """ Creates SSL context containing certificate and key file locations. """ @@ -45,11 +46,16 @@ def make_ssl_context(key_file=None, cert_file=None, pem_file=None, ca_dir=None, # Key file defaults to certificate file if present. if cert_file: ssl_context.use_certificate_file(cert_file) + + if key_file_passphrase: + passwd_cb = lambda max_passphrase_len, set_prompt, userdata: \ + key_file_passphrase + ssl_context.set_passwd_cb(passwd_cb) + if key_file: ssl_context.use_privatekey_file(key_file) - else: - if cert_file: - ssl_context.use_privatekey_file(cert_file) + elif cert_file: + ssl_context.use_privatekey_file(cert_file) if pem_file or ca_dir: ssl_context.load_verify_locations(pem_file, ca_dir) @@ -70,6 +76,7 @@ def _callback(conn, x509, errnum, errdepth, preverify_ok): ssl_context.set_verify(SSL.VERIFY_PEER, verify_callback) else: ssl_context.set_verify(SSL.VERIFY_NONE, verify_callback) + return ssl_context diff --git a/ndg/httpsclient/utils.py b/ndg/httpsclient/utils.py index 68600e8..b4e5c72 100644 --- a/ndg/httpsclient/utils.py +++ b/ndg/httpsclient/utils.py @@ -109,6 +109,10 @@ def fetch_stream_from_url(url, config, data=None, handlers=None): @type url: basestring @param config: SSL context configuration @type config: Configuration + @param data: HTTP POST data + @type data: str + @param handlers: list of custom urllib2 handlers to add to the request + @type handlers: iterable @return: data retrieved from URL or None @rtype: file derived type """ @@ -141,6 +145,7 @@ def open_url(url, config, data=None, handlers=None): cj = config.cookie else: cj = cookielib.CookieJar() + # Use a cookie processor that accumulates cookies when redirects occur so # that an application can redirect for authentication and retain both any # cookies for the application and the security system (c.f.,