1
0
mirror of https://github.com/vmware/vsphere-automation-sdk-python.git synced 2024-11-25 10:50:00 -05:00
vsphere-automation-sdk-python/vsphere/6.0/_modules/vmware/vapi/lib/ssl.html

214 lines
16 KiB
HTML
Raw Normal View History

2018-08-07 19:42:25 -04:00
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>vmware.vapi.lib.ssl &mdash; vCloud Suite SDK for Python 6.0.0 documentation</title>
<link rel="stylesheet" href="../../../../_static/vapitheme.css" type="text/css" />
<link rel="stylesheet" href="../../../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../../../',
VERSION: '6.0.0',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../../../../_static/jquery.js"></script>
<script type="text/javascript" src="../../../../_static/underscore.js"></script>
<script type="text/javascript" src="../../../../_static/doctools.js"></script>
<link rel="top" title="vCloud Suite SDK for Python 6.0.0 documentation" href="../../../../index.html" />
<link rel="up" title="Module code" href="../../../index.html" />
</head>
<body>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../../../../genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="../../../../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li><a href="../../../../index.html">vCloud Suite SDK for Python 6.0.0 documentation</a> &raquo;</li>
<li><a href="../../../index.html" accesskey="U">Module code</a> &raquo;</li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body">
<h1>Source code for vmware.vapi.lib.ssl</h1><div class="highlight"><pre>
<span class="sd">&quot;&quot;&quot;</span>
<span class="sd">SSL Context factories</span>
<span class="sd">&quot;&quot;&quot;</span>
<span class="n">__author__</span> <span class="o">=</span> <span class="s">&#39;VMware, Inc.&#39;</span>
<span class="n">__copyright__</span> <span class="o">=</span> <span class="s">&#39;Copyright 2013 VMware, Inc. All rights reserved. -- VMware Confidential&#39;</span>
<span class="kn">import</span> <span class="nn">logging</span>
<span class="kn">from</span> <span class="nn">OpenSSL</span> <span class="kn">import</span> <span class="n">SSL</span><span class="p">,</span> <span class="n">crypto</span>
<span class="n">logger</span> <span class="o">=</span> <span class="n">logging</span><span class="o">.</span><span class="n">getLogger</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span>
<div class="viewcode-block" id="ClientContextFactory"><a class="viewcode-back" href="../../../../vmware.vapi.lib.html#vmware.vapi.lib.ssl.ClientContextFactory">[docs]</a><span class="k">class</span> <span class="nc">ClientContextFactory</span><span class="p">(</span><span class="nb">object</span><span class="p">):</span> <span class="c"># pylint: disable=R0922</span>
<span class="sd">&quot;&quot;&quot;</span>
<span class="sd"> Context factory base class. This class should be used to set the</span>
<span class="sd"> SSL options</span>
<span class="sd"> &quot;&quot;&quot;</span>
<div class="viewcode-block" id="ClientContextFactory.get_context"><a class="viewcode-back" href="../../../../vmware.vapi.lib.html#vmware.vapi.lib.ssl.ClientContextFactory.get_context">[docs]</a> <span class="k">def</span> <span class="nf">get_context</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
<span class="sd">&quot;&quot;&quot;</span>
<span class="sd"> Returns the SSL context</span>
<span class="sd"> &quot;&quot;&quot;</span>
<span class="k">raise</span> <span class="ne">NotImplementedError</span>
</div></div>
<div class="viewcode-block" id="DefaultClientContextFactory"><a class="viewcode-back" href="../../../../vmware.vapi.lib.html#vmware.vapi.lib.ssl.DefaultClientContextFactory">[docs]</a><span class="k">class</span> <span class="nc">DefaultClientContextFactory</span><span class="p">(</span><span class="n">ClientContextFactory</span><span class="p">):</span>
<span class="sd">&quot;&quot;&quot;</span>
<span class="sd"> Default SSL context class. This chooses some default options for SSL context.</span>
<span class="sd"> Clients can retrieve the context.</span>
<span class="sd"> To modify the context and set some options directly. Create a class like below</span>
<span class="sd"> and set the options. Pass this to the get_connector function</span>
<span class="sd"> class CustomClientContextFactory(DefaultClientContextFactory):</span>
<span class="sd"> def getContext(self):</span>
<span class="sd"> ctx = DefaultClientContextFactory.getContext(self)</span>
<span class="sd"> # modify ctx</span>
<span class="sd"> return ctx</span>
<span class="sd"> &quot;&quot;&quot;</span>
<span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">certificate</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">private_key</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">ca_certs</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span>
<span class="n">ca_certs_dir</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span>
<span class="sd">&quot;&quot;&quot;</span>
<span class="sd"> Initialize DefaultClientContextFactory</span>
<span class="sd"> :type certificate: :class:`str`</span>
<span class="sd"> :param certificate: File path of the certificate</span>
<span class="sd"> :type private_key: :class:`str`</span>
<span class="sd"> :param private_key: File path of the private key</span>
<span class="sd"> :type ca_certs: :class:`str`</span>
<span class="sd"> :param ca_certs: File path of ca certificates</span>
<span class="sd"> :type ca_certs_dir: :class:`str`</span>
<span class="sd"> :param ca_certs_dir: Directory prepared using the c_rehash tool</span>
<span class="sd"> included with OpenSSL</span>
<span class="sd"> &quot;&quot;&quot;</span>
<span class="k">def</span> <span class="nf">callback_fn</span><span class="p">(</span><span class="n">conn</span><span class="p">,</span> <span class="n">cert</span><span class="p">,</span> <span class="n">errno</span><span class="p">,</span> <span class="n">depth</span><span class="p">,</span> <span class="n">result</span><span class="p">):</span> <span class="c"># pylint: disable=W0613</span>
<span class="sd">&quot;&quot;&quot;</span>
<span class="sd"> Callback to handle the cert validation</span>
<span class="sd"> :type conn: :class:`OpenSSL.SSL.Connection`</span>
<span class="sd"> :param conn: OpenSSL connection that triggered the verification</span>
<span class="sd"> :type cert: :class:`OpenSSL.crypto.X509`</span>
<span class="sd"> :param cert: Certificate that is being validated</span>
<span class="sd"> :type errno: :class:`int`</span>
<span class="sd"> :param errno: An integer containing the error number (0 in case no</span>
<span class="sd"> error) of the error detected. Error descriptions here:</span>
<span class="sd"> http://www.openssl.org/docs/apps/verify.html</span>
<span class="sd"> :type depth: :class:`int`</span>
<span class="sd"> :param depth: An integer indicating the depth of the certificate</span>
<span class="sd"> being validated. If it is 0 then it means it is the given</span>
<span class="sd"> certificate is the one being validated, in other case is one</span>
<span class="sd"> of the chain of certificates</span>
<span class="sd"> :type result: :class:`int`</span>
<span class="sd"> :param result: An integer that indicates whether the validation of</span>
<span class="sd"> the certificate currently being validated (the one in the</span>
<span class="sd"> second argument) passed or not the validation. A value of 1 is</span>
<span class="sd"> a successful validation and 0 an unsuccessful one.</span>
<span class="sd"> :rtype: :class:`bool`</span>
<span class="sd"> :return: True if the verification passes, False otherwise</span>
<span class="sd"> &quot;&quot;&quot;</span>
<span class="n">logger</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span>
<span class="s">&#39;Verifying SSL certificate at depth </span><span class="si">%s</span><span class="s">, subject </span><span class="si">%s</span><span class="s">, issuer </span><span class="si">%s</span><span class="s">&#39;</span><span class="p">,</span>
<span class="n">depth</span><span class="p">,</span> <span class="nb">repr</span><span class="p">(</span><span class="n">cert</span><span class="o">.</span><span class="n">get_subject</span><span class="p">()),</span> <span class="nb">repr</span><span class="p">(</span><span class="n">cert</span><span class="o">.</span><span class="n">get_issuer</span><span class="p">()))</span>
<span class="k">if</span> <span class="n">errno</span><span class="p">:</span>
<span class="k">try</span><span class="p">:</span>
<span class="n">fn</span> <span class="o">=</span> <span class="n">crypto</span><span class="o">.</span><span class="n">X509_verify_cert_error_string</span>
<span class="n">errmsg</span> <span class="o">=</span> <span class="s">&#39;:</span><span class="si">%s</span><span class="s">&#39;</span> <span class="o">%</span> <span class="n">fn</span><span class="p">(</span><span class="n">errno</span><span class="p">)</span>
<span class="k">except</span> <span class="ne">AttributeError</span><span class="p">:</span>
<span class="n">errmsg</span> <span class="o">=</span> <span class="s">&#39;&#39;</span>
<span class="n">logger</span><span class="o">.</span><span class="n">error</span><span class="p">(</span><span class="s">&#39;verify error </span><span class="si">%s</span><span class="s">: </span><span class="si">%s</span><span class="s">&#39;</span><span class="p">,</span> <span class="n">errno</span><span class="p">,</span> <span class="n">errmsg</span><span class="p">)</span>
<span class="k">return</span> <span class="bp">False</span>
<span class="k">return</span> <span class="bp">True</span>
<span class="bp">self</span><span class="o">.</span><span class="n">_context</span> <span class="o">=</span> <span class="n">SSL</span><span class="o">.</span><span class="n">Context</span><span class="p">(</span><span class="n">SSL</span><span class="o">.</span><span class="n">TLSv1_METHOD</span><span class="p">)</span>
<span class="c"># Disable the insecure SSLv2 connections</span>
<span class="c"># More background here: http://osvdb.org/show/osvdb/56387</span>
<span class="bp">self</span><span class="o">.</span><span class="n">_context</span><span class="o">.</span><span class="n">set_options</span><span class="p">(</span><span class="n">SSL</span><span class="o">.</span><span class="n">OP_NO_SSLv2</span><span class="p">)</span>
<span class="bp">self</span><span class="o">.</span><span class="n">_context</span><span class="o">.</span><span class="n">set_verify</span><span class="p">(</span><span class="n">SSL</span><span class="o">.</span><span class="n">VERIFY_PEER</span><span class="p">,</span> <span class="n">callback_fn</span><span class="p">)</span>
<span class="k">if</span> <span class="n">certificate</span><span class="p">:</span>
<span class="bp">self</span><span class="o">.</span><span class="n">_context</span><span class="o">.</span><span class="n">use_certificate_file</span><span class="p">(</span><span class="n">certificate</span><span class="p">)</span>
<span class="k">if</span> <span class="n">private_key</span><span class="p">:</span>
<span class="bp">self</span><span class="o">.</span><span class="n">_context</span><span class="o">.</span><span class="n">use_privatekey_file</span><span class="p">(</span><span class="n">private_key</span><span class="p">)</span>
<span class="k">if</span> <span class="n">ca_certs</span> <span class="ow">or</span> <span class="n">ca_certs_dir</span><span class="p">:</span>
<span class="k">try</span><span class="p">:</span>
<span class="bp">self</span><span class="o">.</span><span class="n">_context</span><span class="o">.</span><span class="n">load_verify_locations</span><span class="p">(</span>
<span class="n">ca_certs</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s">&#39;utf-8&#39;</span><span class="p">),</span> <span class="n">ca_certs_dir</span><span class="p">)</span>
<span class="k">except</span> <span class="ne">TypeError</span><span class="p">:</span>
<span class="bp">self</span><span class="o">.</span><span class="n">_context</span><span class="o">.</span><span class="n">load_verify_locations</span><span class="p">(</span>
<span class="n">ca_certs</span><span class="p">,</span> <span class="n">ca_certs_dir</span><span class="p">)</span>
<div class="viewcode-block" id="DefaultClientContextFactory.get_context"><a class="viewcode-back" href="../../../../vmware.vapi.lib.html#vmware.vapi.lib.ssl.DefaultClientContextFactory.get_context">[docs]</a> <span class="k">def</span> <span class="nf">get_context</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
<span class="sd">&quot;&quot;&quot;</span>
<span class="sd"> Returns the SSL context</span>
<span class="sd"> :rtype: :class:`OpenSSL.SSL.Context`</span>
<span class="sd"> :return: SSL context</span>
<span class="sd"> &quot;&quot;&quot;</span>
<span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">_context</span></div></div>
</pre></div>
</div>
</div>
</div>
<div class="sphinxsidebar">
<div class="sphinxsidebarwrapper">
<div id="searchbox" style="display: none">
<h3>Quick search</h3>
<form class="search" action="../../../../search.html" method="get">
<input type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
<p class="searchtip" style="font-size: 90%">
Enter search terms or a module, class or function name.
</p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../../../../genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="../../../../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li><a href="../../../../index.html">vCloud Suite SDK for Python 6.0.0 documentation</a> &raquo;</li>
<li><a href="../../../index.html" >Module code</a> &raquo;</li>
</ul>
</div>
<div class="footer">
&copy; Copyright 2014, VMware, Inc..
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3.
</div>
</body>
</html>