mirror of
https://github.com/vmware/vsphere-automation-sdk-python.git
synced 2024-11-25 10:50:00 -05:00
214 lines
16 KiB
HTML
214 lines
16 KiB
HTML
|
|
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
|
|
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
|
|
<title>vmware.vapi.lib.ssl — vCloud Suite SDK for Python 6.0.0 documentation</title>
|
|
|
|
<link rel="stylesheet" href="../../../../_static/vapitheme.css" type="text/css" />
|
|
<link rel="stylesheet" href="../../../../_static/pygments.css" type="text/css" />
|
|
|
|
<script type="text/javascript">
|
|
var DOCUMENTATION_OPTIONS = {
|
|
URL_ROOT: '../../../../',
|
|
VERSION: '6.0.0',
|
|
COLLAPSE_INDEX: false,
|
|
FILE_SUFFIX: '.html',
|
|
HAS_SOURCE: true
|
|
};
|
|
</script>
|
|
<script type="text/javascript" src="../../../../_static/jquery.js"></script>
|
|
<script type="text/javascript" src="../../../../_static/underscore.js"></script>
|
|
<script type="text/javascript" src="../../../../_static/doctools.js"></script>
|
|
<link rel="top" title="vCloud Suite SDK for Python 6.0.0 documentation" href="../../../../index.html" />
|
|
<link rel="up" title="Module code" href="../../../index.html" />
|
|
</head>
|
|
<body>
|
|
<div class="related">
|
|
<h3>Navigation</h3>
|
|
<ul>
|
|
<li class="right" style="margin-right: 10px">
|
|
<a href="../../../../genindex.html" title="General Index"
|
|
accesskey="I">index</a></li>
|
|
<li class="right" >
|
|
<a href="../../../../py-modindex.html" title="Python Module Index"
|
|
>modules</a> |</li>
|
|
<li><a href="../../../../index.html">vCloud Suite SDK for Python 6.0.0 documentation</a> »</li>
|
|
<li><a href="../../../index.html" accesskey="U">Module code</a> »</li>
|
|
</ul>
|
|
</div>
|
|
|
|
<div class="document">
|
|
<div class="documentwrapper">
|
|
<div class="bodywrapper">
|
|
<div class="body">
|
|
|
|
<h1>Source code for vmware.vapi.lib.ssl</h1><div class="highlight"><pre>
|
|
<span class="sd">"""</span>
|
|
<span class="sd">SSL Context factories</span>
|
|
<span class="sd">"""</span>
|
|
|
|
<span class="n">__author__</span> <span class="o">=</span> <span class="s">'VMware, Inc.'</span>
|
|
<span class="n">__copyright__</span> <span class="o">=</span> <span class="s">'Copyright 2013 VMware, Inc. All rights reserved. -- VMware Confidential'</span>
|
|
|
|
<span class="kn">import</span> <span class="nn">logging</span>
|
|
<span class="kn">from</span> <span class="nn">OpenSSL</span> <span class="kn">import</span> <span class="n">SSL</span><span class="p">,</span> <span class="n">crypto</span>
|
|
|
|
<span class="n">logger</span> <span class="o">=</span> <span class="n">logging</span><span class="o">.</span><span class="n">getLogger</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span>
|
|
|
|
|
|
<div class="viewcode-block" id="ClientContextFactory"><a class="viewcode-back" href="../../../../vmware.vapi.lib.html#vmware.vapi.lib.ssl.ClientContextFactory">[docs]</a><span class="k">class</span> <span class="nc">ClientContextFactory</span><span class="p">(</span><span class="nb">object</span><span class="p">):</span> <span class="c"># pylint: disable=R0922</span>
|
|
<span class="sd">"""</span>
|
|
<span class="sd"> Context factory base class. This class should be used to set the</span>
|
|
<span class="sd"> SSL options</span>
|
|
<span class="sd"> """</span>
|
|
<div class="viewcode-block" id="ClientContextFactory.get_context"><a class="viewcode-back" href="../../../../vmware.vapi.lib.html#vmware.vapi.lib.ssl.ClientContextFactory.get_context">[docs]</a> <span class="k">def</span> <span class="nf">get_context</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
|
|
<span class="sd">"""</span>
|
|
<span class="sd"> Returns the SSL context</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">raise</span> <span class="ne">NotImplementedError</span>
|
|
|
|
</div></div>
|
|
<div class="viewcode-block" id="DefaultClientContextFactory"><a class="viewcode-back" href="../../../../vmware.vapi.lib.html#vmware.vapi.lib.ssl.DefaultClientContextFactory">[docs]</a><span class="k">class</span> <span class="nc">DefaultClientContextFactory</span><span class="p">(</span><span class="n">ClientContextFactory</span><span class="p">):</span>
|
|
<span class="sd">"""</span>
|
|
<span class="sd"> Default SSL context class. This chooses some default options for SSL context.</span>
|
|
<span class="sd"> Clients can retrieve the context.</span>
|
|
|
|
<span class="sd"> To modify the context and set some options directly. Create a class like below</span>
|
|
<span class="sd"> and set the options. Pass this to the get_connector function</span>
|
|
|
|
<span class="sd"> class CustomClientContextFactory(DefaultClientContextFactory):</span>
|
|
<span class="sd"> def getContext(self):</span>
|
|
<span class="sd"> ctx = DefaultClientContextFactory.getContext(self)</span>
|
|
<span class="sd"> # modify ctx</span>
|
|
<span class="sd"> return ctx</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">certificate</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">private_key</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">ca_certs</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span>
|
|
<span class="n">ca_certs_dir</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span>
|
|
<span class="sd">"""</span>
|
|
<span class="sd"> Initialize DefaultClientContextFactory</span>
|
|
|
|
<span class="sd"> :type certificate: :class:`str`</span>
|
|
<span class="sd"> :param certificate: File path of the certificate</span>
|
|
<span class="sd"> :type private_key: :class:`str`</span>
|
|
<span class="sd"> :param private_key: File path of the private key</span>
|
|
<span class="sd"> :type ca_certs: :class:`str`</span>
|
|
<span class="sd"> :param ca_certs: File path of ca certificates</span>
|
|
<span class="sd"> :type ca_certs_dir: :class:`str`</span>
|
|
<span class="sd"> :param ca_certs_dir: Directory prepared using the c_rehash tool</span>
|
|
<span class="sd"> included with OpenSSL</span>
|
|
<span class="sd"> """</span>
|
|
|
|
<span class="k">def</span> <span class="nf">callback_fn</span><span class="p">(</span><span class="n">conn</span><span class="p">,</span> <span class="n">cert</span><span class="p">,</span> <span class="n">errno</span><span class="p">,</span> <span class="n">depth</span><span class="p">,</span> <span class="n">result</span><span class="p">):</span> <span class="c"># pylint: disable=W0613</span>
|
|
<span class="sd">"""</span>
|
|
<span class="sd"> Callback to handle the cert validation</span>
|
|
|
|
<span class="sd"> :type conn: :class:`OpenSSL.SSL.Connection`</span>
|
|
<span class="sd"> :param conn: OpenSSL connection that triggered the verification</span>
|
|
<span class="sd"> :type cert: :class:`OpenSSL.crypto.X509`</span>
|
|
<span class="sd"> :param cert: Certificate that is being validated</span>
|
|
<span class="sd"> :type errno: :class:`int`</span>
|
|
<span class="sd"> :param errno: An integer containing the error number (0 in case no</span>
|
|
<span class="sd"> error) of the error detected. Error descriptions here:</span>
|
|
<span class="sd"> http://www.openssl.org/docs/apps/verify.html</span>
|
|
<span class="sd"> :type depth: :class:`int`</span>
|
|
<span class="sd"> :param depth: An integer indicating the depth of the certificate</span>
|
|
<span class="sd"> being validated. If it is 0 then it means it is the given</span>
|
|
<span class="sd"> certificate is the one being validated, in other case is one</span>
|
|
<span class="sd"> of the chain of certificates</span>
|
|
<span class="sd"> :type result: :class:`int`</span>
|
|
<span class="sd"> :param result: An integer that indicates whether the validation of</span>
|
|
<span class="sd"> the certificate currently being validated (the one in the</span>
|
|
<span class="sd"> second argument) passed or not the validation. A value of 1 is</span>
|
|
<span class="sd"> a successful validation and 0 an unsuccessful one.</span>
|
|
<span class="sd"> :rtype: :class:`bool`</span>
|
|
<span class="sd"> :return: True if the verification passes, False otherwise</span>
|
|
<span class="sd"> """</span>
|
|
<span class="n">logger</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span>
|
|
<span class="s">'Verifying SSL certificate at depth </span><span class="si">%s</span><span class="s">, subject </span><span class="si">%s</span><span class="s">, issuer </span><span class="si">%s</span><span class="s">'</span><span class="p">,</span>
|
|
<span class="n">depth</span><span class="p">,</span> <span class="nb">repr</span><span class="p">(</span><span class="n">cert</span><span class="o">.</span><span class="n">get_subject</span><span class="p">()),</span> <span class="nb">repr</span><span class="p">(</span><span class="n">cert</span><span class="o">.</span><span class="n">get_issuer</span><span class="p">()))</span>
|
|
|
|
<span class="k">if</span> <span class="n">errno</span><span class="p">:</span>
|
|
<span class="k">try</span><span class="p">:</span>
|
|
<span class="n">fn</span> <span class="o">=</span> <span class="n">crypto</span><span class="o">.</span><span class="n">X509_verify_cert_error_string</span>
|
|
<span class="n">errmsg</span> <span class="o">=</span> <span class="s">':</span><span class="si">%s</span><span class="s">'</span> <span class="o">%</span> <span class="n">fn</span><span class="p">(</span><span class="n">errno</span><span class="p">)</span>
|
|
<span class="k">except</span> <span class="ne">AttributeError</span><span class="p">:</span>
|
|
<span class="n">errmsg</span> <span class="o">=</span> <span class="s">''</span>
|
|
<span class="n">logger</span><span class="o">.</span><span class="n">error</span><span class="p">(</span><span class="s">'verify error </span><span class="si">%s</span><span class="s">: </span><span class="si">%s</span><span class="s">'</span><span class="p">,</span> <span class="n">errno</span><span class="p">,</span> <span class="n">errmsg</span><span class="p">)</span>
|
|
<span class="k">return</span> <span class="bp">False</span>
|
|
<span class="k">return</span> <span class="bp">True</span>
|
|
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_context</span> <span class="o">=</span> <span class="n">SSL</span><span class="o">.</span><span class="n">Context</span><span class="p">(</span><span class="n">SSL</span><span class="o">.</span><span class="n">TLSv1_METHOD</span><span class="p">)</span>
|
|
<span class="c"># Disable the insecure SSLv2 connections</span>
|
|
<span class="c"># More background here: http://osvdb.org/show/osvdb/56387</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_context</span><span class="o">.</span><span class="n">set_options</span><span class="p">(</span><span class="n">SSL</span><span class="o">.</span><span class="n">OP_NO_SSLv2</span><span class="p">)</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_context</span><span class="o">.</span><span class="n">set_verify</span><span class="p">(</span><span class="n">SSL</span><span class="o">.</span><span class="n">VERIFY_PEER</span><span class="p">,</span> <span class="n">callback_fn</span><span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="n">certificate</span><span class="p">:</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_context</span><span class="o">.</span><span class="n">use_certificate_file</span><span class="p">(</span><span class="n">certificate</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">private_key</span><span class="p">:</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_context</span><span class="o">.</span><span class="n">use_privatekey_file</span><span class="p">(</span><span class="n">private_key</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">ca_certs</span> <span class="ow">or</span> <span class="n">ca_certs_dir</span><span class="p">:</span>
|
|
<span class="k">try</span><span class="p">:</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_context</span><span class="o">.</span><span class="n">load_verify_locations</span><span class="p">(</span>
|
|
<span class="n">ca_certs</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s">'utf-8'</span><span class="p">),</span> <span class="n">ca_certs_dir</span><span class="p">)</span>
|
|
<span class="k">except</span> <span class="ne">TypeError</span><span class="p">:</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_context</span><span class="o">.</span><span class="n">load_verify_locations</span><span class="p">(</span>
|
|
<span class="n">ca_certs</span><span class="p">,</span> <span class="n">ca_certs_dir</span><span class="p">)</span>
|
|
|
|
<div class="viewcode-block" id="DefaultClientContextFactory.get_context"><a class="viewcode-back" href="../../../../vmware.vapi.lib.html#vmware.vapi.lib.ssl.DefaultClientContextFactory.get_context">[docs]</a> <span class="k">def</span> <span class="nf">get_context</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
|
|
<span class="sd">"""</span>
|
|
<span class="sd"> Returns the SSL context</span>
|
|
|
|
<span class="sd"> :rtype: :class:`OpenSSL.SSL.Context`</span>
|
|
<span class="sd"> :return: SSL context</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">_context</span></div></div>
|
|
</pre></div>
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sphinxsidebar">
|
|
<div class="sphinxsidebarwrapper">
|
|
<div id="searchbox" style="display: none">
|
|
<h3>Quick search</h3>
|
|
<form class="search" action="../../../../search.html" method="get">
|
|
<input type="text" name="q" />
|
|
<input type="submit" value="Go" />
|
|
<input type="hidden" name="check_keywords" value="yes" />
|
|
<input type="hidden" name="area" value="default" />
|
|
</form>
|
|
<p class="searchtip" style="font-size: 90%">
|
|
Enter search terms or a module, class or function name.
|
|
</p>
|
|
</div>
|
|
<script type="text/javascript">$('#searchbox').show(0);</script>
|
|
</div>
|
|
</div>
|
|
<div class="clearer"></div>
|
|
</div>
|
|
<div class="related">
|
|
<h3>Navigation</h3>
|
|
<ul>
|
|
<li class="right" style="margin-right: 10px">
|
|
<a href="../../../../genindex.html" title="General Index"
|
|
>index</a></li>
|
|
<li class="right" >
|
|
<a href="../../../../py-modindex.html" title="Python Module Index"
|
|
>modules</a> |</li>
|
|
<li><a href="../../../../index.html">vCloud Suite SDK for Python 6.0.0 documentation</a> »</li>
|
|
<li><a href="../../../index.html" >Module code</a> »</li>
|
|
</ul>
|
|
</div>
|
|
<div class="footer">
|
|
© Copyright 2014, VMware, Inc..
|
|
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3.
|
|
</div>
|
|
</body>
|
|
</html> |