Home Explore Help
Sign In
FFDN
/
ndg_httpsclient
6
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

* Added support for key file pass-phrase for make_ssl_context func in ndg.httpsclient.ssl_context_util

git-svn-id: http://proj.badc.rl.ac.uk/svn/ndg-security/trunk/ndg_httpsclient@8258 051b1e3e-aa0c-0410-b6c2-bfbade6052be
pjkersha 12 years ago
parent
fea79af5ed
commit
9eea189ca6
2 changed files with 16 additions and 4 deletions
Split View Show Diff Stats
  1. 11 4
      ndg/httpsclient/ssl_context_util.py
  2. 5 0
      ndg/httpsclient/utils.py

+ 11 - 4
ndg/httpsclient/ssl_context_util.py
View File 

@@ -36,7 +36,8 @@ def make_ssl_context_from_config(ssl_config=False, url=None):
 
 
 
 def make_ssl_context(key_file=None, cert_file=None, pem_file=None, ca_dir=None,
 
-                     verify_peer=False, url=None, method=SSL.SSLv23_METHOD):
 
+                     verify_peer=False, url=None, method=SSL.SSLv23_METHOD,
 
+                     key_file_passphrase=None):
 
     """
 
     Creates SSL context containing certificate and key file locations.
 
     """
 
@@ -45,11 +46,16 @@ def make_ssl_context(key_file=None, cert_file=None, pem_file=None, ca_dir=None,
 
     # Key file defaults to certificate file if present.
 
     if cert_file:
 
         ssl_context.use_certificate_file(cert_file)
 
+        
+    if key_file_passphrase:
 
+        passwd_cb = lambda max_passphrase_len, set_prompt, userdata: \
 
+                           key_file_passphrase 
+        ssl_context.set_passwd_cb(passwd_cb)
 
+        
     if key_file:
 
         ssl_context.use_privatekey_file(key_file)
 
-    else:
 
-        if cert_file:
 
-            ssl_context.use_privatekey_file(cert_file)
 
+    elif cert_file:
 
+        ssl_context.use_privatekey_file(cert_file)
 
 
     if pem_file or ca_dir:
 
         ssl_context.load_verify_locations(pem_file, ca_dir)
 
@@ -70,6 +76,7 @@ def make_ssl_context(key_file=None, cert_file=None, pem_file=None, ca_dir=None,
 
             ssl_context.set_verify(SSL.VERIFY_PEER, verify_callback)
 
     else:
 
         ssl_context.set_verify(SSL.VERIFY_NONE, verify_callback)
 
+        
     return ssl_context

+ 5 - 0
ndg/httpsclient/utils.py
View File 

@@ -109,6 +109,10 @@ def fetch_stream_from_url(url, config, data=None, handlers=None):
 
     @type url: basestring
 
     @param config: SSL context configuration
 
     @type config: Configuration
 
+    @param data: HTTP POST data
 
+    @type data: str
 
+    @param handlers: list of custom urllib2 handlers to add to the request
 
+    @type handlers: iterable
 
     @return: data retrieved from URL or None
 
     @rtype: file derived type
 
     """
 
@@ -141,6 +145,7 @@ def open_url(url, config, data=None, handlers=None):
 
         cj = config.cookie
 
     else:
 
         cj = cookielib.CookieJar()
 
+        
     # Use a cookie processor that accumulates cookies when redirects occur so
 
     # that an application can redirect for authentication and retain both any
 
     # cookies for the application and the security system (c.f.,