FFDN
/
ndg_httpsclient


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
							import urlparse

from OpenSSL import SSL

from urllib2pyopenssl.ssl_peer_verification import ServerSSLCertVerification

class SSlContextConfig(object):
    """
    Holds configuration options for creating a SSL context. This is used as a
    template to create the contexts with specific verification callbacks.
    """
    def __init__(self, key_file=None, cert_file=None, pem_file=None, ca_dir=None,
                 verify_peer=False):
        self.key_file = key_file
        self.cert_file = cert_file
        self.pem_file = pem_file
        self.ca_dir = ca_dir
        self.verify_peer = verify_peer

def make_ssl_context_from_config(ssl_config=False, url=None):
    return make_ssl_context(ssl_config.key_file, ssl_config.cert_file,
                            ssl_config.pem_file, ssl_config.ca_dir,
                            ssl_config.verify_peer, url)

def make_ssl_context(key_file=None, cert_file=None, pem_file=None, ca_dir=None,
                     verify_peer=False, url=None):
    """
    Creates SSL context containing certificate and key file locations.
    """
    ssl_context = SSL.Context(SSL.SSLv23_METHOD)
    # Key file defaults to certificate file if present.
    if cert_file:
        ssl_context.use_certificate_file(cert_file)
    if key_file:
        ssl_context.use_privatekey_file(key_file)
    else:
        if cert_file:
            ssl_context.use_privatekey_file(cert_file)

    if ca_dir:
        ssl_context.load_verify_locations(pem_file, ca_dir)

    def _callback(conn, x509, errnum, errdepth, preverify_ok):
        """Default certification verification callback.
        Performs no checks and returns the status passed in.
        """
        return preverify_ok
    verify_callback = _callback

    if verify_peer:
        ssl_context.set_verify_depth(9)
        if url:
            set_peer_verification_for_url_hostname(ssl_context, url)
        else:
            ssl_context.set_verify(SSL.VERIFY_PEER, verify_callback)
    else:
        ssl_context.set_verify(SSL.VERIFY_NONE, verify_callback)
    return ssl_context

def set_peer_verification_for_url_hostname(ssl_context, url, if_verify_enabled=False):
    if not if_verify_enabled or (ssl_context.get_verify_mode() & SSL.VERIFY_PEER):
        urlObj = urlparse.urlparse(url)
        hostname = urlObj.hostname
        verify_callback = ServerSSLCertVerification(hostname=hostname)
        ssl_context.set_verify(SSL.VERIFY_PEER, verify_callback)