<variable id="data_dir" type="string">
<name>Data Directory </name>
<value>/var/lib/sfa/</value>
- <description>Directory where cached certficiates and other data is stored.
+ <description>Directory where cached certificates and other data is stored.
</description>
</variable>
it's subject name.</dd>
<dt><i>string</i></dt>
<dd>
-If string!=None, load the certficate from the string.</dd>
+If string!=None, load the certificate from the string.</dd>
<dt><i>filename</i></dt>
<dd>
-If filename!=None, load the certficiate from the file.</dd>
+If filename!=None, load the certificate from the file.</dd>
</dl><br />
</dd>
<dt><a id='cert.Certificate.add_extension-method' name='cert.Certificate.add_extension-method'><b>add_extension(name, critical, value)</b></a> [<a href='#cert.Certificate.add_extension-method'>#</a>]</dt>
</dd>
<dt><a id='cert.Certificate.set_parent-method' name='cert.Certificate.set_parent-method'><b>set_parent(p)</b></a> [<a href='#cert.Certificate.set_parent-method'>#</a>]</dt>
<dd>
-<p>Set the parent certficiate.</p>
+<p>Set the parent certificate.</p>
<dl>
<dt><i>p</i></dt>
<dd>
# so the defaults below are of no real importance
# this for now points at demo.myslice.info, but sounds like a
# better default for the long run
-DEFAULT_URL = "http://myslice.onelab.eu:7080"
-DEFAULT_PLATFORM = 'ple'
-
-# starting with 2.7.9 we need to turn off server verification
-import ssl
-try:
- turn_off_server_verify = {'context': ssl._create_unverified_context()}
-except:
- turn_off_server_verify = {}
-
import getpass
import xmlrpc.client
+from sfa.util.ssl import simple_ssl_context
+
+DEFAULT_URL = "http://myslice.onelab.eu:7080"
+DEFAULT_PLATFORM = 'ple'
+
class ManifoldUploader:
"""A utility class for uploading delegated credentials to a manifold/MySlice infrastructure"""
# won't be happy with several calls issued in the same session
# so we do not cache this one
def proxy(self):
- # if not self._proxy:
- # url=self.url()
- # self.logger.info("Connecting manifold url %s"%url)
- # self._proxy = xmlrpc.client.ServerProxy(url, allow_none = True)
- # return self._proxy
url = self.url()
self.logger.debug("Connecting manifold url %s" % url)
- proxy = xmlrpc.client.ServerProxy(url, allow_none=True,
- **turn_off_server_verify)
-
- return proxy
+ return xmlrpc.client.ServerProxy(url, allow_none=True,
+ context=simple_ssl_context())
# does the job for one credential
# expects the credential (string) and an optional message (e.g. hrn) for reporting
# XMLRPC-specific code for SFA Client
-# starting with 2.7.9 we need to turn off server verification
-import ssl
-try:
- turn_off_server_verify = {'context': ssl._create_unverified_context()}
-except:
- turn_off_server_verify = {}
+from sfa.util.ssl import simple_ssl_context
import xmlrpc.client
import http.client
# create a HTTPS connection object from a host descriptor
# host may be a string, or a (host, x509-dict) tuple
host, extra_headers, x509 = self.get_host_info(host)
- conn = http.client.HTTPSConnection(host, None, key_file=self.key_file,
- cert_file=self.cert_file,
- **turn_off_server_verify)
+ conn = http.client.HTTPSConnection(
+ host, None, key_file=self.key_file,
+ cert_file=self.cert_file, context=simple_ssl_context())
# Some logic to deal with timeouts. It appears that some (or all) versions
# of python don't set the timeout after the socket is created. We'll do it
# remember url for GetVersion
# xxx not sure this is still needed as SfaServerProxy has this too
self.url = url
- xmlrpc.client.ServerProxy.__init__(self, url, transport, allow_none=allow_none,
- verbose=verbose,
- **turn_off_server_verify)
+ xmlrpc.client.ServerProxy.__init__(
+ self, url, transport, allow_none=allow_none,
+ context=simple_ssl_context(), verbose=verbose)
def __getattr__(self, attr):
logger.debug("xml-rpc %s method:%s" % (self.url, attr))
from urllib.parse import urlparse
from sfa.util.sfalogging import logger
-
+from sfa.util.ssl import simple_ssl_context
class PlShell:
"""
'Username': str(config.SFA_PLC_USER),
'AuthString': str(config.SFA_PLC_PASSWORD),
}
- # minimal verification for backwards compat
- import ssl
- ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS)
- ssl_context.verify_mode = ssl.CERT_NONE
self.proxy = xmlrpc.client.ServerProxy(
- url, verbose=False, allow_none=True, context=ssl_context)
+ url, verbose=False, allow_none=True,
+ context=simple_ssl_context())
def __getattr__(self, name):
def func(*args, **kwds):
# public key.
def load_from_file(self, filename):
- logger.info(f"opening {filename} from certficate.load_from_file")
self.filename = filename
buffer = open(filename, 'r').read()
self.load_from_string(buffer)
# @param create If create==True, then also create a blank X509 certificate.
# @param subject If subject!=None, then create a blank certificate and set
# it's subject name.
- # @param string If string!=None, load the certficate from the string.
- # @param filename If filename!=None, load the certficiate from the file.
+ # @param string If string!=None, load the certificate from the string.
+ # @param filename If filename!=None, load the certificate from the file.
# @param isCA If !=None, set whether this cert is for a CA
def __init__(self, lifeDays=1825, create=False, subject=None, string=None,
return result
##
- # Set the parent certficiate.
+ # Set the parent certificate.
#
# @param p certificate object.
--- /dev/null
+import ssl
+
+def simple_ssl_context():
+ """
+ an SSL context that turns off server verification
+ """
+ ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS)
+ ssl_context.verify_mode = ssl.CERT_NONE
+ return ssl_context