pyignite/connection/ssl.py - ignite-python-thin-client - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 import ssl
 from ssl import SSLContext

 from pyignite.constants import SSL_DEFAULT_CIPHERS, SSL_DEFAULT_VERSION
 from pyignite.exceptions import ParameterError


 def wrap(socket, ssl_params):
     """ Wrap socket in SSL wrapper. """
     if not ssl_params.get('use_ssl'):
         return socket

     context = create_ssl_context(ssl_params)

     return context.wrap_socket(sock=socket)


 def check_ssl_params(params):
     expected_args = [
         'use_ssl',
         'ssl_version',
         'ssl_ciphers',
         'ssl_cert_reqs',
         'ssl_keyfile',
         'ssl_keyfile_password',
         'ssl_certfile',
         'ssl_ca_certfile',
     ]
     for param in params:
         if param not in expected_args:
             raise ParameterError((
                 'Unexpected parameter for connection initialization: `{}`'
             ).format(param))


 def create_ssl_context(ssl_params):
     if not ssl_params.get('use_ssl'):
         return None

     keyfile = ssl_params.get('ssl_keyfile', None)
     certfile = ssl_params.get('ssl_certfile', None)

     if keyfile and not certfile:
         raise ValueError("certfile must be specified")

     password = ssl_params.get('ssl_keyfile_password', None)
     ssl_version = ssl_params.get('ssl_version', SSL_DEFAULT_VERSION)
     ciphers = ssl_params.get('ssl_ciphers', SSL_DEFAULT_CIPHERS)
     cert_reqs = ssl_params.get('ssl_cert_reqs', ssl.CERT_NONE)
     ca_certs = ssl_params.get('ssl_ca_certfile', None)

     context = SSLContext(ssl_version)
     context.verify_mode = cert_reqs

     if ca_certs:
         context.load_verify_locations(ca_certs)
     if certfile:
         context.load_cert_chain(certfile, keyfile, password)
     if ciphers:
         context.set_ciphers(ciphers)

     return context
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	import ssl
	from ssl import SSLContext

	from pyignite.constants import SSL_DEFAULT_CIPHERS, SSL_DEFAULT_VERSION
	from pyignite.exceptions import ParameterError


	def wrap(socket, ssl_params):
	""" Wrap socket in SSL wrapper. """
	if not ssl_params.get('use_ssl'):
	return socket

	context = create_ssl_context(ssl_params)

	return context.wrap_socket(sock=socket)


	def check_ssl_params(params):
	expected_args = [
	'use_ssl',
	'ssl_version',
	'ssl_ciphers',
	'ssl_cert_reqs',
	'ssl_keyfile',
	'ssl_keyfile_password',
	'ssl_certfile',
	'ssl_ca_certfile',
	]
	for param in params:
	if param not in expected_args:
	raise ParameterError((
	'Unexpected parameter for connection initialization: `{}`'
	).format(param))


	def create_ssl_context(ssl_params):
	if not ssl_params.get('use_ssl'):
	return None

	keyfile = ssl_params.get('ssl_keyfile', None)
	certfile = ssl_params.get('ssl_certfile', None)

	if keyfile and not certfile:
	raise ValueError("certfile must be specified")

	password = ssl_params.get('ssl_keyfile_password', None)
	ssl_version = ssl_params.get('ssl_version', SSL_DEFAULT_VERSION)
	ciphers = ssl_params.get('ssl_ciphers', SSL_DEFAULT_CIPHERS)
	cert_reqs = ssl_params.get('ssl_cert_reqs', ssl.CERT_NONE)
	ca_certs = ssl_params.get('ssl_ca_certfile', None)

	context = SSLContext(ssl_version)
	context.verify_mode = cert_reqs

	if ca_certs:
	context.load_verify_locations(ca_certs)
	if certfile:
	context.load_cert_chain(certfile, keyfile, password)
	if ciphers:
	context.set_ciphers(ciphers)

	return context