| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 |
- # -*- coding: utf-8 -*-
- """
- celery.security
- ~~~~~~~~~~~~~~~
-
- Module implementing the signing message serializer.
-
- """
- from __future__ import absolute_import
-
- from kombu.serialization import (
- registry, disable_insecure_serializers as _disable_insecure_serializers,
- )
-
- from celery.exceptions import ImproperlyConfigured
-
- from .serialization import register_auth
-
- SSL_NOT_INSTALLED = """\
- You need to install the pyOpenSSL library to use the auth serializer.
- Please install by:
-
- $ pip install pyOpenSSL
- """
-
- SETTING_MISSING = """\
- Sorry, but you have to configure the
- * CELERY_SECURITY_KEY
- * CELERY_SECURITY_CERTIFICATE, and the
- * CELERY_SECURITY_CERT_STORE
- configuration settings to use the auth serializer.
-
- Please see the configuration reference for more information.
- """
-
- __all__ = ['setup_security']
-
-
- def setup_security(allowed_serializers=None, key=None, cert=None, store=None,
- digest='sha1', serializer='json', app=None):
- """See :meth:`@Celery.setup_security`."""
- if app is None:
- from celery import current_app
- app = current_app._get_current_object()
-
- _disable_insecure_serializers(allowed_serializers)
-
- conf = app.conf
- if conf.CELERY_TASK_SERIALIZER != 'auth':
- return
-
- try:
- from OpenSSL import crypto # noqa
- except ImportError:
- raise ImproperlyConfigured(SSL_NOT_INSTALLED)
-
- key = key or conf.CELERY_SECURITY_KEY
- cert = cert or conf.CELERY_SECURITY_CERTIFICATE
- store = store or conf.CELERY_SECURITY_CERT_STORE
-
- if not (key and cert and store):
- raise ImproperlyConfigured(SETTING_MISSING)
-
- with open(key) as kf:
- with open(cert) as cf:
- register_auth(kf.read(), cf.read(), store, digest, serializer)
- registry._set_default_serializer('auth')
-
-
- def disable_untrusted_serializers(whitelist=None):
- _disable_insecure_serializers(allowed=whitelist)
|
