Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1 year ago
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394
  1. import os
  2. import ssl
  3. from . import errors
  4. from .transport import SSLHTTPAdapter
  5. class TLSConfig:
  6. """
  7. TLS configuration.
  8. Args:
  9. client_cert (tuple of str): Path to client cert, path to client key.
  10. ca_cert (str): Path to CA cert file.
  11. verify (bool or str): This can be a bool or a path to a CA cert
  12. file to verify against. If ``True``, verify using ca_cert;
  13. if ``False`` or not specified, do not verify.
  14. ssl_version (int): A valid `SSL version`_.
  15. assert_hostname (bool): Verify the hostname of the server.
  16. .. _`SSL version`:
  17. https://docs.python.org/3.5/library/ssl.html#ssl.PROTOCOL_TLSv1
  18. """
  19. cert = None
  20. ca_cert = None
  21. verify = None
  22. ssl_version = None
  23. def __init__(self, client_cert=None, ca_cert=None, verify=None,
  24. ssl_version=None, assert_hostname=None,
  25. assert_fingerprint=None):
  26. # Argument compatibility/mapping with
  27. # https://docs.docker.com/engine/articles/https/
  28. # This diverges from the Docker CLI in that users can specify 'tls'
  29. # here, but also disable any public/default CA pool verification by
  30. # leaving verify=False
  31. self.assert_hostname = assert_hostname
  32. self.assert_fingerprint = assert_fingerprint
  33. # If the user provides an SSL version, we should use their preference
  34. if ssl_version:
  35. self.ssl_version = ssl_version
  36. else:
  37. self.ssl_version = ssl.PROTOCOL_TLS_CLIENT
  38. # "client_cert" must have both or neither cert/key files. In
  39. # either case, Alert the user when both are expected, but any are
  40. # missing.
  41. if client_cert:
  42. try:
  43. tls_cert, tls_key = client_cert
  44. except ValueError:
  45. raise errors.TLSParameterError(
  46. 'client_cert must be a tuple of'
  47. ' (client certificate, key file)'
  48. )
  49. if not (tls_cert and tls_key) or (not os.path.isfile(tls_cert) or
  50. not os.path.isfile(tls_key)):
  51. raise errors.TLSParameterError(
  52. 'Path to a certificate and key files must be provided'
  53. ' through the client_cert param'
  54. )
  55. self.cert = (tls_cert, tls_key)
  56. # If verify is set, make sure the cert exists
  57. self.verify = verify
  58. self.ca_cert = ca_cert
  59. if self.verify and self.ca_cert and not os.path.isfile(self.ca_cert):
  60. raise errors.TLSParameterError(
  61. 'Invalid CA certificate provided for `ca_cert`.'
  62. )
  63. def configure_client(self, client):
  64. """
  65. Configure a client with these TLS options.
  66. """
  67. client.ssl_version = self.ssl_version
  68. if self.verify and self.ca_cert:
  69. client.verify = self.ca_cert
  70. else:
  71. client.verify = self.verify
  72. if self.cert:
  73. client.cert = self.cert
  74. client.mount('https://', SSLHTTPAdapter(
  75. ssl_version=self.ssl_version,
  76. assert_hostname=self.assert_hostname,
  77. assert_fingerprint=self.assert_fingerprint,
  78. ))