|
1 | 1 | import importlib |
| 2 | +import io |
| 3 | +import json |
2 | 4 | import logging |
3 | | -import os |
| 5 | +import ssl |
4 | 6 | import sys |
5 | | - |
6 | 7 | from http.cookiejar import Cookie |
7 | 8 | from http.cookiejar import http2time |
8 | 9 |
|
9 | | -import io |
10 | | -import json |
11 | 10 | import yaml |
12 | | - |
13 | 11 | from oidcservice import sanitize |
14 | 12 | from oidcservice.exception import TimeFormatError |
15 | 13 | from oidcservice.exception import WrongContentType |
|
30 | 28 | "path": "path_specified" |
31 | 29 | } |
32 | 30 |
|
33 | | - |
34 | | -ATTRS = {"version": None, |
35 | | - "name": "", |
36 | | - "value": None, |
37 | | - "port": None, |
38 | | - "port_specified": False, |
39 | | - "domain": "", |
40 | | - "domain_specified": False, |
41 | | - "domain_initial_dot": False, |
42 | | - "path": "", |
43 | | - "path_specified": False, |
44 | | - "secure": False, |
45 | | - "expires": None, |
46 | | - "discard": True, |
47 | | - "comment": None, |
48 | | - "comment_url": None, |
49 | | - "rest": "", |
50 | | - "rfc2109": True} |
| 31 | +ATTRS = { |
| 32 | + "version": None, |
| 33 | + "name": "", |
| 34 | + "value": None, |
| 35 | + "port": None, |
| 36 | + "port_specified": False, |
| 37 | + "domain": "", |
| 38 | + "domain_specified": False, |
| 39 | + "domain_initial_dot": False, |
| 40 | + "path": "", |
| 41 | + "path_specified": False, |
| 42 | + "secure": False, |
| 43 | + "expires": None, |
| 44 | + "discard": True, |
| 45 | + "comment": None, |
| 46 | + "comment_url": None, |
| 47 | + "rest": "", |
| 48 | + "rfc2109": True |
| 49 | +} |
51 | 50 |
|
52 | 51 |
|
53 | 52 | def match_to_(val, vlist): |
@@ -277,3 +276,64 @@ def yaml_to_py_stream(file_name): |
277 | 276 | fstream.write(section) |
278 | 277 | fstream.seek(0) |
279 | 278 | return fstream |
| 279 | + |
| 280 | + |
| 281 | +def has_method(o, name): |
| 282 | + """ Verifies whether an object has a specific method """ |
| 283 | + return callable(getattr(o, name, None)) |
| 284 | + |
| 285 | + |
| 286 | +def lower_or_upper(config, param, default=None): |
| 287 | + res = config.get(param.lower(), default) |
| 288 | + if not res: |
| 289 | + res = config.get(param.upper(), default) |
| 290 | + return res |
| 291 | + |
| 292 | + |
| 293 | +def create_context(dir_path, config, **kwargs): |
| 294 | + _fname = lower_or_upper(config, "server_cert") |
| 295 | + if _fname: |
| 296 | + _cert_file = "{}/{}".format(dir_path, _fname) |
| 297 | + else: |
| 298 | + return None |
| 299 | + _fname = lower_or_upper(config, "server_key") |
| 300 | + if _fname: |
| 301 | + _key_file = "{}/{}".format(dir_path, _fname) |
| 302 | + else: |
| 303 | + return None |
| 304 | + |
| 305 | + context = ssl.SSLContext(**kwargs) # PROTOCOL_TLS by default |
| 306 | + |
| 307 | + _verify_user = lower_or_upper(config, "verify_user") |
| 308 | + if _verify_user: |
| 309 | + if _verify_user == "optional": |
| 310 | + context.verify_mode = ssl.CERT_OPTIONAL |
| 311 | + elif _verify_user == "required": |
| 312 | + context.verify_mode = ssl.CERT_REQUIRED |
| 313 | + else: |
| 314 | + sys.exit("Unknown verify_user specification: '{}'".format(_verify_user)) |
| 315 | + _ca_bundle = lower_or_upper(config, "ca_bundle") |
| 316 | + if _ca_bundle: |
| 317 | + context.load_verify_locations(_ca_bundle) |
| 318 | + else: |
| 319 | + context.verify_mode = ssl.CERT_NONE |
| 320 | + |
| 321 | + try: |
| 322 | + context.load_cert_chain(_cert_file, _key_file) |
| 323 | + except Exception as e: |
| 324 | + sys.exit("Error starting server. Missing cert or key. Details: {}".format(e)) |
| 325 | + |
| 326 | + return context |
| 327 | + |
| 328 | + |
| 329 | +def get_http_params(config): |
| 330 | + params = {"verify": config.get('verify_ssl')} |
| 331 | + _cert = config.get('client_cert') |
| 332 | + _key = config.get('client_key') |
| 333 | + if _cert: |
| 334 | + if _key: |
| 335 | + params['cert'] = (_cert, _key) |
| 336 | + else: |
| 337 | + params['cert'] = _cert |
| 338 | + |
| 339 | + return params |
0 commit comments