~ubuntu-branches/ubuntu/saucy/python-glanceclient/saucy

Viewing changes to glanceclient/common/http.py

Committer: Package Import Robot
Author(s): Chuck Short, Adam Gandelman, Chuck Short
Date: 2012-11-23 10:22:06 UTC
mfrom: (1.1.6)
Revision ID: package-import@ubuntu.com-20121123102206-0dlq52aydhudnrrc

Tags: 1:0.6.0-0ubuntu1

[ Adam Gandelman ]
* Ensure python-prettytable >= 0.6. (LP: #1073275)
* debian/control, pydist-overrides: Add python-openssl override.

[ Chuck Short ]
* New usptream release.

files added:
tests/test_http.py

tests/test_ssl.py

tests/var

tests/var/ca.crt

tests/var/certificate.crt

tests/var/privatekey.key

files removed:
glanceclient/version.py

files modified:
AUTHORS

ChangeLog

PKG-INFO

debian/changelog

debian/control

debian/patches/fix-ubuntu-tests.patch

debian/pydist-overrides

debian/rules

doc/source/index.rst

glanceclient/__init__.py

glanceclient/common/http.py

glanceclient/common/utils.py

glanceclient/exc.py

glanceclient/openstack/common/setup.py

glanceclient/openstack/common/version.py

glanceclient/shell.py

glanceclient/v1/images.py

glanceclient/v1/shell.py

glanceclient/versioninfo

python_glanceclient.egg-info/PKG-INFO

python_glanceclient.egg-info/SOURCES.txt

python_glanceclient.egg-info/requires.txt

setup.py

tests/test_utils.py

tests/utils.py

tests/v1/test_images.py

tools/pip-requires

tools/test-requires

Show diffs side-by-side

added added

removed removed

glanceclient/common/http.py

import copy

import httplib

import logging

import os

import posixpath

import socket

import StringIO

import struct

import urlparse

try:

import ssl

except ImportError:

#TODO(bcwaldon): Handle this failure more gracefully

pass

try:

import json

except ImportError:

import simplejson as json

import cgi

urlparse.parse_qsl = cgi.parse_qsl

import OpenSSL

from glanceclient import exc

def __init__(self, endpoint, **kwargs):

self.endpoint = endpoint

endpoint_parts = self.parse_endpoint(self.endpoint)

self.endpoint_scheme = endpoint_parts.scheme

self.endpoint_hostname = endpoint_parts.hostname

self.endpoint_port = endpoint_parts.port

self.endpoint_path = endpoint_parts.path

self.connection_class = self.get_connection_class(self.endpoint_scheme)

self.connection_kwargs = self.get_connection_kwargs(

self.endpoint_scheme, **kwargs)

self.auth_token = kwargs.get('token')

self.connection_params = self.get_connection_params(endpoint, **kwargs)

@staticmethod

def get_connection_params(endpoint, **kwargs):

parts = urlparse.urlparse(endpoint)

_args = (parts.hostname, parts.port)

@staticmethod

def parse_endpoint(endpoint):

return urlparse.urlparse(endpoint)

@staticmethod

def get_connection_class(scheme):

if scheme == 'https':

return VerifiedHTTPSConnection

else:

return httplib.HTTPConnection

@staticmethod

def get_connection_kwargs(scheme, **kwargs):

_kwargs = {'timeout': float(kwargs.get('timeout', 600))}

if parts.scheme == 'https':

_class = VerifiedHTTPSConnection

if scheme == 'https':

_kwargs['ca_file'] = kwargs.get('ca_file', None)

_kwargs['cert_file'] = kwargs.get('cert_file', None)

_kwargs['key_file'] = kwargs.get('key_file', None)

_kwargs['insecure'] = kwargs.get('insecure', False)

elif parts.scheme == 'http':

_class = httplib.HTTPConnection

else:

msg = 'Unsupported scheme: %s' % parts.scheme

raise exc.InvalidEndpoint(msg)

_kwargs['ssl_compression'] = kwargs.get('ssl_compression', True)

return (_class, _args, _kwargs)

return _kwargs

def get_connection(self):

_class = self.connection_params[0]

_class = self.connection_class

try:

return _class(*self.connection_params[1],

**self.connection_params[2])

return _class(self.endpoint_hostname, self.endpoint_port,

**self.connection_kwargs)

except httplib.InvalidURL:

raise exc.InvalidEndpoint()

103

('ca_file', '--cacert %s'),

104

]

105

for (key, fmt) in conn_params_fmt:

value = self.connection_params[2].get(key)

106

value = self.connection_kwargs.get(key)

107

if value:

100

108

curl.append(fmt % value)

101

109

102

if self.connection_params[2].get('insecure'):

110

if self.connection_kwargs.get('insecure'):

103

111

curl.append('-k')

104

112

105

113

if 'body' in kwargs:

134

142

conn = self.get_connection()

135

143

136

144

try:

137

conn.request(method, url, **kwargs)

145

conn_url = posixpath.normpath('%s/%s' % (self.endpoint_path, url))

146

if kwargs['headers'].get('Transfer-Encoding') == 'chunked':

147

conn.putrequest(method, conn_url)

148

for header, value in kwargs['headers'].items():

149

conn.putheader(header, value)

150

conn.endheaders()

151

chunk = kwargs['body'].read(CHUNKSIZE)

152

# Chunk it, baby...

153

while chunk:

154

conn.send('%x\r\n%s\r\n' % (len(chunk), chunk))

155

chunk = kwargs['body'].read(CHUNKSIZE)

156

conn.send('0\r\n\r\n')

157

else:

158

conn.request(method, conn_url, **kwargs)

138

159

resp = conn.getresponse()

139

160

except socket.gaierror as e:

140

161

message = "Error finding address for %(url)s: %(e)s" % locals()

141

162

raise exc.InvalidEndpoint(message=message)

142

163

except (socket.error, socket.timeout) as e:

143

message = "Error communicating with %(url)s: %(e)s" % locals()

164

endpoint = self.endpoint

165

message = "Error communicating with %(endpoint)s %(e)s" % locals()

144

166

raise exc.CommunicationError(message=message)

145

167

146

168

body_iter = ResponseBodyIterator(resp)

154

176

self.log_http_response(resp)

155

177

156

178

if 400 <= resp.status < 600:

157

LOG.exception("Request returned failure status.")

179

LOG.error("Request returned failure status.")

158

180

raise exc.from_response(resp)

159

181

elif resp.status in (301, 302, 305):

160

182

# Redirected. Reissue the request to the new location.

188

210

kwargs.setdefault('headers', {})

189

211

kwargs['headers'].setdefault('Content-Type',

190

212

'application/octet-stream')

213

if 'body' in kwargs:

214

if (hasattr(kwargs['body'], 'read')

215

and method.lower() in ('post', 'put')):

216

# We use 'Transfer-Encoding: chunked' because

217

# body size may not always be known in advance.

218

kwargs['headers']['Transfer-Encoding'] = 'chunked'

191

219

return self._http_request(url, method, **kwargs)

192

220

193

221

222

class OpenSSLConnectionDelegator(object):

223

"""

224

An OpenSSL.SSL.Connection delegator.

225

226

Supplies an additional 'makefile' method which httplib requires

227

and is not present in OpenSSL.SSL.Connection.

228

229

Note: Since it is not possible to inherit from OpenSSL.SSL.Connection

230

a delegator must be used.

231

"""

232

def __init__(self, *args, **kwargs):

233

self.connection = OpenSSL.SSL.Connection(*args, **kwargs)

234

235

def __getattr__(self, name):

236

return getattr(self.connection, name)

237

238

def makefile(self, *args, **kwargs):

239

return socket._fileobject(self.connection, *args, **kwargs)

240

241

194

242

class VerifiedHTTPSConnection(httplib.HTTPSConnection):

195

"""httplib-compatibile connection using client-side SSL authentication

196

197

:see http://code.activestate.com/recipes/

198

577548-https-httplib-client-connection-with-certificate-v/

199

"""

200

243

"""

244

Extended HTTPSConnection which uses the OpenSSL library

245

for enhanced SSL support.

246

"""

201

247

def __init__(self, host, port, key_file=None, cert_file=None,

202

ca_file=None, timeout=None, insecure=False):

203

httplib.HTTPSConnection.__init__(self, host, port, key_file=key_file,

248

ca_file=None, timeout=None, insecure=False,

249

ssl_compression=True):

250

httplib.HTTPSConnection.__init__(self, host, port,

251

key_file=key_file,

204

252

cert_file=cert_file)

205

253

self.key_file = key_file

206

254

self.cert_file = cert_file

207

if ca_file is not None:

208

self.ca_file = ca_file

209

else:

210

self.ca_file = self.get_system_ca_file()

211

255

self.timeout = timeout

212

256

self.insecure = insecure

257

self.ssl_compression = ssl_compression

258

self.ca_file = ca_file

259

self.setcontext()

260

261

@staticmethod

262

def verify_callback(connection, x509, errnum, errdepth, preverify_ok):

263

# Pass through OpenSSL's default result

264

return preverify_ok

265

266

def setcontext(self):

267

"""

268

Set up the OpenSSL context.

269

"""

270

self.context = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)

271

272

if self.ssl_compression is False:

273

self.context.set_options(0x20000) # SSL_OP_NO_COMPRESSION

274

275

if self.insecure is not True:

276

self.context.set_verify(OpenSSL.SSL.VERIFY_PEER,

277

self.verify_callback)

278

else:

279

self.context.set_verify(OpenSSL.SSL.VERIFY_NONE,

280

self.verify_callback)

281

282

if self.cert_file:

283

try:

284

self.context.use_certificate_file(self.cert_file)

285

except Exception, e:

286

msg = 'Unable to load cert from "%s" %s' % (self.cert_file, e)

287

raise exc.SSLConfigurationError(msg)

288

if self.key_file is None:

289

# We support having key and cert in same file

290

try:

291

self.context.use_privatekey_file(self.cert_file)

292

except Exception, e:

293

msg = ('No key file specified and unable to load key '

294

'from "%s" %s' % (self.cert_file, e))

295

raise exc.SSLConfigurationError(msg)

296

297

if self.key_file:

298

try:

299

self.context.use_privatekey_file(self.key_file)

300

except Exception, e:

301

msg = 'Unable to load key from "%s" %s' % (self.key_file, e)

302

raise exc.SSLConfigurationError(msg)

303

304

if self.ca_file:

305

try:

306

self.context.load_verify_locations(self.ca_file)

307

except Exception, e:

308

msg = 'Unable to load CA from "%s"' % (self.ca_file, e)

309

raise exc.SSLConfigurationError(msg)

310

else:

311

self.context.set_default_verify_paths()

213

312

214

313

def connect(self):

215

314

"""

216

Connect to a host on a given (SSL) port.

217

If ca_file is pointing somewhere, use it to check Server Certificate.

218

219

Redefined/copied and extended from httplib.py:1105 (Python 2.6.x).

220

This is needed to pass cert_reqs=ssl.CERT_REQUIRED as parameter to

221

ssl.wrap_socket(), which forces SSL to check server certificate against

222

our client certificate.

315

Connect to an SSL port using the OpenSSL library and apply

316

per-connection parameters.

223

317

"""

224

sock = socket.create_connection((self.host, self.port), self.timeout)

225

226

if self._tunnel_host:

227

self.sock = sock

228

self._tunnel()

229

230

if self.insecure is True:

231

kwargs = {'cert_reqs': ssl.CERT_NONE}

232

else:

233

kwargs = {'cert_reqs': ssl.CERT_REQUIRED, 'ca_certs': self.ca_file}

234

235

if self.cert_file:

236

kwargs['certfile'] = self.cert_file

237

if self.key_file:

238

kwargs['keyfile'] = self.key_file

239

240

self.sock = ssl.wrap_socket(sock, **kwargs)

241

242

@staticmethod

243

def get_system_ca_file():

244

""""Return path to system default CA file"""

245

# Standard CA file locations for Debian/Ubuntu, RedHat/Fedora,

246

# Suse, FreeBSD/OpenBSD

247

ca_path = ['/etc/ssl/certs/ca-certificates.crt',

248

'/etc/pki/tls/certs/ca-bundle.crt',

249

'/etc/ssl/ca-bundle.pem',

250

'/etc/ssl/cert.pem']

251

for ca in ca_path:

252

if os.path.exists(ca):

253

return ca

254

return None

318

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

319

if self.timeout is not None:

320

# '0' microseconds

321

sock.setsockopt(socket.SOL_SOCKET, socket.SO_RCVTIMEO,

322

struct.pack('LL', self.timeout, 0))

323

self.sock = OpenSSLConnectionDelegator(self.context, sock)

324

self.sock.connect((self.host, self.port))

255

325

256

326

257

327

class ResponseBodyIterator(object):

Older »