r5039 - in trunk/sage/python/sage: . aviary
by tmckay@fedoraproject.org
Author: tmckay
Date: 2011-10-04 19:18:55 +0000 (Tue, 04 Oct 2011)
New Revision: 5039
Modified:
trunk/sage/python/sage/aviary/aviaryoperations.py
trunk/sage/python/sage/https.py
Log:
Add logging line that tells what technology we are using for server certificate
validation.
BZ733447
Modified: trunk/sage/python/sage/aviary/aviaryoperations.py
===================================================================
--- trunk/sage/python/sage/aviary/aviaryoperations.py 2011-10-04 19:01:52 UTC (rev 5038)
+++ trunk/sage/python/sage/aviary/aviaryoperations.py 2011-10-04 19:18:55 UTC (rev 5039)
@@ -517,11 +517,12 @@
elif not self.server_validation_possible:
log.info("AviaryOperations: server certificate validation not "\
- "supported (no ssl module?), using client validation "\
+ "supported, using client validation "\
"only for ssl connections.")
else:
log.info("AviaryOperations: using client and server "\
- "certificate validation for ssl connections.")
+ "certificate validation for ssl connections, "\
+ "solution is %s" % sage.https.technology)
log.info("AviaryOperations: verify server domain against "\
"certificate during validation (%s)" % self.domain_verify)
Modified: trunk/sage/python/sage/https.py
===================================================================
--- trunk/sage/python/sage/https.py 2011-10-04 19:01:52 UTC (rev 5038)
+++ trunk/sage/python/sage/https.py 2011-10-04 19:18:55 UTC (rev 5039)
@@ -22,6 +22,8 @@
import httplib
import socket
+technology = "urllib2"
+
# Provide an exception here that implementation classes
# can use in common to raise exceptions and return messages
class SSLVerificationError(Exception):
@@ -103,9 +105,11 @@
try:
# Try a solution that uses the Python ssl module first
from sage.verifiedhttps import VerifiedHTTPSConnection
+ technology = "Python ssl"
except:
# Didn't work, try a solution based on m2crypto
from sage.verifiedhttps_m2crypto import VerifiedHTTPSConnection
+ technology = "M2Crypto"
class HTTPSFullAuthHandler(HTTPSClientAuthHandler):
"""
12 years, 8 months
r5038 - trunk/sage/python/sage
by tmckay@fedoraproject.org
Author: tmckay
Date: 2011-10-04 19:01:52 +0000 (Tue, 04 Oct 2011)
New Revision: 5038
Added:
trunk/sage/python/sage/verifiedhttps_m2crypto.py
Modified:
trunk/sage/python/sage/https.py
trunk/sage/python/sage/verifiedhttps.py
Log:
Add M2Crypto solution for ssl communication when the Python SSl module is not
there.
BZ733447
Modified: trunk/sage/python/sage/https.py
===================================================================
--- trunk/sage/python/sage/https.py 2011-10-03 18:04:39 UTC (rev 5037)
+++ trunk/sage/python/sage/https.py 2011-10-04 19:01:52 UTC (rev 5038)
@@ -22,6 +22,11 @@
import httplib
import socket
+# Provide an exception here that implementation classes
+# can use in common to raise exceptions and return messages
+class SSLVerificationError(Exception):
+ pass
+
class HTTPSClientAuthHandler(u2.HTTPSHandler):
def __init__(self, key, cert):
"""
@@ -94,8 +99,14 @@
# ...
# if hasattr(<whatever.>https, "HTTPSFullCertTransport"):
# ...
- from sage.verifiedhttps import VerifiedHTTPSConnection
+ try:
+ # Try a solution that uses the Python ssl module first
+ from sage.verifiedhttps import VerifiedHTTPSConnection
+ except:
+ # Didn't work, try a solution based on m2crypto
+ from sage.verifiedhttps_m2crypto import VerifiedHTTPSConnection
+
class HTTPSFullAuthHandler(HTTPSClientAuthHandler):
"""
Add server certificate validation to HTTPSClientAuthHandler
Modified: trunk/sage/python/sage/verifiedhttps.py
===================================================================
--- trunk/sage/python/sage/verifiedhttps.py 2011-10-03 18:04:39 UTC (rev 5037)
+++ trunk/sage/python/sage/verifiedhttps.py 2011-10-04 19:01:52 UTC (rev 5038)
@@ -1,21 +1,18 @@
import httplib
import socket
import ssl
+from https import SSLVerificationError
# Note: much thanks to Joseph Turner for showing the world
# how to extend httplib using the ssl module to implement
# server certificate validation.
# https://github.com/josephturnerjr/urllib2.VerifiedHTTPS
-class SSLVerificationError(Exception):
- pass
-
# subclass of HTTPSConnection to do cert verification and domain verification
class VerifiedHTTPSConnection(httplib.HTTPSConnection):
def __init__(self, host, port=None, key_file=None, cert_file=None,
- root_cert=None, strict=None,
- timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
+ root_cert=None, strict=None, timeout=None,
server_verify=True, domain_verify=True):
"""
All params except those noted below are passed through to
@@ -27,7 +24,15 @@
@param domain_verify: checks server certificate 'commonName' against host if True
"""
httplib.HTTPSConnection.__init__(self, host, port, key_file, cert_file,
- strict, timeout)
+ strict)
+ # Handle difference between Python 2.4 and 2.6. Timeout was added
+ # in 2.6, and if not specified will be the global default timeout.
+ # In this routine allow None to indicate default, otherwise set the
+ # value since we can't set it in the constructor. If it's missing
+ # we will create it here.
+ if timeout is not None:
+ self.timeout = timeout
+
self.root_cert = root_cert
self.server_verify = server_verify
self.domain_verify = domain_verify
@@ -41,7 +46,7 @@
# There is no timeout attribute in earlier versions of this object.
# The only option available is to set a global default timeout for
# all socket objects.
- socket.setdefaulttimeout(10)
+ socket.setdefaulttimeout(self.timeout)
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((self.host, self.port))
Added: trunk/sage/python/sage/verifiedhttps_m2crypto.py
===================================================================
--- trunk/sage/python/sage/verifiedhttps_m2crypto.py (rev 0)
+++ trunk/sage/python/sage/verifiedhttps_m2crypto.py 2011-10-04 19:01:52 UTC (rev 5038)
@@ -0,0 +1,52 @@
+from M2Crypto import httpslib, SSL
+from https import SSLVerificationError
+
+# wrap the creation of a SSL.Context, etc in a class
+class VerifiedHTTPSConnection(httpslib.HTTPSConnection):
+
+ def __init__(self, host, port=None, key_file=None, cert_file=None,
+ root_cert=None, strict=None, timeout=None,
+ server_verify=True,
+ domain_verify=True):
+ """
+
+ """
+ self.server_verify = server_verify
+ self.domain_verify = domain_verify
+ self.timeout = timeout
+
+ ctx = SSL.Context()
+ ctx.load_cert(cert_file, key_file)
+ # Leaving the ctx verify mode set to 0 does not seem
+ # to turn off all the server certificate checks, not
+ # sure why. Something in M2Crypto. The hostname check
+ # is still applied and raises an exception, so we catch
+ # it as we do with domain_verify
+ if server_verify:
+ ctx.load_verify_locations(root_cert)
+ mode = SSL.verify_peer | SSL.verify_fail_if_no_peer_cert
+ ctx.set_verify(mode, depth=9)
+ httpslib.HTTPSConnection.__init__(self, host, port, strict,
+ key_file=key_file, cert_file=cert_file,
+ ssl_context=ctx)
+ def connect(self):
+ try:
+ # Best we can do with the timeout parameter is
+ # set it on the socket after the connection is
+ # created. There is no hook in M2Crypto to set
+ # this prior to the connection.
+ httpslib.HTTPSConnection.connect(self)
+ if self.timeout is not None:
+ self.sock.settimeout(timeout)
+ except SSL.Checker.WrongHost, e:
+ # Allow the host name check to fail if domain_verify is off.
+ # This is mostly for testing with self-signed certificates
+ # and to provide the same interface as verifiedhttps.py
+ # In order to squash the report of the mismatched hostnames,
+ # we replace the message -- could be considered a leak of
+ # domain and certificate information I suppose.
+ if self.server_verify and self.domain_verify:
+ raise SSLVerificationError("Server certificate doesn't match domain;"\
+ " untrusted connection")
+
+
12 years, 8 months
r5037 - in branches/lucidity: cumin/python/cumin sage/python/sage/wallaby sage/rpc-defs/aviary
by tmckay@fedoraproject.org
Author: tmckay
Date: 2011-10-03 18:04:39 +0000 (Mon, 03 Oct 2011)
New Revision: 5037
Modified:
branches/lucidity/cumin/python/cumin/main.py
branches/lucidity/sage/python/sage/wallaby/wallabyoperations.py
branches/lucidity/sage/rpc-defs/aviary/aviary-common.xsd
Log:
Merge 5034 and 5036 from trunk.
Pass sasl-mech-list parameter for wallaby connection.
BZ742786
Update aviary-common.xsd
Modified: branches/lucidity/cumin/python/cumin/main.py
===================================================================
--- branches/lucidity/cumin/python/cumin/main.py 2011-10-03 17:38:09 UTC (rev 5036)
+++ branches/lucidity/cumin/python/cumin/main.py 2011-10-03 18:04:39 UTC (rev 5037)
@@ -195,7 +195,8 @@
# cumin-web for grid data, and flags set on the Session for cumin
# may not be appropriate for the Wallaby API. So, it gets its own.
self.wallaby = WallabyOperations(self.wallaby_broker,
- self.wallaby_refresh)
+ self.wallaby_refresh,
+ self.sasl_mech_list)
self.model.init()
self.session.init()
Modified: branches/lucidity/sage/python/sage/wallaby/wallabyoperations.py
===================================================================
--- branches/lucidity/sage/python/sage/wallaby/wallabyoperations.py 2011-10-03 17:38:09 UTC (rev 5036)
+++ branches/lucidity/sage/python/sage/wallaby/wallabyoperations.py 2011-10-03 18:04:39 UTC (rev 5037)
@@ -32,7 +32,7 @@
'''
Wrapper around the Wallaby client library.
'''
- def __init__(self, broker_uri, refresh_interval=None):
+ def __init__(self, broker_uri, refresh_interval=None, sasl_mech_list=None):
'''
Constructor.
@@ -52,8 +52,13 @@
item after a successful call unless the refresh() method is used.
The refresh interval may be set for items individually with the
set_interval() method.
+
+ sasl_mech_list -- restricts the list of allowable sasl authentication
+ that will be allowed when connecting to a QMF message broker. Default
+ is to accept all available mechanisms.
'''
self.broker_uri = broker_uri
+ self.sasl_mech_list = sasl_mech_list
# A wallaby Store object
self._store = None
@@ -129,7 +134,7 @@
# Get initinal connection and Store obect
self.session = Session(manageConnections=True)
- self.broker = self.session.addBroker(self.broker_uri)
+ self.broker = self.session.addBroker(self.broker_uri, mechanisms=self.sasl_mech_list)
while not self._stop:
self._store = self._get_store()
if self._store is not None:
Modified: branches/lucidity/sage/rpc-defs/aviary/aviary-common.xsd
===================================================================
--- branches/lucidity/sage/rpc-defs/aviary/aviary-common.xsd 2011-10-03 17:38:09 UTC (rev 5036)
+++ branches/lucidity/sage/rpc-defs/aviary/aviary-common.xsd 2011-10-03 18:04:39 UTC (rev 5037)
@@ -151,6 +151,7 @@
<xs:sequence>
<xs:element name="id" type="tns:SubmissionID"/>
<xs:element name="status" type="tns:Status"/>
+ <xs:element name="qdate" type="xs:int"/>
<xs:element name="completed" type="xs:int"/>
<xs:element name="held" type="xs:int"/>
<xs:element name="idle" type="xs:int"/>
12 years, 8 months
r5036 - trunk/sage/rpc-defs/aviary
by tmckay@fedoraproject.org
Author: tmckay
Date: 2011-10-03 17:38:09 +0000 (Mon, 03 Oct 2011)
New Revision: 5036
Modified:
trunk/sage/rpc-defs/aviary/aviary-common.xsd
Log:
Update aviary-common.xsd
Modified: trunk/sage/rpc-defs/aviary/aviary-common.xsd
===================================================================
--- trunk/sage/rpc-defs/aviary/aviary-common.xsd 2011-10-03 15:31:27 UTC (rev 5035)
+++ trunk/sage/rpc-defs/aviary/aviary-common.xsd 2011-10-03 17:38:09 UTC (rev 5036)
@@ -151,6 +151,7 @@
<xs:sequence>
<xs:element name="id" type="tns:SubmissionID"/>
<xs:element name="status" type="tns:Status"/>
+ <xs:element name="qdate" type="xs:int"/>
<xs:element name="completed" type="xs:int"/>
<xs:element name="held" type="xs:int"/>
<xs:element name="idle" type="xs:int"/>
12 years, 8 months
r5035 - branches/scale_testing/cumin/bin
by tmckay@fedoraproject.org
Author: tmckay
Date: 2011-10-03 15:31:27 +0000 (Mon, 03 Oct 2011)
New Revision: 5035
Modified:
branches/scale_testing/cumin/bin/cumin-data
Log:
Missing the scale-stats option somehow. Must never have been committed.
Modified: branches/scale_testing/cumin/bin/cumin-data
===================================================================
--- branches/scale_testing/cumin/bin/cumin-data 2011-10-03 13:17:03 UTC (rev 5034)
+++ branches/scale_testing/cumin/bin/cumin-data 2011-10-03 15:31:27 UTC (rev 5035)
@@ -128,6 +128,7 @@
# Add additional parameters for data
parser.add_option("--print-stats", action="store_true", default=False)
+ parser.add_option("--scale-stats", action="store_true", default=False)
parser.add_option("--print-events", type="int", default=0, metavar="LEVEL")
parser.add_option("--section", default="data")
parser.add_option("--daemon", action="store_true", default=False)
12 years, 8 months
r5034 - in trunk: cumin/python/cumin sage/python/sage/wallaby
by tmckay@fedoraproject.org
Author: tmckay
Date: 2011-10-03 13:17:03 +0000 (Mon, 03 Oct 2011)
New Revision: 5034
Modified:
trunk/cumin/python/cumin/main.py
trunk/sage/python/sage/wallaby/wallabyoperations.py
Log:
Pass the sasl-mech_list parameter to addBroker for the wallaby connection.
BZ742786
Modified: trunk/cumin/python/cumin/main.py
===================================================================
--- trunk/cumin/python/cumin/main.py 2011-09-30 16:29:36 UTC (rev 5033)
+++ trunk/cumin/python/cumin/main.py 2011-10-03 13:17:03 UTC (rev 5034)
@@ -199,7 +199,8 @@
# cumin-web for grid data, and flags set on the Session for cumin
# may not be appropriate for the Wallaby API. So, it gets its own.
self.wallaby = WallabyOperations(self.wallaby_broker,
- self.wallaby_refresh)
+ self.wallaby_refresh,
+ self.sasl_mech_list)
self.model.init()
self.session.init()
Modified: trunk/sage/python/sage/wallaby/wallabyoperations.py
===================================================================
--- trunk/sage/python/sage/wallaby/wallabyoperations.py 2011-09-30 16:29:36 UTC (rev 5033)
+++ trunk/sage/python/sage/wallaby/wallabyoperations.py 2011-10-03 13:17:03 UTC (rev 5034)
@@ -32,7 +32,7 @@
'''
Wrapper around the Wallaby client library.
'''
- def __init__(self, broker_uri, refresh_interval=None):
+ def __init__(self, broker_uri, refresh_interval=None, sasl_mech_list=None):
'''
Constructor.
@@ -52,8 +52,13 @@
item after a successful call unless the refresh() method is used.
The refresh interval may be set for items individually with the
set_interval() method.
+
+ sasl_mech_list -- restricts the list of allowable sasl authentication
+ that will be allowed when connecting to a QMF message broker. Default
+ is to accept all available mechanisms.
'''
self.broker_uri = broker_uri
+ self.sasl_mech_list = sasl_mech_list
# A wallaby Store object
self._store = None
@@ -129,7 +134,7 @@
# Get initinal connection and Store obect
self.session = Session(manageConnections=True)
- self.broker = self.session.addBroker(self.broker_uri)
+ self.broker = self.session.addBroker(self.broker_uri, mechanisms=self.sasl_mech_list)
while not self._stop:
self._store = self._get_store()
if self._store is not None:
12 years, 8 months