[Commits] (heikki) Clean up profile directory handling for crypto.
commits at osafoundation.org
commits at osafoundation.org
Fri Jan 28 14:31:07 PST 2005
Commit by: heikki
Modified files:
chandler/Chandler.py 1.56 1.57
chandler/application/Application.py 1.293 1.294
chandler/crypto/Crypto.py 1.15 1.16
chandler/crypto/ssl.py 1.6 1.7
chandler/crypto/tests/TestM2CryptoInitShutdown.py 1.3 1.4
chandler/crypto/tests/TestSSL.py 1.12 1.13
chandler/parcels/osaf/framework/sharing/WebDAV.py 1.6 1.7
chandler/parcels/osaf/framework/webdav/Dav.py 1.26 1.27
chandler/parcels/osaf/mail/imap.py 1.40 1.41
chandler/parcels/osaf/mail/smtp.py 1.27 1.28
Log message:
Clean up profile directory handling for crypto.
ViewCVS links:
http://cvs.osafoundation.org/index.cgi/chandler/Chandler.py.diff?r1=text&tr1=1.56&r2=text&tr2=1.57
http://cvs.osafoundation.org/index.cgi/chandler/application/Application.py.diff?r1=text&tr1=1.293&r2=text&tr2=1.294
http://cvs.osafoundation.org/index.cgi/chandler/crypto/Crypto.py.diff?r1=text&tr1=1.15&r2=text&tr2=1.16
http://cvs.osafoundation.org/index.cgi/chandler/crypto/ssl.py.diff?r1=text&tr1=1.6&r2=text&tr2=1.7
http://cvs.osafoundation.org/index.cgi/chandler/crypto/tests/TestM2CryptoInitShutdown.py.diff?r1=text&tr1=1.3&r2=text&tr2=1.4
http://cvs.osafoundation.org/index.cgi/chandler/crypto/tests/TestSSL.py.diff?r1=text&tr1=1.12&r2=text&tr2=1.13
http://cvs.osafoundation.org/index.cgi/chandler/parcels/osaf/framework/sharing/WebDAV.py.diff?r1=text&tr1=1.6&r2=text&tr2=1.7
http://cvs.osafoundation.org/index.cgi/chandler/parcels/osaf/framework/webdav/Dav.py.diff?r1=text&tr1=1.26&r2=text&tr2=1.27
http://cvs.osafoundation.org/index.cgi/chandler/parcels/osaf/mail/imap.py.diff?r1=text&tr1=1.40&r2=text&tr2=1.41
http://cvs.osafoundation.org/index.cgi/chandler/parcels/osaf/mail/smtp.py.diff?r1=text&tr1=1.27&r2=text&tr2=1.28
Index: chandler/parcels/osaf/framework/webdav/Dav.py
diff -u chandler/parcels/osaf/framework/webdav/Dav.py:1.26 chandler/parcels/osaf/framework/webdav/Dav.py:1.27
--- chandler/parcels/osaf/framework/webdav/Dav.py:1.26 Fri Jan 7 14:49:55 2005
+++ chandler/parcels/osaf/framework/webdav/Dav.py Fri Jan 28 14:31:05 2005
@@ -4,7 +4,7 @@
from repository.util.URL import URL
from M2Crypto import SSL, httpslib
-import crypto.ssl as ssl
+import application.Globals as Globals
import Sync
@@ -176,5 +176,5 @@
super(SSLDAVConnection, self).__init__(host,
port,
- ssl_context=ssl.getSSLContext())
+ ssl_context=Globals.crypto.getSSLContext())
self.setauth(acct.username, acct.password)
Index: chandler/parcels/osaf/mail/imap.py
diff -u chandler/parcels/osaf/mail/imap.py:1.40 chandler/parcels/osaf/mail/imap.py:1.41
--- chandler/parcels/osaf/mail/imap.py:1.40 Thu Jan 27 14:28:03 2005
+++ chandler/parcels/osaf/mail/imap.py Fri Jan 28 14:31:05 2005
@@ -1,5 +1,5 @@
-__revision__ = "$Revision: 1.40 $"
-__date__ = "$Date: 2005/01/27 22:28:03 $"
+__revision__ = "$Revision: 1.41 $"
+__date__ = "$Date: 2005/01/28 22:31:05 $"
__copyright__ = "Copyright (c) 2005 Open Source Applications Foundation"
__license__ = "http://osafoundation.org/Chandler_0.1_license_terms.htm"
@@ -22,7 +22,7 @@
import chandlerdb.util.UUID as UUID
import repository.item.Query as Query
import osaf.contentmodel.mail.Mail as Mail
-import crypto.ssl as ssl
+import application.Globals as Globals
import M2Crypto.SSL.TwistedProtocolWrapper as wrapper
#Chandler Mail Service imports
@@ -176,7 +176,7 @@
self.wrappingFactory = policies.WrappingFactory(self.factory)
self.wrappingFactory.protocol = wrapper.TLSProtocolWrapper
self.factory.startTLS = self.account.useSSL
- self.factory.getContext = lambda : ssl.getSSLContext()
+ self.factory.getContext = lambda : Globals.crypto.getSSLContext()
reactor.connectTCP(self.account.host, self.account.port, self.wrappingFactory)
def catchErrors(self, err):
Index: chandler/crypto/Crypto.py
diff -u chandler/crypto/Crypto.py:1.15 chandler/crypto/Crypto.py:1.16
--- chandler/crypto/Crypto.py:1.15 Thu Jan 27 21:49:49 2005
+++ chandler/crypto/Crypto.py Fri Jan 28 14:31:03 2005
@@ -6,30 +6,34 @@
"""
import logging
-from M2Crypto import Rand, threading
import os
+from M2Crypto import Rand, threading
+import ssl
class Crypto(object):
"""
Crypto services.
"""
- def __init__(self, profileDir):
- assert profileDir != None
- self._randpool = os.path.join(profileDir, 'randpool.dat')
-
- def init(self):
+ def init(self, profileDir):
"""
The crypto services must be initialized before they can be used.
"""
+ assert profileDir
+ self.profileDir = profileDir
+
self._log = logging.getLogger('crypto')
self._log.setLevel(logging.INFO)
self._log.info('Starting crypto services')
threading.init()
+
# Generating entropy can be slow, so we should try to bootstrap
# with something.
+ self._randpool = os.path.join(profileDir, 'randpool.dat')
Rand.load_file(self._randpool, -1)
+ ssl.init(profileDir)
+
def shutdown(self):
"""
The crypto services must be shut down to clean things properly.
@@ -40,3 +44,19 @@
# XXX Check return value and log if we failed to write data
Rand.save_file(self._randpool)
threading.cleanup()
+
+ def getSSLContext(self, protocol='sslv23', verify=True,
+ verifyCallback=None):
+ """
+ Get an SSL Context.
+ """
+ return ssl.getContext(self.profileDir, protocol, verify,
+ verifyCallback, )
+
+ def getSSLClientContextFactory(self, method='sslv23', verify=True,
+ verifyCallBack=None):
+ """
+ Get an SSL Context factory.
+ """
+ return ssl.ClientContextFactory(self.profileDir, method, verify,
+ verifyCallBack)
Index: chandler/parcels/osaf/framework/sharing/WebDAV.py
diff -u chandler/parcels/osaf/framework/sharing/WebDAV.py:1.6 chandler/parcels/osaf/framework/sharing/WebDAV.py:1.7
--- chandler/parcels/osaf/framework/sharing/WebDAV.py:1.6 Wed Jan 26 14:53:30 2005
+++ chandler/parcels/osaf/framework/sharing/WebDAV.py Fri Jan 28 14:31:04 2005
@@ -1,5 +1,5 @@
-__version__ = "$Revision: 1.6 $"
-__date__ = "$Date: 2005/01/26 22:53:30 $"
+__version__ = "$Revision: 1.7 $"
+__date__ = "$Date: 2005/01/28 22:31:04 $"
__copyright__ = "Copyright (c) 2005 Open Source Applications Foundation"
__license__ = "http://osafoundation.org/Chandler_0.1_license_terms.htm"
@@ -10,7 +10,7 @@
import libxml2
import urlparse
import logging
-import crypto.ssl as ssl
+import application.Globals as Globals
import M2Crypto.httpslib as httpslib
logger = logging.getLogger('WebDAV')
@@ -39,7 +39,7 @@
if self.useSSL:
if self.ctx is None:
- self.ctx = ssl.getSSLContext()
+ self.ctx = Globals.crypto.getSSLContext()
self.conn = httpslib.HTTPSConnection(self.host,
self.port,
ssl_context=self.ctx)
Index: chandler/crypto/ssl.py
diff -u chandler/crypto/ssl.py:1.6 chandler/crypto/ssl.py:1.7
--- chandler/crypto/ssl.py:1.6 Thu Jan 27 21:49:49 2005
+++ chandler/crypto/ssl.py Fri Jan 28 14:31:03 2005
@@ -1,13 +1,13 @@
"""
SSL/TLS-related functionality.
- at copyright = Copyright (c) 2004 Open Source Applications Foundation
- at license = http://osafoundation.org/Chandler_0.1_license_terms.htm
+ at copyright: Copyright (c) 2004-2005 Open Source Applications Foundation
+ at license: http://osafoundation.org/Chandler_0.1_license_terms.htm
"""
-import os
+import os, sys
from M2Crypto import SSL, util, EVP
-import application.Globals
+import util as cryptoUtil
class SSLVerificationError(Exception):
pass
@@ -28,22 +28,30 @@
"""A context factory for SSL clients."""
isClient = 1
- useM2 = 1
method = 'sslv23' # slv23 actually means any version of SSL
- def __init__(self, method='sslv23', verify=True):
+ def __init__(self, profileDir, method='sslv23', verify=True,
+ verifyCallback=None):
+ self.profileDir = profileDir
self.method = method
self.verify = verify
+ self.verifyCallback = verifyCallback
def getContext(self):
- return getSSLContext(protocol=self.method, verify=self.verify)
+ return getContext(profileDir=self.profileDir,
+ protocol=self.method,
+ verify=self.verify,
+ verifyCallback=self.verifyCallback)
-def getSSLContext(protocol='sslv23', verify=True, verifyCallback=None):
+def getContext(profileDir, protocol='sslv23', verify=True,
+ verifyCallback=None):
"""
Get an SSL context. You should use this method to get a context
in Chandler rather than creating them directly.
+ @param profileDir: Location of the cacert.pem file
+ @type profileDir: str
@param protocol: An SSL protocol version string.
@type protocol: str
@param verify: Verify SSL/TLS connection. True by default.
@@ -67,14 +75,8 @@
if verify:
# XXX We'd like to load the CA certs from repository, or better yet,
# XXX provide BIO 'directory' from which to load certs on demand.
- parcelDir = os.getenv('PARCELDIR')
- caCertFile = None
- if parcelDir is not None:
- caCertFile = os.path.join(parcelDir, 'personal', 'cacert.pem')
- if not os.path.exists(caCertFile):
- caCertFile = None
- if caCertFile is None:
- caCertFile = os.path.join(application.Globals.options.profileDir, 'cacert.pem')
+ caCertFile = os.path.join(profileDir, _caFile)
+
if ctx.load_verify_locations(caCertFile) != 1:
raise SSLContextError, "No CA certificate file"
@@ -178,3 +180,23 @@
if not ok:
raise SSLVerificationError # XXX Or should I do something else?
return ok
+
+
+_caFile = 'cacert.pem'
+
+
+def init(profileDir):
+ """
+ Initialize the ssl module.
+ """
+ caFileProfileDir = os.path.join(profileDir, _caFile)
+ if os.path.exists(caFileProfileDir):
+ return
+
+ # Is there an easier way to get the full path of this file/dir?
+ pathComponents = sys.modules['crypto'].__file__.split(os.sep)
+ assert len(pathComponents) > 3
+ chandlerDirectory = os.sep.join(pathComponents[0:-2])
+ caFile = os.path.join(chandlerDirectory, 'crypto', _caFile)
+
+ cryptoUtil.copyfile(caFile, caFileProfileDir, mode=0600)
Index: chandler/crypto/tests/TestSSL.py
diff -u chandler/crypto/tests/TestSSL.py:1.12 chandler/crypto/tests/TestSSL.py:1.13
--- chandler/crypto/tests/TestSSL.py:1.12 Thu Jan 27 21:49:49 2005
+++ chandler/crypto/tests/TestSSL.py Fri Jan 28 14:31:03 2005
@@ -1,23 +1,22 @@
"""
Unit test for SSL context, connection and related security checks.
- at copyright = Copyright (c) 2004 Open Source Applications Foundation
- at license = http://osafoundation.org/Chandler_0.1_license_terms.htm
+ at copyright: Copyright (c) 2004-2005 Open Source Applications Foundation
+ at license: http://osafoundation.org/Chandler_0.1_license_terms.htm
"""
import unittest
-import crypto.ssl
-import TestM2CryptoInitShutdown
-from M2Crypto import SSL
import socket
+from M2Crypto import SSL
+import application.Globals as Globals
+import crypto
+import TestM2CryptoInitShutdown
# XXX This should not inherit from InitShutdown because that makes us
# run it's tests too
class TestSSL(TestM2CryptoInitShutdown.InitShutdown):
def testSSL(self):
- return
-
if not self.isOnline():
return
@@ -28,7 +27,7 @@
site = 'www.thawte.com'
fp = 'D85FE7EC903564DEFD4BCFF82047726F14C09C31'
- ctx = crypto.ssl.getSSLContext()
+ ctx = Globals.crypto.getSSLContext()
conn = SSL.Connection(ctx)
# We wrap the connect() in try/except and filter some common
Index: chandler/Chandler.py
diff -u chandler/Chandler.py:1.56 chandler/Chandler.py:1.57
--- chandler/Chandler.py:1.56 Thu Jan 27 18:01:48 2005
+++ chandler/Chandler.py Fri Jan 28 14:31:02 2005
@@ -1,5 +1,5 @@
-__version__ = "$Revision: 1.56 $"
-__date__ = "$Date: 2005/01/28 02:01:48 $"
+__version__ = "$Revision: 1.57 $"
+__date__ = "$Date: 2005/01/28 22:31:02 $"
__copyright__ = "Copyright (c) 2003-2005 Open Source Applications Foundation"
__license__ = "http://osafoundation.org/Chandler_0.1_license_terms.htm"
@@ -97,14 +97,6 @@
"""
loadConfig(chandlerDirectory)
- """
- Check for the presence of the cacert.pem file in the profile directory
- and if not found, copy it from the chandler directory
- """
- if not os.path.isfile(os.path.join(application.Globals.options.profileDir, 'cacert.pem')):
- shutil.copyfile(os.path.join(chandlerDirectory, 'crypto', 'cacert.pem'), \
- os.path.join(application.Globals.options.profileDir, 'cacert.pem'))
-
def realMain():
if __debug__ and application.Globals.options.wing:
"""
@@ -118,7 +110,7 @@
"""
Check for -komodo command line argument; if specified, try to connect to
an already-running Komodo instance. See:
- http://wiki.osafoundation.org/bin/view/Chandler/DebuggingChandler#Debugging_with_ActiveState_Komod".
+ http://wiki.osafoundation.org/bin/view/Chandler/DebuggingChandler#Komodo".
for details.
"""
import dbgp.client
Index: chandler/application/Application.py
diff -u chandler/application/Application.py:1.293 chandler/application/Application.py:1.294
--- chandler/application/Application.py:1.293 Thu Jan 27 18:01:48 2005
+++ chandler/application/Application.py Fri Jan 28 14:31:02 2005
@@ -1,5 +1,5 @@
-__version__ = "$Revision: 1.293 $"
-__date__ = "$Date: 2005/01/28 02:01:48 $"
+__version__ = "$Revision: 1.294 $"
+__date__ = "$Date: 2005/01/28 22:31:02 $"
__copyright__ = "Copyright (c) 2003-2004 Open Source Applications Foundation"
__license__ = "http://osafoundation.org/Chandler_0.1_license_terms.htm"
@@ -191,8 +191,8 @@
"""
Crypto initialization
"""
- Globals.crypto = Crypto.Crypto(Globals.options.profileDir)
- Globals.crypto.init()
+ Globals.crypto = Crypto.Crypto()
+ Globals.crypto.init(Globals.options.profileDir)
"""
Open the repository.
Index: chandler/crypto/tests/TestM2CryptoInitShutdown.py
diff -u chandler/crypto/tests/TestM2CryptoInitShutdown.py:1.3 chandler/crypto/tests/TestM2CryptoInitShutdown.py:1.4
--- chandler/crypto/tests/TestM2CryptoInitShutdown.py:1.3 Thu Jan 27 21:49:49 2005
+++ chandler/crypto/tests/TestM2CryptoInitShutdown.py Fri Jan 28 14:31:03 2005
@@ -3,25 +3,22 @@
we have the OpenSSL libraries and M2Crypto installed and almost certainly
working properly.
- at copyright = Copyright (c) 2004 Open Source Applications Foundation
- at license = http://osafoundation.org/Chandler_0.1_license_terms.htm
+ at copyright: Copyright (c) 2004-2005 Open Source Applications Foundation
+ at license: http://osafoundation.org/Chandler_0.1_license_terms.htm
"""
-import unittest
-import os, sys
+import unittest, os, sys
import application.Globals as Globals
from crypto import Crypto
class InitShutdown(unittest.TestCase):
def setUp(self):
- pathComponents = sys.modules['application'].__file__.split(os.sep)
+ pathComponents = sys.modules['crypto'].__file__.split(os.sep)
assert len(pathComponents) > 3
-
chandlerDir = os.sep.join(pathComponents[0:-2])
-
- Globals.crypto = Crypto.Crypto(chandlerDir)
- Globals.crypto.init()
+ Globals.crypto = Crypto.Crypto()
+ Globals.crypto.init(os.path.join(chandlerDir, 'crypto'))
def tearDown(self):
Globals.crypto.shutdown()
Index: chandler/parcels/osaf/mail/smtp.py
diff -u chandler/parcels/osaf/mail/smtp.py:1.27 chandler/parcels/osaf/mail/smtp.py:1.28
--- chandler/parcels/osaf/mail/smtp.py:1.27 Thu Jan 27 13:02:07 2005
+++ chandler/parcels/osaf/mail/smtp.py Fri Jan 28 14:31:05 2005
@@ -1,5 +1,5 @@
-__revision__ = "$Revision: 1.27 $"
-__date__ = "$Date: 2005/01/27 21:02:07 $"
+__revision__ = "$Revision: 1.28 $"
+__date__ = "$Date: 2005/01/28 22:31:05 $"
__copyright__ = "Copyright (c) 2005 Open Source Applications Foundation"
__license__ = "http://osafoundation.org/Chandler_0.1_license_terms.htm"
@@ -20,7 +20,7 @@
import osaf.framework.twisted.TwistedRepositoryViewManager as TwistedRepositoryViewManager
import osaf.contentmodel.mail.Mail as Mail
import chandlerdb.util.UUID as UUID
-import crypto.ssl as ssl
+import application.Globals as Globals
import M2Crypto.SSL.TwistedProtocolWrapper as wrapper
#Chandler Mail Service imports
@@ -395,7 +395,7 @@
heloFallback = False
if account.useSSL:
- sslContext = ssl.getSSLContext()
+ sslContext = Globals.crypto.getSSLContext()
msg = StringIO.StringIO(messageText)
More information about the Commits
mailing list