Mercurial > libervia-backend
comparison libervia/backend/tools/common/tls.py @ 4270:0d7bb4df2343
Reformatted code base using black.
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Wed, 19 Jun 2024 18:44:57 +0200 |
| parents | 4b842c1fb686 |
| children |
comparison
equal
deleted
inserted
replaced
| 4269:64a85ce8be70 | 4270:0d7bb4df2343 |
|---|---|
| 33 log = getLogger(__name__) | 33 log = getLogger(__name__) |
| 34 | 34 |
| 35 | 35 |
| 36 def get_options_from_config(config, section=""): | 36 def get_options_from_config(config, section=""): |
| 37 options = {} | 37 options = {} |
| 38 for option in ('tls_certificate', 'tls_private_key', 'tls_chain'): | 38 for option in ("tls_certificate", "tls_private_key", "tls_chain"): |
| 39 options[option] = tools_config.config_get(config, section, option) | 39 options[option] = tools_config.config_get(config, section, option) |
| 40 return options | 40 return options |
| 41 | 41 |
| 42 | 42 |
| 43 def tls_options_check(options): | 43 def tls_options_check(options): |
| 45 | 45 |
| 46 Must be called only if TLS is activated | 46 Must be called only if TLS is activated |
| 47 """ | 47 """ |
| 48 if not options["tls_certificate"]: | 48 if not options["tls_certificate"]: |
| 49 raise exceptions.ConfigError( | 49 raise exceptions.ConfigError( |
| 50 "a TLS certificate is needed to activate HTTPS connection") | 50 "a TLS certificate is needed to activate HTTPS connection" |
| 51 ) | |
| 51 if not options["tls_private_key"]: | 52 if not options["tls_private_key"]: |
| 52 options["tls_private_key"] = options["tls_certificate"] | 53 options["tls_private_key"] = options["tls_certificate"] |
| 53 | 54 |
| 54 | 55 |
| 55 def load_certificates(f): | 56 def load_certificates(f): |
| 66 while True: | 67 while True: |
| 67 line = f.readline() | 68 line = f.readline() |
| 68 buf.append(line) | 69 buf.append(line) |
| 69 if "-----END CERTIFICATE-----" in line: | 70 if "-----END CERTIFICATE-----" in line: |
| 70 certificates.append( | 71 certificates.append( |
| 71 OpenSSL.crypto.load_certificate( | 72 OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, "".join(buf)) |
| 72 OpenSSL.crypto.FILETYPE_PEM, "".join(buf) | |
| 73 ) | |
| 74 ) | 73 ) |
| 75 buf = [] | 74 buf = [] |
| 76 elif not line: | 75 elif not line: |
| 77 log.debug(f"{len(certificates)} certificate(s) found") | 76 log.debug(f"{len(certificates)} certificate(s) found") |
| 78 return certificates | 77 return certificates |
| 125 except OpenSSL.crypto.Error: | 124 except OpenSSL.crypto.Error: |
| 126 raise exceptions.DataError( | 125 raise exceptions.DataError( |
| 127 f"Error while parsing file {path} for option {option}, are you sure " | 126 f"Error while parsing file {path} for option {option}, are you sure " |
| 128 f"it is a valid .pem file?" | 127 f"it is a valid .pem file?" |
| 129 ) | 128 ) |
| 130 if ( | 129 if option == "tls_private_key" and options["tls_certificate"] == path: |
| 131 option == "tls_private_key" | |
| 132 and options["tls_certificate"] == path | |
| 133 ): | |
| 134 raise exceptions.ConfigError( | 130 raise exceptions.ConfigError( |
| 135 f"You are using the same file for private key and public " | 131 f"You are using the same file for private key and public " |
| 136 f"certificate, make sure that both a in {path} or use " | 132 f"certificate, make sure that both a in {path} or use " |
| 137 f"--tls_private_key option" | 133 f"--tls_private_key option" |
| 138 ) | 134 ) |