Mercurial > libervia-backend
comparison libervia/backend/tools/common/tls.py @ 4270:0d7bb4df2343
Reformatted code base using black.
author | Goffi <goffi@goffi.org> |
---|---|
date | Wed, 19 Jun 2024 18:44:57 +0200 |
parents | 4b842c1fb686 |
children |
comparison
equal
deleted
inserted
replaced
4269:64a85ce8be70 | 4270:0d7bb4df2343 |
---|---|
33 log = getLogger(__name__) | 33 log = getLogger(__name__) |
34 | 34 |
35 | 35 |
36 def get_options_from_config(config, section=""): | 36 def get_options_from_config(config, section=""): |
37 options = {} | 37 options = {} |
38 for option in ('tls_certificate', 'tls_private_key', 'tls_chain'): | 38 for option in ("tls_certificate", "tls_private_key", "tls_chain"): |
39 options[option] = tools_config.config_get(config, section, option) | 39 options[option] = tools_config.config_get(config, section, option) |
40 return options | 40 return options |
41 | 41 |
42 | 42 |
43 def tls_options_check(options): | 43 def tls_options_check(options): |
45 | 45 |
46 Must be called only if TLS is activated | 46 Must be called only if TLS is activated |
47 """ | 47 """ |
48 if not options["tls_certificate"]: | 48 if not options["tls_certificate"]: |
49 raise exceptions.ConfigError( | 49 raise exceptions.ConfigError( |
50 "a TLS certificate is needed to activate HTTPS connection") | 50 "a TLS certificate is needed to activate HTTPS connection" |
51 ) | |
51 if not options["tls_private_key"]: | 52 if not options["tls_private_key"]: |
52 options["tls_private_key"] = options["tls_certificate"] | 53 options["tls_private_key"] = options["tls_certificate"] |
53 | 54 |
54 | 55 |
55 def load_certificates(f): | 56 def load_certificates(f): |
66 while True: | 67 while True: |
67 line = f.readline() | 68 line = f.readline() |
68 buf.append(line) | 69 buf.append(line) |
69 if "-----END CERTIFICATE-----" in line: | 70 if "-----END CERTIFICATE-----" in line: |
70 certificates.append( | 71 certificates.append( |
71 OpenSSL.crypto.load_certificate( | 72 OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, "".join(buf)) |
72 OpenSSL.crypto.FILETYPE_PEM, "".join(buf) | |
73 ) | |
74 ) | 73 ) |
75 buf = [] | 74 buf = [] |
76 elif not line: | 75 elif not line: |
77 log.debug(f"{len(certificates)} certificate(s) found") | 76 log.debug(f"{len(certificates)} certificate(s) found") |
78 return certificates | 77 return certificates |
125 except OpenSSL.crypto.Error: | 124 except OpenSSL.crypto.Error: |
126 raise exceptions.DataError( | 125 raise exceptions.DataError( |
127 f"Error while parsing file {path} for option {option}, are you sure " | 126 f"Error while parsing file {path} for option {option}, are you sure " |
128 f"it is a valid .pem file?" | 127 f"it is a valid .pem file?" |
129 ) | 128 ) |
130 if ( | 129 if option == "tls_private_key" and options["tls_certificate"] == path: |
131 option == "tls_private_key" | |
132 and options["tls_certificate"] == path | |
133 ): | |
134 raise exceptions.ConfigError( | 130 raise exceptions.ConfigError( |
135 f"You are using the same file for private key and public " | 131 f"You are using the same file for private key and public " |
136 f"certificate, make sure that both a in {path} or use " | 132 f"certificate, make sure that both a in {path} or use " |
137 f"--tls_private_key option" | 133 f"--tls_private_key option" |
138 ) | 134 ) |