Mercurial > libervia-backend
comparison sat/plugins/plugin_misc_download.py @ 3205:2c0628f3927e
plugin download, aesgcm: disable TLS check if `check_certificate` setting is disabled
author | Goffi <goffi@goffi.org> |
---|---|
date | Fri, 06 Mar 2020 18:19:03 +0100 |
parents | d92a144f3589 |
children | 4252176ad993 |
comparison
equal
deleted
inserted
replaced
3204:fc2bea41e402 | 3205:2c0628f3927e |
---|---|
27 from sat.core.log import getLogger | 27 from sat.core.log import getLogger |
28 from sat.core import exceptions | 28 from sat.core import exceptions |
29 from sat.tools import xml_tools | 29 from sat.tools import xml_tools |
30 from sat.tools.common import data_format | 30 from sat.tools.common import data_format |
31 from sat.tools import stream | 31 from sat.tools import stream |
32 from sat.tools.web import treq_client_no_ssl | |
32 | 33 |
33 log = getLogger(__name__) | 34 log = getLogger(__name__) |
34 | 35 |
35 | 36 |
36 PLUGIN_INFO = { | 37 PLUGIN_INFO = { |
161 unique_name = '.'.join([uid] + suffixes) | 162 unique_name = '.'.join([uid] + suffixes) |
162 with client.cache.cacheData("DOWNLOAD", uid, filename=unique_name) as f: | 163 with client.cache.cacheData("DOWNLOAD", uid, filename=unique_name) as f: |
163 # we close the file and only use its name, the file will be opened | 164 # we close the file and only use its name, the file will be opened |
164 # by the registered callback | 165 # by the registered callback |
165 dest_path = f.name | 166 dest_path = f.name |
167 | |
168 # should we check certificates? | |
169 check_certificate = self.host.memory.getParamA( | |
170 "check_certificate", "Connection", profile_key=client.profile) | |
171 if not check_certificate: | |
172 options['ignore_tls_errors'] = True | |
173 log.warning( | |
174 _("certificate check disabled for download, this is dangerous!")) | |
175 | |
166 try: | 176 try: |
167 callback = self._download_callbacks[uri_parsed.scheme] | 177 callback = self._download_callbacks[uri_parsed.scheme] |
168 except KeyError: | 178 except KeyError: |
169 raise exceptions.NotFound(f"Can't find any handler for uri {uri}") | 179 raise exceptions.NotFound(f"Can't find any handler for uri {uri}") |
170 else: | 180 else: |
210 download_d.errback(exceptions.NetworkError(msg)) | 220 download_d.errback(exceptions.NetworkError(msg)) |
211 | 221 |
212 async def downloadHTTP(self, client, uri_parsed, dest_path, options): | 222 async def downloadHTTP(self, client, uri_parsed, dest_path, options): |
213 url = uri_parsed.geturl() | 223 url = uri_parsed.geturl() |
214 | 224 |
215 head_data = await treq.head(url) | 225 if options.get('ignore_tls_errors', False): |
226 log.warning( | |
227 "TLS certificate check disabled, this is highly insecure" | |
228 ) | |
229 treq_client = treq_client_no_ssl | |
230 else: | |
231 treq_client = treq | |
232 | |
233 head_data = await treq_.head(url) | |
216 try: | 234 try: |
217 content_length = int(head_data.headers.getRawHeaders('content-length')[0]) | 235 content_length = int(head_data.headers.getRawHeaders('content-length')[0]) |
218 except (KeyError, TypeError, IndexError): | 236 except (KeyError, TypeError, IndexError): |
219 content_length = None | 237 content_length = None |
220 log.debug(f"No content lenght found at {url}") | 238 log.debug(f"No content lenght found at {url}") |
226 size = content_length, | 244 size = content_length, |
227 ) | 245 ) |
228 | 246 |
229 progress_id = file_obj.uid | 247 progress_id = file_obj.uid |
230 | 248 |
231 resp = await treq.get(url, unbuffered=True) | 249 resp = await treq_client.get(url, unbuffered=True) |
232 if resp.code == 200: | 250 if resp.code == 200: |
233 d = treq.collect(resp, file_obj.write) | 251 d = treq.collect(resp, file_obj.write) |
234 d.addBoth(lambda _: file_obj.close()) | 252 d.addBoth(lambda _: file_obj.close()) |
235 else: | 253 else: |
236 d = defer.Deferred() | 254 d = defer.Deferred() |