Mercurial > libervia-backend

comparison sat/plugins/plugin_sec_aesgcm.py @ 3205:2c0628f3927e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugin download, aesgcm: disable TLS check if `check_certificate` setting is disabled
author Goffi <goffi@goffi.org>
date Fri, 06 Mar 2020 18:19:03 +0100
parents adf1aeaa0d37
children 2ba602aef90e
comparison
equal deleted inserted replaced
3204:fc2bea41e402 3205:2c0628f3927e
31 from sat.core.i18n import _ 31 from sat.core.i18n import _
32 from sat.core.constants import Const as C 32 from sat.core.constants import Const as C
33 from sat.core import exceptions 33 from sat.core import exceptions
34 from sat.tools import stream 34 from sat.tools import stream
35 from sat.core.log import getLogger 35 from sat.core.log import getLogger
36 from sat.tools.web import treq_client_no_ssl
36 37
37 log = getLogger(__name__) 38 log = getLogger(__name__)
38 39
39 PLUGIN_INFO = { 40 PLUGIN_INFO = {
40 C.PI_NAME: "AES-GCM", 41 C.PI_NAME: "AES-GCM",
90 ).decryptor() 91 ).decryptor()
91 92
92 download_url = parse.urlunparse( 93 download_url = parse.urlunparse(
93 ('https', uri_parsed.netloc, uri_parsed.path, '', '', '')) 94 ('https', uri_parsed.netloc, uri_parsed.path, '', '', ''))
94 95
95 head_data = await treq.head(download_url) 96 if options.get('ignore_tls_errors', False):
97 log.warning(
98 "TLS certificate check disabled, this is highly insecure"
99 )
100 treq_client = treq_client_no_ssl
101 else:
102 treq_client = treq
103
104 head_data = await treq_client.head(download_url)
96 content_length = int(head_data.headers.getRawHeaders('content-length')[0]) 105 content_length = int(head_data.headers.getRawHeaders('content-length')[0])
97 # the 128 bits tag is put at the end 106 # the 128 bits tag is put at the end
98 file_size = content_length - 16 107 file_size = content_length - 16
99 108
100 file_obj = stream.SatFile( 109 file_obj = stream.SatFile(
105 size = file_size, 114 size = file_size,
106 ) 115 )
107 116
108 progress_id = file_obj.uid 117 progress_id = file_obj.uid
109 118
110 resp = await treq.get(download_url, unbuffered=True) 119 resp = await treq_client.get(download_url, unbuffered=True)
111 if resp.code == 200: 120 if resp.code == 200:
112 d = treq.collect(resp, partial( 121 d = treq.collect(resp, partial(
113 self.onDataDownload, 122 self.onDataDownload,
114 client=client, 123 client=client,
115 file_obj=file_obj, 124 file_obj=file_obj,