comparison sat/tools/web.py @ 3089:e75024e41f81

plugin upload, XEP-0363: code modernisation + preparation for extension: - use of async/await syntax - fileUpload's options are now serialised, allowing non string values - (XEP-0363) Slot is now a dataclass, so it can be modified by other plugins - (XEP-0363) Moved SSL related code to the new tools.web module - (XEP-0363) added `XEP-0363_upload_size` and `XEP-0363_upload` trigger points - a Deferred is not used anymore for `progress_id`, the value is directly returned
author Goffi <goffi@goffi.org>
date Fri, 20 Dec 2019 12:28:04 +0100
parents
children 9d0df638c8b4
comparison
equal deleted inserted replaced
3088:d1464548055a 3089:e75024e41f81
1 #!/usr/bin/env python3
2
3 # SàT: an XMPP client
4 # Copyright (C) 2009-2019 Jérôme Poisson (goffi@goffi.org)
5
6 # This program is free software: you can redistribute it and/or modify
7 # it under the terms of the GNU Affero General Public License as published by
8 # the Free Software Foundation, either version 3 of the License, or
9 # (at your option) any later version.
10
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU Affero General Public License for more details.
15
16 # You should have received a copy of the GNU Affero General Public License
17 # along with this program. If not, see <http://www.gnu.org/licenses/>.
18
19 from OpenSSL import SSL
20 from zope.interface import implementer
21 from treq.client import HTTPClient
22 from twisted.internet.interfaces import IOpenSSLClientConnectionCreator
23 from twisted.internet import reactor, ssl
24 from twisted.web import iweb
25 from twisted.web import client as http_client
26 from sat.core.log import getLogger
27
28
29 log = getLogger(__name__)
30
31
32 SSLError = SSL.Error
33
34
35 @implementer(IOpenSSLClientConnectionCreator)
36 class NoCheckConnectionCreator(object):
37 def __init__(self, hostname, ctx):
38 self._ctx = ctx
39
40 def clientConnectionForTLS(self, tlsProtocol):
41 context = self._ctx
42 connection = SSL.Connection(context, None)
43 connection.set_app_data(tlsProtocol)
44 return connection
45
46
47 @implementer(iweb.IPolicyForHTTPS)
48 class NoCheckContextFactory(ssl.ClientContextFactory):
49 """Context factory which doesn't do TLS certificate check
50
51 /!\\ it's obvisously a security flaw to use this class,
52 and it should be used only with explicit agreement from the end used
53 """
54
55 def creatorForNetloc(self, hostname, port):
56 log.warning(
57 "TLS check disabled for {host} on port {port}".format(
58 host=hostname, port=port
59 )
60 )
61 certificateOptions = ssl.CertificateOptions(trustRoot=None)
62 return NoCheckConnectionCreator(hostname, certificateOptions.getContext())
63
64
65 #: following treq doesn't check TLS, obviously it is unsecure and should not be used
66 #: without explicit warning
67 treq_no_ssl = HTTPClient(http_client.Agent(reactor, NoCheckContextFactory))