changeset 3205:2c0628f3927e

plugin download, aesgcm: disable TLS check if `check_certificate` setting is disabled
author Goffi <goffi@goffi.org>
date Fri, 06 Mar 2020 18:19:03 +0100
parents fc2bea41e402
children ae09989e9feb
files sat/plugins/plugin_misc_download.py sat/plugins/plugin_sec_aesgcm.py sat/tools/web.py
diffstat 3 files changed, 33 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/sat/plugins/plugin_misc_download.py	Fri Mar 06 18:19:03 2020 +0100
+++ b/sat/plugins/plugin_misc_download.py	Fri Mar 06 18:19:03 2020 +0100
@@ -29,6 +29,7 @@
 from sat.tools import xml_tools
 from sat.tools.common import data_format
 from sat.tools import stream
+from sat.tools.web import treq_client_no_ssl
 
 log = getLogger(__name__)
 
@@ -163,6 +164,15 @@
                     # we close the file and only use its name, the file will be opened
                     # by the registered callback
                     dest_path = f.name
+
+        # should we check certificates?
+        check_certificate = self.host.memory.getParamA(
+            "check_certificate", "Connection", profile_key=client.profile)
+        if not check_certificate:
+            options['ignore_tls_errors'] = True
+            log.warning(
+                _("certificate check disabled for download, this is dangerous!"))
+
         try:
             callback = self._download_callbacks[uri_parsed.scheme]
         except KeyError:
@@ -212,7 +222,15 @@
     async def downloadHTTP(self, client, uri_parsed, dest_path, options):
         url = uri_parsed.geturl()
 
-        head_data = await treq.head(url)
+        if options.get('ignore_tls_errors', False):
+            log.warning(
+                "TLS certificate check disabled, this is highly insecure"
+            )
+            treq_client = treq_client_no_ssl
+        else:
+            treq_client = treq
+
+        head_data = await treq_.head(url)
         try:
             content_length = int(head_data.headers.getRawHeaders('content-length')[0])
         except (KeyError, TypeError, IndexError):
@@ -228,7 +246,7 @@
 
         progress_id = file_obj.uid
 
-        resp = await treq.get(url, unbuffered=True)
+        resp = await treq_client.get(url, unbuffered=True)
         if resp.code == 200:
             d = treq.collect(resp, file_obj.write)
             d.addBoth(lambda _: file_obj.close())
--- a/sat/plugins/plugin_sec_aesgcm.py	Fri Mar 06 18:19:03 2020 +0100
+++ b/sat/plugins/plugin_sec_aesgcm.py	Fri Mar 06 18:19:03 2020 +0100
@@ -33,6 +33,7 @@
 from sat.core import exceptions
 from sat.tools import stream
 from sat.core.log import getLogger
+from sat.tools.web import treq_client_no_ssl
 
 log = getLogger(__name__)
 
@@ -92,7 +93,15 @@
         download_url = parse.urlunparse(
             ('https', uri_parsed.netloc, uri_parsed.path, '', '', ''))
 
-        head_data = await treq.head(download_url)
+        if options.get('ignore_tls_errors', False):
+            log.warning(
+                "TLS certificate check disabled, this is highly insecure"
+            )
+            treq_client = treq_client_no_ssl
+        else:
+            treq_client = treq
+
+        head_data = await treq_client.head(download_url)
         content_length = int(head_data.headers.getRawHeaders('content-length')[0])
         # the 128 bits tag is put at the end
         file_size = content_length - 16
@@ -107,7 +116,7 @@
 
         progress_id = file_obj.uid
 
-        resp = await treq.get(download_url, unbuffered=True)
+        resp = await treq_client.get(download_url, unbuffered=True)
         if resp.code == 200:
             d = treq.collect(resp, partial(
                 self.onDataDownload,
--- a/sat/tools/web.py	Fri Mar 06 18:19:03 2020 +0100
+++ b/sat/tools/web.py	Fri Mar 06 18:19:03 2020 +0100
@@ -45,7 +45,7 @@
 
 
 @implementer(iweb.IPolicyForHTTPS)
-class NoCheckContextFactory(ssl.ClientContextFactory):
+class NoCheckContextFactory:
     """Context factory which doesn't do TLS certificate check
 
     /!\\ it's obvisously a security flaw to use this class,
@@ -64,4 +64,4 @@
 
 #: following treq doesn't check TLS, obviously it is unsecure and should not be used
 #: without explicit warning
-treq_no_ssl = HTTPClient(http_client.Agent(reactor, NoCheckContextFactory))
+treq_client_no_ssl = HTTPClient(http_client.Agent(reactor, NoCheckContextFactory()))