python3-oslo.service 1.8.0-1ubuntu1 / usr / lib / python3 / dist-packages / oslo_service / sslutils.py

This file is indexed.

/usr/lib/python3/dist-packages/oslo_service/sslutils.py is in python3-oslo.service 1.8.0-1ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
# Copyright 2013 IBM Corp.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import copy
import os
import ssl

from oslo_service._i18n import _
from oslo_service import _options


config_section = 'ssl'

_SSL_PROTOCOLS = {
    "tlsv1": ssl.PROTOCOL_TLSv1,
    "sslv23": ssl.PROTOCOL_SSLv23
}

_OPTIONAL_PROTOCOLS = {
    'sslv2': 'PROTOCOL_SSLv2',
    'sslv3': 'PROTOCOL_SSLv3',
    'tlsv1_1': 'PROTOCOL_TLSv1_1',
    'tlsv1_2': 'PROTOCOL_TLSv1_2',
}
for protocol in _OPTIONAL_PROTOCOLS:
    try:
        _SSL_PROTOCOLS[protocol] = getattr(ssl,
                                           _OPTIONAL_PROTOCOLS[protocol])
    except AttributeError:  # nosec
        pass


def list_opts():
    """Entry point for oslo-config-generator."""
    return [(config_section, copy.deepcopy(_options.ssl_opts))]


def register_opts(conf):
    """Registers sslutils config options."""
    return conf.register_opts(_options.ssl_opts, config_section)


def is_enabled(conf):
    conf.register_opts(_options.ssl_opts, config_section)
    cert_file = conf.ssl.cert_file
    key_file = conf.ssl.key_file
    ca_file = conf.ssl.ca_file
    use_ssl = cert_file or key_file

    if cert_file and not os.path.exists(cert_file):
        raise RuntimeError(_("Unable to find cert_file : %s") % cert_file)

    if ca_file and not os.path.exists(ca_file):
        raise RuntimeError(_("Unable to find ca_file : %s") % ca_file)

    if key_file and not os.path.exists(key_file):
        raise RuntimeError(_("Unable to find key_file : %s") % key_file)

    if use_ssl and (not cert_file or not key_file):
        raise RuntimeError(_("When running server in SSL mode, you must "
                             "specify both a cert_file and key_file "
                             "option value in your configuration file"))

    return use_ssl


def wrap(conf, sock):
    conf.register_opts(_options.ssl_opts, config_section)
    ssl_kwargs = {
        'server_side': True,
        'certfile': conf.ssl.cert_file,
        'keyfile': conf.ssl.key_file,
        'cert_reqs': ssl.CERT_NONE,
    }

    if conf.ssl.ca_file:
        ssl_kwargs['ca_certs'] = conf.ssl.ca_file
        ssl_kwargs['cert_reqs'] = ssl.CERT_REQUIRED

        if conf.ssl.version:
            key = conf.ssl.version.lower()
            try:
                ssl_kwargs['ssl_version'] = _SSL_PROTOCOLS[key]
            except KeyError:
                raise RuntimeError(
                    _("Invalid SSL version : %s") % conf.ssl.version)

        if conf.ssl.ciphers:
            ssl_kwargs['ciphers'] = conf.ssl.ciphers

    # NOTE(eezhova): SSL/TLS protocol version is injected in ssl_kwargs above,
    # so skipping bandit check
    return ssl.wrap_socket(sock, **ssl_kwargs)  # nosec

APT Browse - Built by Thomas Orozco.