source: TI12-security/trunk/python/Tests/m2Crypto/test_m2urllib2.py @ 5373

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/Tests/m2Crypto/test_m2urllib2.py@5907
Revision 5373, 2.9 KB checked in by pjkersha, 11 years ago (diff)

Example m2urllib2 code prepared for use with OpenID Relying Party SSL peer authN of Provider

  • Cleaned up code to leave definitive test version
Line 
1from openid.fetchers import USER_AGENT, _allowedURL, Urllib2Fetcher
2import urllib2
3from M2Crypto.m2urllib2 import HTTPSHandler
4from M2Crypto import SSL
5from M2Crypto.X509 import X509_Store_Context
6
7def installOpener():
8    def verifyCallback(preVerifyOK, x509StoreCtx):
9        '''callback function used to control the behaviour when the
10        SSL_VERIFY_PEER flag is set
11       
12        http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html
13       
14        @type preVerifyOK: int
15        @param preVerifyOK: If a verification error is found, this parameter
16        will be set to 0
17        @type x509StoreCtx: M2Crypto.X509_Store_Context
18        @param x509StoreCtx: locate the certificate to be verified and perform
19        additional verification steps as needed
20        @rtype: int
21        @return: controls the strategy of the further verification process.
22        - If verify_callback returns 0, the verification process is immediately
23        stopped with "verification failed" state. If SSL_VERIFY_PEER is set,
24        a verification failure alert is sent to the peer and the TLS/SSL
25        handshake is terminated.
26        - If verify_callback returns 1, the verification process is continued.
27        If verify_callback always returns 1, the TLS/SSL handshake will not be
28        terminated with respect to verification failures and the connection
29        will be established. The calling process can however retrieve the error
30        code of the last verification error using SSL_get_verify_result(3) or
31        by maintaining its own error storage managed by verify_callback.
32        '''
33        if preVerifyOK == 0:
34            # Something is wrong with the certificate don't bother proceeding
35            # any further
36            return preVerifyOK
37       
38        x509Cert = x509StoreCtx.get_current_cert()
39        x509Cert.get_subject()
40        x509CertChain = x509StoreCtx.get1_chain()
41        for cert in x509CertChain:
42            subject = cert.get_subject()
43            dn = subject.as_text()
44            print dn
45           
46        # If all is OK preVerifyOK will be 1.  Return this to the caller to
47        # that it's OK to proceed
48        return preVerifyOK
49       
50    ctx = SSL.Context()
51
52    caDirPath = '../ndg.security.test/ndg/security/test/config/ca'
53    ctx.set_verify(SSL.verify_peer|SSL.verify_fail_if_no_peer_cert, 
54                   9, 
55                   callback=verifyCallback)
56#    ctx.set_verify(SSL.verify_peer|SSL.verify_fail_if_no_peer_cert, 1)
57
58    ctx.load_verify_locations(capath=caDirPath)
59#    ctx.load_cert(certFilePath,
60#                  keyfile=priKeyFilePath,
61#                  callback=lambda *arg, **kw: priKeyPwd)
62
63    from M2Crypto.m2urllib2 import build_opener
64    urllib2.install_opener(build_opener(ssl_context=ctx))
65   
66if __name__ == "__main__":
67    installOpener()
68    fetcher = Urllib2Fetcher()
69    resp = fetcher.fetch('https://localhost/openid')
70    print resp.body
Note: See TracBrowser for help on using the repository browser.