3 b2 @sddlmZddlZejdkr,ddlmZn ddlmZddlZddlm Z ddl m Z ddl m Z ydd l m Z Wn ek rdd lm Z YnXdd lmZdd lmZmZdd lmZd gZGdddeZGdd d eZdS))absolute_importN)httplib)debug) Semaphore)time)urlparse)Config)ParameterErrorS3SSLCertificateError)getBucketFromHostnameConnManc@sjeZdZdZdZeddZeddZeddZed d Z d d Z d dZ edddZ ddZ dS)http_connectionNFc CsNt}d}ytj|d}Wntk r.YnX|rJ|j rJd|_td|S)N)cafileFz+Disabling SSL certificate hostname checking)r sslcreate_default_contextAttributeErrorcheck_ssl_hostnamecheck_hostnamer)rcfgcontextrJ/oak/stanford/groups/akundaje/marinovg/programs/s3cmd-master/S3/ConnMan.py_ssl_verified_context(s z%http_connection._ssl_verified_contextc Cs:tdd}ytj|tjd}Wntk r4YnX|S)Nz"Disabling SSL certificate checking)r cert_reqs)rr_create_unverified_context CERT_NONEr)rrrrr_ssl_unverified_context6sz'http_connection._ssl_unverified_contextc CsDd}y&|rtjntj}tj||||d}Wntk r>YnX|S)N)rkeyfilecertfiler)r CERT_REQUIREDrrr)r rZcheck_server_certrrrrrr_ssl_client_auth_contextAs z(http_connection._ssl_client_auth_contextcCstjr tjSt}|j}|dkr$d}|jp,d}|jp6d}td|td|td||dk rrtj|||j |}n|j rtj |}n tj |}|t_dt_|S)NzUsing ca_certs_file %szUsing ssl_client_cert_file %szUsing ssl_client_key_file %sT) r context_setrr ca_certs_filessl_client_cert_filessl_client_key_filerr"check_ssl_certificaterr)rrr rrrrr _ssl_contextNs&       zhttp_connection._ssl_contextcCstd|jdf}|j}tdtjj}x|D]\}}|dkr2|j}|jdrh|jdrh|jds||jdr|jdrdS||d tj jd kr2|j|d tj jd r2dSq2Wd S) a Wildcard matching for *.s3.amazonaws.com and similar per region. Per http://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html: "We recommend that all bucket names comply with DNS naming conventions." Per http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html: "When using virtual hosted-style buckets with SSL, the SSL wild card certificate only matches buckets that do not contain periods. To work around this, use HTTP or write your own certificate verification logic." Therefore, we need a custom validation routine that allows mybucket.example.com.s3.amazonaws.com to be considered a valid hostname for the *.s3.amazonaws.com wildcard cert, and for the region-specific *.s3-[region].amazonaws.com wildcard cert. We also forgive non-S3 wildcard certificates should the hostname match, to allow compatibility with other S3 API-compatible storage providers. z6checking SSL subjectAltName as forgiving wildcard certsubjectAltNamezhttps://DNSz*.s3z.amazonaws.comz.amazonaws.com.cnT*)bucketlocationr#F) rgetlowerr r host_buckethostname startswithendswithbucket_location)selfcertr2sanZcleaned_host_bucket_configkeyvaluerrrforgive_wildcard_certis"  z%http_connection.forgive_wildcard_certcCs||jjj}ytj||jWnXtk r2dStk rDdStk rv}z|j ||jsf|WYdd}~XnXdS)N) csock getpeercertrmatch_hostnamer2r ValueErrorZS3CertificateErrorr;)r6r7errrr?s zhttp_connection.match_hostnamecCsyftj}t|\}}|r:d|kr:tdd}|rJd|_n|rF|j}nd}tj||||d}tdWnZtk rytj|||d}tdWn(tk rtj||}td YnXYnX|S) N.zHBucket name contains "." character, disabling initial SSL hostname checkFT)rrz=httplib.HTTPSConnection() has both context and check_hostname)rz*httplib.HTTPSConnection() has only contextz@httplib.HTTPSConnection() has neither context nor check_hostname)rr)r rrrHTTPSConnection TypeError)r2portr bucket_namesuccessrconnrrr_https_connections*     z!http_connection._https_connectioncCs8||_||_d|_td|}|j|_|j|_|jrZ|jdkrZ|jjd|_td|jnd|_|j s|rt j |j|j|_ td|j|jn"t j|j|j|_ td|j|jnz|r t j |j |j|_ td|j |j|jr|jpd}|j j|j|td |j|n"t j|j |j|_ td |j |jt|_dS) Nrzhttps:///zendpoint path set to %sz#non-proxied HTTPSConnection(%s, %s)z"non-proxied HTTPConnection(%s, %s)zproxied HTTPSConnection(%s, %s)iztunnel to %s, %szproxied HTTPConnection(%s, %s))ridcounterr r2rEpathrstripr proxy_hostrrIr<rHTTPConnection proxy_port set_tunnelrlast_used_time)r6rKr2rrZparsed_hostnamerErrr__init__s2 zhttp_connection.__init__)N)__name__ __module__ __qualname__rr$ staticmethodrrr"r)r;r?rIrTrrrrr$s  ( $rc@sLeZdZejZejZeZiZdZ e d ddZ e ddZ e ddZ dS) ri NcCsLt}|dkr|j}d}|jdkrJ|r8tjdkr8tdd|j|jf}nd|rTdpVd|f}tjj |tj kr|gtj |<xhtj |rtj |j }t }||j |jkr||j krtd|j|jfPtdtj|d}q~Wtjj|s:td |t||||}|jj|jr:|jr:|jr:|j|jd 7_|S) Nr#iz6use_https=True can't be used with proxy on Python <2.7z proxy://%s:%sz http%s://%ssz)ConnMan.get(): re-using connection: %s#%dz)ConnMan.get(): closing expired connectionz*ConnMan.get(): creating new connection: %sr)r use_httpsrOsys hexversionr rQr conn_pool_semacquire conn_poolpoprrSconnection_max_agerrKrLclosereleaserr<connectrr(rr?)r2rrrHZconn_idZcur_timerrrr/s@          z ConnMan.getcCs|jjdr"tj|tddS|jtjkrDtj|tddSt}|jsftj|tddSt |_ tj j tj |jj|tj jtd|j|jfdS)Nzproxy://zFConnMan.put(): closing proxy connection (keep-alive not yet supported)z+ConnMan.put(): closing over-used connectionz?ConnMan.put(): closing connection (connection pooling disabled)z2ConnMan.put(): connection put back to pool (%s#%d))rKr3rrbrrLconn_max_counterr connection_poolingrrSr]r^r_appendrc)rHrrrrput"s&       z ConnMan.putcCs|r|jjdS)N)r<rb)rHrrrrb>sz ConnMan.close)N)rUrVrWr _CS_REQ_SENTCONTINUErr]r_rerXr/rhrbrrrrrs % )rr) __future__rr[ version_infoZCustom_httplib3xrZCustom_httplib27rloggingr threadingrrr ImportError urllib.parser Exceptionsr r Utilsr __all__objectrrrrrr s&        R