Geek Answers Handbook

Twisted Python How to create twisted.web.client.BrowserLikePolicyForHTTPS using custom trustRoot?

I am trying to create t.w.c.BrowserLikePolicyForHTTPSfor use as a ContextFactoryfor t.w.c.Agent. I use the internal CA for all the servers that I want the Agent to contact, so I would say to download the CA certificate (PEM format) and use it as the trustRoot argument for BrowserLikePolicyForHTTPS. I read the documents and looked at the source, but I have no idea what I should offer as arguments. I tried to provide the PyOPenSSL x509 object, but I get an error:

exceptions.TypeError: ('Could not adapt', <OpenSSL.crypto.X509 object at 0x280b290>, <InterfaceClass twisted.internet._sslverify.IOpenSSLTrustRoot>)

In the code, t.i._sslverifyI see that it OpenSSLCertificateAuthoritiessomehow adapts to IOpenSSLTrustRoot, but it’s not entirely clear to me how this happens.

I know that the exchange agent does not conduct any checks. I work with a treq fork and am experimenting with adding an option to provide a custom agent.

Any help with the trustRoot argument would be greatly appreciated. If I go this hard way, let me know.

+4
source share
2 answers

Your question here underscores the scary supervision in the documentation; both in the API documentation and in the descriptive documentation. If Jean-Paul cannot understand the “right way” to do this, then there is no hope for a regular user. I filed an error to fix this oversight .

, , Jean-Paul. , , ( ). , . , Certificate trustRoot. ( Twisted 14.0.2):

from __future__ import print_function
from twisted.web.client import Agent, BrowserLikePolicyForHTTPS
from twisted.internet.task import react
from twisted.internet.ssl import Certificate
from twisted.internet.protocol import Protocol
from twisted.python.filepath import FilePath
from twisted.internet.defer import inlineCallbacks, Deferred

@inlineCallbacks
def main(reactor):
    customPolicy = BrowserLikePolicyForHTTPS(
        Certificate.loadPEM(FilePath("your-trust-root.pem").getContent())
    )
    agent = Agent(reactor, customPolicy)
    response = yield agent.request(
        "GET", "https://your-web-site.example.com/"
    )
    done = Deferred()
    class CaptureString(Protocol):
        def dataReceived(self, data):
            print("Received:", data)
        def connectionLost(self, reason):
            done.callback(None)
    response.deliverBody(CaptureString())
    yield done

react(main)
+6

IOpenSSLTrustRoot - API.

, . , , , .

, , Twisted , , - , , .

- , , , , , , Twisted listing , , , .

, , . Twisted , . .

:

from zope.interface import implementer

from characteristic import attributes

from twisted.internet._sslverify import IOpenSSLTrustRoot

@implementer(IOpenSSLTrustRoot)
@attributes(["root_certificate_path"])
class MyCATrustRoot(object):
    def _addCACertsToContext(self, context):
        context.load_verify_locations(self.root_certificate_path)

MyCATrustRoot trustRoot BrowserLikePolicyForHTTPS. , Twisted 14.0.2, trustRoot, BrowserLikePolicyForHTTPS.

, "CA" /foo/ca.pem:

from twisted.web.client import BrowserLikePolicyForHTTPS, Agent
from twisted.internet import reactor

agent = Agent(reactor, BrowserLikePolicyForHTTPS(
    MyCATrustRoot(root_certificate_path="/foo/ca.pem")))
0

More articles:


All Articles