* Added support for key file pass-phrase for make_ssl_context func in ndg.httpsclient.ssl_context_util

pjkersha · pjkersha · commit 9eea189ca6f3 · 2012-11-13T11:27:31.000Z
git-svn-id: http://proj.badc.rl.ac.uk/svn/ndg-security/trunk/ndg_httpsclient@8258 051b1e3e-aa0c-0410-b6c2-bfbade6052be
diff --git a/ndg/httpsclient/ssl_context_util.py b/ndg/httpsclient/ssl_context_util.py
@@ -36,7 +36,8 @@ def make_ssl_context_from_config(ssl_config=False, url=None):
 
 
 def make_ssl_context(key_file=None, cert_file=None, pem_file=None, ca_dir=None,
-                     verify_peer=False, url=None, method=SSL.SSLv23_METHOD):
+                     verify_peer=False, url=None, method=SSL.SSLv23_METHOD,
+                     key_file_passphrase=None):
     """
     Creates SSL context containing certificate and key file locations.
     """
@@ -45,11 +46,16 @@ def make_ssl_context(key_file=None, cert_file=None, pem_file=None, ca_dir=None,
     # Key file defaults to certificate file if present.
     if cert_file:
         ssl_context.use_certificate_file(cert_file)
+        
+    if key_file_passphrase:
+        passwd_cb = lambda max_passphrase_len, set_prompt, userdata: \
+                           key_file_passphrase 
+        ssl_context.set_passwd_cb(passwd_cb)
+        
     if key_file:
         ssl_context.use_privatekey_file(key_file)
-    else:
-        if cert_file:
-            ssl_context.use_privatekey_file(cert_file)
+    elif cert_file:
+        ssl_context.use_privatekey_file(cert_file)
 
     if pem_file or ca_dir:
         ssl_context.load_verify_locations(pem_file, ca_dir)
@@ -70,6 +76,7 @@ def _callback(conn, x509, errnum, errdepth, preverify_ok):
             ssl_context.set_verify(SSL.VERIFY_PEER, verify_callback)
     else:
         ssl_context.set_verify(SSL.VERIFY_NONE, verify_callback)
+        
     return ssl_context
 
 
diff --git a/ndg/httpsclient/utils.py b/ndg/httpsclient/utils.py
@@ -109,6 +109,10 @@ def fetch_stream_from_url(url, config, data=None, handlers=None):
     @type url: basestring
     @param config: SSL context configuration
     @type config: Configuration
+    @param data: HTTP POST data
+    @type data: str
+    @param handlers: list of custom urllib2 handlers to add to the request
+    @type handlers: iterable
     @return: data retrieved from URL or None
     @rtype: file derived type
     """
@@ -141,6 +145,7 @@ def open_url(url, config, data=None, handlers=None):
         cj = config.cookie
     else:
         cj = cookielib.CookieJar()
+        
     # Use a cookie processor that accumulates cookies when redirects occur so
     # that an application can redirect for authentication and retain both any
     # cookies for the application and the security system (c.f.,
