holado 0.2.7__py3-none-any.whl → 0.3.0__py3-none-any.whl

holado_python/standard_library/socket/socket.py

@@ -13,12 +13,20 @@
 
 import logging
 import socket
-from _socket import SHUT_RDWR
+from _socket import SHUT_RDWR, SOCK_STREAM, error
 from holado.common.handlers.object import DeleteableObject
 import abc
 from holado_core.common.exceptions.functional_exception import FunctionalException
 from holado_core.common.tools.tools import Tools
 from holado_python.standard_library.ssl.ssl import SslManager
+import threading
+import types
+from abc import abstractmethod
+from holado.common.handlers.undefined import undefined_argument
+import copy
+from holado_python.standard_library.typing import Typing
+import ssl
+import select
 
 logger = logging.getLogger(__name__)
 
@@ -31,14 +39,83 @@ class Socket(DeleteableObject):
     """
     __metaclass__ = abc.ABCMeta
     
-    def __init__(self, *, name=None, create_ipv4_socket_kwargs=None):
+    @classmethod
+    def create(cls, name, internal_socket):
+        res = cls.__new__(cls, name=name)
+        res.__init__(name=name)
+        res._set_internal_socket(internal_socket)
+        return res
+    
+    @classmethod
+    def create_connection(cls, address, timeout=undefined_argument,
+                          source_address=None, do_connect=True):
+        """Connect to *address* and return the socket object.
+    
+        Convenience function.  Connect to *address* (a 2-tuple ``(host,
+        port)``) and return the socket object.  Passing the optional
+        *timeout* parameter will set the timeout on the socket instance
+        before attempting to connect.  If no *timeout* is supplied, the
+        global default timeout setting returned by :func:`getdefaulttimeout`
+        is used.  If *source_address* is set it must be a tuple of (host, port)
+        for the socket to bind as a source address before making the connection.
+        A host of '' or port 0 tells the OS to use the default.
+        
+        Note: Implementation is a copy of socket.create_connection, but allowing to not connect.
+              If do_connect==True, implementation is identical to socket.create_connection.
+        """
+    
+        host, port = address
+        err = None
+        for res in socket.getaddrinfo(host, port, 0, SOCK_STREAM):
+            af, socktype, proto, canonname, sa = res  # @UnusedVariable
+            sock = None
+            try:
+                sock = socket.socket(af, socktype, proto)
+                if timeout is not undefined_argument:
+                    sock.settimeout(timeout)
+                if source_address:
+                    sock.bind(source_address)
+                if do_connect:
+                    sock.connect(sa)
+                # Break explicitly a reference cycle
+                err = None
+                return sock
+    
+            except error as _:
+                err = _
+                if sock is not None:
+                    sock.close()
+    
+        if err is not None:
+            try:
+                raise err
+            finally:
+                # Break explicitly a reference cycle
+                err = None
+        else:
+            raise error("getaddrinfo returns an empty list")
+    
+    def __init__(self, *, name=None, create_ipv4_socket_kwargs=None, idle_sleep_delay=undefined_argument):
+        """Socket constructor
+        @param name: Socket name
+        @param create_ipv4_socket_kwargs: arguments to create an IPv4 socket
+        @param idle_sleep_delay: delay to sleep when socket is idle (used in some clients/servers to control CPU resource impact ; default: 0.01 s)
+        """
         if name is None and create_ipv4_socket_kwargs is not None:
             if not set(create_ipv4_socket_kwargs.keys()).issuperset({'host', 'port'}):
                 raise FunctionalException(f"Parameters 'host' and 'port' must be defined")
-            name = f"{create_ipv4_socket_kwargs['host']}:{create_ipv4_socket_kwargs['port']}"
+            name = f"{Typing.get_object_class_name(self)}({create_ipv4_socket_kwargs['host']}:{create_ipv4_socket_kwargs['port']})"
         
         super().__init__(name)
         self.__socket = None
+        self.__is_started = False
+        self.__start_thread = None
+        self.__idle_sleep_delay = idle_sleep_delay if idle_sleep_delay is not undefined_argument else 0.01
+        
+        # SSL management
+        self.__ssl_kwargs_tuple = None
+        self.__ssl_context = None
+        self.__is_ssl_handshake_done = False
         
         if create_ipv4_socket_kwargs is not None:
             self.create_ipv4_socket(**create_ipv4_socket_kwargs)
@@ -56,8 +133,37 @@ class Socket(DeleteableObject):
     def internal_socket(self) -> socket.socket:
         return self.__socket
     
-    def _set_internal_socket(self, socket):
+    @property
+    def is_started(self):
+        return self.__is_started
+    
+    @property
+    def is_with_ssl(self):
+        return self.__ssl_context is not None
+    
+    @property
+    def _ssl_kwargs(self):
+        return copy.copy(self.__ssl_kwargs_tuple[0]) if self.__ssl_kwargs_tuple and self.__ssl_kwargs_tuple[0] is not None else None
+    
+    @property
+    def _ssl_context_kwargs(self):
+        return copy.copy(self.__ssl_kwargs_tuple[1]) if self.__ssl_kwargs_tuple and self.__ssl_kwargs_tuple[1] is not None else None
+    
+    @property
+    def _ssl_wrap_socket_kwargs(self):
+        return copy.copy(self.__ssl_kwargs_tuple[2]) if self.__ssl_kwargs_tuple and self.__ssl_kwargs_tuple[2] is not None else None
+    
+    @property
+    def _ssl_context(self):
+        return self.__ssl_context
+    
+    @property
+    def _idle_sleep_delay(self):
+        return self.__idle_sleep_delay
+    
+    def _set_internal_socket(self, socket, is_ssl_handshake_done_on_connect=True):
         self.__socket = socket
+        self.__is_ssl_handshake_done = is_ssl_handshake_done_on_connect
     
     @abc.abstractmethod
     def create_ipv4_socket(self, host, port, **kwargs):
@@ -68,15 +174,43 @@ class Socket(DeleteableObject):
             try:
                 self.__socket.shutdown(SHUT_RDWR)
             except OSError as exc:
-                if 'Errno 107' in str(exc):
-                    logger.info(f"Got following error on socket shutdown (known to appear sometimes at shutdown): {exc}")
+                if 'Errno 9' in str(exc):
+                    logger.info(f"Got following error on socket shutdown (known to appear when connection is not open correctly or already closed): {exc}")
+                elif 'Errno 107' in str(exc):
+                    logger.info(f"Got following error on socket shutdown (known to appear sometimes during shutdown): {exc}")
                 else:
                     raise exc
-            self.__socket.close()
-            self.__socket = None
+            finally:
+                self.__socket.close()
+                self.__socket = None
+    
+    @abstractmethod
+    def start(self, *, read_bufsize=1024, read_kwargs=None, write_kwargs=None):
+        raise NotImplementedError()
+    
+    def _start_thread(self, thread):
+        # Start thread
+        self.__start_thread = thread
+        self.__start_thread.start()
+        self.__is_started = True
+        
+        if Tools.do_log(logger, logging.DEBUG):
+            logger.debug(f"[{self.name}] Started")
+    
+    def stop(self):
+        if self.__start_thread is not None:
+            if self.__start_thread.is_interruptable:
+                self.__start_thread.interrupt()
+            self.__start_thread.join()
+            self.__start_thread = None
+            self.__is_started = False
+            
+            if Tools.do_log(logger, logging.DEBUG):
+                logger.debug(f"[{self.name}] Stopped")
     
     def read(self, bufsize=1024, **kwargs):
-        res = self.internal_socket.recv(bufsize, **kwargs)
+        flags = kwargs.get('flags', 0)
+        res = self.internal_socket.recv(bufsize, flags)
         if logger.isEnabledFor(logging.DEBUG):
             logger.debug(f"[{self.name}] Received [{res}] (type: {type(res)})")
         return res
@@ -93,14 +227,50 @@ class Socket(DeleteableObject):
                 logger.debug(f"[{self.name}] Sent {res}/{len(data_bytes)} bytes of [{data_bytes}] (type: {type(data_bytes)})")
             return res
     
-    def _new_ssl_context_if_required(self, server_side=False, **socket_kwargs):
-        """Return a SSLContext if required, and the remaining socket kwargs.
+    def _extract_ssl_kwargs(self, socket_kwargs):
+        """Pop from socket kwargs: global ssl kwargs, SSLContext kwargs, and wrap_socket kwargs.
         """
-        res = None
+        ssl_kwargs, context_kwargs, wrap_socket_kwargs = None, {}, {}
         if Tools.has_sub_kwargs(socket_kwargs, 'ssl.'):
             ssl_kwargs = Tools.pop_sub_kwargs(socket_kwargs, 'ssl.')
-            res = SslManager.new_ssl_context(server_side=server_side, flat_kwargs=ssl_kwargs)
-        return res, socket_kwargs
+            if Tools.has_sub_kwargs(ssl_kwargs, 'context.'):
+                context_kwargs = Tools.pop_sub_kwargs(ssl_kwargs, 'context.')
+            if Tools.has_sub_kwargs(ssl_kwargs, 'wrap_socket.'):
+                wrap_socket_kwargs = Tools.pop_sub_kwargs(ssl_kwargs, 'wrap_socket.')
+        self.__ssl_kwargs_tuple = (ssl_kwargs, context_kwargs, wrap_socket_kwargs)
+        return socket_kwargs
+    
+    def _new_ssl_context_if_required(self, server_side=False, **kwargs):
+        """Return the remaining socket kwargs after ssl kwargs extraction.
+        """
+        res = self._extract_ssl_kwargs(kwargs)
+        
+        if self._ssl_kwargs is not None:
+            self.__ssl_context = SslManager.new_ssl_context(server_side=server_side, ssl_kwargs=self._ssl_kwargs, context_kwargs=self._ssl_context_kwargs)
+            
+        return res
+    
+    def do_ssl_handshake(self):
+        if self.is_with_ssl:
+            if self.internal_socket.getblocking():
+                self.internal_socket.do_handshake()
+                # self.internal_socket.do_handshake(block=True)
+            else:
+                while True:
+                    try:
+                        self.internal_socket.do_handshake()
+                        break
+                    except ssl.SSLWantReadError:
+                        select.select([self.internal_socket], [], [])
+                    except ssl.SSLWantWriteError:
+                        select.select([], [self.internal_socket], [])
+
+
+    
+    def ensure_ssl_handshake_is_done(self):
+        if self.is_with_ssl and not self.__is_ssl_handshake_done:
+            self.do_ssl_handshake()
+            self.__is_ssl_handshake_done = True
 
 
 class SocketClient(Socket):
@@ -109,10 +279,91 @@ class SocketClient(Socket):
     """
     __metaclass__ = abc.ABCMeta
     
-    def __init__(self, *, name=None, create_ipv4_socket_kwargs=None):
-        super().__init__(name=name, create_ipv4_socket_kwargs=create_ipv4_socket_kwargs)
+    def __init__(self, *, name=None, create_ipv4_socket_kwargs=None, idle_sleep_delay=undefined_argument, do_run_with_recv=True, do_run_with_send=True):
+        """Socket client constructor
+        @param name: Socket client name
+        @param create_ipv4_socket_kwargs: Arguments to create an IPv4 socket
+        @param idle_sleep_delay: delay to sleep when socket is idle (used only in some clients to control CPU resource impact ; default: 0.01 s)
+        @param do_run_with_recv: Define if recv is done in run process when client is started
+        @param do_run_with_send: Define if send is done in run process when client is started
+        """
+        # Data used in start processing
+        self.__data_lock = threading.Lock()
+        self.__data = types.SimpleNamespace(
+            in_bytes = b'',
+            out_bytes = b'',
+        )
+        self.__with_recv = do_run_with_recv
+        self.__with_send = do_run_with_send
+        
+        # Note: super().__init__ must be done after self.__data & others initialization since it can execute create_ipv4_socket_kwargs method
+        super().__init__(name=name, create_ipv4_socket_kwargs=create_ipv4_socket_kwargs, idle_sleep_delay=idle_sleep_delay)
     
-
+    @property
+    def is_run_with_recv(self):
+        return self.__with_recv
+    
+    @property
+    def is_run_with_send(self):
+        return self.__with_send
+    
+    @property
+    def _data_lock(self):
+        return self.__data_lock
+    
+    @property
+    def _data(self):
+        return self.__data
+    
+    def _delete_object(self):
+        self.stop()
+        super()._delete_object()
+    
+    def _start_thread(self, thread):
+        # Ensure SSL handshake is done before starting to receive and send data
+        self.ensure_ssl_handshake_is_done()
+        
+        # Start thread
+        super()._start_thread(thread)
+    
+    @property
+    def received_data(self):
+        with self.__data_lock:
+            res = copy.copy(self.__data.in_bytes)
+        return res
+    
+    @property
+    def received_data_size(self):
+        with self.__data_lock:
+            res = len(self.__data.in_bytes)
+        return res
+    
+    def reset_received_data(self):
+        with self.__data_lock:
+            self.__data.in_bytes = b''
+    
+    def read(self, bufsize=1024, **kwargs):
+        if self.is_started and self.is_run_with_recv:
+            with self.__data_lock:
+                if self.__data.in_bytes:
+                    res = self.__data.in_bytes[:bufsize]
+                    self.__data.in_bytes = self.__data.in_bytes[bufsize:]
+                else:
+                    res = b''
+                if logger.isEnabledFor(logging.DEBUG):
+                    logger.debug(f"[{self.name}] Read data from received data: [{res}] (type: {type(res)} ; remaining data: {len(self.__data.in_bytes)})")
+            return res
+        else:
+            return super().read(bufsize=bufsize, **kwargs)
+    
+    def write(self, data_bytes, loop_until_all_is_sent=True, **kwargs):
+        if self.is_started and self.is_run_with_send:
+            with self.__data_lock:
+                self.__data.out_bytes += data_bytes
+                if logger.isEnabledFor(logging.DEBUG):
+                    logger.debug(f"[{self.name}] Added data in data to send (total: {len(self.__data.out_bytes)})")
+        else:
+            return super().write(data_bytes, loop_until_all_is_sent=loop_until_all_is_sent, **kwargs)
 
 
 class SocketServer(Socket):
@@ -121,27 +372,16 @@ class SocketServer(Socket):
     """
     __metaclass__ = abc.ABCMeta
     
-    def __init__(self, *, name=None, create_ipv4_socket_kwargs=None):
-        super().__init__(name=name, create_ipv4_socket_kwargs=create_ipv4_socket_kwargs)
+    def __init__(self, *, name=None, create_ipv4_socket_kwargs=None, idle_sleep_delay=undefined_argument):
+        super().__init__(name=name, create_ipv4_socket_kwargs=create_ipv4_socket_kwargs, idle_sleep_delay=idle_sleep_delay)
     
     def accept(self):
         conn, addr = self.internal_socket.accept()
-        res = Socket(name=f"[{self.name}] Connection with {addr}")
-        res._set_internal_socket(conn)
+        res = Socket.create(name=f"[{self.name}] Connection with {addr}", internal_socket=conn)
         return res, addr
     
     @abc.abstractmethod
-    def start(self, read_bufsize=1024, *, read_kwargs=None, write_kwargs=None):
-        """Start server.
-        """
-        raise NotImplementedError()
-    
-    @abc.abstractmethod
-    def stop(self):
-        raise NotImplementedError()
-    
-    @abc.abstractmethod
-    def _process_data(self, data):
+    def _process_received_data(self, data):
         raise NotImplementedError()
 
 

holado_python/standard_library/ssl/resources/certificates/NOTES.txt

@@ -1,4 +1,4 @@
-localhost.ct and localhost.key were generated with command:
+localhost.crt and localhost.key were generated with command:
     openssl req -x509 -out localhost.crt -keyout localhost.key \
       -newkey rsa:2048 -nodes -sha256 \
       -subj '/CN=localhost' -extensions EXT -config <( \

holado_python/standard_library/ssl/resources/certificates/rootCACert.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID7jCCAtagAwIBAgIJAJNpPsX/1B+fMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYD
+VQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDzAN
+BgNVBAoMBnRjcGJpbjEMMAoGA1UECwwDb3BzMRMwEQYDVQQDDAp0Y3BiaW4uY29t
+MSMwIQYJKoZIhvcNAQkBFhRoYXJyeWJhZ2RpQGdtYWlsLmNvbTAeFw0xOTA1MDUw
+NjI3NTlaFw0yOTA1MDIwNjI3NTlaMIGLMQswCQYDVQQGEwJVUzELMAkGA1UECAwC
+Q0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDzANBgNVBAoMBnRjcGJpbjEMMAoG
+A1UECwwDb3BzMRMwEQYDVQQDDAp0Y3BiaW4uY29tMSMwIQYJKoZIhvcNAQkBFhRo
+YXJyeWJhZ2RpQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAK0LTwoX+/d/QKJuIuvUw2gUBGwjeX8DM3OqagcmZutlq9VfSW1pkzNhCpFU
+1JQh/bJ3P97VTZn75H2zL4BQnAXaPSRoi0wOFsoEhzbIOAFELPq2TMoY9lvOLO9n
+4yt4Pz7AbFLhPDeltqb91S/18hN1YmVTDEuMCz4OGnJOf5NbmuVwmjMcDWiOwmjp
+dBYlwCMn/TRB3wUPSwafLef9EIJfm4uL0ruH3Rlhj8Lktt0YTvrA7M6URMcgFqYG
+wNNsYa9X88Js1nxlryvTputbVf6zL35S7CvTGc6fft/pfdSAu2KcmOd+C0dew1GI
+daM9tqTiqi6Tg+IA2t4eaA3tR2MCAwEAAaNTMFEwHQYDVR0OBBYEFOLuMowBSAZf
+V5v82LmlaIIOvU/DMB8GA1UdIwQYMBaAFOLuMowBSAZfV5v82LmlaIIOvU/DMA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEj3o18u8FQDrQu89Etk
+4sQgiZxtQ0C3OglCXP9kRGSBt8Ymd/2bmpGK2TsEpACkfpJLaFRVPek2302YQ8mc
+oj63wPTDYx1P/BSH+dPvDUXI9SePXcrFAPq9YemteQHE+WZ/PFe0wAq1ehziWgqQ
+OiMb1wydDbaRZF6jPPMW7cHCiUYceLBRO0ZTe9CsUPYw6A78QZnO6P7Cuc1SwkNv
+uejCGTfv5HP72/Jm24ifAMOoWXALmvIIAnOVTwpPEX2nEnr9H1S8Psi3+mqkGyC1
+RQXprzHkflCKHxjiNfNguHeC3x6l0LGWEShcemyDWCsTgCYNX6RMTWWcug3Vb/70
+BSs=
+-----END CERTIFICATE-----

holado_python/standard_library/ssl/resources/certificates/tcpbin.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZTCCAk2gAwIBAgIBKjANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ8wDQYDVQQKDAZ0
+Y3BiaW4xDDAKBgNVBAsMA29wczETMBEGA1UEAwwKdGNwYmluLmNvbTEjMCEGCSqG
+SIb3DQEJARYUaGFycnliYWdkaUBnbWFpbC5jb20wHhcNMjUwNTI4MTMxODIwWhcN
+MjUwNTI5MTMxODIwWjAcMRowGAYDVQQDDBF0Y3BiaW4uY29tLWNsaWVudDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANvo9G/86es6qoCHTum0RAoqAAiY
+qnOCLgXmamgfQgbfYoBIkNTBBVzsZyoZIY4QuuO8E07VmbrnH23czCSAO5akPb7D
+teotATqDf4My0Ybht62nLoxhHBb9jrzSgv4+04gy/W6wu5diyfeY8BNopHkUkmEN
+WhmGkP9s9npUGaEfEeasuiB1JMkAEOWnw+kHqE3Us+4Av4Mht6srswst3B90WCIV
+Rry48gRJS4qZoAk1dwZHIcYSOfMJ8Pu69wS1qjRwRPLc3dfnUs2E3dAx1FDxDBkK
+eQ73VUm64A5AXLYRk3PvgPwbcgerkLAnYAb5o8YJmyufGXKQNhmZxcCt+t0CAwEA
+AaNCMEAwHQYDVR0OBBYEFDgjXXI6juiInalFSZEZM6BcEW9UMB8GA1UdIwQYMBaA
+FOLuMowBSAZfV5v82LmlaIIOvU/DMA0GCSqGSIb3DQEBCwUAA4IBAQAu6SJ3OT6D
+fhjfg4wRMHZVsaYSF6Kwe0RNt6izRkv5MUGi6Ew0SK1Mm+qxE51G3aaVCE4G+P1e
+ACOiBL55saWDJtdng2VTKhUsFxIk2c/t+tuh7ttV7i0yGbaLGDP0N2FveBhKj/5d
+SaPpAQvZ1rFhXpUU1jQr+xi5pP/iOPH02O8A8VgHyGebDVXs8iWMHjozOrRhgQVJ
+YAl5lyYs+aj199p9ixwY3RPPWbUcggvAipv9bu6uEEIWMOMMERM2P7yFYaWJBcw5
+A/Uqu2bBLmOu9/qmlEj2uQfTeVhnoT/bZBfmPcrL64tHjw7G5u0WuooPNTI23z28
+3ttcr+fDbDR4
+-----END CERTIFICATE-----

holado_python/standard_library/ssl/resources/certificates/tcpbin.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDb6PRv/OnrOqqA
+h07ptEQKKgAImKpzgi4F5mpoH0IG32KASJDUwQVc7GcqGSGOELrjvBNO1Zm65x9t
+3MwkgDuWpD2+w7XqLQE6g3+DMtGG4betpy6MYRwW/Y680oL+PtOIMv1usLuXYsn3
+mPATaKR5FJJhDVoZhpD/bPZ6VBmhHxHmrLogdSTJABDlp8PpB6hN1LPuAL+DIber
+K7MLLdwfdFgiFUa8uPIESUuKmaAJNXcGRyHGEjnzCfD7uvcEtao0cETy3N3X51LN
+hN3QMdRQ8QwZCnkO91VJuuAOQFy2EZNz74D8G3IHq5CwJ2AG+aPGCZsrnxlykDYZ
+mcXArfrdAgMBAAECggEAe76UfcfloTY752M8ZonHl6iWqD+v+puQZkWILtsX/mIJ
+PYKX7QBIkkd8rdXCafzEDY4xlzTe8qtHpjyOqyN1ZIk7LXNXlFSK0nBYem1INgwh
+nZfru5aRheZcQah7ibG0unlm3riYdtFiMO9geKtzkaafz/kBcEemo/SepatZWK3m
+DQX6okkpHh04GZNIO52K2QCaYpmj14fXIi2p5M4+KD+gmYbXhkmzNdcjz2l/wkqo
+SziZf31nzuoHd6FuQ6vAsmXU/m6jW7Nll0wsxTm5Ynw5SoIrAbreJJmSSD8o2Shj
+mvzWlurk1SgOhtoHP+AaVAn454x/Fn7+8u0f5ptNyQKBgQDvKc/3etCi22ntlgQM
+dIwxbUPnmSvwejpMPOq3kMGTQWUJcKFinbPC28s/lJGzVjMsH5VisjiprCt3TXGN
+XwmLNaUycWN3po9HyLSndAjHWM4aQ3yTOFKfLFEDUhKi8Dxy995KmHhgSSHd65qM
+PvnPhITZWfKLkItCOmNEULxE8wKBgQDrZCji91ztgNyN3MHDGN2o854lAvWc1l6s
+4L8ZwU/RCNYyvMkdhadASzLwVC44q/6txGjTHGjnJPdkzV2u+WsPVWG2uCaD9PV1
+3L8wyG9sJ2YoJE5QcAQ+1J+rRN3fluzSKFiQNDpf7C5YqCPvk7C7lXFllGHM6FmF
+hoYbyIb07wKBgQDKaF+qulViz0FqIwFQLT8NAcVrd7W5MyitpwyayLcbUkgZYioj
+lQYzDuOH7swUtApg+GXsfpr39k9fC7rjg6BHIeKqu04MUHmIrjM+WTSoyd68WYtP
+6WX7cn0py0ccgScXwfFuvnV6P8qaz7Afq5iuaSAp9zcPqQhCx7mFcrKzwwKBgQCo
+VH3woNgxd59BS4a8j8GjmmOTMCSYPayCkE3Yiyca4ujaa6qek/9guOX6exh6qnR7
+qyMTJRPXh9XqnfnKsM5grrwrwFC6uKf32x5WMl+LxjkFp8DhQNmoXMC554uK4xED
+0JpUtSSxh+I0wDjCkKkn29y1uYCe2eF63RJ2N9ZavQKBgQCbHI/bMIZw/fsaijg3
+676mpQqFPiQdXTogw8UWzZBAvP6eQOnqQ9aw4tJt6OZWnwCDMwXrEYk3H8qisZl7
+ou63o5t8bTrU4C6e1VIQ1XuQM4FEpx6/TFwBG2FXkgzGHUpHlR9+woxqvmQgfsiW
+tEJ/TZv7bU6s9FRLTzMspp+tIA==
+-----END PRIVATE KEY-----

holado_python/standard_library/ssl/ssl.py

@@ -13,13 +13,15 @@
 
 import logging
 import ssl
-from holado_core.common.exceptions.functional_exception import FunctionalException
 from holado_core.common.tools.tools import Tools
 from holado_json.ipc.json import set_object_attributes_with_json_dict
 from holado_core.common.exceptions.technical_exception import TechnicalException
 import os
 import copy
 from ssl import Purpose
+from holado_system.system.command.command import Command, CommandStates
+from holado.common.context.session_context import SessionContext
+import json
 
 logger = logging.getLogger(__name__)
 
@@ -32,37 +34,67 @@ class SslManager(object):
     """
     
     @classmethod
-    def new_ssl_context(cls, server_side=False, flat_kwargs=None):
+    def __get_path_manager(cls):
+        return SessionContext.instance().path_manager
+    
+    @classmethod
+    def new_ssl_context(cls, server_side=False, ssl_kwargs=None, context_kwargs=None):
         res = None
         
-        if flat_kwargs is None:
-            flat_kwargs = {}
-        kwargs = copy.copy(flat_kwargs)
+        if ssl_kwargs is None:
+            ssl_kwargs = {}
+        kwargs = copy.copy(ssl_kwargs)
         
         try:
             activate_ssl = kwargs.pop('activate', True)
             if activate_ssl:
+                if Tools.has_sub_kwargs(kwargs, 'create_default_context.'):
+                    create_default_context_kwargs = Tools.pop_sub_kwargs(kwargs, 'create_default_context.')
+                else:
+                    create_default_context_kwargs = {}
+                
                 purpose = Purpose.CLIENT_AUTH if server_side else Purpose.SERVER_AUTH
-                res = ssl.create_default_context(purpose=purpose)
+                res = ssl.create_default_context(purpose=purpose, **create_default_context_kwargs)
+                
+                # res.set_default_verify_paths()
                 
-                if Tools.has_sub_kwargs(kwargs, 'context.'):
-                    context_kwargs = Tools.pop_sub_kwargs(kwargs, 'context.')
+                if context_kwargs:
+                    c_kwargs = copy.copy(context_kwargs)
                     
-                    ciphers = context_kwargs.pop('ciphers', None)
+                    ciphers = c_kwargs.pop('ciphers', None)
                     if ciphers is not None:
+                        if ciphers == 'OPENSSL_CIPHERS':
+                            ciphers = SslManager.get_openssl_ciphers()
+                            logger.debug(f"Using openssl ciphers: {ciphers}")
                         res.set_ciphers(ciphers)
-                    if Tools.has_sub_kwargs(context_kwargs, 'load_cert_chain.'):
-                        load_cert_chain_kwargs = Tools.pop_sub_kwargs(context_kwargs, 'load_cert_chain.')
+                    if Tools.has_sub_kwargs(c_kwargs, 'load_cert_chain.'):
+                        load_cert_chain_kwargs = Tools.pop_sub_kwargs(c_kwargs, 'load_cert_chain.')
                         res.load_cert_chain(**load_cert_chain_kwargs)
-                    if Tools.has_sub_kwargs(context_kwargs, 'load_verify_locations.'):
-                        load_verify_locations_kwargs = Tools.pop_sub_kwargs(context_kwargs, 'load_verify_locations.')
+                    if Tools.has_sub_kwargs(c_kwargs, 'load_verify_locations.'):
+                        load_verify_locations_kwargs = Tools.pop_sub_kwargs(c_kwargs, 'load_verify_locations.')
                         res.load_verify_locations(**load_verify_locations_kwargs)
                     
-                    # Set context attributes with remaining kwargs
-                    if len(context_kwargs) > 0:
-                        set_object_attributes_with_json_dict(res, context_kwargs)
+                    # Set context attributes with remaining c_kwargs
+                    if len(c_kwargs) > 0:
+                        set_object_attributes_with_json_dict(res, c_kwargs)
+                
+                logger.debug(f"Default verify paths: {ssl.get_default_verify_paths()})")
+                dvp = ssl.get_default_verify_paths()
+                if res.verify_mode != ssl.CERT_NONE and dvp.cafile is None and 'create_default_context.cafile' not in ssl_kwargs and 'load_verify_locations.cafile' not in context_kwargs:
+                    msg_list = [f"No CA file is defined, it is not possible to verify certificates.",
+                                f"Most common solutions:",
+                                f"  - Configure to not verify certificates, by adding/setting in table: | 'ssl.context.verify_mode' | ssl.CERT_NONE |",
+                                f"  - Be sure OpenSSL default CA file exists on system (configured path: '{dvp.openssl_cafile}'). Example of command (on Ubuntu): sudo ln -s /etc/ssl/certs/ca-certificates.crt {dvp.openssl_cafile}",
+                                f"  - Configure a CA file at context creation, by adding/setting in table: | 'ssl.create_default_context.cafile' | <path to CA file> |",
+                                f"  - Configure a CA file after context creation, by adding/setting in table: | 'ssl.context.load_verify_locations.cafile' | <path to CA file> |",
+                                f"Note: step 'Given CACERTS_PATH = CA certs file path (from certifi package)' can be used to get the path to CA file coming with 'certifi' package that is supposed to be installed when using ssl module",
+                                ]
+                    raise TechnicalException("\n".join(msg_list))
+                logger.debug(f"Loaded CA certificates: {res.get_ca_certs()})")
+                logger.debug(f"Loaded ciphers: {res.get_ciphers()})")
+                
         except Exception as exc:
-            msg = f"Failed to create SSL context with parameters {flat_kwargs}: {exc}"
+            msg = f"Failed to create SSL context with parameters ({ssl_kwargs}, {context_kwargs}): {exc}"
             logger.error(msg)
             raise TechnicalException(msg) from exc
         
@@ -73,9 +105,94 @@ class SslManager(object):
         return res
     
     @classmethod
-    def get_localhost_certificate(cls):
+    def get_openssl_ciphers(cls):
+        import subprocess
+        output = subprocess.run(["openssl", "ciphers"], capture_output=True).stdout
+        output_str = output.decode("utf-8")
+        return output_str.strip().split("\n")[0]
+    
+    @classmethod
+    def get_default_certificates(cls):
+        dvp = ssl.get_default_verify_paths()
+        if not os.path.exists(dvp.cafile):
+            raise TechnicalException(f"openssl CA file '{dvp.cafile}' doesn't exist. Example of resolution command (on Ubuntu): sudo ln -s /etc/ssl/certs/ca-certificates.crt {dvp.cafile}")
+        return (dvp.cafile, dvp.capath)
+    
+    @classmethod
+    def get_certifi_ca_certs_file_path(cls):
+        import certifi
+        return certifi.where()
+    
+    # @classmethod
+    # def get_localhost_certificate(cls):
+    #     here = os.path.abspath(os.path.dirname(__file__))
+    #     certfile_path = os.path.join(here, 'resources', 'certificates', 'localhost.crt')
+    #     keyfile_path = os.path.join(here, 'resources', 'certificates', 'localhost.key')
+    #     return (certfile_path, keyfile_path)
+    
+    @classmethod
+    def get_tcpbin_certificates(cls):
         here = os.path.abspath(os.path.dirname(__file__))
-        certfile_path = os.path.join(here, 'resources', 'certificates', 'localhost.crt')
-        keyfile_path = os.path.join(here, 'resources', 'certificates', 'localhost.key')
-        return (certfile_path, keyfile_path)
+        certfile_path = os.path.join(here, 'resources', 'certificates', 'tcpbin.crt')
+        keyfile_path = os.path.join(here, 'resources', 'certificates', 'tcpbin.key')
+        ca_certfile_path = os.path.join(here, 'resources', 'certificates', 'rootCACert.pem')
+        
+        cls.ensure_tcpbin_certificates_are_valid(certfile_path, keyfile_path)
+        
+        return (certfile_path, keyfile_path, ca_certfile_path)
+    
+    @classmethod
+    def ensure_tcpbin_certificates_are_valid(cls, public_key_path, private_key_path, duration_seconds=600):
+        cls.__get_path_manager().makedirs(public_key_path)
+        cls.__get_path_manager().makedirs(private_key_path)
+        
+        # Verify if certificate has expired
+        do_generate_certificates = True
+        if os.path.exists(public_key_path):
+            cmd = f"openssl x509 -checkend {duration_seconds} -noout -in '{public_key_path}'"
+            command = Command(cmd, do_log_output=True, do_raise_on_stderr=False, executable="/bin/bash")
+            command.start()
+            command.join()
+            if command.state is CommandStates.Success:
+                do_generate_certificates = False
+            elif command.return_code == 1:
+                do_generate_certificates = True
+            else:
+                raise TechnicalException(f"Error while executing openssl command [{cmd}]: error code={command.return_code} ; stdout: [{command.stdout}] ; stderr: [{command.stderr}]")
+        
+        # Generate new certificates if needed
+        if do_generate_certificates:
+            cmd = f"curl -s https://tcpbin.com/api/client-cert"
+            command = Command(cmd, do_log_output=True, do_raise_on_stderr=False, executable="/bin/bash")
+            command.start()
+            command.join()
+            if command.state is not CommandStates.Success:
+                raise TechnicalException(f"Error while executing command [{cmd}] : [{command.stderr}]")
+            
+            data = json.loads(command.stdout)
+            with open(public_key_path, 'wt') as fout:
+                fout.write(data['cert'])
+            with open(private_key_path, 'wt') as fout:
+                fout.write(data['key'])
+    
+    @classmethod
+    def generate_new_self_signed_key_files(cls, public_key_path, private_key_path, openssl_args):
+        cls.__get_path_manager().makedirs(public_key_path)
+        cls.__get_path_manager().makedirs(private_key_path)
+        
+        cmd = f"openssl req -out '{public_key_path}' -keyout '{private_key_path}' {openssl_args}"
+        command = Command(cmd, do_log_output=True, do_raise_on_stderr=False, executable="/bin/bash")
+        command.start()
+        command.join()
+        
+        if command.state is not CommandStates.Success:
+            raise TechnicalException(f"Error while executing openssl command [{cmd}] : [{command.stderr}]")
+    
+    @classmethod
+    def generate_new_self_signed_key_files_for_localhost(cls, public_key_path, private_key_path, algorithm='rsa:2048'):
+        SslManager.generate_new_self_signed_key_files(
+            public_key_path, private_key_path, 
+            f"-x509 -newkey {algorithm} -noenc -sha256 -subj '/CN=localhost' -extensions EXT \
+              -config <( printf \"[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth\")"
+            )
 

holado_python/tests/behave/steps/convert_steps.py

@@ -15,7 +15,7 @@
 
 from holado_test.scenario.step_tools import StepTools
 from holado.common.context.session_context import SessionContext
-from holado_test.behave.behave import *
+from holado_test.behave.behave import *  # @UnusedWildImport
 import logging
 from holado_core.common.tools.string_tools import StrTools