# Copyright (c) 2006 by Joe Gregorio, Google Inc.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without restriction,
# including without limitation the rights to use, copy, modify, merge,
# publish, distribute, sublicense, and/or sell copies of the Software,
# and to permit persons to whom the Software is furnished to do so,
# subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
# OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
import collections
import errno
import httplib
import socket
import ssl
import warnings
import certifi
import httplib2
import urllib3
def _default_make_pool(http, proxy_info):
"""Creates a urllib3.PoolManager object that has SSL verification enabled
and uses the certifi certificates."""
if not http.ca_certs:
http.ca_certs = _certifi_where_for_ssl_version()
ssl_disabled = http.disable_ssl_certificate_validation
cert_reqs = 'CERT_REQUIRED' if http.ca_certs and not ssl_disabled else None
if isinstance(proxy_info, collections.Callable):
proxy_info = proxy_info()
if proxy_info:
if proxy_info.proxy_user and proxy_info.proxy_pass:
proxy_url = 'http://{}:{}@{}:{}/'.format(
proxy_info.proxy_user, proxy_info.proxy_pass,
proxy_info.proxy_host, proxy_info.proxy_port,
)
proxy_headers = urllib3.util.request.make_headers(
proxy_basic_auth='{}:{}'.format(
proxy_info.proxy_user, proxy_info.proxy_pass,
)
)
else:
proxy_url = 'http://{}:{}/'.format(
proxy_info.proxy_host, proxy_info.proxy_port,
)
proxy_headers = {}
return urllib3.ProxyManager(
proxy_url=proxy_url,
proxy_headers=proxy_headers,
ca_certs=http.ca_certs,
cert_reqs=cert_reqs,
)
return urllib3.PoolManager(
ca_certs=http.ca_certs,
cert_reqs=cert_reqs,
)
def patch(make_pool=_default_make_pool):
"""Monkey-patches httplib2.Http to be httplib2shim.Http.
This effectively makes all clients of httplib2 use urlilb3. It's preferable
to specify httplib2shim.Http explicitly where you can, but this can be
useful in situations where you do not control the construction of the http
object.
Args:
make_pool: A function that returns a urllib3.Pool-like object. This
allows you to specify special arguments to your connection pool if
needed. By default, this will create a urllib3.PoolManager with
SSL verification enabled using the certifi certificates.
"""
setattr(httplib2, '_HttpOriginal', httplib2.Http)
httplib2.Http = Http
Http._make_pool = make_pool
class Http(httplib2.Http):
"""A httplib2.Http subclass that uses urllib3 to perform requests.
This allows full thread safety, connection pooling, and proper SSL
verification support.
"""
_make_pool = _default_make_pool
def __init__(self, cache=None, timeout=None,
proxy_info=httplib2.proxy_info_from_environment,
ca_certs=None, disable_ssl_certificate_validation=False,
pool=None):
disable_ssl = disable_ssl_certificate_validation
super(Http, self).__init__(
cache=cache,
timeout=timeout,
proxy_info=proxy_info,
ca_certs=ca_certs,
disable_ssl_certificate_validation=disable_ssl)
if not pool:
pool = self._make_pool(proxy_info=proxy_info)
self.pool = pool
@classmethod
def _create_full_uri(cls, conn, request_uri):
# Reconstruct the full uri from the connection object.
if isinstance(conn, httplib.HTTPSConnection):
scheme = 'https'
else:
scheme = 'http'
host = conn.host
# Reformat IPv6 hosts.
if _is_ipv6(host):
host = '[{}]'.format(host)
port = ''
if conn.port is not None:
port = ':{}'.format(conn.port)
return '{}://{}{}{}'.format(scheme, host, port, request_uri)
def _conn_request(self, conn, request_uri, method, body, headers):
full_uri = self._create_full_uri(conn, request_uri)
decode = True if method != 'HEAD' else False
try:
urllib3_response = self.pool.request(
method,
full_uri,
body=body,
headers=headers,
redirect=False,
retries=urllib3.Retry(total=False, redirect=0),
timeout=urllib3.Timeout(total=self.timeout),
decode_content=decode)
response = _map_response(urllib3_response, decode=decode)
content = urllib3_response.data
except Exception as e:
raise _map_exception(e)
return response, content
def add_certificate(self, *args, **kwargs):
warnings.warn('httplib2shim does not support add_certificate.')
return super(Http, self).add_certificate(*args, **kwargs)
def __getstate__(self):
dict = super(Http, self).__getstate__()
del dict['pool']
return dict
def __setstate__(self, dict):
super(Http, self).__setstate__(dict)
self.pool = self._make_pool(proxy_info=self.proxy_info())
def _is_ipv6(addr):
"""Checks if a given address is an IPv6 address."""
try:
socket.inet_pton(socket.AF_INET6, addr)
return True
except socket.error:
return False
def _certifi_where_for_ssl_version():
"""Gets the right location for certifi certifications for the current SSL
version.
Older versions of SSL don't support the stronger set of root certificates.
"""
if not ssl:
return
if ssl.OPENSSL_VERSION_INFO < (1, 0, 2):
warnings.warn(
'You are using an outdated version of OpenSSL that '
'can\'t use stronger root certificates.')
return certifi.old_where()
return certifi.where()
def _map_response(response, decode=False):
"""Maps a urllib3 response to a httplib/httplib2 Response."""
# This causes weird deepcopy errors, so it's commented out for now.
# item._urllib3_response = response
item = httplib2.Response(response.getheaders())
item.status = response.status
item['status'] = str(item.status)
item.reason = response.reason
item.version = response.version
# httplib2 expects the content-encoding header to be stripped and the
# content length to be the length of the uncompressed content.
# This does not occur for 'HEAD' requests.
if decode and item.get('content-encoding') in ['gzip', 'deflate']:
item['content-length'] = str(len(response.data))
item['-content-encoding'] = item.pop('content-encoding')
return item
def _map_exception(e):
"""Maps an exception from urlib3 to httplib2."""
if isinstance(e, urllib3.exceptions.MaxRetryError):
if not e.reason:
return e
e = e.reason
message = e.args[0] if e.args else ''
if isinstance(e, urllib3.exceptions.ResponseError):
if 'too many redirects' in message:
return httplib2.RedirectLimit(message)
if isinstance(e, urllib3.exceptions.NewConnectionError):
if ('Name or service not known' in message or
'nodename nor servname provided, or not known' in message):
return httplib2.ServerNotFoundError(
'Unable to find hostname.')
if 'Connection refused' in message:
return socket.error((errno.ECONNREFUSED, 'Connection refused'))
if isinstance(e, urllib3.exceptions.DecodeError):
return httplib2.FailedToDecompressContent(
'Content purported as compressed but not uncompressable.',
httplib2.Response({'status': 500}), '')
if isinstance(e, urllib3.exceptions.TimeoutError):
return socket.timeout('timed out')
if isinstance(e, urllib3.exceptions.SSLError):
return ssl.SSLError(*e.args)
return e
