M2SSLTransport

M2Crypto SSLTransport Library

class DIRAC.Core.DISET.private.Transports.M2SSLTransport.SSLTransport(*args, **kwargs)

Bases: DIRAC.Core.DISET.private.Transports.BaseTransport.BaseTransport

SSL Transport implementaiton using the M2Crypto library.

__init__(*args, **kwargs)

Create an SSLTransport object, parameters are the same as for other transports. If ctx is specified (as an instance of SSL.Context) then use that rather than creating a new context.

acceptConnection()

Accept a new client, returns a new SSLTransport object representing the client connection.

The SSL handshake is performed here.

Returns:S_OK(SSLTransport object)
acceptConnection_multipleSteps()

Accept a new client, returns a new SSLTransport object representing the client connection.

The connection is accepted, but no SSL handshake is performed

Returns:S_OK(SSLTransport object)
acceptConnection_singleStep()

Accept a new client, returns a new SSLTransport object representing the client connection.

The SSL handshake is performed here.

Returns:S_OK(SSLTransport object)
bAllowReuseAddress = True
close()

Close this socket.

getAppData()
getConnectingCredentials()
Returns:dictionnary with credentials

Return empty dictionnary for plainTransport.

In SSLTransport it contains (after the handshake):

  • ’DN’ : All identity name, e.g. `/C=ch/O=DIRAC/OU=DIRAC CI/CN=ciuser/emailAddress=lhcb-dirac-ci@cern.ch`
  • ’CN’ : Only the user name e.g. ciuser
  • ’x509Chain’ : List of all certificates in the chain
  • ’isProxy’ : True if the client use proxy certificate
  • ’isLimitedProxy’ : True if the client use limited proxy certificate
  • ’group’ (optional): Dirac group attached to the client
  • ’extraCredentials’ (optional): Extra credentials if exists

Before the handshake, dictionnary is empty

getFormattedCredentials()
getKeepAliveLapse()
getLastActionTimestamp()
getLocalAddress()
getRemoteAddress()
getSocket()
handshake()

Used to perform SSL handshakes. These are now done automatically.

handshake_multipleSteps()

Perform SSL handshakes. This has to be called after the connection was accepted (acceptConnection_multipleSteps)

The remote credentials are gathered here

handshake_singleStep()

Used to perform SSL handshakes. These are now done automatically.

iListenQueueSize = 128
iReadTimeout = 600
initAsClient()

Prepare this client socket for use.

initAsServer()

Prepare this server socket for use.

isLocked()

Returns if this instance is locked. Always returns false.

Returns:False
keepAliveMagic = 'dka'
latestServerRenewTime()
receiveData(maxBufferSize=0, blockAfterKeepAlive=True, idleReceive=False)
renewServerContext()

Renews the server context. This reloads the certificates and re-initialises the SSL context.

sendData(uData, prefix=False)
sendKeepAlive(responseId=None, now=False)
serverMode()
setAppData(appData)
setClientSocket(oSocket)

Set the inner socket (i.e. SSL.Connection object) of this instance to the value of oSocket. We also gather the remote peer credentials This method is intended to be used to create client connection objects from a server and should be considered to be an internal function.

Parameters:oSocket – client socket SSL.Connection object
setClientSocket_multipleSteps(oSocket)

Set the inner socket (i.e. SSL.Connection object) of this instance to the value of oSocket. This method is intended to be used to create client connection objects from a server and should be considered to be an internal function.

Parameters:oSocket – client socket SSL.Connection object
setClientSocket_singleStep(oSocket)

Set the inner socket (i.e. SSL.Connection object) of this instance to the value of oSocket. We also gather the remote peer credentials This method is intended to be used to create client connection objects from a server and should be considered to be an internal function.

Parameters:oSocket – client socket SSL.Connection object
setExtraCredentials(extraCredentials)

Add extra credentials to peerCredentials

Parameters:extraCredentials (str or tuple) – group or tuple with DN and group
setSocketTimeout(timeout)

Set the timeout for socket operations. The timeout parameter is in seconds (float).