diff --git a/README-DEV.rst b/README-DEV.rst index ec5f437..eb1c209 100644 --- a/README-DEV.rst +++ b/README-DEV.rst @@ -47,6 +47,10 @@ All tests require that your PYTHONPATH be set to the development tree: $ export PYTHONPATH=/nosql-python-sdk/src:\ $PYTHONPATH +or + + $ export PYTHONPATH=`realpath ..`/src:$PYTHONPATH + If using on-premise Oracle NoSQL database with security enabled, the certificate path can be specified through the REQUESTS_CA_BUNDLE environment variable: diff --git a/src/borneo/client.py b/src/borneo/client.py index d2fd4e4..b68d8cf 100644 --- a/src/borneo/client.py +++ b/src/borneo/client.py @@ -4,7 +4,7 @@ # Licensed under the Universal Permissive License v 1.0 as shown at # https://oss.oracle.com/licenses/upl/ # - +import urllib.parse from concurrent.futures import ThreadPoolExecutor from logging import DEBUG from platform import python_version @@ -440,14 +440,31 @@ def _check_and_set_proxy(self, sess): 'password are required') if self._proxy_host is not None: if self._proxy_username is None: - proxy_url = ( - 'http://' + self._proxy_host + ':' + str(self._proxy_port)) + proxy_url = urllib.parse.urlunparse( + ( + 'http', + self._proxy_host + ':' + + str(self._proxy_port), + '', + '', + '', + '' + )) else: assert self._proxy_password is not None - proxy_url = ( - 'http://' + self._proxy_username + ':' + - self._proxy_password + '@' + self._proxy_host + ':' + - str(self._proxy_port)) + proxy_url = urllib.parse.urlunparse( + ( + 'http', + urllib.parse.quote(self._proxy_username, safe='') + + ':' + urllib.parse.quote( + self._proxy_password, safe='') + + '@' + self._proxy_host + ':' + + str(self._proxy_port), + '', + '', + '', + '' + )) sess.proxies = {'http': proxy_url, 'https': proxy_url} @staticmethod @@ -615,7 +632,7 @@ def set_proxy_info(self, proxy_header): """ if self._proxy_version is None and proxy_header is not None: versions = proxy_header.split() - # bail if not of correct format + # bail if not of the correct format if len(versions) >= 2: self._proxy_version = versions[0].split('=')[1] self._kv_version = versions[1].split('=')[1] diff --git a/src/borneo/driver.py b/src/borneo/driver.py index d798153..385d966 100644 --- a/src/borneo/driver.py +++ b/src/borneo/driver.py @@ -4,7 +4,7 @@ # Licensed under the Universal Permissive License v 1.0 as shown at # https://oss.oracle.com/licenses/upl/ # - +import ssl from json import loads from logging import FileHandler, Formatter, WARNING, getLogger from os import mkdir, path @@ -812,6 +812,9 @@ def _config_ssl_context(config): ctx = create_default_context() else: ctx = SSLContext(config.get_ssl_protocol()) + ctx.load_default_certs() + ctx.verify_mode = ssl.CERT_REQUIRED + ctx.check_hostname = True if config.get_ssl_cipher_suites() is not None: ctx.set_ciphers(config.get_ssl_cipher_suites()) if config.get_ssl_ca_certs() is not None: diff --git a/src/borneo/iam/iam.py b/src/borneo/iam/iam.py index d549d7f..6cf2aa6 100644 --- a/src/borneo/iam/iam.py +++ b/src/borneo/iam/iam.py @@ -85,7 +85,7 @@ class SignatureProvider(AuthorizationProvider): When using a specific user's identity there are 3 options for providing the required information: - 1. Using a instance of oci.signer.Signer or + 1. Using an instance of oci.signer.Signer or oci.auth.signers.SecurityTokenSigner 2. Directly providing the credentials via parameters 3. Using a configuration file diff --git a/src/borneo/kv/kv.py b/src/borneo/kv/kv.py index 8feaba8..1740f15 100644 --- a/src/borneo/kv/kv.py +++ b/src/borneo/kv/kv.py @@ -278,10 +278,6 @@ def set_ssl_context(self, ssl_ctx): adapter = SSLAdapter(ssl_ctx) self._sess.mount(self._url.scheme + '://', adapter) - def set_url_for_test(self): - self._url = urlparse(self._url.geturl().replace('https', 'http')) - return self - def validate_auth_string(self, auth_string): if self._is_secure and auth_string is None: raise IllegalArgumentException( diff --git a/test/store_at_provider.py b/test/store_at_provider.py index f2355b0..9ddea19 100644 --- a/test/store_at_provider.py +++ b/test/store_at_provider.py @@ -6,6 +6,7 @@ # import sys import unittest +from urllib.parse import urlparse from requests import codes from socket import error from threading import Thread @@ -128,10 +129,14 @@ def testAccessTokenProviderGets(self): self.assertEqual(self.token_provider.get_endpoint(), base) self.assertIsNone(self.token_provider.get_logger()) + @staticmethod + def _set_url_for_test(token_provider): + token_provider._url = urlparse(token_provider._url.geturl().replace('https', 'http')) + def testAccessTokenProviderGetAuthorizationString(self): self.token_provider = StoreAccessTokenProvider(USER_NAME, PASSWORD) self.token_provider.set_endpoint(self.base) - self.token_provider.set_url_for_test() + self._set_url_for_test(self.token_provider) # get authorization string. result = self.token_provider.get_authorization_string() self.assertIsNotNone(result) @@ -147,7 +152,7 @@ def testAccessTokenProviderGetAuthorizationString(self): def testAccessTokenProviderMultiThreads(self): self.token_provider = StoreAccessTokenProvider(USER_NAME, PASSWORD) self.token_provider.set_endpoint(self.base) - self.token_provider.set_url_for_test() + self._set_url_for_test(self.token_provider) threads = list() for i in range(5): t = Thread(target=self._run)