10.1.1. Certificate verification for HTTP Client¶

class pytan3.http_client.Certify(http_client, lvl='info')[source]¶

Bases: object

Certificate verification magic.

__init__(http_client, lvl='info')[source]¶

Constructor.

Parameters:	http_client (`HttpClient`) – Client to use for getting certificates and configuring the verify attribute on `HttpClient.session` lvl (`str`, optional) – Logging level for this object. Defaults to: “info”.

log = None¶: logging.Logger – Logger for this object.

http_client = None¶: HttpClient – Client for this object.

using_custom_cert = None¶: bool – If we are using a cert from disk or not.

__call__(path=None, path_sub='certs', path_file='{http_client.parsed_url.hostname}.pem', verify_hook=None, overwrite=False, lvl=None)[source]¶

Validate, find, or get certificate for URL.

Parameters:

Parameters:	path (`str` or `pathlib.Path`, optional) – Storage directory to use. If empty, resolve path via `pytan3.utils.tools.get_storage_dir()`. Defaults to: None. path_sub (`str`, optional) – Sub directory under path that should contain path_file. Defaults to: “certs” path_file (`str`, optional) – Filename to use for cert file under path / path_sub. Defaults to: `CERT_FILE` verify_hook (`callable` or `False`) – A callable used to verify a SSL cert from URL before writing it to disk. Only used if default cert is invalid and path/path_sub/path_file does not exist. If False, cert is written to disk without running any verify hook. If None, uses `Certify.verify_hook()` as verify hook. If callable, called with args: store, store_chain, and parsed_url. Defaults to: None. overwrite (`bool`, optional) – Overwrite cert at path if already exists. Defaults to: False. lvl (`str`, optional) – If not None, change logging level for this object. Defaults to: None.
Raises:	`exceptions.CertificateNotFoundWarning` – If cert at URL is not valid using default cert validation, and no cert can be found at path.

path (str or pathlib.Path, optional) –
Storage directory to use. If empty, resolve path via pytan3.utils.tools.get_storage_dir().

Defaults to: None.
path_sub (str, optional) –
Sub directory under path that should contain path_file.

Defaults to: “certs”
path_file (str, optional) –
Filename to use for cert file under path / path_sub.

Defaults to: CERT_FILE
verify_hook (callable or False) –
A callable used to verify a SSL cert from URL before writing it to disk.

Only used if default cert is invalid and path/path_sub/path_file does not exist.

If False, cert is written to disk without running any verify hook.

If None, uses Certify.verify_hook() as verify hook.

If callable, called with args: store, store_chain, and parsed_url.

Defaults to: None.
overwrite (bool, optional) –
Overwrite cert at path if already exists.

Defaults to: False.
lvl (str, optional) –
If not None, change logging level for this object.

Defaults to: None.

Raises:

exceptions.CertificateNotFoundWarning – If cert at URL is not valid using default cert validation, and no cert can be found at path.

__str__()[source]¶

Show object info.

Returns:	`str`

__repr__()[source]¶

Show object info.

Returns:	`str`

write_pem(path, overwrite=False)[source]¶

Write a certificate in PEM format to disk.

Parameters:	path (`str` or `pathlib.Path`) – Path to write PEM certificate to. overwrite (`bool`, optional) – Overwrite cert at path if already exists. Defaults to: False.
Returns:	`pathlib.Path`

static verify_hook(store, store_chain, parsed_url)[source]¶

Verify cert by prompting user, default hook.

Parameters:	store (`cert_human.CertStore`) – Store from `Certify.store`. store_chain (`cert_human.CertChainStore`) – Chain store from `Certify.store_chain`. parsed_url (`str`) – Parsed URL from `HttpClient.parsed_url`.
Raises:	`exceptions.CertificateInvalidError` – If user replies No to validity prompt.

store¶

Get CertStore for URL.

Returns:	`cert_human.CertStore`

store_chain¶

Get CertChainStore for URL.

Returns:	`cert_human.CertChainStore`

_fetch_stores¶

Get the CertStore and CertChainStore for URL.

Returns:	(`cert_human.CertStore`, `cert_human.CertChainStore`)

check_default()[source]¶

Check if cert for URL is valid without setting a specific path.

Returns:	`bool`

check_path(path)[source]¶

Check if cert at path is valid for URL.

Parameters:	path (`str` or `pathlib.Path`) – Path to PEM certificate file.

Notes

If validation is successful, the verify attribute on HttpClient.session will be set to path.

Raises:	`exceptions.CertificateInvalidError` – If path fails verification.