Merge pull request #55 from bird-house/issue-48-verify-option

added ssl verify option

tests/functional/test_rpcinterface_app.py

@@ -41,7 +41,8 @@ def test_generate_token_and_revoke_it(self):
     @pytest.mark.online
     def test_register_service_and_unregister_it(self):
         service = {'url': WPS_TEST_SERVICE, 'name': 'test_emu',
-                   'type': 'wps', 'public': False, 'auth': 'token'}
+                   'type': 'wps', 'public': False, 'auth': 'token',
+                   'verify': True}
         # register
         resp = call_FUT(self.app, 'register_service', (
             service['url'],

tests/store/test_memory.py

@@ -29,6 +29,7 @@ def setUp(self):
                              'public': False,
                              'auth': 'token',
                              'type': 'WPS',
+                             'verify': True,
                              }
         self.test_store = MemoryServiceStore()
 

tests/store/test_mongodb.py

@@ -41,11 +41,11 @@ def test_save_token(self):
 class MongodbServiceStoreTestCase(unittest.TestCase):
     def setUp(self):
         self.service = dict(name="loving_flamingo", url="http://somewhere.over.the/ocean", type="wps",
-                            public=False, auth='token')
+                            public=False, auth='token', verify=True)
         self.service_public = dict(name="open_pingu", url="http://somewhere.in.the/deep_ocean", type="wps",
-                                   public=True, auth='token')
+                                   public=True, auth='token', verify=True)
         self.service_special = dict(url="http://wonderload", name="A special Name", type='wps',
-                                    auth='token')
+                                    auth='token', verify=False)
 
     def test_fetch_by_name(self):
         collection_mock = mock.Mock(spec=["find_one"])
@@ -76,7 +76,8 @@ def test_save_service_with_special_name(self):
         store.save_service(Service(self.service_special))
 
         collection_mock.insert_one.assert_called_with({
-            'url': 'http://wonderload', 'type': 'wps', 'name': 'a_special_name', 'public': False, 'auth': 'token'})
+            'url': 'http://wonderload', 'type': 'wps', 'name': 'a_special_name', 'public': False, 'auth': 'token',
+            'verify': False})
 
     def test_save_service_public(self):
         collection_mock = mock.Mock(spec=["insert_one", "find_one", "count_documents"])

tests/test_api.py

@@ -50,7 +50,7 @@ def setUp(self):
 
     def test_register_service_and_unregister_it(self):
         service = {'url': 'http://localhost/wps', 'name': 'test_emu',
-                   'type': 'wps', 'public': False, 'auth': 'token'}
+                   'type': 'wps', 'public': False, 'auth': 'token', 'verify': True}
         # register
         resp = self.reg.register_service(
             service['url'],

tests/test_datatype.py

@@ -58,4 +58,5 @@ def test_service_params(self):
                                   'public': False,
                                   'auth': 'token',
                                   'type': 'WPS',
-                                  'url': 'http://nowhere/wps'}
+                                  'url': 'http://nowhere/wps',
+                                  'verify': True}

twitcher/datatype.py

@@ -43,14 +43,29 @@ def auth(self):
         """Authentication method: public, token, cert."""
         return self.get('auth', 'token')
 
+    @property
+    def verify(self):
+        """Verify ssl service certificate."""
+        value = self.get('verify', 'true')
+        if isinstance(value, bool):
+            verify = value
+        elif value.lower() == 'true':
+            verify = True
+        elif value.lower() == 'false':
+            verify = False
+        else:
+            verify = value
+        return verify
+
     @property
     def params(self):
         return {
             'url': self.url,
             'name': self.name,
             'type': self.type,
             'public': self.public,
-            'auth': self.auth}
+            'auth': self.auth,
+            'verify': self.verify}
 
     def __str__(self):
         return self.name

twitcher/owsproxy.py

@@ -15,7 +15,6 @@
 from twitcher.utils import replace_caps_url
 from twitcher.store import servicestore_factory
 
-
 import logging
 LOGGER = logging.getLogger(__name__)
 
@@ -70,13 +69,12 @@ def _send_request(request, service, extra_path=None, request_params=None):
     h = dict(request.headers)
     h.pop("Host", h)
     h['Accept-Encoding'] = None
-
     #
     service_type = service['type']
     if service_type and (service_type.lower() != 'wps'):
         try:
             resp_iter = requests.request(method=request.method.upper(), url=url, data=request.body, headers=h,
-                                         stream=True)
+                                         stream=True, verify=service.verify)
         except Exception as e:
             return OWSAccessFailed("Request failed: {}".format(e.message))
 
@@ -86,7 +84,8 @@ def _send_request(request, service, extra_path=None, request_params=None):
                         headers={k: v for k, v in resp_iter.headers.items() if k not in HopbyHop})
     else:
         try:
-            resp = requests.request(method=request.method.upper(), url=url, data=request.body, headers=h)
+            resp = requests.request(method=request.method.upper(), url=url, data=request.body, headers=h,
+                                    verify=service.verify)
         except Exception as e:
             return OWSAccessFailed("Request failed: {}".format(e.message))
 
@@ -150,7 +149,8 @@ def owsproxy(request):
         store = servicestore_factory(request.registry)
         service = store.fetch_by_name(service_name)
     except Exception as err:
-        return OWSAccessFailed("Could not find service: {}.".format(err.message))
+        # TODO: Store impl should raise appropriate exception like not authorized
+        return OWSAccessFailed("Could not find service {0} : {1}.".format(service_name, err.message))
     else:
         return _send_request(request, service, extra_path, request_params=request.query_string)
 

twitcher/store/memory.py

@@ -95,7 +95,8 @@ def save_service(self, service, overwrite=True):
             name=name,
             type=service.type,
             public=service.public,
-            auth=service.auth))
+            auth=service.auth,
+            verify=service.verify))
         return self.fetch_by_url(url=service_url)
 
     def delete_service(self, name):

twitcher/store/mongodb.py

@@ -78,7 +78,8 @@ def save_service(self, service, overwrite=True):
             name=name,
             type=service.type,
             public=service.public,
-            auth=service.auth))
+            auth=service.auth,
+            verify=service.verify))
         return self.fetch_by_url(url=service_url)
 
     def delete_service(self, name):

twitcher/twitcherctl.py

@@ -84,6 +84,8 @@ def create_parser(self):
                                help="If set then service has no access restrictions.")
         subparser.add_argument('--auth', default='token',
                                help="Authentication method (token, cert). Default: token.")
+        subparser.add_argument('--verify', default='true',
+                               help="Verify SSL service certificate (true, false, /path/to/cert). Default: true.")
 
         # unregister
         subparser = subparsers.add_parser('unregister', help="Removes OWS service from the registry.")
@@ -116,7 +118,8 @@ def run(self, args):
             elif args.cmd == 'register':
                 result = service.register_service(
                     url=args.url,
-                    data={'name': args.name, 'type': args.type, 'public': args.public, 'auth': args.auth})
+                    data={'name': args.name, 'type': args.type, 'public': args.public, 'auth': args.auth,
+                          'verify': args.verify})
             elif args.cmd == 'unregister':
                 result = service.unregister_service(name=args.name)
             elif args.cmd == 'clear':