From 07da6da43726e2e152c81b5fb8c71b2056ede256 Mon Sep 17 00:00:00 2001 From: John Van de Meulebrouck Brendgard Date: Fri, 22 May 2015 15:36:10 +0200 Subject: Added a https get function for old python --- tools/certtools.py | 54 ++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 48 insertions(+), 6 deletions(-) (limited to 'tools') diff --git a/tools/certtools.py b/tools/certtools.py index 405aabd..3a1e582 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -107,16 +107,51 @@ def get_opener(): def urlopen(url, data=None): return get_opener().open(url, data) +def pyopenssl_https_get(url): + """ + HTTPS GET-function to use when running old Python < 2.7 + """ + from OpenSSL import SSL + import socket + + # TLSv1 is the best we can get on Python 2.6 + context = SSL.Context(SSL.TLSv1_METHOD) + sock = SSL.Connection(context, socket.socket(socket.AF_INET, socket.SOCK_STREAM)) + + url_without_scheme = url.split('https://')[-1] + host = url_without_scheme.split('/')[0] + path = url_without_scheme.split('/', 1)[1] + http_get_request = ("GET /{path} HTTP/1.1\r\n" + "Host: {host}\r\n" + "\r\n" + ).format(path=path, host=host) + + sock.connect((host, 443)) + sock.write(http_get_request) + response = sock.recv(1024) + response_lines = response.rsplit('\n') + + # We are only interested in the actual response, + # without headers, contained in the last line. + return response_lines[len(response_lines) - 1] + def get_sth(baseurl): - result = urlopen(baseurl + "ct/v1/get-sth").read() + try: + result = urlopen(baseurl + "ct/v1/get-sth").read() + except urllib2.URLError: + result = pyopenssl_https_get(baseurl + "ct/v1/get-sth") return json.loads(result) def get_proof_by_hash(baseurl, hash, tree_size): try: params = urllib.urlencode({"hash":base64.b64encode(hash), "tree_size":tree_size}) - result = \ - urlopen(baseurl + "ct/v1/get-proof-by-hash?" + params).read() + try: + result = \ + urlopen(baseurl + "ct/v1/get-proof-by-hash?" + params).read() + except urllib2.URLError: + result = \ + pyopenssl_https_get(baseurl + "ct/v1/get-proof-by-hash?" + params) return json.loads(result) except urllib2.HTTPError, e: print "ERROR:", e.read() @@ -126,8 +161,12 @@ def get_consistency_proof(baseurl, tree_size1, tree_size2): try: params = urllib.urlencode({"first":tree_size1, "second":tree_size2}) - result = \ - urlopen(baseurl + "ct/v1/get-sth-consistency?" + params).read() + try: + result = \ + urlopen(baseurl + "ct/v1/get-sth-consistency?" + params).read() + except urllib2.URLError: + result = \ + pyopenssl_https_get(baseurl + "ct/v1/get-sth-consistency?" + params) return json.loads(result)["consistency"] except urllib2.HTTPError, e: print "ERROR:", e.read() @@ -184,10 +223,13 @@ def add_prechain(baseurl, submission): raise e def get_entries(baseurl, start, end): + params = urllib.urlencode({"start":start, "end":end}) try: - params = urllib.urlencode({"start":start, "end":end}) result = urlopen(baseurl + "ct/v1/get-entries?" + params).read() return json.loads(result) + except urllib2.URLError: + result = pyopenssl_https_get(baseurl + "ct/v1/get-entries?" + params) + return json.loads(result) except urllib2.HTTPError, e: print "ERROR:", e.read() sys.exit(1) -- cgit v1.1