diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c01c1160..fd169617 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -23,6 +23,7 @@ jobs: os: [ubuntu-latest] sqla-version: ['1.1.18', '1.2.19', '1.3.23'] python-version: [3.5, 3.6, 3.7, 3.8, 3.9] + fail-fast: false steps: - uses: actions/checkout@master @@ -34,7 +35,11 @@ jobs: - name: Install dependencies run: | python -m pip install --upgrade pip - python bootstrap.py + + # Workaround needed for Python 3.5 + python -m pip install --upgrade "setuptools>=31,<51" + + pip install zc.buildout==2.13.4 # replace SQLAlchemy version sed -ir 's/SQLAlchemy.*/SQLAlchemy = ${{ matrix.sqla-version }}/g' versions.cfg @@ -48,7 +53,7 @@ jobs: sed -ir 's/crate_server.*/crate_server = ${{ matrix.crate-version }}/g' versions.cfg fi - bin/buildout -n -c base.cfg + buildout -n -c base.cfg - name: Test run: | diff --git a/.gitignore b/.gitignore index 109796e3..8b47ff2d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ -.coverage/ +.venv* +.coverage .idea/ .installed.cfg .tox/ diff --git a/DEVELOP.rst b/DEVELOP.rst index f1abb77a..cdd64551 100644 --- a/DEVELOP.rst +++ b/DEVELOP.rst @@ -1,5 +1,5 @@ =============== -Developer Guide +Developer guide =============== Setup @@ -7,40 +7,51 @@ Setup This project uses buildout_ to set up the development environment. -To start things off, run:: +To start things off, create a Python virtualenv and install buildout:: - $ python bootstrap.py + python3 -m venv .venv + source .venv/bin/activate + + # Workaround for Python 3.5 + python -m pip install --upgrade "setuptools>=31,<51" + + pip install zc.buildout==2.13.4 Then, run:: - $ ./bin/buildout -N + buildout -N -Running Tests +Running tests ============= -The tests are run using the zope.testrunner_:: +All tests will be invoked using the Python interpreter that was used when +creating the Python virtualenv. The test runner is zope.testrunner_. + +Run all tests:: + + ./bin/test - $ ./bin/test +Run specific tests:: -This will run all tests using the Python interpreter that was used to -bootstrap buildout. + # Ignore all tests below src/crate/testing + ./bin/test -vvvv --ignore_dir=testing You can run the tests against multiple Python interpreters with tox_:: - $ ./bin/tox + ./bin/tox -To do this, you will need ``python2.7``, ``python3.3``, and ``pypy`` on your -``$PATH``. +To do this, you will need the respective Python interpreter versions available +on your ``$PATH``. -To run against a single interpreter, you can also do:: +To run against a single interpreter, you can also invoke:: - $ ./bin/tox -e py33 + ./bin/tox -e py37 -*Note*: before running tests make sure to stop all CrateDB instances which -listening on the default CrateDB transport port to avoid side effects with the -test layer. +*Note*: before running the tests, make sure to stop all CrateDB instances which +are listening on the default CrateDB transport port to avoid side effects with +the test layer. -Preparing a Release +Preparing a release =================== To create a new release, you must: @@ -70,7 +81,7 @@ Next: - Archive docs for old releases (see section below) -Archiving Docs Versions +Archiving docs versions ----------------------- Check the `versions hosted on ReadTheDocs`_. @@ -81,7 +92,7 @@ patch versions for the last two minor releases. To make changes to the RTD configuration (e.g., to activate or deactivate a release version), please contact the `@crate/docs`_ team. -Writing Documentation +Writing documentation ===================== The docs live under the ``docs`` directory. @@ -90,7 +101,7 @@ The docs are written written with ReStructuredText_ and processed with Sphinx_. Build the docs by running:: - $ bin/sphinx + ./bin/sphinx The output can then be found in the ``out/html`` directory. diff --git a/LICENSE b/LICENSE index ff9c7bc0..75570724 100644 --- a/LICENSE +++ b/LICENSE @@ -203,61 +203,6 @@ limitations under the License. -=============================================================================== - -For the `bootstrap.py` file: - -Buildout - -Copyright (c) 2006 Zope Foundation and Contributors. -All Rights Reserved. - -Zope Public License (ZPL) Version 2.1 - -A copyright notice accompanies this license document that identifies the -copyright holders. - -This license has been certified as open source. It has also been designated as -GPL compatible by the Free Software Foundation (FSF). - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - -1. Redistributions in source code must retain the accompanying copyright -notice, this list of conditions, and the following disclaimer. - -2. Redistributions in binary form must reproduce the accompanying copyright -notice, this list of conditions, and the following disclaimer in the -documentation and/or other materials provided with the distribution. - -3. Names of the copyright holders must not be used to endorse or promote -products derived from this software without prior written permission from the -copyright holders. - -4. The right to distribute this software or to use it for any purpose does not -give you the right to use Servicemarks (sm) or Trademarks (tm) of the -copyright -holders. Use of them is covered by separate agreement with the copyright -holders. - -5. If any files are modified, you must cause the modified files to carry -prominent notices stating that you changed the files and the date of any -change. - -Disclaimer - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS ``AS IS'' AND ANY EXPRESSED -OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO -EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE FOR ANY DIRECT, INDIRECT, -INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - =============================================================================== For the `docs` directory: diff --git a/base.cfg b/base.cfg index 5bfc5410..f0df080e 100644 --- a/base.cfg +++ b/base.cfg @@ -25,7 +25,7 @@ url = https://cdn.crate.io/downloads/releases/crate-${versions:crate_server}.tar strip-top-level-dir = true [test] -relative-paths=true +relative-paths = true recipe = zc.recipe.testrunner defaults = ['--auto-color'] eggs = crate [test,sqlalchemy] diff --git a/bootstrap.py b/bootstrap.py deleted file mode 100644 index 1f59b213..00000000 --- a/bootstrap.py +++ /dev/null @@ -1,210 +0,0 @@ -############################################################################## -# -# Copyright (c) 2006 Zope Foundation and Contributors. -# All Rights Reserved. -# -# This software is subject to the provisions of the Zope Public License, -# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. -# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED -# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS -# FOR A PARTICULAR PURPOSE. -# -############################################################################## -"""Bootstrap a buildout-based project - -Simply run this script in a directory containing a buildout.cfg. -The script accepts buildout command-line options, so you can -use the -c option to specify an alternate configuration file. -""" - -import os -import shutil -import sys -import tempfile - -from optparse import OptionParser - -__version__ = '2015-07-01' -# See zc.buildout's changelog if this version is up to date. - -tmpeggs = tempfile.mkdtemp(prefix='bootstrap-') - -usage = '''\ -[DESIRED PYTHON FOR BUILDOUT] bootstrap.py [options] - -Bootstraps a buildout-based project. - -Simply run this script in a directory containing a buildout.cfg, using the -Python that you want bin/buildout to use. - -Note that by using --find-links to point to local resources, you can keep -this script from going over the network. -''' - -parser = OptionParser(usage=usage) -parser.add_option("--version", - action="store_true", default=False, - help=("Return bootstrap.py version.")) -parser.add_option("-t", "--accept-buildout-test-releases", - dest='accept_buildout_test_releases', - action="store_true", default=False, - help=("Normally, if you do not specify a --buildout-version, " - "the bootstrap script and buildout gets the newest " - "*final* versions of zc.buildout and its recipes and " - "extensions for you. If you use this flag, " - "bootstrap and buildout will get the newest releases " - "even if they are alphas or betas.")) -parser.add_option("-c", "--config-file", - help=("Specify the path to the buildout configuration " - "file to be used.")) -parser.add_option("-f", "--find-links", - help=("Specify a URL to search for buildout releases")) -parser.add_option("--allow-site-packages", - action="store_true", default=False, - help=("Let bootstrap.py use existing site packages")) -parser.add_option("--buildout-version", - help="Use a specific zc.buildout version") -parser.add_option("--setuptools-version", - help="Use a specific setuptools version") -parser.add_option("--setuptools-to-dir", - help=("Allow for re-use of existing directory of " - "setuptools versions")) - -options, args = parser.parse_args() -if options.version: - print("bootstrap.py version %s" % __version__) - sys.exit(0) - - -###################################################################### -# load/install setuptools - -try: - from urllib.request import urlopen -except ImportError: - from urllib2 import urlopen - -ez = {} -if os.path.exists('ez_setup.py'): - exec(open('ez_setup.py').read(), ez) -else: - exec(urlopen('https://bootstrap.pypa.io/ez_setup.py').read(), ez) - -if not options.allow_site_packages: - # ez_setup imports site, which adds site packages - # this will remove them from the path to ensure that incompatible versions - # of setuptools are not in the path - import site - # inside a virtualenv, there is no 'getsitepackages'. - # We can't remove these reliably - if hasattr(site, 'getsitepackages'): - for sitepackage_path in site.getsitepackages(): - # Strip all site-packages directories from sys.path that - # are not sys.prefix; this is because on Windows - # sys.prefix is a site-package directory. - if sitepackage_path != sys.prefix: - sys.path[:] = [x for x in sys.path - if sitepackage_path not in x] - -setup_args = dict(to_dir=tmpeggs, download_delay=0) - -if options.setuptools_version is not None: - setup_args['version'] = options.setuptools_version -if options.setuptools_to_dir is not None: - setup_args['to_dir'] = options.setuptools_to_dir - -ez['use_setuptools'](**setup_args) -import setuptools -import pkg_resources - -# This does not (always?) update the default working set. We will -# do it. -for path in sys.path: - if path not in pkg_resources.working_set.entries: - pkg_resources.working_set.add_entry(path) - -###################################################################### -# Install buildout - -ws = pkg_resources.working_set - -setuptools_path = ws.find( - pkg_resources.Requirement.parse('setuptools')).location - -# Fix sys.path here as easy_install.pth added before PYTHONPATH -cmd = [sys.executable, '-c', - 'import sys; sys.path[0:0] = [%r]; ' % setuptools_path + - 'from setuptools.command.easy_install import main; main()', - '-mZqNxd', tmpeggs] - -find_links = os.environ.get( - 'bootstrap-testing-find-links', - options.find_links or - ('http://downloads.buildout.org/' - if options.accept_buildout_test_releases else None) - ) -if find_links: - cmd.extend(['-f', find_links]) - -requirement = 'zc.buildout' -version = options.buildout_version -if version is None and not options.accept_buildout_test_releases: - # Figure out the most recent final version of zc.buildout. - import setuptools.package_index - _final_parts = '*final-', '*final' - - def _final_version(parsed_version): - try: - return not parsed_version.is_prerelease - except AttributeError: - # Older setuptools - for part in parsed_version: - if (part[:1] == '*') and (part not in _final_parts): - return False - return True - - index = setuptools.package_index.PackageIndex( - search_path=[setuptools_path]) - if find_links: - index.add_find_links((find_links,)) - req = pkg_resources.Requirement.parse(requirement) - if index.obtain(req) is not None: - best = [] - bestv = None - for dist in index[req.project_name]: - distv = dist.parsed_version - if _final_version(distv): - if bestv is None or distv > bestv: - best = [dist] - bestv = distv - elif distv == bestv: - best.append(dist) - if best: - best.sort() - version = best[-1].version -if version: - requirement = '=='.join((requirement, version)) -cmd.append(requirement) - -import subprocess -if subprocess.call(cmd) != 0: - raise Exception( - "Failed to execute command:\n%s" % repr(cmd)[1:-1]) - -###################################################################### -# Import and run buildout - -ws.add_entry(tmpeggs) -ws.require(requirement) -import zc.buildout.buildout - -if not [a for a in args if '=' not in a]: - args.append('bootstrap') - -# if -c was provided, we push it back into args for buildout' main function -if options.config_file is not None: - args[0:0] = ['-c', options.config_file] - -zc.buildout.buildout.main(args) -shutil.rmtree(tmpeggs) diff --git a/docs/requirements.txt b/docs/requirements.txt index 71f3d818..ced14fe9 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,14 +1 @@ -# don't pin crate version numbers so the latest will always be pulled when you -# set up your environment from scratch - -crate-docs-theme>=0.7 - -# packages for local dev - -sphinx-autobuild==0.6.0 - -# the next section should mirror the RTD environment - -alabaster>=0.7,<0.8,!=0.7.5 -setuptools<41 -sphinx==1.8.5 +crate-docs-theme diff --git a/src/crate/client/doctests/https.txt b/src/crate/client/doctests/https.txt index e8aa161c..90167378 100644 --- a/src/crate/client/doctests/https.txt +++ b/src/crate/client/doctests/https.txt @@ -1,22 +1,21 @@ .. _https_connection: ======================== -HTTPS Connection support +HTTPS connection support ======================== -The CrateDB Client is able to connect via https. +The CrateDB client is able to connect via HTTPS. -.. note:: +A check against a specific CA certificate can be made by creating the client +with the path to the CA certificate file using the keyword argument +``ca_cert``. - By default, ssl server certificates are **NOT** verified. +.. note:: -To enable verification, use the keyword argument ``verify_ssl_cert``. -If it is set to ``True``, the server certificate is validated, if set to -``False`` or ommitted, no verification will be done whatsoever. + By default, SSL server certificates are verified. To disable verification, + use the keyword argument ``verify_ssl_cert``. If it is set to ``False``, + server certificate validation will be skipped. -One can check against a single CA certificate -by creating the client with the a path to a CA certificate file to check against -in keyword argument ``ca_cert``. .. rubric:: Table of Contents @@ -24,61 +23,82 @@ in keyword argument ``ca_cert``. :local: Examples --------- +======== + +All of the following examples will connect to a host using a self-signed +certificate. + + +With certificate verification +----------------------------- -By default, certificates are not verified. This call is against a server with -a self signed certificate:: +When using a valid CA certificate, the connection will be successful:: - >>> http_client = HttpClient([crate_host]) - >>> http_client.server_infos(http_client._get_server()) + >>> client = HttpClient([crate_host], ca_cert=cacert_valid) + >>> client.server_infos(client._get_server()) ('https://localhost:65534', 'test', '0.0.0') -When switching on verification without a ``ca_cert`` file provided, the -connection will fail:: +When not providing a ``ca_cert`` file, the connection will fail:: - >>> verifying_client = HttpClient([crate_host], verify_ssl_cert=True) - >>> verifying_client.server_infos(crate_host) + >>> client = HttpClient([crate_host]) + >>> client.server_infos(crate_host) Traceback (most recent call last): ... crate.client.exceptions.ConnectionError: Server not available, ...certificate verify failed... -Also when providing an invalid ``ca_cert`` an error is raised:: +Also, when providing an invalid ``ca_cert``, an error is raised:: - >>> verifying_client = HttpClient([crate_host], ca_cert=invalid_ca_cert, verify_ssl_cert=True) - >>> verifying_client.server_infos(crate_host) + >>> client = HttpClient([crate_host], ca_cert=cacert_invalid) + >>> client.server_infos(crate_host) Traceback (most recent call last): ... crate.client.exceptions.ConnectionError: Server not available, ...certificate verify failed... -Without verification, the given ``ca_cert`` is ignored and the connection will be -established, to Eves satisfaction. - >>> non_verifying_client = HttpClient([crate_host], ca_cert=invalid_ca_cert, verify_ssl_cert=False) - >>> non_verifying_client.server_infos(crate_host) +Without certificate verification +-------------------------------- + +When turning off certificate verification, calling the server will succeed, +even when not providing a valid CA certificate:: + + >>> client = HttpClient([crate_host], verify_ssl_cert=False) + >>> client.server_infos(crate_host) ('https://localhost:65534', 'test', '0.0.0') -Connecting to a host whose certificate is verified with a valid CA certificate:: +Without verification, calling the server will even work when using an invalid +``ca_cert``:: - >>> verifying_valid_client = HttpClient([crate_host], ca_cert=valid_ca_cert, verify_ssl_cert=True) - >>> verifying_valid_client.server_infos(verifying_valid_client._get_server()) + >>> client = HttpClient([crate_host], verify_ssl_cert=False, ca_cert=cacert_invalid) + >>> client.server_infos(crate_host) ('https://localhost:65534', 'test', '0.0.0') -Client Certificate + +Client certificate ------------------ -The client supports client certificates. +The CrateDB driver also supports client certificates. The ``HttpClient`` constructor takes two keyword arguments: ``cert_file`` and -``key_file``. Both should be a string pointing to the path of the client -certificate and key file. +``key_file``. Both should be strings pointing to the path of the client +certificate and key file:: + + >>> client = HttpClient([crate_host], ca_cert=cacert_valid, cert_file=clientcert_valid, key_file=clientcert_valid) + >>> client.server_infos(crate_host) + ('https://localhost:65534', 'test', '0.0.0') -Below an example, in this case it fails because the supplied certificate is -invalid:: +When using an invalid client certificate, the connection will fail:: - >>> client = HttpClient([crate_host], cert_file=invalid_ca_cert, key_file=invalid_ca_cert, verify_ssl_cert=True) + >>> client = HttpClient([crate_host], ca_cert=cacert_valid, cert_file=clientcert_invalid, key_file=clientcert_invalid) >>> client.server_infos(crate_host) Traceback (most recent call last): ... - crate.client.exceptions.ConnectionError: Server not available, exception: ...[SSL: ... + crate.client.exceptions.ConnectionError: Server not available, exception: HTTPSConnectionPool... +The connection will also fail when providing an invalid CA certificate:: + + >>> client = HttpClient([crate_host], ca_cert=cacert_invalid, cert_file=clientcert_valid, key_file=clientcert_valid) + >>> client.server_infos(crate_host) + Traceback (most recent call last): + ... + crate.client.exceptions.ConnectionError: Server not available, exception: HTTPSConnectionPool... diff --git a/src/crate/client/http.py b/src/crate/client/http.py index 07e31e7b..ef96d614 100644 --- a/src/crate/client/http.py +++ b/src/crate/client/http.py @@ -312,7 +312,7 @@ def _get_socket_opts(keepalive=True, class Client(object): """ - Crate connection client using crate's HTTP API. + Crate connection client using CrateDB's HTTP API. """ SQL_PATH = '/_sql' @@ -328,7 +328,7 @@ def __init__(self, servers=None, timeout=None, backoff_factor=0, - verify_ssl_cert=False, + verify_ssl_cert=True, ca_cert=None, error_trace=False, cert_file=None, diff --git a/src/crate/client/invalid_ca.pem b/src/crate/client/pki/cacert_invalid.pem similarity index 100% rename from src/crate/client/invalid_ca.pem rename to src/crate/client/pki/cacert_invalid.pem diff --git a/src/crate/client/test_https.pem b/src/crate/client/pki/cacert_valid.pem similarity index 100% rename from src/crate/client/test_https.pem rename to src/crate/client/pki/cacert_valid.pem diff --git a/src/crate/client/pki/client_invalid.pem b/src/crate/client/pki/client_invalid.pem new file mode 100644 index 00000000..bd6391c1 --- /dev/null +++ b/src/crate/client/pki/client_invalid.pem @@ -0,0 +1,45 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAwLzVfL66Z6GiuVVZsDMSuLQS8fnW402U0cNLJNp2resdswfC +y7t8X9KXi49nBCxn4RsNkWLQacdSxYhz5HTyuHny8id0Tb+05AY3yDvWIm7R+gXy +2tScqplcqotKCGLmPavQk1+H3ChderRVb7jTyphSx1n4bsdVSkbseajevz1afy07 +D8kj/nhkGml7msZOrffjmxqgXLlC2tEuCnO7TA/KOn2uGLxoIivac7AqkRdnYB5j +3qVX2M6ftL8xAM2myNRuV+Ugj1XkvVE94/5Ihm1lKDqlwWh0dSzY0NnHwJh1ej98 +V1er+bdbXOKEG6Pjjbk6xNHK0EtqonlUfgVX2QIDAQABAoIBADtygw6k7W3FZyFu +9+jm9+FMeYN1Ihid90bzy5ukXnKqUFDGFgks3OHZXLDJHGcnIytFYtvy9IGL3zXa +LpTKlYrc4lhaXv8UIEEswcva2ONp9w39A7kHVwMvpmtb5wvLJWTkN8Mc9hSrxplw +QeHhykF01iNy1rOke+QbGBk2Qu4M/1fRBUHcf+AWLamc3I6hE3Wy5GDZM3AGFVeW +jQB3E6EbPrvBfc8XVPoOwYbNnZYgF7H66Iya7IN0QjozKzE5RiX3dQXRnEIwIgcw +sJ3Nv8S8LgTIlumPMsvQHSRvVovT1/3V6uEsIrAUMVcXjv+Yuwp8z/Ux42deoToO +LR025vkCgYEA5y/6v3h0v4FpHHdsZQBJJdsaDyrFqdjpWO0VF2npH/ByITPNyZwy +whFSmXGTBFiIWQaleF00cwMNq0xxXDXRP2I/14TbM3DMXXznnCZoA4yROaoBd21Q +Ymo8N049DAVK3/AfFjFI1i7T7jAcrtVYX4kvU/3O8yP7WLCQnbPffKcCgYEA1Wxs +F7UyEznJBToLRTcaRiUUdqYcUt/JqmHlEC5BjpB939nGpLneulYz6WAlWdg8nMx7 +zP2Iyk+ND0aSz0qjWuxSi0IZLF5JCbrRiKIgMO9F7yWw3T+gdmiezmLecxlExZ42 +rfFI6o9AuG+0taY+nXu2oHbL0gJA6nLKWudgl38CgYBeYW0Jq+BlqixCLdL3rNUv ++jG6TWjivSYOYsOAioFcw6mkOmTh0L28EpxY/k/Zr1cCmT8GU26tIWr8KroAvgvN +x4turdNbPcqAxBQ94EQIZuOG2gu9OMhfVSV+Ipezh5mYsIvQYJBuuDFXBRdAnOJ2 +JihHLs/E3USoYXS4nQ048wKBgA74ZPigwBtzITOZp7K6M8CZ1z6fVjtF8UpfRYcG +B5ktb3blOrbRRttBMrD7CoOr1EyXV1PAsPin7dgVdjTOInk9PGkCQOvIzUy+avYv +kRx9nCUzOp26WdIUcpc9ficKrbVC7Mj0tM2nML3/L+jR+XBofh3xV0iq2czYMnN/ +6VmXAoGBAIUvnXaG5NXMBy2bs5j7NaHfizo5VM/4WIA6iB+dbuf6RcH18hG/C7Mf +RkOhVoTaQAS8FLg+0tMHKcxGMk8bcJcCKoFqD2+cOyyiPpaFXNpTg+VlHrtnH7s6 +FCbwlfmb7RbpPI+iCYDtJQpoPvTeuC58mZTHvE5OQWchh32VuwzM +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIC1DCCAj0CFGQC3tYjJ8bEqpzh37LH6gi+om8zMA0GCSqGSIb3DQEBCwUAMIGI +MQswCQYDVQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4x +IjAgBgNVBAoMGUNyw4PCpHRlIFRlY2hub2xvZ2llIEdtYkgxEzARBgNVBAMMCmxv +Y2FsaG9yc3QxHjAcBgkqhkiG9w0BCQEWD25vYm9keUBjcmF0ZS5pbzAeFw0yMTAz +MTkxODU0NTlaFw0yMjAzMTQxODU0NTlaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQI +DApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAvNV8vrpnoaK5VVmwMxK4 +tBLx+dbjTZTRw0sk2nat6x2zB8LLu3xf0peLj2cELGfhGw2RYtBpx1LFiHPkdPK4 +efLyJ3RNv7TkBjfIO9YibtH6BfLa1JyqmVyqi0oIYuY9q9CTX4fcKF16tFVvuNPK +mFLHWfhux1VKRux5qN6/PVp/LTsPySP+eGQaaXuaxk6t9+ObGqBcuULa0S4Kc7tM +D8o6fa4YvGgiK9pzsCqRF2dgHmPepVfYzp+0vzEAzabI1G5X5SCPVeS9UT3j/kiG +bWUoOqXBaHR1LNjQ2cfAmHV6P3xXV6v5t1tc4oQbo+ONuTrE0crQS2qieVR+BVfZ +AgMBAAEwDQYJKoZIhvcNAQELBQADgYEAFE+prZkMryCFqjELJWFPXfcxGIQmMP6U +mMCb1eny60s0mHu1TasqjxaoBN/1/PPi9ZGpWZfoI4UK/Xt+F6iFT2ehQvErXVop +cSAbGFSDH+ST6Qv5mE0Fzc1EPBa+x0qWzNeBBxUcQ89LH5cfX9HmuIFiErv9qr/K +ROJOkC6+AjU= +-----END CERTIFICATE----- diff --git a/src/crate/client/pki/client_valid.pem b/src/crate/client/pki/client_valid.pem new file mode 100644 index 00000000..004e0678 --- /dev/null +++ b/src/crate/client/pki/client_valid.pem @@ -0,0 +1,46 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEApEAgWEX1bWJWj5rCj0+BjbeaZdhzmNno43rYmwBBW+1U4BuD +bOuumnyfut3nns3e6mWcVvyc4F36a5CJt7b6YSxUi2k1fgrs08mzbOQaQ/dkiY+X +wdsMcb9Vdc+VHTK9dYwKQIbsTkWZ9zMPzZ0da8ilXGM8oHRyBZDrpRb4c18fWJpp +UMAmnStkm6FyWNEOug/FXFU4HduD/59z91SRpWaJX8HnbZcAOcMbXFomQ23rPPxi +Ld/rX86KwxPjTlZK3c3r7/eIN0iY/GqxZ+3Vx0W2I093Qai3XyAiSd1/HkJS19qP +f442evV03h+Y0zEVaPQ3+fxqvVc5aCzaQFl7jQIDAQABAoIBAALv8qQhfCYcoBep +WNlfPp3eLrCrkkWlf/ixdbYv5vtR3zayx0LnZBP3LpQU69N3MwlWD9muYs/QXm4W +A6B5cTjTph9oHkDGyT1wWfkUizOz9ORQ4RHibPKLzWdx8uS2x5SWkIhe4VL1A6/c +BehTavdGe06Pp8Hm0zMuSEiHhKHrhjpCLHyoWfUQV4wDdTQqGUtCm+vw9X//d4tr +rD7VtOj7EWxWekHAHBBuSutnydUgnYANdqmH23gz0ixQT0XFigO/pMZfjyQQImQp +yT+RpgUtM4KJQoGTEOcVloLfGrO9s/iJwhL9jcAypMA/VP1LXqp0tbYVgMwzTV9Y +EYtEYLECgYEAz+IAEPnGGPiL6wHwqXTZViszq4lL+BtNJGFRlSD0HfQsm1L7pIcO +f45Jy5f+cAQGRw2gbjal14107rQU9QoTiDUPyrs2wIItoEg+2IO7ujScqhQKpBwY +FMPfqTFp2yoRU4jOTj/1W16Vv6mIab8/AZGOjUC4djOUQBK3efCHBscCgYEAykS2 +lAIK9N6o89fxLJO83PUbL/vom4qlMK4zu1dCzRk0KZe3tw41GlOWSUey0EJddNu1 +WmkiRLypeRSRzlushvcD6bicoHj6G5ZtEWMgSUNSZhw03sJ9vvgyJR43ApFfXg4D +0h9ZyUD75YCWCj6t75694Ei6JteAOkjpYxP9RwsCgYACd8JccTqizUCL96ftuw9h +cH3aiXS3a0uNJQKc7Jk5Sc7FwURvfZL0fLHvksxYdBPHAChpZoiteGZs9wJQrl/w +/ABF/db2jhUQlAr68wVlfn5lnntJ23OFu5WKIqYJDgTKoxMf5q54+TR54/9Ukgqj +cCDrGFuYO6CE6jP3ZJ2VvQKBgF+rfIgpJzGHF3aujt48yrngHQnnJrBbNaL+4m0b +6vbDkw6ROk4VJDzdiFoE1aj3muio+vBWheTpL2ebuRNX/RShRXKI5VxpnDLsRY5R +ynWcqB6v/LnYWE25a05vKinGxMrh6iC6v2cXm42D8nPKDc8m0DyDabjxeS8YSXuZ +etTdAoGAH2keFYo3TPu1p7kgRXyJHeRFk4/n8N/jN+ChPZcOn9aZxBeOjwOAUTnu +QJsTv6mrzPlsUMVOhOnA9M3TebfgOhCbb7MJMT+e04mUgiACLwPMA7RVWyoVrivP +BD67yEKxqxKs5wh7kGIoUUsGaLLRCzRkrlIvBbUWcEh/sSEDEzA= +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDJTCCAg0CFHFIksYWdXAiW8NROML2/iBbu/PrMA0GCSqGSIb3DQEBCwUAMFkx +CzAJBgNVBAYTAkFUMRMwEQYDVQQIDApWb3JhcmxiZXJnMREwDwYDVQQHDAhEb3Ju +YmlybjEOMAwGA1UECgwFQ3JhdGUxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTAz +MTkxOTE1MzhaFw0yMjAzMTQxOTE1MzhaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQI +DApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkQCBYRfVtYlaPmsKPT4GN +t5pl2HOY2ejjetibAEFb7VTgG4Ns666afJ+63eeezd7qZZxW/JzgXfprkIm3tvph +LFSLaTV+CuzTybNs5BpD92SJj5fB2wxxv1V1z5UdMr11jApAhuxORZn3Mw/NnR1r +yKVcYzygdHIFkOulFvhzXx9YmmlQwCadK2SboXJY0Q66D8VcVTgd24P/n3P3VJGl +ZolfwedtlwA5wxtcWiZDbes8/GIt3+tfzorDE+NOVkrdzevv94g3SJj8arFn7dXH +RbYjT3dBqLdfICJJ3X8eQlLX2o9/jjZ69XTeH5jTMRVo9Df5/Gq9VzloLNpAWXuN +AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGQFf8I2V+wbWpTItkVMq9Mipb5b3z7w +aCpxyG2dB9MTKQ4wbrJ29q15g7GZjg9pmIzptJej9Vj7nYXuskeqeunMgwJUJ/QU +SUewx5MUYjl2cRtsAHXyQvqoV/FWwRqQGhqKGb3/dzULAgNYntIcXu+QNzOIA/q9 +/Q4quG/SRcorKQM5RDbBpf8Lqan9csLNuL+u5T4BCYtqd7EaeHBMhQ30cP502Hn4 +U0oYmnqvP2KNtvAPKhqKMWodd2MfyW87ifU7eugZFFY11y8HqvP5V3P0QxoxiBlB +XU6nnhHW88hel0gxFDZ51fbnVp6SP/hyjyt/deNaJzZfHFIPDqPXjLs= +-----END CERTIFICATE----- diff --git a/src/crate/client/test_https_ca.pem b/src/crate/client/pki/server_valid.pem similarity index 100% rename from src/crate/client/test_https_ca.pem rename to src/crate/client/pki/server_valid.pem diff --git a/src/crate/client/tests.py b/src/crate/client/tests.py index 13d6ed6f..2a4cc61c 100644 --- a/src/crate/client/tests.py +++ b/src/crate/client/tests.py @@ -211,7 +211,9 @@ class HttpsTestServerLayer(object): PORT = 65534 HOST = "localhost" CERT_FILE = os.path.abspath(os.path.join(os.path.dirname(__file__), - "test_https.pem")) + "pki/server_valid.pem")) + CACERT_FILE = os.path.abspath(os.path.join(os.path.dirname(__file__), + "pki/cacert_valid.pem")) __name__ = "httpsserver" __bases__ = tuple() @@ -223,6 +225,7 @@ def get_request(self): keyfile=HttpsTestServerLayer.CERT_FILE, certfile=HttpsTestServerLayer.CERT_FILE, cert_reqs=ssl.CERT_OPTIONAL, + ca_certs=HttpsTestServerLayer.CACERT_FILE, server_side=True) return socket, client_address @@ -264,15 +267,22 @@ def setUpWithHttps(test): test.globs['crate_host'] = "https://{0}:{1}".format( HttpsTestServerLayer.HOST, HttpsTestServerLayer.PORT ) - test.globs['invalid_ca_cert'] = os.path.abspath( - os.path.join(os.path.dirname(__file__), "invalid_ca.pem") - ) - test.globs['valid_ca_cert'] = os.path.abspath( - os.path.join(os.path.dirname(__file__), "test_https_ca.pem") - ) test.globs['pprint'] = pprint test.globs['print'] = cprint + test.globs['cacert_valid'] = os.path.abspath( + os.path.join(os.path.dirname(__file__), "pki/cacert_valid.pem") + ) + test.globs['cacert_invalid'] = os.path.abspath( + os.path.join(os.path.dirname(__file__), "pki/cacert_invalid.pem") + ) + test.globs['clientcert_valid'] = os.path.abspath( + os.path.join(os.path.dirname(__file__), "pki/client_valid.pem") + ) + test.globs['clientcert_invalid'] = os.path.abspath( + os.path.join(os.path.dirname(__file__), "pki/client_invalid.pem") + ) + def _try_execute(cursor, stmt): try: diff --git a/tox.ini b/tox.ini index e5b1fdac..7a5ba805 100644 --- a/tox.ini +++ b/tox.ini @@ -1,5 +1,5 @@ [tox] -envlist = py{py,34,35,36,37,38}-sa_{1_0,1_1,1_2,1_3} +envlist = py{py3,35,36,37,38,39}-sa_{1_0,1_1,1_2,1_3} [testenv] usedevelop = True diff --git a/versions.cfg b/versions.cfg index 40d8dc67..1ff59bf6 100644 --- a/versions.cfg +++ b/versions.cfg @@ -1,32 +1,29 @@ [versions] -crate_server = 4.3.0 +crate_server = 4.4.2 flake8 = 3.7.9 mccabe = 0.6.1 pep8 = 1.7.1 pyflakes = 2.1.1 -Jinja2 = 2.7.3 -MarkupSafe = 0.23 -Pygments = 1.6 -Sphinx = 1.2.3 -SQLAlchemy = 1.3.17 +Jinja2 = 2.11.3 +MarkupSafe = 1.1.1 +Pygments = 2.8.1 +Sphinx = 3.5.2 +SQLAlchemy = 1.3.23 geojson = 2.5.0 -coverage = 5.0.3 -crate-docs-theme = 0.5.0 +coverage = 5.5 +crate-docs-theme = 0.13.3 createcoverage = 1.5 -docutils = 0.12 -hexagonit.recipe.download = 1.7 -py = 1.4.26 -tox = 3.7.0 -twine = 1.8.1 -virtualenv = 15.1.0 -wheel = 0.24.0 -pkginfo = 1.4.1 -zc.buildout = 2.11.2 +docutils = 0.16 +hexagonit.recipe.download = 1.7.1 +py = 1.10.0 +tox = 3.23.0 +twine = 3.4.0 +pkginfo = 1.7.0 zc.customdoctests = 1.0.1 -zc.recipe.egg = 2.0.1 -zc.recipe.testrunner = 2.0.0 -zope.testing = 4.1.3 +zc.recipe.egg = 2.0.7 +zc.recipe.testrunner = 2.2 +zope.testing = 4.9 # Required by: # clint==0.5.1 @@ -38,30 +35,30 @@ clint = 0.5.1 # Required by: # zope.testrunner==4.4.3 -six = 1.11.0 +six = 1.15.0 # Required by: # crate-docs-theme==0.3.6 -sphinxcontrib-plantuml = 0.5 +sphinxcontrib-plantuml = 0.19 # Required by: # crate==0.12.3 -urllib3 = 1.9.1 +urllib3 = 1.26.4 # Required by: # zope.testing==4.1.3 # zope.testrunner==4.4.3 -zope.exceptions = 4.0.7 +zope.exceptions = 4.4 # Required by: # zope.testing==4.1.3 # zope.testrunner==4.4.3 -zope.interface = 4.1.1 +zope.interface = 5.2.0 # Required by: # zc.recipe.testrunner==2.0.0 -zope.testrunner = 4.9.1 +zope.testrunner = 5.2 gp.recipe.tox = 0.4 -requests = 2.5.0 -requests-toolbelt = 0.5.1 +requests = 2.25.1 +requests-toolbelt = 0.9.1