Simple object I/O without replica, with SSL certificate verification

Code sample

This code sample is exactly the same as the one shown as Simple object I/O without replica, except that we verify the SSL certificate presented by HCP against a CA certificate chain we have locally on file. So, described here are only the differences to the first code sample.

We need to import ssl.create_default_context and define a file that holds our CA certificate chain:

import sys
from os.path import normpath
from ssl import create_default_context
from pprint import pprint
import hcpsdk

# HCP Connection details - you'll need to adopt this to your environment!
# -- primary HCP
P_FQDN = 'n1.m.hcp1.snomis.local'
P_USER = 'n'
P_PASS = 'n01'
P_PORT = 443
# -- file to be used for the test (read-only)
P_FILE = normpath('../testfiles/128kbfile')
# -- file holding a private CA certificate chain
P_CAFILE = normpath('../../../tests/certs/failCertificate.pem')
# -- debug mode
P_DEBUG = True

if __name__ == '__main__':

Now, we create an SSL context and use it when instantiating our Target object:

    # Setup an authorization object:
    auth = hcpsdk.NativeAuthorization(P_USER, P_PASS)
    print('*I_NATIVE* authorization initialized')
    print('')

    # Create an SSL context for server authentication, using a local CAfile
    ctxt = create_default_context(cafile=P_CAFILE)

    # Setup an HCP Target object:
    try:
        t = hcpsdk.Target(P_FQDN, auth, port=P_PORT, sslcontext=ctxt)
    except hcpsdk.HcpsdkError as e:
        sys.exit('init of *Target* failed - {}'.format(e))
    else:
        print('Target *t* was initialized with IP addresses: {}'
              .format(t.addresses))

Sample code output

Certificate verification success, with debug messages

 INFO running *simple_primary_only.py*
DEBUG *I_NATIVE* authorization initialized for user: n
DEBUG pre version 6:     Cookie: hcp-ns-auth=bg==:1dc7fed37e11b35093d311...
DEBUG version 6+: Authorization: HCP bg==:1dc7fed37e11b35093d311ef66928...
 INFO *I_NATIVE* authorization initialized
 INFO
DEBUG (re-) loaded IP address cache: ['192.168.0.54', '192.168.0.55',
                                      '192.168.0.52', '192.168.0.53'],
                                      dnscache = False
DEBUG issued IP address: 192.168.0.54
DEBUG Target initialized: n1.m.hcp1.snomis.local:443 - SSL = True
 INFO Target *t* was initialized with IP addresses: ['192.168.0.54',
                                                     '192.168.0.55',
                                                     '192.168.0.52',
                                                     '192.168.0.53']
DEBUG Connection object initialized: IP None (n1.m.hcp1.snomis.local)
                                     - timeout: 30 - idletime: 30.0
                                     - retries: 3
DEBUG SSLcontext = <ssl.SSLContext object at 0x101a2c638>
 INFO Connection *c* uses IP address: None
 INFO
DEBUG tried to cancel a non-existing idletimer (pretty OK)
DEBUG URL = /rest/hcpsdk/sample_primary_only.txt
DEBUG Connection needs to be opened
DEBUG issued IP address: 192.168.0.55
DEBUG Connection open: IP 192.168.0.55 (n1.m.hcp1.snomis.local)
                       - connect_time: 3.0040740966796875e-05
DEBUG PUT Request for /rest/hcpsdk/sample_primary_only.txt
                       - service_time1 = 0.03981304168701172
DEBUG tried to cancel a non-existing idletimer (pretty OK)
DEBUG idletimer started: <Timer(Thread-1, started 4350545920)>
 INFO PUT Request was successful
 INFO used IP address: 192.168.0.55
 INFO hash = SHA-256
             A2706A20394E48179A86C71E82C360C2960D3652340F9B9FDB355A42E3AC7691
 INFO connect time:     0.000030040741 seconds
 INFO Request duration: 0.039813041687 seconds
 INFO
DEBUG idletimer canceled: <Timer(Thread-1, started 4350545920)>
DEBUG URL = /rest/hcpsdk/sample_primary_only.txt
DEBUG HEAD Request for /rest/hcpsdk/sample_primary_only.txt
                       - service_time1 = 0.0004000663757324219
DEBUG tried to cancel a non-existing idletimer (pretty OK)
DEBUG idletimer started: <Timer(Thread-2, started 4350545920)>
 INFO HEAD Request was successful - one of the headers:
 INFO Server: HCP V7.1.0.10
 INFO used IP address: 192.168.0.55
 INFO Request duration: 0.000400066376 seconds
 INFO
DEBUG idletimer canceled: <Timer(Thread-2, started 4350545920)>
DEBUG URL = /rest/hcpsdk/sample_primary_only.txt
DEBUG GET Request for /rest/hcpsdk/sample_primary_only.txt
                      - service_time1 = 0.0001838207244873047
DEBUG tried to cancel a non-existing idletimer (pretty OK)
DEBUG idletimer started: <Timer(Thread-3, started 4350545920)>
 INFO GET Request was successful - here's the content:
DEBUG (partial?) read: service_time1 = 0.03570699691772461 secs
 INFO b'0123456789abcdef0123456789abcdef01234567'...
 INFO used IP address: 192.168.0.55
 INFO Request duration: 0.035890817642 seconds
 INFO
DEBUG idletimer canceled: <Timer(Thread-3, started 4350545920)>
DEBUG URL = /rest/hcpsdk/sample_primary_only.txt
DEBUG DELETE Request for /rest/hcpsdk/sample_primary_only.txt
                         - service_time1 = 0.00023102760314941406
DEBUG tried to cancel a non-existing idletimer (pretty OK)
DEBUG idletimer started: <Timer(Thread-4, started 4350545920)>
 INFO DELETE Request was successful
 INFO used IP address: 192.168.0.55
 INFO Request duration: 0.000231027603 seconds
 INFO
DEBUG idletimer canceled: <Timer(Thread-4, started 4350545920)>
DEBUG Connection object closed: IP 192.168.0.55 (n1.m.hcp1.snomis.local)

Certificate verification failed, with debug messages

(P_CAFILE has been changed to a file holding a non-matching CA chain)

 INFO running *simple_primary_only.py*
DEBUG *I_NATIVE* authorization initialized for user: n
DEBUG pre version 6:     Cookie: hcp-ns-auth=bg==:1dc7fed37e11b35093d311...
DEBUG version 6+: Authorization: HCP bg==:1dc7fed37e11b35093d311ef66928...
 INFO *I_NATIVE* authorization initialized
 INFO
DEBUG (re-) loaded IP address cache: ['192.168.0.53', '192.168.0.54',
                                      '192.168.0.55', '192.168.0.52'],
                                      dnscache = False

DEBUG issued IP address: 192.168.0.53
DEBUG Target initialized: n1.m.hcp1.snomis.local:443 - SSL = True
 INFO Target *t* was initialized with IP addresses: ['192.168.0.53',
                                                     '192.168.0.54',
                                                     '192.168.0.55',
                                                     '192.168.0.52']
DEBUG Connection object initialized: IP None (n1.m.hcp1.snomis.local)
                                     - timeout: 30 - idletime: 30.0
                                     - retries: 3
DEBUG SSLcontext = <ssl.SSLContext object at 0x102220638>
 INFO Connection *c* uses IP address: None
 INFO
DEBUG tried to cancel a non-existing idletimer (pretty OK)
DEBUG URL = /rest/hcpsdk/sample_primary_only.txt
DEBUG Connection needs to be opened
DEBUG issued IP address: 192.168.0.54
DEBUG Connection open: IP 192.168.0.54 (n1.m.hcp1.snomis.local)
                       - connect_time: 2.5987625122070312e-05
DEBUG Request raised exception: [SSL: CERTIFICATE_VERIFY_FAILED]
                                 certificate verify failed (_ssl.c:600)
DEBUG tried to cancel a non-existing idletimer (pretty OK)
DEBUG Connection object closed: IP 192.168.0.54 (n1.m.hcp1.snomis.local)
PUT failed - [SSL: CERTIFICATE_VERIFY_FAILED]
             certificate verify failed (_ssl.c:600)