Simple object I/O without replica, with SSL certificate verification¶
Code sample¶
This code sample
is
exactly the same as the one shown as Simple object I/O without replica, except
that we verify the SSL certificate presented by HCP against a CA certificate
chain we have locally on file. So, described here are only the differences
to the first code sample.
We need to import ssl.create_default_context and define a file that holds our CA certificate chain:
import sys from os.path import normpath from ssl import create_default_context from pprint import pprint import hcpsdk # HCP Connection details - you'll need to adopt this to your environment! # -- primary HCP P_FQDN = 'n1.m.hcp1.snomis.local' P_USER = 'n' P_PASS = 'n01' P_PORT = 443 # -- file to be used for the test (read-only) P_FILE = normpath('../testfiles/128kbfile') # -- file holding a private CA certificate chain P_CAFILE = normpath('../../../tests/certs/failCertificate.pem') # -- debug mode P_DEBUG = True if __name__ == '__main__':
Now, we create an SSL context and use it when instantiating our Target object:
# Setup an authorization object: auth = hcpsdk.NativeAuthorization(P_USER, P_PASS) print('*I_NATIVE* authorization initialized') print('') # Create an SSL context for server authentication, using a local CAfile ctxt = create_default_context(cafile=P_CAFILE) # Setup an HCP Target object: try: t = hcpsdk.Target(P_FQDN, auth, port=P_PORT, sslcontext=ctxt) except hcpsdk.HcpsdkError as e: sys.exit('init of *Target* failed - {}'.format(e)) else: print('Target *t* was initialized with IP addresses: {}' .format(t.addresses))
Sample code output¶
Certificate verification success, with debug messages
INFO running *simple_primary_only.py*
DEBUG *I_NATIVE* authorization initialized for user: n
DEBUG pre version 6: Cookie: hcp-ns-auth=bg==:1dc7fed37e11b35093d311...
DEBUG version 6+: Authorization: HCP bg==:1dc7fed37e11b35093d311ef66928...
INFO *I_NATIVE* authorization initialized
INFO
DEBUG (re-) loaded IP address cache: ['192.168.0.54', '192.168.0.55',
'192.168.0.52', '192.168.0.53'],
dnscache = False
DEBUG issued IP address: 192.168.0.54
DEBUG Target initialized: n1.m.hcp1.snomis.local:443 - SSL = True
INFO Target *t* was initialized with IP addresses: ['192.168.0.54',
'192.168.0.55',
'192.168.0.52',
'192.168.0.53']
DEBUG Connection object initialized: IP None (n1.m.hcp1.snomis.local)
- timeout: 30 - idletime: 30.0
- retries: 3
DEBUG SSLcontext = <ssl.SSLContext object at 0x101a2c638>
INFO Connection *c* uses IP address: None
INFO
DEBUG tried to cancel a non-existing idletimer (pretty OK)
DEBUG URL = /rest/hcpsdk/sample_primary_only.txt
DEBUG Connection needs to be opened
DEBUG issued IP address: 192.168.0.55
DEBUG Connection open: IP 192.168.0.55 (n1.m.hcp1.snomis.local)
- connect_time: 3.0040740966796875e-05
DEBUG PUT Request for /rest/hcpsdk/sample_primary_only.txt
- service_time1 = 0.03981304168701172
DEBUG tried to cancel a non-existing idletimer (pretty OK)
DEBUG idletimer started: <Timer(Thread-1, started 4350545920)>
INFO PUT Request was successful
INFO used IP address: 192.168.0.55
INFO hash = SHA-256
A2706A20394E48179A86C71E82C360C2960D3652340F9B9FDB355A42E3AC7691
INFO connect time: 0.000030040741 seconds
INFO Request duration: 0.039813041687 seconds
INFO
DEBUG idletimer canceled: <Timer(Thread-1, started 4350545920)>
DEBUG URL = /rest/hcpsdk/sample_primary_only.txt
DEBUG HEAD Request for /rest/hcpsdk/sample_primary_only.txt
- service_time1 = 0.0004000663757324219
DEBUG tried to cancel a non-existing idletimer (pretty OK)
DEBUG idletimer started: <Timer(Thread-2, started 4350545920)>
INFO HEAD Request was successful - one of the headers:
INFO Server: HCP V7.1.0.10
INFO used IP address: 192.168.0.55
INFO Request duration: 0.000400066376 seconds
INFO
DEBUG idletimer canceled: <Timer(Thread-2, started 4350545920)>
DEBUG URL = /rest/hcpsdk/sample_primary_only.txt
DEBUG GET Request for /rest/hcpsdk/sample_primary_only.txt
- service_time1 = 0.0001838207244873047
DEBUG tried to cancel a non-existing idletimer (pretty OK)
DEBUG idletimer started: <Timer(Thread-3, started 4350545920)>
INFO GET Request was successful - here's the content:
DEBUG (partial?) read: service_time1 = 0.03570699691772461 secs
INFO b'0123456789abcdef0123456789abcdef01234567'...
INFO used IP address: 192.168.0.55
INFO Request duration: 0.035890817642 seconds
INFO
DEBUG idletimer canceled: <Timer(Thread-3, started 4350545920)>
DEBUG URL = /rest/hcpsdk/sample_primary_only.txt
DEBUG DELETE Request for /rest/hcpsdk/sample_primary_only.txt
- service_time1 = 0.00023102760314941406
DEBUG tried to cancel a non-existing idletimer (pretty OK)
DEBUG idletimer started: <Timer(Thread-4, started 4350545920)>
INFO DELETE Request was successful
INFO used IP address: 192.168.0.55
INFO Request duration: 0.000231027603 seconds
INFO
DEBUG idletimer canceled: <Timer(Thread-4, started 4350545920)>
DEBUG Connection object closed: IP 192.168.0.55 (n1.m.hcp1.snomis.local)
Certificate verification failed, with debug messages
(P_CAFILE has been changed to a file holding a non-matching CA chain)
INFO running *simple_primary_only.py*
DEBUG *I_NATIVE* authorization initialized for user: n
DEBUG pre version 6: Cookie: hcp-ns-auth=bg==:1dc7fed37e11b35093d311...
DEBUG version 6+: Authorization: HCP bg==:1dc7fed37e11b35093d311ef66928...
INFO *I_NATIVE* authorization initialized
INFO
DEBUG (re-) loaded IP address cache: ['192.168.0.53', '192.168.0.54',
'192.168.0.55', '192.168.0.52'],
dnscache = False
DEBUG issued IP address: 192.168.0.53
DEBUG Target initialized: n1.m.hcp1.snomis.local:443 - SSL = True
INFO Target *t* was initialized with IP addresses: ['192.168.0.53',
'192.168.0.54',
'192.168.0.55',
'192.168.0.52']
DEBUG Connection object initialized: IP None (n1.m.hcp1.snomis.local)
- timeout: 30 - idletime: 30.0
- retries: 3
DEBUG SSLcontext = <ssl.SSLContext object at 0x102220638>
INFO Connection *c* uses IP address: None
INFO
DEBUG tried to cancel a non-existing idletimer (pretty OK)
DEBUG URL = /rest/hcpsdk/sample_primary_only.txt
DEBUG Connection needs to be opened
DEBUG issued IP address: 192.168.0.54
DEBUG Connection open: IP 192.168.0.54 (n1.m.hcp1.snomis.local)
- connect_time: 2.5987625122070312e-05
DEBUG Request raised exception: [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed (_ssl.c:600)
DEBUG tried to cancel a non-existing idletimer (pretty OK)
DEBUG Connection object closed: IP 192.168.0.54 (n1.m.hcp1.snomis.local)
PUT failed - [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed (_ssl.c:600)