def ssl_settings()

in cqlsh-expansion/pylib/cqlshlib/sslhandling.py [0:0]

• 43 lines of code
• 15 McCabe index (conditional complexity)

def ssl_settings(host, config_file, env=os.environ):
    """
    Function which generates SSL setting for cassandra.Cluster

    Params:
    * host .........: hostname of Cassandra node.
    * env ..........: environment variables. SSL factory will use, if passed,
                      SSL_CERTFILE and SSL_VALIDATE variables.
    * config_file ..: path to cqlsh config file (usually ~/.cqlshrc).
                      SSL factory will use, if set, certfile and validate
                      options in [ssl] section, as well as host to certfile
                      mapping in [certfiles] section.

    [certfiles] section is optional, 'validate' setting in [ssl] section is
    optional too. If validation is enabled then SSL certfile must be provided
    either in the config file or as an environment variable.
    Environment variables override any options set in cqlsh config file.
    """
    configs = ConfigParser.SafeConfigParser()
    configs.read(config_file)

    def get_option(section, option):
        try:
            return configs.get(section, option)
        except ConfigParser.Error:
            return None

    ssl_validate = env.get('SSL_VALIDATE')
    if ssl_validate is None:
        ssl_validate = get_option('ssl', 'validate')
    ssl_validate = ssl_validate is None or ssl_validate.lower() != 'false'

    ssl_version_str = env.get('SSL_VERSION')
    if ssl_version_str is None:
        ssl_version_str = get_option('ssl', 'version')
    if ssl_version_str is None:
        ssl_version_str = "TLSv1"

    ssl_version = getattr(ssl, "PROTOCOL_%s" % ssl_version_str, None)
    if ssl_version is None:
        sys.exit("%s is not a valid SSL protocol, please use one of SSLv23, "
                 "TLSv1, TLSv1.1, or TLSv1.2" % (ssl_version_str,))

    ssl_certfile = env.get('SSL_CERTFILE')
    if ssl_certfile is None:
        ssl_certfile = get_option('certfiles', host)
    if ssl_certfile is None:
        ssl_certfile = get_option('ssl', 'certfile')
    if ssl_validate and ssl_certfile is None:
        sys.exit("Validation is enabled; SSL transport factory requires a valid certfile "
                 "to be specified. Please provide path to the certfile in [ssl] section "
                 "as 'certfile' option in %s (or use [certfiles] section) or set SSL_CERTFILE "
                 "environment variable." % (config_file,))
    if ssl_certfile is not None:
        ssl_certfile = os.path.expanduser(ssl_certfile)

    userkey = get_option('ssl', 'userkey')
    if userkey:
        userkey = os.path.expanduser(userkey)
    usercert = get_option('ssl', 'usercert')
    if usercert:
        usercert = os.path.expanduser(usercert)

    return dict(ca_certs=ssl_certfile,
                cert_reqs=ssl.CERT_REQUIRED if ssl_validate else ssl.CERT_NONE,
                ssl_version=ssl_version,
                keyfile=userkey, certfile=usercert)