upstream/mercurial-mirror Commit - r25429:9d1c6171

ssl: rename ssl_wrap_socket() to conform to our naming convention...

Yuya Nishihara -

r25429:9d1c6171 default

parent child

mercurial/httpconnection.py

0 +1 -1

             # httpconnection.py - urllib2 handler for new http support
             #
             # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>
             # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>
             # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
             # Copyright 2011 Google, Inc.
             #
             # This software may be used and distributed according to the terms of the
             # GNU General Public License version 2 or any later version.
             import logging
             import socket
             import urllib
             import urllib2
             import os
             from mercurial import httpclient
             from mercurial import sslutil
             from mercurial import util
             from mercurial.i18n import _
             # moved here from url.py to avoid a cycle
             class httpsendfile(object):
                 """This is a wrapper around the objects returned by python's "open".
                 Its purpose is to send file-like objects via HTTP.
                 It do however not define a __len__ attribute because the length
                 might be more than Py_ssize_t can handle.
                 """
                 def __init__(self, ui, *args, **kwargs):
                     # We can't just "self._data = open(*args, **kwargs)" here because there
                     # is an "open" function defined in this module that shadows the global
                     # one
                     self.ui = ui
                     self._data = open(*args, **kwargs)
                     self.seek = self._data.seek
                     self.close = self._data.close
                     self.write = self._data.write
                     self.length = os.fstat(self._data.fileno()).st_size
                     self._pos = 0
                     self._total = self.length // 1024 * 2
                 def read(self, *args, **kwargs):
                     try:
                         ret = self._data.read(*args, **kwargs)
                     except EOFError:
                         self.ui.progress(_('sending'), None)
                     self._pos += len(ret)
                     # We pass double the max for total because we currently have
                     # to send the bundle twice in the case of a server that
                     # requires authentication. Since we can't know until we try
                     # once whether authentication will be required, just lie to
                     # the user and maybe the push succeeds suddenly at 50%.
                     self.ui.progress(_('sending'), self._pos // 1024,
                                      unit=_('kb'), total=self._total)
                     return ret
             # moved here from url.py to avoid a cycle
             def readauthforuri(ui, uri, user):
                 # Read configuration
                 config = dict()
                 for key, val in ui.configitems('auth'):
                     if '.' not in key:
                         ui.warn(_("ignoring invalid [auth] key '%s'\n") % key)
                         continue
                     group, setting = key.rsplit('.', 1)
                     gdict = config.setdefault(group, dict())
                     if setting in ('username', 'cert', 'key'):
                         val = util.expandpath(val)
                     gdict[setting] = val
                 # Find the best match
                 scheme, hostpath = uri.split('://', 1)
                 bestuser = None
                 bestlen = 0
                 bestauth = None
                 for group, auth in config.iteritems():
                     if user and user != auth.get('username', user):
                         # If a username was set in the URI, the entry username
                         # must either match it or be unset
                         continue
                     prefix = auth.get('prefix')
                     if not prefix:
                         continue
                     p = prefix.split('://', 1)
                     if len(p) > 1:
                         schemes, prefix = [p[0]], p[1]
                     else:
                         schemes = (auth.get('schemes') or 'https').split()
                     if (prefix == '*' or hostpath.startswith(prefix)) and \
                         (len(prefix) > bestlen or (len(prefix) == bestlen and \
                             not bestuser and 'username' in auth)) \
                          and scheme in schemes:
                         bestlen = len(prefix)
                         bestauth = group, auth
                         bestuser = auth.get('username')
                         if user and not bestuser:
                             auth['username'] = user
                 return bestauth
             # Mercurial (at least until we can remove the old codepath) requires
             # that the http response object be sufficiently file-like, so we
             # provide a close() method here.
             class HTTPResponse(httpclient.HTTPResponse):
                 def close(self):
                     pass
             class HTTPConnection(httpclient.HTTPConnection):
                 response_class = HTTPResponse
                 def request(self, method, uri, body=None, headers={}):
                     if isinstance(body, httpsendfile):
                         body.seek(0)
                     httpclient.HTTPConnection.request(self, method, uri, body=body,
                                                       headers=headers)
             _configuredlogging = False
             LOGFMT = '%(levelname)s:%(name)s:%(lineno)d:%(message)s'
             # Subclass BOTH of these because otherwise urllib2 "helpfully"
             # reinserts them since it notices we don't include any subclasses of
             # them.
             class http2handler(urllib2.HTTPHandler, urllib2.HTTPSHandler):
                 def __init__(self, ui, pwmgr):
                     global _configuredlogging
                     urllib2.AbstractHTTPHandler.__init__(self)
                     self.ui = ui
                     self.pwmgr = pwmgr
                     self._connections = {}
                     loglevel = ui.config('ui', 'http2debuglevel', default=None)
                     if loglevel and not _configuredlogging:
                         _configuredlogging = True
                         logger = logging.getLogger('mercurial.httpclient')
                         logger.setLevel(getattr(logging, loglevel.upper()))
                         handler = logging.StreamHandler()
                         handler.setFormatter(logging.Formatter(LOGFMT))
                         logger.addHandler(handler)
                 def close_all(self):
                     """Close and remove all connection objects being kept for reuse."""
                     for openconns in self._connections.values():
                         for conn in openconns:
                             conn.close()
                     self._connections = {}
                 # shamelessly borrowed from urllib2.AbstractHTTPHandler
                 def do_open(self, http_class, req, use_ssl):
                     """Return an addinfourl object for the request, using http_class.
                     http_class must implement the HTTPConnection API from httplib.
                     The addinfourl return value is a file-like object.  It also
                     has methods and attributes including:
                         - info(): return a mimetools.Message object for the headers
                         - geturl(): return the original request URL
                         - code: HTTP status code
                     """
                     # If using a proxy, the host returned by get_host() is
                     # actually the proxy. On Python 2.6.1, the real destination
                     # hostname is encoded in the URI in the urllib2 request
                     # object. On Python 2.6.5, it's stored in the _tunnel_host
                     # attribute which has no accessor.
                     tunhost = getattr(req, '_tunnel_host', None)
                     host = req.get_host()
                     if tunhost:
                         proxyhost = host
                         host = tunhost
                     elif req.has_proxy():
                         proxyhost = req.get_host()
                         host = req.get_selector().split('://', 1)[1].split('/', 1)[0]
                     else:
                         proxyhost = None
                     if proxyhost:
                         if ':' in proxyhost:
                             # Note: this means we'll explode if we try and use an
                             # IPv6 http proxy. This isn't a regression, so we
                             # won't worry about it for now.
                             proxyhost, proxyport = proxyhost.rsplit(':', 1)
                         else:
                             proxyport = 3128 # squid default
                         proxy = (proxyhost, proxyport)
                     else:
                         proxy = None
                     if not host:
                         raise urllib2.URLError('no host given')
                     connkey = use_ssl, host, proxy
                     allconns = self._connections.get(connkey, [])
                     conns = [c for c in allconns if not c.busy()]
                     if conns:
                         h = conns[0]
                     else:
                         if allconns:
                             self.ui.debug('all connections for %s busy, making a new '
                                           'one\n' % host)
                         timeout = None
                         if req.timeout is not socket._GLOBAL_DEFAULT_TIMEOUT:
                             timeout = req.timeout
                         h = http_class(host, timeout=timeout, proxy_hostport=proxy)
                         self._connections.setdefault(connkey, []).append(h)
                     headers = dict(req.headers)
                     headers.update(req.unredirected_hdrs)
                     headers = dict(
                         (name.title(), val) for name, val in headers.items())
                     try:
                         path = req.get_selector()
                         if '://' in path:
                             path = path.split('://', 1)[1].split('/', 1)[1]
                         if path[0] != '/':
                             path = '/' + path
                         h.request(req.get_method(), path, req.data, headers)
                         r = h.getresponse()
                     except socket.error, err: # XXX what error?
                         raise urllib2.URLError(err)
                     # Pick apart the HTTPResponse object to get the addinfourl
                     # object initialized properly.
                     r.recv = r.read
                     resp = urllib.addinfourl(r, r.headers, req.get_full_url())
                     resp.code = r.status
                     resp.msg = r.reason
                     return resp
                 # httplib always uses the given host/port as the socket connect
                 # target, and then allows full URIs in the request path, which it
                 # then observes and treats as a signal to do proxying instead.
                 def http_open(self, req):
                     if req.get_full_url().startswith('https'):
                         return self.https_open(req)
                     def makehttpcon(*args, **kwargs):
                         k2 = dict(kwargs)
                         k2['use_ssl'] = False
                         return HTTPConnection(*args, **k2)
                     return self.do_open(makehttpcon, req, False)
                 def https_open(self, req):
                     # req.get_full_url() does not contain credentials and we may
                     # need them to match the certificates.
                     url = req.get_full_url()
                     user, password = self.pwmgr.find_stored_password(url)
                     res = readauthforuri(self.ui, url, user)
                     if res:
                         group, auth = res
                         self.auth = auth
                         self.ui.debug("using auth.%s.* for authentication\n" % group)
                     else:
                         self.auth = None
                     return self.do_open(self._makesslconnection, req, True)
                 def _makesslconnection(self, host, port=443, *args, **kwargs):
                     keyfile = None
                     certfile = None
                     if args: # key_file
                         keyfile = args.pop(0)
                     if args: # cert_file
                         certfile = args.pop(0)
                     # if the user has specified different key/cert files in
                     # hgrc, we prefer these
                     if self.auth and 'key' in self.auth and 'cert' in self.auth:
                         keyfile = self.auth['key']
                         certfile = self.auth['cert']
                     # let host port take precedence
                     if ':' in host and '[' not in host or ']:' in host:
                         host, port = host.rsplit(':', 1)
                         port = int(port)
                         if '[' in host:
                             host = host[1:-1]
                     kwargs['keyfile'] = keyfile
                     kwargs['certfile'] = certfile
                     kwargs.update(sslutil.sslkwargs(self.ui, host))
                     con = HTTPConnection(host, port, use_ssl=True,
-                                         ssl_wrap_socket=sslutil.ssl_wrap_socket,
+                                         ssl_wrap_socket=sslutil.wrapsocket,
                                          ssl_validator=sslutil.validator(self.ui, host),
                                          **kwargs)
                     return con

mercurial/mail.py

0 +5 -5

             # mail.py - mail sending bits for mercurial
             #
             # Copyright 2006 Matt Mackall <mpm@selenic.com>
             #
             # This software may be used and distributed according to the terms of the
             # GNU General Public License version 2 or any later version.
             from i18n import _
             import util, encoding, sslutil
             import os, smtplib, socket, quopri, time, sys
             import email
             _oldheaderinit = email.Header.Header.__init__
             def _unifiedheaderinit(self, *args, **kw):
                 """
                 Python 2.7 introduces a backwards incompatible change
                 (Python issue1974, r70772) in email.Generator.Generator code:
                 pre-2.7 code passed "continuation_ws='\t'" to the Header
                 constructor, and 2.7 removed this parameter.
                 Default argument is continuation_ws=' ', which means that the
                 behaviour is different in <2.7 and 2.7
                 We consider the 2.7 behaviour to be preferable, but need
                 to have an unified behaviour for versions 2.4 to 2.7
                 """
                 # override continuation_ws
                 kw['continuation_ws'] = ' '
                 _oldheaderinit(self, *args, **kw)
             email.Header.Header.__dict__['__init__'] = _unifiedheaderinit
             class STARTTLS(smtplib.SMTP):
                 '''Derived class to verify the peer certificate for STARTTLS.
                 This class allows to pass any keyword arguments to SSL socket creation.
                 '''
                 def __init__(self, sslkwargs, **kwargs):
                     smtplib.SMTP.__init__(self, **kwargs)
                     self._sslkwargs = sslkwargs
                 def starttls(self, keyfile=None, certfile=None):
                     if not self.has_extn("starttls"):
                         msg = "STARTTLS extension not supported by server"
                         raise smtplib.SMTPException(msg)
                     (resp, reply) = self.docmd("STARTTLS")
                     if resp == 220:
-                        self.sock = sslutil.ssl_wrap_socket(self.sock, keyfile, certfile,
+                        self.sock = sslutil.wrapsocket(self.sock, keyfile, certfile,
-                                                            **self._sslkwargs)
+                                                       **self._sslkwargs)
                         if not util.safehasattr(self.sock, "read"):
                             # using httplib.FakeSocket with Python 2.5.x or earlier
                             self.sock.read = self.sock.recv
                         self.file = smtplib.SSLFakeFile(self.sock)
                         self.helo_resp = None
                         self.ehlo_resp = None
                         self.esmtp_features = {}
                         self.does_esmtp = 0
                     return (resp, reply)
             if util.safehasattr(smtplib.SMTP, '_get_socket'):
                 class SMTPS(smtplib.SMTP):
                     '''Derived class to verify the peer certificate for SMTPS.
                     This class allows to pass any keyword arguments to SSL socket creation.
                     '''
                     def __init__(self, sslkwargs, keyfile=None, certfile=None, **kwargs):
                         self.keyfile = keyfile
                         self.certfile = certfile
                         smtplib.SMTP.__init__(self, **kwargs)
                         self.default_port = smtplib.SMTP_SSL_PORT
                         self._sslkwargs = sslkwargs
                     def _get_socket(self, host, port, timeout):
                         if self.debuglevel > 0:
                             print >> sys.stderr, 'connect:', (host, port)
                         new_socket = socket.create_connection((host, port), timeout)
-                        new_socket = sslutil.ssl_wrap_socket(new_socket,
+                        new_socket = sslutil.wrapsocket(new_socket,
-                                                             self.keyfile, self.certfile,
+                                                        self.keyfile, self.certfile,
-                                                             **self._sslkwargs)
+                                                        **self._sslkwargs)
                         self.file = smtplib.SSLFakeFile(new_socket)
                         return new_socket
             else:
                 def SMTPS(sslkwargs, keyfile=None, certfile=None, **kwargs):
                     raise util.Abort(_('SMTPS requires Python 2.6 or later'))
             def _smtp(ui):
                 '''build an smtp connection and return a function to send mail'''
                 local_hostname = ui.config('smtp', 'local_hostname')
                 tls = ui.config('smtp', 'tls', 'none')
                 # backward compatible: when tls = true, we use starttls.
                 starttls = tls == 'starttls' or util.parsebool(tls)
                 smtps = tls == 'smtps'
                 if (starttls or smtps) and not util.safehasattr(socket, 'ssl'):
                     raise util.Abort(_("can't use TLS: Python SSL support not installed"))
                 mailhost = ui.config('smtp', 'host')
                 if not mailhost:
                     raise util.Abort(_('smtp.host not configured - cannot send mail'))
                 verifycert = ui.config('smtp', 'verifycert', 'strict')
                 if verifycert not in ['strict', 'loose']:
                     if util.parsebool(verifycert) is not False:
                         raise util.Abort(_('invalid smtp.verifycert configuration: %s')
                                          % (verifycert))
                     verifycert = False
                 if (starttls or smtps) and verifycert:
                     sslkwargs = sslutil.sslkwargs(ui, mailhost)
                 else:
                     sslkwargs = {}
                 if smtps:
                     ui.note(_('(using smtps)\n'))
                     s = SMTPS(sslkwargs, local_hostname=local_hostname)
                 elif starttls:
                     s = STARTTLS(sslkwargs, local_hostname=local_hostname)
                 else:
                     s = smtplib.SMTP(local_hostname=local_hostname)
                 if smtps:
                     defaultport = 465
                 else:
                     defaultport = 25
                 mailport = util.getport(ui.config('smtp', 'port', defaultport))
                 ui.note(_('sending mail: smtp host %s, port %s\n') %
                         (mailhost, mailport))
                 s.connect(host=mailhost, port=mailport)
                 if starttls:
                     ui.note(_('(using starttls)\n'))
                     s.ehlo()
                     s.starttls()
                     s.ehlo()
                 if (starttls or smtps) and verifycert:
                     ui.note(_('(verifying remote certificate)\n'))
                     sslutil.validator(ui, mailhost)(s.sock, verifycert == 'strict')
                 username = ui.config('smtp', 'username')
                 password = ui.config('smtp', 'password')
                 if username and not password:
                     password = ui.getpass()
                 if username and password:
                     ui.note(_('(authenticating to mail server as %s)\n') %
                               (username))
                     try:
                         s.login(username, password)
                     except smtplib.SMTPException, inst:
                         raise util.Abort(inst)
                 def send(sender, recipients, msg):
                     try:
                         return s.sendmail(sender, recipients, msg)
                     except smtplib.SMTPRecipientsRefused, inst:
                         recipients = [r[1] for r in inst.recipients.values()]
                         raise util.Abort('\n' + '\n'.join(recipients))
                     except smtplib.SMTPException, inst:
                         raise util.Abort(inst)
                 return send
             def _sendmail(ui, sender, recipients, msg):
                 '''send mail using sendmail.'''
                 program = ui.config('email', 'method')
                 cmdline = '%s -f %s %s' % (program, util.email(sender),
                                            ' '.join(map(util.email, recipients)))
                 ui.note(_('sending mail: %s\n') % cmdline)
                 fp = util.popen(cmdline, 'w')
                 fp.write(msg)
                 ret = fp.close()
                 if ret:
                     raise util.Abort('%s %s' % (
                         os.path.basename(program.split(None, 1)[0]),
                         util.explainexit(ret)[0]))
             def _mbox(mbox, sender, recipients, msg):
                 '''write mails to mbox'''
                 fp = open(mbox, 'ab+')
                 # Should be time.asctime(), but Windows prints 2-characters day
                 # of month instead of one. Make them print the same thing.
                 date = time.strftime('%a %b %d %H:%M:%S %Y', time.localtime())
                 fp.write('From %s %s\n' % (sender, date))
                 fp.write(msg)
                 fp.write('\n\n')
                 fp.close()
             def connect(ui, mbox=None):
                 '''make a mail connection. return a function to send mail.
                 call as sendmail(sender, list-of-recipients, msg).'''
                 if mbox:
                     open(mbox, 'wb').close()
                     return lambda s, r, m: _mbox(mbox, s, r, m)
                 if ui.config('email', 'method', 'smtp') == 'smtp':
                     return _smtp(ui)
                 return lambda s, r, m: _sendmail(ui, s, r, m)
             def sendmail(ui, sender, recipients, msg, mbox=None):
                 send = connect(ui, mbox=mbox)
                 return send(sender, recipients, msg)
             def validateconfig(ui):
                 '''determine if we have enough config data to try sending email.'''
                 method = ui.config('email', 'method', 'smtp')
                 if method == 'smtp':
                     if not ui.config('smtp', 'host'):
                         raise util.Abort(_('smtp specified as email transport, '
                                            'but no smtp host configured'))
                 else:
                     if not util.findexe(method):
                         raise util.Abort(_('%r specified as email transport, '
                                            'but not in PATH') % method)
             def mimetextpatch(s, subtype='plain', display=False):
                 '''Return MIME message suitable for a patch.
                 Charset will be detected as utf-8 or (possibly fake) us-ascii.
                 Transfer encodings will be used if necessary.'''
                 cs = 'us-ascii'
                 if not display:
                     try:
                         s.decode('us-ascii')
                     except UnicodeDecodeError:
                         try:
                             s.decode('utf-8')
                             cs = 'utf-8'
                         except UnicodeDecodeError:
                             # We'll go with us-ascii as a fallback.
                             pass
                 return mimetextqp(s, subtype, cs)
             def mimetextqp(body, subtype, charset):
                 '''Return MIME message.
                 Quoted-printable transfer encoding will be used if necessary.
                 '''
                 enc = None
                 for line in body.splitlines():
                     if len(line) > 950:
                         body = quopri.encodestring(body)
                         enc = "quoted-printable"
                         break
                 msg = email.MIMEText.MIMEText(body, subtype, charset)
                 if enc:
                     del msg['Content-Transfer-Encoding']
                     msg['Content-Transfer-Encoding'] = enc
                 return msg
             def _charsets(ui):
                 '''Obtains charsets to send mail parts not containing patches.'''
                 charsets = [cs.lower() for cs in ui.configlist('email', 'charsets')]
                 fallbacks = [encoding.fallbackencoding.lower(),
                              encoding.encoding.lower(), 'utf-8']
                 for cs in fallbacks: # find unique charsets while keeping order
                     if cs not in charsets:
                         charsets.append(cs)
                 return [cs for cs in charsets if not cs.endswith('ascii')]
             def _encode(ui, s, charsets):
                 '''Returns (converted) string, charset tuple.
                 Finds out best charset by cycling through sendcharsets in descending
                 order. Tries both encoding and fallbackencoding for input. Only as
                 last resort send as is in fake ascii.
                 Caveat: Do not use for mail parts containing patches!'''
                 try:
                     s.decode('ascii')
                 except UnicodeDecodeError:
                     sendcharsets = charsets or _charsets(ui)
                     for ics in (encoding.encoding, encoding.fallbackencoding):
                         try:
                             u = s.decode(ics)
                         except UnicodeDecodeError:
                             continue
                         for ocs in sendcharsets:
                             try:
                                 return u.encode(ocs), ocs
                             except UnicodeEncodeError:
                                 pass
                             except LookupError:
                                 ui.warn(_('ignoring invalid sendcharset: %s\n') % ocs)
                 # if ascii, or all conversion attempts fail, send (broken) ascii
                 return s, 'us-ascii'
             def headencode(ui, s, charsets=None, display=False):
                 '''Returns RFC-2047 compliant header from given string.'''
                 if not display:
                     # split into words?
                     s, cs = _encode(ui, s, charsets)
                     return str(email.Header.Header(s, cs))
                 return s
             def _addressencode(ui, name, addr, charsets=None):
                 name = headencode(ui, name, charsets)
                 try:
                     acc, dom = addr.split('@')
                     acc = acc.encode('ascii')
                     dom = dom.decode(encoding.encoding).encode('idna')
                     addr = '%s@%s' % (acc, dom)
                 except UnicodeDecodeError:
                     raise util.Abort(_('invalid email address: %s') % addr)
                 except ValueError:
                     try:
                         # too strict?
                         addr = addr.encode('ascii')
                     except UnicodeDecodeError:
                         raise util.Abort(_('invalid local address: %s') % addr)
                 return email.Utils.formataddr((name, addr))
             def addressencode(ui, address, charsets=None, display=False):
                 '''Turns address into RFC-2047 compliant header.'''
                 if display or not address:
                     return address or ''
                 name, addr = email.Utils.parseaddr(address)
                 return _addressencode(ui, name, addr, charsets)
             def addrlistencode(ui, addrs, charsets=None, display=False):
                 '''Turns a list of addresses into a list of RFC-2047 compliant headers.
                 A single element of input list may contain multiple addresses, but output
                 always has one address per item'''
                 if display:
                     return [a.strip() for a in addrs if a.strip()]
                 result = []
                 for name, addr in email.Utils.getaddresses(addrs):
                     if name or addr:
                         result.append(_addressencode(ui, name, addr, charsets))
                 return result
             def mimeencode(ui, s, charsets=None, display=False):
                 '''creates mime text object, encodes it if needed, and sets
                 charset and transfer-encoding accordingly.'''
                 cs = 'us-ascii'
                 if not display:
                     s, cs = _encode(ui, s, charsets)
                 return mimetextqp(s, 'plain', cs)

mercurial/sslutil.py

0 +9 -9

             # sslutil.py - SSL handling for mercurial
             #
             # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>
             # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>
             # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
             #
             # This software may be used and distributed according to the terms of the
             # GNU General Public License version 2 or any later version.
             import os, sys
             from mercurial import util
             from mercurial.i18n import _
             _canloaddefaultcerts = False
             try:
                 # avoid using deprecated/broken FakeSocket in python 2.6
                 import ssl
                 CERT_REQUIRED = ssl.CERT_REQUIRED
                 try:
                     ssl_context = ssl.SSLContext
                     _canloaddefaultcerts = util.safehasattr(ssl_context,
                                                             'load_default_certs')
-                    def ssl_wrap_socket(sock, keyfile, certfile, ui,
+                    def wrapsocket(sock, keyfile, certfile, ui,
-                                        cert_reqs=ssl.CERT_NONE,
+                                   cert_reqs=ssl.CERT_NONE,
-                                        ca_certs=None, serverhostname=None):
+                                   ca_certs=None, serverhostname=None):
                         # Allow any version of SSL starting with TLSv1 and
                         # up. Note that specifying TLSv1 here prohibits use of
                         # newer standards (like TLSv1_2), so this is the right way
                         # to do this. Note that in the future it'd be better to
                         # support using ssl.create_default_context(), which sets
                         # up a bunch of things in smart ways (strong ciphers,
                         # protocol versions, etc) and is upgraded by Python
                         # maintainers for us, but that breaks too many things to
                         # do it in a hurry.
                         sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
                         sslcontext.options &= ssl.OP_NO_SSLv2 & ssl.OP_NO_SSLv3
                         if certfile is not None:
                             def password():
                                 f = keyfile or certfile
                                 return ui.getpass(_('passphrase for %s: ') % f, '')
                             sslcontext.load_cert_chain(certfile, keyfile, password)
                         sslcontext.verify_mode = cert_reqs
                         if ca_certs is not None:
                             sslcontext.load_verify_locations(cafile=ca_certs)
                         elif _canloaddefaultcerts:
                             sslcontext.load_default_certs()
                         sslsocket = sslcontext.wrap_socket(sock,
                                                            server_hostname=serverhostname)
                         # check if wrap_socket failed silently because socket had been
                         # closed
                         # - see http://bugs.python.org/issue13721
                         if not sslsocket.cipher():
                             raise util.Abort(_('ssl connection failed'))
                         return sslsocket
                 except AttributeError:
-                    def ssl_wrap_socket(sock, keyfile, certfile, ui,
+                    def wrapsocket(sock, keyfile, certfile, ui,
-                                        cert_reqs=ssl.CERT_NONE,
+                                   cert_reqs=ssl.CERT_NONE,
-                                        ca_certs=None, serverhostname=None):
+                                   ca_certs=None, serverhostname=None):
                         sslsocket = ssl.wrap_socket(sock, keyfile, certfile,
                                                     cert_reqs=cert_reqs, ca_certs=ca_certs,
                                                     ssl_version=ssl.PROTOCOL_TLSv1)
                         # check if wrap_socket failed silently because socket had been
                         # closed
                         # - see http://bugs.python.org/issue13721
                         if not sslsocket.cipher():
                             raise util.Abort(_('ssl connection failed'))
                         return sslsocket
             except ImportError:
                 CERT_REQUIRED = 2
                 import socket, httplib
-                def ssl_wrap_socket(sock, keyfile, certfile, ui,
+                def wrapsocket(sock, keyfile, certfile, ui,
-                                    cert_reqs=CERT_REQUIRED,
+                               cert_reqs=CERT_REQUIRED,
-                                    ca_certs=None, serverhostname=None):
+                               ca_certs=None, serverhostname=None):
                     if not util.safehasattr(socket, 'ssl'):
                         raise util.Abort(_('Python SSL support not found'))
                     if ca_certs:
                         raise util.Abort(_(
                             'certificate checking requires Python 2.6'))
                     ssl = socket.ssl(sock, keyfile, certfile)
                     return httplib.FakeSocket(sock, ssl)
             def _verifycert(cert, hostname):
                 '''Verify that cert (in socket.getpeercert() format) matches hostname.
                 CRLs is not handled.
                 Returns error message if any problems are found and None on success.
                 '''
                 if not cert:
                     return _('no certificate received')
                 dnsname = hostname.lower()
                 def matchdnsname(certname):
                     return (certname == dnsname or
                             '.' in dnsname and certname == '*.' + dnsname.split('.', 1)[1])
                 san = cert.get('subjectAltName', [])
                 if san:
                     certnames = [value.lower() for key, value in san if key == 'DNS']
                     for name in certnames:
                         if matchdnsname(name):
                             return None
                     if certnames:
                         return _('certificate is for %s') % ', '.join(certnames)
                 # subject is only checked when subjectAltName is empty
                 for s in cert.get('subject', []):
                     key, value = s[0]
                     if key == 'commonName':
                         try:
                             # 'subject' entries are unicode
                             certname = value.lower().encode('ascii')
                         except UnicodeEncodeError:
                             return _('IDN in certificate not supported')
                         if matchdnsname(certname):
                             return None
                         return _('certificate is for %s') % certname
                 return _('no commonName or subjectAltName found in certificate')
             # CERT_REQUIRED means fetch the cert from the server all the time AND
             # validate it against the CA store provided in web.cacerts.
             #
             # We COMPLETELY ignore CERT_REQUIRED on Python <= 2.5, as it's totally
             # busted on those versions.
             def _plainapplepython():
                 """return true if this seems to be a pure Apple Python that
                 * is unfrozen and presumably has the whole mercurial module in the file
                   system
                 * presumably is an Apple Python that uses Apple OpenSSL which has patches
                   for using system certificate store CAs in addition to the provided
                   cacerts file
                 """
                 if sys.platform != 'darwin' or util.mainfrozen() or not sys.executable:
                     return False
                 exe = os.path.realpath(sys.executable).lower()
                 return (exe.startswith('/usr/bin/python') or
                         exe.startswith('/system/library/frameworks/python.framework/'))
             def _defaultcacerts():
                 """return path to CA certificates; None for system's store; ! to disable"""
                 if _plainapplepython():
                     dummycert = os.path.join(os.path.dirname(__file__), 'dummycert.pem')
                     if os.path.exists(dummycert):
                         return dummycert
                 if _canloaddefaultcerts:
                     return None
                 return '!'
             def sslkwargs(ui, host):
                 kws = {'ui': ui}
                 hostfingerprint = ui.config('hostfingerprints', host)
                 if hostfingerprint:
                     return kws
                 cacerts = ui.config('web', 'cacerts')
                 if cacerts == '!':
                     pass
                 elif cacerts:
                     cacerts = util.expandpath(cacerts)
                     if not os.path.exists(cacerts):
                         raise util.Abort(_('could not find web.cacerts: %s') % cacerts)
                 else:
                     cacerts = _defaultcacerts()
                     if cacerts and cacerts != '!':
                         ui.debug('using %s to enable OS X system CA\n' % cacerts)
                     ui.setconfig('web', 'cacerts', cacerts, 'defaultcacerts')
                 if cacerts != '!':
                     kws.update({'ca_certs': cacerts,
                                 'cert_reqs': CERT_REQUIRED,
                                 })
                 return kws
             class validator(object):
                 def __init__(self, ui, host):
                     self.ui = ui
                     self.host = host
                 def __call__(self, sock, strict=False):
                     host = self.host
                     cacerts = self.ui.config('web', 'cacerts')
                     hostfingerprint = self.ui.config('hostfingerprints', host)
                     if not getattr(sock, 'getpeercert', False): # python 2.5 ?
                         if hostfingerprint:
                             raise util.Abort(_("host fingerprint for %s can't be "
                                                "verified (Python too old)") % host)
                         if strict:
                             raise util.Abort(_("certificate for %s can't be verified "
                                                "(Python too old)") % host)
                         if self.ui.configbool('ui', 'reportoldssl', True):
                             self.ui.warn(_("warning: certificate for %s can't be verified "
                                            "(Python too old)\n") % host)
                         return
                     if not sock.cipher(): # work around http://bugs.python.org/issue13721
                         raise util.Abort(_('%s ssl connection error') % host)
                     try:
                         peercert = sock.getpeercert(True)
                         peercert2 = sock.getpeercert()
                     except AttributeError:
                         raise util.Abort(_('%s ssl connection error') % host)
                     if not peercert:
                         raise util.Abort(_('%s certificate error: '
                                            'no certificate received') % host)
                     peerfingerprint = util.sha1(peercert).hexdigest()
                     nicefingerprint = ":".join([peerfingerprint[x:x + 2]
                         for x in xrange(0, len(peerfingerprint), 2)])
                     if hostfingerprint:
                         if peerfingerprint.lower() != \
                                 hostfingerprint.replace(':', '').lower():
                             raise util.Abort(_('certificate for %s has unexpected '
                                                'fingerprint %s') % (host, nicefingerprint),
                                              hint=_('check hostfingerprint configuration'))
                         self.ui.debug('%s certificate matched fingerprint %s\n' %
                                       (host, nicefingerprint))
                     elif cacerts != '!':
                         msg = _verifycert(peercert2, host)
                         if msg:
                             raise util.Abort(_('%s certificate error: %s') % (host, msg),
                                              hint=_('configure hostfingerprint %s or use '
                                                     '--insecure to connect insecurely') %
                                                   nicefingerprint)
                         self.ui.debug('%s certificate successfully verified\n' % host)
                     elif strict:
                         raise util.Abort(_('%s certificate with fingerprint %s not '
                                            'verified') % (host, nicefingerprint),
                                          hint=_('check hostfingerprints or web.cacerts '
                                                  'config setting'))
                     else:
                         self.ui.warn(_('warning: %s certificate with fingerprint %s not '
                                        'verified (check hostfingerprints or web.cacerts '
                                        'config setting)\n') %
                                      (host, nicefingerprint))

mercurial/url.py

0 +3 -3

             # url.py - HTTP handling for mercurial
             #
             # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>
             # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>
             # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
             #
             # This software may be used and distributed according to the terms of the
             # GNU General Public License version 2 or any later version.
             import urllib, urllib2, httplib, os, socket, cStringIO, base64
             from i18n import _
             import keepalive, util, sslutil
             import httpconnection as httpconnectionmod
             class passwordmgr(urllib2.HTTPPasswordMgrWithDefaultRealm):
                 def __init__(self, ui):
                     urllib2.HTTPPasswordMgrWithDefaultRealm.__init__(self)
                     self.ui = ui
                 def find_user_password(self, realm, authuri):
                     authinfo = urllib2.HTTPPasswordMgrWithDefaultRealm.find_user_password(
                         self, realm, authuri)
                     user, passwd = authinfo
                     if user and passwd:
                         self._writedebug(user, passwd)
                         return (user, passwd)
                     if not user or not passwd:
                         res = httpconnectionmod.readauthforuri(self.ui, authuri, user)
                         if res:
                             group, auth = res
                             user, passwd = auth.get('username'), auth.get('password')
                             self.ui.debug("using auth.%s.* for authentication\n" % group)
                     if not user or not passwd:
                         u = util.url(authuri)
                         u.query = None
                         if not self.ui.interactive():
                             raise util.Abort(_('http authorization required for %s') %
                                              util.hidepassword(str(u)))
                         self.ui.write(_("http authorization required for %s\n") %
                                       util.hidepassword(str(u)))
                         self.ui.write(_("realm: %s\n") % realm)
                         if user:
                             self.ui.write(_("user: %s\n") % user)
                         else:
                             user = self.ui.prompt(_("user:"), default=None)
                         if not passwd:
                             passwd = self.ui.getpass()
                     self.add_password(realm, authuri, user, passwd)
                     self._writedebug(user, passwd)
                     return (user, passwd)
                 def _writedebug(self, user, passwd):
                     msg = _('http auth: user %s, password %s\n')
                     self.ui.debug(msg % (user, passwd and '*' * len(passwd) or 'not set'))
                 def find_stored_password(self, authuri):
                     return urllib2.HTTPPasswordMgrWithDefaultRealm.find_user_password(
                         self, None, authuri)
             class proxyhandler(urllib2.ProxyHandler):
                 def __init__(self, ui):
                     proxyurl = ui.config("http_proxy", "host") or os.getenv('http_proxy')
                     # XXX proxyauthinfo = None
                     if proxyurl:
                         # proxy can be proper url or host[:port]
                         if not (proxyurl.startswith('http:') or
                                 proxyurl.startswith('https:')):
                             proxyurl = 'http://' + proxyurl + '/'
                         proxy = util.url(proxyurl)
                         if not proxy.user:
                             proxy.user = ui.config("http_proxy", "user")
                             proxy.passwd = ui.config("http_proxy", "passwd")
                         # see if we should use a proxy for this url
                         no_list = ["localhost", "127.0.0.1"]
                         no_list.extend([p.lower() for
                                         p in ui.configlist("http_proxy", "no")])
                         no_list.extend([p.strip().lower() for
                                         p in os.getenv("no_proxy", '').split(',')
                                         if p.strip()])
                         # "http_proxy.always" config is for running tests on localhost
                         if ui.configbool("http_proxy", "always"):
                             self.no_list = []
                         else:
                             self.no_list = no_list
                         proxyurl = str(proxy)
                         proxies = {'http': proxyurl, 'https': proxyurl}
                         ui.debug('proxying through http://%s:%s\n' %
                                   (proxy.host, proxy.port))
                     else:
                         proxies = {}
                     # urllib2 takes proxy values from the environment and those
                     # will take precedence if found. So, if there's a config entry
                     # defining a proxy, drop the environment ones
                     if ui.config("http_proxy", "host"):
                         for env in ["HTTP_PROXY", "http_proxy", "no_proxy"]:
                             try:
                                 if env in os.environ:
                                     del os.environ[env]
                             except OSError:
                                 pass
                     urllib2.ProxyHandler.__init__(self, proxies)
                     self.ui = ui
                 def proxy_open(self, req, proxy, type_):
                     host = req.get_host().split(':')[0]
                     for e in self.no_list:
                         if host == e:
                             return None
                         if e.startswith('*.') and host.endswith(e[2:]):
                             return None
                         if e.startswith('.') and host.endswith(e[1:]):
                             return None
                     return urllib2.ProxyHandler.proxy_open(self, req, proxy, type_)
             def _gen_sendfile(orgsend):
                 def _sendfile(self, data):
                     # send a file
                     if isinstance(data, httpconnectionmod.httpsendfile):
                         # if auth required, some data sent twice, so rewind here
                         data.seek(0)
                         for chunk in util.filechunkiter(data):
                             orgsend(self, chunk)
                     else:
                         orgsend(self, data)
                 return _sendfile
             has_https = util.safehasattr(urllib2, 'HTTPSHandler')
             if has_https:
                 try:
                     _create_connection = socket.create_connection
                 except AttributeError:
                     _GLOBAL_DEFAULT_TIMEOUT = object()
                     def _create_connection(address, timeout=_GLOBAL_DEFAULT_TIMEOUT,
                                            source_address=None):
                         # lifted from Python 2.6
                         msg = "getaddrinfo returns an empty list"
                         host, port = address
                         for res in socket.getaddrinfo(host, port, 0, socket.SOCK_STREAM):
                             af, socktype, proto, canonname, sa = res
                             sock = None
                             try:
                                 sock = socket.socket(af, socktype, proto)
                                 if timeout is not _GLOBAL_DEFAULT_TIMEOUT:
                                     sock.settimeout(timeout)
                                 if source_address:
                                     sock.bind(source_address)
                                 sock.connect(sa)
                                 return sock
                             except socket.error, msg:
                                 if sock is not None:
                                     sock.close()
                         raise socket.error(msg)
             class httpconnection(keepalive.HTTPConnection):
                 # must be able to send big bundle as stream.
                 send = _gen_sendfile(keepalive.HTTPConnection.send)
                 def connect(self):
                     if has_https and self.realhostport: # use CONNECT proxy
                         self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                         self.sock.connect((self.host, self.port))
                         if _generic_proxytunnel(self):
                             # we do not support client X.509 certificates
-                            self.sock = sslutil.ssl_wrap_socket(self.sock, None, None, None,
+                            self.sock = sslutil.wrapsocket(self.sock, None, None, None,
-                                                                serverhostname=self.host)
+                                                           serverhostname=self.host)
                     else:
                         keepalive.HTTPConnection.connect(self)
                 def getresponse(self):
                     proxyres = getattr(self, 'proxyres', None)
                     if proxyres:
                         if proxyres.will_close:
                             self.close()
                         self.proxyres = None
                         return proxyres
                     return keepalive.HTTPConnection.getresponse(self)
             # general transaction handler to support different ways to handle
             # HTTPS proxying before and after Python 2.6.3.
             def _generic_start_transaction(handler, h, req):
                 tunnel_host = getattr(req, '_tunnel_host', None)
                 if tunnel_host:
                     if tunnel_host[:7] not in ['http://', 'https:/']:
                         tunnel_host = 'https://' + tunnel_host
                     new_tunnel = True
                 else:
                     tunnel_host = req.get_selector()
                     new_tunnel = False
                 if new_tunnel or tunnel_host == req.get_full_url(): # has proxy
                     u = util.url(tunnel_host)
                     if new_tunnel or u.scheme == 'https': # only use CONNECT for HTTPS
                         h.realhostport = ':'.join([u.host, (u.port or '443')])
                         h.headers = req.headers.copy()
                         h.headers.update(handler.parent.addheaders)
                         return
                 h.realhostport = None
                 h.headers = None
             def _generic_proxytunnel(self):
                 proxyheaders = dict(
                         [(x, self.headers[x]) for x in self.headers
                          if x.lower().startswith('proxy-')])
                 self.send('CONNECT %s HTTP/1.0\r\n' % self.realhostport)
                 for header in proxyheaders.iteritems():
                     self.send('%s: %s\r\n' % header)
                 self.send('\r\n')
                 # majority of the following code is duplicated from
                 # httplib.HTTPConnection as there are no adequate places to
                 # override functions to provide the needed functionality
                 res = self.response_class(self.sock,
                                           strict=self.strict,
                                           method=self._method)
                 while True:
                     version, status, reason = res._read_status()
                     if status != httplib.CONTINUE:
                         break
                     while True:
                         skip = res.fp.readline().strip()
                         if not skip:
                             break
                 res.status = status
                 res.reason = reason.strip()
                 if res.status == 200:
                     while True:
                         line = res.fp.readline()
                         if line == '\r\n':
                             break
                     return True
                 if version == 'HTTP/1.0':
                     res.version = 10
                 elif version.startswith('HTTP/1.'):
                     res.version = 11
                 elif version == 'HTTP/0.9':
                     res.version = 9
                 else:
                     raise httplib.UnknownProtocol(version)
                 if res.version == 9:
                     res.length = None
                     res.chunked = 0
                     res.will_close = 1
                     res.msg = httplib.HTTPMessage(cStringIO.StringIO())
                     return False
                 res.msg = httplib.HTTPMessage(res.fp)
                 res.msg.fp = None
                 # are we using the chunked-style of transfer encoding?
                 trenc = res.msg.getheader('transfer-encoding')
                 if trenc and trenc.lower() == "chunked":
                     res.chunked = 1
                     res.chunk_left = None
                 else:
                     res.chunked = 0
                 # will the connection close at the end of the response?
                 res.will_close = res._check_close()
                 # do we have a Content-Length?
                 # NOTE: RFC 2616, section 4.4, #3 says we ignore this if
                 # transfer-encoding is "chunked"
                 length = res.msg.getheader('content-length')
                 if length and not res.chunked:
                     try:
                         res.length = int(length)
                     except ValueError:
                         res.length = None
                     else:
                         if res.length < 0:  # ignore nonsensical negative lengths
                             res.length = None
                 else:
                     res.length = None
                 # does the body have a fixed length? (of zero)
                 if (status == httplib.NO_CONTENT or status == httplib.NOT_MODIFIED or
 <= status < 200 or # 1xx codes
                     res._method == 'HEAD'):
                     res.length = 0
                 # if the connection remains open, and we aren't using chunked, and
                 # a content-length was not provided, then assume that the connection
                 # WILL close.
                 if (not res.will_close and
                    not res.chunked and
                    res.length is None):
                     res.will_close = 1
                 self.proxyres = res
                 return False
             class httphandler(keepalive.HTTPHandler):
                 def http_open(self, req):
                     return self.do_open(httpconnection, req)
                 def _start_transaction(self, h, req):
                     _generic_start_transaction(self, h, req)
                     return keepalive.HTTPHandler._start_transaction(self, h, req)
             if has_https:
                 class httpsconnection(httplib.HTTPConnection):
                     response_class = keepalive.HTTPResponse
                     default_port = httplib.HTTPS_PORT
                     # must be able to send big bundle as stream.
                     send = _gen_sendfile(keepalive.safesend)
                     getresponse = keepalive.wrapgetresponse(httplib.HTTPConnection)
                     def __init__(self, host, port=None, key_file=None, cert_file=None,
                                  *args, **kwargs):
                         httplib.HTTPConnection.__init__(self, host, port, *args, **kwargs)
                         self.key_file = key_file
                         self.cert_file = cert_file
                     def connect(self):
                         self.sock = _create_connection((self.host, self.port))
                         host = self.host
                         if self.realhostport: # use CONNECT proxy
                             _generic_proxytunnel(self)
                             host = self.realhostport.rsplit(':', 1)[0]
-                        self.sock = sslutil.ssl_wrap_socket(
+                        self.sock = sslutil.wrapsocket(
                             self.sock, self.key_file, self.cert_file, serverhostname=host,
                             **sslutil.sslkwargs(self.ui, host))
                         sslutil.validator(self.ui, host)(self.sock)
                 class httpshandler(keepalive.KeepAliveHandler, urllib2.HTTPSHandler):
                     def __init__(self, ui):
                         keepalive.KeepAliveHandler.__init__(self)
                         urllib2.HTTPSHandler.__init__(self)
                         self.ui = ui
                         self.pwmgr = passwordmgr(self.ui)
                     def _start_transaction(self, h, req):
                         _generic_start_transaction(self, h, req)
                         return keepalive.KeepAliveHandler._start_transaction(self, h, req)
                     def https_open(self, req):
                         # req.get_full_url() does not contain credentials and we may
                         # need them to match the certificates.
                         url = req.get_full_url()
                         user, password = self.pwmgr.find_stored_password(url)
                         res = httpconnectionmod.readauthforuri(self.ui, url, user)
                         if res:
                             group, auth = res
                             self.auth = auth
                             self.ui.debug("using auth.%s.* for authentication\n" % group)
                         else:
                             self.auth = None
                         return self.do_open(self._makeconnection, req)
                     def _makeconnection(self, host, port=None, *args, **kwargs):
                         keyfile = None
                         certfile = None
                         if len(args) >= 1: # key_file
                             keyfile = args[0]
                         if len(args) >= 2: # cert_file
                             certfile = args[1]
                         args = args[2:]
                         # if the user has specified different key/cert files in
                         # hgrc, we prefer these
                         if self.auth and 'key' in self.auth and 'cert' in self.auth:
                             keyfile = self.auth['key']
                             certfile = self.auth['cert']
                         conn = httpsconnection(host, port, keyfile, certfile, *args,
                                                **kwargs)
                         conn.ui = self.ui
                         return conn
             class httpdigestauthhandler(urllib2.HTTPDigestAuthHandler):
                 def __init__(self, *args, **kwargs):
                     urllib2.HTTPDigestAuthHandler.__init__(self, *args, **kwargs)
                     self.retried_req = None
                 def reset_retry_count(self):
                     # Python 2.6.5 will call this on 401 or 407 errors and thus loop
                     # forever. We disable reset_retry_count completely and reset in
                     # http_error_auth_reqed instead.
                     pass
                 def http_error_auth_reqed(self, auth_header, host, req, headers):
                     # Reset the retry counter once for each request.
                     if req is not self.retried_req:
                         self.retried_req = req
                         self.retried = 0
                     # In python < 2.5 AbstractDigestAuthHandler raises a ValueError if
                     # it doesn't know about the auth type requested. This can happen if
                     # somebody is using BasicAuth and types a bad password.
                     try:
                         return urllib2.HTTPDigestAuthHandler.http_error_auth_reqed(
                                     self, auth_header, host, req, headers)
                     except ValueError, inst:
                         arg = inst.args[0]
                         if arg.startswith("AbstractDigestAuthHandler doesn't know "):
                             return
                         raise
             class httpbasicauthhandler(urllib2.HTTPBasicAuthHandler):
                 def __init__(self, *args, **kwargs):
                     self.auth = None
                     urllib2.HTTPBasicAuthHandler.__init__(self, *args, **kwargs)
                     self.retried_req = None
                 def http_request(self, request):
                     if self.auth:
                         request.add_unredirected_header(self.auth_header, self.auth)
                     return request
                 def https_request(self, request):
                     if self.auth:
                         request.add_unredirected_header(self.auth_header, self.auth)
                     return request
                 def reset_retry_count(self):
                     # Python 2.6.5 will call this on 401 or 407 errors and thus loop
                     # forever. We disable reset_retry_count completely and reset in
                     # http_error_auth_reqed instead.
                     pass
                 def http_error_auth_reqed(self, auth_header, host, req, headers):
                     # Reset the retry counter once for each request.
                     if req is not self.retried_req:
                         self.retried_req = req
                         self.retried = 0
                     return urllib2.HTTPBasicAuthHandler.http_error_auth_reqed(
                                     self, auth_header, host, req, headers)
                 def retry_http_basic_auth(self, host, req, realm):
                     user, pw = self.passwd.find_user_password(realm, req.get_full_url())
                     if pw is not None:
                         raw = "%s:%s" % (user, pw)
                         auth = 'Basic %s' % base64.b64encode(raw).strip()
                         if req.headers.get(self.auth_header, None) == auth:
                             return None
                         self.auth = auth
                         req.add_unredirected_header(self.auth_header, auth)
                         return self.parent.open(req)
                     else:
                         return None
             handlerfuncs = []
             def opener(ui, authinfo=None):
                 '''
                 construct an opener suitable for urllib2
                 authinfo will be added to the password manager
                 '''
                 if ui.configbool('ui', 'usehttp2', False):
                     handlers = [httpconnectionmod.http2handler(ui, passwordmgr(ui))]
                 else:
                     handlers = [httphandler()]
                     if has_https:
                         handlers.append(httpshandler(ui))
                 handlers.append(proxyhandler(ui))
                 passmgr = passwordmgr(ui)
                 if authinfo is not None:
                     passmgr.add_password(*authinfo)
                     user, passwd = authinfo[2:4]
                     ui.debug('http auth: user %s, password %s\n' %
                              (user, passwd and '*' * len(passwd) or 'not set'))
                 handlers.extend((httpbasicauthhandler(passmgr),
                                  httpdigestauthhandler(passmgr)))
                 handlers.extend([h(ui, passmgr) for h in handlerfuncs])
                 opener = urllib2.build_opener(*handlers)
                 # 1.0 here is the _protocol_ version
                 opener.addheaders = [('User-agent', 'mercurial/proto-1.0')]
                 opener.addheaders.append(('Accept', 'application/mercurial-0.1'))
                 return opener
             def open(ui, url_, data=None):
                 u = util.url(url_)
                 if u.scheme:
                     u.scheme = u.scheme.lower()
                     url_, authinfo = u.authinfo()
                 else:
                     path = util.normpath(os.path.abspath(url_))
                     url_ = 'file://' + urllib.pathname2url(path)
                     authinfo = None
                 return opener(ui, authinfo).open(url_, data)

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages