THRIFT-1480. py: remove tabs, adjust whitespace and address PEP8 warnings
This patch addresses a host of PEP8 lint problems.
Patch: Will Pierce
git-svn-id: https://svn.apache.org/repos/asf/thrift/trunk@1226890 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/lib/py/src/transport/TSSLSocket.py b/lib/py/src/transport/TSSLSocket.py
index be35844..6d79ac6 100644
--- a/lib/py/src/transport/TSSLSocket.py
+++ b/lib/py/src/transport/TSSLSocket.py
@@ -16,6 +16,7 @@
# specific language governing permissions and limitations
# under the License.
#
+
import os
import socket
import ssl
@@ -23,28 +24,35 @@
from thrift.transport import TSocket
from thrift.transport.TTransport import TTransportException
+
class TSSLSocket(TSocket.TSocket):
"""
SSL implementation of client-side TSocket
This class creates outbound sockets wrapped using the
python standard ssl module for encrypted connections.
-
+
The protocol used is set using the class variable
SSL_VERSION, which must be one of ssl.PROTOCOL_* and
defaults to ssl.PROTOCOL_TLSv1 for greatest security.
"""
SSL_VERSION = ssl.PROTOCOL_TLSv1
- def __init__(self, host='localhost', port=9090, validate=True, ca_certs=None, unix_socket=None):
- """
- @param validate: Set to False to disable SSL certificate validation entirely.
+ def __init__(self,
+ host='localhost',
+ port=9090,
+ validate=True,
+ ca_certs=None,
+ unix_socket=None):
+ """Create SSL TSocket
+
+ @param validate: Set to False to disable SSL certificate validation
@type validate: bool
@param ca_certs: Filename to the Certificate Authority pem file, possibly a
file downloaded from: http://curl.haxx.se/ca/cacert.pem This is passed to
the ssl_wrap function as the 'ca_certs' parameter.
@type ca_certs: str
-
+
Raises an IOError exception if validate is True and the ca_certs file is
None, not present or unreadable.
"""
@@ -58,18 +66,23 @@
self.ca_certs = ca_certs
if validate:
if ca_certs is None or not os.access(ca_certs, os.R_OK):
- raise IOError('Certificate Authority ca_certs file "%s" is not readable, cannot validate SSL certificates.' % (ca_certs))
+ raise IOError('Certificate Authority ca_certs file "%s" '
+ 'is not readable, cannot validate SSL '
+ 'certificates.' % (ca_certs))
TSocket.TSocket.__init__(self, host, port, unix_socket)
def open(self):
try:
res0 = self._resolveAddr()
for res in res0:
- sock_family, sock_type= res[0:2]
+ sock_family, sock_type = res[0:2]
ip_port = res[4]
plain_sock = socket.socket(sock_family, sock_type)
- self.handle = ssl.wrap_socket(plain_sock, ssl_version=self.SSL_VERSION,
- do_handshake_on_connect=True, ca_certs=self.ca_certs, cert_reqs=self.cert_reqs)
+ self.handle = ssl.wrap_socket(plain_sock,
+ ssl_version=self.SSL_VERSION,
+ do_handshake_on_connect=True,
+ ca_certs=self.ca_certs,
+ cert_reqs=self.cert_reqs)
self.handle.settimeout(self._timeout)
try:
self.handle.connect(ip_port)
@@ -84,7 +97,8 @@
message = 'Could not connect to secure socket %s' % self._unix_socket
else:
message = 'Could not connect to %s:%d' % (self.host, self.port)
- raise TTransportException(type=TTransportException.NOT_OPEN, message=message)
+ raise TTransportException(type=TTransportException.NOT_OPEN,
+ message=message)
if self.validate:
self._validate_cert()
@@ -93,13 +107,15 @@
commonName of the certificate to ensure it matches the hostname we
used to make this connection. Does not support subjectAltName records
in certificates.
-
- raises TTransportException if the certificate fails validation."""
+
+ raises TTransportException if the certificate fails validation.
+ """
cert = self.handle.getpeercert()
self.peercert = cert
if 'subject' not in cert:
- raise TTransportException(type=TTransportException.NOT_OPEN,
- message='No SSL certificate found from %s:%s' % (self.host, self.port))
+ raise TTransportException(
+ type=TTransportException.NOT_OPEN,
+ message='No SSL certificate found from %s:%s' % (self.host, self.port))
fields = cert['subject']
for field in fields:
# ensure structure we get back is what we expect
@@ -115,29 +131,38 @@
if certhost == self.host:
# success, cert commonName matches desired hostname
self.is_valid = True
- return
+ return
else:
- raise TTransportException(type=TTransportException.UNKNOWN,
- message='Host name we connected to "%s" doesn\'t match certificate provided commonName "%s"' % (self.host, certhost))
- raise TTransportException(type=TTransportException.UNKNOWN,
- message='Could not validate SSL certificate from host "%s". Cert=%s' % (self.host, cert))
+ raise TTransportException(
+ type=TTransportException.UNKNOWN,
+ message='Hostname we connected to "%s" doesn\'t match certificate '
+ 'provided commonName "%s"' % (self.host, certhost))
+ raise TTransportException(
+ type=TTransportException.UNKNOWN,
+ message='Could not validate SSL certificate from '
+ 'host "%s". Cert=%s' % (self.host, cert))
+
class TSSLServerSocket(TSocket.TServerSocket):
- """
- SSL implementation of TServerSocket
+ """SSL implementation of TServerSocket
This uses the ssl module's wrap_socket() method to provide SSL
negotiated encryption.
"""
SSL_VERSION = ssl.PROTOCOL_TLSv1
- def __init__(self, host=None, port=9090, certfile='cert.pem', unix_socket=None):
+ def __init__(self,
+ host=None,
+ port=9090,
+ certfile='cert.pem',
+ unix_socket=None):
"""Initialize a TSSLServerSocket
-
- @param certfile: The filename of the server certificate file, defaults to cert.pem
+
+ @param certfile: filename of the server certificate, defaults to cert.pem
@type certfile: str
- @param host: The hostname or IP to bind the listen socket to, i.e. 'localhost' for only allowing
- local network connections. Pass None to bind to all interfaces.
+ @param host: The hostname or IP to bind the listen socket to,
+ i.e. 'localhost' for only allowing local network connections.
+ Pass None to bind to all interfaces.
@type host: str
@param port: The port to listen on for inbound connections.
@type port: int
@@ -147,10 +172,11 @@
def setCertfile(self, certfile):
"""Set or change the server certificate file used to wrap new connections.
-
- @param certfile: The filename of the server certificate, i.e. '/etc/certs/server.pem'
+
+ @param certfile: The filename of the server certificate,
+ i.e. '/etc/certs/server.pem'
@type certfile: str
-
+
Raises an IOError exception if the certfile is not present or unreadable.
"""
if not os.access(certfile, os.R_OK):
@@ -166,11 +192,11 @@
# failed handshake/ssl wrap, close socket to client
plain_client.close()
# raise ssl_exc
- # We can't raise the exception, because it kills most TServer derived serve()
- # methods.
+ # We can't raise the exception, because it kills most TServer derived
+ # serve() methods.
# Instead, return None, and let the TServer instance deal with it in
# other exception handling. (but TSimpleServer dies anyway)
- return None
+ return None
result = TSocket.TSocket()
result.setHandle(client)
return result