OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	12/11/2024 09:39:44 AM	rwxr-xr-x
📄 __init__.py	40.92 KB	11/26/2024 05:33:39 PM	rw-r--r--
📁 __pycache__	-	02/11/2025 08:19:48 AM	rwxr-xr-x
📄 auth.py	41.37 KB	11/26/2024 05:33:39 PM	rw-r--r--
📄 auth_handler.py	2.02 KB	11/26/2024 05:33:39 PM	rw-r--r--
📁 awslambda	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 beanstalk	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 cacerts	-	02/11/2025 08:19:48 AM	rwxr-xr-x
📁 cloudformation	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 cloudfront	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 cloudhsm	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 cloudsearch	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 cloudsearch2	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 cloudsearchdomain	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 cloudtrail	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 codedeploy	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 cognito	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📄 compat.py	2.36 KB	11/26/2024 05:33:39 PM	rw-r--r--
📁 configservice	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📄 connection.py	56.18 KB	11/26/2024 05:33:39 PM	rw-r--r--
📁 contrib	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 datapipeline	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 directconnect	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 dynamodb	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 dynamodb2	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 ec2	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 ec2containerservice	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 ecs	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 elasticache	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 elastictranscoder	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 emr	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📄 endpoints.json	32.59 KB	11/26/2024 05:33:39 PM	rw-r--r--
📄 endpoints.py	9.52 KB	11/26/2024 05:33:39 PM	rw-r--r--
📄 exception.py	18.25 KB	11/26/2024 05:33:39 PM	rw-r--r--
📁 file	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 fps	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 glacier	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 gs	-	02/11/2025 08:19:48 AM	rwxr-xr-x
📄 handler.py	2.33 KB	11/26/2024 05:33:39 PM	rw-r--r--
📄 https_connection.py	5.99 KB	11/26/2024 05:33:39 PM	rw-r--r--
📁 iam	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📄 jsonresponse.py	5.89 KB	11/26/2024 05:33:39 PM	rw-r--r--
📁 kinesis	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 kms	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 logs	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 machinelearning	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 manage	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 mashups	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 mturk	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 mws	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 opsworks	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📄 plugin.py	2.59 KB	11/26/2024 05:33:39 PM	rw-r--r--
📄 provider.py	22.16 KB	11/26/2024 05:33:39 PM	rw-r--r--
📁 pyami	-	02/11/2025 08:19:48 AM	rwxr-xr-x
📁 rds	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 rds2	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 redshift	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📄 regioninfo.py	9.25 KB	11/26/2024 05:33:39 PM	rw-r--r--
📄 requestlog.py	1.45 KB	11/26/2024 05:33:39 PM	rw-r--r--
📄 resultset.py	6.4 KB	11/26/2024 05:33:39 PM	rw-r--r--
📁 roboto	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 route53	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 s3	-	02/11/2025 08:19:48 AM	rwxr-xr-x
📁 sdb	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 services	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 ses	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 sns	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 sqs	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📄 storage_uri.py	39.77 KB	11/26/2024 05:33:39 PM	rw-r--r--
📁 sts	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 support	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📁 swf	-	11/26/2024 05:33:39 PM	rwxr-xr-x
📄 utils.py	39.89 KB	11/26/2024 05:33:39 PM	rw-r--r--
📁 vendored	-	02/11/2025 08:19:48 AM	rwxr-xr-x
📁 vpc	-	11/26/2024 05:33:39 PM	rwxr-xr-x

Editing: https_connection.py

# Copyright 2007,2011 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

# This file is derived from
# http://googleappengine.googlecode.com/svn-history/r136/trunk/python/google/appengine/tools/https_wrapper.py

"""Extensions to allow HTTPS requests with SSL certificate validation."""

import re
import socket
import ssl

import boto

from boto.compat import six, http_client

class InvalidCertificateException(http_client.HTTPException):
    """Raised when a certificate is provided with an invalid hostname."""

def __init__(self, host, cert, reason):
        """Constructor.

Args:
          host: The hostname the connection was made to.
          cert: The SSL certificate (as a dictionary) the host returned.
        """
        http_client.HTTPException.__init__(self)
        self.host = host
        self.cert = cert
        self.reason = reason

def __str__(self):
        return ('Host %s returned an invalid certificate (%s): %s' %
                (self.host, self.reason, self.cert))

def GetValidHostsForCert(cert):
    """Returns a list of valid host globs for an SSL certificate.

Args:
      cert: A dictionary representing an SSL certificate.
    Returns:
      list: A list of valid host globs.
    """
    if 'subjectAltName' in cert:
        return [x[1] for x in cert['subjectAltName'] if x[0].lower() == 'dns']
    else:
        return [x[0][1] for x in cert['subject']
                if x[0][0].lower() == 'commonname']

def ValidateCertificateHostname(cert, hostname):
    """Validates that a given hostname is valid for an SSL certificate.

Args:
      cert: A dictionary representing an SSL certificate.
      hostname: The hostname to test.
    Returns:
      bool: Whether or not the hostname is valid for this certificate.
    """
    hosts = GetValidHostsForCert(cert)
    boto.log.debug(
        "validating server certificate: hostname=%s, certificate hosts=%s",
        hostname, hosts)
    for host in hosts:
        host_re = host.replace(r'.', r'\.').replace(r'*', r'[^.]*')
        if re.search('^%s$' % (host_re,), hostname, re.I):
            return True
    return False

class CertValidatingHTTPSConnection(http_client.HTTPConnection):
    """An HTTPConnection that connects over SSL and validates certificates."""

default_port = http_client.HTTPS_PORT

def __init__(self, host, port=default_port, key_file=None, cert_file=None,
                 ca_certs=None, strict=None, **kwargs):
        """Constructor.

Args:
          host: The hostname. Can be in 'host:port' form.
          port: The port. Defaults to 443.
          key_file: A file containing the client's private key
          cert_file: A file containing the client's certificates
          ca_certs: A file contianing a set of concatenated certificate authority
              certs for validating the server against.
          strict: When true, causes BadStatusLine to be raised if the status line
              can't be parsed as a valid HTTP/1.0 or 1.1 status line.
        """
        if six.PY2:
            # Python 3.2 and newer have deprecated and removed the strict
            # parameter. Since the params are supported as keyword arguments
            # we conditionally add it here.
            kwargs['strict'] = strict

http_client.HTTPConnection.__init__(self, host=host, port=port, **kwargs)
        self.key_file = key_file
        self.cert_file = cert_file
        self.ca_certs = ca_certs

def connect(self):
        "Connect to a host on a given (SSL) port."
        if hasattr(self, "timeout"):
            sock = socket.create_connection((self.host, self.port), self.timeout)
        else:
            sock = socket.create_connection((self.host, self.port))
        msg = "wrapping ssl socket; "
        if self.ca_certs:
            msg += "CA certificate file=%s" % self.ca_certs
        else:
            msg += "using system provided SSL certs"
        boto.log.debug(msg)
        if hasattr(ssl, 'SSLContext') and getattr(ssl, 'HAS_SNI', False):
            # Use SSLContext so we can specify server_hostname for SNI
            # (Required for connections to storage.googleapis.com)
            context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
            context.verify_mode = ssl.CERT_REQUIRED
            if self.ca_certs:
                context.load_verify_locations(self.ca_certs)
            if self.cert_file:
                context.load_cert_chain(self.cert_file, self.key_file)
            self.sock = context.wrap_socket(sock, server_hostname=self.host)
            # Add attributes only set in SSLSocket constructor without context:
            self.sock.keyfile = self.key_file
            self.sock.certfile = self.cert_file
            self.sock.cert_reqs = context.verify_mode
            self.sock.ssl_version = ssl.PROTOCOL_SSLv23
            self.sock.ca_certs = self.ca_certs
            self.sock.ciphers = None
        else:
            self.sock = ssl.wrap_socket(sock, keyfile=self.key_file,
                                        certfile=self.cert_file,
                                        cert_reqs=ssl.CERT_REQUIRED,
                                        ca_certs=self.ca_certs)
        cert = self.sock.getpeercert()
        hostname = self.host.split(':', 0)[0]
        if not ValidateCertificateHostname(cert, hostname):
            raise InvalidCertificateException(hostname,
                                              cert,
                                              'remote hostname "%s" does not match '
                                              'certificate' % hostname)