Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add os.PathLike support to specify CA bundle to use #194

Merged
merged 5 commits into from
Jan 1, 2025
Merged

Add os.PathLike support to specify CA bundle to use #194

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5134864
Add `pathlib.Path` support to specify CA bundle to use
wallseat Dec 28, 2024
0d89df0
Merge branch 'main' into feature/add-pathlib-path-support-for-ca-cert
wallseat Dec 29, 2024
2e6657a
Reworked to support PathLike protocol instead of pathlib.Path
wallseat Dec 29, 2024
67520ea
:art: don't cast when already correctly inferred
Ousret Jan 1, 2025
2f89752
:heavy_check_mark: test async pathlike proper convertion
Ousret Jan 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion src/niquests/_typing.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
from __future__ import annotations

from os import PathLike
import typing
from http.cookiejar import CookieJar

Expand Down Expand Up @@ -71,7 +72,7 @@
CookieJar,
]
#: Either Yes/No, or CA bundle pem location. Or directly the raw bundle content itself.
TLSVerifyType: typing.TypeAlias = typing.Union[bool, str, bytes]
TLSVerifyType: typing.TypeAlias = typing.Union[bool, str, bytes, PathLike]
#: Accept a pem certificate (concat cert, key) or an explicit tuple of cert, key pair with an optional password.
TLSClientCertType: typing.TypeAlias = typing.Union[
str, typing.Tuple[str, str], typing.Tuple[str, str, str]
Expand Down
46 changes: 32 additions & 14 deletions src/niquests/adapters.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,8 +210,9 @@ def send(
data before giving up, as a float, or a :ref:`(connect timeout,
read timeout) <timeouts>` tuple.
:param verify: (optional) Either a boolean, in which case it controls whether we verify
the server's TLS certificate, or a string, in which case it must be a path
to a CA bundle to use. It is also possible to put the certificates (directly) in a string or bytes.
the server's TLS certificate, or a path passed as a string or os.Pathlike object,
in which case it must be a path to a CA bundle to use.
It is also possible to put the certificates (directly) in a string or bytes.
:param cert: (optional) Any user-provided SSL certificate to be trusted.
:param proxies: (optional) The proxies dictionary to apply to the request.
:param on_post_connection: (optional) A callable that should be invoked just after the pool mgr picked up a live
Expand Down Expand Up @@ -267,8 +268,9 @@ async def send(
data before giving up, as a float, or a :ref:`(connect timeout,
read timeout) <timeouts>` tuple.
:param verify: (optional) Either a boolean, in which case it controls whether we verify
the server's TLS certificate, or a string, in which case it must be a path
to a CA bundle to use. It is also possible to put the certificates (directly) in a string or bytes.
the server's TLS certificate, or a path passed as a string or os.Pathlike object,
in which case it must be a path to a CA bundle to use.
It is also possible to put the certificates (directly) in a string or bytes.
:param cert: (optional) Any user-provided SSL certificate to be trusted.
:param proxies: (optional) The proxies dictionary to apply to the request.
:param on_post_connection: (optional) A callable that should be invoked just after the pool mgr picked up a live
Expand Down Expand Up @@ -554,8 +556,9 @@ def cert_verify(
:param conn: The urllib3 connection object associated with the cert.
:param url: The requested URL.
:param verify: Either a boolean, in which case it controls whether we verify
the server's TLS certificate, or a string, in which case it must be a path
to a CA bundle to use. It is also possible to put the certificates (directly) in a string or bytes.
the server's TLS certificate, or a path passed as a string or os.Pathlike object,
in which case it must be a path to a CA bundle to use.
It is also possible to put the certificates (directly) in a string or bytes.
:param cert: The SSL certificate to verify.
"""
if not parse_scheme(url) == "https":
Expand Down Expand Up @@ -588,8 +591,15 @@ def cert_verify(
cert_data = verify.decode("utf-8")
else:
# Allow self-specified cert location.
# Plain str path
if isinstance(verify, str):
cert_loc = verify
# or path-like obj, that should have __fspath__
elif hasattr(verify, "__fspath__"):
cert_loc = verify.__fspath__()

if isinstance(cert_loc, bytes):
cert_loc = cert_loc.decode()

if isinstance(cert_loc, str) and not os.path.exists(cert_loc):
raise OSError(
Expand Down Expand Up @@ -849,9 +859,10 @@ def send(
data before giving up, as a float, or a :ref:`(connect timeout,
read timeout) <timeouts>` tuple.
:param verify: (optional) Either a boolean, in which case it controls whether
we verify the server's TLS certificate, or a string, in which case it
must be a path to a CA bundle to use. It is also possible to put the certificates
(directly) in a string or bytes.
we verify the server's TLS certificate, or a path passed as a string or os.Pathlike object,
in which case it must be a path to a CA bundle to use.
Defaults to ``True``.
It is also possible to put the certificates (directly) in a string or bytes.
:param cert: (optional) Any user-provided SSL certificate to be trusted.
:param proxies: (optional) The proxies dictionary to apply to the request.
:param on_post_connection: (optional) A callable that contain a single positional argument for newly acquired
Expand Down Expand Up @@ -1645,8 +1656,9 @@ def cert_verify(
:param conn: The urllib3 connection object associated with the cert.
:param url: The requested URL.
:param verify: Either a boolean, in which case it controls whether we verify
the server's TLS certificate, or a string, in which case it must be a path
to a CA bundle to use. It is also possible to put the certificates (directly) in a string or bytes.
the server's TLS certificate, or a path passed as a string or os.Pathlike object,
in which case it must be a path to a CA bundle to use.
It is also possible to put the certificates (directly) in a string or bytes.
:param cert: The SSL certificate to verify.
"""
if not parse_scheme(url) == "https":
Expand Down Expand Up @@ -1682,6 +1694,12 @@ def cert_verify(
if isinstance(verify, str):
cert_loc = verify

elif hasattr(verify, "__fspath__"):
cert_loc = verify.__fspath__()

if isinstance(cert_loc, bytes):
cert_loc = cert_loc.decode()

if isinstance(cert_loc, str) and not os.path.exists(cert_loc):
raise OSError(
f"Could not find a suitable TLS CA certificate bundle, "
Expand Down Expand Up @@ -1935,9 +1953,9 @@ async def send(
data before giving up, as a float, or a :ref:`(connect timeout,
read timeout) <timeouts>` tuple.
:param verify: (optional) Either a boolean, in which case it controls whether
we verify the server's TLS certificate, or a string, in which case it
must be a path to a CA bundle to use. It is also possible to put the certificates
(directly) in a string or bytes.
we verify the server's TLS certificate, or a path passed as a string or os.Pathlike object,
in which case it must be a path to a CA bundle to use.
It is also possible to put the certificates (directly) in a string or bytes.
:param cert: (optional) Any user-provided SSL certificate to be trusted.
:param proxies: (optional) The proxies dictionary to apply to the request.
:param on_post_connection: (optional) A callable that contain a single positional argument for newly acquired
Expand Down
42 changes: 25 additions & 17 deletions src/niquests/api.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,9 @@ def request(
:param allow_redirects: (optional) Boolean. Enable/disable GET/OPTIONS/POST/PUT/PATCH/DELETE/HEAD redirection. Defaults to ``True``.
:param proxies: (optional) Dictionary mapping protocol to the URL of the proxy.
:param verify: (optional) Either a boolean, in which case it controls whether we verify
the server's TLS certificate, or a string, in which case it must be a path
to a CA bundle to use. Defaults to ``True``.
the server's TLS certificate, or a path passed as a string or os.Pathlike object,
in which case it must be a path to a CA bundle to use.
Defaults to ``True``.
It is also possible to put the certificates (directly) in a string or bytes.
:param stream: (optional) if ``False``, the response content will be immediately downloaded.
:param cert: (optional) if String, path to ssl client cert file (.pem). If Tuple, ('cert', 'key') pair, or ('cert', 'key', 'key_password').
Expand Down Expand Up @@ -157,8 +158,9 @@ def get(
:param allow_redirects: (optional) Boolean. Enable/disable GET/OPTIONS/POST/PUT/PATCH/DELETE/HEAD redirection. Defaults to ``True``.
:param proxies: (optional) Dictionary mapping protocol to the URL of the proxy.
:param verify: (optional) Either a boolean, in which case it controls whether we verify
the server's TLS certificate, or a string, in which case it must be a path
to a CA bundle to use. Defaults to ``True``.
the server's TLS certificate, or a path passed as a string or os.Pathlike object,
in which case it must be a path to a CA bundle to use.
Defaults to ``True``.
It is also possible to put the certificates (directly) in a string or bytes.
:param stream: (optional) if ``False``, the response content will be immediately downloaded.
:param cert: (optional) if String, path to ssl client cert file (.pem). If Tuple, ('cert', 'key') pair, or ('cert', 'key', 'key_password').
Expand Down Expand Up @@ -218,8 +220,9 @@ def options(
:param allow_redirects: (optional) Boolean. Enable/disable GET/OPTIONS/POST/PUT/PATCH/DELETE/HEAD redirection. Defaults to ``True``.
:param proxies: (optional) Dictionary mapping protocol to the URL of the proxy.
:param verify: (optional) Either a boolean, in which case it controls whether we verify
the server's TLS certificate, or a string, in which case it must be a path
to a CA bundle to use. Defaults to ``True``.
the server's TLS certificate, or a path passed as a string or os.Pathlike object,
in which case it must be a path to a CA bundle to use.
Defaults to ``True``.
It is also possible to put the certificates (directly) in a string or bytes.
:param stream: (optional) if ``False``, the response content will be immediately downloaded.
:param cert: (optional) if String, path to ssl client cert file (.pem). If Tuple, ('cert', 'key') pair, or ('cert', 'key', 'key_password').
Expand Down Expand Up @@ -280,8 +283,9 @@ def head(
:param allow_redirects: (optional) Boolean. Enable/disable GET/OPTIONS/POST/PUT/PATCH/DELETE/HEAD redirection. Defaults to ``True``.
:param proxies: (optional) Dictionary mapping protocol to the URL of the proxy.
:param verify: (optional) Either a boolean, in which case it controls whether we verify
the server's TLS certificate, or a string, in which case it must be a path
to a CA bundle to use. Defaults to ``True``.
the server's TLS certificate, or a path passed as a string or os.Pathlike object,
in which case it must be a path to a CA bundle to use.
Defaults to ``True``.
It is also possible to put the certificates (directly) in a string or bytes.
:param stream: (optional) if ``False``, the response content will be immediately downloaded.
:param cert: (optional) if String, path to ssl client cert file (.pem). If Tuple, ('cert', 'key') pair, or ('cert', 'key', 'key_password').
Expand Down Expand Up @@ -352,8 +356,9 @@ def post(
:param allow_redirects: (optional) Boolean. Enable/disable GET/OPTIONS/POST/PUT/PATCH/DELETE/HEAD redirection. Defaults to ``True``.
:param proxies: (optional) Dictionary mapping protocol to the URL of the proxy.
:param verify: (optional) Either a boolean, in which case it controls whether we verify
the server's TLS certificate, or a string, in which case it must be a path
to a CA bundle to use. Defaults to ``True``.
the server's TLS certificate, or a path passed as a string or os.Pathlike object,
in which case it must be a path to a CA bundle to use.
Defaults to ``True``.
It is also possible to put the certificates (directly) in a string or bytes.
:param stream: (optional) if ``False``, the response content will be immediately downloaded.
:param cert: (optional) if String, path to ssl client cert file (.pem). If Tuple, ('cert', 'key') pair, or ('cert', 'key', 'key_password').
Expand Down Expand Up @@ -426,8 +431,9 @@ def put(
:param allow_redirects: (optional) Boolean. Enable/disable GET/OPTIONS/POST/PUT/PATCH/DELETE/HEAD redirection. Defaults to ``True``.
:param proxies: (optional) Dictionary mapping protocol to the URL of the proxy.
:param verify: (optional) Either a boolean, in which case it controls whether we verify
the server's TLS certificate, or a string, in which case it must be a path
to a CA bundle to use. Defaults to ``True``.
the server's TLS certificate, or a path passed as a string or os.Pathlike object,
in which case it must be a path to a CA bundle to use.
Defaults to ``True``.
It is also possible to put the certificates (directly) in a string or bytes.
:param stream: (optional) if ``False``, the response content will be immediately downloaded.
:param cert: (optional) if String, path to ssl client cert file (.pem). If Tuple, ('cert', 'key') pair, or ('cert', 'key', 'key_password').
Expand Down Expand Up @@ -500,8 +506,9 @@ def patch(
:param allow_redirects: (optional) Boolean. Enable/disable GET/OPTIONS/POST/PUT/PATCH/DELETE/HEAD redirection. Defaults to ``True``.
:param proxies: (optional) Dictionary mapping protocol to the URL of the proxy.
:param verify: (optional) Either a boolean, in which case it controls whether we verify
the server's TLS certificate, or a string, in which case it must be a path
to a CA bundle to use. Defaults to ``True``.
the server's TLS certificate, or a path passed as a string or os.Pathlike object,
in which case it must be a path to a CA bundle to use.
Defaults to ``True``.
It is also possible to put the certificates (directly) in a string or bytes.
:param stream: (optional) if ``False``, the response content will be immediately downloaded.
:param cert: (optional) if String, path to ssl client cert file (.pem). If Tuple, ('cert', 'key') pair, or ('cert', 'key', 'key_password').
Expand Down Expand Up @@ -563,9 +570,10 @@ def delete(
timeout) <timeouts>` tuple.
:param allow_redirects: (optional) Boolean. Enable/disable GET/OPTIONS/POST/PUT/PATCH/DELETE/HEAD redirection. Defaults to ``True``.
:param proxies: (optional) Dictionary mapping protocol to the URL of the proxy.
:param verify: (optional) Either a boolean, in which case it controls whether we verify
the server's TLS certificate, or a string, in which case it must be a path
to a CA bundle to use. Defaults to ``True``.
::param verify: (optional) Either a boolean, in which case it controls whether we verify
the server's TLS certificate, or a path passed as a string or os.Pathlike object,
in which case it must be a path to a CA bundle to use.
Defaults to ``True``.
It is also possible to put the certificates (directly) in a string or bytes.
:param stream: (optional) if ``False``, the response content will be immediately downloaded.
:param cert: (optional) if String, path to ssl client cert file (.pem). If Tuple, ('cert', 'key') pair, or ('cert', 'key', 'key_password').
Expand Down
Loading
Loading