dpgaspar commented on a change in pull request #9396: feat: add SSL certificate
validation for Druid
URL:
https://github.com/apache/incubator-superset/pull/9396#discussion_r398554699
##########
File path: superset/utils/core.py
##########
@@ -1163,6 +1166,26 @@ def get_username() -> Optional[str]:
return None
+def create_temporary_ssl_cert_file(certificate: str) -> str:
+ """
+ This creates a temporary certificate file that can be used to validate
HTTPS
+ sessions. A certificate is only written to disk once; on subsequent calls,
+ only the path of the existing certificate is returned.
+
+ :param certificate: The contents of the certificate
+ :return: The path to the certificate file
+ """
+ filename = hashlib.md5(certificate.encode("utf-8")).hexdigest()
+ path = os.path.join(tempfile.gettempdir(), filename)
+ if not os.path.exists(path):
+ # Validate certificate prior to persisting to temporary directory
+ x509.load_pem_x509_certificate(certificate.encode("utf-8"),
default_backend())
Review comment:
Looking at the tests, I'm guessing this raises `ValueError` we could wrap
and re-raise with a custom exception. Should `get_sqla_engine` catch these
exceptions how are all these handled?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
