Merge aea3ede into 9964228

praekeltfoundation · Apr 14, 2016 · b57a244 · b57a244
2 parents 9964228 + aea3ede
commit b57a244
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 11 deletions.
diff --git a/setup.py b/setup.py
@@ -41,6 +41,7 @@
         'PyYAML',
         'iso8601',
         'pyOpenSSL',
+        'certifi',
         'service_identity',
         'txssmi>=0.3.0',
         'wokkel',

diff --git a/vumi/transports/vumi_bridge/tests/test_vumi_bridge.py b/vumi/transports/vumi_bridge/tests/test_vumi_bridge.py
@@ -1,9 +1,12 @@
 import json
+import os
 
 from twisted.internet.defer import inlineCallbacks, returnValue, DeferredQueue
 from twisted.internet.task import Clock
 from twisted.web.server import NOT_DONE_YET
 
+import certifi
+
 from vumi.message import TransportUserMessage
 from vumi.tests.fake_connection import FakeHttpServer
 from vumi.tests.helpers import VumiTestCase
@@ -37,12 +40,8 @@ def get_transport(self, **config):
         transport = yield self.tx_helper.get_transport(defaults, start=False)
         transport.agent_factory = self.fake_http.get_agent
         yield transport.startWorker()
-        yield self.setup_transport(transport)
         returnValue(transport)
 
-    def setup_transport(self, transport):
-        pass
-
     @inlineCallbacks
     def finish_requests(self):
         for req in self._pending_reqs:
@@ -177,6 +176,11 @@ def test_receive_bad_event(self):
         self.assertEquals(status['type'], 'bad_request')
         self.assertEquals(status['message'], 'Bad event received from Vumi Go')
 
+    @inlineCallbacks
+    def test_weak_cacerts_installed(self):
+        yield self.get_configured_transport()
+        self.assertEqual(os.environ["SSL_CERT_FILE"], certifi.old_where())
+
     @inlineCallbacks
     def test_sending_messages(self):
         yield self.get_configured_transport()

diff --git a/vumi/transports/vumi_bridge/vumi_bridge.py b/vumi/transports/vumi_bridge/vumi_bridge.py
@@ -2,17 +2,22 @@
 
 import base64
 import json
+import os
+
+import certifi
 
 from twisted.internet.defer import inlineCallbacks
 from twisted.web import http
 from twisted.web.resource import Resource
 from twisted.web.server import NOT_DONE_YET
 
+from treq.client import HTTPClient
+
 from vumi.transports import Transport
 from vumi.config import ConfigText, ConfigDict, ConfigInt, ConfigFloat
 from vumi.persist.txredis_manager import TxRedisManager
 from vumi.message import TransportUserMessage, TransportEvent
-from vumi.utils import to_kwargs, http_request_full, StatusEdgeDetector
+from vumi.utils import to_kwargs, StatusEdgeDetector
 from vumi import log
 
 
@@ -112,16 +117,16 @@ def handle_outbound_message(self, message):
         if 'helper_metadata' in message:
             params['helper_metadata'] = message['helper_metadata']
 
-        resp = yield http_request_full(
+        http_client = HTTPClient(self.agent_factory())
+        resp = yield http_client.put(
             self.get_url('messages.json'),
             data=json.dumps(params).encode('utf-8'),
-            headers=headers,
-            method='PUT',
-            agent_class=self.agent_factory)
+            headers=headers)
+        resp_body = yield resp.content()
 
         if resp.code != http.OK:
             log.warning('Unexpected status code: %s, body: %s' % (
-                resp.code, resp.delivered_body))
+                resp.code, resp_body))
             self.update_status(
                 status='down', component='submitted-to-vumi-go',
                 type='bad_request',
@@ -131,7 +136,7 @@ def handle_outbound_message(self, message):
                                         resp.code,))
             return
 
-        remote_message = json.loads(resp.delivered_body)
+        remote_message = json.loads(resp_body)
         yield self.map_message_id(
             remote_message['message_id'], message['message_id'])
         self.update_status(
@@ -196,6 +201,7 @@ class GoConversationTransport(GoConversationTransportBase):
 
     @inlineCallbacks
     def setup_transport(self):
+        self.setup_cacerts()
         config = self.get_static_config()
         self.redis = yield TxRedisManager.from_config(
             config.redis_manager)
@@ -212,6 +218,13 @@ def setup_transport(self):
     def teardown_transport(self):
         return self.web_resource.loseConnection()
 
+    def setup_cacerts(self):
+        # TODO: This installs an older CA certificate chain that allows
+        #       some weak CA certificates. We should switch to .where() when
+        #       Vumi Go's certificate doesn't rely on older intermediate
+        #       certificates.
+        os.environ["SSL_CERT_FILE"] = certifi.old_where()
+
     def get_transport_url(self, suffix=''):
         """
         Get the URL for the HTTP resource. Requires the worker to be started.