Skip to content

Commit

Permalink
Add the client cert and key support to HttpTransport (#3258)
Browse files Browse the repository at this point in the history
* Add the client cert and key support to HttpTransport

* Add a test case for the two-way ssl support in HttpTransport

* Move cert_file and key_file to the end of arguments in ClientConstructor in consts.py

---------

Co-authored-by: Neel Shah <neel.shah@sentry.io>
  • Loading branch information
grammy-jiang and sl0thentr0py authored Jul 12, 2024
1 parent 06d5da1 commit 4fb51f2
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 3 deletions.
2 changes: 2 additions & 0 deletions sentry_sdk/consts.py
Original file line number Diff line number Diff line change
Expand Up @@ -532,6 +532,8 @@ def __init__(
enable_db_query_source=True, # type: bool
db_query_source_threshold_ms=100, # type: int
spotlight=None, # type: Optional[Union[bool, str]]
cert_file=None, # type: Optional[str]
key_file=None, # type: Optional[str]
):
# type: (...) -> None
pass
Expand Down
13 changes: 10 additions & 3 deletions sentry_sdk/transport.py
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,8 @@ def __init__(
http_proxy=options["http_proxy"],
https_proxy=options["https_proxy"],
ca_certs=options["ca_certs"],
cert_file=options["cert_file"],
key_file=options["key_file"],
proxy_headers=options["proxy_headers"],
)

Expand Down Expand Up @@ -474,8 +476,8 @@ def _send_envelope(
)
return None

def _get_pool_options(self, ca_certs):
# type: (Optional[Any]) -> Dict[str, Any]
def _get_pool_options(self, ca_certs, cert_file=None, key_file=None):
# type: (Optional[Any], Optional[Any], Optional[Any]) -> Dict[str, Any]
options = {
"num_pools": self._num_pools,
"cert_reqs": "CERT_REQUIRED",
Expand Down Expand Up @@ -505,6 +507,9 @@ def _get_pool_options(self, ca_certs):
or certifi.where()
)

options["cert_file"] = cert_file or os.environ.get("CLIENT_CERT_FILE")
options["key_file"] = key_file or os.environ.get("CLIENT_KEY_FILE")

return options

def _in_no_proxy(self, parsed_dsn):
Expand All @@ -524,6 +529,8 @@ def _make_pool(
http_proxy, # type: Optional[str]
https_proxy, # type: Optional[str]
ca_certs, # type: Optional[Any]
cert_file, # type: Optional[Any]
key_file, # type: Optional[Any]
proxy_headers, # type: Optional[Dict[str, str]]
):
# type: (...) -> Union[PoolManager, ProxyManager]
Expand All @@ -538,7 +545,7 @@ def _make_pool(
if not proxy and (http_proxy != ""):
proxy = http_proxy or (not no_proxy and getproxies().get("http"))

opts = self._get_pool_options(ca_certs)
opts = self._get_pool_options(ca_certs, cert_file, key_file)

if proxy:
if proxy_headers:
Expand Down
12 changes: 12 additions & 0 deletions tests/test_transport.py
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,18 @@ def test_transport_num_pools(make_client, num_pools, expected_num_pools):
assert options["num_pools"] == expected_num_pools


def test_two_way_ssl_authentication(make_client):
_experiments = {}

client = make_client(_experiments=_experiments)

options = client.transport._get_pool_options(
[], "/path/to/cert.pem", "/path/to/key.pem"
)
assert options["cert_file"] == "/path/to/cert.pem"
assert options["key_file"] == "/path/to/key.pem"


def test_socket_options(make_client):
socket_options = [
(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1),
Expand Down

0 comments on commit 4fb51f2

Please sign in to comment.