Secure protocol check.

If https is provided server-side, display warning every time non-
secure protocol is used for every communication with the server.

Change-Id: I61c4d341810c872001a934589c4f3149cd7c8ee7
Reviewed-on: https://review.linaro.org/14421
Reviewed-by: lava-bot <lava-bot@linaro.org>
Reviewed-by: Neil Williams <neil.williams@linaro.org>

3 files changed, 25 insertions, 3 deletions

diff --git a/lava_tool/__init__.py b/lava_tool/__init__.py
index d2df836..cf32039 100644
--- a/lava_tool/__init__.py
+++ b/lava_tool/__init__.py
@@ -19,4 +19,4 @@
 
 
 def version():
-    return "0.16"
+    return "0.17"
diff --git a/lava_tool/authtoken.py b/lava_tool/authtoken.py
index 245b263..aa85b7c 100644
--- a/lava_tool/authtoken.py
+++ b/lava_tool/authtoken.py
@@ -19,9 +19,11 @@
 import base64
 import errno
 import ConfigParser as configparser
+import requests
 import urllib
 import urllib2
 import os
+import sys
 import xmlrpclib
 
 from lava_tool.interface import LavaCommandError
@@ -45,6 +47,20 @@ def normalize_xmlrpc_url(uri):
     return uri
 
 
+def check_uri_for_https(non_secure_uri):
+    secure_uri = "%ss:%s" % (
+        urllib.splittype(non_secure_uri)[0],
+        urllib.splittype(non_secure_uri)[1])
+    try:
+        res = requests.head(secure_uri, allow_redirects=True, timeout=15)
+        if res.status_code != requests.codes.OK:
+            return False
+    except:
+        return False
+
+    return True
+
+
 class AuthBackend(object):
 
     def add_token(self, username, endpoint_url, token):
@@ -137,7 +153,7 @@ class XMLRPCTransport(xmlrpclib.Transport):
 
     def __init__(self, scheme, auth_backend):
         xmlrpclib.Transport.__init__(self)
-        self._scheme = scheme
+        self.scheme = scheme
         self.auth_backend = auth_backend
         self._opener = urllib2.build_opener()
         self.verbose = 0
@@ -158,7 +174,7 @@ class XMLRPCTransport(xmlrpclib.Transport):
         auth, host = urllib.splituser(host)
         if auth:
             user, token = urllib.splitpasswd(auth)
-        url = self._scheme + "://" + host + handler
+        url = self.scheme + "://" + host + handler
         if user is not None and token is None:
             token = self.auth_backend.get_token_for_endpoint(user, url)
             if token is None:
@@ -181,5 +197,8 @@ class AuthenticatingServerProxy(xmlrpclib.ServerProxy):
         if transport is None:
             scheme = urllib.splittype(uri)[0]
             transport = XMLRPCTransport(scheme, auth_backend=auth_backend)
+        if transport.scheme == "http":
+            if check_uri_for_https(uri):
+                print >> sys.stderr, "Warning: Provided endpoint url supports communication over secure protocol (HTTPS)."
         xmlrpclib.ServerProxy.__init__(
             self, uri, transport, encoding, verbose, allow_none, use_datetime)
diff --git a/lava_tool/tests/test_authtoken.py b/lava_tool/tests/test_authtoken.py
index da24c8c..91cc4a6 100644
--- a/lava_tool/tests/test_authtoken.py
+++ b/lava_tool/tests/test_authtoken.py
@@ -62,6 +62,9 @@ class TestAuthenticatingServerProxy(TestCase):
         mocker.call(intercept_request)
         mocker.result(response)
 
+        # Init scheme attribute.
+        transport.scheme
+
         with mocker:
             server_proxy = AuthenticatingServerProxy(
                 url, auth_backend=auth_backend, transport=transport)