def get_keypair(config = None):
if not config:
config = SfaConfig()
hierarchy = Hierarchy()
key_dir= hierarchy.basedir
data_dir = config.data_path
keyfile =data_dir + os.sep + "server.key"
certfile = data_dir + os.sep + "server.cert"
# check if files already exist
if os.path.exists(keyfile) and os.path.exists(certfile):
return (keyfile, certfile)
# create temp keypair server key and certificate
(_, tmp_keyfile) = tempfile.mkstemp(suffix='.pkey', prefix='tmpkey', dir='/tmp')
(_, tmp_certfile) = tempfile.mkstemp(suffix='.cert', prefix='tmpcert', dir='/tmp')
tmp_key = Keypair(create=True)
tmp_key.save_to_file(tmp_keyfile)
tmp_cert = Certificate(subject='subject')
tmp_cert.set_issuer(key=tmp_key, subject='subject')
tmp_cert.set_pubkey(tmp_key)
tmp_cert.save_to_file(tmp_certfile, save_parents=True)
# request real pkey from registry
api = ComponentAPI(key_file=tmp_keyfile, cert_file=tmp_certfile)
registry = api.get_registry()
registry.get_key()
key = Keypair(filename=keyfile)
cert = Certificate(subject=hrn)
cert.set_issuer(key=key, subject=hrn)
cert.set_pubkey(key)
cert.sign()
cert.save_to_file(certfile, save_parents=True)
return (keyfile, certfile)
def start():
logger.log("sfagid: plugin starting up ...")
if not sfa:
return
try:
keyfile, certfile = get_keypair(None)
api = ComponentAPI(key_file=keyfile, cert_file=certfile)
api.get_node_key()
except:
return
class SecureXMLRpcRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler):
"""Secure XML-RPC request handler class.
It it very similar to SimpleXMLRPCRequestHandler but it uses HTTPS for transporting XML data.
"""
def setup(self):
self.connection = self.request
self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)
def do_POST(self):
"""Handles the HTTPS POST request.
It was copied out from SimpleXMLRPCServer.py and modified to shutdown the socket cleanly.
"""
try:
peer_cert = Certificate()
peer_cert.load_from_pyopenssl_x509(self.connection.get_peer_certificate())
self.api = ComponentAPI(
peer_cert=peer_cert,
interface=self.server.interface,
key_file=self.server.key_file,
cert_file=self.server.cert_file,
)
# get arguments
request = self.rfile.read(int(self.headers["content-length"]))
# In previous versions of SimpleXMLRPCServer, _dispatch
# could be overridden in this class, instead of in
# SimpleXMLRPCDispatcher. To maintain backwards compatibility,
# check to see if a subclass implements _dispatch and dispatch
# using that method if present.
# response = self.server._marshaled_dispatch(request, getattr(self, '_dispatch', None))
# XX TODO: Need to get the real remote address
remote_addr = (remote_ip, remote_port) = self.connection.getpeername()
self.api.remote_addr = remote_addr
# remote_addr = (self.rfile.connection.remote_ip, remote_port)
# self.api.remote_addr = remote_addr
response = self.api.handle(remote_addr, request)
except Exception, fault:
raise
# This should only happen if the module is buggy
# internal error, report as HTTP server error
self.send_response(500)
self.end_headers()
logger.log_exc("componentserver.SecureXMLRpcRequestHandler.do_POST")
else:
