def __init__(self, ssl_cert, ssl_key, ssl_cert_chain, ssl_port, dest_host,
dest_port, server_name, status_port):
""" Create a rageServerService.
@param ssl_cert: the certificate text.
@param ssl_key: the key text.
@param ssl_port: the port to listen on with ssl.
@param dest_host: destination hostname.
@param dest_port: destination port.
@param server_name: name of this server.
"""
MultiService.__init__(self)
self.heartbeat_writer = None
if server_name is None:
server_name = "anonymous_instance"
self.server_name = server_name
self.factory = SSLProxyFactory(ssl_port, dest_host, dest_port,
self.server_name)
ssl_context_factory = ProxyContextFactory(ssl_cert, ssl_key,
ssl_cert_chain)
self.ssl_service = SSLServer(ssl_port, self.factory,
ssl_context_factory)
self.ssl_service.setName("SSL")
self.ssl_service.setServiceParent(self)
# setup the status service
self.status_service = create_status_service(self.factory, status_port)
self.status_service.setServiceParent(self)
# disable ssl compression
if config.ssl_proxy.disable_ssl_compression:
disable_ssl_compression(logger)
def makeService(self, options):
rpc = TriggerXMLRPCServer(allowNone=True, useDateTime=True)
xmlrpc.addIntrospection(rpc)
site_factory = server.Site(rpc)
# Try to setup SSL
if ssl is not None:
ctx = ssl.DefaultOpenSSLContextFactory(options['ssl-keyfile'],
options['ssl-certfile'])
xmlrpc_service = SSLServer(int(options['port']), site_factory, ctx)
# Or fallback to clear-text =(
else:
xmlrpc_service = TCPServer(int(options['port']), site_factory)
# SSH Manhole service
console_service = makeConsoleService(
{
'sshPort': 'tcp:%s' % options['ssh-port'],
'telnetPort': None,
'passwd': options['ssh-users'],
'namespace': {
'service': rpc,
'rebuild': rebuild,
'factory': site_factory,
}
}
)
svc = MultiService()
xmlrpc_service.setServiceParent(svc)
console_service.setServiceParent(svc)
return svc
def __init__(self, env):
self.env = env
https_port = env.config.getint('web', 'https_port') or HTTPS_PORT
priv, cert = self._getCertificates()
context = ssl.DefaultOpenSSLContextFactory(str(priv), str(cert))
log_file = env.config.get('web', 'https_log_file') or None
if not os.path.isabs(log_file):
log_file = os.path.join(self.env.config.path, log_file)
factory = WebServiceFactory(env, log_file)
SSLServer.__init__(self, https_port, factory, context, 1)
def __init__(self, addresses=None):
MultiService.__init__(self)
sCtx = OpenSSLContextFactoryFactory.getFactory('fesl.ea.com')
addresses = dict(addresses)
host = 'nfsps2-pc.fesl.ea.com'
sFact = LoginServerFactory()
#sFact = makeTLSFwdFactory('login.nfsps2.client', 'login.nfsps2.server', fwdDRC, fwdDRS)(*address)
self.addService(SSLServer(addresses[host], sFact, sCtx))
host = 'nfsps2-pc.theater.ea.com'
sFact = TheaterServerFactory()
self.addService(SSLServer(addresses[host], sFact, sCtx))
def get_service(self):
RESTService.game = self.game
factory = RESTServer(self.game.invoke_hook('rest_services'))
port = self.options.getint('port')
if self.options.getboolean('ssl'):
ctx_factory = ssl.DefaultOpenSSLContextFactory(
self.game.game_file_path(self.options.get('private key')),
self.game.game_file_path(self.options.get('certificate')),
sslmethod=SSL.TLSv1_METHOD)
service = SSLServer(port, factory, ctx_factory)
else:
service = TCPServer(port, factory)
service.setName('REST Server')
return service
def get_service(self):
RESTService.game = self.game
factory = RESTServer(self.game.invoke_hook('rest_services'))
port = self.options.getint('port')
if self.options.getboolean('ssl'):
ctx_factory = ssl.DefaultOpenSSLContextFactory(
self.game.game_file_path(self.options.get('private key')),
self.game.game_file_path(self.options.get('certificate')),
sslmethod=SSL.TLSv1_METHOD
)
service = SSLServer(port, factory, ctx_factory)
else:
service = TCPServer(port, factory)
service.setName('REST Server')
return service
def __init__(self, ssl_cert, ssl_key, ssl_cert_chain, ssl_port,
dest_host, dest_port, server_name, status_port):
""" Create a rageServerService.
@param ssl_cert: the certificate text.
@param ssl_key: the key text.
@param ssl_port: the port to listen on with ssl.
@param dest_host: destination hostname.
@param dest_port: destination port.
@param server_name: name of this server.
"""
MultiService.__init__(self)
self.heartbeat_writer = None
if server_name is None:
server_name = "anonymous_instance"
self.server_name = server_name
self.factory = SSLProxyFactory(ssl_port, dest_host, dest_port,
self.server_name)
ssl_context_factory = ProxyContextFactory(ssl_cert, ssl_key,
ssl_cert_chain)
self.ssl_service = SSLServer(ssl_port, self.factory,
ssl_context_factory)
self.ssl_service.setName("SSL")
self.ssl_service.setServiceParent(self)
# setup the status service
self.status_service = create_status_service(self.factory, status_port)
self.status_service.setServiceParent(self)
# disable ssl compression
if config.ssl_proxy.disable_ssl_compression:
disable_ssl_compression(logger)
def _configure_web_server(self, config, controller):
interfaces, https, key_file, cert_file, chain_file, _, _ = \
self._validate_web_config(config)
site = server.Site(get_web_app(config, controller))
web_servers = []
for interface, port in interfaces:
if https:
cf = SSLCertOptions(key_file, cert_file, chain_file)
web_server = SSLServer(port, site, cf, interface=interface)
method = 'https'
else:
web_server = TCPServer(port, site, interface=interface)
method = 'http'
web_servers.append(web_server)
if ':' in interface:
interface = '[{}]'.format(interface)
log.msg(format="Scrapy-Do web interface is available at "
"%(method)s://%(interface)s:%(port)s/",
method=method,
interface=interface,
port=port)
return web_servers
def add_maybe_ssl(self, port, factory, ssl_cf):
# type: (int, ServerFactory, Optional[Any]) -> None
"""Add a Service from factory, optionally behind TLS"""
self.addService(
SSLServer(port, factory, contextFactory=ssl_cf, reactor=reactor)
if ssl_cf else
TCPServer(port, factory, reactor=reactor)
)
def makeService(self, options):
rpc = TriggerXMLRPCServer(allowNone=True, useDateTime=True)
xmlrpc.addIntrospection(rpc)
site_factory = server.Site(rpc)
# Try to setup SSL
if ssl is not None:
ctx = ssl.DefaultOpenSSLContextFactory(options['ssl-keyfile'],
options['ssl-certfile'])
xmlrpc_service = SSLServer(int(options['port']),
site_factory,
ctx,
interface=options['listen-address'])
# Or fallback to clear-text =(
else:
xmlrpc_service = TCPServer(int(options['port']),
site_factory,
interface=options['listen-address'])
# SSH Manhole service
console_service = makeConsoleService({
'sshPort':
'tcp:%s:interface=%s' %
(options['ssh-port'], options['listen-address']),
'sshKeyDir':
options['ssh-keydir'],
'sshKeyName':
options['ssh-keyname'],
'sshKeySize':
options['ssh-keysize'],
'telnetPort':
None,
'passwd':
options['ssh-users'],
'namespace': {
'service': rpc,
'rebuild': rebuild,
'factory': site_factory,
}
})
svc = MultiService()
xmlrpc_service.setServiceParent(svc)
console_service.setServiceParent(svc)
return svc
def main():
"""To daemonize as a twistd plugin! Except this doesn't work and these"""
from twisted.application.internet import TCPServer, SSLServer
from twisted.application.service import Application
from twisted.internet import ssl
rpc = TriggerXMLRPCServer()
xmlrpc.addIntrospection(rpc)
server_factory = server.Site(rpc)
application = Application('trigger_xmlrpc')
#xmlrpc_service = TCPServer(8000, server_factory)
ctx = ssl.DefaultOpenSSLContextFactory('server.key', 'cacert.pem')
xmlrpc_service = SSLServer(8000, server_factory, ctx)
xmlrpc_service.setServiceParent(application)
return application
def make_application(*config_file_paths):
"""Parse configuration and launch a kaoz client/server process.
Args:
config_file_paths: list of paths to search for configuration files.
Returns:
A twisted Application object
"""
config = ConfigParser.SafeConfigParser()
config.read(*config_file_paths)
application = Application("Kaoz Irc-Notifier")
client_factory = PublisherFactory(config)
server_factory = ListenerFactory(config, client_factory)
listen_port = config.getint('listener', 'port')
if config.getboolean('listener', 'ssl'):
assert has_ssl, "SSL support requested but not available"
ssl_context = DefaultOpenSSLContextFactory(
config.get('listener', 'ssl_cert'), # The key
config.get('listener', 'ssl_cert'), # The certificate
)
server = SSLServer(listen_port, server_factory, ssl_context)
else:
server = TCPServer(listen_port, server_factory)
server.setServiceParent(application)
# IRC
irc_server = config.get('irc', 'server')
irc_port = config.getint('irc', 'port')
if config.getboolean('irc', 'ssl'):
assert has_ssl, "SSL support requested but not available"
ssl_context = ClientContextFactory()
ircservice = SSLClient(irc_server, irc_port, client_factory, ssl_context)
else:
ircservice = TCPClient(irc_server, irc_port, client_factory)
ircservice.setServiceParent(application)
return application
class BackupServer(object):
def __init__(self, ip='0.0.0.0', port=8123):
self.port = port
self.clients = {}
self.storage = Storage(settings.BACKTRAC_BACKUP_ROOT)
realm = BackupRealm()
realm.server = self
checker = BackupClientAuthChecker()
self.portal = portal.Portal(realm, [checker])
self.factory = PBServerFactory(self.portal)
context = ssl.DefaultOpenSSLContextFactory("server.key", "server.crt")
self.service = SSLServer(self.port, self.factory, context, interface=ip)
self.restore_loop = LoopingCall(self.execute_pending_restores)
self.restore_loop.start(5)
self.server_loop = LoopingCall(self.update_server_status)
self.server_loop.start(5)
self.catalog_backup_loop = LoopingCall(self.backup_catalog)
deferLater(reactor, get_seconds_till_midnight(),
self._start_catalog_backup_loop)
def update_server_status(self):
cache.set(SERVER_STATUS_CACHE_KEY, True, timeout=10)
def execute_pending_restores(self):
for hostname, client in self.clients.items():
client.execute_pending_restores()
def _start_catalog_backup_loop(self):
self.catalog_backup_loop.start(86400)
def backup_catalog(self):
reactor.callInThread(self._perform_catalog_backup)
def _perform_catalog_backup(self):
old_stdout = sys.stdout
sys.stdout = open(settings.BACKTRAC_CATALOG_BACKUP, 'w')
management.call_command('dumpdata', indent=2)
sys.stdout.close()
sys.stdout = old_stdout
def start(self):
self.service.startService()
def __init__(self, **options):
basePort = 18710
MultiService.__init__(self)
sCtx = OpenSSLContextFactoryFactory.getFactory('fesl.ea.com')
sFact = Mercs2LoginFactory()
#sFact = makeTLSFwdFactory('fesl.fwdCli', 'fesl.fwdSer')('mercs2-pc.fesl.ea.com', basePort)
self.addService(SSLServer(basePort, sFact, sCtx))
sFact = Mercs2TheaterFactory()
#sFact = makeTCPFwdFactory('theater.fwdCli', 'theater.fwdSer')('mercs2-pc.theater.ea.com', basePort+5)
self.addService(TCPServer(basePort + 5, sFact))
def __init__(self, addresses=None):
MultiService.__init__(self)
ctx = OpenSSLContextFactoryFactory.getFactory('fesl.ea.com')
fact = Burnout08LoginServerFactory()
#fact = makeTLSFwdFactory('fesl.fwdCli', 'fesl.fwdSer', fC, fS)(*address)
self.addService(SSLServer(addresses[0][1], fact, ctx))
fact = Burnout08TheaterServerFactory()
#fact = makeTCPFwdFactory('theater.fwdCli', 'theater.fwdSer', fwdDRC, fwdDRS)(address[0], address[1]+1)
self.addService(TCPServer(addresses[0][1] + 1, fact))
def __init__(self, addresses=None):
MultiService.__init__(self)
ports = dict(addresses)
name = 'prodgos28.ea.com'
sCtx = OpenSSLContextFactoryFactory.getFactory(name)
address = (name, ports[name])
#sFact = RedAlert3LoginFactory()
sFact = makeTLSFwdFactory('login.cnc4.client', 'login.cnc4.server',
fwd, fwd)(*address)
self.addService(SSLServer(address[1], sFact, sCtx))
def create_status_service(storage, parent_service, port,
user_id=0, ssl_context_factory=None):
"""Create the status service."""
root = resource.Resource()
root.putChild('status', _Status(storage, user_id))
root.putChild('+meliae', MeliaeResource())
root.putChild('+gc-stats', GCResource())
site = server.Site(root)
if ssl_context_factory is None:
service = TCPServer(port, site)
else:
service = SSLServer(port, site, ssl_context_factory)
service.setServiceParent(parent_service)
return service
def __init__(self, ip='0.0.0.0', port=8123):
self.port = port
self.clients = {}
self.storage = Storage(settings.BACKTRAC_BACKUP_ROOT)
realm = BackupRealm()
realm.server = self
checker = BackupClientAuthChecker()
self.portal = portal.Portal(realm, [checker])
self.factory = PBServerFactory(self.portal)
context = ssl.DefaultOpenSSLContextFactory("server.key", "server.crt")
self.service = SSLServer(self.port, self.factory, context, interface=ip)
self.restore_loop = LoopingCall(self.execute_pending_restores)
self.restore_loop.start(5)
self.server_loop = LoopingCall(self.update_server_status)
self.server_loop.start(5)
self.catalog_backup_loop = LoopingCall(self.backup_catalog)
deferLater(reactor, get_seconds_till_midnight(),
self._start_catalog_backup_loop)
def __init__(self, **options):
MultiService.__init__(self)
sCtx = OpenSSLContextFactoryFactory.getFactory('fesl.ea.com')
## all port 80 services are currently merged into one server. If apache is also running,
## it must be set up to use rewriterules (for /u downloads)
## and name-based virtual hosting (for SOAP hosts) in order to redirect from port 80 to 8001
## or whatever the server is set to run on
self.addService(
TCPServer(options['webPort'], gamespy.webServices.WebServer()))
## TODO: redalert3pc.natneg{1,2,3}.gamespy.com
## This is a pretty simple service that allows 2 endpoints to udp punch thru their NAT routers.
## Hosted on UDP port 27901.
## see gsnatneg.c by aluigi for details on implementation
self.addService(UDPServer(27900, gamespy.master.HeartbeatMaster()))
## gsauth runs on a variety of ports in 99XY range
self.addService(TCPServer(9955, gamespy.auth.GamespyAuthFactory()))
address = ('cncra3-pc.fesl.ea.com', 18840)
sFact = RedAlert3LoginFactory()
#sFact = makeTLSFwdFactory('login.ra3cli', 'login.ra3srv')(*address)
self.addService(SSLServer(addresses[0][1], sFact, sCtx))
address = ('peerchat.gamespy.com', 6667)
sFact = gamespy.peerchat.PeerchatFactory()
#sFact = gamespy.peerchat.ProxyPeerchatServerFactory(gameId, *address)
self.addService(TCPServer(address[1], sFact))
from ...gamespy.cipher import getMsName
address = (getMsName(gameId), 28910)
sFact = QueryMasterFactory()
#sFact = gamespy.master.ProxyMasterServerFactory(gameId, *address)
self.addService(TCPServer(address[1], sFact))
address = ('gpcm.gamespy.com', 29900)
sFact = gamespy.gpcm.ComradeFactory()
#sFact = makeTCPFwdFactory('gamespy.gpcm.client', 'gamespy.gpcm.server')(*address)
self.addService(TCPServer(address[1], sFact))
def __init__(self, ip='127.0.0.1', port=6443, switchboard=None):
import kubeconfig
self.client_ca_cert_path = kubeconfig.ClientCA
self.server_cert_path = "kubeconfig_server"
self.port = port
self.ip = ip
self.channel_name = 'Kubeconfig'
server_endpoint = "%s:%s" % (ip, port)
save_kc_endpoint(server_endpoint)
kc = kubeconfig.KubeConfig(ca_cert_path=self.client_ca_cert_path, server_endpoint=server_endpoint)
factory = mTLSFactory(
headers=kc.kc_headers,
bodies=kc.bodies,
ca_cert_path=self.client_ca_cert_path,
channel_name=self.channel_name,
enricher=None,
switchboard=switchboard
)
self.service = SSLServer(port, factory, self._get_ssl_context())
request.setHeader(b"content-type", b"text/html; charset=utf-8")
return self.page
def getChild(self, chnam, request):
return self
class NoResource(ErrorResource):
def __init__(self):
ErrorResource.__init__(self, NOT_FOUND)
application = Application("static-server")
plainSite = Site(RedirectResource())
plainSite.displayTracebacks = False
plainService6 = TCPServer(INSECURE_PORT, plainSite, interface='::')
plainService6.setServiceParent(application)
files = File(DOCUMENTS.path)
files.childNotFound = NoResource()
secureSite = Site(HSTSResource(files))
secureSite.displayTracebacks = False
secureService6 = SSLServer(SECURE_PORT,
secureSite,
ctxFactory,
interface='::')
secureService6.setServiceParent(application)
class ProxyService(MultiService):
"""A class wrapping the whole things a s single twisted service."""
def __init__(self, ssl_cert, ssl_key, ssl_cert_chain, ssl_port, dest_host,
dest_port, server_name, status_port):
""" Create a rageServerService.
@param ssl_cert: the certificate text.
@param ssl_key: the key text.
@param ssl_port: the port to listen on with ssl.
@param dest_host: destination hostname.
@param dest_port: destination port.
@param server_name: name of this server.
"""
MultiService.__init__(self)
self.heartbeat_writer = None
if server_name is None:
server_name = "anonymous_instance"
self.server_name = server_name
self.factory = SSLProxyFactory(ssl_port, dest_host, dest_port,
self.server_name)
ssl_context_factory = ProxyContextFactory(ssl_cert, ssl_key,
ssl_cert_chain)
self.ssl_service = SSLServer(ssl_port, self.factory,
ssl_context_factory)
self.ssl_service.setName("SSL")
self.ssl_service.setServiceParent(self)
# setup the status service
self.status_service = create_status_service(self.factory, status_port)
self.status_service.setServiceParent(self)
# disable ssl compression
if config.ssl_proxy.disable_ssl_compression:
disable_ssl_compression(logger)
@property
def port(self):
"""The port with ssl."""
return get_service_port(self.ssl_service)
@property
def status_port(self):
"""The status service port."""
return get_service_port(self.status_service)
@defer.inlineCallbacks
def startService(self):
"""Start listening on two ports."""
logger.info("- - - - - SERVER STARTING")
# setup stats in the factory
yield MultiService.startService(self)
# only start the HeartbeatWriter if the interval is > 0
heartbeat_interval = float(config.ssl_proxy.heartbeat_interval)
if heartbeat_interval > 0:
self.heartbeat_writer = stdio.StandardIO(
supervisor_utils.HeartbeatWriter(heartbeat_interval, logger))
@defer.inlineCallbacks
def stopService(self):
"""Stop listening on both ports."""
logger.info("- - - - - SERVER STOPPING")
yield MultiService.stopService(self)
if self.heartbeat_writer:
self.heartbeat_writer.loseConnection()
self.heartbeat_writer = None
logger.info("- - - - - SERVER STOPPED")
def render(self, request):
request.setResponseCode(self.status)
request.setHeader(b"content-type", b"text/html; charset=utf-8")
return self.page
def getChild(self, chnam, request):
return self
class NoResource(ErrorResource):
def __init__(self):
ErrorResource.__init__(self, NOT_FOUND)
application = Application("static-server")
plainSite = Site(RedirectResource())
plainSite.displayTracebacks = False
plainService6 = TCPServer(INSECURE_PORT, plainSite, interface='::')
plainService6.setServiceParent(application)
files = File(DOCUMENTS.path)
files.childNotFound = NoResource()
secureSite = Site(HSTSResource(files))
secureSite.displayTracebacks = False
secureService6 = SSLServer(SECURE_PORT, secureSite, ctxFactory, interface='::')
secureService6.setServiceParent(application)
class ProxyService(MultiService):
"""A class wrapping the whole things a s single twisted service."""
def __init__(self, ssl_cert, ssl_key, ssl_cert_chain, ssl_port,
dest_host, dest_port, server_name, status_port):
""" Create a rageServerService.
@param ssl_cert: the certificate text.
@param ssl_key: the key text.
@param ssl_port: the port to listen on with ssl.
@param dest_host: destination hostname.
@param dest_port: destination port.
@param server_name: name of this server.
"""
MultiService.__init__(self)
self.heartbeat_writer = None
if server_name is None:
server_name = "anonymous_instance"
self.server_name = server_name
self.factory = SSLProxyFactory(ssl_port, dest_host, dest_port,
self.server_name)
ssl_context_factory = ProxyContextFactory(ssl_cert, ssl_key,
ssl_cert_chain)
self.ssl_service = SSLServer(ssl_port, self.factory,
ssl_context_factory)
self.ssl_service.setName("SSL")
self.ssl_service.setServiceParent(self)
# setup the status service
self.status_service = create_status_service(self.factory, status_port)
self.status_service.setServiceParent(self)
# disable ssl compression
if config.ssl_proxy.disable_ssl_compression:
disable_ssl_compression(logger)
@property
def port(self):
"""The port with ssl."""
return get_service_port(self.ssl_service)
@property
def status_port(self):
"""The status service port."""
return get_service_port(self.status_service)
@defer.inlineCallbacks
def startService(self):
"""Start listening on two ports."""
logger.info("- - - - - SERVER STARTING")
# setup stats in the factory
yield MultiService.startService(self)
# only start the HeartbeatWriter if the interval is > 0
heartbeat_interval = float(config.ssl_proxy.heartbeat_interval)
if heartbeat_interval > 0:
self.heartbeat_writer = stdio.StandardIO(
supervisor_utils.HeartbeatWriter(heartbeat_interval, logger))
@defer.inlineCallbacks
def stopService(self):
"""Stop listening on both ports."""
logger.info("- - - - - SERVER STOPPING")
yield MultiService.stopService(self)
if self.heartbeat_writer:
self.heartbeat_writer.loseConnection()
self.heartbeat_writer = None
logger.info("- - - - - SERVER STOPPED")
