def run(config):
plugins = util.plugins()
for name, plugin in plugins.items():
cherrypy.tree.graft(plugin(config), "/{}".format(name))
cherrypy.config.update({
'engine.autoreload.on':
False,
'log.screen':
False,
'log.access_file':
str(config["access.log"]),
'log.error_file':
str(config["error.log"]),
'server.socket_port':
int(config["port"]),
'server.socket_host':
str(config["host"]),
'server.max_request_body_size':
int(config["max_request_body_size"]),
'engine.SIGHUP':
None,
'engine.SIGTERM':
None,
})
cherrypy.server.ssl_module = 'builtin'
CherryPyWSGIServer.ssl_adapter = BuiltinSSLAdapter(config["cert"],
config["key"], None)
cherrypy.engine.start()
cherrypy.engine.block()
def run(self, handler):
from cherrypy import wsgiserver
from cherrypy.wsgiserver.ssl_builtin import BuiltinSSLAdapter
server = wsgiserver.CherryPyWSGIServer(('0.0.0.0', self.port), handler)
server.ssl_adapter = BuiltinSSLAdapter(
'/etc/apache2/certs/cert.pem',
'/etc/apache2/certs/server-pkey.pem', None)
try:
server.start()
finally:
server.stop()
def _runCherryPy(app, config, mode):
"""Run WsgiDAV using cherrypy.wsgiserver, if CherryPy is installed."""
assert mode in ("cherrypy", "cherrypy-bundled")
try:
if mode == "cherrypy-bundled":
# Need to set import root folder
server_folder = os.path.dirname(__file__)
sys.path.append(server_folder)
from cherrypy import wsgiserver
from cherrypy.wsgiserver.ssl_builtin import BuiltinSSLAdapter
else:
# http://cherrypy.org/apidocs/3.0.2/cherrypy.wsgiserver-module.html
from cherrypy import wsgiserver, __version__ as cp_version, BuiltinSSLAdapter
version = "WsgiDAV/%s %s Python/%s" % (
__version__, wsgiserver.CherryPyWSGIServer.version, PYTHON_VERSION)
wsgiserver.CherryPyWSGIServer.version = version
# Support SSL
ssl_certificate = _get_checked_path(config.get("ssl_certificate"))
ssl_private_key = _get_checked_path(config.get("ssl_private_key"))
ssl_certificate_chain = _get_checked_path(
config.get("ssl_certificate_chain"))
protocol = "http"
if ssl_certificate:
assert ssl_private_key
wsgiserver.CherryPyWSGIServer.ssl_adapter = BuiltinSSLAdapter(
ssl_certificate, ssl_private_key, ssl_certificate_chain)
protocol = "https"
if config["verbose"] >= 1:
print("SSL / HTTPS enabled.")
if config["verbose"] >= 1:
print "Running %s" % version
print("Listening on %s://%s:%s ..." %
(protocol, config["host"], config["port"]))
server = wsgiserver.CherryPyWSGIServer(
(config["host"], config["port"]),
app,
server_name=version,
)
try:
server.start()
except KeyboardInterrupt:
if config["verbose"] >= 1:
print "Caught Ctrl-C, shutting down..."
server.stop()
except ImportError, e:
if config["verbose"] >= 1:
print "Could not import wsgiserver.CherryPyWSGIServer."
return False
def _runCherryPy(app, config, mode):
"""Run WsgiDAV using cherrypy.wsgiserver if CherryPy is installed."""
assert mode in ("cherrypy", "cherrypy-bundled")
try:
from cherrypy import wsgiserver
from cherrypy.wsgiserver.ssl_builtin import BuiltinSSLAdapter
except ImportError:
# if config["verbose"] >= 1:
print("ERROR: Could not import CherryPy, Try `pip install cherrypy`.")
raise
server_name = "WsgiDAV/%s %s Python/%s" % (
__version__,
wsgiserver.CherryPyWSGIServer.version,
PYTHON_VERSION)
wsgiserver.CherryPyWSGIServer.version = server_name
# Support SSL
ssl_certificate = _get_checked_path(config.get("ssl_certificate"))
ssl_private_key = _get_checked_path(config.get("ssl_private_key"))
ssl_certificate_chain = _get_checked_path(config.get("ssl_certificate_chain"))
protocol = "http"
if ssl_certificate:
assert ssl_private_key
wsgiserver.CherryPyWSGIServer.ssl_adapter = BuiltinSSLAdapter(ssl_certificate, ssl_private_key, ssl_certificate_chain)
protocol = "https"
if config["verbose"] >= 1:
print("SSL / HTTPS enabled.")
if config["verbose"] >= 1:
print("Running %s" % server_name)
print("Serving on %s://%s:%s ..." % (protocol, config["host"], config["port"]))
server_args = {"bind_addr": (config["host"], config["port"]),
"wsgi_app": app,
"server_name": server_name,
}
# Override or add custom args
server_args.update(config.get("server_args", {}))
server = wsgiserver.CherryPyWSGIServer(**server_args)
try:
server.start()
except KeyboardInterrupt:
if config["verbose"] >= 1:
print("Caught Ctrl-C, shutting down...")
finally:
server.stop()
return
def run(self, handler):
from cherrypy.wsgiserver.ssl_builtin import BuiltinSSLAdapter
from cherrypy import wsgiserver
server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler)
self.srv = server
# If cert variable is has a valid path, SSL will be used
# You can set it to None to disable SSL
server.ssl_adapter = BuiltinSSLAdapter(self._ssl_certfile,
self._ssl_keyfile,
self._ssl_ca_certs)
try:
server.start()
finally:
server.stop()
def _runCherryPy(app, config, mode):
"""Run WsgiDAV using cherrypy.wsgiserver if CherryPy is installed."""
assert mode == "cherrypy-wsgiserver"
try:
from cherrypy import wsgiserver
from cherrypy.wsgiserver.ssl_builtin import BuiltinSSLAdapter
_logger.warn("WARNING: cherrypy.wsgiserver is deprecated.")
_logger.warn(
" Starting with CherryPy 9.0 the functionality from cherrypy.wsgiserver"
)
_logger.warn(" was moved to the cheroot project.")
_logger.warn(" Consider using --server=cheroot.")
except ImportError:
_logger.error("*" * 78)
_logger.error("ERROR: Could not import cherrypy.wsgiserver.")
_logger.error(
"Try `pip install cherrypy` or specify another server using the --server option."
)
_logger.error(
"Note that starting with CherryPy 9.0, the server was moved to")
_logger.error(
"the cheroot project, so it is recommended to use `-server=cheroot`"
)
_logger.error("and run `pip install cheroot` instead.")
_logger.error("*" * 78)
raise
server_name = "WsgiDAV/{} {} Python/{}".format(
__version__, wsgiserver.CherryPyWSGIServer.version,
util.PYTHON_VERSION)
wsgiserver.CherryPyWSGIServer.version = server_name
# Support SSL
ssl_certificate = _get_checked_path(config.get("ssl_certificate"))
ssl_private_key = _get_checked_path(config.get("ssl_private_key"))
ssl_certificate_chain = _get_checked_path(
config.get("ssl_certificate_chain"))
protocol = "http"
if ssl_certificate:
assert ssl_private_key
wsgiserver.CherryPyWSGIServer.ssl_adapter = BuiltinSSLAdapter(
ssl_certificate, ssl_private_key, ssl_certificate_chain)
protocol = "https"
_logger.info("SSL / HTTPS enabled.")
_logger.info("Running {}".format(server_name))
_logger.info("Serving on {}://{}:{} ...".format(protocol, config["host"],
config["port"]))
server_args = {
"bind_addr": (config["host"], config["port"]),
"wsgi_app": app,
"server_name": server_name,
}
# Override or add custom args
server_args.update(config.get("server_args", {}))
server = wsgiserver.CherryPyWSGIServer(**server_args)
# If the caller passed a startup event, monkey patch the server to set it
# when the request handler loop is entered
startup_event = config.get("startup_event")
if startup_event:
def _patched_tick():
server.tick = org_tick # undo the monkey patch
org_tick()
_logger.info("CherryPyWSGIServer is ready")
startup_event.set()
org_tick = server.tick
server.tick = _patched_tick
try:
server.start()
except KeyboardInterrupt:
_logger.warn("Caught Ctrl-C, shutting down...")
finally:
server.stop()
return
def main():
parser = argparse.ArgumentParser(description='Example OIDC Provider.')
parser.add_argument("-p", "--port", default=80, type=int)
parser.add_argument("-b", "--base", default="https://localhost", type=str)
parser.add_argument("-d", "--debug", action="store_true")
parser.add_argument("settings")
args = parser.parse_args()
# Load configuration
with open(args.settings, "r") as f:
settings = yaml.load(f)
issuer = args.base.rstrip("/")
template_dirs = settings["server"].get("template_dirs", "templates")
jinja_env = Environment(loader=FileSystemLoader(template_dirs))
authn_broker, auth_routing = setup_authentication_methods(
settings["authn"], jinja_env)
# Setup userinfo
userinfo_conf = settings["userinfo"]
cls = make_cls_from_name(userinfo_conf["class"])
i = cls(**userinfo_conf["kwargs"])
userinfo = UserInfo(i)
client_db = {}
provider = Provider(issuer, SessionDB(issuer), client_db, authn_broker,
userinfo, AuthzHandling(), verify_client, None)
provider.baseurl = issuer
provider.symkey = rndstr(16)
# Setup keys
path = os.path.join(os.path.dirname(__file__), "static")
try:
os.makedirs(path)
except OSError as e:
if e.errno != errno.EEXIST:
raise e
pass
jwks = keyjar_init(provider, settings["provider"]["keys"])
name = "jwks.json"
with open(os.path.join(path, name), "w") as f:
f.write(json.dumps(jwks))
provider.jwks_uri.append("{}/static/{}".format(provider.baseurl, name))
# Mount the WSGI callable object (app) on the root directory
app_routing = setup_endpoints(provider)
app_routing["/.well-known/openid-configuration"] = pyoidcMiddleware(
provider.providerinfo_endpoint)
app_routing["/.well-known/webfinger"] = pyoidcMiddleware(
partial(_webfinger, provider))
routing = dict(list(auth_routing.items()) + list(app_routing.items()))
routing["/static"] = make_static_handler(path)
dispatcher = WSGIPathInfoDispatcher(routing)
server = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port), dispatcher)
# Setup SSL
if provider.baseurl.startswith("https://"):
server.ssl_adapter = BuiltinSSLAdapter(
settings["server"]["cert"], settings["server"]["key"],
settings["server"]["cert_chain"])
# Start the CherryPy WSGI web server
try:
print("Server started: {}".format(issuer))
server.start()
except KeyboardInterrupt:
server.stop()
sign_alg = None
digest_alg = None
try:
sign_alg = CONFIG.SIGN_ALG
except AttributeError:
pass
try:
digest_alg = CONFIG.DIGEST_ALG
except AttributeError:
pass
ds.DefaultSignature(sign_alg, digest_alg)
SRV = wsgiserver.CherryPyWSGIServer((HOST, PORT), application)
_https = ""
if CONFIG.HTTPS:
https = "using HTTPS"
# SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
# config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN)
SRV.ssl_adapter = BuiltinSSLAdapter(CONFIG.SERVER_CERT,
CONFIG.SERVER_KEY,
CONFIG.CERT_CHAIN)
logger.info("Server starting")
print("IDP listening on %s:%s%s" % (HOST, PORT, _https))
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
webio=WebIh,
webtester=WebTester,
check=check,
webenv=app_args,
pick_grp=pick_grp,
path=_path)
_conf = app_args['conf']
SRV = wsgiserver.CherryPyWSGIServer(
('0.0.0.0', args.port), SessionMiddleware(WA.application,
session_opts))
if args.tls:
from cherrypy.wsgiserver.ssl_builtin import BuiltinSSLAdapter
SRV.ssl_adapter = BuiltinSSLAdapter(_conf.SERVER_CERT,
_conf.SERVER_KEY, _conf.CERT_CHAIN)
extra = " using SSL/TLS"
else:
extra = ""
print(_path)
txt = "AS test server starting listening on port:%s%s" % (args.port, extra)
logger.info(txt)
print(txt)
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
for key in jwks["keys"]:
for k in key.keys():
key[k] = as_unicode(key[k])
f.write(json.dumps(jwks))
f.close()
OAS.jwks_uri = "%s%s" % (OAS.baseurl, jwks_file_name)
for b in OAS.keyjar[""]:
LOGGER.info("OC3 server keys: %s" % b)
# Setup the web server
SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port), application)
https = ""
if config.SERVICE_URL.startswith("https"):
https = "using HTTPS"
# SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
# config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN)
SRV.ssl_adapter = BuiltinSSLAdapter(config.SERVER_CERT,
config.SERVER_KEY,
config.CERT_CHAIN)
LOGGER.info("OC server starting listening on port:%s %s" %
(args.port, https))
print("OC server starting listening on port:%s %s" % (args.port, https))
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
# for b in OAS.keyjar[""]:
# LOGGER.info("OC3 server keys: %s" % b)
# TODO: Questions:
# END_POINT is defined as a dictionary in the configuration file,
# why not defining it as string with "verify" value?
# after all, we have only one end point.
# can we have multiple end points for password? why?
endPoint = config.AUTHENTICATION["UserPassword"]["EndPoints"][
passwordEndPointIndex]
_urls = []
_urls.append((r'^' + endPoint,
make_auth_verify(authnIndexedEndPointWrapper.verify)))
_app = Application(provider, _urls)
# Setup the web server
server = wsgiserver.CherryPyWSGIServer(('0.0.0.0', config.PORT),
_app.application)
server.ssl_adapter = BuiltinSSLAdapter(config.SERVER_CERT,
config.SERVER_KEY)
print "OIDC Provider server started (issuer={}, port={})".format(
config.ISSUER, config.PORT)
try:
server.start()
except KeyboardInterrupt:
server.stop()
def cpwsgi_server(app,
global_conf=None,
host='127.0.0.1',
port=None,
ssl_pem=None,
protocol_version=None,
numthreads=None,
server_name=None,
max=None,
request_queue_size=None,
timeout=None):
"""
Serves the specified WSGI app via CherryPyWSGIServer.
``app``
The WSGI 'application callable'; multiple WSGI applications
may be passed as (script_name, callable) pairs.
``host``
This is the ipaddress to bind to (or a hostname if your
nameserver is properly configured). This defaults to
127.0.0.1, which is not a public interface.
``port``
The port to run on, defaults to 8080 for HTTP, or 4443 for
HTTPS. This can be a string or an integer value.
``ssl_pem``
This an optional SSL certificate file (via OpenSSL) You can
generate a self-signed test PEM certificate file as follows:
$ openssl genrsa 1024 > host.key
$ chmod 400 host.key
$ openssl req -new -x509 -nodes -sha1 -days 365 \\
-key host.key > host.cert
$ cat host.cert host.key > host.pem
$ chmod 400 host.pem
``protocol_version``
The protocol used by the server, by default ``HTTP/1.1``.
``numthreads``
The number of worker threads to create.
``server_name``
The string to set for WSGI's SERVER_NAME environ entry.
``max``
The maximum number of queued requests. (defaults to -1 = no
limit).
``request_queue_size``
The 'backlog' argument to socket.listen(); specifies the
maximum number of queued connections.
``timeout``
The timeout in seconds for accepted connections.
"""
is_ssl = False
if ssl_pem:
port = port or 4443
is_ssl = True
if not port:
if ':' in host:
host, port = host.split(':', 1)
else:
port = 8080
bind_addr = (host, int(port))
kwargs = {}
for var_name in ('numthreads', 'max', 'request_queue_size', 'timeout'):
var = locals()[var_name]
if var is not None:
kwargs[var_name] = int(var)
server = wsgiserver.CherryPyWSGIServer(bind_addr,
app,
server_name=server_name,
**kwargs)
if is_ssl:
if builtin:
server.ssl_module = 'builtin'
server.ssl_adapter = BuiltinSSLAdapter(ssl_pem, ssl_pem)
else:
server.ssl_certificate = server.ssl_private_key = ssl_pem
if protocol_version:
server.protocol = protocol_version
try:
protocol = is_ssl and 'https' or 'http'
if host == '0.0.0.0':
print('serving on 0.0.0.0:%s view at %s://127.0.0.1:%s' % \
(port, protocol, port))
else:
print("serving on %s://%s:%s" % (protocol, host, port))
server.start()
except (KeyboardInterrupt, SystemExit):
server.stop()
return server
check_file('CA_CERTIFICATE_FILE', CA_CERTIFICATE_FILE)
check_file('PARTNER_CERTIFICATE', PARTNER_CERTIFICATE)
check_file('PARTNER_PRIVATE_KEY', PARTNER_PRIVATE_KEY)
check_string('HFPP_PARTNER_ID', HFPP_PARTNER_ID)
check_port('PARTNER_CLIENT_HTTP_SERVICE_PORT',
PARTNER_CLIENT_HTTP_SERVICE_PORT)
check_bool('PARTNER_IMMEDIATE_FULLFIL', PARTNER_IMMEDIATE_FULLFIL)
check_string('DECISION_MODULE_URL', DECISION_MODULE_URL)
check_file('STUDY_REPORT_DIRECTORY', STUDY_REPORT_DIRECTORY)
#badly formed hexadecimal UUID string will throw if not uuid string
partner_id = uuid.UUID(HFPP_PARTNER_ID)
logging.debug('hfpp partner id:%s', partner_id)
except (TypeError, ValueError) as e:
method_error(signature, e)
sys.exit(-1)
conf = {'global': {'request.error_response': handle_error}}
#configure cherrypy
cherrypy.config.update(conf)
wsgi_app = cherrypy.Application(PartnerHTTPServices(), '/callbacks')
dispatcher = WSGIPathInfoDispatcher({'/': wsgi_app})
server = CherryPyWSGIServer(('0.0.0.0', PARTNER_CLIENT_HTTP_SERVICE_PORT),
dispatcher)
sslAdapter = BuiltinSSLAdapter(PARTNER_CERTIFICATE, PARTNER_PRIVATE_KEY)
server.ssl_adapter = sslAdapter
try:
server.start()
except KeyboardInterrupt:
server.stop()
method_exit(signature)
import conf
setup_server_env(conf)
session_opts = {
'session.type': 'memory',
'session.cookie_expires': True,
#'session.data_dir': './data',
'session.auto': True,
'session.timeout': 900
}
RP = OpenIDConnect(registration_info=conf.ME,
ca_bundle=conf.CA_BUNDLE)
SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', conf.PORT),
SessionMiddleware(application,
session_opts))
if conf.BASE.startswith("https"):
from cherrypy.wsgiserver.ssl_builtin import BuiltinSSLAdapter
SRV.ssl_adapter = BuiltinSSLAdapter(conf.SERVER_CERT, conf.SERVER_KEY, conf.CA_BUNDLE)
LOGGER.info("RP server starting listening on port:%s" % conf.PORT)
print ("RP server starting listening on port:%s" % conf.PORT)
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
