def run(self, handler): server = CherryPyWSGIServer((self.host, self.port), handler) server.ssl_adapter = pyOpenSSLAdapter(CONSTANTS['certificate'], CONSTANTS['key']) try: server.start() finally: server.stop()
def inner_run(): if ssl_private_key and ssl_certificate: print "MSS server is running at https://%s:%s/" % (addr, port) else: print "MSS server is running at http://%s:%s/" % (addr, port) if settings.DEBUG: print "Devel mode is ON" print "Quit the server with %s." % quit_command app = WSGIHandler() path = {} if show_log: logged_app = TransLogger(app) path['/'] = logged_app else: path['/'] = app path[settings.MEDIA_URL] = MediaHandler(settings.MEDIA_ROOT) dispatcher = WSGIPathInfoDispatcher(path) server = CherryPyWSGIServer((addr, int(port)), dispatcher, threads) if ssl_private_key and ssl_certificate: from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter server.ssl_adapter = pyOpenSSLAdapter(ssl_certificate, ssl_private_key, None) try: server.start() except KeyboardInterrupt: server.stop() sys.exit(0)
def run(self, handler): self.options['bind_addr'] = (self.host, self.port) self.options['wsgi_app'] = handler certfile = self.options.get('certfile') if certfile or 'certfile' in self.options: del self.options['certfile'] keyfile = self.options.get('keyfile') if keyfile or 'keyfile' in self.options: del self.options['keyfile'] server = CherryPyWSGIServer(**self.options) if keyfile and certfile: LOGGER.info("Start using HTTPS") server.ssl_adapter = pyOpenSSLAdapter(certfile, keyfile, None) context = ssl.Context(ssl.SSLv23_METHOD) context.set_cipher_list('HIGH') context.use_privatekey_file(keyfile) context.use_certificate_file(certfile) server.ssl_adapter.context = context else: LOGGER.info("Start using HTTP") try: server.start() finally: server.stop()
def run(self, handler): server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler) server.ssl_adapter = pyOpenSSLAdapter(CERT_FILE, PEM_FILE) try: server.start() finally: server.stop()
def main(): sys.path.insert(0, os.getcwd()) args = WsgiApplication.arg_parser() pefim_server_conf = __import__(args.server_config) try: global wsgi_app wsgi_app = WsgiApplication(args, base_dir=os.getcwd() + "/") global SRV SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', pefim_server_conf.PORT), SessionMiddleware( application, pefim_server_conf.SESSION_OPTS)) SRV.stats['Enabled'] = True if pefim_server_conf.HTTPS: SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(pefim_server_conf.SERVER_CERT, pefim_server_conf.SERVER_KEY, pefim_server_conf.CERT_CHAIN) wsgi_app.logger.info("Server starting") print "Server listening on port: %s" % pefim_server_conf.PORT try: SRV.start() except KeyboardInterrupt: SRV.stop() except Exception, excp: args = WsgiApplication.arg_parser(error="Invalid configuration in %s or %s, please consult the documentation." % (args.config, args.server_config), exception=" Exception:%s" % exception_trace(excp))
def start_with_socket_fd(self, sock_fd): """ Re-Implement HTTPServer.start here to support binding to an existing socket. """ self._interrupt = None if self.software is None: self.software = "%s Server" % self.version # SSL backward compatibility if (self.ssl_adapter is None and getattr(self, 'ssl_certificate', None) and getattr(self, 'ssl_private_key', None)): warnings.warn( "SSL attributes are deprecated in CherryPy 3.2, and will " "be removed in CherryPy 3.3. Use an ssl_adapter attribute " "instead.", DeprecationWarning) try: from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter except ImportError: pass else: self.ssl_adapter = pyOpenSSLAdapter( self.ssl_certificate, self.ssl_private_key, getattr(self, 'ssl_certificate_chain', None)) # Select the appropriate socket self.socket = socket.fromfd(sock_fd, socket.AF_INET, socket.SOCK_STREAM) msg = "No socket could be created with file descriptor '{0}'" if not self.socket: raise socket.error(msg.format(sock_fd)) # Timeout so KeyboardInterrupt can be caught on Win32 self.socket.settimeout(1) self.socket.listen(self.request_queue_size) # Create worker threads self.requests.start() self.ready = True self._start_time = time.time() while self.ready: try: self.tick() except (KeyboardInterrupt, SystemExit): raise except: self.error_log("Error in HTTPServer.tick", level=logging.ERROR, traceback=True) if self.interrupt: while self.interrupt is True: # Wait for self.stop() to complete. See _set_interrupt. time.sleep(0.1) if self.interrupt: raise self.interrupt
def run(self, handler): server = CherryPyWSGIServer((self.host, self.port), handler) server.ssl_adapter = \ pyOpenSSLAdapter(RestConfig.get('ssl','certificate'), RestConfig.get('ssl', 'key')) try: server.start() finally: server.stop()
def run(self, handler): server = CherryPyWSGIServer((self.host, self.port), handler) server.ssl_adapter = \ pyOpenSSLAdapter(RestConfig.get('ssl', 'certificate'), RestConfig.get('ssl', 'key')) try: server.start() finally: server.stop()
def __init__(self, host, port, http_interface, use_ssl, ca_cert, ssl_key, ssl_cert, daemon_thread_pool_size): self.port = port self.host = host self.srv = None # Port = 0 means "I don't want HTTP server" if self.port == 0: return self.use_ssl = use_ssl self.srv = None protocol = 'http' if use_ssl: protocol = 'https' self.uri = '%s://%s:%s' % (protocol, self.host, self.port) logger.info("Opening HTTP socket at %s", self.uri) # This config override default processors so we put them back in case we need them config = { '/': { 'request.body.processors': {'application/x-www-form-urlencoded': process_urlencoded, 'multipart/form-data': process_multipart_form_data, 'multipart': process_multipart, 'application/zlib': zlib_processor}, 'tools.gzip.on': True, 'tools.gzip.mime_types': ['text/*', 'application/json'] } } # disable console logging of cherrypy when not in DEBUG if getattr(logger, 'level') != logging.DEBUG: cherrypy.log.screen = False self.srv = CherryPyWSGIServer((host, port), cherrypy.Application(http_interface, "/", config), numthreads=daemon_thread_pool_size, shutdown_timeout=1) if SSL and pyOpenSSLAdapter and use_ssl: adapter = pyOpenSSLAdapter(ssl_cert, ssl_key, ca_cert) context = adapter.get_context() # SSLV2 is deprecated since 2011 by RFC 6176 # SSLV3, TLSV1 and TLSV1.1 have POODLE weakness (harder to exploit on TLS) # So for now (until a new TLS version) we only have TLSv1.2 left # WE also remove compression because of BREACH weakness context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_NO_TLSv1 | SSL.OP_NO_TLSv1_1 | SSL.OP_NO_COMPRESSION) # All excluded algorithm beyond are known to be weak. context.set_cipher_list('DEFAULT:!DSS:!PSK:!SRP:!3DES:!RC4:!DES:!IDEA:!RC2:!NULL') adapter.context = context self.srv.ssl_adapter = adapter if use_ssl: self.srv.ssl_certificate = ssl_cert self.srv.ssl_private_key = ssl_key
def run(self, handler): from cherrypy import wsgiserver from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler) server.ssl_adapter = pyOpenSSLAdapter('cacert.pem', 'privkey.pem') try: server.start() finally: server.stop()
def run(self, handler): from cherrypy import wsgiserver from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler) server.ssl_adapter = pyOpenSSLAdapter(config.serverCertPem, config.serverCertKey) try: server.start() finally: server.stop()
def run(self, handler): from cherrypy import wsgiserver from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler) server.ssl_adapter = pyOpenSSLAdapter( certificate = DEFAULT_SOLSERVERCERT, private_key = DEFAULT_SOLSERVERPRIVKEY, ) try: server.start() log.info("Server started") finally: server.stop()
def run(self, handler): from cherrypy import wsgiserver from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler) server.ssl_adapter = pyOpenSSLAdapter( certificate="/etc/letsencrypt/live/mifulo.dacya.ucm.es/cert.pem", private_key="privkey.pem", certificate_chain="fullchain.pem") try: server.start() except: server.stop()
def run(self, handler): from cherrypy import wsgiserver from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler) server.ssl_adapter = pyOpenSSLAdapter(certificate="ucmpcs-ssl-cert.pem", private_key="ucmpcs-private-key.pem") try: print "Starting secure web application server using CherryPy..." server.start() except: print "Received STOP (or failed to start secure server!)..." server.stop()
def run(self, handler): from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter from cherrypy import wsgiserver server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler) self.srv = server # If cert variable is has a valid path, SSL will be used # You can set it to None to disable SSL server.ssl_adapter = pyOpenSSLAdapter( Config.REST_SSL_CERTFILE, Config.REST_SSL_KEYFILE, Config.REST_SSL_CA_CERTS) try: server.start() finally: server.stop()
def run(self, handler): """ Runs a CherryPy Server using the SSL certificate. """ from cherrypy import wsgiserver from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler) self.server = server server.ssl_adapter = pyOpenSSLAdapter( certificate=certfile, private_key=keyfile, # certificate_chain = cert_chain ) server.start()
def run(self, handler): from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter from cherrypy import wsgiserver server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler) self.srv = server # If cert variable is has a valid path, SSL will be used # You can set it to None to disable SSL server.ssl_adapter = pyOpenSSLAdapter(Config.REST_SSL_CERTFILE, Config.REST_SSL_KEYFILE, Config.REST_SSL_CA_CERTS) try: server.start() finally: server.stop()
def run(self, handler): """ Runs a CherryPy Server using the SSL certificate. """ from cherrypy import wsgiserver from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler) server.ssl_adapter = pyOpenSSLAdapter( certificate="cert.crt", private_key="private.key", certificate_chain="intermediate_cert.crt") try: server.start() except: server.stop()
def run(self, handler): """ Runs a CherryPy Server using the SSL certificate. """ from cherrypy import wsgiserver from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler) server.ssl_adapter = pyOpenSSLAdapter( certificate="cert.crt", private_key="private.key", certificate_chain="intermediate_cert.crt" ) try: server.start() except: server.stop()
def run(self, handler): """ Runs a CherryPy Server using the SSL certificate. """ from cherrypy import wsgiserver from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler) server.ssl_adapter = pyOpenSSLAdapter( certificate="openssl/certificate.crt", private_key="openssl/privateKey.key"#, #certificate_chain="intermediate_cert.crt" ) try: server.start() except Exception,e: print "failed to start %s" % (str(e)) server.stop()
def run_rack_manager_default(app, ssl_enabled, host='0.0.0.0', port=8080, number_threads=30, config=None, **kwargs): if config is not None: cpy.config.update(config) server = CherryPyWSGIServer((host, port), app, numthreads=number_threads, **kwargs) if (ssl_enabled): server.ssl_adapter = pyOpenSSLAdapter( certificate="/usr/lib/sslcerts/certs.pem", private_key="/usr/lib/sslcerts/privkey.pem") try: server.start() except KeyboardInterrupt: server.stop()
if args.authn_as: OAS.authn_as = args.authn_as endpoints = ENDPOINTS add_endpoints(endpoints) OAS.endpoints = endpoints if args.port == 80: OAS.baseurl = config.baseurl else: if config.baseurl.endswith("/"): config.baseurl = config.baseurl[:-1] OAS.baseurl = "%s:%d" % (config.baseurl, args.port) if not OAS.baseurl.endswith("/"): OAS.baseurl += "/" # Add the claims providers keys SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port), application) SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN) LOGGER.info("OC3 server starting listening on port:%s" % args.port) try: SRV.start() except KeyboardInterrupt: SRV.stop()
ARGS["discosrv"] = _args.discosrv if _args.wayf: ARGS["wayf"] = _args.wayf CACHE = Cache() CNFBASE = _args.config if _args.seed: SEED = _args.seed else: SEED = "SnabbtInspel" SP = Saml2Client(config_file="%s" % CNFBASE) POLICY = service_conf.POLICY add_urls() SRV = wsgiserver.CherryPyWSGIServer((HOST, PORT), application) _https = "" if service_conf.HTTPS: SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(SERVER_CERT, SERVER_KEY, CERT_CHAIN) _https = " using SSL/TLS" logger.info("Server starting") print("SP listening on %s:%s%s" % (HOST, PORT, _https)) try: SRV.start() except KeyboardInterrupt: SRV.stop()
f.write(json.dumps(jwks)) f.close() OP_ARG["keyjar"] = OAS.keyjar OP_ARG["jwks_uri"] = p.geturl() # Setup the web server SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port), SessionMiddleware(application, session_opts)) if _baseurl.startswith("https"): import cherrypy from cherrypy.wsgiserver import ssl_pyopenssl # from OpenSSL import SSL SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( config.SERVER_CERT, config.SERVER_KEY, config.CA_BUNDLE) # SRV.ssl_adapter.context = SSL.Context(SSL.SSLv23_METHOD) # SRV.ssl_adapter.context.set_options(SSL.OP_NO_SSLv3) try: cherrypy.server.ssl_certificate_chain = config.CERT_CHAIN except AttributeError: pass extra = " using SSL/TLS" else: extra = "" txt = "RP server starting listening on port:%s%s" % (args.port, extra) LOGGER.info(txt) print txt try: SRV.start()
# per AS instantiate a consumer for name, info in RP_CONF.AS_CONF.items(): c_conf = {"client_id": info["client_id"]} CONSUMER[name] = Consumer( session_db={}, client_config=c_conf, server_info={ "authorization_endpoint": info["authorization_endpoint"], "token_endpoint": info["token_endpoint"]}, authz_page="authz_cb", response_type="code") CONSUMER[name].client_secret = info["client_secret"] SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', RP_CONF.PORT), SessionMiddleware(application, session_opts)) if RP_CONF.BASE.startswith("https"): from cherrypy.wsgiserver import ssl_pyopenssl SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( RP_CONF.SERVER_CERT, RP_CONF.SERVER_KEY, RP_CONF.CA_BUNDLE) LOGGER.info(START_MESG % (RP_CONF.PORT, RP_CONF.HOST)) print(START_MESG % (RP_CONF.PORT, RP_CONF.HOST)) try: SRV.start() except KeyboardInterrupt: SRV.stop()
global ophandler if server_conf.OP_FRONTEND: config = importlib.import_module(args.config) ophandler = OpHandler(logger, config, LOOKUP, sphandler, test, debug) sphandler.ophandler = ophandler else: ophandler = None sphandler.ophandler = None global idphandler if server_conf.IDP_FRONTEND: idphandler = IdPHandler(args, LOOKUP, sphandler, server_conf.ISSUER) else: idphandler = None global SRV SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', server_conf.PORT), SessionMiddleware(application, server_conf.SESSION_OPTS)) SRV.stats['Enabled'] = True #SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', config.PORT), application) if server_conf.HTTPS: SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(server_conf.SERVER_CERT, server_conf.SERVER_KEY, server_conf.CERT_CHAIN) logger.info("Server starting") print "Server listening on port: %s" % server_conf.PORT try: SRV.start() except KeyboardInterrupt: SRV.stop()
def main(): global HOST global PORT global SERVER_CERT global SERVER_KEY global CACHE global ARGS global SP global SEED global POLICY from cherrypy import wsgiserver from cherrypy.wsgiserver import ssl_pyopenssl sys.path.insert(0, os.getcwd()) _parser = argparse.ArgumentParser() _parser.add_argument('-d', dest='debug', action='store_true', help="Print debug information") _parser.add_argument('-D', dest='discosrv', help="Which disco server to use") _parser.add_argument('-s', dest='seed', help="Cookie seed") _parser.add_argument('-W', dest='wayf', action='store_true', help="Which WAYF url to use") _parser.add_argument("config", help="SAML client config") _parser.add_argument("service_config", help="SP config") ARGS = {} _args = _parser.parse_args() if _args.discosrv: ARGS["discosrv"] = _args.discosrv if _args.wayf: ARGS["wayf"] = _args.wayf CACHE = Cache() CNFBASE = _args.config if _args.seed: SEED = _args.seed else: SEED = "SnabbtInspel" SP = Saml2Client(config_file="%s" % CNFBASE) CONFIG = importlib.import_module(_args.service_config) HOST = CONFIG.HOST PORT = CONFIG.PORT # ------- HTTPS ------- # These should point to relevant files SERVER_CERT = CONFIG.SERVER_CERT SERVER_KEY = CONFIG.SERVER_KEY # This is of course the certificate chain for the CA that signed # your cert and all the way up to the top CERT_CHAIN = CONFIG.CERT_CHAIN POLICY = CONFIG.POLICY add_urls() SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', PORT), application) _https = "" if CONFIG.HTTPS: SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(SERVER_CERT, SERVER_KEY, CERT_CHAIN) _https = " using SSL/TLS" logger.info("Server starting") print "SP listening on %s:%s%s" % (HOST, PORT, _https) try: SRV.start() except KeyboardInterrupt: SRV.stop()
ARGS["discosrv"] = _args.discosrv if _args.wayf: ARGS["wayf"] = _args.wayf CACHE = Cache() CNFBASE = _args.config if _args.seed: SEED = _args.seed else: SEED = "SnabbtInspel" SP = Saml2Client(config_file="%s" % CNFBASE) POLICY = service_conf.POLICY add_urls() SRV = wsgiserver.CherryPyWSGIServer((HOST, PORT), application) _https = "" if service_conf.HTTPS: SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(SERVER_CERT, SERVER_KEY, CERT_CHAIN) _https = " using SSL/TLS" logger.info("Server starting") print "SP listening on %s:%s%s" % (HOST, PORT, _https) try: SRV.start() except KeyboardInterrupt: SRV.stop()
username_password_authn, 10, CONFIG.BASE) AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED), "", 0, CONFIG.BASE) IDP = server.Server(args.config, cache=Cache()) IDP.ticket = {} _rot = args.mako_root LOOKUP = TemplateLookup(directories=[_rot + 'templates', _rot + 'htdocs'], module_directory=_rot + 'modules', input_encoding='utf-8', output_encoding='utf-8') HOST = CONFIG.HOST PORT = CONFIG.PORT SRV = wsgiserver.CherryPyWSGIServer((HOST, PORT), application) _https = "" if CONFIG.HTTPS: SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(CONFIG.SERVER_CERT, CONFIG.SERVER_KEY, CONFIG.CERT_CHAIN) _https = " using SSL/TLS" logger.info("Server starting") print("IDP listening on %s:%s%s" % (HOST, PORT, _https)) try: SRV.start() except KeyboardInterrupt: SRV.stop()
def main(): global IDP global AUTHN_BROKER global LOOKUP global args global CONFIG global USERS global PASSWD global EXTRA sys.path.insert(0, os.getcwd()) from wsgiref.simple_server import make_server parser = argparse.ArgumentParser() parser.add_argument('-p', dest='path', help='Path to configuration file.') parser.add_argument('-v', dest='valid', help="How long, in days, the metadata is valid from the time of creation") parser.add_argument('-c', dest='cert', help='certificate') parser.add_argument('-i', dest='id', help="The ID of the entities descriptor") parser.add_argument('-k', dest='keyfile', help="A file with a key to sign the metadata with") parser.add_argument('-n', dest='name') parser.add_argument('-s', dest='sign', action='store_true', help="sign the metadata") parser.add_argument('-m', dest='mako_root', default="./") parser.add_argument(dest="config") args = parser.parse_args() AUTHN_BROKER = AuthnBroker() AUTHN_BROKER.add(authn_context_class_ref(PASSWORD), username_password_authn, 10, "http://%s" % socket.gethostname()) AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED), "", 0, "http://%s" % socket.gethostname()) CONFIG = importlib.import_module(args.config) USERS = CONFIG.USERS PASSWD = CONFIG.PASSWD EXTRA = CONFIG.EXTRA IDP = server.Server(args.config, cache=Cache()) IDP.ticket = {} _rot = args.mako_root LOOKUP = TemplateLookup(directories=[_rot + 'htdocs', _rot + 'htdocs'], module_directory=_rot + 'modules', input_encoding='utf-8', output_encoding='utf-8') HOST = CONFIG.HOST PORT = CONFIG.PORT #SRV = make_server(HOST, PORT, application) SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', PORT), application) make_server if CONFIG.HTTPS: SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(CONFIG.SERVER_CERT, CONFIG.SERVER_KEY, CONFIG.CERT_CHAIN) print "IdP listening on %s:%s" % (HOST, PORT) try: SRV.start() except KeyboardInterrupt: SRV.stop()
provider.jwks_uri.append("{}/static/{}".format(provider.baseurl, name)) # Mount the WSGI callable object (app) on the root directory app_routing = setup_endpoints(provider) app_routing["/.well-known/openid-configuration"] = pyoidcMiddleware( provider.providerinfo_endpoint) app_routing["/.well-known/webfinger"] = pyoidcMiddleware( partial(_webfinger, provider)) routing = dict(auth_routing.items() + app_routing.items()) routing["/static"] = make_static_handler(path) dispatcher = WSGIPathInfoDispatcher(routing) server = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port), dispatcher) # Setup SSL if provider.baseurl.startswith("https://"): server.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( settings["server"]["cert"], settings["server"]["key"], settings["server"]["cert_chain"]) # Start the CherryPy WSGI web server try: print("Server started: {}".format(issuer)) server.start() except KeyboardInterrupt: server.stop() if __name__ == "__main__": main()
pass for tag in FLOW_SEQUENCE: _seq = FLOWS[tag]["sequence"] if REGISTER: if "oic-registration" not in _seq: _seq.insert(0, "oic-registration") if DYNAMIC: if "provider-info" not in _seq: _seq.insert(0, "provider-info") RP = OpenIDConnect(registration_info=rp_conf.ME, ca_bundle=rp_conf.CA_BUNDLE) SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', rp_conf.PORT), SessionMiddleware(application, session_opts)) if rp_conf.BASE.startswith("https"): from cherrypy.wsgiserver import ssl_pyopenssl SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( rp_conf.SERVER_CERT, rp_conf.SERVER_KEY, rp_conf.CA_BUNDLE) logger.info("RP server starting listening on port:%s" % rp_conf.PORT) print "RP server starting listening on port:%s" % rp_conf.PORT try: SRV.start() except KeyboardInterrupt: SRV.stop()
def start_with_socket_fd(self, sock_fd): """ Re-Implement HTTPServer.start here to support binding to an existing socket. """ self._interrupt = None if self.software is None: self.software = "%s Server" % self.version # SSL backward compatibility if (self.ssl_adapter is None and getattr(self, 'ssl_certificate', None) and getattr(self, 'ssl_private_key', None)): warnings.warn( "SSL attributes are deprecated in CherryPy 3.2, and will " "be removed in CherryPy 3.3. Use an ssl_adapter attribute " "instead.", DeprecationWarning ) try: from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter except ImportError: pass else: self.ssl_adapter = pyOpenSSLAdapter( self.ssl_certificate, self.ssl_private_key, getattr(self, 'ssl_certificate_chain', None)) # Select the appropriate socket self.socket = socket.fromfd(sock_fd, socket.AF_INET, socket.SOCK_STREAM) msg = "No socket could be created with file descriptor '{0}'" if not self.socket: raise socket.error(msg.format(sock_fd)) # Timeout so KeyboardInterrupt can be caught on Win32 self.socket.settimeout(1) self.socket.listen(self.request_queue_size) # Create worker threads self.requests.start() self.ready = True self._start_time = time.time() while self.ready: try: self.tick() except (KeyboardInterrupt, SystemExit): raise except: self.error_log("Error in HTTPServer.tick", level=logging.ERROR, traceback=True) if self.interrupt: while self.interrupt is True: # Wait for self.stop() to complete. See _set_interrupt. time.sleep(0.1) if self.interrupt: raise self.interrupt
def run(self): # While loop is for recovery from 'unknown ca' issue. while True: try: server_instance = ServerInstance(self.ip_address, self.secret, self.capabilities, self.host_id) self.server = wsgiserver.CherryPyWSGIServer( (self.ip_address, int(self.port)), wsgiserver.WSGIPathInfoDispatcher({ '/handshake': server_instance.handshake, '/download': server_instance.download, '/connected': server_instance.connected, '/routes': server_instance.routes, '/failed': server_instance.failed, '/status': server_instance.status, '/speed': server_instance.speed, '/feedback': server_instance.feedback, '/check': server_instance.check, '/stats': server_instance.stats }), numthreads=self.server_threads, timeout=20) self.server.stats['Enabled'] = True # Set maximum request input sizes to avoid processing DoS inputs self.server.max_request_header_size = 100000 self.server.max_request_body_size = 100000 # Lifetime of cert/private key temp file is lifetime of server # file is closed by ServerInstance, and that auto deletes tempfile self.certificate_temp_file = tempfile.NamedTemporaryFile() self.private_key_temp_file = tempfile.NamedTemporaryFile() self.certificate_temp_file.write( '-----BEGIN CERTIFICATE-----\n' + '\n'.join(split_len(self.certificate, 64)) + '\n-----END CERTIFICATE-----\n') self.certificate_temp_file.flush() self.private_key_temp_file.write( '-----BEGIN RSA PRIVATE KEY-----\n' + '\n'.join(split_len(self.private_key, 64)) + '\n-----END RSA PRIVATE KEY-----\n') self.private_key_temp_file.flush() self.server.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( self.certificate_temp_file.name, self.private_key_temp_file.name, None) psi_web_patch.patch_ssl_adapter(self.server.ssl_adapter) # Blocks until server stopped syslog.syslog(syslog.LOG_INFO, 'started %s' % (self.ip_address, )) self.server.start() break except (EnvironmentError, EOFError, SystemError, ValueError, ssl.SSLError, socket.error) as e: # Log recoverable errors and try again for line in traceback.format_exc().split('\n'): syslog.syslog(syslog.LOG_ERR, line) if self.server: self.stop_server() except TypeError as e: trace = traceback.format_exc() for line in trace.split('\n'): syslog.syslog(syslog.LOG_ERR, line) # Recover on this Cherrypy internal error # See bitbucket Issue 59 if (str(e).find("'NoneType' object") == 0 and trace.find("'SSL_PROTOCOL': cipher[1]") != -1): if self.server: self.stop_server() else: raise except Exception as e: # Log other errors and abort for line in traceback.format_exc().split('\n'): syslog.syslog(syslog.LOG_ERR, line) raise
provider.jwks_uri.append( "{}/static/{}".format(provider.baseurl, name)) # Mount the WSGI callable object (app) on the root directory app_routing = setup_endpoints(provider) app_routing["/.well-known/openid-configuration"] = pyoidcMiddleware( provider.providerinfo_endpoint) app_routing["/.well-known/webfinger"] = pyoidcMiddleware( partial(_webfinger, provider)) routing = dict(auth_routing.items() + app_routing.items()) routing["/static"] = make_static_handler(path) dispatcher = WSGIPathInfoDispatcher(routing) server = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port), dispatcher) # Setup SSL if provider.baseurl.startswith("https://"): server.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( settings["server"]["cert"], settings["server"]["key"], settings["server"]["cert_chain"]) # Start the CherryPy WSGI web server try: print("Server started: {}".format(issuer)) server.start() except KeyboardInterrupt: server.stop() if __name__ == "__main__": main()
if __name__ == '__main__': from beaker.middleware import SessionMiddleware from cherrypy import wsgiserver KW_ARGS = main_setup(logger) _conf = KW_ARGS["conf"] session_opts = { 'session.type': 'memory', 'session.cookie_expires': True, 'session.auto': True, 'session.timeout': 900 } SRV = wsgiserver.CherryPyWSGIServer( ('0.0.0.0', _conf.PORT), SessionMiddleware(application, session_opts)) if _conf.BASE.startswith("https"): from cherrypy.wsgiserver import ssl_pyopenssl SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( _conf.SERVER_CERT, _conf.SERVER_KEY, _conf.CA_BUNDLE) logger.info("RP server starting listening on port:%s" % _conf.PORT) print("RP server starting listening on port:%s" % _conf.PORT) try: SRV.start() except KeyboardInterrupt: SRV.stop()
setup_logging("config_server.log") SRV = wsgiserver.CherryPyWSGIServer( ('0.0.0.0', CONF.PORT), SessionMiddleware(logging_app, session_opts)) try: _dir_path = CONF.OPRP_DIR_PATH except AttributeError: _dir_path = "" if CONF.OPRP_DIR_PATH not in sys.path: sys.path.append(CONF.OPRP_DIR_PATH) if CONF.BASE.startswith("https"): import cherrypy from cherrypy.wsgiserver import ssl_pyopenssl SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( CONF.SERVER_CERT, CONF.SERVER_KEY, CONF.CA_BUNDLE) try: cherrypy.server.ssl_certificate_chain = CONF.CERT_CHAIN except AttributeError: pass extra = " using SSL/TLS" else: extra = "" txt = "Config server started, listening on port:%s%s" % (CONF.PORT, extra) LOGGER.info(txt) print txt try: SRV.start() except KeyboardInterrupt:
"organization_url"][0]["text"] except KeyError: pass sps.append((_name, entid)) return sps if __name__ == '__main__': SERVER_CERT = "pki/server.crt" SERVER_KEY = "pki/server.key" CA_BUNDLE = None SPS = get_sp("./sp/sp.xml") # The UMA AS AUTHZSRV = uma_as.main(BASE, CookieHandler) SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', PORT), application) if BASE.startswith("https"): from cherrypy.wsgiserver import ssl_pyopenssl SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( SERVER_CERT, SERVER_KEY, CA_BUNDLE) #logger.info("RP server starting listening on port:%s" % rp_conf.PORT) print "AS started, listening on port:%s" % PORT try: SRV.start() except KeyboardInterrupt: SRV.stop()
import web import requests import web import cherrypy from web.wsgiserver import CherryPyWSGIServer from web.wsgiserver.ssl_builtin import BuiltinSSLAdapter from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter from cherrypy.wsgiserver.ssl_pyopenssl import SSL context = SSL.Context(SSL.SSLv3_METHOD) context.set_cipher_list('ALL') context.use_certificate_file("cert.pem") context.use_privatekey_file("server.pem") CherryPyWSGIServer.ssl_adapter = pyOpenSSLAdapter("server.pem","server.pem",None) #CherryPyWSGIServer.ssl_adapter.context.set_cipher_list('RC4-SHA'); CherryPyWSGIServer.ssl_adapter.context = context urls = ( '/', 'index', '/verify', 'verify', '/logout', 'logout' ) app = web.application(urls, globals()) render = web.template.render('templates/') class index: def GET(self): return render.index()
def run(self): # While loop is for recovery from 'unknown ca' issue. while True: try: server_instance = ServerInstance(self.ip_address, self.secret, self.capabilities, self.host_id) self.server = wsgiserver.CherryPyWSGIServer( (self.ip_address, int(self.port)), wsgiserver.WSGIPathInfoDispatcher( {'/handshake': server_instance.handshake, '/download': server_instance.download, '/connected': server_instance.connected, '/routes': server_instance.routes, '/failed': server_instance.failed, '/status': server_instance.status, '/speed': server_instance.speed, '/feedback': server_instance.feedback, '/check': server_instance.check, '/stats': server_instance.stats}), numthreads=self.server_threads, timeout=20) self.server.stats['Enabled'] = True # Set maximum request input sizes to avoid processing DoS inputs self.server.max_request_header_size = 100000 self.server.max_request_body_size = 100000 # Lifetime of cert/private key temp file is lifetime of server # file is closed by ServerInstance, and that auto deletes tempfile self.certificate_temp_file = tempfile.NamedTemporaryFile() self.private_key_temp_file = tempfile.NamedTemporaryFile() self.certificate_temp_file.write( '-----BEGIN CERTIFICATE-----\n' + '\n'.join(split_len(self.certificate, 64)) + '\n-----END CERTIFICATE-----\n'); self.certificate_temp_file.flush() self.private_key_temp_file.write( '-----BEGIN RSA PRIVATE KEY-----\n' + '\n'.join(split_len(self.private_key, 64)) + '\n-----END RSA PRIVATE KEY-----\n'); self.private_key_temp_file.flush() self.server.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( self.certificate_temp_file.name, self.private_key_temp_file.name, None) psi_web_patch.patch_ssl_adapter(self.server.ssl_adapter) # Blocks until server stopped syslog.syslog(syslog.LOG_INFO, 'started %s' % (self.ip_address,)) self.server.start() break except (EnvironmentError, EOFError, SystemError, ValueError, ssl.SSLError, socket.error) as e: # Log recoverable errors and try again for line in traceback.format_exc().split('\n'): syslog.syslog(syslog.LOG_ERR, line) if self.server: self.stop_server() except TypeError as e: trace = traceback.format_exc() for line in trace.split('\n'): syslog.syslog(syslog.LOG_ERR, line) # Recover on this Cherrypy internal error # See bitbucket Issue 59 if (str(e).find("'NoneType' object") == 0 and trace.find("'SSL_PROTOCOL': cipher[1]") != -1): if self.server: self.stop_server() else: raise except Exception as e: # Log other errors and abort for line in traceback.format_exc().split('\n'): syslog.syslog(syslog.LOG_ERR, line) raise
CONFIG.BASE) AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED), "", 0, CONFIG.BASE) IDP = server.Server(args.config, cache=Cache()) IDP.ticket = {} _rot = args.mako_root LOOKUP = TemplateLookup(directories=[_rot + 'templates', _rot + 'htdocs'], module_directory=_rot + 'modules', input_encoding='utf-8', output_encoding='utf-8') HOST = CONFIG.HOST PORT = CONFIG.PORT SRV = wsgiserver.CherryPyWSGIServer((HOST, PORT), application) _https = "" if CONFIG.HTTPS: SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(CONFIG.SERVER_CERT, CONFIG.SERVER_KEY, CONFIG.CERT_CHAIN) _https = " using SSL/TLS" logger.info("Server starting") print("IDP listening on %s:%s%s" % (HOST, PORT, _https)) try: SRV.start() except KeyboardInterrupt: SRV.stop()
if server_conf.OP_FRONTEND: config = importlib.import_module(args.config) ophandler = OpHandler(logger, config, LOOKUP, sphandler, test, debug) sphandler.ophandler = ophandler else: ophandler = None sphandler.ophandler = None global idphandler if server_conf.IDP_FRONTEND: idphandler = IdPHandler(args, LOOKUP, sphandler, server_conf.ISSUER) else: idphandler = None global SRV SRV = wsgiserver.CherryPyWSGIServer( ('0.0.0.0', server_conf.PORT), SessionMiddleware(application, server_conf.SESSION_OPTS)) SRV.stats['Enabled'] = True #SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', config.PORT), application) if server_conf.HTTPS: SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( server_conf.SERVER_CERT, server_conf.SERVER_KEY, server_conf.CERT_CHAIN) logger.info("Server starting") print "Server listening on port: %s" % server_conf.PORT try: SRV.start() except KeyboardInterrupt: SRV.stop()
"organization_url"][0]["text"] except KeyError: pass sps.append((_name, entid)) return sps if __name__ == '__main__': SERVER_CERT = "pki/server.crt" SERVER_KEY = "pki/server.key" CA_BUNDLE = None SPS = get_sp("./sp/sp.xml") # The UMA AS AUTHZSRV = uma_as.main(BASE, CookieHandler) SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', PORT), application) if BASE.startswith("https"): from cherrypy.wsgiserver import ssl_pyopenssl SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( SERVER_CERT, SERVER_KEY, CA_BUNDLE) #logger.info("RP server starting listening on port:%s" % rp_conf.PORT) print("AS started, listening on port:%s" % PORT) try: SRV.start() except KeyboardInterrupt: SRV.stop()
if __name__ == '__main__': #This is equal to a main function in other languages. Handles all setup and starts the server. #Read arguments. parser = argparse.ArgumentParser() parser.add_argument(dest="config") args = parser.parse_args() global config config = importlib.import_module(args.config) global logger logger = create_logger(config.LOG_FILE) global SRV SRV = wsgiserver.CherryPyWSGIServer( ('0.0.0.0', config.PORT), SessionMiddleware(application, config.SESSION_OPTS)) SRV.stats['Enabled'] = True #SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', config.PORT), application) if config.HTTPS: SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN) logger.info("Server starting") print "Server is listening on port: %s" % config.PORT try: SRV.start() except KeyboardInterrupt: SRV.stop()
def start(self): """Run the server forever.""" # We don't have to trap KeyboardInterrupt or SystemExit here, # because cherrpy.server already does so, calling self.stop() for us. # If you're using this server with another framework, you should # trap those exceptions in whatever code block calls start(). self._interrupt = None if self.software is None: self.software = "%s Server" % self.version # SSL backward compatibility if (self.ssl_adapter is None and getattr(self, 'ssl_certificate', None) and getattr(self, 'ssl_private_key', None)): warnings.warn( "SSL attributes are deprecated in CherryPy 3.2, and will " "be removed in CherryPy 3.3. Use an ssl_adapter attribute " "instead.", DeprecationWarning ) try: from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter except ImportError: pass else: self.ssl_adapter = pyOpenSSLAdapter( self.ssl_certificate, self.ssl_private_key, getattr(self, 'ssl_certificate_chain', None)) # Select the appropriate socket if isinstance(self.bind_addr, basestring): # AF_UNIX socket # So we can reuse the socket... try: os.unlink(self.bind_addr) except: pass # So everyone can access the socket... try: os.chmod(self.bind_addr, 511) # 0777 except: pass info = [(socket.AF_UNIX, socket.SOCK_STREAM, 0, "", self.bind_addr)] else: # AF_INET or AF_INET6 socket # Get the correct address family for our host (allows IPv6 addresses) host, port = self.bind_addr try: info = socket.getaddrinfo(host, port, socket.AF_UNSPEC, socket.SOCK_STREAM, 0, socket.AI_PASSIVE) except socket.gaierror: if ':' in self.bind_addr[0]: info = [(socket.AF_INET6, socket.SOCK_STREAM, 0, "", self.bind_addr + (0, 0))] else: info = [(socket.AF_INET, socket.SOCK_STREAM, 0, "", self.bind_addr)] self.socket = None msg = "No socket could be created" for res in info: af, socktype, proto, canonname, sa = res try: self.bind(af, socktype, proto) except socket.error: if self.socket: self.socket.close() self.socket = None continue break if not self.socket: raise socket.error(msg) # Timeout so KeyboardInterrupt can be caught on Win32 self.socket.settimeout(1) self.socket.listen(self.request_queue_size) # Create worker threads self.requests.start() self.ready = True self._start_time = time.time() while self.ready: try: self.tick() except (KeyboardInterrupt, SystemExit): raise except: self.error_log("Error in HTTPServer.tick", level=logging.ERROR, traceback=True) if self.interrupt: while self.interrupt is True: # Wait for self.stop() to complete. See _set_interrupt. time.sleep(0.1) if self.interrupt: raise self.interrupt