def ssl(sock):
sock.conn = Connection(ctx=sslContextFactory(), sock=sock)
sock.conn.addr = sock.addr
sock.conn.setup_ssl()
sock.conn.set_connect_state()
sock.conn.connect_ssl()
check = getattr(sock.conn, 'postConnectionCheck',
sock.conn.clientPostConnectionCheck)
if check is not None:
if not check(sock.conn.get_peer_cert(), sock.conn.addr[0]):
raise Checker.SSLVerificationError, 'post connection check failed'
return sock.conn
class FriConnectionHandler(threading.Thread):
def __init__(self, host, port, queue, keystorage):
threading.Thread.__init__(self)
self.queue = queue
self.hostname = host
self.port = port
self.stopped = True
self.status = S_PENDING
self.sock = None
self.keystorage = keystorage
def __bind_socket(self):
try:
if self.keystorage:
context = self.keystorage.get_node_context()
self.sock = Connection(context)
else:
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
self.sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
self.sock.bind((self.hostname, self.port))
self.sock.listen(5)
except Exception, err:
self.status = S_ERROR
logger.error('[__bind_socket] %s'%err)
else:
def __bind_socket(self):
try:
if self.keystorage:
context = self.keystorage.get_node_context()
self.sock = Connection(context)
else:
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
self.sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
self.sock.bind((self.hostname, self.port))
self.sock.listen(5)
except Exception, err:
self.status = S_ERROR
logger.error('[__bind_socket] %s'%err)
def worker_routine(self, reduced_socket):
fd = rebuild_handle(reduced_socket)
sock = socket.fromfd(fd, socket.AF_INET, socket.SOCK_STREAM)
mp.forking.close(fd)
if self._key_storage:
sock = Connection(self._ssl_context, sock)
sock.setup_ssl()
sock.set_accept_state()
sock.accept_ssl()
socket_proc = SocketProcessor(sock)
try:
self.process(socket_proc)
socket_proc.close_socket()
except Exception, err:
socket_proc.close_socket(force=True)
raise err
def stop(self):
if self.stopped:
return
self.operator.stop()
self.__conn_handler_thread.stop()
self.__check_neighbours_thread.stop()
sock = None
try:
if self.keystorage:
context = Context()
context.set_verify(0, depth = 0)
sock = Connection(context)
sock.set_post_connection_check_callback(None)
sock.set_socket_read_timeout(M2Crypto.SSL.timeout(sec=1))
else:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(1.0)
if self.hostname == '0.0.0.0':
hostname = '127.0.0.1'
else:
hostname = self.hostname
sock.connect((hostname, self.port))
except socket.error:
pass
finally:
if sock:
sock.close()
del sock
self.__workers_manager_thread.stop()
#waiting threads finishing...
self.__workers_manager_thread.join()
self.__conn_handler_thread.join()
self.__check_neighbours_thread.join()
self.stopped = True
def __int_call(self, node_address, packet, conn_timeout, read_timeout=None):
sock = None
try:
address = node_address.split(':')
if len(address) != 2:
raise FriException('Node address %s is invalid! ' \
'Address should be in format <hostname>:<port>'%node_address)
hostname = address[0]
try:
port = int(address[1])
if 0 > port > 65535:
raise ValueError()
except ValueError:
raise FriException('Node address %s is invalid! ' \
'Port should be integer in range 0...65535'%node_address)
if not isinstance(packet, FabnetPacket):
raise Exception('FRI request packet should be an object of FabnetPacket')
packet.session_id = self.session_id
data = packet.dump()
if self.is_ssl:
context = Context()
context.set_verify(0, depth = 0)
sock = Connection(context)
sock.set_post_connection_check_callback(None)
sock.set_socket_read_timeout(M2Crypto.SSL.timeout(sec=conn_timeout))
else:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(conn_timeout)
sock.connect((hostname, port))
sock.sendall(data)
if self.is_ssl:
sock.set_socket_read_timeout(M2Crypto.SSL.timeout(sec=read_timeout))
else:
sock.settimeout(read_timeout)
ret_packet = self.__read_packet(sock)
if ret_packet.get('ret_code', -1) == RC_REQ_CERTIFICATE:
self.__send_cert(sock)
ret_packet = self.__read_packet(sock)
return ret_packet
finally:
if sock:
sock.close()
