Exemplo n.º 1
0
def get_keypair(config = None):
    if not config:
        config = SfaConfig()
    hierarchy = Hierarchy()
    key_dir= hierarchy.basedir
    data_dir = config.data_path
    keyfile =data_dir + os.sep + "server.key"
    certfile = data_dir + os.sep + "server.cert"

    # check if files already exist
    if os.path.exists(keyfile) and os.path.exists(certfile):
        return (keyfile, certfile)

    # create temp keypair server key and certificate
    (_, tmp_keyfile) = tempfile.mkstemp(suffix='.pkey', prefix='tmpkey', dir='/tmp')
    (_, tmp_certfile) = tempfile.mkstemp(suffix='.cert', prefix='tmpcert', dir='/tmp') 
    tmp_key = Keypair(create=True)
    tmp_key.save_to_file(tmp_keyfile)
    tmp_cert = Certificate(subject='subject')
    tmp_cert.set_issuer(key=tmp_key, subject='subject')
    tmp_cert.set_pubkey(tmp_key)
    tmp_cert.save_to_file(tmp_certfile, save_parents=True)

    # request real pkey from registry
    api = ComponentAPI(key_file=tmp_keyfile, cert_file=tmp_certfile)
    registry = api.get_registry()
    registry.get_key()
    key = Keypair(filename=keyfile)
    cert = Certificate(subject=hrn)
    cert.set_issuer(key=key, subject=hrn)
    cert.set_pubkey(key)
    cert.sign()
    cert.save_to_file(certfile, save_parents=True)
    return (keyfile, certfile)
Exemplo n.º 2
0
def start():
    logger.log("sfagid: plugin starting up ...")
    if not sfa:
        return
    try:
        keyfile, certfile = get_keypair(None)
        api = ComponentAPI(key_file=keyfile, cert_file=certfile)
        api.get_node_key()
    except:
        return
Exemplo n.º 3
0
class SecureXMLRpcRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler):
    """Secure XML-RPC request handler class.

    It it very similar to SimpleXMLRPCRequestHandler but it uses HTTPS for transporting XML data.
    """

    def setup(self):
        self.connection = self.request
        self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
        self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)

    def do_POST(self):
        """Handles the HTTPS POST request.

        It was copied out from SimpleXMLRPCServer.py and modified to shutdown the socket cleanly.
        """
        try:
            peer_cert = Certificate()
            peer_cert.load_from_pyopenssl_x509(self.connection.get_peer_certificate())
            self.api = ComponentAPI(
                peer_cert=peer_cert,
                interface=self.server.interface,
                key_file=self.server.key_file,
                cert_file=self.server.cert_file,
            )
            # get arguments
            request = self.rfile.read(int(self.headers["content-length"]))
            # In previous versions of SimpleXMLRPCServer, _dispatch
            # could be overridden in this class, instead of in
            # SimpleXMLRPCDispatcher. To maintain backwards compatibility,
            # check to see if a subclass implements _dispatch and dispatch
            # using that method if present.
            # response = self.server._marshaled_dispatch(request, getattr(self, '_dispatch', None))
            # XX TODO: Need to get the real remote address
            remote_addr = (remote_ip, remote_port) = self.connection.getpeername()
            self.api.remote_addr = remote_addr
            # remote_addr = (self.rfile.connection.remote_ip, remote_port)
            # self.api.remote_addr = remote_addr
            response = self.api.handle(remote_addr, request)

        except Exception, fault:
            raise
            # This should only happen if the module is buggy
            # internal error, report as HTTP server error
            self.send_response(500)
            self.end_headers()
            logger.log_exc("componentserver.SecureXMLRpcRequestHandler.do_POST")
        else: