def run(config): plugins = util.plugins() for name, plugin in plugins.items(): cherrypy.tree.graft(plugin(config), "/{}".format(name)) cherrypy.config.update({ 'engine.autoreload.on': False, 'log.screen': False, 'log.access_file': str(config["access.log"]), 'log.error_file': str(config["error.log"]), 'server.socket_port': int(config["port"]), 'server.socket_host': str(config["host"]), 'server.max_request_body_size': int(config["max_request_body_size"]), 'engine.SIGHUP': None, 'engine.SIGTERM': None, }) cherrypy.server.ssl_module = 'builtin' CherryPyWSGIServer.ssl_adapter = BuiltinSSLAdapter(config["cert"], config["key"], None) cherrypy.engine.start() cherrypy.engine.block()
def run(self, handler): from cherrypy import wsgiserver from cherrypy.wsgiserver.ssl_builtin import BuiltinSSLAdapter server = wsgiserver.CherryPyWSGIServer(('0.0.0.0', self.port), handler) server.ssl_adapter = BuiltinSSLAdapter( '/etc/apache2/certs/cert.pem', '/etc/apache2/certs/server-pkey.pem', None) try: server.start() finally: server.stop()
def _runCherryPy(app, config, mode): """Run WsgiDAV using cherrypy.wsgiserver, if CherryPy is installed.""" assert mode in ("cherrypy", "cherrypy-bundled") try: if mode == "cherrypy-bundled": # Need to set import root folder server_folder = os.path.dirname(__file__) sys.path.append(server_folder) from cherrypy import wsgiserver from cherrypy.wsgiserver.ssl_builtin import BuiltinSSLAdapter else: # http://cherrypy.org/apidocs/3.0.2/cherrypy.wsgiserver-module.html from cherrypy import wsgiserver, __version__ as cp_version, BuiltinSSLAdapter version = "WsgiDAV/%s %s Python/%s" % ( __version__, wsgiserver.CherryPyWSGIServer.version, PYTHON_VERSION) wsgiserver.CherryPyWSGIServer.version = version # Support SSL ssl_certificate = _get_checked_path(config.get("ssl_certificate")) ssl_private_key = _get_checked_path(config.get("ssl_private_key")) ssl_certificate_chain = _get_checked_path( config.get("ssl_certificate_chain")) protocol = "http" if ssl_certificate: assert ssl_private_key wsgiserver.CherryPyWSGIServer.ssl_adapter = BuiltinSSLAdapter( ssl_certificate, ssl_private_key, ssl_certificate_chain) protocol = "https" if config["verbose"] >= 1: print("SSL / HTTPS enabled.") if config["verbose"] >= 1: print "Running %s" % version print("Listening on %s://%s:%s ..." % (protocol, config["host"], config["port"])) server = wsgiserver.CherryPyWSGIServer( (config["host"], config["port"]), app, server_name=version, ) try: server.start() except KeyboardInterrupt: if config["verbose"] >= 1: print "Caught Ctrl-C, shutting down..." server.stop() except ImportError, e: if config["verbose"] >= 1: print "Could not import wsgiserver.CherryPyWSGIServer." return False
def _runCherryPy(app, config, mode): """Run WsgiDAV using cherrypy.wsgiserver if CherryPy is installed.""" assert mode in ("cherrypy", "cherrypy-bundled") try: from cherrypy import wsgiserver from cherrypy.wsgiserver.ssl_builtin import BuiltinSSLAdapter except ImportError: # if config["verbose"] >= 1: print("ERROR: Could not import CherryPy, Try `pip install cherrypy`.") raise server_name = "WsgiDAV/%s %s Python/%s" % ( __version__, wsgiserver.CherryPyWSGIServer.version, PYTHON_VERSION) wsgiserver.CherryPyWSGIServer.version = server_name # Support SSL ssl_certificate = _get_checked_path(config.get("ssl_certificate")) ssl_private_key = _get_checked_path(config.get("ssl_private_key")) ssl_certificate_chain = _get_checked_path(config.get("ssl_certificate_chain")) protocol = "http" if ssl_certificate: assert ssl_private_key wsgiserver.CherryPyWSGIServer.ssl_adapter = BuiltinSSLAdapter(ssl_certificate, ssl_private_key, ssl_certificate_chain) protocol = "https" if config["verbose"] >= 1: print("SSL / HTTPS enabled.") if config["verbose"] >= 1: print("Running %s" % server_name) print("Serving on %s://%s:%s ..." % (protocol, config["host"], config["port"])) server_args = {"bind_addr": (config["host"], config["port"]), "wsgi_app": app, "server_name": server_name, } # Override or add custom args server_args.update(config.get("server_args", {})) server = wsgiserver.CherryPyWSGIServer(**server_args) try: server.start() except KeyboardInterrupt: if config["verbose"] >= 1: print("Caught Ctrl-C, shutting down...") finally: server.stop() return
def run(self, handler): from cherrypy.wsgiserver.ssl_builtin import BuiltinSSLAdapter from cherrypy import wsgiserver server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler) self.srv = server # If cert variable is has a valid path, SSL will be used # You can set it to None to disable SSL server.ssl_adapter = BuiltinSSLAdapter(self._ssl_certfile, self._ssl_keyfile, self._ssl_ca_certs) try: server.start() finally: server.stop()
def _runCherryPy(app, config, mode): """Run WsgiDAV using cherrypy.wsgiserver if CherryPy is installed.""" assert mode == "cherrypy-wsgiserver" try: from cherrypy import wsgiserver from cherrypy.wsgiserver.ssl_builtin import BuiltinSSLAdapter _logger.warn("WARNING: cherrypy.wsgiserver is deprecated.") _logger.warn( " Starting with CherryPy 9.0 the functionality from cherrypy.wsgiserver" ) _logger.warn(" was moved to the cheroot project.") _logger.warn(" Consider using --server=cheroot.") except ImportError: _logger.error("*" * 78) _logger.error("ERROR: Could not import cherrypy.wsgiserver.") _logger.error( "Try `pip install cherrypy` or specify another server using the --server option." ) _logger.error( "Note that starting with CherryPy 9.0, the server was moved to") _logger.error( "the cheroot project, so it is recommended to use `-server=cheroot`" ) _logger.error("and run `pip install cheroot` instead.") _logger.error("*" * 78) raise server_name = "WsgiDAV/{} {} Python/{}".format( __version__, wsgiserver.CherryPyWSGIServer.version, util.PYTHON_VERSION) wsgiserver.CherryPyWSGIServer.version = server_name # Support SSL ssl_certificate = _get_checked_path(config.get("ssl_certificate")) ssl_private_key = _get_checked_path(config.get("ssl_private_key")) ssl_certificate_chain = _get_checked_path( config.get("ssl_certificate_chain")) protocol = "http" if ssl_certificate: assert ssl_private_key wsgiserver.CherryPyWSGIServer.ssl_adapter = BuiltinSSLAdapter( ssl_certificate, ssl_private_key, ssl_certificate_chain) protocol = "https" _logger.info("SSL / HTTPS enabled.") _logger.info("Running {}".format(server_name)) _logger.info("Serving on {}://{}:{} ...".format(protocol, config["host"], config["port"])) server_args = { "bind_addr": (config["host"], config["port"]), "wsgi_app": app, "server_name": server_name, } # Override or add custom args server_args.update(config.get("server_args", {})) server = wsgiserver.CherryPyWSGIServer(**server_args) # If the caller passed a startup event, monkey patch the server to set it # when the request handler loop is entered startup_event = config.get("startup_event") if startup_event: def _patched_tick(): server.tick = org_tick # undo the monkey patch org_tick() _logger.info("CherryPyWSGIServer is ready") startup_event.set() org_tick = server.tick server.tick = _patched_tick try: server.start() except KeyboardInterrupt: _logger.warn("Caught Ctrl-C, shutting down...") finally: server.stop() return
def main(): parser = argparse.ArgumentParser(description='Example OIDC Provider.') parser.add_argument("-p", "--port", default=80, type=int) parser.add_argument("-b", "--base", default="https://localhost", type=str) parser.add_argument("-d", "--debug", action="store_true") parser.add_argument("settings") args = parser.parse_args() # Load configuration with open(args.settings, "r") as f: settings = yaml.load(f) issuer = args.base.rstrip("/") template_dirs = settings["server"].get("template_dirs", "templates") jinja_env = Environment(loader=FileSystemLoader(template_dirs)) authn_broker, auth_routing = setup_authentication_methods( settings["authn"], jinja_env) # Setup userinfo userinfo_conf = settings["userinfo"] cls = make_cls_from_name(userinfo_conf["class"]) i = cls(**userinfo_conf["kwargs"]) userinfo = UserInfo(i) client_db = {} provider = Provider(issuer, SessionDB(issuer), client_db, authn_broker, userinfo, AuthzHandling(), verify_client, None) provider.baseurl = issuer provider.symkey = rndstr(16) # Setup keys path = os.path.join(os.path.dirname(__file__), "static") try: os.makedirs(path) except OSError as e: if e.errno != errno.EEXIST: raise e pass jwks = keyjar_init(provider, settings["provider"]["keys"]) name = "jwks.json" with open(os.path.join(path, name), "w") as f: f.write(json.dumps(jwks)) provider.jwks_uri.append("{}/static/{}".format(provider.baseurl, name)) # Mount the WSGI callable object (app) on the root directory app_routing = setup_endpoints(provider) app_routing["/.well-known/openid-configuration"] = pyoidcMiddleware( provider.providerinfo_endpoint) app_routing["/.well-known/webfinger"] = pyoidcMiddleware( partial(_webfinger, provider)) routing = dict(list(auth_routing.items()) + list(app_routing.items())) routing["/static"] = make_static_handler(path) dispatcher = WSGIPathInfoDispatcher(routing) server = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port), dispatcher) # Setup SSL if provider.baseurl.startswith("https://"): server.ssl_adapter = BuiltinSSLAdapter( settings["server"]["cert"], settings["server"]["key"], settings["server"]["cert_chain"]) # Start the CherryPy WSGI web server try: print("Server started: {}".format(issuer)) server.start() except KeyboardInterrupt: server.stop()
sign_alg = None digest_alg = None try: sign_alg = CONFIG.SIGN_ALG except AttributeError: pass try: digest_alg = CONFIG.DIGEST_ALG except AttributeError: pass ds.DefaultSignature(sign_alg, digest_alg) SRV = wsgiserver.CherryPyWSGIServer((HOST, PORT), application) _https = "" if CONFIG.HTTPS: https = "using HTTPS" # SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( # config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN) SRV.ssl_adapter = BuiltinSSLAdapter(CONFIG.SERVER_CERT, CONFIG.SERVER_KEY, CONFIG.CERT_CHAIN) logger.info("Server starting") print("IDP listening on %s:%s%s" % (HOST, PORT, _https)) try: SRV.start() except KeyboardInterrupt: SRV.stop()
webio=WebIh, webtester=WebTester, check=check, webenv=app_args, pick_grp=pick_grp, path=_path) _conf = app_args['conf'] SRV = wsgiserver.CherryPyWSGIServer( ('0.0.0.0', args.port), SessionMiddleware(WA.application, session_opts)) if args.tls: from cherrypy.wsgiserver.ssl_builtin import BuiltinSSLAdapter SRV.ssl_adapter = BuiltinSSLAdapter(_conf.SERVER_CERT, _conf.SERVER_KEY, _conf.CERT_CHAIN) extra = " using SSL/TLS" else: extra = "" print(_path) txt = "AS test server starting listening on port:%s%s" % (args.port, extra) logger.info(txt) print(txt) try: SRV.start() except KeyboardInterrupt: SRV.stop()
for key in jwks["keys"]: for k in key.keys(): key[k] = as_unicode(key[k]) f.write(json.dumps(jwks)) f.close() OAS.jwks_uri = "%s%s" % (OAS.baseurl, jwks_file_name) for b in OAS.keyjar[""]: LOGGER.info("OC3 server keys: %s" % b) # Setup the web server SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port), application) https = "" if config.SERVICE_URL.startswith("https"): https = "using HTTPS" # SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( # config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN) SRV.ssl_adapter = BuiltinSSLAdapter(config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN) LOGGER.info("OC server starting listening on port:%s %s" % (args.port, https)) print("OC server starting listening on port:%s %s" % (args.port, https)) try: SRV.start() except KeyboardInterrupt: SRV.stop()
# for b in OAS.keyjar[""]: # LOGGER.info("OC3 server keys: %s" % b) # TODO: Questions: # END_POINT is defined as a dictionary in the configuration file, # why not defining it as string with "verify" value? # after all, we have only one end point. # can we have multiple end points for password? why? endPoint = config.AUTHENTICATION["UserPassword"]["EndPoints"][ passwordEndPointIndex] _urls = [] _urls.append((r'^' + endPoint, make_auth_verify(authnIndexedEndPointWrapper.verify))) _app = Application(provider, _urls) # Setup the web server server = wsgiserver.CherryPyWSGIServer(('0.0.0.0', config.PORT), _app.application) server.ssl_adapter = BuiltinSSLAdapter(config.SERVER_CERT, config.SERVER_KEY) print "OIDC Provider server started (issuer={}, port={})".format( config.ISSUER, config.PORT) try: server.start() except KeyboardInterrupt: server.stop()
def cpwsgi_server(app, global_conf=None, host='127.0.0.1', port=None, ssl_pem=None, protocol_version=None, numthreads=None, server_name=None, max=None, request_queue_size=None, timeout=None): """ Serves the specified WSGI app via CherryPyWSGIServer. ``app`` The WSGI 'application callable'; multiple WSGI applications may be passed as (script_name, callable) pairs. ``host`` This is the ipaddress to bind to (or a hostname if your nameserver is properly configured). This defaults to 127.0.0.1, which is not a public interface. ``port`` The port to run on, defaults to 8080 for HTTP, or 4443 for HTTPS. This can be a string or an integer value. ``ssl_pem`` This an optional SSL certificate file (via OpenSSL) You can generate a self-signed test PEM certificate file as follows: $ openssl genrsa 1024 > host.key $ chmod 400 host.key $ openssl req -new -x509 -nodes -sha1 -days 365 \\ -key host.key > host.cert $ cat host.cert host.key > host.pem $ chmod 400 host.pem ``protocol_version`` The protocol used by the server, by default ``HTTP/1.1``. ``numthreads`` The number of worker threads to create. ``server_name`` The string to set for WSGI's SERVER_NAME environ entry. ``max`` The maximum number of queued requests. (defaults to -1 = no limit). ``request_queue_size`` The 'backlog' argument to socket.listen(); specifies the maximum number of queued connections. ``timeout`` The timeout in seconds for accepted connections. """ is_ssl = False if ssl_pem: port = port or 4443 is_ssl = True if not port: if ':' in host: host, port = host.split(':', 1) else: port = 8080 bind_addr = (host, int(port)) kwargs = {} for var_name in ('numthreads', 'max', 'request_queue_size', 'timeout'): var = locals()[var_name] if var is not None: kwargs[var_name] = int(var) server = wsgiserver.CherryPyWSGIServer(bind_addr, app, server_name=server_name, **kwargs) if is_ssl: if builtin: server.ssl_module = 'builtin' server.ssl_adapter = BuiltinSSLAdapter(ssl_pem, ssl_pem) else: server.ssl_certificate = server.ssl_private_key = ssl_pem if protocol_version: server.protocol = protocol_version try: protocol = is_ssl and 'https' or 'http' if host == '0.0.0.0': print('serving on 0.0.0.0:%s view at %s://127.0.0.1:%s' % \ (port, protocol, port)) else: print("serving on %s://%s:%s" % (protocol, host, port)) server.start() except (KeyboardInterrupt, SystemExit): server.stop() return server
check_file('CA_CERTIFICATE_FILE', CA_CERTIFICATE_FILE) check_file('PARTNER_CERTIFICATE', PARTNER_CERTIFICATE) check_file('PARTNER_PRIVATE_KEY', PARTNER_PRIVATE_KEY) check_string('HFPP_PARTNER_ID', HFPP_PARTNER_ID) check_port('PARTNER_CLIENT_HTTP_SERVICE_PORT', PARTNER_CLIENT_HTTP_SERVICE_PORT) check_bool('PARTNER_IMMEDIATE_FULLFIL', PARTNER_IMMEDIATE_FULLFIL) check_string('DECISION_MODULE_URL', DECISION_MODULE_URL) check_file('STUDY_REPORT_DIRECTORY', STUDY_REPORT_DIRECTORY) #badly formed hexadecimal UUID string will throw if not uuid string partner_id = uuid.UUID(HFPP_PARTNER_ID) logging.debug('hfpp partner id:%s', partner_id) except (TypeError, ValueError) as e: method_error(signature, e) sys.exit(-1) conf = {'global': {'request.error_response': handle_error}} #configure cherrypy cherrypy.config.update(conf) wsgi_app = cherrypy.Application(PartnerHTTPServices(), '/callbacks') dispatcher = WSGIPathInfoDispatcher({'/': wsgi_app}) server = CherryPyWSGIServer(('0.0.0.0', PARTNER_CLIENT_HTTP_SERVICE_PORT), dispatcher) sslAdapter = BuiltinSSLAdapter(PARTNER_CERTIFICATE, PARTNER_PRIVATE_KEY) server.ssl_adapter = sslAdapter try: server.start() except KeyboardInterrupt: server.stop() method_exit(signature)
import conf setup_server_env(conf) session_opts = { 'session.type': 'memory', 'session.cookie_expires': True, #'session.data_dir': './data', 'session.auto': True, 'session.timeout': 900 } RP = OpenIDConnect(registration_info=conf.ME, ca_bundle=conf.CA_BUNDLE) SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', conf.PORT), SessionMiddleware(application, session_opts)) if conf.BASE.startswith("https"): from cherrypy.wsgiserver.ssl_builtin import BuiltinSSLAdapter SRV.ssl_adapter = BuiltinSSLAdapter(conf.SERVER_CERT, conf.SERVER_KEY, conf.CA_BUNDLE) LOGGER.info("RP server starting listening on port:%s" % conf.PORT) print ("RP server starting listening on port:%s" % conf.PORT) try: SRV.start() except KeyboardInterrupt: SRV.stop()