def run(self, handler):
server = CherryPyWSGIServer((self.host, self.port), handler)
server.ssl_adapter = pyOpenSSLAdapter(CONSTANTS['certificate'], CONSTANTS['key'])
try:
server.start()
finally:
server.stop()
def inner_run():
if ssl_private_key and ssl_certificate:
print "MSS server is running at https://%s:%s/" % (addr, port)
else:
print "MSS server is running at http://%s:%s/" % (addr, port)
if settings.DEBUG:
print "Devel mode is ON"
print "Quit the server with %s." % quit_command
app = WSGIHandler()
path = {}
if show_log:
logged_app = TransLogger(app)
path['/'] = logged_app
else:
path['/'] = app
path[settings.MEDIA_URL] = MediaHandler(settings.MEDIA_ROOT)
dispatcher = WSGIPathInfoDispatcher(path)
server = CherryPyWSGIServer((addr, int(port)), dispatcher, threads)
if ssl_private_key and ssl_certificate:
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
server.ssl_adapter = pyOpenSSLAdapter(ssl_certificate, ssl_private_key, None)
try:
server.start()
except KeyboardInterrupt:
server.stop()
sys.exit(0)
def run(self, handler):
self.options['bind_addr'] = (self.host, self.port)
self.options['wsgi_app'] = handler
certfile = self.options.get('certfile')
if certfile or 'certfile' in self.options:
del self.options['certfile']
keyfile = self.options.get('keyfile')
if keyfile or 'keyfile' in self.options:
del self.options['keyfile']
server = CherryPyWSGIServer(**self.options)
if keyfile and certfile:
LOGGER.info("Start using HTTPS")
server.ssl_adapter = pyOpenSSLAdapter(certfile, keyfile, None)
context = ssl.Context(ssl.SSLv23_METHOD)
context.set_cipher_list('HIGH')
context.use_privatekey_file(keyfile)
context.use_certificate_file(certfile)
server.ssl_adapter.context = context
else:
LOGGER.info("Start using HTTP")
try:
server.start()
finally:
server.stop()
def run(self, handler):
server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler)
server.ssl_adapter = pyOpenSSLAdapter(CERT_FILE, PEM_FILE)
try:
server.start()
finally:
server.stop()
def run(self, handler):
server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler)
server.ssl_adapter = pyOpenSSLAdapter(CERT_FILE, PEM_FILE)
try:
server.start()
finally:
server.stop()
def main():
sys.path.insert(0, os.getcwd())
args = WsgiApplication.arg_parser()
pefim_server_conf = __import__(args.server_config)
try:
global wsgi_app
wsgi_app = WsgiApplication(args, base_dir=os.getcwd() + "/")
global SRV
SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', pefim_server_conf.PORT), SessionMiddleware(
application,
pefim_server_conf.SESSION_OPTS))
SRV.stats['Enabled'] = True
if pefim_server_conf.HTTPS:
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(pefim_server_conf.SERVER_CERT, pefim_server_conf.SERVER_KEY,
pefim_server_conf.CERT_CHAIN)
wsgi_app.logger.info("Server starting")
print "Server listening on port: %s" % pefim_server_conf.PORT
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
except Exception, excp:
args = WsgiApplication.arg_parser(error="Invalid configuration in %s or %s, please consult the documentation."
% (args.config, args.server_config),
exception=" Exception:%s" % exception_trace(excp))
def start_with_socket_fd(self, sock_fd):
"""
Re-Implement HTTPServer.start here to support
binding to an existing socket.
"""
self._interrupt = None
if self.software is None:
self.software = "%s Server" % self.version
# SSL backward compatibility
if (self.ssl_adapter is None and getattr(self, 'ssl_certificate', None)
and getattr(self, 'ssl_private_key', None)):
warnings.warn(
"SSL attributes are deprecated in CherryPy 3.2, and will "
"be removed in CherryPy 3.3. Use an ssl_adapter attribute "
"instead.", DeprecationWarning)
try:
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
except ImportError:
pass
else:
self.ssl_adapter = pyOpenSSLAdapter(
self.ssl_certificate, self.ssl_private_key,
getattr(self, 'ssl_certificate_chain', None))
# Select the appropriate socket
self.socket = socket.fromfd(sock_fd, socket.AF_INET,
socket.SOCK_STREAM)
msg = "No socket could be created with file descriptor '{0}'"
if not self.socket:
raise socket.error(msg.format(sock_fd))
# Timeout so KeyboardInterrupt can be caught on Win32
self.socket.settimeout(1)
self.socket.listen(self.request_queue_size)
# Create worker threads
self.requests.start()
self.ready = True
self._start_time = time.time()
while self.ready:
try:
self.tick()
except (KeyboardInterrupt, SystemExit):
raise
except:
self.error_log("Error in HTTPServer.tick",
level=logging.ERROR,
traceback=True)
if self.interrupt:
while self.interrupt is True:
# Wait for self.stop() to complete. See _set_interrupt.
time.sleep(0.1)
if self.interrupt:
raise self.interrupt
def run(self, handler):
server = CherryPyWSGIServer((self.host, self.port), handler)
server.ssl_adapter = \
pyOpenSSLAdapter(RestConfig.get('ssl','certificate'),
RestConfig.get('ssl', 'key'))
try:
server.start()
finally:
server.stop()
def run(self, handler):
server = CherryPyWSGIServer((self.host, self.port), handler)
server.ssl_adapter = \
pyOpenSSLAdapter(RestConfig.get('ssl', 'certificate'),
RestConfig.get('ssl', 'key'))
try:
server.start()
finally:
server.stop()
def __init__(self, host, port, http_interface, use_ssl, ca_cert,
ssl_key, ssl_cert, daemon_thread_pool_size):
self.port = port
self.host = host
self.srv = None
# Port = 0 means "I don't want HTTP server"
if self.port == 0:
return
self.use_ssl = use_ssl
self.srv = None
protocol = 'http'
if use_ssl:
protocol = 'https'
self.uri = '%s://%s:%s' % (protocol, self.host, self.port)
logger.info("Opening HTTP socket at %s", self.uri)
# This config override default processors so we put them back in case we need them
config = {
'/': {
'request.body.processors': {'application/x-www-form-urlencoded': process_urlencoded,
'multipart/form-data': process_multipart_form_data,
'multipart': process_multipart,
'application/zlib': zlib_processor},
'tools.gzip.on': True,
'tools.gzip.mime_types': ['text/*', 'application/json']
}
}
# disable console logging of cherrypy when not in DEBUG
if getattr(logger, 'level') != logging.DEBUG:
cherrypy.log.screen = False
self.srv = CherryPyWSGIServer((host, port),
cherrypy.Application(http_interface, "/", config),
numthreads=daemon_thread_pool_size, shutdown_timeout=1)
if SSL and pyOpenSSLAdapter and use_ssl:
adapter = pyOpenSSLAdapter(ssl_cert, ssl_key, ca_cert)
context = adapter.get_context()
# SSLV2 is deprecated since 2011 by RFC 6176
# SSLV3, TLSV1 and TLSV1.1 have POODLE weakness (harder to exploit on TLS)
# So for now (until a new TLS version) we only have TLSv1.2 left
# WE also remove compression because of BREACH weakness
context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 |
SSL.OP_NO_TLSv1 | SSL.OP_NO_TLSv1_1 |
SSL.OP_NO_COMPRESSION)
# All excluded algorithm beyond are known to be weak.
context.set_cipher_list('DEFAULT:!DSS:!PSK:!SRP:!3DES:!RC4:!DES:!IDEA:!RC2:!NULL')
adapter.context = context
self.srv.ssl_adapter = adapter
if use_ssl:
self.srv.ssl_certificate = ssl_cert
self.srv.ssl_private_key = ssl_key
def run(self, handler):
from cherrypy import wsgiserver
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler)
server.ssl_adapter = pyOpenSSLAdapter('cacert.pem', 'privkey.pem')
try:
server.start()
finally:
server.stop()
def run(self, handler):
from cherrypy import wsgiserver
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler)
server.ssl_adapter = pyOpenSSLAdapter('cacert.pem', 'privkey.pem')
try:
server.start()
finally:
server.stop()
def run(self, handler):
from cherrypy import wsgiserver
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler)
server.ssl_adapter = pyOpenSSLAdapter(config.serverCertPem, config.serverCertKey)
try:
server.start()
finally:
server.stop()
def run(self, handler):
from cherrypy import wsgiserver
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler)
server.ssl_adapter = pyOpenSSLAdapter(
certificate = DEFAULT_SOLSERVERCERT,
private_key = DEFAULT_SOLSERVERPRIVKEY,
)
try:
server.start()
log.info("Server started")
finally:
server.stop()
def run(self, handler):
from cherrypy import wsgiserver
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler)
server.ssl_adapter = pyOpenSSLAdapter(
certificate="/etc/letsencrypt/live/mifulo.dacya.ucm.es/cert.pem",
private_key="privkey.pem",
certificate_chain="fullchain.pem")
try:
server.start()
except:
server.stop()
def run(self, handler):
from cherrypy import wsgiserver
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler)
server.ssl_adapter = pyOpenSSLAdapter(certificate="ucmpcs-ssl-cert.pem",
private_key="ucmpcs-private-key.pem")
try:
print "Starting secure web application server using CherryPy..."
server.start()
except:
print "Received STOP (or failed to start secure server!)..."
server.stop()
def run(self, handler):
from cherrypy import wsgiserver
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler)
server.ssl_adapter = pyOpenSSLAdapter(certificate="ucmpcs-ssl-cert.pem",
private_key="ucmpcs-private-key.pem")
try:
print "Starting secure web application server using CherryPy..."
server.start()
except:
print "Received STOP (or failed to start secure server!)..."
server.stop()
def run(self, handler):
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
from cherrypy import wsgiserver
server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler)
self.srv = server
# If cert variable is has a valid path, SSL will be used
# You can set it to None to disable SSL
server.ssl_adapter = pyOpenSSLAdapter(
Config.REST_SSL_CERTFILE, Config.REST_SSL_KEYFILE, Config.REST_SSL_CA_CERTS)
try:
server.start()
finally:
server.stop()
def run(self, handler):
"""
Runs a CherryPy Server using the SSL certificate.
"""
from cherrypy import wsgiserver
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler)
self.server = server
server.ssl_adapter = pyOpenSSLAdapter(
certificate=certfile,
private_key=keyfile,
# certificate_chain = cert_chain
)
server.start()
def run(self, handler):
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
from cherrypy import wsgiserver
server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler)
self.srv = server
# If cert variable is has a valid path, SSL will be used
# You can set it to None to disable SSL
server.ssl_adapter = pyOpenSSLAdapter(Config.REST_SSL_CERTFILE,
Config.REST_SSL_KEYFILE,
Config.REST_SSL_CA_CERTS)
try:
server.start()
finally:
server.stop()
def run(self, handler):
"""
Runs a CherryPy Server using the SSL certificate.
"""
from cherrypy import wsgiserver
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler)
server.ssl_adapter = pyOpenSSLAdapter(
certificate="cert.crt",
private_key="private.key",
certificate_chain="intermediate_cert.crt")
try:
server.start()
except:
server.stop()
def run(self, handler):
"""
Runs a CherryPy Server using the SSL certificate.
"""
from cherrypy import wsgiserver
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler)
server.ssl_adapter = pyOpenSSLAdapter(
certificate="cert.crt",
private_key="private.key",
certificate_chain="intermediate_cert.crt"
)
try:
server.start()
except:
server.stop()
def run(self, handler):
"""
Runs a CherryPy Server using the SSL certificate.
"""
from cherrypy import wsgiserver
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler)
server.ssl_adapter = pyOpenSSLAdapter(
certificate="openssl/certificate.crt",
private_key="openssl/privateKey.key"#,
#certificate_chain="intermediate_cert.crt"
)
try:
server.start()
except Exception,e:
print "failed to start %s" % (str(e))
server.stop()
def run(self, handler):
"""
Runs a CherryPy Server using the SSL certificate.
"""
from cherrypy import wsgiserver
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
server = wsgiserver.CherryPyWSGIServer((self.host, self.port), handler)
server.ssl_adapter = pyOpenSSLAdapter(
certificate="openssl/certificate.crt",
private_key="openssl/privateKey.key"#,
#certificate_chain="intermediate_cert.crt"
)
try:
server.start()
except Exception,e:
print "failed to start %s" % (str(e))
server.stop()
def run_rack_manager_default(app,
ssl_enabled,
host='0.0.0.0',
port=8080,
number_threads=30,
config=None,
**kwargs):
if config is not None:
cpy.config.update(config)
server = CherryPyWSGIServer((host, port),
app,
numthreads=number_threads,
**kwargs)
if (ssl_enabled):
server.ssl_adapter = pyOpenSSLAdapter(
certificate="/usr/lib/sslcerts/certs.pem",
private_key="/usr/lib/sslcerts/privkey.pem")
try:
server.start()
except KeyboardInterrupt:
server.stop()
if args.authn_as:
OAS.authn_as = args.authn_as
endpoints = ENDPOINTS
add_endpoints(endpoints)
OAS.endpoints = endpoints
if args.port == 80:
OAS.baseurl = config.baseurl
else:
if config.baseurl.endswith("/"):
config.baseurl = config.baseurl[:-1]
OAS.baseurl = "%s:%d" % (config.baseurl, args.port)
if not OAS.baseurl.endswith("/"):
OAS.baseurl += "/"
# Add the claims providers keys
SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port), application)
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(config.SERVER_CERT,
config.SERVER_KEY,
config.CERT_CHAIN)
LOGGER.info("OC3 server starting listening on port:%s" % args.port)
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
ARGS["discosrv"] = _args.discosrv
if _args.wayf:
ARGS["wayf"] = _args.wayf
CACHE = Cache()
CNFBASE = _args.config
if _args.seed:
SEED = _args.seed
else:
SEED = "SnabbtInspel"
SP = Saml2Client(config_file="%s" % CNFBASE)
POLICY = service_conf.POLICY
add_urls()
SRV = wsgiserver.CherryPyWSGIServer((HOST, PORT), application)
_https = ""
if service_conf.HTTPS:
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(SERVER_CERT,
SERVER_KEY, CERT_CHAIN)
_https = " using SSL/TLS"
logger.info("Server starting")
print("SP listening on %s:%s%s" % (HOST, PORT, _https))
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
f.write(json.dumps(jwks))
f.close()
OP_ARG["keyjar"] = OAS.keyjar
OP_ARG["jwks_uri"] = p.geturl()
# Setup the web server
SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port),
SessionMiddleware(application,
session_opts))
if _baseurl.startswith("https"):
import cherrypy
from cherrypy.wsgiserver import ssl_pyopenssl
# from OpenSSL import SSL
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
config.SERVER_CERT, config.SERVER_KEY, config.CA_BUNDLE)
# SRV.ssl_adapter.context = SSL.Context(SSL.SSLv23_METHOD)
# SRV.ssl_adapter.context.set_options(SSL.OP_NO_SSLv3)
try:
cherrypy.server.ssl_certificate_chain = config.CERT_CHAIN
except AttributeError:
pass
extra = " using SSL/TLS"
else:
extra = ""
txt = "RP server starting listening on port:%s%s" % (args.port, extra)
LOGGER.info(txt)
print txt
try:
SRV.start()
# per AS instantiate a consumer
for name, info in RP_CONF.AS_CONF.items():
c_conf = {"client_id": info["client_id"]}
CONSUMER[name] = Consumer(
session_db={}, client_config=c_conf,
server_info={
"authorization_endpoint": info["authorization_endpoint"],
"token_endpoint": info["token_endpoint"]},
authz_page="authz_cb", response_type="code")
CONSUMER[name].client_secret = info["client_secret"]
SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', RP_CONF.PORT),
SessionMiddleware(application,
session_opts))
if RP_CONF.BASE.startswith("https"):
from cherrypy.wsgiserver import ssl_pyopenssl
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
RP_CONF.SERVER_CERT, RP_CONF.SERVER_KEY, RP_CONF.CA_BUNDLE)
LOGGER.info(START_MESG % (RP_CONF.PORT, RP_CONF.HOST))
print(START_MESG % (RP_CONF.PORT, RP_CONF.HOST))
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
global ophandler
if server_conf.OP_FRONTEND:
config = importlib.import_module(args.config)
ophandler = OpHandler(logger, config, LOOKUP, sphandler, test, debug)
sphandler.ophandler = ophandler
else:
ophandler = None
sphandler.ophandler = None
global idphandler
if server_conf.IDP_FRONTEND:
idphandler = IdPHandler(args, LOOKUP, sphandler, server_conf.ISSUER)
else:
idphandler = None
global SRV
SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', server_conf.PORT), SessionMiddleware(application,
server_conf.SESSION_OPTS))
SRV.stats['Enabled'] = True
#SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', config.PORT), application)
if server_conf.HTTPS:
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(server_conf.SERVER_CERT, server_conf.SERVER_KEY,
server_conf.CERT_CHAIN)
logger.info("Server starting")
print "Server listening on port: %s" % server_conf.PORT
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
def main():
global HOST
global PORT
global SERVER_CERT
global SERVER_KEY
global CACHE
global ARGS
global SP
global SEED
global POLICY
from cherrypy import wsgiserver
from cherrypy.wsgiserver import ssl_pyopenssl
sys.path.insert(0, os.getcwd())
_parser = argparse.ArgumentParser()
_parser.add_argument('-d', dest='debug', action='store_true',
help="Print debug information")
_parser.add_argument('-D', dest='discosrv',
help="Which disco server to use")
_parser.add_argument('-s', dest='seed',
help="Cookie seed")
_parser.add_argument('-W', dest='wayf', action='store_true',
help="Which WAYF url to use")
_parser.add_argument("config", help="SAML client config")
_parser.add_argument("service_config", help="SP config")
ARGS = {}
_args = _parser.parse_args()
if _args.discosrv:
ARGS["discosrv"] = _args.discosrv
if _args.wayf:
ARGS["wayf"] = _args.wayf
CACHE = Cache()
CNFBASE = _args.config
if _args.seed:
SEED = _args.seed
else:
SEED = "SnabbtInspel"
SP = Saml2Client(config_file="%s" % CNFBASE)
CONFIG = importlib.import_module(_args.service_config)
HOST = CONFIG.HOST
PORT = CONFIG.PORT
# ------- HTTPS -------
# These should point to relevant files
SERVER_CERT = CONFIG.SERVER_CERT
SERVER_KEY = CONFIG.SERVER_KEY
# This is of course the certificate chain for the CA that signed
# your cert and all the way up to the top
CERT_CHAIN = CONFIG.CERT_CHAIN
POLICY = CONFIG.POLICY
add_urls()
SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', PORT), application)
_https = ""
if CONFIG.HTTPS:
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(SERVER_CERT,
SERVER_KEY, CERT_CHAIN)
_https = " using SSL/TLS"
logger.info("Server starting")
print "SP listening on %s:%s%s" % (HOST, PORT, _https)
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
ARGS["discosrv"] = _args.discosrv
if _args.wayf:
ARGS["wayf"] = _args.wayf
CACHE = Cache()
CNFBASE = _args.config
if _args.seed:
SEED = _args.seed
else:
SEED = "SnabbtInspel"
SP = Saml2Client(config_file="%s" % CNFBASE)
POLICY = service_conf.POLICY
add_urls()
SRV = wsgiserver.CherryPyWSGIServer((HOST, PORT), application)
_https = ""
if service_conf.HTTPS:
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(SERVER_CERT,
SERVER_KEY, CERT_CHAIN)
_https = " using SSL/TLS"
logger.info("Server starting")
print "SP listening on %s:%s%s" % (HOST, PORT, _https)
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
username_password_authn, 10,
CONFIG.BASE)
AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED),
"", 0, CONFIG.BASE)
IDP = server.Server(args.config, cache=Cache())
IDP.ticket = {}
_rot = args.mako_root
LOOKUP = TemplateLookup(directories=[_rot + 'templates', _rot + 'htdocs'],
module_directory=_rot + 'modules',
input_encoding='utf-8', output_encoding='utf-8')
HOST = CONFIG.HOST
PORT = CONFIG.PORT
SRV = wsgiserver.CherryPyWSGIServer((HOST, PORT), application)
_https = ""
if CONFIG.HTTPS:
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(CONFIG.SERVER_CERT,
CONFIG.SERVER_KEY, CONFIG.CERT_CHAIN)
_https = " using SSL/TLS"
logger.info("Server starting")
print("IDP listening on %s:%s%s" % (HOST, PORT, _https))
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
def main():
global IDP
global AUTHN_BROKER
global LOOKUP
global args
global CONFIG
global USERS
global PASSWD
global EXTRA
sys.path.insert(0, os.getcwd())
from wsgiref.simple_server import make_server
parser = argparse.ArgumentParser()
parser.add_argument('-p', dest='path', help='Path to configuration file.')
parser.add_argument('-v', dest='valid',
help="How long, in days, the metadata is valid from the time of creation")
parser.add_argument('-c', dest='cert', help='certificate')
parser.add_argument('-i', dest='id',
help="The ID of the entities descriptor")
parser.add_argument('-k', dest='keyfile',
help="A file with a key to sign the metadata with")
parser.add_argument('-n', dest='name')
parser.add_argument('-s', dest='sign', action='store_true',
help="sign the metadata")
parser.add_argument('-m', dest='mako_root', default="./")
parser.add_argument(dest="config")
args = parser.parse_args()
AUTHN_BROKER = AuthnBroker()
AUTHN_BROKER.add(authn_context_class_ref(PASSWORD),
username_password_authn, 10,
"http://%s" % socket.gethostname())
AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED),
"", 0, "http://%s" % socket.gethostname())
CONFIG = importlib.import_module(args.config)
USERS = CONFIG.USERS
PASSWD = CONFIG.PASSWD
EXTRA = CONFIG.EXTRA
IDP = server.Server(args.config, cache=Cache())
IDP.ticket = {}
_rot = args.mako_root
LOOKUP = TemplateLookup(directories=[_rot + 'htdocs', _rot + 'htdocs'],
module_directory=_rot + 'modules',
input_encoding='utf-8', output_encoding='utf-8')
HOST = CONFIG.HOST
PORT = CONFIG.PORT
#SRV = make_server(HOST, PORT, application)
SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', PORT), application)
make_server
if CONFIG.HTTPS:
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(CONFIG.SERVER_CERT, CONFIG.SERVER_KEY,
CONFIG.CERT_CHAIN)
print "IdP listening on %s:%s" % (HOST, PORT)
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
provider.jwks_uri.append("{}/static/{}".format(provider.baseurl, name))
# Mount the WSGI callable object (app) on the root directory
app_routing = setup_endpoints(provider)
app_routing["/.well-known/openid-configuration"] = pyoidcMiddleware(
provider.providerinfo_endpoint)
app_routing["/.well-known/webfinger"] = pyoidcMiddleware(
partial(_webfinger, provider))
routing = dict(auth_routing.items() + app_routing.items())
routing["/static"] = make_static_handler(path)
dispatcher = WSGIPathInfoDispatcher(routing)
server = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port), dispatcher)
# Setup SSL
if provider.baseurl.startswith("https://"):
server.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
settings["server"]["cert"], settings["server"]["key"],
settings["server"]["cert_chain"])
# Start the CherryPy WSGI web server
try:
print("Server started: {}".format(issuer))
server.start()
except KeyboardInterrupt:
server.stop()
if __name__ == "__main__":
main()
pass
for tag in FLOW_SEQUENCE:
_seq = FLOWS[tag]["sequence"]
if REGISTER:
if "oic-registration" not in _seq:
_seq.insert(0, "oic-registration")
if DYNAMIC:
if "provider-info" not in _seq:
_seq.insert(0, "provider-info")
RP = OpenIDConnect(registration_info=rp_conf.ME,
ca_bundle=rp_conf.CA_BUNDLE)
SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', rp_conf.PORT),
SessionMiddleware(application,
session_opts))
if rp_conf.BASE.startswith("https"):
from cherrypy.wsgiserver import ssl_pyopenssl
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
rp_conf.SERVER_CERT, rp_conf.SERVER_KEY, rp_conf.CA_BUNDLE)
logger.info("RP server starting listening on port:%s" % rp_conf.PORT)
print "RP server starting listening on port:%s" % rp_conf.PORT
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
def start_with_socket_fd(self, sock_fd):
"""
Re-Implement HTTPServer.start here to support
binding to an existing socket.
"""
self._interrupt = None
if self.software is None:
self.software = "%s Server" % self.version
# SSL backward compatibility
if (self.ssl_adapter is None and
getattr(self, 'ssl_certificate', None) and
getattr(self, 'ssl_private_key', None)):
warnings.warn(
"SSL attributes are deprecated in CherryPy 3.2, and will "
"be removed in CherryPy 3.3. Use an ssl_adapter attribute "
"instead.",
DeprecationWarning
)
try:
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
except ImportError:
pass
else:
self.ssl_adapter = pyOpenSSLAdapter(
self.ssl_certificate, self.ssl_private_key,
getattr(self, 'ssl_certificate_chain', None))
# Select the appropriate socket
self.socket = socket.fromfd(sock_fd,
socket.AF_INET,
socket.SOCK_STREAM)
msg = "No socket could be created with file descriptor '{0}'"
if not self.socket:
raise socket.error(msg.format(sock_fd))
# Timeout so KeyboardInterrupt can be caught on Win32
self.socket.settimeout(1)
self.socket.listen(self.request_queue_size)
# Create worker threads
self.requests.start()
self.ready = True
self._start_time = time.time()
while self.ready:
try:
self.tick()
except (KeyboardInterrupt, SystemExit):
raise
except:
self.error_log("Error in HTTPServer.tick", level=logging.ERROR,
traceback=True)
if self.interrupt:
while self.interrupt is True:
# Wait for self.stop() to complete. See _set_interrupt.
time.sleep(0.1)
if self.interrupt:
raise self.interrupt
def run(self):
# While loop is for recovery from 'unknown ca' issue.
while True:
try:
server_instance = ServerInstance(self.ip_address, self.secret,
self.capabilities,
self.host_id)
self.server = wsgiserver.CherryPyWSGIServer(
(self.ip_address, int(self.port)),
wsgiserver.WSGIPathInfoDispatcher({
'/handshake':
server_instance.handshake,
'/download':
server_instance.download,
'/connected':
server_instance.connected,
'/routes':
server_instance.routes,
'/failed':
server_instance.failed,
'/status':
server_instance.status,
'/speed':
server_instance.speed,
'/feedback':
server_instance.feedback,
'/check':
server_instance.check,
'/stats':
server_instance.stats
}),
numthreads=self.server_threads,
timeout=20)
self.server.stats['Enabled'] = True
# Set maximum request input sizes to avoid processing DoS inputs
self.server.max_request_header_size = 100000
self.server.max_request_body_size = 100000
# Lifetime of cert/private key temp file is lifetime of server
# file is closed by ServerInstance, and that auto deletes tempfile
self.certificate_temp_file = tempfile.NamedTemporaryFile()
self.private_key_temp_file = tempfile.NamedTemporaryFile()
self.certificate_temp_file.write(
'-----BEGIN CERTIFICATE-----\n' +
'\n'.join(split_len(self.certificate, 64)) +
'\n-----END CERTIFICATE-----\n')
self.certificate_temp_file.flush()
self.private_key_temp_file.write(
'-----BEGIN RSA PRIVATE KEY-----\n' +
'\n'.join(split_len(self.private_key, 64)) +
'\n-----END RSA PRIVATE KEY-----\n')
self.private_key_temp_file.flush()
self.server.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
self.certificate_temp_file.name,
self.private_key_temp_file.name, None)
psi_web_patch.patch_ssl_adapter(self.server.ssl_adapter)
# Blocks until server stopped
syslog.syslog(syslog.LOG_INFO,
'started %s' % (self.ip_address, ))
self.server.start()
break
except (EnvironmentError, EOFError, SystemError, ValueError,
ssl.SSLError, socket.error) as e:
# Log recoverable errors and try again
for line in traceback.format_exc().split('\n'):
syslog.syslog(syslog.LOG_ERR, line)
if self.server:
self.stop_server()
except TypeError as e:
trace = traceback.format_exc()
for line in trace.split('\n'):
syslog.syslog(syslog.LOG_ERR, line)
# Recover on this Cherrypy internal error
# See bitbucket Issue 59
if (str(e).find("'NoneType' object") == 0
and trace.find("'SSL_PROTOCOL': cipher[1]") != -1):
if self.server:
self.stop_server()
else:
raise
except Exception as e:
# Log other errors and abort
for line in traceback.format_exc().split('\n'):
syslog.syslog(syslog.LOG_ERR, line)
raise
provider.jwks_uri.append(
"{}/static/{}".format(provider.baseurl, name))
# Mount the WSGI callable object (app) on the root directory
app_routing = setup_endpoints(provider)
app_routing["/.well-known/openid-configuration"] = pyoidcMiddleware(
provider.providerinfo_endpoint)
app_routing["/.well-known/webfinger"] = pyoidcMiddleware(
partial(_webfinger, provider))
routing = dict(auth_routing.items() + app_routing.items())
routing["/static"] = make_static_handler(path)
dispatcher = WSGIPathInfoDispatcher(routing)
server = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port), dispatcher)
# Setup SSL
if provider.baseurl.startswith("https://"):
server.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
settings["server"]["cert"], settings["server"]["key"],
settings["server"]["cert_chain"])
# Start the CherryPy WSGI web server
try:
print("Server started: {}".format(issuer))
server.start()
except KeyboardInterrupt:
server.stop()
if __name__ == "__main__":
main()
if __name__ == '__main__':
from beaker.middleware import SessionMiddleware
from cherrypy import wsgiserver
KW_ARGS = main_setup(logger)
_conf = KW_ARGS["conf"]
session_opts = {
'session.type': 'memory',
'session.cookie_expires': True,
'session.auto': True,
'session.timeout': 900
}
SRV = wsgiserver.CherryPyWSGIServer(
('0.0.0.0', _conf.PORT), SessionMiddleware(application, session_opts))
if _conf.BASE.startswith("https"):
from cherrypy.wsgiserver import ssl_pyopenssl
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
_conf.SERVER_CERT, _conf.SERVER_KEY, _conf.CA_BUNDLE)
logger.info("RP server starting listening on port:%s" % _conf.PORT)
print("RP server starting listening on port:%s" % _conf.PORT)
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
setup_logging("config_server.log")
SRV = wsgiserver.CherryPyWSGIServer(
('0.0.0.0', CONF.PORT), SessionMiddleware(logging_app, session_opts))
try:
_dir_path = CONF.OPRP_DIR_PATH
except AttributeError:
_dir_path = ""
if CONF.OPRP_DIR_PATH not in sys.path:
sys.path.append(CONF.OPRP_DIR_PATH)
if CONF.BASE.startswith("https"):
import cherrypy
from cherrypy.wsgiserver import ssl_pyopenssl
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
CONF.SERVER_CERT, CONF.SERVER_KEY, CONF.CA_BUNDLE)
try:
cherrypy.server.ssl_certificate_chain = CONF.CERT_CHAIN
except AttributeError:
pass
extra = " using SSL/TLS"
else:
extra = ""
txt = "Config server started, listening on port:%s%s" % (CONF.PORT, extra)
LOGGER.info(txt)
print txt
try:
SRV.start()
except KeyboardInterrupt:
"organization_url"][0]["text"]
except KeyError:
pass
sps.append((_name, entid))
return sps
if __name__ == '__main__':
SERVER_CERT = "pki/server.crt"
SERVER_KEY = "pki/server.key"
CA_BUNDLE = None
SPS = get_sp("./sp/sp.xml")
# The UMA AS
AUTHZSRV = uma_as.main(BASE, CookieHandler)
SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', PORT), application)
if BASE.startswith("https"):
from cherrypy.wsgiserver import ssl_pyopenssl
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
SERVER_CERT, SERVER_KEY, CA_BUNDLE)
#logger.info("RP server starting listening on port:%s" % rp_conf.PORT)
print "AS started, listening on port:%s" % PORT
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
f.write(json.dumps(jwks))
f.close()
OP_ARG["keyjar"] = OAS.keyjar
OP_ARG["jwks_uri"] = p.geturl()
# Setup the web server
SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', args.port),
SessionMiddleware(application,
session_opts))
if _baseurl.startswith("https"):
import cherrypy
from cherrypy.wsgiserver import ssl_pyopenssl
# from OpenSSL import SSL
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
config.SERVER_CERT, config.SERVER_KEY, config.CA_BUNDLE)
# SRV.ssl_adapter.context = SSL.Context(SSL.SSLv23_METHOD)
# SRV.ssl_adapter.context.set_options(SSL.OP_NO_SSLv3)
try:
cherrypy.server.ssl_certificate_chain = config.CERT_CHAIN
except AttributeError:
pass
extra = " using SSL/TLS"
else:
extra = ""
txt = "RP server starting listening on port:%s%s" % (args.port, extra)
LOGGER.info(txt)
print txt
try:
SRV.start()
import web
import requests
import web
import cherrypy
from web.wsgiserver import CherryPyWSGIServer
from web.wsgiserver.ssl_builtin import BuiltinSSLAdapter
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
from cherrypy.wsgiserver.ssl_pyopenssl import SSL
context = SSL.Context(SSL.SSLv3_METHOD)
context.set_cipher_list('ALL')
context.use_certificate_file("cert.pem")
context.use_privatekey_file("server.pem")
CherryPyWSGIServer.ssl_adapter = pyOpenSSLAdapter("server.pem","server.pem",None)
#CherryPyWSGIServer.ssl_adapter.context.set_cipher_list('RC4-SHA');
CherryPyWSGIServer.ssl_adapter.context = context
urls = (
'/', 'index',
'/verify', 'verify',
'/logout', 'logout'
)
app = web.application(urls, globals())
render = web.template.render('templates/')
class index:
def GET(self):
return render.index()
def run(self):
# While loop is for recovery from 'unknown ca' issue.
while True:
try:
server_instance = ServerInstance(self.ip_address, self.secret, self.capabilities, self.host_id)
self.server = wsgiserver.CherryPyWSGIServer(
(self.ip_address, int(self.port)),
wsgiserver.WSGIPathInfoDispatcher(
{'/handshake': server_instance.handshake,
'/download': server_instance.download,
'/connected': server_instance.connected,
'/routes': server_instance.routes,
'/failed': server_instance.failed,
'/status': server_instance.status,
'/speed': server_instance.speed,
'/feedback': server_instance.feedback,
'/check': server_instance.check,
'/stats': server_instance.stats}),
numthreads=self.server_threads, timeout=20)
self.server.stats['Enabled'] = True
# Set maximum request input sizes to avoid processing DoS inputs
self.server.max_request_header_size = 100000
self.server.max_request_body_size = 100000
# Lifetime of cert/private key temp file is lifetime of server
# file is closed by ServerInstance, and that auto deletes tempfile
self.certificate_temp_file = tempfile.NamedTemporaryFile()
self.private_key_temp_file = tempfile.NamedTemporaryFile()
self.certificate_temp_file.write(
'-----BEGIN CERTIFICATE-----\n' +
'\n'.join(split_len(self.certificate, 64)) +
'\n-----END CERTIFICATE-----\n');
self.certificate_temp_file.flush()
self.private_key_temp_file.write(
'-----BEGIN RSA PRIVATE KEY-----\n' +
'\n'.join(split_len(self.private_key, 64)) +
'\n-----END RSA PRIVATE KEY-----\n');
self.private_key_temp_file.flush()
self.server.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
self.certificate_temp_file.name,
self.private_key_temp_file.name,
None)
psi_web_patch.patch_ssl_adapter(self.server.ssl_adapter)
# Blocks until server stopped
syslog.syslog(syslog.LOG_INFO, 'started %s' % (self.ip_address,))
self.server.start()
break
except (EnvironmentError,
EOFError,
SystemError,
ValueError,
ssl.SSLError,
socket.error) as e:
# Log recoverable errors and try again
for line in traceback.format_exc().split('\n'):
syslog.syslog(syslog.LOG_ERR, line)
if self.server:
self.stop_server()
except TypeError as e:
trace = traceback.format_exc()
for line in trace.split('\n'):
syslog.syslog(syslog.LOG_ERR, line)
# Recover on this Cherrypy internal error
# See bitbucket Issue 59
if (str(e).find("'NoneType' object") == 0 and
trace.find("'SSL_PROTOCOL': cipher[1]") != -1):
if self.server:
self.stop_server()
else:
raise
except Exception as e:
# Log other errors and abort
for line in traceback.format_exc().split('\n'):
syslog.syslog(syslog.LOG_ERR, line)
raise
CONFIG.BASE)
AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED),
"", 0, CONFIG.BASE)
IDP = server.Server(args.config, cache=Cache())
IDP.ticket = {}
_rot = args.mako_root
LOOKUP = TemplateLookup(directories=[_rot + 'templates', _rot + 'htdocs'],
module_directory=_rot + 'modules',
input_encoding='utf-8', output_encoding='utf-8')
HOST = CONFIG.HOST
PORT = CONFIG.PORT
SRV = wsgiserver.CherryPyWSGIServer((HOST, PORT), application)
_https = ""
if CONFIG.HTTPS:
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(CONFIG.SERVER_CERT,
CONFIG.SERVER_KEY,
CONFIG.CERT_CHAIN)
_https = " using SSL/TLS"
logger.info("Server starting")
print("IDP listening on %s:%s%s" % (HOST, PORT, _https))
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
if server_conf.OP_FRONTEND:
config = importlib.import_module(args.config)
ophandler = OpHandler(logger, config, LOOKUP, sphandler, test, debug)
sphandler.ophandler = ophandler
else:
ophandler = None
sphandler.ophandler = None
global idphandler
if server_conf.IDP_FRONTEND:
idphandler = IdPHandler(args, LOOKUP, sphandler, server_conf.ISSUER)
else:
idphandler = None
global SRV
SRV = wsgiserver.CherryPyWSGIServer(
('0.0.0.0', server_conf.PORT),
SessionMiddleware(application, server_conf.SESSION_OPTS))
SRV.stats['Enabled'] = True
#SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', config.PORT), application)
if server_conf.HTTPS:
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
server_conf.SERVER_CERT, server_conf.SERVER_KEY,
server_conf.CERT_CHAIN)
logger.info("Server starting")
print "Server listening on port: %s" % server_conf.PORT
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
"organization_url"][0]["text"]
except KeyError:
pass
sps.append((_name, entid))
return sps
if __name__ == '__main__':
SERVER_CERT = "pki/server.crt"
SERVER_KEY = "pki/server.key"
CA_BUNDLE = None
SPS = get_sp("./sp/sp.xml")
# The UMA AS
AUTHZSRV = uma_as.main(BASE, CookieHandler)
SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', PORT), application)
if BASE.startswith("https"):
from cherrypy.wsgiserver import ssl_pyopenssl
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
SERVER_CERT, SERVER_KEY, CA_BUNDLE)
#logger.info("RP server starting listening on port:%s" % rp_conf.PORT)
print("AS started, listening on port:%s" % PORT)
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
if __name__ == '__main__':
#This is equal to a main function in other languages. Handles all setup and starts the server.
#Read arguments.
parser = argparse.ArgumentParser()
parser.add_argument(dest="config")
args = parser.parse_args()
global config
config = importlib.import_module(args.config)
global logger
logger = create_logger(config.LOG_FILE)
global SRV
SRV = wsgiserver.CherryPyWSGIServer(
('0.0.0.0', config.PORT),
SessionMiddleware(application, config.SESSION_OPTS))
SRV.stats['Enabled'] = True
#SRV = wsgiserver.CherryPyWSGIServer(('0.0.0.0', config.PORT), application)
if config.HTTPS:
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN)
logger.info("Server starting")
print "Server is listening on port: %s" % config.PORT
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()
def start(self):
"""Run the server forever."""
# We don't have to trap KeyboardInterrupt or SystemExit here,
# because cherrpy.server already does so, calling self.stop() for us.
# If you're using this server with another framework, you should
# trap those exceptions in whatever code block calls start().
self._interrupt = None
if self.software is None:
self.software = "%s Server" % self.version
# SSL backward compatibility
if (self.ssl_adapter is None and
getattr(self, 'ssl_certificate', None) and
getattr(self, 'ssl_private_key', None)):
warnings.warn(
"SSL attributes are deprecated in CherryPy 3.2, and will "
"be removed in CherryPy 3.3. Use an ssl_adapter attribute "
"instead.",
DeprecationWarning
)
try:
from cherrypy.wsgiserver.ssl_pyopenssl import pyOpenSSLAdapter
except ImportError:
pass
else:
self.ssl_adapter = pyOpenSSLAdapter(
self.ssl_certificate, self.ssl_private_key,
getattr(self, 'ssl_certificate_chain', None))
# Select the appropriate socket
if isinstance(self.bind_addr, basestring):
# AF_UNIX socket
# So we can reuse the socket...
try: os.unlink(self.bind_addr)
except: pass
# So everyone can access the socket...
try: os.chmod(self.bind_addr, 511) # 0777
except: pass
info = [(socket.AF_UNIX, socket.SOCK_STREAM, 0, "", self.bind_addr)]
else:
# AF_INET or AF_INET6 socket
# Get the correct address family for our host (allows IPv6 addresses)
host, port = self.bind_addr
try:
info = socket.getaddrinfo(host, port, socket.AF_UNSPEC,
socket.SOCK_STREAM, 0, socket.AI_PASSIVE)
except socket.gaierror:
if ':' in self.bind_addr[0]:
info = [(socket.AF_INET6, socket.SOCK_STREAM,
0, "", self.bind_addr + (0, 0))]
else:
info = [(socket.AF_INET, socket.SOCK_STREAM,
0, "", self.bind_addr)]
self.socket = None
msg = "No socket could be created"
for res in info:
af, socktype, proto, canonname, sa = res
try:
self.bind(af, socktype, proto)
except socket.error:
if self.socket:
self.socket.close()
self.socket = None
continue
break
if not self.socket:
raise socket.error(msg)
# Timeout so KeyboardInterrupt can be caught on Win32
self.socket.settimeout(1)
self.socket.listen(self.request_queue_size)
# Create worker threads
self.requests.start()
self.ready = True
self._start_time = time.time()
while self.ready:
try:
self.tick()
except (KeyboardInterrupt, SystemExit):
raise
except:
self.error_log("Error in HTTPServer.tick", level=logging.ERROR,
traceback=True)
if self.interrupt:
while self.interrupt is True:
# Wait for self.stop() to complete. See _set_interrupt.
time.sleep(0.1)
if self.interrupt:
raise self.interrupt
