[Et-mgmt-commits-list] [SCM] virt-factory branch, master now at 0d8133e5bd71c6cb83dda4e78e44d0d3b56bd0f8
Kevin Smith
ksmith at redhat.com
Mon Jun 11 17:39:43 UTC 2007
Hello,
This is an automated email from the git hooks/update script, it was
generated because a ref change was pushed to the repository.
Updating branch, master,
via 0d8133e5bd71c6cb83dda4e78e44d0d3b56bd0f8 (commit)
via cdc3ea13606ee32b1676c591a63789f0f5599bb2 (commit)
via 25152babff80ff162a0afd9c89688d0fb6560b8a (commit)
via 631947f37fe5ba3a88d730a1c0d56307cd04eacb (commit)
via d77b94c6cd8f27d57910394d7ff9f2c418231702 (commit)
from 932009de08a6e5e352ccea5f2de31707e3b6de66 (commit)
- Log -----------------------------------------------------------------
commit 0d8133e5bd71c6cb83dda4e78e44d0d3b56bd0f8
Merge: cdc3ea1... 932009d...
Author: Kevin Smith <ksmith at bogon.rdu.redhat.com>
Date: Mon Jun 11 13:39:37 2007 -0400
Merge branch 'master' of ssh+git://g-ksmith@et.redhat.com/git/virt-factory
commit cdc3ea13606ee32b1676c591a63789f0f5599bb2
Author: Kevin Smith <ksmith at bogon.rdu.redhat.com>
Date: Mon Jun 11 12:52:25 2007 -0400
* Integrated encryption into busrpc. With this checking, services and clients can encrypt their traffic via the python-crypto package using Blowfish. This currently works because it is assumed that clients and servers will exchange keys during client registration.
* Added more test scripts and configs to test both secure and non-secure configurations
commit 25152babff80ff162a0afd9c89688d0fb6560b8a
Author: Kevin Smith <ksmith at bogon.rdu.redhat.com>
Date: Fri Jun 8 16:38:16 2007 -0400
* FINALLY got encryption working via the Python Crypto Toolkit
commit 631947f37fe5ba3a88d730a1c0d56307cd04eacb
Author: Kevin Smith <ksmith at bogon.rdu.redhat.com>
Date: Wed Jun 6 15:57:43 2007 -0400
* Fixing up encryption of RSA methods
commit d77b94c6cd8f27d57910394d7ff9f2c418231702
Author: Kevin Smith <ksmith at bogon.rdu.redhat.com>
Date: Tue Jun 5 16:55:57 2007 -0400
* Adding RSA PKI support for sending messages
-----------------------------------------------------------------------
Diffstat:
common/busrpc/busrpc/bridge.py | 2 +-
common/busrpc/busrpc/config.py | 6 +
common/busrpc/busrpc/crypto.py | 153 ++++++++++++++++++++
common/busrpc/busrpc/misc.py | 67 +++++++---
common/busrpc/busrpc/qpid_transport.py | 26 +++--
common/busrpc/busrpc/qpid_util.py | 4 +
common/busrpc/busrpc/rpc.py | 39 ++++--
common/busrpc/busrpc/services.py | 28 +++-
common/busrpc/busrpc/test/test_client.py | 9 +-
common/busrpc/configs/bridge.conf | 2 +
.../configs/{bridge.conf => secure-bridge.conf} | 1 +
.../busrpc/configs/{test.conf => secure-test.conf} | 2 +
common/busrpc/configs/system-local.conf | 15 --
common/busrpc/configs/test.conf | 3 +
.../scripts/{start-bridge => start-secure-bridge} | 2 +-
common/busrpc/scripts/start-secure-test-client | 9 ++
...tart-test-service => start-secure-test-service} | 2 +-
common/busrpc/scripts/start-test-client | 6 +
18 files changed, 309 insertions(+), 67 deletions(-)
diff --git a/common/busrpc/busrpc/bridge.py b/common/busrpc/busrpc/bridge.py
index 5b996d1..155c60f 100644
--- a/common/busrpc/busrpc/bridge.py
+++ b/common/busrpc/busrpc/bridge.py
@@ -36,7 +36,7 @@ class Bridge(object):
retval = None
try:
self.registration_lock.acquire()
- if self.services_has_key(service):
+ if self.services.has_key(service):
host_list = self.services[service]
retval = [hostname + "!" + server + "!" + service
for hostname, server in host_list]
diff --git a/common/busrpc/busrpc/config.py b/common/busrpc/busrpc/config.py
index 5de624c..1391117 100644
--- a/common/busrpc/busrpc/config.py
+++ b/common/busrpc/busrpc/config.py
@@ -3,6 +3,8 @@ INSTANCE_NAME = "busrpc.instance"
def _parse_name_value(line):
parts = line.split("=")
+ if len(parts) < 2:
+ return None, None
return parts[0], parts[1]
class DeploymentConfig:
@@ -26,7 +28,11 @@ class DeploymentConfig:
line = line.replace("\n", "")
if line.startswith("#"):
pass
+ if len(line.strip()) == 0:
+ pass
name, value = _parse_name_value(line)
+ if name == None:
+ return
if name == SERVER_NAME:
self.server_name = value.replace("\"", "")
elif name.startswith(INSTANCE_NAME):
diff --git a/common/busrpc/busrpc/crypto.py b/common/busrpc/busrpc/crypto.py
new file mode 100644
index 0000000..e9e3192
--- /dev/null
+++ b/common/busrpc/busrpc/crypto.py
@@ -0,0 +1,153 @@
+import os
+import threading
+import cPickle
+from Crypto.Util.randpool import RandomPool
+from Crypto.Cipher import Blowfish
+from Crypto.Hash import SHA
+
+class CryptoException(Exception):
+
+ def __init__(self, message):
+ self.message = message
+
+ def __str__(self):
+ return repr(self.message)
+
+class CertManager(object):
+
+ def __init__(self, keydir, hostname):
+ self.keydir = keydir
+ self.hostname = hostname
+ if not self.keydir.endswith('/'):
+ self.keydir += '/'
+ self.private_keys = []
+ self.pub_keys = {}
+ self.private_key_lock = threading.RLock()
+ self.pub_key_lock = threading.RLock()
+
+ def decrypt_message(self, message):
+ secure_host, encrypted_message = self._parse_secure_message(message)
+ if secure_host == None:
+ return message
+ else:
+ key = None
+ try:
+ key = self.load_pub_key(secure_host)
+ retval = key.decrypt(encrypted_message)
+ return retval.strip()
+ finally:
+ if not key == None:
+ self.release_pub_key(secure_host, key)
+
+ def encrypt_message(self, host, message):
+ key = None
+ try:
+ while not len(message) % 8 == 0:
+ message += ' '
+ key = self.load_private_key()
+ encrypted_message = key.encrypt(message)
+ composed_message = ''.join(['secure-host:',
+ host,
+ '\n\n',
+ encrypted_message])
+ return composed_message
+ finally:
+ if not key == None:
+ self.release_private_key(key)
+
+
+ def load_private_key(self):
+ key = None
+ try:
+ self.private_key_lock.acquire()
+ if len(self.private_keys) > 0:
+ key = self.private_keys.pop()
+ else:
+ key = self._load_private_key()
+ finally:
+ self.private_key_lock.release()
+ return key
+
+ def release_private_key(self, key):
+ try:
+ self.private_key_lock.acquire()
+ self.private_keys.append(key)
+ finally:
+ self.private_key_lock.release()
+
+ def load_pub_key(self, host):
+ key = None
+ try:
+ self.pub_key_lock.acquire()
+ if self.pub_keys.has_key(host):
+ keys = self.pub_keys[host]
+ if len(keys) > 0:
+ key = keys.pop()
+ if key == None:
+ key = self._load_pub_key(host)
+ finally:
+ self.pub_key_lock.release()
+ return key
+
+ def release_pub_key(self, host, key):
+ try:
+ self.pub_key_lock.acquire()
+ if not self.pub_keys.has_key(host):
+ self.pub_keys[host] = []
+ self.pub_keys[host].append(key)
+ finally:
+ self.pub_key_lock.release()
+
+ def _load_pub_key(self, host):
+ key = None
+ file_name = self.keydir + host + '.key'
+ if os.path.lexists(file_name):
+ f = file(file_name)
+ unpickler = cPickle.Unpickler(f)
+ try:
+ seed = unpickler.load()
+ key = Blowfish.new(seed)
+ finally:
+ f.close()
+ return key
+
+ def _load_private_key(self):
+ key = self._load_pub_key(self.hostname)
+ if key == None:
+ self._setup_dir(self.keydir)
+ seed = self._generate_seed(8192)
+ key = Blowfish.new(seed)
+ file_name = self.keydir + self.hostname + '.key'
+ f = file(file_name)
+ pickler = cPickle.Pickler(f)
+ try:
+ pickler.dump(seed)
+ f.flush()
+ finally:
+ f.close()
+ return key
+
+
+ def _generate_seed(self, size):
+ rp = RandomPool()
+ for i in range(7):
+ m = SHA.new()
+ temp_seed = rp.get_bytes(size)
+ m.update(tempseed)
+ rp.add_event(m.hexdigest())
+ return rp.get_bytes(size)
+
+ def _setup_dir(self, dirpath):
+ os.makedirs(dirpath)
+
+ def _parse_secure_message(self, message):
+ parts = message.split('\n\n')
+ secure_host = None
+ message = None
+ if len(parts) > 1:
+ if parts[0].startswith('secure-host:'):
+ line = parts[0].split(':')
+ if len(line) > 1:
+ secure_host = line[1].strip()
+ message = parts[1]
+ return secure_host, message
diff --git a/common/busrpc/busrpc/misc.py b/common/busrpc/busrpc/misc.py
index 0d50441..6818c35 100644
--- a/common/busrpc/busrpc/misc.py
+++ b/common/busrpc/busrpc/misc.py
@@ -3,20 +3,20 @@ import simplejson
import busrpc.rpc
import qpid_transport
-def encode_partial_rpc_message(sender, namespace, method):
- return ''.join(['from:', sender, '\n',
- 'ns:', namespace, '\n',
- 'method:', method, '\n\n'])
+def encode_rpc_request(sender, namespace, method, hostname, args, cert_mgr=None):
+ retval = ''.join([_encode_partial_rpc_message(sender,
+ namespace,
+ method,
+ hostname),
+ '\n',
+ args])
+ if not cert_mgr == None:
+ retval = cert_mgr.encrypt_message(hostname, retval)
+ return retval
-def encode_rpc_message(sender, namespace, method, args):
- return ''.join(['from:', sender, '\n',
- 'ns:', namespace, '\n',
- 'method:', method, '\n\n', args])
-def encode_rpc_response(sender, namespace, called_method, results, headers=None):
- retval = ''.join(['from:', sender, '\n',
- 'ns:', namespace, '\n',
- 'method:', called_method, '\n'])
+def encode_rpc_response(sender, hostname, namespace, called_method, results, headers=None, cert_mgr=None):
+ retval = _encode_partial_rpc_message(sender, namespace, called_method, hostname)
if not headers == None:
for key in headers.iterkeys():
retval = retval + key + ':' + headers[key] + '\n'
@@ -24,13 +24,32 @@ def encode_rpc_response(sender, namespace, called_method, results, headers=None)
else:
retval = retval + '\n'
retval = retval + results
+ if not cert_mgr == None:
+ retval = cert_mgr.encrypt_message(hostname, retval)
return retval
-def decode_rpc_message(message):
- headers, args = message.split('\n\n')
+def _encode_partial_rpc_message(sender, namespace, method, hostname):
+ return ''.join(['from:', sender, '\n',
+ 'host:', hostname, '\n',
+ 'ns:', namespace, '\n',
+ 'method:', method, '\n'])
+
+def decode_rpc_request(message, cert_mgr=None):
+ if not cert_mgr == None:
+ try:
+ message = cert_mgr.decrypt_message(message)
+ except Exception, e:
+ print '[DecodeReq]Decryption failed: %s' % (e)
+ print '[DecodeReq]Decrypted message (%d):\n%s' % (len(message), message)
+ headers, args = message.split('\n\n')
+ else:
+ headers, args = message.split('\n\n')
+ if is_secure(headers):
+ raise qpid_transport.QpidTransportException('CertManager not found for secure content')
sender = None
namespace = None
method = None
+ hostname = None
parts = headers.split('\n')
for i in range(len(parts)):
line_parts = parts[i].split(':')
@@ -40,14 +59,25 @@ def decode_rpc_message(message):
namespace = line_parts[1].strip(' ')
elif line_parts[0] == 'method':
method = line_parts[1].strip(' ')
+ elif line_parts[0] == 'host':
+ hostname = line_parts[1].strip(' ')
if not (sender == None and namespace == None
and method == None and args == None):
- return sender, namespace, method, args.strip(' ')
+ return sender, hostname, namespace, method, args.strip(' ')
else:
return None, None, None, None
-def decode_rpc_response(message):
- all_headers, results = message.split('\n\n')
+def decode_rpc_response(message, cert_mgr=None):
+ if not cert_mgr == None:
+ try:
+ message = cert_mgr.decrypt_message(message)
+ except Exception, e:
+ print '[DecodeResp]Decryption failed: %s' % (e)
+ all_headers, results = message.split('\n\n')
+ else:
+ all_headers, results = message.split('\n\n')
+ if is_secure(all_headers):
+ raise qpid_transport.QpidTransportException('CertManager not found for secure content')
sender = None
namespace = None
method = None
@@ -67,6 +97,9 @@ def decode_rpc_response(message):
headers[name] = value
return sender, namespace, method, headers, simplejson.loads(results)
+def is_secure(raw_headers):
+ return raw_headers.startswith('secure-host')
+
def decode_object(obj):
return simplejson.loads(obj)
diff --git a/common/busrpc/busrpc/qpid_transport.py b/common/busrpc/busrpc/qpid_transport.py
index 2130f42..9d21cb2 100644
--- a/common/busrpc/busrpc/qpid_transport.py
+++ b/common/busrpc/busrpc/qpid_transport.py
@@ -1,9 +1,9 @@
import os
+import socket
import threading
import Queue
import time
-
-import pp
+from M2Crypto import RSA
import qpid.spec
import qpid.content
@@ -12,6 +12,7 @@ import qpid.queue
import qpid.peer
from busrpc.transport import Transport, ServerTransport
+from busrpc.crypto import CertManager
import busrpc.qpid_util as qpid_util
class QpidTransportException(Exception):
@@ -20,12 +21,13 @@ class QpidTransportException(Exception):
self.message = message
def __str__(self):
- return repr(self.message)
+ return repr(self.message)
class QpidTransport(Transport):
def __init__(self, host='localhost', port=5672, user='guest',
password='guest', vhost='development'):
+ self.nethostname = socket.gethostname()
self.host = host
self.port = port
self.user = user
@@ -79,10 +81,10 @@ class QpidTransport(Transport):
vhost=self.vhost)
def send_message(self, to, message):
- properties={"Content-Type":"text/plain", "Reply-To": self.queue_name}
- qpid_util.publish_message(self, exchange_name=self.exchange_name,
- routing_key_name=to, props=properties,
- message=message)
+ properties = {"Content-Type":"text/plain", "Reply-To": self.queue_name}
+ qpid_util.publish_message(self, exchange_name=self.exchange_name,
+ routing_key_name=to, message=message,
+ props=properties)
def send_message_wait(self, to, message, timeout=60):
self.send_message(to, message)
@@ -104,11 +106,12 @@ class QpidTransport(Transport):
def declare_queue(self):
return qpid_util.declare_queue(self, create=True, auto_remove=True)
+
class QpidServerTransport(QpidTransport, ServerTransport):
def __init__(self, service_name, host='localhost', port=5672, user='guest',
- password='guest', vhost='development', workers=2):
+ password='guest', vhost='development', workers=2, certdir=None, cryptopassword=None):
self.service_name = service_name
self.callback = None
self.max_workers = workers
@@ -148,7 +151,12 @@ class QpidServerTransport(QpidTransport, ServerTransport):
def _dispatch(self):
while not self.is_stopped:
call_body = self.pending_calls.get()
- addr, reply = self.callback(call_body)
+ try:
+ addr, reply = self.callback(call_body)
+ except TypeError, e:
+ print e
+ return
+
if addr == None or reply == None:
return
else:
diff --git a/common/busrpc/busrpc/qpid_util.py b/common/busrpc/busrpc/qpid_util.py
index fa3ee29..7d8c4f2 100644
--- a/common/busrpc/busrpc/qpid_util.py
+++ b/common/busrpc/busrpc/qpid_util.py
@@ -1,6 +1,10 @@
+from M2Crypto import RSA
+import base64
+
import qpid.content
import qpid.queue
+from busrpc.crypto import CertManager, CryptoException
def declare_exchange(caller, channel_id=1,exchange_name='',
create=False, auto_remove=False,
diff --git a/common/busrpc/busrpc/rpc.py b/common/busrpc/busrpc/rpc.py
index 2d57098..9f0bb0c 100644
--- a/common/busrpc/busrpc/rpc.py
+++ b/common/busrpc/busrpc/rpc.py
@@ -1,18 +1,23 @@
+import socket
+
import busrpc.qpid_transport as qpid_transport
from busrpc.misc import *
class _LocalRPCMethod(object):
- def __init__(self, transport, server, namespace, method_name):
+ def __init__(self, transport, server, namespace, method_name, hostname, cert_mgr=None):
self.transport = transport
self.server = server
self.namespace = namespace
self.method_name = method_name
+ self.hostname = hostname
+ self.cert_mgr = cert_mgr
self.results = {}
self.params = {}
- self.partial_encoded_message = encode_partial_rpc_message(self.transport.queue_name,
- self.namespace,
- self.method_name)
+## self.partial_encoded_message = encode_partial_rpc_message(self.transport.queue_name,
+## self.namespace,
+## self.method_name,
+## self.hostname)
def __call__(self, *args, **kwargs):
results = None
@@ -35,10 +40,15 @@ class _LocalRPCMethod(object):
self.params[args] = params
else:
params = encode_object(args)
- encoded_call = self.partial_encoded_message + params
+ encoded_call = encode_rpc_request(self.transport.queue_name,
+ self.namespace,
+ self.method_name,
+ self.hostname,
+ params,
+ cert_mgr=self.cert_mgr)
if not async_call:
raw_results = self.transport.send_message_wait(self.server, encoded_call)
- sender, namespace, method, headers, results = decode_rpc_response(raw_results)
+ sender, namespace, method, headers, results = decode_rpc_response(raw_results, cert_mgr=self.cert_mgr)
if cache_return and headers.has_key('cache_results'):
self.results[args] = results
results = self.results[args]
@@ -50,11 +60,13 @@ class _LocalRPCMethod(object):
class RPCProxy(object):
- def __init__(self, name, service, transport):
+ def __init__(self, name, service, transport, cert_mgr=None):
attrs = self.__dict__
attrs['server_name'] = name
attrs['service'] = service
attrs['transport'] = transport
+ attrs['hostname'] = socket.gethostname()
+ attrs['cert_mgr'] = cert_mgr
def __getattr__(self, name):
retval = None
@@ -67,24 +79,25 @@ class RPCProxy(object):
def _make_method(self, method_name):
attrs = self.__dict__
- method = _LocalRPCMethod(attrs['transport'], attrs['server_name'], attrs['service'], method_name)
+ method = _LocalRPCMethod(attrs['transport'], attrs['server_name'], attrs['service'], method_name,
+ attrs['hostname'], cert_mgr=attrs['cert_mgr'])
return method
-def build_proxy(service_handle, transport):
+def build_proxy(service_handle, transport, cert_mgr=None):
hostname, server, service = service_handle.split('!')
- return RPCProxy(hostname + "!" + server, service, transport)
+ return RPCProxy(hostname + "!" + server, service, transport, cert_mgr=cert_mgr)
-def lookup_service(name, transport, host=None):
+def lookup_service(name, transport, cert_mgr=None, host=None):
if transport == None:
transport = qpid_transport.QpidTransport()
transport.connect()
- bridge = busrpc.rpc.RPCProxy("busrpc.Bridge", "bridge", transport)
+ bridge = busrpc.rpc.RPCProxy("busrpc.Bridge", "bridge", transport, cert_mgr=cert_mgr)
retval = None
if name == "bridge":
retval = bridge
else:
service_handle = bridge.lookup_service(name, host)
if not service_handle == None:
- retval = build_proxy(service_handle, transport)
+ retval = build_proxy(service_handle, transport, cert_mgr=cert_mgr)
return retval
diff --git a/common/busrpc/busrpc/services.py b/common/busrpc/busrpc/services.py
index bd7ae3e..47823cc 100644
--- a/common/busrpc/busrpc/services.py
+++ b/common/busrpc/busrpc/services.py
@@ -5,6 +5,7 @@ import socket
import busrpc.qpid_transport
import busrpc.rpc
+from busrpc.crypto import CertManager
from busrpc.misc import *
def _extract_names(full_class_name):
@@ -31,6 +32,8 @@ class RPCDispatcher(object):
self.instances = {}
self.hostname = socket.gethostname()
self.name = config.server_name
+ certdir = config.get_value('busrpc.crypto.certdir')
+ pwd = config.get_value('busrpc.crypto.password')
if register_with_bridge:
self.transport = busrpc.qpid_transport.QpidServerTransport(self.hostname + "!" + self.name)
else:
@@ -39,8 +42,9 @@ class RPCDispatcher(object):
self.register_with_bridge = register_with_bridge
self.runner_thread = None
self.instance_method_cache = {}
+ self.cert_mgr = CertManager(certdir, self.hostname)
self.client_transport = self.transport.clone()
- self.bridge = busrpc.rpc.lookup_service('bridge', self.client_transport)
+ self.bridge = busrpc.rpc.lookup_service('bridge', self.client_transport, cert_mgr=self.cert_mgr)
for name in config.instances.iterkeys():
instance = config.instances[name]
self.add_instance(name, _create_instance(config, instance))
@@ -75,7 +79,12 @@ class RPCDispatcher(object):
self.instances.clear()
def dispatch(self, message):
- sender, namespace, called_method, encoded_params = decode_rpc_message(message)
+ sender, hostname, namespace, called_method, encoded_params = decode_rpc_request(message, cert_mgr=self.cert_mgr)
+ print "Sender: %s, Host: %s, Namespace: %s, Method: %s, Encoded Params: %s" % (sender,
+ hostname,
+ namespace,
+ called_method,
+ encoded_params)
if sender == None or namespace == None:
return
cache_key = ''.join([namespace, '.', called_method])
@@ -83,16 +92,21 @@ class RPCDispatcher(object):
try:
method = self.instance_method_cache[cache_key]
except KeyError:
- instance = self.instances[namespace]
- method = self._resolve_method(instance, called_method)
- self.instance_method_cache[cache_key] = method
+ try:
+ print self.instances
+ instance = self.instances[namespace]
+ method = self._resolve_method(instance, called_method)
+ self.instance_method_cache[cache_key] = method
+ except KeyError, e:
+ print e
+ return
params = decode_object(encoded_params)
results = method(*params)
headers = {}
if hasattr(method, '_header_generator'):
method._header_generator(headers)
- return sender, encode_rpc_response(self.name, namespace, called_method,
- encode_object(results), headers)
+ return sender, encode_rpc_response(self.name, hostname, namespace, called_method,
+ encode_object(results), headers=headers, cert_mgr=self.cert_mgr)
def add_instance(self, namespace, instance):
self.instances[namespace] = instance
diff --git a/common/busrpc/busrpc/test/test_client.py b/common/busrpc/busrpc/test/test_client.py
index df7ebcc..db6dacd 100644
--- a/common/busrpc/busrpc/test/test_client.py
+++ b/common/busrpc/busrpc/test/test_client.py
@@ -2,13 +2,16 @@ import time
import sys
from busrpc.rpc import lookup_service
+from busrpc.crypto import CertManager
import busrpc.qpid_transport
transport = busrpc.qpid_transport.QpidTransport()
transport.connect()
-fp = lookup_service("foo", transport, 'bogon.rdu.redhat.com')
-bp = lookup_service("bar", fp.transport)
+cm = CertManager('/home/rdu/ksmith/tmp', 'bogon.rdu.redhat.com')
+
+fp = lookup_service("foo", transport, host='bogon.rdu.redhat.com', cert_mgr=cm)
+bp = lookup_service("bar", fp.transport, cert_mgr=cm)
if fp == None or bp == None:
print "Lookup failed :("
sys.exit(-1)
@@ -22,7 +25,7 @@ for i in range(0, iterations):
end = time.time()
total_time = total_time + (end - start)
start = time.time()
- bp.add(3, 10, rpc_async=True)
+ bp.add(3, 10)
end = time.time()
total_time = total_time + (end - start)
start = time.time()
diff --git a/common/busrpc/configs/bridge.conf b/common/busrpc/configs/bridge.conf
index 84e5c9c..626479e 100644
--- a/common/busrpc/configs/bridge.conf
+++ b/common/busrpc/configs/bridge.conf
@@ -1,2 +1,4 @@
busrpc.server.name=busrpc.Bridge
busrpc.instance.bridge=busrpc.bridge.Bridge
+busrpc.crypto.password=foo
+busrpc.crypto.certdir=/home/rdu/ksmith/tmp
diff --git a/common/busrpc/configs/bridge.conf b/common/busrpc/configs/secure-bridge.conf
similarity index 73%
copy from common/busrpc/configs/bridge.conf
copy to common/busrpc/configs/secure-bridge.conf
index 84e5c9c..ed053fa 100644
--- a/common/busrpc/configs/bridge.conf
+++ b/common/busrpc/configs/secure-bridge.conf
@@ -1,2 +1,3 @@
busrpc.server.name=busrpc.Bridge
busrpc.instance.bridge=busrpc.bridge.Bridge
+busrpc.crypto.certdir=/tmp/
diff --git a/common/busrpc/configs/test.conf b/common/busrpc/configs/secure-test.conf
similarity index 87%
copy from common/busrpc/configs/test.conf
copy to common/busrpc/configs/secure-test.conf
index 5365811..7b5588b 100644
--- a/common/busrpc/configs/test.conf
+++ b/common/busrpc/configs/secure-test.conf
@@ -2,3 +2,5 @@ busrpc.server.name=com.redhat.busrpc.Server
busrpc.instance.foo=busrpc.test.test_service.Foo
busrpc.instance.foo=busrpc.test.test_service.Foo
busrpc.instance.bar=busrpc.test.test_service.Bar
+busrpc.crypto.certdir=/tmp
+
diff --git a/common/busrpc/configs/system-local.conf b/common/busrpc/configs/system-local.conf
deleted file mode 100644
index 3c0f9ae..0000000
--- a/common/busrpc/configs/system-local.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-<!DOCTYPE busconfig PUBLIC
- "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
- <policy user="alikins">
- <allow own="com.redhat.busrpc.Server" />
- <allow own="com.redhat.busrpc.Bridge" />
- </policy>
-
- <policy context="default">
- <allow send_interface="com.redhat.busrpc.Server" />
- <allow send_interface="com.redhat.busrpc.Bridge" />
- </policy>
-</busconfig>
-
diff --git a/common/busrpc/configs/test.conf b/common/busrpc/configs/test.conf
index 5365811..eb1248f 100644
--- a/common/busrpc/configs/test.conf
+++ b/common/busrpc/configs/test.conf
@@ -2,3 +2,6 @@ busrpc.server.name=com.redhat.busrpc.Server
busrpc.instance.foo=busrpc.test.test_service.Foo
busrpc.instance.foo=busrpc.test.test_service.Foo
busrpc.instance.bar=busrpc.test.test_service.Bar
+busrpc.crypto.password=foo
+busrpc.crypto.certdir=/home/rdu/ksmith/tmp
+
diff --git a/common/busrpc/scripts/start-bridge b/common/busrpc/scripts/start-secure-bridge
similarity index 57%
copy from common/busrpc/scripts/start-bridge
copy to common/busrpc/scripts/start-secure-bridge
index e44bea1..1242a4b 100755
--- a/common/busrpc/scripts/start-bridge
+++ b/common/busrpc/scripts/start-secure-bridge
@@ -2,6 +2,6 @@
from busrpc.bridge import start_bridge
-start_bridge("../configs/bridge.conf")
+start_bridge("../configs/secure-bridge.conf")
diff --git a/common/busrpc/scripts/start-secure-test-client b/common/busrpc/scripts/start-secure-test-client
new file mode 100755
index 0000000..959b3cf
--- /dev/null
+++ b/common/busrpc/scripts/start-secure-test-client
@@ -0,0 +1,9 @@
+#! /usr/bin/python
+
+from socket import gethostname
+from busrpc.test.test_client import do_test
+from busrpc.crypto import CertManager
+
+cm = CertManager('/tmp', gethostname())
+do_test(cert_mgr=cm)
+
diff --git a/common/busrpc/scripts/start-test-service b/common/busrpc/scripts/start-secure-test-service
similarity index 62%
copy from common/busrpc/scripts/start-test-service
copy to common/busrpc/scripts/start-secure-test-service
index c0d7a30..37ffcf9 100755
--- a/common/busrpc/scripts/start-test-service
+++ b/common/busrpc/scripts/start-secure-test-service
@@ -2,4 +2,4 @@
from busrpc.test.test_service import start_service
-start_service("../configs/test.conf")
\ No newline at end of file
+start_service("../configs/secure-test.conf")
diff --git a/common/busrpc/scripts/start-test-client b/common/busrpc/scripts/start-test-client
new file mode 100755
index 0000000..76569a5
--- /dev/null
+++ b/common/busrpc/scripts/start-test-client
@@ -0,0 +1,6 @@
+#! /usr/bin/python
+
+from busrpc.test.test_client import do_test
+
+do_test()
+
hooks/update
---
Git Source Code Management System
hooks/update refs/heads/master \
932009de08a6e5e352ccea5f2de31707e3b6de66 \
0d8133e5bd71c6cb83dda4e78e44d0d3b56bd0f8
More information about the Et-mgmt-commits-list
mailing list