[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

extras-buildsys/common SSLCommon.py, NONE, 1.1 HTTPSURLopener.py, 1.1, 1.2 SSLXMLRPCServerProxy.py, 1.1, 1.2 SimpleHTTPSServer.py, 1.2, 1.3 SimpleSSLXMLRPCServer.py, 1.1, 1.2



Author: dcbw

Update of /cvs/fedora/extras-buildsys/common
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24524/common

Modified Files:
	HTTPSURLopener.py SSLXMLRPCServerProxy.py SimpleHTTPSServer.py 
	SimpleSSLXMLRPCServer.py 
Added Files:
	SSLCommon.py 
Log Message:
2005-06-13  Dan Williams <dcbw redhat com>

    * common/HTTPSURLopener.py
      common/SSLXMLRPCServerProxy.py
      common/SimpleHTTPSServer.py
      common/SimpleSSLXMLRPCServer.py
      common/SSLCommon.py
        - Refactor _initSSLContext() usage into SSLCommon.py

    * common/SimpleSSLXMLRPCServer.py
        - Route all requests through new class VerifiableSimpleXMLRPCRequestHander
            which has the ability to callback the server for client certificate
            verification.




--- NEW FILE SSLCommon.py ---
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Library General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# Copyright 2005 Dan Williams <dcbw redhat com> and Red Hat, Inc.

from M2Crypto import SSL
import os


def quietCallback(self, *args):
    """
    This prevents SSL printing out stuff to stderr/stdout.
    """
    return

def getSSLContext(certfile, keyfile, ca_certfile, session_id='ssl_session'):
    """
    Helper method for m2crypto's SSL libraries.
    """
    for f in certfile, keyfile, ca_certfile:
        if not os.access(f, os.R_OK):
            print "%s does not exist or is not readable." % f
            os._exit(1)

    ctx = SSL.Context('sslv3')
    ctx.load_cert(certfile, keyfile)
    ctx.load_client_ca(ca_certfile)
    ctx.load_verify_info(ca_certfile)
    ctx.set_allow_unknown_ca(False)
    verify = SSL.verify_peer | SSL.verify_fail_if_no_peer_cert
    ctx.set_verify(verify, 10)
    ctx.set_session_id_ctx(session_id)
    ctx.set_info_callback(quietCallback)
    return ctx
    


Index: HTTPSURLopener.py
===================================================================
RCS file: /cvs/fedora/extras-buildsys/common/HTTPSURLopener.py,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- HTTPSURLopener.py	9 Jun 2005 01:57:40 -0000	1.1
+++ HTTPSURLopener.py	13 Jun 2005 05:12:09 -0000	1.2
@@ -20,38 +20,13 @@
 from urllib import *
 
 from M2Crypto import SSL, httpslib
+import SSLCommon
 
 class HTTPSURLopener(urllib.URLopener):
     def __init__(self, certfile, keyfile, ca_certfile):
-        self.ctx = self._initSSLContext(certfile, keyfile, ca_certfile)
+        self.ctx = SSLCommon.getSSLContext(certfile, keyfile, ca_certfile)
         urllib.URLopener.__init__(self)
 
-    def _initSSLContext(self, certfile, keyfile, ca_certfile):
-        """
-        Helper method for m2crypto's SSL libraries.
-        """
-        for f in certfile, keyfile, ca_certfile:
-            if not os.access(f, os.R_OK):
-                print "%s does not exist or is not readable." % f
-                os._exit(1)
-
-        ctx = SSL.Context('sslv3')
-        ctx.load_cert(certfile, keyfile)
-        ctx.load_client_ca(ca_certfile)
-        ctx.load_verify_info(ca_certfile)
-        ctx.set_allow_unknown_ca(False)
-        verify = SSL.verify_peer | SSL.verify_fail_if_no_peer_cert
-        ctx.set_verify(verify, 10)
-        ctx.set_session_id_ctx('ssl-file-download')
-        ctx.set_info_callback(self._quietCallback)
-        return ctx
-        
-    def _quietCallback(self, *args):
-        """
-        This prevents XML-RPC from printing out stuff to stderr/stdout.
-        """
-        return
-
     def open_https(self, url, data=None):
         """
         Inspired by M2Crypto.m2urllib. The problem here with


Index: SSLXMLRPCServerProxy.py
===================================================================
RCS file: /cvs/fedora/extras-buildsys/common/SSLXMLRPCServerProxy.py,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SSLXMLRPCServerProxy.py	9 Jun 2005 01:57:40 -0000	1.1
+++ SSLXMLRPCServerProxy.py	13 Jun 2005 05:12:09 -0000	1.2
@@ -18,36 +18,10 @@
 import os, sys
 from M2Crypto import SSL
 from M2Crypto.m2xmlrpclib import SSL_Transport, Server
+import SSLCommon
 
 class SSLXMLRPCServerProxy(Server):
     def __init__(self, certfile, keyfile, ca_certfile, uri):
-        ctx = self._initSSLContext(certfile, keyfile, ca_certfile)
-        Server.__init__(self, uri, SSL_Transport(ssl_context=ctx))
-
-
-    def _initSSLContext(self, certfile, keyfile, ca_certfile):
-        """
-        Helper method for m2crypto's SSL libraries.
-        """
-        for f in certfile, keyfile, ca_certfile:
-            if not os.access(f, os.R_OK):
-                print "%s does not exist or is not readable." % f
-                os._exit(1)
-
-        ctx = SSL.Context('sslv3')
-        ctx.load_cert(certfile, keyfile)
-        ctx.load_client_ca(ca_certfile)
-        ctx.load_verify_info(ca_certfile)
-        ctx.set_allow_unknown_ca(False)
-        verify = SSL.verify_peer | SSL.verify_fail_if_no_peer_cert
-        ctx.set_verify(verify, 10)
-        ctx.set_session_id_ctx('xmlrpcssl')
-        ctx.set_info_callback(self._quietCallback)
-        return ctx
-        
-    def _quietCallback(self, *args):
-        """
-        This prevents XML-RPC from printing out stuff to stderr/stdout.
-        """
-        return
+        self.ctx = SSLCommon.getSSLContext(certfile, keyfile, ca_certfile)
+        Server.__init__(self, uri, SSL_Transport(ssl_context=self.ctx))
 


Index: SimpleHTTPSServer.py
===================================================================
RCS file: /cvs/fedora/extras-buildsys/common/SimpleHTTPSServer.py,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- SimpleHTTPSServer.py	10 Jun 2005 01:35:40 -0000	1.2
+++ SimpleHTTPSServer.py	13 Jun 2005 05:12:09 -0000	1.3
@@ -26,7 +26,7 @@
 from SimpleHTTPServer import SimpleHTTPRequestHandler
 from M2Crypto import Rand, SSL
 from M2Crypto.SSL.SSLServer import ThreadingSSLServer
-
+import SSLCommon
 
 class HttpRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
 
@@ -77,38 +77,12 @@
         self.allow_reuse_address = 1
         self.http_dir = http_dir
 
-        ctx = self._initSSLContext(certfile, keyfile, ca_certfile)
-        ThreadingSSLServer.__init__(self, server_addr, HttpRequestHandler, ctx)
+        self.ctx = SSLCommon.getSSLContext(certfile, keyfile, ca_certfile)
+        ThreadingSSLServer.__init__(self, server_addr, HttpRequestHandler, self.ctx)
 
         self.server_name = server_addr[0]
         self.server_port = server_addr[1]
 
-    def _initSSLContext(self, certfile, keyfile, ca_certfile):
-        """
-        Helper method for m2crypto's SSL libraries.
-        """
-        for f in certfile, keyfile, ca_certfile:
-            if not os.access(f, os.R_OK):
-                print "%s does not exist or is not readable." % f
-                os._exit(1)
-
-        ctx = SSL.Context('sslv3')
-        ctx.load_cert(certfile, keyfile)
-        ctx.load_client_ca(ca_certfile)
-        ctx.load_verify_info(ca_certfile)
-        ctx.set_allow_unknown_ca(False)
-        verify = SSL.verify_peer | SSL.verify_fail_if_no_peer_cert
-        ctx.set_verify(verify, 10)
-        ctx.set_session_id_ctx('xmlrpcssl')
-        ctx.set_info_callback(self._quietCallback)
-        return ctx
-        
-    def _quietCallback(self, *args):
-        """
-        This prevents XML-RPC from printing out stuff to stderr/stdout.
-        """
-        return
-
     def finish(self):
         if self.request:
             self.request.set_shutdown(SSL.SSL_RECEIVED_SHUTDOWN | SSL.SSL_SENT_SHUTDOWN)


Index: SimpleSSLXMLRPCServer.py
===================================================================
RCS file: /cvs/fedora/extras-buildsys/common/SimpleSSLXMLRPCServer.py,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SimpleSSLXMLRPCServer.py	9 Jun 2005 01:57:40 -0000	1.1
+++ SimpleSSLXMLRPCServer.py	13 Jun 2005 05:12:09 -0000	1.2
@@ -18,43 +18,33 @@
 import os, sys
 from M2Crypto import SSL
 from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler, SimpleXMLRPCDispatcher
+import SSLCommon
+
+
+class VerifiableSimpleXMLRPCRequestHander(SimpleXMLRPCRequestHandler):
+    def do_POST(self):
+        """
+        Override request handling to provide the server a chance to verify the client
+        """
+        accept = True
+        if self.server.verify_callback:
+            accept = self.server.verify_callback(self.request)
+        if accept:
+            SimpleXMLRPCRequestHandler.do_POST(self)
+        else:
+            self.server.send_error(403, 'You are not authorized to access this resource.')
+
 
 class SimpleSSLXMLRPCServer(SSL.SSLServer, SimpleXMLRPCServer):
     """
     An extension of SimpleXMLRPCServer that allows SSL handling.
     """
-    def __init__(self, certfile, keyfile, ca_certfile, address):
+    def __init__(self, certfile, keyfile, ca_certfile, address, verify_callback=None):
         self.allow_reuse_address = 1
         self.logRequests = 0
+        self.verify_callback = verify_callback
 
-        ctx = self._initSSLContext(certfile, keyfile, ca_certfile)
-        SSL.SSLServer.__init__(self, address, SimpleXMLRPCRequestHandler, ctx) 
+        ctx = SSLCommon.getSSLContext(certfile, keyfile, ca_certfile)
+        SSL.SSLServer.__init__(self, address, VerifiableSimpleXMLRPCRequestHander, ctx) 
 
         SimpleXMLRPCDispatcher.__init__(self)
-
-    def _initSSLContext(self, certfile, keyfile, ca_certfile):
-        """
-        Helper method for m2crypto's SSL libraries.
-        """
-        for f in certfile, keyfile, ca_certfile:
-            if not os.access(f, os.R_OK):
-                print "%s does not exist or is not readable." % f
-                os._exit(1)
-
-        ctx = SSL.Context('sslv3')
-        ctx.load_cert(certfile, keyfile)
-        ctx.load_client_ca(ca_certfile)
-        ctx.load_verify_info(ca_certfile)
-        ctx.set_allow_unknown_ca(False)
-        verify = SSL.verify_peer | SSL.verify_fail_if_no_peer_cert
-        ctx.set_verify(verify, 10)
-        ctx.set_session_id_ctx('xmlrpcssl')
-        ctx.set_info_callback(self._quietCallback)
-        return ctx
-        
-    def _quietCallback(self, *args):
-        """
-        This prevents XML-RPC from printing out stuff to stderr/stdout.
-        """
-        return
-


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]