2 # This module implements a general-purpose server layer for sfa.
3 # The same basic server should be usable on the registry, component, or
6 # TODO: investigate ways to combine this with existing PLC server?
15 import SimpleHTTPServer
16 import SimpleXMLRPCServer
17 from OpenSSL import SSL
19 from sfa.util.sfalogging import logger
20 from sfa.trust.certificate import Keypair, Certificate
21 from sfa.trust.credential import *
22 from sfa.util.faults import *
23 from sfa.plc.api import ComponentAPI
24 from sfa.server.sfaserver import verify_callback, ThreadedServer
28 # taken from the web (XXX find reference). Implents HTTPS xmlrpc request handler
30 class SecureXMLRpcRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler):
31 """Secure XML-RPC request handler class.
33 It it very similar to SimpleXMLRPCRequestHandler but it uses HTTPS for transporting XML data.
36 self.connection = self.request
37 self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
38 self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)
41 """Handles the HTTPS POST request.
43 It was copied out from SimpleXMLRPCServer.py and modified to shutdown the socket cleanly.
46 peer_cert = Certificate()
47 peer_cert.load_from_pyopenssl_x509(self.connection.get_peer_certificate())
48 self.api = ComponentAPI(peer_cert = peer_cert,
49 interface = self.server.interface,
50 key_file = self.server.key_file,
51 cert_file = self.server.cert_file)
53 request = self.rfile.read(int(self.headers["content-length"]))
54 # In previous versions of SimpleXMLRPCServer, _dispatch
55 # could be overridden in this class, instead of in
56 # SimpleXMLRPCDispatcher. To maintain backwards compatibility,
57 # check to see if a subclass implements _dispatch and dispatch
58 # using that method if present.
59 #response = self.server._marshaled_dispatch(request, getattr(self, '_dispatch', None))
60 # XX TODO: Need to get the real remote address
61 remote_addr = (remote_ip, remote_port) = self.connection.getpeername()
62 self.api.remote_addr = remote_addr
63 #remote_addr = (self.rfile.connection.remote_ip, remote_port)
64 #self.api.remote_addr = remote_addr
65 response = self.api.handle(remote_addr, request)
68 except Exception, fault:
70 # This should only happen if the module is buggy
71 # internal error, report as HTTP server error
72 self.send_response(500)
74 logger.log_exc("componentserver.SecureXMLRpcRequestHandler.do_POST")
76 # got a valid XML RPC response
77 self.send_response(200)
78 self.send_header("Content-type", "text/xml")
79 self.send_header("Content-length", str(len(response)))
81 self.wfile.write(response)
83 # shut down the connection
85 self.connection.shutdown() # Modified here!
88 # Implements an HTTPS XML-RPC server. Generally it is expected that SFA
89 # functions will take a credential string, which is passed to
90 # decode_authentication. Decode_authentication() will verify the validity of
91 # the credential, and verify that the user is using the key that matches the
92 # GID supplied in the credential.
94 class ComponentServer(threading.Thread):
97 # Create a new SfaServer object.
99 # @param ip the ip address to listen on
100 # @param port the port to listen on
101 # @param key_file private key filename of registry
102 # @param cert_file certificate filename containing public key
103 # (could be a GID file)
105 def __init__(self, ip, port, key_file, cert_file, api=None):
106 threading.Thread.__init__(self)
107 self.key = Keypair(filename = key_file)
108 self.cert = Certificate(filename = cert_file)
109 self.server = ThreadedServer((ip, port), SecureXMLRpcRequestHandler, key_file, cert_file)
110 self.trusted_cert_list = None
111 self.register_functions()
115 # Register functions that will be served by the XMLRPC server. This
116 # function should be overrided by each descendant class.
118 def register_functions(self):
119 self.server.register_function(self.noop)
122 # Sample no-op server function. The no-op function decodes the credential
123 # that was passed to it.
125 def noop(self, cred, anything):
126 self.decode_authentication(cred)
131 # Execute the server, serving requests forever.
134 self.server.serve_forever()