2 # This module implements a general-purpose server layer for sfa.
3 # The same basic server should be usable on the registry, component, or
6 # TODO: investigate ways to combine this with existing PLC server?
9 ### $Id: componentserver.py 17275 2010-03-05 21:37:10Z tmack $
10 ### $URL: http://svn.planet-lab.org/svn/sfa/trunk/sfa/util/componentserver.py $
18 import SimpleHTTPServer
19 import SimpleXMLRPCServer
20 from OpenSSL import SSL
21 from sfa.trust.certificate import Keypair, Certificate
22 from sfa.trust.credential import *
23 from sfa.util.faults import *
24 from sfa.plc.api import ComponentAPI
25 from sfa.util.server import verify_callback, ThreadedServer
26 from sfa.util.debug import log
30 # taken from the web (XXX find reference). Implents HTTPS xmlrpc request handler
32 class SecureXMLRpcRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler):
33 """Secure XML-RPC request handler class.
35 It it very similar to SimpleXMLRPCRequestHandler but it uses HTTPS for transporting XML data.
38 self.connection = self.request
39 self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
40 self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)
43 """Handles the HTTPS POST request.
45 It was copied out from SimpleXMLRPCServer.py and modified to shutdown the socket cleanly.
48 peer_cert = Certificate()
49 peer_cert.load_from_pyopenssl_x509(self.connection.get_peer_certificate())
50 self.api = ComponentAPI(peer_cert = peer_cert,
51 interface = self.server.interface,
52 key_file = self.server.key_file,
53 cert_file = self.server.cert_file)
55 request = self.rfile.read(int(self.headers["content-length"]))
56 # In previous versions of SimpleXMLRPCServer, _dispatch
57 # could be overridden in this class, instead of in
58 # SimpleXMLRPCDispatcher. To maintain backwards compatibility,
59 # check to see if a subclass implements _dispatch and dispatch
60 # using that method if present.
61 #response = self.server._marshaled_dispatch(request, getattr(self, '_dispatch', None))
62 # XX TODO: Need to get the real remote address
63 remote_addr = (remote_ip, remote_port) = self.connection.getpeername()
64 self.api.remote_addr = remote_addr
65 #remote_addr = (self.rfile.connection.remote_ip, remote_port)
66 #self.api.remote_addr = remote_addr
67 response = self.api.handle(remote_addr, request)
70 except Exception, fault:
72 # This should only happen if the module is buggy
73 # internal error, report as HTTP server error
74 self.send_response(500)
78 # got a valid XML RPC response
79 self.send_response(200)
80 self.send_header("Content-type", "text/xml")
81 self.send_header("Content-length", str(len(response)))
83 self.wfile.write(response)
85 # shut down the connection
87 self.connection.shutdown() # Modified here!
90 # Implements an HTTPS XML-RPC server. Generally it is expected that SFA
91 # functions will take a credential string, which is passed to
92 # decode_authentication. Decode_authentication() will verify the validity of
93 # the credential, and verify that the user is using the key that matches the
94 # GID supplied in the credential.
96 class ComponentServer(threading.Thread):
99 # Create a new SfaServer object.
101 # @param ip the ip address to listen on
102 # @param port the port to listen on
103 # @param key_file private key filename of registry
104 # @param cert_file certificate filename containing public key
105 # (could be a GID file)
107 def __init__(self, ip, port, key_file, cert_file, api=None):
108 threading.Thread.__init__(self)
109 self.key = Keypair(filename = key_file)
110 self.cert = Certificate(filename = cert_file)
111 self.server = ThreadedServer((ip, port), SecureXMLRpcRequestHandler, key_file, cert_file)
112 self.trusted_cert_list = None
113 self.register_functions()
117 # Register functions that will be served by the XMLRPC server. This
118 # function should be overrided by each descendant class.
120 def register_functions(self):
121 self.server.register_function(self.noop)
124 # Sample no-op server function. The no-op function decodes the credential
125 # that was passed to it.
127 def noop(self, cred, anything):
128 self.decode_authentication(cred)
133 # Execute the server, serving requests forever.
136 self.server.serve_forever()