# Taken from the web (XXX find reference). Implements an HTTPS xmlrpc server
+# xxx should probably use instead http.server.ThreadingHTTPServer
class SecureXMLRPCServer(http.server.HTTPServer,
xmlrpc.server.SimpleXMLRPCDispatcher):
self.method_map = {}
# add cache to the request handler
HandlerClass.cache = Cache()
+
+ # initialize base classes
+ http.server.HTTPServer.__init__(self, server_address, HandlerClass)
xmlrpc.server.SimpleXMLRPCDispatcher.__init__(self, True, None)
- socketserver.BaseServer.__init__(self, server_address, HandlerClass)
+
+ # define SSL context:
+ # require client certificate
ssl_context = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
+ ssl_context.verify_mode = ssl.CERT_REQUIRED
+ # set local certificate/private key
ssl_context.load_cert_chain(cert_file, key_file)
- # If you wanted to verify certs against known CAs..
- # this is how you would do it
- # ssl_context.load_verify_locations('/etc/sfa/trusted_roots/plc.gpo.gid')
+ # define trusted roots as CAs
config = Config()
trusted_cert_files = TrustedRoots(
config.get_trustedroots_dir()).get_file_list()
with open(cert_file) as cafile:
cadata += cafile.read()
ssl_context.load_verify_locations(cadata=cadata)
+
# ctx.set_verify(SSL.VERIFY_PEER |
# SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback)
# ctx.set_verify_depth(5)