# TODO: investigate ways to combine this with existing PLC server?
##
-import SimpleXMLRPCServer
+### $Id$
+### $URL$
import sys
import traceback
import threading
+import socket, os
+
import SocketServer
import BaseHTTPServer
import SimpleHTTPServer
import SimpleXMLRPCServer
-import xmlrpclib
-import string
+
+from OpenSSL import SSL
+
+from geni.trust.certificate import Keypair, Certificate
+from geni.trust.credential import *
+
+from geni.util.faults import *
from geni.util.api import GeniAPI
+from geni.util.debug import log
##
# Verification callback for pyOpenSSL. We do our own checking of keys because
print " error", err, "in verify_callback"
- return 0\r
+ return 0
##
# Taken from the web (XXX find reference). Implements an HTTPS xmlrpc server
It it very similar to SimpleXMLRPCServer but it uses HTTPS for transporting XML data.
"""
self.logRequests = logRequests
-
+ self.interface = None
+ self.key_file = key_file
+ self.cert_file = cert_file
SimpleXMLRPCServer.SimpleXMLRPCDispatcher.__init__(self, True, None)
SocketServer.BaseServer.__init__(self, server_address, HandlerClass)
ctx = SSL.Context(SSL.SSLv23_METHOD)
It it very similar to SimpleXMLRPCRequestHandler but it uses HTTPS for transporting XML data.
"""
def setup(self):
- #self.api = GeniAPI()
self.connection = self.request
self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)
It was copied out from SimpleXMLRPCServer.py and modified to shutdown the socket cleanly.
"""
-
+ self.api = GeniAPI(peer_cert = self.server.peer_cert, interface = self.server.interface, key_file = self.server.key_file, cert_file = self.server.cert_file)
try:
# get arguments
request = self.rfile.read(int(self.headers["content-length"]))
-
# In previous versions of SimpleXMLRPCServer, _dispatch
# could be overridden in this class, instead of in
# SimpleXMLRPCDispatcher. To maintain backwards compatibility,
# check to see if a subclass implements _dispatch and dispatch
# using that method if present.
- response = self.server._marshaled_dispatch(request, getattr(self, '_dispatch', None))
- #response = self.api.handle(None, request)
-
- except: # This should only happen if the module is buggy
+ #response = self.server._marshaled_dispatch(request, getattr(self, '_dispatch', None))
+ # XX TODO: Need to get the real remote address
+ source = None
+ response = self.api.handle(source, request)
+
+
+ except Exception, fault:
+ # This should only happen if the module is buggy
# internal error, report as HTTP server error
self.send_response(500)
-
self.end_headers()
else:
# got a valid XML RPC response
self.trusted_cert_list = None
self.register_functions()
- ##
- # Decode the credential string that was submitted by the caller. Several
- # checks are performed to ensure that the credential is valid, and that the
- # callerGID included in the credential matches the caller that is
- # connected to the HTTPS connection.
-
- def decode_authentication(self, cred_string, operation):
- self.client_cred = Credential(string = cred_string)
- self.client_gid = self.client_cred.get_gid_caller()
- self.object_gid = self.client_cred.get_gid_object()
-
- # make sure the client_gid is not blank
- if not self.client_gid:
- raise MissingCallerGID(self.client_cred.get_subject())
-
- # make sure the client_gid matches client's certificate
- peer_cert = self.server.peer_cert
- if not peer_cert.is_pubkey(self.client_gid.get_pubkey()):
- raise ConnectionKeyGIDMismatch(self.client_gid.get_subject())
-
- # make sure the client is allowed to perform the operation
- if operation:
- if not self.client_cred.can_perform(operation):
- raise InsufficientRights(operation)
-
- if self.trusted_cert_list:
- self.client_cred.verify_chain(self.trusted_cert_list)
- if self.client_gid:
- self.client_gid.verify_chain(self.trusted_cert_list)
- if self.object_gid:
- self.object_gid.verify_chain(self.trusted_cert_list)
##
# Register functions that will be served by the XMLRPC server. This