git://git.onelab.eu / sfa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
rename sfa-server.py into sfa-start.py
[sfa.git] / sfa / util / server.py
diff --git a/sfa/util/server.py b/sfa/util/server.py
index 34b5b2a..c3ae718 100644 (file)
--- a/sfa/util/server.py
+++ b/sfa/util/server.py
@@ -18,11 +18,13 @@ import SimpleXMLRPCServer
 from OpenSSL import SSL
 
 from sfa.trust.certificate import Keypair, Certificate
+from sfa.trust.trustedroots import TrustedRoots
+from sfa.util.config import Config
 from sfa.trust.credential import *
 from sfa.util.faults import *
 from sfa.plc.api import SfaAPI
 from sfa.util.cache import Cache 
-from sfa.util.sfalogging import sfa_logger
+from sfa.util.sfalogging import logger
 
 ##
 # Verification callback for pyOpenSSL. We do our own checking of keys because
@@ -108,7 +110,7 @@ class SecureXMLRpcRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler):
         except Exception, fault:
             # This should only happen if the module is buggy
             # internal error, report as HTTP server error
-            sfa_logger().log_exc("server.do_POST")
+            logger.log_exc("server.do_POST")
             response = self.api.prepare_response(fault)
             #self.send_response(500)
             #self.end_headers()
@@ -132,7 +134,7 @@ class SecureXMLRPCServer(BaseHTTPServer.HTTPServer,SimpleXMLRPCServer.SimpleXMLR
 
         It it very similar to SimpleXMLRPCServer but it uses HTTPS for transporting XML data.
         """
-        sfa_logger().debug("SecureXMLRPCServer.__init__, server_address=%s, cert_file=%s"%(server_address,cert_file))
+        logger.debug("SecureXMLRPCServer.__init__, server_address=%s, cert_file=%s"%(server_address,cert_file))
         self.logRequests = logRequests
         self.interface = None
         self.key_file = key_file
@@ -151,6 +153,10 @@ class SecureXMLRPCServer(BaseHTTPServer.HTTPServer,SimpleXMLRPCServer.SimpleXMLR
         ctx.use_certificate_file(cert_file)
         # If you wanted to verify certs against known CAs.. this is how you would do it
         #ctx.load_verify_locations('/etc/sfa/trusted_roots/plc.gpo.gid')
+        config = Config()
+        trusted_cert_files = TrustedRoots(config.get_trustedroots_dir()).get_file_list()
+        for cert_file in trusted_cert_files:
+            ctx.load_verify_locations(cert_file)
         ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback)
         ctx.set_verify_depth(5)
         ctx.set_app_data(self)
@@ -165,7 +171,7 @@ class SecureXMLRPCServer(BaseHTTPServer.HTTPServer,SimpleXMLRPCServer.SimpleXMLR
     # the client.
 
     def _dispatch(self, method, params):
-        sfa_logger().debug("SecureXMLRPCServer._dispatch, method=%s"%method)
+        logger.debug("SecureXMLRPCServer._dispatch, method=%s"%method)
         try:
             return SimpleXMLRPCServer.SimpleXMLRPCDispatcher._dispatch(self, method, params)
         except:
@@ -175,6 +181,7 @@ class SecureXMLRPCServer(BaseHTTPServer.HTTPServer,SimpleXMLRPCServer.SimpleXMLR
             raise xmlrpclib.Fault(1,''.join(traceback.format_exception(type, value, tb)))
 
     # override this one from the python 2.7 code
+    # originally defined in class TCPServer
     def shutdown_request(self, request):
         """Called to shutdown and close an individual request."""
         # ---------- 
@@ -280,7 +287,7 @@ class SfaServer(threading.Thread):
         self.server.interface=interface
         self.trusted_cert_list = None
         self.register_functions()
-        sfa_logger().info("Starting SfaServer, interface=%s"%interface)
+        logger.info("Starting SfaServer, interface=%s"%interface)
 
     ##
     # Register functions that will be served by the XMLRPC server. This
sfa