X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fserver%2Fthreadedserver.py;h=7bc434ced7d1f0ef50a9b75fc4607aa12d7737ab;hb=5c1d6fc7677f607761d0dff824017235cfc4b0fe;hp=6dafa0bbb0428c3cf88882f106e5f7f3a873ead1;hpb=ee8a376da1107884bee1ea29248a70e4da8410c9;p=sfa.git diff --git a/sfa/server/threadedserver.py b/sfa/server/threadedserver.py index 6dafa0bb..7bc434ce 100644 --- a/sfa/server/threadedserver.py +++ b/sfa/server/threadedserver.py @@ -11,6 +11,7 @@ import socket import traceback import threading from Queue import Queue +import xmlrpclib import SocketServer import BaseHTTPServer import SimpleXMLRPCServer @@ -21,8 +22,9 @@ from sfa.util.config import Config from sfa.util.cache import Cache from sfa.trust.certificate import Certificate from sfa.trust.trustedroots import TrustedRoots -#can we get rid of that ? -from sfa.plc.api import PlcSfaApi + +# don't hard code an api class anymore here +from sfa.generic import Generic ## # Verification callback for pyOpenSSL. We do our own checking of keys because @@ -41,6 +43,7 @@ def verify_callback(conn, x509, err, depth, preverify): # and ignore them # XXX SMBAKER: I don't know what this error is, but it's being returned + # xxx thierry: this most likely means the cert has a validity range in the future # by newer pl nodes. if err == 9: #print " X509_V_ERR_CERT_NOT_YET_VALID" @@ -70,7 +73,11 @@ def verify_callback(conn, x509, err, depth, preverify): #print " X509_V_ERR_CERT_UNTRUSTED" return 1 - print " error", err, "in verify_callback" + # ignore X509_V_ERR_CERT_SIGNATURE_FAILURE + if err == 7: + return 1 + + logger.debug(" error %s in verify_callback"%err) return 0 @@ -95,11 +102,18 @@ class SecureXMLRpcRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler): try: peer_cert = Certificate() peer_cert.load_from_pyopenssl_x509(self.connection.get_peer_certificate()) - self.api = PlcSfaApi(peer_cert = peer_cert, - interface = self.server.interface, - key_file = self.server.key_file, - cert_file = self.server.cert_file, - cache = self.cache) + generic=Generic.the_flavour() + self.api = generic.make_api (peer_cert = peer_cert, + interface = self.server.interface, + key_file = self.server.key_file, + cert_file = self.server.cert_file, + cache = self.cache) + #logger.info("SecureXMLRpcRequestHandler.do_POST:") + #logger.info("interface=%s"%self.server.interface) + #logger.info("key_file=%s"%self.server.key_file) + #logger.info("api=%s"%self.api) + #logger.info("server=%s"%self.server) + #logger.info("handler=%s"%self) # get arguments request = self.rfile.read(int(self.headers["content-length"])) remote_addr = (remote_ip, remote_port) = self.connection.getpeername() @@ -127,12 +141,13 @@ class SecureXMLRpcRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler): ## # Taken from the web (XXX find reference). Implements an HTTPS xmlrpc server class SecureXMLRPCServer(BaseHTTPServer.HTTPServer,SimpleXMLRPCServer.SimpleXMLRPCDispatcher): + def __init__(self, server_address, HandlerClass, key_file, cert_file, logRequests=True): """Secure XML-RPC server. It it very similar to SimpleXMLRPCServer but it uses HTTPS for transporting XML data. """ - logger.debug("SecureXMLRPCServer.__init__, server_address=%s, cert_file=%s"%(server_address,cert_file)) + logger.debug("SecureXMLRPCServer.__init__, server_address=%s, cert_file=%s, key_file=%s"%(server_address,cert_file,key_file)) self.logRequests = logRequests self.interface = None self.key_file = key_file