From: David E. Eisenstat <deisenst@cs.princeton.edu>
Date: Fri, 10 Nov 2006 19:07:29 +0000 (+0000)
Subject: Certificate-checking xmlrpc interface + use /usr/boot/pubring.gpg as the default... 
X-Git-Tag: planetlab-4_0-rc1~63
X-Git-Url: http://git.onelab.eu/?p=nodemanager.git;a=commitdiff_plain;h=b0deb4f91ea673181a2db5ee432f8d9c36fc7312

Certificate-checking xmlrpc interface + use /usr/boot/pubring.gpg as the default keyring when invoking gpg.
---

diff --git a/plcapi.py b/plcapi.py
index 11d37db..e89663d 100644
--- a/plcapi.py
+++ b/plcapi.py
@@ -1,9 +1,9 @@
-import xmlrpclib
+import safexmlrpc
 import hmac, sha
 
 class PLCAPI:
     """
-    Wrapper around xmlrpclib.ServerProxy to automagically add an Auth
+    Wrapper around safexmlrpc.ServerProxy to automagically add an Auth
     struct as the first argument to every XML-RPC call. Initialize
     auth with either:
 
@@ -23,7 +23,7 @@ class PLCAPI:
             self.node_id = self.key = None
             self.session = auth
 
-        self.server = xmlrpclib.ServerProxy(uri, allow_none = 1, **kwds)
+        self.server = safexmlrpc.ServerProxy(uri, allow_none = 1, **kwds)
 
     def add_auth(self, function):
         """
diff --git a/safexmlrpc.py b/safexmlrpc.py
new file mode 100644
index 0000000..96865df
--- /dev/null
+++ b/safexmlrpc.py
@@ -0,0 +1,24 @@
+"""Leverage curl to make XMLRPC requests that check the server's credentials."""
+
+from subprocess import PIPE, Popen
+import xmlrpclib
+
+
+CURL = '/usr/bin/curl'
+
+class CertificateCheckingSafeTransport(xmlrpclib.Transport):
+    def request(self, host, handler, request_body, verbose=0):
+        self.verbose = verbose
+        p = Popen((CURL, '--cacert', '/usr/boot/cacert.pem', '--data', '@-', 'https://%s%s' % (host, handler)), stdin=PIPE, stdout=PIPE, stderr=PIPE)
+        p.stdin.write(request_body)
+        p.stdin.close()
+        contents = p.stdout.read()
+        p.stdout.close()
+        error = p.stderr.read()
+        p.stderr.close()
+        rc = p.wait()
+        if rc != 0: raise xmlrpclib.ProtocolError(host + handler, rc, error, '')
+        return xmlrpclib.loads(contents)[0]
+
+class ServerProxy(xmlrpclib.ServerProxy):
+    def __init__(self, handler, *args, **kw_args): xmlrpclib.ServerProxy.__init__(self, handler, CertificateCheckingSafeTransport())
diff --git a/ticket.py b/ticket.py
index 2e87eb1..62aeb6f 100644
--- a/ticket.py
+++ b/ticket.py
@@ -24,7 +24,7 @@ def sign(data):
 
 def verify(signed_msg):
     """If <signed_msg> is a valid signed document, return its contents.  Otherwise, return None."""
-    p = _popen_gpg('--decrypt')
+    p = _popen_gpg('--decrypt', '--keyring', '/usr/boot/pubring.gpg', '--no-default-keyring')
     p.stdin.write(signed_msg)
     p.stdin.close()
     msg = p.stdout.read()