extras-buildsys/common SSLCommon.py, NONE, 1.1 HTTPSURLopener.py, 1.1, 1.2 SSLXMLRPCServerProxy.py, 1.1, 1.2 SimpleHTTPSServer.py, 1.2, 1.3 SimpleSSLXMLRPCServer.py, 1.1, 1.2
Daniel Williams (dcbw)
fedora-extras-commits at redhat.com
Mon Jun 13 05:12:11 UTC 2005
Author: dcbw
Update of /cvs/fedora/extras-buildsys/common
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24524/common
Modified Files:
HTTPSURLopener.py SSLXMLRPCServerProxy.py SimpleHTTPSServer.py
SimpleSSLXMLRPCServer.py
Added Files:
SSLCommon.py
Log Message:
2005-06-13 Dan Williams <dcbw at redhat.com>
* common/HTTPSURLopener.py
common/SSLXMLRPCServerProxy.py
common/SimpleHTTPSServer.py
common/SimpleSSLXMLRPCServer.py
common/SSLCommon.py
- Refactor _initSSLContext() usage into SSLCommon.py
* common/SimpleSSLXMLRPCServer.py
- Route all requests through new class VerifiableSimpleXMLRPCRequestHander
which has the ability to callback the server for client certificate
verification.
--- NEW FILE SSLCommon.py ---
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Library General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# Copyright 2005 Dan Williams <dcbw at redhat.com> and Red Hat, Inc.
from M2Crypto import SSL
import os
def quietCallback(self, *args):
"""
This prevents SSL printing out stuff to stderr/stdout.
"""
return
def getSSLContext(certfile, keyfile, ca_certfile, session_id='ssl_session'):
"""
Helper method for m2crypto's SSL libraries.
"""
for f in certfile, keyfile, ca_certfile:
if not os.access(f, os.R_OK):
print "%s does not exist or is not readable." % f
os._exit(1)
ctx = SSL.Context('sslv3')
ctx.load_cert(certfile, keyfile)
ctx.load_client_ca(ca_certfile)
ctx.load_verify_info(ca_certfile)
ctx.set_allow_unknown_ca(False)
verify = SSL.verify_peer | SSL.verify_fail_if_no_peer_cert
ctx.set_verify(verify, 10)
ctx.set_session_id_ctx(session_id)
ctx.set_info_callback(quietCallback)
return ctx
Index: HTTPSURLopener.py
===================================================================
RCS file: /cvs/fedora/extras-buildsys/common/HTTPSURLopener.py,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- HTTPSURLopener.py 9 Jun 2005 01:57:40 -0000 1.1
+++ HTTPSURLopener.py 13 Jun 2005 05:12:09 -0000 1.2
@@ -20,38 +20,13 @@
from urllib import *
from M2Crypto import SSL, httpslib
+import SSLCommon
class HTTPSURLopener(urllib.URLopener):
def __init__(self, certfile, keyfile, ca_certfile):
- self.ctx = self._initSSLContext(certfile, keyfile, ca_certfile)
+ self.ctx = SSLCommon.getSSLContext(certfile, keyfile, ca_certfile)
urllib.URLopener.__init__(self)
- def _initSSLContext(self, certfile, keyfile, ca_certfile):
- """
- Helper method for m2crypto's SSL libraries.
- """
- for f in certfile, keyfile, ca_certfile:
- if not os.access(f, os.R_OK):
- print "%s does not exist or is not readable." % f
- os._exit(1)
-
- ctx = SSL.Context('sslv3')
- ctx.load_cert(certfile, keyfile)
- ctx.load_client_ca(ca_certfile)
- ctx.load_verify_info(ca_certfile)
- ctx.set_allow_unknown_ca(False)
- verify = SSL.verify_peer | SSL.verify_fail_if_no_peer_cert
- ctx.set_verify(verify, 10)
- ctx.set_session_id_ctx('ssl-file-download')
- ctx.set_info_callback(self._quietCallback)
- return ctx
-
- def _quietCallback(self, *args):
- """
- This prevents XML-RPC from printing out stuff to stderr/stdout.
- """
- return
-
def open_https(self, url, data=None):
"""
Inspired by M2Crypto.m2urllib. The problem here with
Index: SSLXMLRPCServerProxy.py
===================================================================
RCS file: /cvs/fedora/extras-buildsys/common/SSLXMLRPCServerProxy.py,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SSLXMLRPCServerProxy.py 9 Jun 2005 01:57:40 -0000 1.1
+++ SSLXMLRPCServerProxy.py 13 Jun 2005 05:12:09 -0000 1.2
@@ -18,36 +18,10 @@
import os, sys
from M2Crypto import SSL
from M2Crypto.m2xmlrpclib import SSL_Transport, Server
+import SSLCommon
class SSLXMLRPCServerProxy(Server):
def __init__(self, certfile, keyfile, ca_certfile, uri):
- ctx = self._initSSLContext(certfile, keyfile, ca_certfile)
- Server.__init__(self, uri, SSL_Transport(ssl_context=ctx))
-
-
- def _initSSLContext(self, certfile, keyfile, ca_certfile):
- """
- Helper method for m2crypto's SSL libraries.
- """
- for f in certfile, keyfile, ca_certfile:
- if not os.access(f, os.R_OK):
- print "%s does not exist or is not readable." % f
- os._exit(1)
-
- ctx = SSL.Context('sslv3')
- ctx.load_cert(certfile, keyfile)
- ctx.load_client_ca(ca_certfile)
- ctx.load_verify_info(ca_certfile)
- ctx.set_allow_unknown_ca(False)
- verify = SSL.verify_peer | SSL.verify_fail_if_no_peer_cert
- ctx.set_verify(verify, 10)
- ctx.set_session_id_ctx('xmlrpcssl')
- ctx.set_info_callback(self._quietCallback)
- return ctx
-
- def _quietCallback(self, *args):
- """
- This prevents XML-RPC from printing out stuff to stderr/stdout.
- """
- return
+ self.ctx = SSLCommon.getSSLContext(certfile, keyfile, ca_certfile)
+ Server.__init__(self, uri, SSL_Transport(ssl_context=self.ctx))
Index: SimpleHTTPSServer.py
===================================================================
RCS file: /cvs/fedora/extras-buildsys/common/SimpleHTTPSServer.py,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- SimpleHTTPSServer.py 10 Jun 2005 01:35:40 -0000 1.2
+++ SimpleHTTPSServer.py 13 Jun 2005 05:12:09 -0000 1.3
@@ -26,7 +26,7 @@
from SimpleHTTPServer import SimpleHTTPRequestHandler
from M2Crypto import Rand, SSL
from M2Crypto.SSL.SSLServer import ThreadingSSLServer
-
+import SSLCommon
class HttpRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
@@ -77,38 +77,12 @@
self.allow_reuse_address = 1
self.http_dir = http_dir
- ctx = self._initSSLContext(certfile, keyfile, ca_certfile)
- ThreadingSSLServer.__init__(self, server_addr, HttpRequestHandler, ctx)
+ self.ctx = SSLCommon.getSSLContext(certfile, keyfile, ca_certfile)
+ ThreadingSSLServer.__init__(self, server_addr, HttpRequestHandler, self.ctx)
self.server_name = server_addr[0]
self.server_port = server_addr[1]
- def _initSSLContext(self, certfile, keyfile, ca_certfile):
- """
- Helper method for m2crypto's SSL libraries.
- """
- for f in certfile, keyfile, ca_certfile:
- if not os.access(f, os.R_OK):
- print "%s does not exist or is not readable." % f
- os._exit(1)
-
- ctx = SSL.Context('sslv3')
- ctx.load_cert(certfile, keyfile)
- ctx.load_client_ca(ca_certfile)
- ctx.load_verify_info(ca_certfile)
- ctx.set_allow_unknown_ca(False)
- verify = SSL.verify_peer | SSL.verify_fail_if_no_peer_cert
- ctx.set_verify(verify, 10)
- ctx.set_session_id_ctx('xmlrpcssl')
- ctx.set_info_callback(self._quietCallback)
- return ctx
-
- def _quietCallback(self, *args):
- """
- This prevents XML-RPC from printing out stuff to stderr/stdout.
- """
- return
-
def finish(self):
if self.request:
self.request.set_shutdown(SSL.SSL_RECEIVED_SHUTDOWN | SSL.SSL_SENT_SHUTDOWN)
Index: SimpleSSLXMLRPCServer.py
===================================================================
RCS file: /cvs/fedora/extras-buildsys/common/SimpleSSLXMLRPCServer.py,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SimpleSSLXMLRPCServer.py 9 Jun 2005 01:57:40 -0000 1.1
+++ SimpleSSLXMLRPCServer.py 13 Jun 2005 05:12:09 -0000 1.2
@@ -18,43 +18,33 @@
import os, sys
from M2Crypto import SSL
from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler, SimpleXMLRPCDispatcher
+import SSLCommon
+
+
+class VerifiableSimpleXMLRPCRequestHander(SimpleXMLRPCRequestHandler):
+ def do_POST(self):
+ """
+ Override request handling to provide the server a chance to verify the client
+ """
+ accept = True
+ if self.server.verify_callback:
+ accept = self.server.verify_callback(self.request)
+ if accept:
+ SimpleXMLRPCRequestHandler.do_POST(self)
+ else:
+ self.server.send_error(403, 'You are not authorized to access this resource.')
+
class SimpleSSLXMLRPCServer(SSL.SSLServer, SimpleXMLRPCServer):
"""
An extension of SimpleXMLRPCServer that allows SSL handling.
"""
- def __init__(self, certfile, keyfile, ca_certfile, address):
+ def __init__(self, certfile, keyfile, ca_certfile, address, verify_callback=None):
self.allow_reuse_address = 1
self.logRequests = 0
+ self.verify_callback = verify_callback
- ctx = self._initSSLContext(certfile, keyfile, ca_certfile)
- SSL.SSLServer.__init__(self, address, SimpleXMLRPCRequestHandler, ctx)
+ ctx = SSLCommon.getSSLContext(certfile, keyfile, ca_certfile)
+ SSL.SSLServer.__init__(self, address, VerifiableSimpleXMLRPCRequestHander, ctx)
SimpleXMLRPCDispatcher.__init__(self)
-
- def _initSSLContext(self, certfile, keyfile, ca_certfile):
- """
- Helper method for m2crypto's SSL libraries.
- """
- for f in certfile, keyfile, ca_certfile:
- if not os.access(f, os.R_OK):
- print "%s does not exist or is not readable." % f
- os._exit(1)
-
- ctx = SSL.Context('sslv3')
- ctx.load_cert(certfile, keyfile)
- ctx.load_client_ca(ca_certfile)
- ctx.load_verify_info(ca_certfile)
- ctx.set_allow_unknown_ca(False)
- verify = SSL.verify_peer | SSL.verify_fail_if_no_peer_cert
- ctx.set_verify(verify, 10)
- ctx.set_session_id_ctx('xmlrpcssl')
- ctx.set_info_callback(self._quietCallback)
- return ctx
-
- def _quietCallback(self, *args):
- """
- This prevents XML-RPC from printing out stuff to stderr/stdout.
- """
- return
-
More information about the fedora-extras-commits
mailing list