diff options
author | Narayan Desai <desai@mcs.anl.gov> | 2009-04-08 01:19:11 +0000 |
---|---|---|
committer | Narayan Desai <desai@mcs.anl.gov> | 2009-04-08 01:19:11 +0000 |
commit | de10f2e64cb7faf0ba0222a22035b81ca07e7426 (patch) | |
tree | 4730e5702aed17855a41dcf5a2e14f09247ecf93 /src/lib/Proxy.py | |
parent | 61d5b7caec10262206968e2dcbaf242806b5021e (diff) | |
download | bcfg2-de10f2e64cb7faf0ba0222a22035b81ca07e7426.tar.gz bcfg2-de10f2e64cb7faf0ba0222a22035b81ca07e7426.tar.bz2 bcfg2-de10f2e64cb7faf0ba0222a22035b81ca07e7426.zip |
Implement ssl certificate split, in preparation for SSL client cert auth
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5155 ce84e21b-d406-0410-9b95-82705330c041
Diffstat (limited to 'src/lib/Proxy.py')
-rw-r--r-- | src/lib/Proxy.py | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/lib/Proxy.py b/src/lib/Proxy.py index 24dbf5ee8..8275f9a7c 100644 --- a/src/lib/Proxy.py +++ b/src/lib/Proxy.py @@ -12,6 +12,8 @@ __revision__ = '$Revision: $' from ConfigParser import SafeConfigParser, NoSectionError import logging, socket, urlparse, time, Bcfg2.tlslite.errors from Bcfg2.tlslite.integration.XMLRPCTransport import XMLRPCTransport +import Bcfg2.tlslite.X509, Bcfg2.tlslite.X509CertChain +import Bcfg2.tlslite.utils.keyfactory import xmlrpclib from xmlrpclib import _Method @@ -48,7 +50,8 @@ class RetryMethod(_Method): # sorry jon xmlrpclib._Method = RetryMethod -def ComponentProxy (url, user=None, password=None, fingerprint=None): +def ComponentProxy (url, user=None, password=None, fingerprint=None, + key=None, cert=None): """Constructs proxies to components. @@ -63,6 +66,17 @@ def ComponentProxy (url, user=None, password=None, fingerprint=None): newurl = "%s://%s:%s@%s" % (method, user, password, path) else: newurl = url - return xmlrpclib.ServerProxy(newurl, allow_none=True, - transport=XMLRPCTransport(x509Fingerprint=fingerprint)) + if key and cert: + pdata = open(key).read() + pemkey = Bcfg2.tlslite.utils.keyfactory.parsePEMKey(pdata, private=True) + xcert = Bcfg2.tlslite.X509.X509() + cdata = open(cert).read() + xcert.parse(cdata) + certChain = Bcfg2.tlslite.X509CertChain.X509CertChain([xcert]) + else: + certChain = None + pemkey = None + ssl_trans = XMLRPCTransport(x509Fingerprint=fingerprint, certChain=certChain, + privateKey=pemkey) + return xmlrpclib.ServerProxy(newurl, allow_none=True, transport=ssl_trans) |