summaryrefslogtreecommitdiffstats
path: root/src/lib/Proxy.py
diff options
context:
space:
mode:
authorNarayan Desai <desai@mcs.anl.gov>2009-04-08 01:19:11 +0000
committerNarayan Desai <desai@mcs.anl.gov>2009-04-08 01:19:11 +0000
commitde10f2e64cb7faf0ba0222a22035b81ca07e7426 (patch)
tree4730e5702aed17855a41dcf5a2e14f09247ecf93 /src/lib/Proxy.py
parent61d5b7caec10262206968e2dcbaf242806b5021e (diff)
downloadbcfg2-de10f2e64cb7faf0ba0222a22035b81ca07e7426.tar.gz
bcfg2-de10f2e64cb7faf0ba0222a22035b81ca07e7426.tar.bz2
bcfg2-de10f2e64cb7faf0ba0222a22035b81ca07e7426.zip
Implement ssl certificate split, in preparation for SSL client cert auth
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5155 ce84e21b-d406-0410-9b95-82705330c041
Diffstat (limited to 'src/lib/Proxy.py')
-rw-r--r--src/lib/Proxy.py20
1 files changed, 17 insertions, 3 deletions
diff --git a/src/lib/Proxy.py b/src/lib/Proxy.py
index 24dbf5ee8..8275f9a7c 100644
--- a/src/lib/Proxy.py
+++ b/src/lib/Proxy.py
@@ -12,6 +12,8 @@ __revision__ = '$Revision: $'
from ConfigParser import SafeConfigParser, NoSectionError
import logging, socket, urlparse, time, Bcfg2.tlslite.errors
from Bcfg2.tlslite.integration.XMLRPCTransport import XMLRPCTransport
+import Bcfg2.tlslite.X509, Bcfg2.tlslite.X509CertChain
+import Bcfg2.tlslite.utils.keyfactory
import xmlrpclib
from xmlrpclib import _Method
@@ -48,7 +50,8 @@ class RetryMethod(_Method):
# sorry jon
xmlrpclib._Method = RetryMethod
-def ComponentProxy (url, user=None, password=None, fingerprint=None):
+def ComponentProxy (url, user=None, password=None, fingerprint=None,
+ key=None, cert=None):
"""Constructs proxies to components.
@@ -63,6 +66,17 @@ def ComponentProxy (url, user=None, password=None, fingerprint=None):
newurl = "%s://%s:%s@%s" % (method, user, password, path)
else:
newurl = url
- return xmlrpclib.ServerProxy(newurl, allow_none=True,
- transport=XMLRPCTransport(x509Fingerprint=fingerprint))
+ if key and cert:
+ pdata = open(key).read()
+ pemkey = Bcfg2.tlslite.utils.keyfactory.parsePEMKey(pdata, private=True)
+ xcert = Bcfg2.tlslite.X509.X509()
+ cdata = open(cert).read()
+ xcert.parse(cdata)
+ certChain = Bcfg2.tlslite.X509CertChain.X509CertChain([xcert])
+ else:
+ certChain = None
+ pemkey = None
+ ssl_trans = XMLRPCTransport(x509Fingerprint=fingerprint, certChain=certChain,
+ privateKey=pemkey)
+ return xmlrpclib.ServerProxy(newurl, allow_none=True, transport=ssl_trans)