summaryrefslogtreecommitdiffstats
path: root/src/lib/Server/Component.py
diff options
context:
space:
mode:
authorNarayan Desai <desai@mcs.anl.gov>2006-06-02 21:08:53 +0000
committerNarayan Desai <desai@mcs.anl.gov>2006-06-02 21:08:53 +0000
commitb36e11a35e722cddeccfd1c4cd92a9d6dc623d7e (patch)
tree34c7a42b7db51976d6ebc2b41ad51bb0cf5d2105 /src/lib/Server/Component.py
parent8a9a0968340d998bc46195bde54e28d57f5f8850 (diff)
downloadbcfg2-b36e11a35e722cddeccfd1c4cd92a9d6dc623d7e.tar.gz
bcfg2-b36e11a35e722cddeccfd1c4cd92a9d6dc623d7e.tar.bz2
bcfg2-b36e11a35e722cddeccfd1c4cd92a9d6dc623d7e.zip
Initial checkin of peer SSL cert checks
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@1869 ce84e21b-d406-0410-9b95-82705330c041
Diffstat (limited to 'src/lib/Server/Component.py')
-rw-r--r--src/lib/Server/Component.py41
1 files changed, 37 insertions, 4 deletions
diff --git a/src/lib/Server/Component.py b/src/lib/Server/Component.py
index 73f28446e..3315276b2 100644
--- a/src/lib/Server/Component.py
+++ b/src/lib/Server/Component.py
@@ -51,13 +51,45 @@ class SSLServer(BaseHTTPServer.HTTPServer):
def __init__(self, address, keyfile, handler):
SocketServer.BaseServer.__init__(self, address, handler)
ctxt = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
- ctxt.use_privatekey_file (keyfile)
- ctxt.use_certificate_file(keyfile)
+ ctxt.use_privatekey_file ('/tmp/keys/server.pkey')
+ ctxt.use_certificate_file('/tmp/keys/server.cert')
+ ctxt.load_verify_locations('/tmp/keys/CA.cert')
+ ctxt.set_verify(OpenSSL.SSL.VERIFY_PEER, self.verify_cb)
self.socket = OpenSSL.SSL.Connection(ctxt,
socket.socket(self.address_family, self.socket_type))
self.server_bind()
self.server_activate()
+ def verify_cb(self, conn, cert, errnum, depth, ok):
+ '''handle cerificate verification'''
+ print "here"
+ print 'Got cert: %s' % (cert.get_subject())
+ print cert.get_pubkey()
+ return ok
+
+
+# print cert.subject_name_hash()
+#
+# print dir(cert.get_pubkey())
+# return ok
+
+ def handle_request(self):
+ """Handle one request, possibly blocking."""
+ try:
+ request, client_address = self.get_request()
+ except socket.error:
+ return
+ if self.verify_request(request, client_address):
+ try:
+ self.process_request(request, client_address)
+ except Exception, err:
+ print err
+ if err[0][0][0] == 'SSL routines':
+ log.error("%s from %s" % (err[0][0][2], client_address[0]))
+ else:
+ log.error("Unknown socket I/O failure from %s" % (client_address[0]), exc_info=1)
+ self.close_request(request)
+
class Component(SSLServer,
SimpleXMLRPCServer.SimpleXMLRPCDispatcher):
"""Cobalt component providing XML-RPC access"""
@@ -93,7 +125,8 @@ class Component(SSLServer,
else:
location = (socket.gethostname(), 0)
try:
- keyfile = self.cfile.get('communication', 'key')
+ #keyfile = self.cfile.get('communication', 'key')
+ keyfile = '/tmp/keys/server.pkey'
except ConfigParser.NoOptionError:
print "No key specified in cobalt.conf"
raise SystemExit, 1
@@ -103,7 +136,7 @@ class Component(SSLServer,
try:
SSLServer.__init__(self, location, keyfile, CobaltXMLRPCRequestHandler)
except:
- self.logger.error("Failed to load ssl key %s" % (keyfile))
+ self.logger.error("Failed to load ssl key %s" % (keyfile), exc_info=1)
raise ComponentInitError
SimpleXMLRPCServer.SimpleXMLRPCDispatcher.__init__(self)
self.logRequests = 0