extras-buildsys/common HTTPSURLopener.py, NONE, 1.1 SSLXMLRPCServerProxy.py, NONE, 1.1 SimpleHTTPSServer.py, NONE, 1.1 SimpleSSLXMLRPCServer.py, NONE, 1.1 FileDownloader.py, 1.1, 1.2 FileServer.py, 1.1, NONE
Daniel Williams (dcbw)
fedora-extras-commits at redhat.com
Thu Jun 9 01:57:42 UTC 2005
- Previous message: extras-buildsys/client CONFIG.py,1.1,1.2 buildclient.py,1.2,1.3
- Next message: extras-buildsys/server CONFIG.py, 1.3, 1.4 buildjob.py, 1.4, 1.5 buildserver.py, 1.1, 1.2 client_manager.py, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dcbw
Update of /cvs/fedora/extras-buildsys/common
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15057/common
Modified Files:
FileDownloader.py
Added Files:
HTTPSURLopener.py SSLXMLRPCServerProxy.py SimpleHTTPSServer.py
SimpleSSLXMLRPCServer.py
Removed Files:
FileServer.py
Log Message:
2005-06-08 Dan Williams <dcbw at redhat.com>
* Convert all client/server communication to SSL. You will now need certificates
(see the README file for how to set them all up) to get them to talk to each
other. Now requires m2crypto module as well.
--- NEW FILE HTTPSURLopener.py ---
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Library General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# Copyright 2005 Dan Williams <dcbw at redhat.com> and Red Hat, Inc.
import string, sys, urllib
import os, sys
from urllib import *
from M2Crypto import SSL, httpslib
class HTTPSURLopener(urllib.URLopener):
def __init__(self, certfile, keyfile, ca_certfile):
self.ctx = self._initSSLContext(certfile, keyfile, ca_certfile)
urllib.URLopener.__init__(self)
def _initSSLContext(self, certfile, keyfile, ca_certfile):
"""
Helper method for m2crypto's SSL libraries.
"""
for f in certfile, keyfile, ca_certfile:
if not os.access(f, os.R_OK):
print "%s does not exist or is not readable." % f
os._exit(1)
ctx = SSL.Context('sslv3')
ctx.load_cert(certfile, keyfile)
ctx.load_client_ca(ca_certfile)
ctx.load_verify_info(ca_certfile)
ctx.set_allow_unknown_ca(False)
verify = SSL.verify_peer | SSL.verify_fail_if_no_peer_cert
ctx.set_verify(verify, 10)
ctx.set_session_id_ctx('ssl-file-download')
ctx.set_info_callback(self._quietCallback)
return ctx
def _quietCallback(self, *args):
"""
This prevents XML-RPC from printing out stuff to stderr/stdout.
"""
return
def open_https(self, url, data=None):
"""
Inspired by M2Crypto.m2urllib. The problem here with
M2Crypto.m2urlllib is that there wasn't a way to get an SSL context
into open_https as far as I could tell.
"""
# Attempt to isolate host and request parts from URI
host = None
if type(url) is type(""):
host, selector = splithost(url)
if host:
user_passwd, host = splituser(host)
host = unquote(host)
if not host:
raise IOError, ('http error', 'no host given')
h = httpslib.HTTPSConnection(host=host, ssl_context=self.ctx)
h.putrequest('GET', selector)
for args in self.addheaders:
apply(h.putheader, args)
h.endheaders()
resp = h.getresponse()
fp = resp.fp
return urllib.addinfourl(fp, {}, "https:" + url)
--- NEW FILE SSLXMLRPCServerProxy.py ---
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Library General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# Copyright 2005 Konstantin Ryabitsev <icon at phy.duke.edu>
# Modified by Dan Williams <dcbw at redhat.com>
import os, sys
from M2Crypto import SSL
from M2Crypto.m2xmlrpclib import SSL_Transport, Server
class SSLXMLRPCServerProxy(Server):
def __init__(self, certfile, keyfile, ca_certfile, uri):
ctx = self._initSSLContext(certfile, keyfile, ca_certfile)
Server.__init__(self, uri, SSL_Transport(ssl_context=ctx))
def _initSSLContext(self, certfile, keyfile, ca_certfile):
"""
Helper method for m2crypto's SSL libraries.
"""
for f in certfile, keyfile, ca_certfile:
if not os.access(f, os.R_OK):
print "%s does not exist or is not readable." % f
os._exit(1)
ctx = SSL.Context('sslv3')
ctx.load_cert(certfile, keyfile)
ctx.load_client_ca(ca_certfile)
ctx.load_verify_info(ca_certfile)
ctx.set_allow_unknown_ca(False)
verify = SSL.verify_peer | SSL.verify_fail_if_no_peer_cert
ctx.set_verify(verify, 10)
ctx.set_session_id_ctx('xmlrpcssl')
ctx.set_info_callback(self._quietCallback)
return ctx
def _quietCallback(self, *args):
"""
This prevents XML-RPC from printing out stuff to stderr/stdout.
"""
return
--- NEW FILE SimpleHTTPSServer.py ---
#!/usr/bin/python -t
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Library General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# Copyright 2005 Dan Williams and Red Hat, Inc.
#
import SimpleHTTPServer
import SocketServer
import threading
import os
import urllib
import posixpath
import os, sys
from SimpleHTTPServer import SimpleHTTPRequestHandler
from M2Crypto import Rand, SSL
from M2Crypto.SSL.SSLServer import ThreadingSSLServer
class HttpRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
def __init__(self, request, client_address, server):
self._server = server
SimpleHTTPServer.SimpleHTTPRequestHandler.__init__(self, request, client_address, server)
def list_directory(self, path):
self.send_error(404, "No permission to list directory")
def log_request(self, code='-', size='-'):
# Don't log requests
pass
def translate_path(self, path):
"""Translate a /-separated PATH to the local filename syntax.
Components that mean special things to the local file system
(e.g. drive or directory names) are ignored. (XXX They should
probably be diagnosed.)
This code is lifted from SimpleHTTPRequestHandler so that we can
make sure the request is always based in our download directory,
not the current directory.
"""
path = posixpath.normpath(urllib.unquote(path))
words = path.split('/')
words = filter(None, words)
path = self._server.http_dir
for word in words:
drive, word = os.path.splitdrive(word)
head, word = os.path.split(word)
if word in (os.curdir, os.pardir): continue
path = os.path.join(path, word)
return path
def do_GET(self):
SimpleHTTPServer.SimpleHTTPRequestHandler.do_GET(self)
# try:
# SimpleHTTPServer.SimpleHTTPRequestHandler.do_GET(self)
# except Exception, e:
# # We get an exception if the client drops the transfer
# pass
class ThreadingHTTPSServer(ThreadingSSLServer):
def __init__(self, certfile, keyfile, ca_certfile, server_addr, http_dir):
self.allow_reuse_address = 1
self.http_dir = http_dir
ctx = self._initSSLContext(certfile, keyfile, ca_certfile)
ThreadingSSLServer.__init__(self, server_addr, HttpRequestHandler, ctx)
self.server_name = server_addr[0]
self.server_port = server_addr[1]
def _initSSLContext(self, certfile, keyfile, ca_certfile):
"""
Helper method for m2crypto's SSL libraries.
"""
for f in certfile, keyfile, ca_certfile:
if not os.access(f, os.R_OK):
print "%s does not exist or is not readable." % f
os._exit(1)
ctx = SSL.Context('sslv3')
ctx.load_cert(certfile, keyfile)
ctx.load_client_ca(ca_certfile)
ctx.load_verify_info(ca_certfile)
ctx.set_allow_unknown_ca(False)
verify = SSL.verify_peer | SSL.verify_fail_if_no_peer_cert
ctx.set_verify(verify, 10)
ctx.set_session_id_ctx('xmlrpcssl')
ctx.set_info_callback(self._quietCallback)
return ctx
def _quietCallback(self, *args):
"""
This prevents XML-RPC from printing out stuff to stderr/stdout.
"""
return
def finish(self):
if self.request:
self.request.set_shutdown(SSL.SSL_RECEIVED_SHUTDOWN | SSL.SSL_SENT_SHUTDOWN)
self.request.close()
class SimpleHTTPSServer(threading.Thread):
def __init__(self, certfile, keyfile, ca_certfile, addr, http_dir):
self._server = ThreadingHTTPSServer(certfile, keyfile, ca_certfile, addr, http_dir)
threading.Thread.__init__(self)
def run(self):
self._server.serve_forever()
--- NEW FILE SimpleSSLXMLRPCServer.py ---
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Library General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# Copyright 2005 Konstantin Ryabitsev <icon at phy.duke.edu>
# Modified by Dan Williams <dcbw at redhat.com>
import os, sys
from M2Crypto import SSL
from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler, SimpleXMLRPCDispatcher
class SimpleSSLXMLRPCServer(SSL.SSLServer, SimpleXMLRPCServer):
"""
An extension of SimpleXMLRPCServer that allows SSL handling.
"""
def __init__(self, certfile, keyfile, ca_certfile, address):
self.allow_reuse_address = 1
self.logRequests = 0
ctx = self._initSSLContext(certfile, keyfile, ca_certfile)
SSL.SSLServer.__init__(self, address, SimpleXMLRPCRequestHandler, ctx)
SimpleXMLRPCDispatcher.__init__(self)
def _initSSLContext(self, certfile, keyfile, ca_certfile):
"""
Helper method for m2crypto's SSL libraries.
"""
for f in certfile, keyfile, ca_certfile:
if not os.access(f, os.R_OK):
print "%s does not exist or is not readable." % f
os._exit(1)
ctx = SSL.Context('sslv3')
ctx.load_cert(certfile, keyfile)
ctx.load_client_ca(ca_certfile)
ctx.load_verify_info(ca_certfile)
ctx.set_allow_unknown_ca(False)
verify = SSL.verify_peer | SSL.verify_fail_if_no_peer_cert
ctx.set_verify(verify, 10)
ctx.set_session_id_ctx('xmlrpcssl')
ctx.set_info_callback(self._quietCallback)
return ctx
def _quietCallback(self, *args):
"""
This prevents XML-RPC from printing out stuff to stderr/stdout.
"""
return
Index: FileDownloader.py
===================================================================
RCS file: /cvs/fedora/extras-buildsys/common/FileDownloader.py,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- FileDownloader.py 8 Jun 2005 15:55:56 -0000 1.1
+++ FileDownloader.py 9 Jun 2005 01:57:40 -0000 1.2
@@ -17,10 +17,10 @@
#
import threading
-import urlgrabber
import urllib
import string
import os
+import HTTPSURLopener
def get_base_filename_from_url(url, legal_exts):
@@ -72,7 +72,7 @@
class FileDownloader(threading.Thread):
- def __init__(self, callback, cb_data, url, target_dir, legal_exts):
+ def __init__(self, callback, cb_data, url, target_dir, legal_exts, certfile, keyfile, ca_certfile):
self._callback = callback
self._cb_data = cb_data
self._url = url
@@ -80,6 +80,7 @@
self._filename = get_base_filename_from_url(self._url, legal_exts)
if not self._filename:
print "Couldn't get base filename from url!! target_dir=%s, url=%s" % (target_dir, url)
+ self._opener = HTTPSURLopener.HTTPSURLopener(certfile, keyfile, ca_certfile)
threading.Thread.__init__(self)
def run(self):
@@ -89,7 +90,7 @@
os.makedirs(self._target_dir)
os.chdir(self._target_dir)
target_file = os.path.join(self._target_dir, self._filename)
- result = urlgrabber.urlgrab(self._url, target_file)
+ result = self._opener.retrieve(self._url, target_file)
if result:
success = True
--- FileServer.py DELETED ---
- Previous message: extras-buildsys/client CONFIG.py,1.1,1.2 buildclient.py,1.2,1.3
- Next message: extras-buildsys/server CONFIG.py, 1.3, 1.4 buildjob.py, 1.4, 1.5 buildserver.py, 1.1, 1.2 client_manager.py, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list