PyKMIP/kmip/services/kmip_server.py
Michael McCune f77b0202b2 Adding server key and cert files to installation
This change adds the server key and cert files from kmip/demos/certs to
the MANIFEST.in and setup.py files. These files are being added to
resolve missing file issues when using the default config values.

In cases where a user is instantiating a KMIPClient and passing
ca_cert=None an exception will be raised with newer versions of
Python(2.7.8+). This exception is based on the missing server.crt file
that is specified in the default configuration.

Likewise, when instantiating a KMIPServer with keyfile=None or
certfile=None the default values will be used. This will also cause an
exception with newer versions of Python.

Although it may be unlikely that an end user would instantiate these
classes without providing cert and key files, there are cases(namely
testing) where it is acceptable to pass None values for these files. In
these cases the files should be present to allow proper execution.

Changes
* adding server.crt and server.key to MANIFEST.in and setup.py
* correcting mismatched default values for KMIPServer certfile and
  keyfile
2014-12-10 18:43:56 -05:00

111 lines
4.1 KiB
Python

# Copyright (c) 2014 The Johns Hopkins University/Applied Physics Laboratory
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import logging
import os
import socket
import ssl
from kmip.core.config_helper import ConfigHelper
from kmip.core.server import KMIPImpl
from kmip.services.kmip_protocol import KMIPProtocolFactory
from kmip.services.processor import Processor
FILE_PATH = os.path.dirname(os.path.abspath(__file__))
class KMIPServer(object):
def __init__(self, host=None, port=None, keyfile=None, certfile=None,
cert_reqs=None, ssl_version=None, ca_certs=None,
do_handshake_on_connect=None, suppress_ragged_eofs=None):
self.logger = logging.getLogger(__name__)
self._set_variables(host, port, keyfile, certfile, cert_reqs,
ssl_version, ca_certs, do_handshake_on_connect,
suppress_ragged_eofs)
handler = KMIPImpl()
self._processor = Processor(handler)
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
self.socket.bind((self.host, self.port))
def close(self):
self.socket.shutdown(socket.SHUT_RDWR)
self.socket.close()
def serve(self):
self.socket.listen(0)
while True:
connection, address = self.socket.accept()
connection = ssl.wrap_socket(
connection,
keyfile=self.keyfile,
certfile=self.certfile,
server_side=True,
cert_reqs=self.cert_reqs,
ssl_version=self.ssl_version,
ca_certs=self.ca_certs,
do_handshake_on_connect=self.do_handshake_on_connect,
suppress_ragged_eofs=self.suppress_ragged_eofs)
factory = KMIPProtocolFactory()
protocol = factory.getProtocol(connection)
try:
while True:
self._processor.process(protocol, protocol)
except Exception:
connection.close()
def _set_variables(self, host, port, keyfile, certfile, cert_reqs,
ssl_version, ca_certs, do_handshake_on_connect,
suppress_ragged_eofs):
conf = ConfigHelper()
self.host = conf.get_valid_value(host, 'server',
'host', conf.DEFAULT_HOST)
self.port = int(conf.get_valid_value(port, 'server',
'port', conf.DEFAULT_PORT))
self.keyfile = conf.get_valid_value(
keyfile, 'server', 'keyfile', conf.DEFAULT_KEYFILE)
self.certfile = conf.get_valid_value(
certfile, 'server', 'certfile', conf.DEFAULT_CERTFILE)
self.cert_reqs = getattr(ssl, conf.get_valid_value(
cert_reqs, 'server', 'cert_reqs', 'CERT_NONE'))
self.ssl_version = getattr(ssl, conf.get_valid_value(
ssl_version, 'server', 'ssl_version', conf.DEFAULT_SSL_VERSION))
self.ca_certs = conf.get_valid_value(
ca_certs, 'server', 'ca_certs', None)
if conf.get_valid_value(
do_handshake_on_connect, 'server',
'do_handshake_on_connect', 'True') == 'True':
self.do_handshake_on_connect = True
else:
self.do_handshake_on_connect = False
if conf.get_valid_value(
suppress_ragged_eofs, 'server',
'suppress_ragged_eofs', 'True') == 'True':
self.suppress_ragged_eofs = True
else:
self.suppress_ragged_eofs = False