Implement basic proxy based on 2.6 ssl

git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5182 ce84e21b-d406-0410-9b95-82705330c041

2 files changed, 30 insertions, 70 deletions

diff --git a/src/lib/Proxy.py b/src/lib/Proxy.py
index 4ddf63fb1..1358b36fc 100644
--- a/src/lib/Proxy.py
+++ b/src/lib/Proxy.py
@@ -9,18 +9,18 @@ load_config -- read configuration files
 
 __revision__ = '$Revision: $'
 
+
+from xmlrpclib import _Method
+
+import httplib
 import logging
 import socket
+import ssl
 import time
 import urlparse
 import xmlrpclib
-from xmlrpclib import _Method
-import Bcfg2.tlslite.errors
-from Bcfg2.tlslite.integration.XMLRPCTransport import XMLRPCTransport
-import Bcfg2.tlslite.X509, Bcfg2.tlslite.X509CertChain
-import Bcfg2.tlslite.utils.keyfactory
 
-__all__ = ["ComponentProxy", "RetryMethod"]
+__all__ = ["ComponentProxy", "RetryMethod", "SSLHTTPConnection", "XMLRPCTransport"]
 
 class RetryMethod(_Method):
     """Method with error handling and retries built in"""
@@ -40,10 +40,6 @@ class RetryMethod(_Method):
                 if retry == 3:
                     self.log.error("Server failure: %s" % err)
                     raise xmlrpclib.Fault(20, err)
-            except Bcfg2.tlslite.errors.TLSFingerprintError, err:
-                raise
-            except Bcfg2.tlslite.errors.TLSError, err:
-                self.log.error("Unexpected TLS Error: %s. Retrying" % (err))
             except:
                 self.log.error("Unknown failure", exc_info=1)
                 break
@@ -53,6 +49,25 @@ class RetryMethod(_Method):
 # sorry jon
 xmlrpclib._Method = RetryMethod
 
+class SSLHTTPConnection(httplib.HTTPConnection):
+    def connect(self):
+        rawsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        rawsock.settimeout(90)
+        self.sock = ssl.SSLSocket(rawsock, do_handshake_on_connect=False,
+                                  suppress_ragged_eofs=True)
+        self.sock.connect((self.host, self.port))
+        self.sock.do_handshake()
+        self.sock.closeSocket = True
+
+
+class XMLRPCTransport(xmlrpclib.Transport):
+    def make_connection(self, host):
+        host = self.get_host_info(host)[0]
+        http = SSLHTTPConnection(host)
+        https = httplib.HTTP()
+        https._setup(http)
+        return https
+
 def ComponentProxy (url, user=None, password=None, fingerprint=None,
                     key=None, cert=None):
     
@@ -69,17 +84,6 @@ def ComponentProxy (url, user=None, password=None, fingerprint=None,
         newurl = "%s://%s:%s@%s" % (method, user, password, path)
     else:
         newurl = url
-    if key and cert:
-        pdata = open(key).read()
-        pemkey = Bcfg2.tlslite.utils.keyfactory.parsePEMKey(pdata, private=True)
-        xcert = Bcfg2.tlslite.X509.X509()
-        cdata = open(cert).read()
-        xcert.parse(cdata)
-        certChain = Bcfg2.tlslite.X509CertChain.X509CertChain([xcert])
-    else:
-        certChain = None
-        pemkey = None
-    ssl_trans = XMLRPCTransport(x509Fingerprint=fingerprint, certChain=certChain,
-                                privateKey=pemkey)
+    ssl_trans = XMLRPCTransport()
     return xmlrpclib.ServerProxy(newurl, allow_none=True, transport=ssl_trans)
 
diff --git a/src/sbin/bcfg2 b/src/sbin/bcfg2
index c7cec10d8..36ef6d63c 100755
--- a/src/sbin/bcfg2
+++ b/src/sbin/bcfg2
@@ -34,52 +34,6 @@ DECISION_LIST = Bcfg2.Options.Option('Decision List', default=False,
                                      long_arg=True)
 LOCKFILE = "/var/lock/bcfg2.run"
 
-class FPProxyCall(object):
-    def __init__(self, proxy, method):
-        self.proxy = proxy
-        self.method_name = method
-        self.method = getattr(self.proxy.proxy, method)
-
-    def __call__(self, *args):
-        try:
-            return self.method(*args)
-        except Bcfg2.tlslite.errors.TLSFingerprintError:
-            self.proxy.proxy = self.proxy.get_proxy()
-            self.method = getattr(self.proxy.proxy, self.method_name)
-            return self.__call__(*args)
-
-class FPProxy(object):
-    def __init__(self, url, user, password, fingerprints):
-        self.url = url
-        self.user = user
-        self.password = password
-        self.fingerprints = fingerprints
-        self.no_fingerprint = len(fingerprints) == 0
-        self.proxy = self.get_proxy()
-
-    def __getattr__(self, field):
-        if field not in self.__dict__:
-            self.__dict__[field] = FPProxyCall(self, field)
-        return self.__dict__[field]
-
-    def get_proxy(self):
-        if self.fingerprints:
-            fprint = self.fingerprints.pop()
-        elif self.no_fingerprint:
-            msg = 'no server x509 fingerprint; no server verification performed!'
-            print >> sys.stderr, msg
-            fprint = None
-        else:
-            print >> sys.stderr, "Ran out of fingerprints to try"
-            raise SystemExit(1)
-
-        try:
-            proxy = Bcfg2.Proxy.ComponentProxy(self.url, self.user,
-                                               self.password, fprint)
-            return proxy
-        except:
-            logger.error("Unexpected proxy error", exc_info=1)
-            raise SystemExit(1)
 
 class Client:
     ''' The main bcfg2 client class '''
@@ -213,8 +167,10 @@ class Client:
                 return(1)
         else:
             # retrieve config from server
-            proxy = FPProxy(self.setup['server'], self.setup['user'],
-                            self.setup['password'], self.setup['fingerprint'])
+            proxy = Bcfg2.Proxy.ComponentProxy(self.setup['server'],
+                                               self.setup['user'],
+                                               self.setup['password'],
+                                               self.setup['fingerprint'])
 
             if self.setup['profile']:
                 try: