From de10f2e64cb7faf0ba0222a22035b81ca07e7426 Mon Sep 17 00:00:00 2001 From: Narayan Desai Date: Wed, 8 Apr 2009 01:19:11 +0000 Subject: Implement ssl certificate split, in preparation for SSL client cert auth git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5155 ce84e21b-d406-0410-9b95-82705330c041 --- src/lib/Proxy.py | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) (limited to 'src/lib/Proxy.py') diff --git a/src/lib/Proxy.py b/src/lib/Proxy.py index 24dbf5ee8..8275f9a7c 100644 --- a/src/lib/Proxy.py +++ b/src/lib/Proxy.py @@ -12,6 +12,8 @@ __revision__ = '$Revision: $' from ConfigParser import SafeConfigParser, NoSectionError import logging, socket, urlparse, time, Bcfg2.tlslite.errors from Bcfg2.tlslite.integration.XMLRPCTransport import XMLRPCTransport +import Bcfg2.tlslite.X509, Bcfg2.tlslite.X509CertChain +import Bcfg2.tlslite.utils.keyfactory import xmlrpclib from xmlrpclib import _Method @@ -48,7 +50,8 @@ class RetryMethod(_Method): # sorry jon xmlrpclib._Method = RetryMethod -def ComponentProxy (url, user=None, password=None, fingerprint=None): +def ComponentProxy (url, user=None, password=None, fingerprint=None, + key=None, cert=None): """Constructs proxies to components. @@ -63,6 +66,17 @@ def ComponentProxy (url, user=None, password=None, fingerprint=None): newurl = "%s://%s:%s@%s" % (method, user, password, path) else: newurl = url - return xmlrpclib.ServerProxy(newurl, allow_none=True, - transport=XMLRPCTransport(x509Fingerprint=fingerprint)) + if key and cert: + pdata = open(key).read() + pemkey = Bcfg2.tlslite.utils.keyfactory.parsePEMKey(pdata, private=True) + xcert = Bcfg2.tlslite.X509.X509() + cdata = open(cert).read() + xcert.parse(cdata) + certChain = Bcfg2.tlslite.X509CertChain.X509CertChain([xcert]) + else: + certChain = None + pemkey = None + ssl_trans = XMLRPCTransport(x509Fingerprint=fingerprint, certChain=certChain, + privateKey=pemkey) + return xmlrpclib.ServerProxy(newurl, allow_none=True, transport=ssl_trans) -- cgit v1.2.3-1-g7c22