1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
#/usr/bin/env python
"""A server faking some of the provider resources and apis,
used for testing Leap Client requests.
Right needs that you create a subfolder named 'certs',
and that you place the following files:
[ ] certs/leaptestscert.pem
[ ] certs/leaptestskey.pem
[ ] certs/cacert.pem
[ ] certs/openvpn.pem
[ ] provider.json
[ ] eip-service.json
"""
import json
import os
import sys
# GnuTLS Example -- is not working as expected
from gnutls import crypto
from gnutls.constants import COMP_LZO, COMP_DEFLATE, COMP_NULL
from gnutls.interfaces.twisted import X509Credentials
# Going with OpenSSL as a workaround instead
# But we DO NOT want to introduce this dependency.
from OpenSSL import SSL
from twisted.web.server import Site
from twisted.web.static import File
from twisted.web.resource import Resource
from twisted.internet import reactor
# See
# http://twistedmatrix.com/documents/current/web/howto/web-in-60/index.htmln
# for more examples
class FakeSession(Resource):
def __init__(self, name):
self.name = name
def render_GET(self, request):
return json.dumps({'errors': None})
def render_POST(self, request):
return json.dumps(
{'salt': 'deadbeef', 'B': 'deadbeef', 'errors': None})
def render_PUT(self, request):
return json.dumps(
{'M2': 'deadbeef', 'errors': None})
class API_Sessions(Resource):
def getChild(self, name, request):
return FakeSession(name)
def get_certs_path():
script_path = os.path.realpath(os.path.dirname(sys.argv[0]))
certs_path = os.path.join(script_path, 'certs')
return certs_path
def get_TLS_credentials():
# XXX this is giving errors
# XXX REview! We want to use gnutls!
certs_path = get_certs_path()
cert = crypto.X509Certificate(
open(certs_path + '/leaptestscert.pem').read())
key = crypto.X509PrivateKey(
open(certs_path + '/leaptestskey.pem').read())
ca = crypto.X509Certificate(
open(certs_path + '/cacert.pem').read())
#crl = crypto.X509CRL(open(certs_path + '/crl.pem').read())
#cred = crypto.X509Credentials(cert, key, [ca], [crl])
cred = X509Credentials(cert, key, [ca])
cred.verify_peer = True
cred.session_params.compressions = (COMP_LZO, COMP_DEFLATE, COMP_NULL)
return cred
class OpenSSLServerContextFactory:
# XXX workaround for broken TLS interface
# from gnuTLS.
def getContext(self):
"""Create an SSL context.
This is a sample implementation that loads a certificate from a file
called 'server.pem'."""
certs_path = get_certs_path()
ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.use_certificate_file(certs_path + '/leaptestscert.pem')
ctx.use_privatekey_file(certs_path + '/leaptestskey.pem')
return ctx
if __name__ == "__main__":
from twisted.python import log
log.startLogging(sys.stdout)
root = Resource()
root.putChild("provider.json", File("./provider.json"))
config = Resource()
config.putChild(
"eip-service.json",
File("./eip-service.json"))
apiv1 = Resource()
apiv1.putChild("config", config)
apiv1.putChild("sessions.json", API_Sessions())
apiv1.putChild("cert", File(get_certs_path() + '/openvpn.pem'))
root.putChild("1", apiv1)
cred = get_TLS_credentials()
factory = Site(root)
# regular http
reactor.listenTCP(8000, factory)
# TLS with gnutls --- seems broken :(
#reactor.listenTLS(8003, factory, cred)
# OpenSSL
reactor.listenSSL(8443, factory, OpenSSLServerContextFactory())
reactor.run()
|