diff options
-rw-r--r-- | service/pixelated/__init__.py | 15 | ||||
-rw-r--r-- | service/pixelated/application.py | 100 | ||||
-rw-r--r-- | service/pixelated/config/__init__.py | 100 | ||||
-rw-r--r-- | service/setup.py | 2 |
4 files changed, 101 insertions, 116 deletions
diff --git a/service/pixelated/__init__.py b/service/pixelated/__init__.py index 2756a319..e69de29b 100644 --- a/service/pixelated/__init__.py +++ b/service/pixelated/__init__.py @@ -1,15 +0,0 @@ -# -# Copyright (c) 2014 ThoughtWorks, Inc. -# -# Pixelated is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Pixelated is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with Pixelated. If not, see <http://www.gnu.org/licenses/>. diff --git a/service/pixelated/application.py b/service/pixelated/application.py new file mode 100644 index 00000000..4d183358 --- /dev/null +++ b/service/pixelated/application.py @@ -0,0 +1,100 @@ +# +# Copyright (c) 2015 ThoughtWorks, Inc. +# +# Pixelated is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Pixelated is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with Pixelated. If not, see <http://www.gnu.org/licenses/>. + +import sys + +from twisted.internet import reactor +from twisted.internet.threads import deferToThread +from twisted.internet import defer +from twisted.web.server import Site +from twisted.internet import ssl +from OpenSSL import SSL +from OpenSSL import crypto + +from pixelated.config import app_factory +from pixelated.config.args import parse_user_agent_args +from pixelated.config.loading_page import LoadingResource +from pixelated.config.initialize_leap import initialize_leap +from pixelated.config.register import register +from pixelated.config.logging_setup import init_logging + + +@defer.inlineCallbacks +def start_user_agent(loading_app, host, port, sslkey, sslcert, leap_home, leap_session): + yield loading_app.stopListening() + + resource = app_factory.init_app(leap_home, leap_session) + + if sslkey and sslcert: + reactor.listenSSL(port, Site(resource), _ssl_options(sslkey, sslcert), interface=host) + else: + reactor.listenTCP(port, Site(resource), interface=host) + + # soledad needs lots of threads + reactor.threadpool.adjustPoolsize(5, 15) + + +def _ssl_options(sslkey, sslcert): + with open(sslkey) as keyfile: + pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, keyfile.read()) + with open(sslcert) as certfile: + cert = crypto.load_certificate(crypto.FILETYPE_PEM, certfile.read()) + + acceptable = ssl.AcceptableCiphers.fromOpenSSLCipherString( + u'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH') + options = ssl.CertificateOptions(privateKey=pkey, + certificate=cert, + method=SSL.TLSv1_2_METHOD, + acceptableCiphers=acceptable) + return options + + +def initialize(): + args = parse_user_agent_args() + init_logging(debug=args.debug) + + if args.register: + register(*args.register) + sys.exit(0) + + loading_app = reactor.listenTCP(args.port, Site(LoadingResource()), interface=args.host) + + deferred = deferToThread( + lambda: initialize_leap( + args.leap_provider_cert, + args.leap_provider_cert_fingerprint, + args.config_file, + args.dispatcher, + args.dispatcher_stdin, + args.leap_home)) + + deferred.addCallback( + lambda leap_session: start_user_agent( + loading_app, + args.host, + args.port, + args.sslkey, + args.sslcert, + args.leap_home, + leap_session)) + + def _quit_on_error(failure): + failure.printTraceback() + reactor.stop() + + deferred.addErrback(_quit_on_error) + + reactor.run() diff --git a/service/pixelated/config/__init__.py b/service/pixelated/config/__init__.py index ef2de981..e69de29b 100644 --- a/service/pixelated/config/__init__.py +++ b/service/pixelated/config/__init__.py @@ -1,100 +0,0 @@ -# -# Copyright (c) 2014 ThoughtWorks, Inc. -# -# Pixelated is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Pixelated is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with Pixelated. If not, see <http://www.gnu.org/licenses/>. - -import sys - -from pixelated.config import app_factory -from pixelated.config.args import parse_user_agent_args -from pixelated.config.loading_page import LoadingResource -from pixelated.config.register import register -from pixelated.config.logging_setup import init_logging -from twisted.internet import reactor -from twisted.internet.threads import deferToThread -from twisted.internet import defer -from twisted.web.server import Site -from OpenSSL import SSL -from twisted.internet import ssl -from OpenSSL import crypto - -from pixelated.config.initialize_leap import initialize_leap - - -@defer.inlineCallbacks -def start_user_agent(loading_app, host, port, sslkey, sslcert, leap_home, leap_session): - yield loading_app.stopListening() - - resource = app_factory.init_app(leap_home, leap_session) - - if sslkey and sslcert: - reactor.listenSSL(port, Site(resource), _ssl_options(sslkey, sslcert), interface=host) - else: - reactor.listenTCP(port, Site(resource), interface=host) - - # soledad needs lots of threads - reactor.threadpool.adjustPoolsize(5, 15) - - -def _ssl_options(sslkey, sslcert): - with open(sslkey) as keyfile: - pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, keyfile.read()) - with open(sslcert) as certfile: - cert = crypto.load_certificate(crypto.FILETYPE_PEM, certfile.read()) - - acceptable = ssl.AcceptableCiphers.fromOpenSSLCipherString( - u'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH') - options = ssl.CertificateOptions(privateKey=pkey, - certificate=cert, - method=SSL.TLSv1_2_METHOD, - acceptableCiphers=acceptable) - return options - - -def initialize(): - args = parse_user_agent_args() - init_logging(debug=args.debug) - - if args.register: - register(*args.register) - sys.exit(0) - - loading_app = reactor.listenTCP(args.port, Site(LoadingResource()), interface=args.host) - - deferred = deferToThread( - lambda: initialize_leap( - args.leap_provider_cert, - args.leap_provider_cert_fingerprint, - args.config_file, - args.dispatcher, - args.dispatcher_stdin, - args.leap_home)) - - deferred.addCallback( - lambda leap_session: start_user_agent( - loading_app, - args.host, - args.port, - args.sslkey, - args.sslcert, - args.leap_home, - leap_session)) - - def _quit_on_error(failure): - failure.printTraceback() - reactor.stop() - - deferred.addErrback(_quit_on_error) - - reactor.run() diff --git a/service/setup.py b/service/setup.py index 7f9a99cb..881f51b4 100644 --- a/service/setup.py +++ b/service/setup.py @@ -62,7 +62,7 @@ setup(name='pixelated-user-agent', ], entry_points={ 'console_scripts': [ - 'pixelated-user-agent = pixelated.config:initialize', + 'pixelated-user-agent = pixelated.application:initialize', 'pixelated-maintenance = pixelated.maintenance:initialize' ] }, |