syncevo-http-server: added SSL support

--server-certificate=CERT certificate file used by the server to identify itself (required for https) --server-key=KEY key file used by the server to identify itself (optional, certificate file is used as fallback, which then must contain key and certificate) Example keys for localhost and a README for creating/using them are included in this commit.
2010-12-28 11:24:17 +01:00 · 2010-12-28 11:24:17 +01:00 · b731f26b63
parent c57e77e62a
commit b731f26b63
5 changed files with 88 additions and 2 deletions
--- a/test/keys/README
+++ b/test/keys/README
@ -0,0 +1,14 @@
+SSL keys for syncevo-http-server running on localhost.
+
+See http://twistedmatrix.com/documents/10.1.0/core/howto/ssl.html and
+HOWTOs like http://www.madboa.com/geek/openssl/#cert-self
+
+Debian + server on localhost:
+- openssl req -x509 -nodes -days 0 -newkey rsa:1024 -keyout localhost_pem.key -out localhost_pem.crt
+  Common Name = "localhost"
+- cat localhost_pem* >localhost.pem
+- sudo cp localhost_pem.crt /usr/local/share/ca-certificates/
+- sudo update-ca-certificates
+- ensure that "localhost" resolves to 127.0.0.1 (Twisted does not support listening to IPv6
+  and libsoup has no fallback to IPv4)
+- syncevo-http-server --server-certificate=localhost.pem https://localhost:9000/syncevolution
--- a/test/keys/localhost.pem
+++ b/test/keys/localhost.pem
@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIICGzCCAYSgAwIBAgIJAPzkRiPXbaToMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV
+BAMTCWxvY2FsaG9zdDAeFw0xMDEyMjgwOTMyNTRaFw0xMTAxMjcwOTMyNTRaMBQx
+EjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+yEtljSEL7J8o2S/X3vLbD4x/lQH5bCDPuROkyYBKaW7b2Sc4OwTbWgrrwqFky+8a
+1skJ8iAkXeh4UnJDwybnmDiGEPVLIOdFp9d8M7YGTR+E1OSSH9pO2ATlMpim8yZa
+I6460UkPnykErD9PMuriZ6wOEGd8GRuD7DzG+2uVyZ8CAwEAAaN1MHMwHQYDVR0O
+BBYEFOMz6mgFQW2wEbNlLiexb7kXYWeSMEQGA1UdIwQ9MDuAFOMz6mgFQW2wEbNl
+Liexb7kXYWeSoRikFjAUMRIwEAYDVQQDEwlsb2NhbGhvc3SCCQD85EYj122k6DAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAL8AN54hQnT2BSjadPP/XxFZ
+HkVI0+laO5lfOqBQXTOYEJbuOXuGsRSmPY1F9vSBPsBWuViMy2jW94HpFRJ9uP3C
+l9p8iAfTTKwVTSwcHqx4pGauv+HHA8BvHG2Ml14VaXD1OkRevRvG38kgS2SArgpK
+ComOL7jLEdw6QKETyxOH
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDIS2WNIQvsnyjZL9fe8tsPjH+VAflsIM+5E6TJgEppbtvZJzg7
+BNtaCuvCoWTL7xrWyQnyICRd6HhSckPDJueYOIYQ9Usg50Wn13wztgZNH4TU5JIf
+2k7YBOUymKbzJlojrjrRSQ+fKQSsP08y6uJnrA4QZ3wZG4PsPMb7a5XJnwIDAQAB
+AoGASNOJQBBU+ptASf/oWMsqtXOba/2EyDkB7kRjNVTtOXqyezmUa3kvnIS+Bk2S
+jcgJlTER6bSgJHkDTs73Lnz11bDXH16fyhL7k5Z3KIIVNYWr8Ad+lcuIK4NNddxQ
+HoySFK+U6dTjNpWyXXZEmH/9zunSzq4oVM8/W5nUFihflbECQQD37plZ0gW57c6y
+6t1+87Nc5CNlfd7K7FoZ1b7O/ct3A+ho46Zzi2bMXL8gCyhcZ53fqYIzTOxPVqZL
+Ir4s40pAkEAzs/z6LRN87Wm3TmLJPOvl30gM1f3KsJBogn+NKnSlJyYyI05BGj9
+5fnqr/cqUWPzAKlZf357UwCaxF12uoWxhwJBAOjPoCh70uy4pfPUH5Fqfe6oO6S+
+AUtDjYfc8oOkRj7H6KE1w8OUDz+vh7krQQckNVck8SIDBZOqphWImdbXo6ECQQCh
+TFtlgUrS6zhrjjfR6CVpN3Pn15G0zbE22ihjlpfgxIn80PhJUkHEHjlGaLWeqR+b
+wnlFELbKs8wBnwu8ygz9AkBIyiUisu/XixCpWbFdrLUwOFCdoskvhe/eZJEY2oCP
+9TLM4o9GokMJVm7Gta96cGs+MVV03UrApJeacrQX3JgR
+-----END RSA PRIVATE KEY-----
--- a/test/keys/localhost_pem.crt
+++ b/test/keys/localhost_pem.crt
@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICGzCCAYSgAwIBAgIJAPzkRiPXbaToMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV
+BAMTCWxvY2FsaG9zdDAeFw0xMDEyMjgwOTMyNTRaFw0xMTAxMjcwOTMyNTRaMBQx
+EjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+yEtljSEL7J8o2S/X3vLbD4x/lQH5bCDPuROkyYBKaW7b2Sc4OwTbWgrrwqFky+8a
+1skJ8iAkXeh4UnJDwybnmDiGEPVLIOdFp9d8M7YGTR+E1OSSH9pO2ATlMpim8yZa
+I6460UkPnykErD9PMuriZ6wOEGd8GRuD7DzG+2uVyZ8CAwEAAaN1MHMwHQYDVR0O
+BBYEFOMz6mgFQW2wEbNlLiexb7kXYWeSMEQGA1UdIwQ9MDuAFOMz6mgFQW2wEbNl
+Liexb7kXYWeSoRikFjAUMRIwEAYDVQQDEwlsb2NhbGhvc3SCCQD85EYj122k6DAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAL8AN54hQnT2BSjadPP/XxFZ
+HkVI0+laO5lfOqBQXTOYEJbuOXuGsRSmPY1F9vSBPsBWuViMy2jW94HpFRJ9uP3C
+l9p8iAfTTKwVTSwcHqx4pGauv+HHA8BvHG2Ml14VaXD1OkRevRvG38kgS2SArgpK
+ComOL7jLEdw6QKETyxOH
+-----END CERTIFICATE-----
--- a/test/keys/localhost_pem.key
+++ b/test/keys/localhost_pem.key
@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDIS2WNIQvsnyjZL9fe8tsPjH+VAflsIM+5E6TJgEppbtvZJzg7
+BNtaCuvCoWTL7xrWyQnyICRd6HhSckPDJueYOIYQ9Usg50Wn13wztgZNH4TU5JIf
+2k7YBOUymKbzJlojrjrRSQ+fKQSsP08y6uJnrA4QZ3wZG4PsPMb7a5XJnwIDAQAB
+AoGASNOJQBBU+ptASf/oWMsqtXOba/2EyDkB7kRjNVTtOXqyezmUa3kvnIS+Bk2S
+jcgJlTER6bSgJHkDTs73Lnz11bDXH16fyhL7k5Z3KIIVNYWr8Ad+lcuIK4NNddxQ
+HoySFK+U6dTjNpWyXXZEmH/9zunSzq4oVM8/W5nUFihflbECQQD37plZ0gW57c6y
+6t1+87Nc5CNlfd7K7FoZ1b7O/ct3A+ho46Zzi2bMXL8gCyhcZ53fqYIzTOxPVqZL
+Ir4s40pAkEAzs/z6LRN87Wm3TmLJPOvl30gM1f3KsJBogn+NKnSlJyYyI05BGj9
+5fnqr/cqUWPzAKlZf357UwCaxF12uoWxhwJBAOjPoCh70uy4pfPUH5Fqfe6oO6S+
+AUtDjYfc8oOkRj7H6KE1w8OUDz+vh7krQQckNVck8SIDBZOqphWImdbXo6ECQQCh
+TFtlgUrS6zhrjjfR6CVpN3Pn15G0zbE22ihjlpfgxIn80PhJUkHEHjlGaLWeqR+b
+wnlFELbKs8wBnwu8ygz9AkBIyiUisu/XixCpWbFdrLUwOFCdoskvhe/eZJEY2oCP
+9TLM4o9GokMJVm7Gta96cGs+MVV03UrApJeacrQX3JgR
+-----END RSA PRIVATE KEY-----
--- a/test/syncevo-http-server.py
+++ b/test/syncevo-http-server.py
@ -20,7 +20,7 @@ import logging.config
 import twisted.web
 import twisted.python.log
 from twisted.web import server, resource, http
-from twisted.internet import reactor
+from twisted.internet import ssl, reactor

 bus = dbus.SessionBus()
 loop = gobject.MainLoop()
@ -288,6 +288,13 @@ def main():
    parser.add_option("", "--log-config",
                      action="store", type="string", dest="logConfig", default=None,
                      help="configure logging via Python logging config file; --debug and --quiet override the log level in the root logger")
+    parser.add_option("", "--server-certificate",
+                      action="store", type="string", dest="cert", default=None,
+                      help="certificate file used by the server to identify itself (required for https)")
+    parser.add_option("", "--server-key",
+                      action="store", type="string", dest="key", default=None,
+                      help="key file used by the server to identify itself (optional, certificate file is used as fallback, which then must contain key and certificate)")
+
    (options, args) = parser.parse_args()

    # determine level chosen via command line
@ -334,7 +341,14 @@ def main():
    root = resource.Resource()
    root.putChild(url.path[1:], SyncMLPost(url))
    site = server.Site(root)
-    reactor.listenTCP(url.port, site)
+    if url.scheme == "https":
+        if not options.cert:
+            logger.error("need server certificate for https")
+            exit(1)
+        reactor.listenSSL(url.port, site,
+                          ssl.DefaultOpenSSLContextFactory(options.key or options.cert, options.cert))
+    else:
+        reactor.listenTCP(url.port, site)
    reactor.run()

 if __name__ == '__main__':