2 SecureXMLRPCServer module using pyOpenSSL 0.5
7 This acts exactly like SimpleXMLRPCServer
8 from the standard python library, but
9 uses secure connections. The technique
10 and classes should work for any SocketServer
11 style server. However, the code has not
12 been extensively tested.
14 This code is in the public domain.
15 It is provided AS-IS WITH NO WARRANTY WHATSOEVER.
19 import SimpleXMLRPCServer
20 from OpenSSL import SSL
24 This whole class exists just to filter out a parameter
25 passed in to the shutdown() method in SimpleXMLRPC.doPOST()
27 def __init__(self, conn):
29 Connection is not yet a new-style class,
30 so I'm making a proxy instead of subclassing.
32 self.__dict__["conn"] = conn
33 def __getattr__(self,name):
34 return getattr(self.__dict__["conn"], name)
35 def __setattr__(self,name, value):
36 setattr(self.__dict__["conn"], name, value)
37 def shutdown(self, how=1):
39 SimpleXMLRpcServer.doPOST calls shutdown(1),
40 and Connection.shutdown() doesn't take
41 an argument. So we just discard the argument.
43 self.__dict__["conn"].shutdown()
46 This is the other part of the shutdown() workaround.
47 Since servers create new sockets, we have to infect
48 them with our magic. :)
50 c, a = self.__dict__["conn"].accept()
51 return (SSLWrapper(c), a)
55 class SecureTCPServer(SocketServer.TCPServer):
57 Just like TCPServer, but use a socket.
58 This really ought to let you specify the key and certificate files.
60 def __init__(self, server_address, RequestHandlerClass):
61 SocketServer.BaseServer.__init__(self, server_address, RequestHandlerClass)
63 ## Same as normal, but make it secure:
64 ctx = SSL.Context(SSL.SSLv23_METHOD)
65 ctx.set_options(SSL.OP_NO_SSLv2)
68 ctx.use_privatekey_file (os.path.join(dir, 'server.pkey'))
69 ctx.use_certificate_file(os.path.join(dir, 'server.cert'))
71 self.socket = SSLWrapper(SSL.Connection(ctx, socket.socket(self.address_family,
74 self.server_activate()
77 class SecureXMLRPCRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler):
80 We need to use socket._fileobject Because SSL.Connection
81 doesn't have a 'dup'. Not exactly sure WHY this is, but
82 this is backed up by comments in socket.py and SSL/connection.c
84 self.connection = self.request # for doPOST
85 self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
86 self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)
89 class SecureXMLRPCServer(SimpleXMLRPCServer.SimpleXMLRPCServer, SecureTCPServer):
90 def __init__(self, addr,
91 requestHandler=SecureXMLRPCRequestHandler,
94 This is the exact same code as SimpleXMLRPCServer.__init__
95 except it calls SecureTCPServer.__init__ instead of plain
96 old TCPServer.__init__
99 self.logRequests = logRequests
101 SecureTCPServer.__init__(self, addr, requestHandler)