Changeset 1345

Timestamp:

09/09/06 22:47:10

Author:

fumanchu

Message:

SSL support for _cpwsgiserver. One test fails immaterially. Run "test.py --ssl" to test.

Files:

• trunk/cherrypy/_cpserver.py (modified) (1 diff)
• trunk/cherrypy/_cpwsgi.py (modified) (1 diff)
• trunk/cherrypy/_cpwsgiserver.py (modified) (7 diffs)
• trunk/cherrypy/test/modpy.py (modified) (1 diff)
• trunk/cherrypy/test/test.pem (added)
• trunk/cherrypy/test/test.py (modified) (11 diffs)
• trunk/cherrypy/test/test_conn.py (modified) (9 diffs)
• trunk/cherrypy/test/test_core.py (modified) (3 diffs)
• trunk/cherrypy/test/test_objectmapping.py (modified) (3 diffs)
• trunk/cherrypy/test/test_proxy.py (modified) (4 diffs)
• trunk/cherrypy/test/test_xmlrpc.py (modified) (2 diffs)

trunk/cherrypy/_cpserver.py

@@ -51 +51 @@
-    max_request_body_size = 100 * 1024 * 1024
-    instance = None
+    ssl_certificate = None
+    ssl_private_key = None
-    
-    def __init__(self):

trunk/cherrypy/_cpwsgi.py

@@ -138 +138 @@
-                   )
-        s.protocol = server.protocol_version
+        s.ssl_certificate = server.ssl_certificate
+        s.ssl_private_key = server.ssl_private_key
-

trunk/cherrypy/_cpwsgiserver.py

@@ -18 +18 @@
-from urllib import unquote
-from urlparse import urlparse
+
+try:
+    from OpenSSL import SSL
+except ImportError:
+    SSL = None
-
-import errno
@@ -342 +347 @@
-
-
+def _ssl_wrap_method(method):
+    def ssl_method_wrapper(self, *args, **kwargs):
+##        print (id(self), method, args, kwargs)
+        while True:
+            try:
+                return method(self, *args, **kwargs)
+            except (SSL.WantReadError, SSL.WantWriteError):
+                # Sleep and try again
+                time.sleep(self.ssl_retry)
+            except SSL.SysCallError, e:
+                errno = e.args[0]
+                if errno not in socket_errors_to_ignore:
+                    raise socket.error(errno)
+                return ""
+            except SSL.Error, e:
+                if e.args == (-1, 'Unexpected EOF'):
+                    return ""
+                elif e.args[0][0][2] == 'ssl handshake failure':
+                    return ""
+                else:
+                    raise
+##        raise socket.timeout()
+    return ssl_method_wrapper
+
+class SSL_fileobject(socket._fileobject):
+    """Faux file object attached to a socket object."""
+    
+    ssl_timeout = 3
+    ssl_retry = .01
+    
+    close = _ssl_wrap_method(socket._fileobject.close)
+    flush = _ssl_wrap_method(socket._fileobject.flush)
+    write = _ssl_wrap_method(socket._fileobject.write)
+    writelines = _ssl_wrap_method(socket._fileobject.writelines)
+    read = _ssl_wrap_method(socket._fileobject.read)
+    readline = _ssl_wrap_method(socket._fileobject.readline)
+    readlines = _ssl_wrap_method(socket._fileobject.readlines)
+
+
-class HTTPConnection(object):
-    
-
+
+
-    RequestHandlerClass = HTTPRequest
-    environ = {"wsgi.version": (1, 0),
@@ -354 +399 @@
-               }
-    
-et
-et
+
+
-        self.addr = addr
-        self.server = server
-        
-        self.rfile = self.socket.makefile("r", self.bufsize)
-        self.wfile = self.socket.makefile("w", self.bufsize)
-        
-        # Copy the class environ into self.
-        self.environ = self.environ.copy()
+        
+        if type(sock) is socket.socket:
+            self.rfile = self.socket.makefile("r", self.rbufsize)
+            self.wfile = self.socket.makefile("w", self.wbufsize)
+        else:
+            # Assume it's an HTTPS socket wrapper
+            self.environ["wsgi.url_scheme"] = "https"
+            self.rfile = SSL_fileobject(sock, "r", self.rbufsize)
+            self.wfile = SSL_fileobject(sock, "w", self.wbufsize)
+        
-        self.environ.update({"wsgi.input": self.rfile,
-                             "SERVER_NAME": self.server.server_name,
@@ -391 +443 @@
-                req.parse_request()
-                if not req.ready:
-break
+return
-                req.respond()
-                if req.close_connection:
-break
+return
-        except socket.error, e:
-            errno = e.args[0]
@@ -401 +453 @@
-                    req.simple_response("500 Internal Server Error",
-                                        format_exc())
+            return
-        except (KeyboardInterrupt, SystemExit):
-            raise
@@ -469 +522 @@
-    ConnectionClass = HTTPConnection
-    
+    # Paths to certificate and private key files
+    ssl_certificate = None
+    ssl_private_key = None
+    
-    def __init__(self, bind_addr, wsgi_app, numthreads=10, server_name=None,
-                 max=-1, request_queue_size=5, timeout=10):
@@ -507 +564 @@
-            self.socket = socket.socket(family, type, proto)
-            self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+            if self.ssl_certificate and self.ssl_private_key:
+                # See http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/442473
+                ctx = SSL.Context(SSL.SSLv23_METHOD)
+                ctx.use_privatekey_file(self.ssl_private_key)
+                ctx.use_certificate_file(self.ssl_certificate)
+                self.socket = SSL.Connection(ctx, self.socket)
-            self.socket.bind(self.bind_addr)
-        

trunk/cherrypy/test/modpy.py

@@ -133 +133 @@
-        webtest.WebCase.PORT = self.port
-        webtest.WebCase.harness = self
+        webtest.WebCase.scheme = "http"
-        print
-        print "Running tests:", self.server

trunk/cherrypy/test/test.py

@@ -11 +11 @@
-
-
+import getopt
+import httplib
+import os, os.path
+localDir = os.path.dirname(__file__)
+serverpem = os.path.join(os.getcwd(), localDir, 'test.pem')
-import sys
-import os, os.path
-import getopt
-
-
@@ -19 +22 @@
-    """A test harness for the CherryPy framework and CherryPy applications."""
-    
-
+
+
-        """Constructor to populate the TestHarness instance.
-        
-        tests should be a list of module names (strings).
-        """
+        self.tests = tests or []
+        self.server = server
-        self.protocol = protocol
-        self.port = port
-
-
+
-    
-    def run(self, conf=None):
@@ -35 +40 @@
-        print "Python version used to run this test script:", v
-        print "CherryPy version", cherrypy.__version__
-
+
+
+
+
+
-        print
-        
@@ -48 +57 @@
-        
-        baseconf['server.protocol_version'] = self.protocol
+        if self.scheme == "https":
+            baseconf['server.ssl_certificate'] = serverpem
+            baseconf['server.ssl_private_key'] = serverpem
-        self._run(baseconf)
-    
@@ -60 +72 @@
-        webtest.WebCase.PORT = self.port
-        webtest.WebCase.harness = self
+        webtest.WebCase.scheme = self.scheme
+        if self.scheme == "https":
+            webtest.WebCase.HTTP_CONN = httplib.HTTPSConnection
-        print
-        print "Running tests:", self.server
@@ -71 +86 @@
-                         }
-    default_server = "wsgi"
+    scheme = "http"
+    protocol = "HTTP/1.1"
-    port = 8080
+    cover = False
+    profile = False
+    validate = False
+    server = None
-    basedir = None
-    
@@ -83 +104 @@
-        """
-        self.available_tests = available_tests
-
-
-
-
-
-
-
-
+
+
+
-        longopts.extend(self.available_tests)
-        try:
@@ -113 +129 @@
-            elif o == "--1.0":
-                self.protocol = "HTTP/1.0"
+            elif o == "--ssl":
+                self.scheme = "https"
-            elif o == "--basedir":
-                self.basedir = a
@@ -217 +235 @@
-        if basedir is None:
-            # Assume we want to cover everything in "../../cherrypy/"
-            localDir = os.path.dirname(__file__)
-            basedir = os.path.normpath(os.path.join(os.getcwd(), localDir, '../'))
-        else:
@@ -284 +301 @@
-            h.use_wsgi = True
-        else:
-
+
+
-        
-        h.run(conf)
@@ -300 +318 @@
-    # Place this __file__'s grandparent (../../) at the start of sys.path,
-    # so that all cherrypy/* imports are from this __file__'s package.
-    localDir = os.path.dirname(__file__)
-    curpath = os.path.normpath(os.path.join(os.getcwd(), localDir))
-    grandparent = os.path.normpath(os.path.join(curpath, '../../'))

trunk/cherrypy/test/test_conn.py

@@ -58 +58 @@
-        
-        # Set our HTTP_CONN to an instance so it persists between requests.
-
+
+
+
+
-        # Don't automatically re-connect
-        self.HTTP_CONN.auto_open = False
@@ -94 +97 @@
-        
-        # Test client-side close.
-
+
+
+
+
-        self.HTTP_CONN.auto_open = False
-        self.HTTP_CONN.connect()
@@ -123 +129 @@
-            
-            # Make an initial request
-
+
+
+
+
-            conn.auto_open = False
-            conn.connect()
@@ -162 +171 @@
-            else:
-                self.fail("Writing to timed out socket didn't fail"
-
+
+
-            
-            conn.close()
-            
-            # Make another request on a new socket, which should work
-
+
+
+
+
-            conn.auto_open = False
-            conn.connect()
@@ -190 +203 @@
-        
-        # Test pipelining. httplib doesn't support this directly.
-
+
+
+
+
-        conn.auto_open = False
-        conn.connect()
@@ -227 +243 @@
-        self.PROTOCOL = "HTTP/1.1"
-        
-
+
+
+
+
-        conn.auto_open = False
-        conn.connect()
@@ -286 +305 @@
-        
-        # Set our HTTP_CONN to an instance so it persists between requests.
-
+
+
+
+
-        
-        # Try a normal chunked request
@@ -323 +345 @@
-    def test_HTTP10(self):
-        self.PROTOCOL = "HTTP/1.0"
-
+
+
+
+
-        
-        # Test a normal HTTP/1.0 request.
@@ -333 +358 @@
-        
-        # Test a keep-alive HTTP/1.0 request.
-
+
+
+
+
-        self.HTTP_CONN.auto_open = False
-        self.HTTP_CONN.connect()

trunk/cherrypy/test/test_core.py

@@ -513 +513 @@
-        self.getPage("/redirect?id=3")
-        self.assertStatus(('302 Found', '303 See Other'))
-
-
-
+
+
+
+
-        
-        if self.prefix():
@@ -522 +523 @@
-            self.getPage("")
-            self.assertStatus(('302 Found', '303 See Other'))
-
-
-
+
+
+
+
-        
-        self.getPage("/redirect/by_code?code=300")
@@ -593 +595 @@
-        self.getPage("/redirect/stringify", protocol="HTTP/1.0")
-        self.assertStatus(200)
-http://127.0.0.1:%s/'], 302)" % self.PORT
+%s://127.0.0.1:%s/'], 302)" % (self.scheme, self.PORT)
-        if cherrypy.server.protocol_version == "HTTP/1.1":
-            self.getPage("/redirect/stringify", protocol="HTTP/1.1")
-            self.assertStatus(200)
-http://127.0.0.1:%s/'], 303)" % self.PORT
+%s://127.0.0.1:%s/'], 303)" % (self.scheme, self.PORT)
-    
-    def testFlatten(self):

trunk/cherrypy/test/test_objectmapping.py

@@ -182 +182 @@
-            self.getPage("/dir1/dir2")
-            self.assertStatus((302, 303))
-http
-
+%s
+scheme, self.
-            
-            # Test extra trailing slash (should be redirected if configured).
-            self.getPage("/dir1/myMethod/")
-            self.assertStatus((302, 303))
-http
-
+%s
+scheme, self.
-            
-            # Test that default method must be exposed in order to match.
@@ -203 +203 @@
-            self.getPage("/redirect")
-            self.assertStatus('302 Found')
-http
-
+%s
+scheme, self.
-            
-            # Test that we can use URL's which aren't all valid Python identifiers
@@ -220 +220 @@
-            self.assertBody(url)
-            self.getPage("/dir1/dir2/tree_url")
-http
-
+%s
+scheme, self.
-            
-            # Test that configs don't overwrite each other from diferent apps

trunk/cherrypy/test/test_proxy.py

@@ -47 +47 @@
-        self.getPage("/")
-        self.assertHeader('Location',
-http://www.mydomain.com%s/dummy" % self.prefix(
+%s://www.mydomain.com%s/dummy" % (self.scheme, self.prefix()
-        
-        # Test X-Forwarded-Host (Apache 1.3.33+ and Apache 2)
@@ -53 +53 @@
-        self.assertHeader('Location', "http://www.yetanother.com/dummy")
-        self.getPage("/", headers=[('X-Forwarded-Host', 'www.yetanother.com')])
-http://www.yetanother.com/dummy"
+%s://www.yetanother.com/dummy" % self.scheme
-        
-        # Test X-Forwarded-For (Apache2)
@@ -65 +65 @@
-        # Test X-Host (lighttpd; see https://trac.lighttpd.net/trac/ticket/418)
-        self.getPage("/xhost", headers=[('X-Host', 'www.yetanother.com')])
-http://www.yetanother.com/blah"
+%s://www.yetanother.com/blah" % self.scheme
-        
-        # Test X-Forwarded-Proto (lighttpd)
@@ -74 +74 @@
-        for sn in script_names:
-            self.getPage(sn + "/newurl")
-http://www.mydomain.com"
+%s://www.mydomain.com" % self.scheme
-                            + sn + "/this/new/page'>this page</a>.")
-            self.getPage(sn + "/newurl", headers=[('X-Forwarded-Host',

trunk/cherrypy/test/test_xmlrpc.py

@@ -62 +62 @@
-
-
+class HTTPSTransport(xmlrpclib.SafeTransport):
+    """Subclass of SafeTransport to fix sock.recv errors (by using file)."""
+    
+    def request(self, host, handler, request_body, verbose=0):
+        # issue XML-RPC request
+        h = self.make_connection(host)
+        if verbose:
+            h.set_debuglevel(1)
+        
+        self.send_request(h, handler, request_body)
+        self.send_host(h, host)
+        self.send_user_agent(h)
+        self.send_content(h, request_body)
+        
+        errcode, errmsg, headers = h.getreply()
+        if errcode != 200:
+            raise xmlrpclib.ProtocolError(host + handler, errcode, errmsg,
+                                          headers)
+        
+        self.verbose = verbose
+        return self.parse_response(h.getfile())
+
+
-from cherrypy.test import helper
-
@@ -68 +91 @@
-        
-        # load the appropriate xmlrpc proxy
-
-
+
+
+
+
+
+
-        
-        # begin the tests ...