deb-python-kmip/kmip/services/kmip_server.py

# Copyright (c) 2014 The Johns Hopkins University/Applied Physics Laboratory
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

import logging
import os
import socket
import ssl

from kmip.core.config_helper import ConfigHelper
from kmip.core.server import KMIPImpl

from kmip.services.kmip_protocol import KMIPProtocolFactory
from kmip.services.processor import Processor

FILE_PATH = os.path.dirname(os.path.abspath(__file__))


class KMIPServer(object):

    def __init__(self, host=None, port=None, keyfile=None, certfile=None,
                 cert_reqs=None, ssl_version=None, ca_certs=None,
                 do_handshake_on_connect=None, suppress_ragged_eofs=None):
        self.logger = logging.getLogger(__name__)

        self._set_variables(host, port, keyfile, certfile, cert_reqs,
                            ssl_version, ca_certs, do_handshake_on_connect,
                            suppress_ragged_eofs)

        handler = KMIPImpl()
        self._processor = Processor(handler)

        self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
        self.socket.bind((self.host, self.port))

    def close(self):
        self.socket.shutdown(socket.SHUT_RDWR)
        self.socket.close()

    def serve(self):
        self.socket.listen(0)
        while True:
            connection, address = self.socket.accept()
            connection = ssl.wrap_socket(
                connection,
                keyfile=self.keyfile,
                certfile=self.certfile,
                server_side=True,
                cert_reqs=self.cert_reqs,
                ssl_version=self.ssl_version,
                ca_certs=self.ca_certs,
                do_handshake_on_connect=self.do_handshake_on_connect,
                suppress_ragged_eofs=self.suppress_ragged_eofs)

            factory = KMIPProtocolFactory()
            protocol = factory.getProtocol(connection)
            try:
                while True:
                    self._processor.process(protocol, protocol)
            except Exception:
                connection.close()

    def _set_variables(self, host, port, keyfile, certfile, cert_reqs,
                       ssl_version, ca_certs, do_handshake_on_connect,
                       suppress_ragged_eofs):
        conf = ConfigHelper()
        self.host = conf.get_valid_value(host, 'server',
                                         'host', conf.DEFAULT_HOST)
        self.port = int(conf.get_valid_value(port, 'server',
                                             'port', conf.DEFAULT_PORT))
        self.keyfile = conf.get_valid_value(
            keyfile, 'server', 'keyfile', conf.DEFAULT_KEYFILE)

        self.certfile = conf.get_valid_value(
            certfile, 'server', 'certfile', conf.DEFAULT_CERTFILE)

        self.cert_reqs = getattr(ssl, conf.get_valid_value(
            cert_reqs, 'server', 'cert_reqs', 'CERT_NONE'))

        self.ssl_version = getattr(ssl, conf.get_valid_value(
            ssl_version, 'server', 'ssl_version', conf.DEFAULT_SSL_VERSION))

        self.ca_certs = conf.get_valid_value(
            ca_certs, 'server', 'ca_certs', None)

        if conf.get_valid_value(
                do_handshake_on_connect, 'server',
                'do_handshake_on_connect', 'True') == 'True':
            self.do_handshake_on_connect = True
        else:
            self.do_handshake_on_connect = False

        if conf.get_valid_value(
                suppress_ragged_eofs, 'server',
                'suppress_ragged_eofs', 'True') == 'True':
            self.suppress_ragged_eofs = True
        else:
            self.suppress_ragged_eofs = False