testing/legion/ssl_util.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

# Copyright 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

"""Utility library to add SSL support to the RPC server."""

import logging
import ssl
import subprocess
import tempfile

#pylint: disable=relative-import
import common_lib
import jsonrpclib
import SimpleJSONRPCServer


class Error(Exception):
  pass


def CreateKeyFile():
  """Creates an SSL keyfile and returns the path."""
  keyfile = tempfile.mkstemp()[1]
  cmd = [
    'openssl',
    'genrsa',
    '-out', keyfile,
    '2048'
    ]
  _RunCommand(cmd)
  return keyfile


def CreateCsrFile(keyfile):
  """Creates an SSL CSR file and returns the path."""
  csrfile = tempfile.mkstemp()[1]
  cmd = [
      'openssl',
      'req',
      '-new',
      '-key', keyfile,
      '-out', csrfile,
      '-subj', '/C=NA/ST=NA/L=NA/O=Chromium/OU=Test/CN=chromium.org'
      ]
  _RunCommand(cmd)
  return csrfile


def CreateCrtFile(keyfile, csrfile):
  """Creates an SSL CRT file and returns the path."""
  crtfile = tempfile.mkstemp()[1]
  cmd = [
      'openssl',
      'x509',
      '-req',
      '-days', '1',
      '-in', csrfile,
      '-signkey', keyfile,
      '-out', crtfile
      ]
  _RunCommand(cmd)
  return crtfile


def CreatePemFile():
  """Creates an SSL PEM file and returns the path."""
  keyfile = CreateKeyFile()
  csrfile = CreateCsrFile(keyfile)
  crtfile = CreateCrtFile(keyfile, csrfile)
  pemfile = tempfile.mkstemp()[1]
  with open(keyfile) as k:
    with open(crtfile) as c:
      with open(pemfile, 'wb') as p:
        p.write('%s\n%s' % (k.read(), c.read()))
  return pemfile


def _RunCommand(cmd):
  try:
    p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  except OSError as e:
    raise Error('Failed to run %s: %s' % (' '.join(cmd), e))
  out, err = p.communicate()
  if p.returncode != 0:
    raise Error(err)
  return out


class SslRpcServer(SimpleJSONRPCServer.SimpleJSONRPCServer):
  """Class to add SSL support to the RPC server."""

  def __init__(self, *args, **kwargs):
    SimpleJSONRPCServer.SimpleJSONRPCServer.__init__(self, *args, **kwargs)
    self.socket = ssl.wrap_socket(self.socket, certfile=CreatePemFile(),
                                  server_side=True)

  @staticmethod
  def Connect(server, port=common_lib.SERVER_PORT):
    """Creates and returns a connection to an SSL RPC server."""
    addr = 'https://%s:%d' % (server, port)
    logging.debug('Connecting to RPC server at %s', addr)
    return jsonrpclib.ServerProxy(addr, allow_none=True)