summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2010-03-27 06:24:56 +0000
committerjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2010-03-27 06:24:56 +0000
commitd64a280c20229e374684e9b5e392fdf878ed5514 (patch)
treebd0edee43d0f6569824a3d3d38960a5602c58da8
parentdac887d0f494151b210588ce694c55ce27f07263 (diff)
Add scripts to setup HTTPS support. A few fixes to get HTTPS working end to end with both HTTPD and WSGI servers. Minor cleanup of the HTTPD config scripts.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@928160 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
-rwxr-xr-xsca-cpp/trunk/components/webservice/axis2-conf4
-rw-r--r--sca-cpp/trunk/modules/http/curl-test.cpp9
-rw-r--r--sca-cpp/trunk/modules/http/curl.hpp48
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-ca-conf92
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-cert-conf61
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-conf63
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-ssl-conf99
-rwxr-xr-xsca-cpp/trunk/modules/java/java-conf2
-rwxr-xr-xsca-cpp/trunk/modules/python/python-conf2
-rwxr-xr-xsca-cpp/trunk/modules/server/cpp-conf2
-rw-r--r--sca-cpp/trunk/modules/server/mod-eval.hpp66
-rw-r--r--sca-cpp/trunk/modules/server/mod-wiring.cpp36
-rwxr-xr-xsca-cpp/trunk/modules/server/scheme-conf2
-rwxr-xr-xsca-cpp/trunk/modules/server/server-conf15
-rw-r--r--sca-cpp/trunk/modules/wsgi/httputil.py16
-rw-r--r--sca-cpp/trunk/modules/wsgi/scdl.py6
-rwxr-xr-xsca-cpp/trunk/test/store-cpp/ssl-start34
-rwxr-xr-xsca-cpp/trunk/test/store-cpp/start2
-rwxr-xr-xsca-cpp/trunk/test/store-java/ssl-start36
-rwxr-xr-xsca-cpp/trunk/test/store-java/start2
-rwxr-xr-xsca-cpp/trunk/test/store-python/ssl-start34
-rwxr-xr-xsca-cpp/trunk/test/store-python/start2
-rwxr-xr-xsca-cpp/trunk/test/store-scheme/ssl-start34
-rwxr-xr-xsca-cpp/trunk/test/store-scheme/start2
-rw-r--r--sca-cpp/trunk/test/store-wsgi/app.yaml2
-rw-r--r--sca-cpp/trunk/test/store-wsgi/domain-frontend.composite8
26 files changed, 618 insertions, 61 deletions
diff --git a/sca-cpp/trunk/components/webservice/axis2-conf b/sca-cpp/trunk/components/webservice/axis2-conf
index 2e1f6116cd..c731733662 100755
--- a/sca-cpp/trunk/components/webservice/axis2-conf
+++ b/sca-cpp/trunk/components/webservice/axis2-conf
@@ -42,7 +42,8 @@ cp $here/axis2.xml $root/axis2c/axis2.xml
# Configure HTTPD Axis2 module
cat >>$root/conf/httpd.conf <<EOF
-SetEnv AXIS2C_HOME $root/axis2c
+# Support for Web Services
+SCASetEnv AXIS2C_HOME $root/axis2c
LoadModule axis2_module $root/axis2c/lib/libmod_axis2.so
Axis2RepoPath $root/axis2c
Axis2LogFile $root/axis2c/logs/mod_axis2.log
@@ -50,4 +51,5 @@ Axis2LogLevel debug
<Location /axis2>
SetHandler axis2_module
</Location>
+
EOF
diff --git a/sca-cpp/trunk/modules/http/curl-test.cpp b/sca-cpp/trunk/modules/http/curl-test.cpp
index 4305d2ac38..c9b85ad962 100644
--- a/sca-cpp/trunk/modules/http/curl-test.cpp
+++ b/sca-cpp/trunk/modules/http/curl-test.cpp
@@ -32,6 +32,8 @@
namespace tuscany {
namespace http {
+string testURI = "http://localhost:8090";
+
ostream* curlWriter(const string& s, ostream* os) {
(*os) << s;
return os;
@@ -41,13 +43,13 @@ const bool testGet() {
CURLSession ch;
{
ostringstream os;
- const failable<list<ostream*> > r = get<ostream*>(curlWriter, &os, "http://localhost:8090", ch);
+ const failable<list<ostream*> > r = get<ostream*>(curlWriter, &os, testURI, ch);
assert(hasContent(r));
assert(contains(str(os), "HTTP/1.1 200 OK"));
assert(contains(str(os), "It works"));
}
{
- const failable<value> r = getcontent("http://localhost:8090", ch);
+ const failable<value> r = getcontent(testURI, ch);
assert(hasContent(r));
assert(contains(car(reverse(list<value>(content(r)))), "It works"));
}
@@ -59,7 +61,7 @@ struct getLoop {
getLoop(CURLSession& ch) : ch(ch) {
}
const bool operator()() const {
- const failable<value> r = getcontent("http://localhost:8090", ch);
+ const failable<value> r = getcontent(testURI, ch);
assert(hasContent(r));
assert(contains(car(reverse(list<value>(content(r)))), "It works"));
return true;
@@ -78,6 +80,7 @@ const bool testGetPerf() {
int main() {
tuscany::cout << "Testing..." << tuscany::endl;
+ tuscany::http::testURI = tuscany::string("http://") + tuscany::http::hostname() + ":8090";
tuscany::http::testGet();
tuscany::http::testGetPerf();
diff --git a/sca-cpp/trunk/modules/http/curl.hpp b/sca-cpp/trunk/modules/http/curl.hpp
index ec152dd8f0..95c81d9b94 100644
--- a/sca-cpp/trunk/modules/http/curl.hpp
+++ b/sca-cpp/trunk/modules/http/curl.hpp
@@ -57,10 +57,10 @@ public:
*/
class CURLSession {
public:
- CURLSession() : h(curl_easy_init()), owner(true) {
+ CURLSession(const string& ca = "", const string& cert = "", const string& key = "") : h(curl_easy_init()), owner(true), ca(ca), cert(cert), key(key) {
}
- CURLSession(const CURLSession& c) : h(c.h), owner(false) {
+ CURLSession(const CURLSession& c) : h(c.h), owner(false), ca(c.ca), cert(c.cert), key(c.key) {
}
~CURLSession() {
@@ -76,6 +76,11 @@ private:
const bool owner;
friend CURL* handle(const CURLSession& c);
+
+public:
+ const string ca;
+ const string cert;
+ const string key;
};
/**
@@ -163,7 +168,29 @@ template<typename R> const failable<list<R> > apply(const list<list<string> >& h
CURLWriteContext<R> wcx(reduce, initial);
curl_easy_setopt(ch, CURLOPT_WRITEFUNCTION, (size_t (*)(void*, size_t, size_t, void*))(writeCallback<R>));
curl_easy_setopt(ch, CURLOPT_WRITEDATA, &wcx);
+
+ // Setup protocol options
curl_easy_setopt(ch, CURLOPT_TCP_NODELAY, true);
+ curl_easy_setopt(ch, CURLOPT_FOLLOWLOCATION, true);
+ curl_easy_setopt(ch, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL);
+
+ // Setup SSL options
+ if (cs.ca != "") {
+ debug(cs.ca, "http::apply::ca");
+ curl_easy_setopt(ch, CURLOPT_CAINFO, c_str(cs.ca));
+ curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, true);
+ curl_easy_setopt(ch, CURLOPT_SSL_VERIFYHOST, 2);
+ }
+ if (cs.cert != "") {
+ debug(cs.cert, "http::apply::cert");
+ curl_easy_setopt(ch, CURLOPT_SSLCERT, c_str(cs.cert));
+ curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");
+ }
+ if (cs.key != "") {
+ debug(cs.key, "http::apply::key");
+ curl_easy_setopt(ch, CURLOPT_SSLKEY, c_str(cs.key));
+ curl_easy_setopt(ch, CURLOPT_SSLKEYTYPE, "PEM");
+ }
// Set the request headers
curl_slist* hl = headers(NULL, car(hdr));
@@ -378,14 +405,24 @@ const failable<value, string> del(const string& url, const CURLSession& ch) {
}
/**
+ * Returns the current host name.
+ */
+const string hostname() {
+ char h[256];
+ if (gethostname(h, 256) == -1)
+ return "localhost";
+ return h;
+}
+
+/**
* HTTP client proxy function.
*/
struct proxy {
- proxy(const string& uri) : uri(uri) {
+ proxy(const string& uri, const string& ca, const string& cert, const string& key) : uri(uri), ca(ca), cert(cert), key(key) {
}
const value operator()(const list<value>& args) const {
- CURLSession cs;
+ CURLSession cs(ca, cert, key);
failable<value> val = evalExpr(args, uri, cs);
if (!hasContent(val))
return value();
@@ -393,6 +430,9 @@ struct proxy {
}
const string uri;
+ const string ca;
+ const string cert;
+ const string key;
};
}
diff --git a/sca-cpp/trunk/modules/http/httpd-ca-conf b/sca-cpp/trunk/modules/http/httpd-ca-conf
new file mode 100755
index 0000000000..20efb441b5
--- /dev/null
+++ b/sca-cpp/trunk/modules/http/httpd-ca-conf
@@ -0,0 +1,92 @@
+#!/bin/sh
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Generate a test certificate of authority
+here=`readlink -f $0`; here=`dirname $here`
+root=`readlink -f $1`
+host=$2
+if [ "$host" = "" ]; then
+ host=`hostname -f`
+fi
+
+# Don't regenerate the certificate if it already exists
+if [ -f $root/conf/ca.crt ]; then
+ return 0
+fi
+
+# Generate openssl configuration
+mkdir -p $root/conf
+umask 0007
+cat >$root/conf/openssl-ca.conf <<EOF
+[ req ]
+default_bits = 1024
+encrypt_key = no
+prompt = no
+distinguished_name = req_distinguished_name
+x509_extensions = v3_ca
+
+[ req_distinguished_name ]
+C = US
+ST = CA
+L = San Francisco
+O = Test Authority Organization
+OU = Test Authority Unit
+CN = $host
+emailAddress = root@$host
+
+[ v3_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints = CA:true
+
+[ca]
+default_ca = ca_default
+
+[ca_default]
+certificate = $root/conf/ca.crt
+private_key = $root/conf/ca.key
+serial = $root/conf/ca-serial
+database = $root/conf/ca-database
+new_certs_dir = $root/conf
+default_md = sha1
+email_in_dn = no
+default_days = 365
+default_crl_days = 30
+policy = policy_any
+copy_extensions = none
+
+[ policy_any ]
+countryName = supplied
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+EOF
+
+rm -rf $root/conf/*.pem
+rm -f $root/conf/ca-database
+echo 1000 > $root/conf/ca-serial
+touch $root/conf/ca-database
+
+# Generate the certificate of authority
+openssl req -new -x509 -config $root/conf/openssl-ca.conf -out $root/conf/ca.crt -keyout $root/conf/ca.key
+
diff --git a/sca-cpp/trunk/modules/http/httpd-cert-conf b/sca-cpp/trunk/modules/http/httpd-cert-conf
new file mode 100755
index 0000000000..be357554fb
--- /dev/null
+++ b/sca-cpp/trunk/modules/http/httpd-cert-conf
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Generate a test certificate
+here=`readlink -f $0`; here=`dirname $here`
+root=`readlink -f $1`
+host=$2
+if [ "$host" = "" ]; then
+ host=`hostname -f`
+fi
+
+# Don't regenerate the certificate if it already exists
+if [ -f $root/conf/server.crt ]; then
+ return 0
+fi
+
+# Generate openssl configuration
+mkdir -p $root/conf
+umask 0007
+cat >$root/conf/openssl-cert.conf <<EOF
+[ req ]
+default_bits = 1024
+encrypt_key = no
+prompt = no
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name ]
+C = US
+ST = CA
+L = San Francisco
+O = Test Organization
+OU = Test Unit
+CN = $host
+emailAddress = root@$host
+EOF
+
+# Generate a certificate request
+openssl req -new -config $root/conf/openssl-cert.conf -out $root/conf/server-req.crt -keyout $root/conf/server.key
+
+# Generate a certificate, signed with our test certificate of authority
+openssl ca -batch -config $root/conf/openssl-ca.conf -out $root/conf/server.crt -infiles $root/conf/server-req.crt
+
+# Export it to PKCS12 format, that's the format Web browsers want to import
+openssl pkcs12 -export -passout pass: -out $root/conf/server.p12 -inkey $root/conf/server.key -in $root/conf/server.crt -certfile $root/conf/ca.crt
+
diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf
index bc5ca25a4c..3ed27c6680 100755
--- a/sca-cpp/trunk/modules/http/httpd-conf
+++ b/sca-cpp/trunk/modules/http/httpd-conf
@@ -17,22 +17,77 @@
# specific language governing permissions and limitations
# under the License.
-# Generate a minimal httpd.conf
+# Generate a minimal HTTPD configuration
here=`readlink -f $0`; here=`dirname $here`
root=`readlink -f $1`
port=$2
htdocs=`readlink -f $3`
+host=`hostname -f`
+user=`id -un`
+group=`id -gn`
mkdir -p $root
mkdir -p $root/logs
mkdir -p $root/conf
cat >$root/conf/httpd.conf <<EOF
+# Apache HTTPD server configuration
+
+# Set server name
+ServerName $host
+
+# Basic security precautions
+User $user
+Group $group
+ServerSignature Off
+ServerTokens Prod
+Timeout 45
+LimitRequestBody 1048576
+HostNameLookups Off
+
+# Logging
ErrorLog $root/logs/error_log
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog $root/logs/access_log combined
-ServerName http://127.0.0.1:$port
-Listen $port
-DocumentRoot $htdocs
+LogLevel warn
+
+# Configure Mime types
+DefaultType text/plain
TypesConfig $here/conf/mime.types
+
+# Set document root
+DocumentRoot $htdocs
+DirectoryIndex index.html
+
+# Protect server files
+<Directory />
+Options None
+AllowOverride None
+Order deny,allow
+Deny from all
+</Directory>
+<FilesMatch "^\.ht">
+Order deny,allow
+Deny from all
+Satisfy Any
+</FilesMatch>
+
+# Allow access to document root
+<Directory "$htdocs">
+Options +SymLinksIfOwnerMatch
+Allow from all
+</Directory>
+
+# Allow access to service components
+<Location />
+Options +SymLinksIfOwnerMatch
+Allow from all
+</Location>
+
+# Setup HTTP virtual host
+Listen $port
+<VirtualHost _default_:$port>
+
+</VirtualHost>
+
EOF
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf
new file mode 100755
index 0000000000..6660ad9792
--- /dev/null
+++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf
@@ -0,0 +1,99 @@
+#!/bin/sh
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Generate a minimal HTTPD SSL configuration
+here=`readlink -f $0`; here=`dirname $here`
+root=`readlink -f $1`
+port=$2
+if [ "$port" != "80" ]; then
+ sslport=`echo "$port + 443" | bc`
+else
+ sslport="443"
+fi
+host=`hostname -f`
+
+# Extract organization name from our CA certificate
+org=`openssl x509 -noout -subject -nameopt multiline -in $root/conf/ca.crt | grep organizationName | awk -F "= " '{ print $2 }'`
+
+# Generate HTTPD configuration
+cat >>$root/conf/httpd.conf <<EOF
+# Redirect all HTTP traffic to HTTPS
+<Location />
+RewriteEngine on
+RewriteCond %{SERVER_PORT} !^$sslport$
+RewriteRule .* https://%{SERVER_NAME}:$sslport%{REQUEST_URI} [R,L]
+</Location>
+
+# Setup SSL support
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl .crl
+SSLPassPhraseDialog builtin
+SSLSessionCache "shmcb:$root/logs/ssl_scache(512000)"
+SSLSessionCacheTimeout 300
+SSLMutex "file:$root/logs/ssl_mutex"
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+
+# HTTPS virtual host
+Listen $sslport
+<VirtualHost _default_:$sslport>
+
+# Enable SSL
+SSLEngine on
+SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+SSLCACertificateFile "$root/conf/ca.crt"
+SSLCertificateFile "$root/conf/server.crt"
+SSLCertificateKeyFile "$root/conf/server.key"
+BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
+CustomLog "$root/logs/ssl_request_log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+# Require clients to present either:
+# a certificate signed with our CA certificate of authority
+# or a userid + password for HTTP basic authentication
+<Location />
+Satisfy Any
+
+SSLVerifyClient optional
+SSLVerifyDepth 1
+SSLOptions +FakeBasicAuth
+SSLRequireSSL
+SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 and %{SSL_CLIENT_I_DN_O} == "$org"
+
+AuthType Basic
+AuthName "$host"
+AuthUserFile "$root/conf/httpd.passwd"
+Require valid-user
+</location>
+
+</VirtualHost>
+
+# Configure SCA SSL support
+SCASSLCACertificateFile "$root/conf/ca.crt"
+SCASSLCertificateFile "$root/conf/server.crt"
+SCASSLCertificateKeyFile "$root/conf/server.key"
+
+EOF
+
+# Create test users for HTTP basic authentication
+htpasswd -bc $root/conf/httpd.passwd admin admin 2>/dev/null
+htpasswd -b $root/conf/httpd.passwd user password 2>/dev/null
+htpasswd -b $root/conf/httpd.passwd test test 2>/dev/null
+htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
+htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null
+
diff --git a/sca-cpp/trunk/modules/java/java-conf b/sca-cpp/trunk/modules/java/java-conf
index 823bd38ce9..4c03035ca4 100755
--- a/sca-cpp/trunk/modules/java/java-conf
+++ b/sca-cpp/trunk/modules/java/java-conf
@@ -22,6 +22,8 @@ here=`readlink -f $0`; here=`dirname $here`
root=`readlink -f $1`
cat >>$root/conf/httpd.conf <<EOF
+# Support for Java SCA components
LoadModule mod_tuscany_eval $here/libmod_tuscany_java.so
+
EOF
diff --git a/sca-cpp/trunk/modules/python/python-conf b/sca-cpp/trunk/modules/python/python-conf
index 82decd8eb4..983679db4d 100755
--- a/sca-cpp/trunk/modules/python/python-conf
+++ b/sca-cpp/trunk/modules/python/python-conf
@@ -22,5 +22,7 @@ here=`readlink -f $0`; here=`dirname $here`
root=`readlink -f $1`
cat >>$root/conf/httpd.conf <<EOF
+# Support for Python SCA components
LoadModule mod_tuscany_eval $here/libmod_tuscany_python.so
+
EOF
diff --git a/sca-cpp/trunk/modules/server/cpp-conf b/sca-cpp/trunk/modules/server/cpp-conf
index 77e79c5fd8..bc014ac979 100755
--- a/sca-cpp/trunk/modules/server/cpp-conf
+++ b/sca-cpp/trunk/modules/server/cpp-conf
@@ -22,5 +22,7 @@ here=`readlink -f $0`; here=`dirname $here`
root=`readlink -f $1`
cat >>$root/conf/httpd.conf <<EOF
+# Support for C++ SCA components
LoadModule mod_tuscany_eval $here/libmod_tuscany_eval.so
+
EOF
diff --git a/sca-cpp/trunk/modules/server/mod-eval.hpp b/sca-cpp/trunk/modules/server/mod-eval.hpp
index a5efc775fc..5ce787d2fb 100644
--- a/sca-cpp/trunk/modules/server/mod-eval.hpp
+++ b/sca-cpp/trunk/modules/server/mod-eval.hpp
@@ -53,15 +53,17 @@ namespace modeval {
*/
class ServerConf {
public:
- ServerConf(server_rec* s) : s(s), home(""), wiringServerName(""), contributionPath(""), compositeName("") {
+ ServerConf(server_rec* s) : s(s), wiringServerName(""), contributionPath(""), compositeName(""), ca(""), cert(""), key("") {
}
const server_rec* s;
lambda<value(const list<value>&)> lifecycle;
- string home;
string wiringServerName;
string contributionPath;
string compositeName;
+ string ca;
+ string cert;
+ string key;
list<value> implementations;
list<value> implTree;
};
@@ -253,7 +255,7 @@ int handler(request_rec *r) {
const list<value> path(pathValues(r->uri));
const list<value> impl(assoctree<value>(cadr(path), sc.implTree));
if (isNil(impl))
- return HTTP_NOT_FOUND;
+ return httpd::reportStatus(mkfailure<int>(string("Couldn't find component implementation")));
// Handle HTTP method
const lambda<value(const list<value>&)> l(cadr<value>(impl));
@@ -273,14 +275,14 @@ int handler(request_rec *r) {
/**
* Convert a list of component references to a list of HTTP proxy lambdas.
*/
-const value mkrefProxy(const value& ref, const string& base) {
- return lambda<value(const list<value>&)>(http::proxy(base + string(scdl::name(ref))));
+const value mkrefProxy(const value& ref, const string& base, const string& ca, const string& cert, const string& key) {
+ return lambda<value(const list<value>&)>(http::proxy(base + string(scdl::name(ref)), ca, cert, key));
}
-const list<value> refProxies(const list<value>& refs, const string& base) {
+const list<value> refProxies(const list<value>& refs, const string& base, const string& ca, const string& cert, const string& key) {
if (isNil(refs))
return refs;
- return cons(mkrefProxy(car(refs), base), refProxies(cdr(refs), base));
+ return cons(mkrefProxy(car(refs), base, ca, cert, key), refProxies(cdr(refs), base, ca, cert, key));
}
/**
@@ -323,7 +325,7 @@ const value evalComponent(ServerConf& sc, server_rec& server, const value& comp)
<< "/references/" << string(scdl::name(comp)) << "/";
else
base << sc.wiringServerName << "/references/" << string(scdl::name(comp)) << "/";
- const list<value> rpx(refProxies(scdl::references(comp), str(base)));
+ const list<value> rpx(refProxies(scdl::references(comp), str(base), sc.ca, sc.cert, sc.key));
// Convert component proxies to configured proxy lambdas
const list<value> ppx(propProxies(scdl::properties(comp)));
@@ -440,6 +442,21 @@ apr_status_t serverCleanup(void* v) {
* Called after all the configuration commands have been run.
* Process the server configuration and configure the deployed components.
*/
+const int postConfigMerge(const ServerConf& mainsc, server_rec* s) {
+ if (s == NULL)
+ return OK;
+ ServerConf& sc = httpd::serverConf<ServerConf>(s, &mod_tuscany_eval);
+ sc.wiringServerName = mainsc.wiringServerName;
+ sc.contributionPath = mainsc.contributionPath;
+ sc.compositeName = mainsc.compositeName;
+ sc.ca = mainsc.ca;
+ sc.cert = mainsc.cert;
+ sc.key = mainsc.key;
+ sc.implementations = mainsc.implementations;
+ sc.implTree = mainsc.implTree;
+ return postConfigMerge(mainsc, s->next);
+}
+
int postConfig(apr_pool_t *p, unused apr_pool_t *plog, unused apr_pool_t *ptemp, server_rec *s) {
extern const value applyLifecycle(const list<value>&);
@@ -483,7 +500,8 @@ int postConfig(apr_pool_t *p, unused apr_pool_t *plog, unused apr_pool_t *ptemp,
// Register a cleanup callback, called when the server is stopped or restarted
apr_pool_pre_cleanup_register(p, (void*)&sc, serverCleanup);
- return OK;
+ // Merge the config into any virtual hosts
+ return postConfigMerge(sc, s->next);
}
/**
@@ -511,12 +529,6 @@ void childInit(apr_pool_t* p, server_rec* s) {
/**
* Configuration commands.
*/
-const char* confHome(cmd_parms *cmd, unused void *c, const char *arg) {
- gc_scoped_pool pool(cmd->pool);
- ServerConf& sc = httpd::serverConf<ServerConf>(cmd, &mod_tuscany_eval);
- sc.home = arg;
- return NULL;
-}
const char* confWiringServerName(cmd_parms *cmd, unused void *c, const char *arg) {
gc_scoped_pool pool(cmd->pool);
ServerConf& sc = httpd::serverConf<ServerConf>(cmd, &mod_tuscany_eval);
@@ -535,6 +547,24 @@ const char* confComposite(cmd_parms *cmd, unused void *c, const char *arg) {
sc.compositeName = arg;
return NULL;
}
+const char* confCAFile(cmd_parms *cmd, unused void *c, const char *arg) {
+ gc_scoped_pool pool(cmd->pool);
+ ServerConf& sc = httpd::serverConf<ServerConf>(cmd, &mod_tuscany_eval);
+ sc.ca = arg;
+ return NULL;
+}
+const char* confCertFile(cmd_parms *cmd, unused void *c, const char *arg) {
+ gc_scoped_pool pool(cmd->pool);
+ ServerConf& sc = httpd::serverConf<ServerConf>(cmd, &mod_tuscany_eval);
+ sc.cert = arg;
+ return NULL;
+}
+const char* confCertKeyFile(cmd_parms *cmd, unused void *c, const char *arg) {
+ gc_scoped_pool pool(cmd->pool);
+ ServerConf& sc = httpd::serverConf<ServerConf>(cmd, &mod_tuscany_eval);
+ sc.key = arg;
+ return NULL;
+}
const char* confEnv(unused cmd_parms *cmd, unused void *c, const char *name, const char *value) {
gc_scoped_pool pool(cmd->pool);
@@ -546,11 +576,13 @@ const char* confEnv(unused cmd_parms *cmd, unused void *c, const char *name, con
* HTTP server module declaration.
*/
const command_rec commands[] = {
- AP_INIT_TAKE1("TuscanyHome", (const char*(*)())confHome, NULL, RSRC_CONF, "Tuscany home directory"),
AP_INIT_TAKE1("SCAWiringServerName", (const char*(*)())confWiringServerName, NULL, RSRC_CONF, "SCA wiring server name"),
AP_INIT_TAKE1("SCAContribution", (const char*(*)())confContribution, NULL, RSRC_CONF, "SCA contribution location"),
AP_INIT_TAKE1("SCAComposite", (const char*(*)())confComposite, NULL, RSRC_CONF, "SCA composite location"),
- AP_INIT_TAKE12("SetEnv", (const char*(*)())confEnv, NULL, OR_FILEINFO, "Environment variable name and optional value"),
+ AP_INIT_TAKE12("SCASetEnv", (const char*(*)())confEnv, NULL, OR_FILEINFO, "Environment variable name and optional value"),
+ AP_INIT_TAKE1("SCASSLCACertificateFile", (const char*(*)())confCAFile, NULL, RSRC_CONF, "SSL CA certificate file"),
+ AP_INIT_TAKE1("SCASSLCertificateFile", (const char*(*)())confCertFile, NULL, RSRC_CONF, "SSL certificate file"),
+ AP_INIT_TAKE1("SCASSLCertificateKeyFile", (const char*(*)())confCertKeyFile, NULL, RSRC_CONF, "SSL certificate key file"),
{NULL, NULL, NULL, 0, NO_ARGS, NULL}
};
diff --git a/sca-cpp/trunk/modules/server/mod-wiring.cpp b/sca-cpp/trunk/modules/server/mod-wiring.cpp
index c21b0fe254..296181acfa 100644
--- a/sca-cpp/trunk/modules/server/mod-wiring.cpp
+++ b/sca-cpp/trunk/modules/server/mod-wiring.cpp
@@ -48,12 +48,9 @@ namespace modwiring {
*/
class ServerConf {
public:
- ServerConf(server_rec* s) : s(s), start(false), home(""), wiringServerName(""), contributionPath(""), compositeName("") {
+ ServerConf(server_rec* s) : s(s), contributionPath(""), compositeName("") {
}
const server_rec* s;
- bool start;
- string home;
- string wiringServerName;
string contributionPath;
string compositeName;
list<value> references;
@@ -147,6 +144,7 @@ int translateService(request_rec *r) {
// Find the requested component
const ServerConf& sc = httpd::serverConf<ServerConf>(r, &mod_tuscany_wiring);
+ debug(sc.services, "modwiring::translateService::services");
const list<value> p(pathValues(r->uri));
const list<value> svc(assocPath(p, sc.services));
if (isNil(svc))
@@ -288,6 +286,17 @@ const bool confComponents(ServerConf& sc) {
* Called after all the configuration commands have been run.
* Process the server configuration and configure the wiring for the deployed components.
*/
+const int postConfigMerge(const ServerConf& mainsc, server_rec* s) {
+ if (s == NULL)
+ return OK;
+ ServerConf& sc = httpd::serverConf<ServerConf>(s, &mod_tuscany_wiring);
+ sc.contributionPath = mainsc.contributionPath;
+ sc.compositeName = mainsc.compositeName;
+ sc.references = mainsc.references;
+ sc.services = mainsc.services;
+ return postConfigMerge(mainsc, s->next);
+}
+
int postConfig(unused apr_pool_t *p, unused apr_pool_t *plog, unused apr_pool_t *ptemp, server_rec *s) {
// Count the calls to post config, skip the first one as
// postConfig is always called twice
@@ -299,11 +308,12 @@ int postConfig(unused apr_pool_t *p, unused apr_pool_t *plog, unused apr_pool_t
// Configure the wiring for the deployed components
ServerConf& sc = httpd::serverConf<ServerConf>(s, &mod_tuscany_wiring);
- debug(sc.wiringServerName, "modwiring::postConfig::wiringServerName");
debug(sc.contributionPath, "modwiring::postConfig::contributionPath");
debug(sc.compositeName, "modwiring::postConfig::compositeName");
confComponents(sc);
- return OK;
+
+ // Merge the config into any virtual hosts
+ return postConfigMerge(sc, s->next);
}
/**
@@ -321,18 +331,6 @@ void childInit(apr_pool_t* p, server_rec* svr_rec) {
/**
* Configuration commands.
*/
-const char *confHome(cmd_parms *cmd, unused void *c, const char *arg) {
- gc_scoped_pool pool(cmd->pool);
- ServerConf& sc = httpd::serverConf<ServerConf>(cmd, &mod_tuscany_wiring);
- sc.home = arg;
- return NULL;
-}
-const char *confWiringServerName(cmd_parms *cmd, unused void *c, const char *arg) {
- gc_scoped_pool pool(cmd->pool);
- ServerConf& sc = httpd::serverConf<ServerConf>(cmd, &mod_tuscany_wiring);
- sc.wiringServerName = arg;
- return NULL;
-}
const char *confContribution(cmd_parms *cmd, unused void *c, const char *arg) {
gc_scoped_pool pool(cmd->pool);
ServerConf& sc = httpd::serverConf<ServerConf>(cmd, &mod_tuscany_wiring);
@@ -350,8 +348,6 @@ const char *confComposite(cmd_parms *cmd, unused void *c, const char *arg) {
* HTTP server module declaration.
*/
const command_rec commands[] = {
- AP_INIT_TAKE1("TuscanyHome", (const char*(*)())confHome, NULL, RSRC_CONF, "Tuscany home directory"),
- AP_INIT_TAKE1("SCAWiringServerName", (const char*(*)())confWiringServerName, NULL, RSRC_CONF, "SCA wiring server name"),
AP_INIT_TAKE1("SCAContribution", (const char*(*)())confContribution, NULL, RSRC_CONF, "SCA contribution location"),
AP_INIT_TAKE1("SCAComposite", (const char*(*)())confComposite, NULL, RSRC_CONF, "SCA composite location"),
{NULL, NULL, NULL, 0, NO_ARGS, NULL}
diff --git a/sca-cpp/trunk/modules/server/scheme-conf b/sca-cpp/trunk/modules/server/scheme-conf
index 85984fadf0..fc5f2b3ac8 100755
--- a/sca-cpp/trunk/modules/server/scheme-conf
+++ b/sca-cpp/trunk/modules/server/scheme-conf
@@ -22,5 +22,7 @@ here=`readlink -f $0`; here=`dirname $here`
root=`readlink -f $1`
cat >>$root/conf/httpd.conf <<EOF
+# Support for Scheme SCA components
LoadModule mod_tuscany_eval $here/libmod_tuscany_eval.so
+
EOF
diff --git a/sca-cpp/trunk/modules/server/server-conf b/sca-cpp/trunk/modules/server/server-conf
index c5cf6be437..a31052af7a 100755
--- a/sca-cpp/trunk/modules/server/server-conf
+++ b/sca-cpp/trunk/modules/server/server-conf
@@ -21,9 +21,18 @@
here=`readlink -f $0`; here=`dirname $here`
root=`readlink -f $1`
-mkdir -p $root
-mkdir -p $root/logs
-mkdir -p $root/conf
+host=`cat $root/conf/httpd.conf | grep ServerName | awk '{ print $2 }'`
+port=`cat $root/conf/httpd.conf | grep Listen | tail -1 | awk '{ print $2 }'`
+ssl=`cat $root/conf/httpd.conf | grep "SSLEngine" | awk '{ print $2 }'`
+if [ "$ssl" = "on" ]; then
+ protocol="https"
+else
+ protocol="http"
+fi
+
cat >>$root/conf/httpd.conf <<EOF
+# Support for SCA component wiring
LoadModule mod_tuscany_wiring $here/libmod_tuscany_wiring.so
+SCAWiringServerName $protocol://$host:$port
+
EOF
diff --git a/sca-cpp/trunk/modules/wsgi/httputil.py b/sca-cpp/trunk/modules/wsgi/httputil.py
index e5f26db143..92da7ec09c 100644
--- a/sca-cpp/trunk/modules/wsgi/httputil.py
+++ b/sca-cpp/trunk/modules/wsgi/httputil.py
@@ -18,9 +18,10 @@
# HTTP client proxy functions
-from httplib import HTTPConnection
+from httplib import HTTPConnection, HTTPSConnection
from urlparse import urlparse
from StringIO import StringIO
+import os.path
from util import *
from atomutil import *
from jsonutil import *
@@ -37,9 +38,20 @@ class client:
req = StringIO()
writeStrings(jsonRequest(id, func, args), req)
id = id + 1
- c = HTTPConnection(self.uri.hostname, 80 if self.uri.port == None else self.uri.port)
+ print "HTTP connect:", self.uri.hostname
+ c = None
+ if self.uri.scheme == "https":
+ if os.path.exists("server.key"):
+ c = HTTPSConnection(self.uri.hostname, 443 if self.uri.port == None else self.uri.port, "server.key", "server.crt")
+ else:
+ c = HTTPSConnection(self.uri.hostname, 443 if self.uri.port == None else self.uri.port)
+ else:
+ c = HTTPConnection(self.uri.hostname, 80 if self.uri.port == None else self.uri.port)
+ print "HTTP connection:", c
c.request("POST", self.uri.path, req.getvalue(), {"Content-type": "application/json-rpc"})
res = c.getresponse()
+ print "HTTP response:", res
+ print "HTTP status:", res.status
if res.status != 200:
return None
return jsonResultValue((res.read(),))
diff --git a/sca-cpp/trunk/modules/wsgi/scdl.py b/sca-cpp/trunk/modules/wsgi/scdl.py
index f6c162889e..af332d0249 100644
--- a/sca-cpp/trunk/modules/wsgi/scdl.py
+++ b/sca-cpp/trunk/modules/wsgi/scdl.py
@@ -146,9 +146,9 @@ def uriToComponent(u, comps):
# Evaluate a reference, return a proxy to the resolved component or an
# HTTP client configured with the reference target uri
def evalReference(r, comps):
- if not r.startswith("http://"):
- return nameToComponent(r, comps)
- return mkclient(r)
+ if r.startswith("http://") or r.startswith("https://"):
+ return mkclient(r)
+ return nameToComponent(r, comps)
# Evaluate a component, resolve its implementation and references
def evalComponent(comp, comps):
diff --git a/sca-cpp/trunk/test/store-cpp/ssl-start b/sca-cpp/trunk/test/store-cpp/ssl-start
new file mode 100755
index 0000000000..7ce9e86680
--- /dev/null
+++ b/sca-cpp/trunk/test/store-cpp/ssl-start
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+../../modules/http/httpd-ca-conf tmp
+../../modules/http/httpd-cert-conf tmp
+../../modules/http/httpd-conf tmp 8090 htdocs
+../../modules/http/httpd-ssl-conf tmp 8090
+../../modules/server/server-conf tmp
+../../modules/server/cpp-conf tmp
+cat >>tmp/conf/httpd.conf <<EOF
+# Configure SCA Composite
+SCAContribution `pwd`/
+SCAComposite store.composite
+
+EOF
+
+../../components/cache/memcached-start
+../../modules/http/httpd-start tmp
diff --git a/sca-cpp/trunk/test/store-cpp/start b/sca-cpp/trunk/test/store-cpp/start
index 3c1da356e6..4760dccbc3 100755
--- a/sca-cpp/trunk/test/store-cpp/start
+++ b/sca-cpp/trunk/test/store-cpp/start
@@ -21,8 +21,10 @@
../../modules/server/server-conf tmp
../../modules/server/cpp-conf tmp
cat >>tmp/conf/httpd.conf <<EOF
+# Configure SCA Composite
SCAContribution `pwd`/
SCAComposite store.composite
+
EOF
../../components/cache/memcached-start
diff --git a/sca-cpp/trunk/test/store-java/ssl-start b/sca-cpp/trunk/test/store-java/ssl-start
new file mode 100755
index 0000000000..314210359c
--- /dev/null
+++ b/sca-cpp/trunk/test/store-java/ssl-start
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+../../modules/http/httpd-ca-conf tmp
+../../modules/http/httpd-cert-conf tmp
+../../modules/http/httpd-conf tmp 8090 htdocs
+../../modules/http/httpd-ssl-conf tmp 8090
+../../modules/server/server-conf tmp
+../../modules/java/java-conf tmp
+cat >>tmp/conf/httpd.conf <<EOF
+# Configure SCA Composite
+SCAContribution `pwd`/
+SCAComposite store.composite
+
+EOF
+
+export CLASSPATH=`pwd`/../../modules/java/libmod-tuscany-java-1.0.jar:`pwd`
+
+../../components/cache/memcached-start
+../../modules/http/httpd-start tmp
diff --git a/sca-cpp/trunk/test/store-java/start b/sca-cpp/trunk/test/store-java/start
index ae2743178a..7f5823ed66 100755
--- a/sca-cpp/trunk/test/store-java/start
+++ b/sca-cpp/trunk/test/store-java/start
@@ -21,8 +21,10 @@
../../modules/server/server-conf tmp
../../modules/java/java-conf tmp
cat >>tmp/conf/httpd.conf <<EOF
+# Configure SCA Composite
SCAContribution `pwd`/
SCAComposite store.composite
+
EOF
export CLASSPATH=`pwd`/../../modules/java/libmod-tuscany-java-1.0.jar:`pwd`
diff --git a/sca-cpp/trunk/test/store-python/ssl-start b/sca-cpp/trunk/test/store-python/ssl-start
new file mode 100755
index 0000000000..c240e58d09
--- /dev/null
+++ b/sca-cpp/trunk/test/store-python/ssl-start
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+../../modules/http/httpd-ca-conf tmp
+../../modules/http/httpd-cert-conf tmp
+../../modules/http/httpd-conf tmp 8090 htdocs
+../../modules/http/httpd-ssl-conf tmp 8090
+../../modules/server/server-conf tmp
+../../modules/python/python-conf tmp
+cat >>tmp/conf/httpd.conf <<EOF
+# Configure SCA Composite
+SCAContribution `pwd`/
+SCAComposite store.composite
+
+EOF
+
+../../components/cache/memcached-start
+../../modules/http/httpd-start tmp
diff --git a/sca-cpp/trunk/test/store-python/start b/sca-cpp/trunk/test/store-python/start
index 93e1dbe755..2874d5c3e6 100755
--- a/sca-cpp/trunk/test/store-python/start
+++ b/sca-cpp/trunk/test/store-python/start
@@ -21,8 +21,10 @@
../../modules/server/server-conf tmp
../../modules/python/python-conf tmp
cat >>tmp/conf/httpd.conf <<EOF
+# Configure SCA Composite
SCAContribution `pwd`/
SCAComposite store.composite
+
EOF
../../components/cache/memcached-start
diff --git a/sca-cpp/trunk/test/store-scheme/ssl-start b/sca-cpp/trunk/test/store-scheme/ssl-start
new file mode 100755
index 0000000000..3d96c3b257
--- /dev/null
+++ b/sca-cpp/trunk/test/store-scheme/ssl-start
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+../../modules/http/httpd-ca-conf tmp
+../../modules/http/httpd-cert-conf tmp
+../../modules/http/httpd-conf tmp 8090 htdocs
+../../modules/http/httpd-ssl-conf tmp 8090
+../../modules/server/server-conf tmp
+../../modules/server/scheme-conf tmp
+cat >>tmp/conf/httpd.conf <<EOF
+# Configure SCA Composite
+SCAContribution `pwd`/
+SCAComposite store.composite
+
+EOF
+
+../../components/cache/memcached-start
+../../modules/http/httpd-start tmp
diff --git a/sca-cpp/trunk/test/store-scheme/start b/sca-cpp/trunk/test/store-scheme/start
index db8e19c4cc..51c74fbea3 100755
--- a/sca-cpp/trunk/test/store-scheme/start
+++ b/sca-cpp/trunk/test/store-scheme/start
@@ -21,8 +21,10 @@
../../modules/server/server-conf tmp
../../modules/server/scheme-conf tmp
cat >>tmp/conf/httpd.conf <<EOF
+# Configure SCA Composite
SCAContribution `pwd`/
SCAComposite store.composite
+
EOF
../../components/cache/memcached-start
diff --git a/sca-cpp/trunk/test/store-wsgi/app.yaml b/sca-cpp/trunk/test/store-wsgi/app.yaml
index 1e2dc05547..e5807c233a 100644
--- a/sca-cpp/trunk/test/store-wsgi/app.yaml
+++ b/sca-cpp/trunk/test/store-wsgi/app.yaml
@@ -44,7 +44,9 @@ handlers:
- url: /(.*\.(html|png))
static_files: htdocs/\1
upload: htdocs/(.*\.(html|png))
+ secure: always
- url: /.*
script: composite.py
+ secure: always
diff --git a/sca-cpp/trunk/test/store-wsgi/domain-frontend.composite b/sca-cpp/trunk/test/store-wsgi/domain-frontend.composite
index ca2472d40a..a183c84a76 100644
--- a/sca-cpp/trunk/test/store-wsgi/domain-frontend.composite
+++ b/sca-cpp/trunk/test/store-wsgi/domain-frontend.composite
@@ -28,13 +28,13 @@
<t:binding.http uri="store"/>
</service>
<reference name="catalog">
- <t:binding.http uri="http://sca-store-backend/catalog"/>
+ <t:binding.http uri="https://sca-store-backend.appspot.com/catalog"/>
</reference>
<reference name="shoppingCart">
- <t:binding.http uri="http://sca-store-backend/shoppingCart"/>
+ <t:binding.http uri="https://sca-store-backend.appspot.com/shoppingCart"/>
</reference>
<reference name="shoppingTotal">
- <t:binding.http uri="http://sca-store-backend/shoppingCart"/>
+ <t:binding.http uri="https://sca-store-backend.appspot.com/shoppingCart"/>
</reference>
</component>
@@ -56,7 +56,7 @@
<t:binding.jsonrpc uri="total"/>
</service>
<reference name="cache">
- <t:binding.http uri="http://sca-store-backend.appspot.com/cache"/>
+ <t:binding.http uri="https://sca-store-backend.appspot.com/cache"/>
</reference>
</component>