diff options
| author | jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> | 2010-03-27 06:24:56 +0000 |
|---|---|---|
| committer | jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> | 2010-03-27 06:24:56 +0000 |
| commit | d64a280c20229e374684e9b5e392fdf878ed5514 (patch) | |
| tree | bd0edee43d0f6569824a3d3d38960a5602c58da8 | |
| parent | dac887d0f494151b210588ce694c55ce27f07263 (diff) | |
Add scripts to setup HTTPS support. A few fixes to get HTTPS working end to end with both HTTPD and WSGI servers. Minor cleanup of the HTTPD config scripts.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@928160 13f79535-47bb-0310-9956-ffa450edef68
26 files changed, 618 insertions, 61 deletions
diff --git a/sca-cpp/trunk/components/webservice/axis2-conf b/sca-cpp/trunk/components/webservice/axis2-conf index 2e1f6116cd..c731733662 100755 --- a/sca-cpp/trunk/components/webservice/axis2-conf +++ b/sca-cpp/trunk/components/webservice/axis2-conf @@ -42,7 +42,8 @@ cp $here/axis2.xml $root/axis2c/axis2.xml # Configure HTTPD Axis2 module cat >>$root/conf/httpd.conf <<EOF -SetEnv AXIS2C_HOME $root/axis2c +# Support for Web Services +SCASetEnv AXIS2C_HOME $root/axis2c LoadModule axis2_module $root/axis2c/lib/libmod_axis2.so Axis2RepoPath $root/axis2c Axis2LogFile $root/axis2c/logs/mod_axis2.log @@ -50,4 +51,5 @@ Axis2LogLevel debug <Location /axis2> SetHandler axis2_module </Location> + EOF diff --git a/sca-cpp/trunk/modules/http/curl-test.cpp b/sca-cpp/trunk/modules/http/curl-test.cpp index 4305d2ac38..c9b85ad962 100644 --- a/sca-cpp/trunk/modules/http/curl-test.cpp +++ b/sca-cpp/trunk/modules/http/curl-test.cpp @@ -32,6 +32,8 @@ namespace tuscany { namespace http { +string testURI = "http://localhost:8090"; + ostream* curlWriter(const string& s, ostream* os) { (*os) << s; return os; @@ -41,13 +43,13 @@ const bool testGet() { CURLSession ch; { ostringstream os; - const failable<list<ostream*> > r = get<ostream*>(curlWriter, &os, "http://localhost:8090", ch); + const failable<list<ostream*> > r = get<ostream*>(curlWriter, &os, testURI, ch); assert(hasContent(r)); assert(contains(str(os), "HTTP/1.1 200 OK")); assert(contains(str(os), "It works")); } { - const failable<value> r = getcontent("http://localhost:8090", ch); + const failable<value> r = getcontent(testURI, ch); assert(hasContent(r)); assert(contains(car(reverse(list<value>(content(r)))), "It works")); } @@ -59,7 +61,7 @@ struct getLoop { getLoop(CURLSession& ch) : ch(ch) { } const bool operator()() const { - const failable<value> r = getcontent("http://localhost:8090", ch); + const failable<value> r = getcontent(testURI, ch); assert(hasContent(r)); assert(contains(car(reverse(list<value>(content(r)))), "It works")); return true; @@ -78,6 +80,7 @@ const bool testGetPerf() { int main() { tuscany::cout << "Testing..." << tuscany::endl; + tuscany::http::testURI = tuscany::string("http://") + tuscany::http::hostname() + ":8090"; tuscany::http::testGet(); tuscany::http::testGetPerf(); diff --git a/sca-cpp/trunk/modules/http/curl.hpp b/sca-cpp/trunk/modules/http/curl.hpp index ec152dd8f0..95c81d9b94 100644 --- a/sca-cpp/trunk/modules/http/curl.hpp +++ b/sca-cpp/trunk/modules/http/curl.hpp @@ -57,10 +57,10 @@ public: */ class CURLSession { public: - CURLSession() : h(curl_easy_init()), owner(true) { + CURLSession(const string& ca = "", const string& cert = "", const string& key = "") : h(curl_easy_init()), owner(true), ca(ca), cert(cert), key(key) { } - CURLSession(const CURLSession& c) : h(c.h), owner(false) { + CURLSession(const CURLSession& c) : h(c.h), owner(false), ca(c.ca), cert(c.cert), key(c.key) { } ~CURLSession() { @@ -76,6 +76,11 @@ private: const bool owner; friend CURL* handle(const CURLSession& c); + +public: + const string ca; + const string cert; + const string key; }; /** @@ -163,7 +168,29 @@ template<typename R> const failable<list<R> > apply(const list<list<string> >& h CURLWriteContext<R> wcx(reduce, initial); curl_easy_setopt(ch, CURLOPT_WRITEFUNCTION, (size_t (*)(void*, size_t, size_t, void*))(writeCallback<R>)); curl_easy_setopt(ch, CURLOPT_WRITEDATA, &wcx); + + // Setup protocol options curl_easy_setopt(ch, CURLOPT_TCP_NODELAY, true); + curl_easy_setopt(ch, CURLOPT_FOLLOWLOCATION, true); + curl_easy_setopt(ch, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL); + + // Setup SSL options + if (cs.ca != "") { + debug(cs.ca, "http::apply::ca"); + curl_easy_setopt(ch, CURLOPT_CAINFO, c_str(cs.ca)); + curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, true); + curl_easy_setopt(ch, CURLOPT_SSL_VERIFYHOST, 2); + } + if (cs.cert != "") { + debug(cs.cert, "http::apply::cert"); + curl_easy_setopt(ch, CURLOPT_SSLCERT, c_str(cs.cert)); + curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM"); + } + if (cs.key != "") { + debug(cs.key, "http::apply::key"); + curl_easy_setopt(ch, CURLOPT_SSLKEY, c_str(cs.key)); + curl_easy_setopt(ch, CURLOPT_SSLKEYTYPE, "PEM"); + } // Set the request headers curl_slist* hl = headers(NULL, car(hdr)); @@ -378,14 +405,24 @@ const failable<value, string> del(const string& url, const CURLSession& ch) { } /** + * Returns the current host name. + */ +const string hostname() { + char h[256]; + if (gethostname(h, 256) == -1) + return "localhost"; + return h; +} + +/** * HTTP client proxy function. */ struct proxy { - proxy(const string& uri) : uri(uri) { + proxy(const string& uri, const string& ca, const string& cert, const string& key) : uri(uri), ca(ca), cert(cert), key(key) { } const value operator()(const list<value>& args) const { - CURLSession cs; + CURLSession cs(ca, cert, key); failable<value> val = evalExpr(args, uri, cs); if (!hasContent(val)) return value(); @@ -393,6 +430,9 @@ struct proxy { } const string uri; + const string ca; + const string cert; + const string key; }; } diff --git a/sca-cpp/trunk/modules/http/httpd-ca-conf b/sca-cpp/trunk/modules/http/httpd-ca-conf new file mode 100755 index 0000000000..20efb441b5 --- /dev/null +++ b/sca-cpp/trunk/modules/http/httpd-ca-conf @@ -0,0 +1,92 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Generate a test certificate of authority +here=`readlink -f $0`; here=`dirname $here` +root=`readlink -f $1` +host=$2 +if [ "$host" = "" ]; then + host=`hostname -f` +fi + +# Don't regenerate the certificate if it already exists +if [ -f $root/conf/ca.crt ]; then + return 0 +fi + +# Generate openssl configuration +mkdir -p $root/conf +umask 0007 +cat >$root/conf/openssl-ca.conf <<EOF +[ req ] +default_bits = 1024 +encrypt_key = no +prompt = no +distinguished_name = req_distinguished_name +x509_extensions = v3_ca + +[ req_distinguished_name ] +C = US +ST = CA +L = San Francisco +O = Test Authority Organization +OU = Test Authority Unit +CN = $host +emailAddress = root@$host + +[ v3_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +basicConstraints = CA:true + +[ca] +default_ca = ca_default + +[ca_default] +certificate = $root/conf/ca.crt +private_key = $root/conf/ca.key +serial = $root/conf/ca-serial +database = $root/conf/ca-database +new_certs_dir = $root/conf +default_md = sha1 +email_in_dn = no +default_days = 365 +default_crl_days = 30 +policy = policy_any +copy_extensions = none + +[ policy_any ] +countryName = supplied +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +EOF + +rm -rf $root/conf/*.pem +rm -f $root/conf/ca-database +echo 1000 > $root/conf/ca-serial +touch $root/conf/ca-database + +# Generate the certificate of authority +openssl req -new -x509 -config $root/conf/openssl-ca.conf -out $root/conf/ca.crt -keyout $root/conf/ca.key + diff --git a/sca-cpp/trunk/modules/http/httpd-cert-conf b/sca-cpp/trunk/modules/http/httpd-cert-conf new file mode 100755 index 0000000000..be357554fb --- /dev/null +++ b/sca-cpp/trunk/modules/http/httpd-cert-conf @@ -0,0 +1,61 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Generate a test certificate +here=`readlink -f $0`; here=`dirname $here` +root=`readlink -f $1` +host=$2 +if [ "$host" = "" ]; then + host=`hostname -f` +fi + +# Don't regenerate the certificate if it already exists +if [ -f $root/conf/server.crt ]; then + return 0 +fi + +# Generate openssl configuration +mkdir -p $root/conf +umask 0007 +cat >$root/conf/openssl-cert.conf <<EOF +[ req ] +default_bits = 1024 +encrypt_key = no +prompt = no +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] +C = US +ST = CA +L = San Francisco +O = Test Organization +OU = Test Unit +CN = $host +emailAddress = root@$host +EOF + +# Generate a certificate request +openssl req -new -config $root/conf/openssl-cert.conf -out $root/conf/server-req.crt -keyout $root/conf/server.key + +# Generate a certificate, signed with our test certificate of authority +openssl ca -batch -config $root/conf/openssl-ca.conf -out $root/conf/server.crt -infiles $root/conf/server-req.crt + +# Export it to PKCS12 format, that's the format Web browsers want to import +openssl pkcs12 -export -passout pass: -out $root/conf/server.p12 -inkey $root/conf/server.key -in $root/conf/server.crt -certfile $root/conf/ca.crt + diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf index bc5ca25a4c..3ed27c6680 100755 --- a/sca-cpp/trunk/modules/http/httpd-conf +++ b/sca-cpp/trunk/modules/http/httpd-conf @@ -17,22 +17,77 @@ # specific language governing permissions and limitations # under the License. -# Generate a minimal httpd.conf +# Generate a minimal HTTPD configuration here=`readlink -f $0`; here=`dirname $here` root=`readlink -f $1` port=$2 htdocs=`readlink -f $3` +host=`hostname -f` +user=`id -un` +group=`id -gn` mkdir -p $root mkdir -p $root/logs mkdir -p $root/conf cat >$root/conf/httpd.conf <<EOF +# Apache HTTPD server configuration + +# Set server name +ServerName $host + +# Basic security precautions +User $user +Group $group +ServerSignature Off +ServerTokens Prod +Timeout 45 +LimitRequestBody 1048576 +HostNameLookups Off + +# Logging ErrorLog $root/logs/error_log LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined CustomLog $root/logs/access_log combined -ServerName http://127.0.0.1:$port -Listen $port -DocumentRoot $htdocs +LogLevel warn + +# Configure Mime types +DefaultType text/plain TypesConfig $here/conf/mime.types + +# Set document root +DocumentRoot $htdocs +DirectoryIndex index.html + +# Protect server files +<Directory /> +Options None +AllowOverride None +Order deny,allow +Deny from all +</Directory> +<FilesMatch "^\.ht"> +Order deny,allow +Deny from all +Satisfy Any +</FilesMatch> + +# Allow access to document root +<Directory "$htdocs"> +Options +SymLinksIfOwnerMatch +Allow from all +</Directory> + +# Allow access to service components +<Location /> +Options +SymLinksIfOwnerMatch +Allow from all +</Location> + +# Setup HTTP virtual host +Listen $port +<VirtualHost _default_:$port> + +</VirtualHost> + EOF diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf new file mode 100755 index 0000000000..6660ad9792 --- /dev/null +++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf @@ -0,0 +1,99 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Generate a minimal HTTPD SSL configuration +here=`readlink -f $0`; here=`dirname $here` +root=`readlink -f $1` +port=$2 +if [ "$port" != "80" ]; then + sslport=`echo "$port + 443" | bc` +else + sslport="443" +fi +host=`hostname -f` + +# Extract organization name from our CA certificate +org=`openssl x509 -noout -subject -nameopt multiline -in $root/conf/ca.crt | grep organizationName | awk -F "= " '{ print $2 }'` + +# Generate HTTPD configuration +cat >>$root/conf/httpd.conf <<EOF +# Redirect all HTTP traffic to HTTPS +<Location /> +RewriteEngine on +RewriteCond %{SERVER_PORT} !^$sslport$ +RewriteRule .* https://%{SERVER_NAME}:$sslport%{REQUEST_URI} [R,L] +</Location> + +# Setup SSL support +AddType application/x-x509-ca-cert .crt +AddType application/x-pkcs7-crl .crl +SSLPassPhraseDialog builtin +SSLSessionCache "shmcb:$root/logs/ssl_scache(512000)" +SSLSessionCacheTimeout 300 +SSLMutex "file:$root/logs/ssl_mutex" +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin + +# HTTPS virtual host +Listen $sslport +<VirtualHost _default_:$sslport> + +# Enable SSL +SSLEngine on +SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL +SSLCACertificateFile "$root/conf/ca.crt" +SSLCertificateFile "$root/conf/server.crt" +SSLCertificateKeyFile "$root/conf/server.key" +BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 +CustomLog "$root/logs/ssl_request_log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + +# Require clients to present either: +# a certificate signed with our CA certificate of authority +# or a userid + password for HTTP basic authentication +<Location /> +Satisfy Any + +SSLVerifyClient optional +SSLVerifyDepth 1 +SSLOptions +FakeBasicAuth +SSLRequireSSL +SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 and %{SSL_CLIENT_I_DN_O} == "$org" + +AuthType Basic +AuthName "$host" +AuthUserFile "$root/conf/httpd.passwd" +Require valid-user +</location> + +</VirtualHost> + +# Configure SCA SSL support +SCASSLCACertificateFile "$root/conf/ca.crt" +SCASSLCertificateFile "$root/conf/server.crt" +SCASSLCertificateKeyFile "$root/conf/server.key" + +EOF + +# Create test users for HTTP basic authentication +htpasswd -bc $root/conf/httpd.passwd admin admin 2>/dev/null +htpasswd -b $root/conf/httpd.passwd user password 2>/dev/null +htpasswd -b $root/conf/httpd.passwd test test 2>/dev/null +htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null +htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null + diff --git a/sca-cpp/trunk/modules/java/java-conf b/sca-cpp/trunk/modules/java/java-conf index 823bd38ce9..4c03035ca4 100755 --- a/sca-cpp/trunk/modules/java/java-conf +++ b/sca-cpp/trunk/modules/java/java-conf @@ -22,6 +22,8 @@ here=`readlink -f $0`; here=`dirname $here` root=`readlink -f $1` cat >>$root/conf/httpd.conf <<EOF +# Support for Java SCA components LoadModule mod_tuscany_eval $here/libmod_tuscany_java.so + EOF diff --git a/sca-cpp/trunk/modules/python/python-conf b/sca-cpp/trunk/modules/python/python-conf index 82decd8eb4..983679db4d 100755 --- a/sca-cpp/trunk/modules/python/python-conf +++ b/sca-cpp/trunk/modules/python/python-conf @@ -22,5 +22,7 @@ here=`readlink -f $0`; here=`dirname $here` root=`readlink -f $1` cat >>$root/conf/httpd.conf <<EOF +# Support for Python SCA components LoadModule mod_tuscany_eval $here/libmod_tuscany_python.so + EOF diff --git a/sca-cpp/trunk/modules/server/cpp-conf b/sca-cpp/trunk/modules/server/cpp-conf index 77e79c5fd8..bc014ac979 100755 --- a/sca-cpp/trunk/modules/server/cpp-conf +++ b/sca-cpp/trunk/modules/server/cpp-conf @@ -22,5 +22,7 @@ here=`readlink -f $0`; here=`dirname $here` root=`readlink -f $1` cat >>$root/conf/httpd.conf <<EOF +# Support for C++ SCA components LoadModule mod_tuscany_eval $here/libmod_tuscany_eval.so + EOF diff --git a/sca-cpp/trunk/modules/server/mod-eval.hpp b/sca-cpp/trunk/modules/server/mod-eval.hpp index a5efc775fc..5ce787d2fb 100644 --- a/sca-cpp/trunk/modules/server/mod-eval.hpp +++ b/sca-cpp/trunk/modules/server/mod-eval.hpp @@ -53,15 +53,17 @@ namespace modeval { */ class ServerConf { public: - ServerConf(server_rec* s) : s(s), home(""), wiringServerName(""), contributionPath(""), compositeName("") { + ServerConf(server_rec* s) : s(s), wiringServerName(""), contributionPath(""), compositeName(""), ca(""), cert(""), key("") { } const server_rec* s; lambda<value(const list<value>&)> lifecycle; - string home; string wiringServerName; string contributionPath; string compositeName; + string ca; + string cert; + string key; list<value> implementations; list<value> implTree; }; @@ -253,7 +255,7 @@ int handler(request_rec *r) { const list<value> path(pathValues(r->uri)); const list<value> impl(assoctree<value>(cadr(path), sc.implTree)); if (isNil(impl)) - return HTTP_NOT_FOUND; + return httpd::reportStatus(mkfailure<int>(string("Couldn't find component implementation"))); // Handle HTTP method const lambda<value(const list<value>&)> l(cadr<value>(impl)); @@ -273,14 +275,14 @@ int handler(request_rec *r) { /** * Convert a list of component references to a list of HTTP proxy lambdas. */ -const value mkrefProxy(const value& ref, const string& base) { - return lambda<value(const list<value>&)>(http::proxy(base + string(scdl::name(ref)))); +const value mkrefProxy(const value& ref, const string& base, const string& ca, const string& cert, const string& key) { + return lambda<value(const list<value>&)>(http::proxy(base + string(scdl::name(ref)), ca, cert, key)); } -const list<value> refProxies(const list<value>& refs, const string& base) { +const list<value> refProxies(const list<value>& refs, const string& base, const string& ca, const string& cert, const string& key) { if (isNil(refs)) return refs; - return cons(mkrefProxy(car(refs), base), refProxies(cdr(refs), base)); + return cons(mkrefProxy(car(refs), base, ca, cert, key), refProxies(cdr(refs), base, ca, cert, key)); } /** @@ -323,7 +325,7 @@ const value evalComponent(ServerConf& sc, server_rec& server, const value& comp) << "/references/" << string(scdl::name(comp)) << "/"; else base << sc.wiringServerName << "/references/" << string(scdl::name(comp)) << "/"; - const list<value> rpx(refProxies(scdl::references(comp), str(base))); + const list<value> rpx(refProxies(scdl::references(comp), str(base), sc.ca, sc.cert, sc.key)); // Convert component proxies to configured proxy lambdas const list<value> ppx(propProxies(scdl::properties(comp))); @@ -440,6 +442,21 @@ apr_status_t serverCleanup(void* v) { * Called after all the configuration commands have been run. * Process the server configuration and configure the deployed components. */ +const int postConfigMerge(const ServerConf& mainsc, server_rec* s) { + if (s == NULL) + return OK; + ServerConf& sc = httpd::serverConf<ServerConf>(s, &mod_tuscany_eval); + sc.wiringServerName = mainsc.wiringServerName; + sc.contributionPath = mainsc.contributionPath; + sc.compositeName = mainsc.compositeName; + sc.ca = mainsc.ca; + sc.cert = mainsc.cert; + sc.key = mainsc.key; + sc.implementations = mainsc.implementations; + sc.implTree = mainsc.implTree; + return postConfigMerge(mainsc, s->next); +} + int postConfig(apr_pool_t *p, unused apr_pool_t *plog, unused apr_pool_t *ptemp, server_rec *s) { extern const value applyLifecycle(const list<value>&); @@ -483,7 +500,8 @@ int postConfig(apr_pool_t *p, unused apr_pool_t *plog, unused apr_pool_t *ptemp, // Register a cleanup callback, called when the server is stopped or restarted apr_pool_pre_cleanup_register(p, (void*)&sc, serverCleanup); - return OK; + // Merge the config into any virtual hosts + return postConfigMerge(sc, s->next); } /** @@ -511,12 +529,6 @@ void childInit(apr_pool_t* p, server_rec* s) { /** * Configuration commands. */ -const char* confHome(cmd_parms *cmd, unused void *c, const char *arg) { - gc_scoped_pool pool(cmd->pool); - ServerConf& sc = httpd::serverConf<ServerConf>(cmd, &mod_tuscany_eval); - sc.home = arg; - return NULL; -} const char* confWiringServerName(cmd_parms *cmd, unused void *c, const char *arg) { gc_scoped_pool pool(cmd->pool); ServerConf& sc = httpd::serverConf<ServerConf>(cmd, &mod_tuscany_eval); @@ -535,6 +547,24 @@ const char* confComposite(cmd_parms *cmd, unused void *c, const char *arg) { sc.compositeName = arg; return NULL; } +const char* confCAFile(cmd_parms *cmd, unused void *c, const char *arg) { + gc_scoped_pool pool(cmd->pool); + ServerConf& sc = httpd::serverConf<ServerConf>(cmd, &mod_tuscany_eval); + sc.ca = arg; + return NULL; +} +const char* confCertFile(cmd_parms *cmd, unused void *c, const char *arg) { + gc_scoped_pool pool(cmd->pool); + ServerConf& sc = httpd::serverConf<ServerConf>(cmd, &mod_tuscany_eval); + sc.cert = arg; + return NULL; +} +const char* confCertKeyFile(cmd_parms *cmd, unused void *c, const char *arg) { + gc_scoped_pool pool(cmd->pool); + ServerConf& sc = httpd::serverConf<ServerConf>(cmd, &mod_tuscany_eval); + sc.key = arg; + return NULL; +} const char* confEnv(unused cmd_parms *cmd, unused void *c, const char *name, const char *value) { gc_scoped_pool pool(cmd->pool); @@ -546,11 +576,13 @@ const char* confEnv(unused cmd_parms *cmd, unused void *c, const char *name, con * HTTP server module declaration. */ const command_rec commands[] = { - AP_INIT_TAKE1("TuscanyHome", (const char*(*)())confHome, NULL, RSRC_CONF, "Tuscany home directory"), AP_INIT_TAKE1("SCAWiringServerName", (const char*(*)())confWiringServerName, NULL, RSRC_CONF, "SCA wiring server name"), AP_INIT_TAKE1("SCAContribution", (const char*(*)())confContribution, NULL, RSRC_CONF, "SCA contribution location"), AP_INIT_TAKE1("SCAComposite", (const char*(*)())confComposite, NULL, RSRC_CONF, "SCA composite location"), - AP_INIT_TAKE12("SetEnv", (const char*(*)())confEnv, NULL, OR_FILEINFO, "Environment variable name and optional value"), + AP_INIT_TAKE12("SCASetEnv", (const char*(*)())confEnv, NULL, OR_FILEINFO, "Environment variable name and optional value"), + AP_INIT_TAKE1("SCASSLCACertificateFile", (const char*(*)())confCAFile, NULL, RSRC_CONF, "SSL CA certificate file"), + AP_INIT_TAKE1("SCASSLCertificateFile", (const char*(*)())confCertFile, NULL, RSRC_CONF, "SSL certificate file"), + AP_INIT_TAKE1("SCASSLCertificateKeyFile", (const char*(*)())confCertKeyFile, NULL, RSRC_CONF, "SSL certificate key file"), {NULL, NULL, NULL, 0, NO_ARGS, NULL} }; diff --git a/sca-cpp/trunk/modules/server/mod-wiring.cpp b/sca-cpp/trunk/modules/server/mod-wiring.cpp index c21b0fe254..296181acfa 100644 --- a/sca-cpp/trunk/modules/server/mod-wiring.cpp +++ b/sca-cpp/trunk/modules/server/mod-wiring.cpp @@ -48,12 +48,9 @@ namespace modwiring { */ class ServerConf { public: - ServerConf(server_rec* s) : s(s), start(false), home(""), wiringServerName(""), contributionPath(""), compositeName("") { + ServerConf(server_rec* s) : s(s), contributionPath(""), compositeName("") { } const server_rec* s; - bool start; - string home; - string wiringServerName; string contributionPath; string compositeName; list<value> references; @@ -147,6 +144,7 @@ int translateService(request_rec *r) { // Find the requested component const ServerConf& sc = httpd::serverConf<ServerConf>(r, &mod_tuscany_wiring); + debug(sc.services, "modwiring::translateService::services"); const list<value> p(pathValues(r->uri)); const list<value> svc(assocPath(p, sc.services)); if (isNil(svc)) @@ -288,6 +286,17 @@ const bool confComponents(ServerConf& sc) { * Called after all the configuration commands have been run. * Process the server configuration and configure the wiring for the deployed components. */ +const int postConfigMerge(const ServerConf& mainsc, server_rec* s) { + if (s == NULL) + return OK; + ServerConf& sc = httpd::serverConf<ServerConf>(s, &mod_tuscany_wiring); + sc.contributionPath = mainsc.contributionPath; + sc.compositeName = mainsc.compositeName; + sc.references = mainsc.references; + sc.services = mainsc.services; + return postConfigMerge(mainsc, s->next); +} + int postConfig(unused apr_pool_t *p, unused apr_pool_t *plog, unused apr_pool_t *ptemp, server_rec *s) { // Count the calls to post config, skip the first one as // postConfig is always called twice @@ -299,11 +308,12 @@ int postConfig(unused apr_pool_t *p, unused apr_pool_t *plog, unused apr_pool_t // Configure the wiring for the deployed components ServerConf& sc = httpd::serverConf<ServerConf>(s, &mod_tuscany_wiring); - debug(sc.wiringServerName, "modwiring::postConfig::wiringServerName"); debug(sc.contributionPath, "modwiring::postConfig::contributionPath"); debug(sc.compositeName, "modwiring::postConfig::compositeName"); confComponents(sc); - return OK; + + // Merge the config into any virtual hosts + return postConfigMerge(sc, s->next); } /** @@ -321,18 +331,6 @@ void childInit(apr_pool_t* p, server_rec* svr_rec) { /** * Configuration commands. */ -const char *confHome(cmd_parms *cmd, unused void *c, const char *arg) { - gc_scoped_pool pool(cmd->pool); - ServerConf& sc = httpd::serverConf<ServerConf>(cmd, &mod_tuscany_wiring); - sc.home = arg; - return NULL; -} -const char *confWiringServerName(cmd_parms *cmd, unused void *c, const char *arg) { - gc_scoped_pool pool(cmd->pool); - ServerConf& sc = httpd::serverConf<ServerConf>(cmd, &mod_tuscany_wiring); - sc.wiringServerName = arg; - return NULL; -} const char *confContribution(cmd_parms *cmd, unused void *c, const char *arg) { gc_scoped_pool pool(cmd->pool); ServerConf& sc = httpd::serverConf<ServerConf>(cmd, &mod_tuscany_wiring); @@ -350,8 +348,6 @@ const char *confComposite(cmd_parms *cmd, unused void *c, const char *arg) { * HTTP server module declaration. */ const command_rec commands[] = { - AP_INIT_TAKE1("TuscanyHome", (const char*(*)())confHome, NULL, RSRC_CONF, "Tuscany home directory"), - AP_INIT_TAKE1("SCAWiringServerName", (const char*(*)())confWiringServerName, NULL, RSRC_CONF, "SCA wiring server name"), AP_INIT_TAKE1("SCAContribution", (const char*(*)())confContribution, NULL, RSRC_CONF, "SCA contribution location"), AP_INIT_TAKE1("SCAComposite", (const char*(*)())confComposite, NULL, RSRC_CONF, "SCA composite location"), {NULL, NULL, NULL, 0, NO_ARGS, NULL} diff --git a/sca-cpp/trunk/modules/server/scheme-conf b/sca-cpp/trunk/modules/server/scheme-conf index 85984fadf0..fc5f2b3ac8 100755 --- a/sca-cpp/trunk/modules/server/scheme-conf +++ b/sca-cpp/trunk/modules/server/scheme-conf @@ -22,5 +22,7 @@ here=`readlink -f $0`; here=`dirname $here` root=`readlink -f $1` cat >>$root/conf/httpd.conf <<EOF +# Support for Scheme SCA components LoadModule mod_tuscany_eval $here/libmod_tuscany_eval.so + EOF diff --git a/sca-cpp/trunk/modules/server/server-conf b/sca-cpp/trunk/modules/server/server-conf index c5cf6be437..a31052af7a 100755 --- a/sca-cpp/trunk/modules/server/server-conf +++ b/sca-cpp/trunk/modules/server/server-conf @@ -21,9 +21,18 @@ here=`readlink -f $0`; here=`dirname $here` root=`readlink -f $1` -mkdir -p $root -mkdir -p $root/logs -mkdir -p $root/conf +host=`cat $root/conf/httpd.conf | grep ServerName | awk '{ print $2 }'` +port=`cat $root/conf/httpd.conf | grep Listen | tail -1 | awk '{ print $2 }'` +ssl=`cat $root/conf/httpd.conf | grep "SSLEngine" | awk '{ print $2 }'` +if [ "$ssl" = "on" ]; then + protocol="https" +else + protocol="http" +fi + cat >>$root/conf/httpd.conf <<EOF +# Support for SCA component wiring LoadModule mod_tuscany_wiring $here/libmod_tuscany_wiring.so +SCAWiringServerName $protocol://$host:$port + EOF diff --git a/sca-cpp/trunk/modules/wsgi/httputil.py b/sca-cpp/trunk/modules/wsgi/httputil.py index e5f26db143..92da7ec09c 100644 --- a/sca-cpp/trunk/modules/wsgi/httputil.py +++ b/sca-cpp/trunk/modules/wsgi/httputil.py @@ -18,9 +18,10 @@ # HTTP client proxy functions -from httplib import HTTPConnection +from httplib import HTTPConnection, HTTPSConnection from urlparse import urlparse from StringIO import StringIO +import os.path from util import * from atomutil import * from jsonutil import * @@ -37,9 +38,20 @@ class client: req = StringIO() writeStrings(jsonRequest(id, func, args), req) id = id + 1 - c = HTTPConnection(self.uri.hostname, 80 if self.uri.port == None else self.uri.port) + print "HTTP connect:", self.uri.hostname + c = None + if self.uri.scheme == "https": + if os.path.exists("server.key"): + c = HTTPSConnection(self.uri.hostname, 443 if self.uri.port == None else self.uri.port, "server.key", "server.crt") + else: + c = HTTPSConnection(self.uri.hostname, 443 if self.uri.port == None else self.uri.port) + else: + c = HTTPConnection(self.uri.hostname, 80 if self.uri.port == None else self.uri.port) + print "HTTP connection:", c c.request("POST", self.uri.path, req.getvalue(), {"Content-type": "application/json-rpc"}) res = c.getresponse() + print "HTTP response:", res + print "HTTP status:", res.status if res.status != 200: return None return jsonResultValue((res.read(),)) diff --git a/sca-cpp/trunk/modules/wsgi/scdl.py b/sca-cpp/trunk/modules/wsgi/scdl.py index f6c162889e..af332d0249 100644 --- a/sca-cpp/trunk/modules/wsgi/scdl.py +++ b/sca-cpp/trunk/modules/wsgi/scdl.py @@ -146,9 +146,9 @@ def uriToComponent(u, comps): # Evaluate a reference, return a proxy to the resolved component or an # HTTP client configured with the reference target uri def evalReference(r, comps): - if not r.startswith("http://"): - return nameToComponent(r, comps) - return mkclient(r) + if r.startswith("http://") or r.startswith("https://"): + return mkclient(r) + return nameToComponent(r, comps) # Evaluate a component, resolve its implementation and references def evalComponent(comp, comps): diff --git a/sca-cpp/trunk/test/store-cpp/ssl-start b/sca-cpp/trunk/test/store-cpp/ssl-start new file mode 100755 index 0000000000..7ce9e86680 --- /dev/null +++ b/sca-cpp/trunk/test/store-cpp/ssl-start @@ -0,0 +1,34 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +../../modules/http/httpd-ca-conf tmp +../../modules/http/httpd-cert-conf tmp +../../modules/http/httpd-conf tmp 8090 htdocs +../../modules/http/httpd-ssl-conf tmp 8090 +../../modules/server/server-conf tmp +../../modules/server/cpp-conf tmp +cat >>tmp/conf/httpd.conf <<EOF +# Configure SCA Composite +SCAContribution `pwd`/ +SCAComposite store.composite + +EOF + +../../components/cache/memcached-start +../../modules/http/httpd-start tmp diff --git a/sca-cpp/trunk/test/store-cpp/start b/sca-cpp/trunk/test/store-cpp/start index 3c1da356e6..4760dccbc3 100755 --- a/sca-cpp/trunk/test/store-cpp/start +++ b/sca-cpp/trunk/test/store-cpp/start @@ -21,8 +21,10 @@ ../../modules/server/server-conf tmp ../../modules/server/cpp-conf tmp cat >>tmp/conf/httpd.conf <<EOF +# Configure SCA Composite SCAContribution `pwd`/ SCAComposite store.composite + EOF ../../components/cache/memcached-start diff --git a/sca-cpp/trunk/test/store-java/ssl-start b/sca-cpp/trunk/test/store-java/ssl-start new file mode 100755 index 0000000000..314210359c --- /dev/null +++ b/sca-cpp/trunk/test/store-java/ssl-start @@ -0,0 +1,36 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +../../modules/http/httpd-ca-conf tmp +../../modules/http/httpd-cert-conf tmp +../../modules/http/httpd-conf tmp 8090 htdocs +../../modules/http/httpd-ssl-conf tmp 8090 +../../modules/server/server-conf tmp +../../modules/java/java-conf tmp +cat >>tmp/conf/httpd.conf <<EOF +# Configure SCA Composite +SCAContribution `pwd`/ +SCAComposite store.composite + +EOF + +export CLASSPATH=`pwd`/../../modules/java/libmod-tuscany-java-1.0.jar:`pwd` + +../../components/cache/memcached-start +../../modules/http/httpd-start tmp diff --git a/sca-cpp/trunk/test/store-java/start b/sca-cpp/trunk/test/store-java/start index ae2743178a..7f5823ed66 100755 --- a/sca-cpp/trunk/test/store-java/start +++ b/sca-cpp/trunk/test/store-java/start @@ -21,8 +21,10 @@ ../../modules/server/server-conf tmp ../../modules/java/java-conf tmp cat >>tmp/conf/httpd.conf <<EOF +# Configure SCA Composite SCAContribution `pwd`/ SCAComposite store.composite + EOF export CLASSPATH=`pwd`/../../modules/java/libmod-tuscany-java-1.0.jar:`pwd` diff --git a/sca-cpp/trunk/test/store-python/ssl-start b/sca-cpp/trunk/test/store-python/ssl-start new file mode 100755 index 0000000000..c240e58d09 --- /dev/null +++ b/sca-cpp/trunk/test/store-python/ssl-start @@ -0,0 +1,34 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +../../modules/http/httpd-ca-conf tmp +../../modules/http/httpd-cert-conf tmp +../../modules/http/httpd-conf tmp 8090 htdocs +../../modules/http/httpd-ssl-conf tmp 8090 +../../modules/server/server-conf tmp +../../modules/python/python-conf tmp +cat >>tmp/conf/httpd.conf <<EOF +# Configure SCA Composite +SCAContribution `pwd`/ +SCAComposite store.composite + +EOF + +../../components/cache/memcached-start +../../modules/http/httpd-start tmp diff --git a/sca-cpp/trunk/test/store-python/start b/sca-cpp/trunk/test/store-python/start index 93e1dbe755..2874d5c3e6 100755 --- a/sca-cpp/trunk/test/store-python/start +++ b/sca-cpp/trunk/test/store-python/start @@ -21,8 +21,10 @@ ../../modules/server/server-conf tmp ../../modules/python/python-conf tmp cat >>tmp/conf/httpd.conf <<EOF +# Configure SCA Composite SCAContribution `pwd`/ SCAComposite store.composite + EOF ../../components/cache/memcached-start diff --git a/sca-cpp/trunk/test/store-scheme/ssl-start b/sca-cpp/trunk/test/store-scheme/ssl-start new file mode 100755 index 0000000000..3d96c3b257 --- /dev/null +++ b/sca-cpp/trunk/test/store-scheme/ssl-start @@ -0,0 +1,34 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +../../modules/http/httpd-ca-conf tmp +../../modules/http/httpd-cert-conf tmp +../../modules/http/httpd-conf tmp 8090 htdocs +../../modules/http/httpd-ssl-conf tmp 8090 +../../modules/server/server-conf tmp +../../modules/server/scheme-conf tmp +cat >>tmp/conf/httpd.conf <<EOF +# Configure SCA Composite +SCAContribution `pwd`/ +SCAComposite store.composite + +EOF + +../../components/cache/memcached-start +../../modules/http/httpd-start tmp diff --git a/sca-cpp/trunk/test/store-scheme/start b/sca-cpp/trunk/test/store-scheme/start index db8e19c4cc..51c74fbea3 100755 --- a/sca-cpp/trunk/test/store-scheme/start +++ b/sca-cpp/trunk/test/store-scheme/start @@ -21,8 +21,10 @@ ../../modules/server/server-conf tmp ../../modules/server/scheme-conf tmp cat >>tmp/conf/httpd.conf <<EOF +# Configure SCA Composite SCAContribution `pwd`/ SCAComposite store.composite + EOF ../../components/cache/memcached-start diff --git a/sca-cpp/trunk/test/store-wsgi/app.yaml b/sca-cpp/trunk/test/store-wsgi/app.yaml index 1e2dc05547..e5807c233a 100644 --- a/sca-cpp/trunk/test/store-wsgi/app.yaml +++ b/sca-cpp/trunk/test/store-wsgi/app.yaml @@ -44,7 +44,9 @@ handlers: - url: /(.*\.(html|png))
static_files: htdocs/\1
upload: htdocs/(.*\.(html|png))
+ secure: always
- url: /.*
script: composite.py
+ secure: always
diff --git a/sca-cpp/trunk/test/store-wsgi/domain-frontend.composite b/sca-cpp/trunk/test/store-wsgi/domain-frontend.composite index ca2472d40a..a183c84a76 100644 --- a/sca-cpp/trunk/test/store-wsgi/domain-frontend.composite +++ b/sca-cpp/trunk/test/store-wsgi/domain-frontend.composite @@ -28,13 +28,13 @@ <t:binding.http uri="store"/> </service> <reference name="catalog"> - <t:binding.http uri="http://sca-store-backend/catalog"/> + <t:binding.http uri="https://sca-store-backend.appspot.com/catalog"/> </reference> <reference name="shoppingCart"> - <t:binding.http uri="http://sca-store-backend/shoppingCart"/> + <t:binding.http uri="https://sca-store-backend.appspot.com/shoppingCart"/> </reference> <reference name="shoppingTotal"> - <t:binding.http uri="http://sca-store-backend/shoppingCart"/> + <t:binding.http uri="https://sca-store-backend.appspot.com/shoppingCart"/> </reference> </component> @@ -56,7 +56,7 @@ <t:binding.jsonrpc uri="total"/> </service> <reference name="cache"> - <t:binding.http uri="http://sca-store-backend.appspot.com/cache"/> + <t:binding.http uri="https://sca-store-backend.appspot.com/cache"/> </reference> </component> |