More changes to get both single and mass dynamic virtual hosting working with HTTP and HTTPS.

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@961589 13f79535-47bb-0310-9956-ffa450edef68

6 files changed, 105 insertions, 26 deletions

diff --git a/sca-cpp/trunk/modules/http/Makefile.am b/sca-cpp/trunk/modules/http/Makefile.am
index 795137b6ca..f25ef170c9 100644
--- a/sca-cpp/trunk/modules/http/Makefile.am
+++ b/sca-cpp/trunk/modules/http/Makefile.am
@@ -20,7 +20,7 @@ INCLUDES = -I${HTTPD_INCLUDE}
 incl_HEADERS = *.hpp
 incldir = $(prefix)/include/modules/http
 
-dist_mod_SCRIPTS = httpd-conf httpd-start httpd-stop httpd-restart httpd-ca-conf httpd-cert-conf httpd-ssl-conf
+dist_mod_SCRIPTS = httpd-conf httpd-start httpd-stop httpd-restart ssl-ca-conf ssl-cert-conf httpd-ssl-conf
 moddir=$(prefix)/modules/http
 
 curl_test_SOURCES = curl-test.cpp
diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf
index a6ba048f67..70c0b295af 100755
--- a/sca-cpp/trunk/modules/http/httpd-conf
+++ b/sca-cpp/trunk/modules/http/httpd-conf
@@ -30,13 +30,7 @@ htdocs=`readlink -f $4`
 user=`id -un`
 group=`id -gn`
 modules_prefix=`cat $here/httpd-modules.prefix`
-if [ "$5" = "vhost" ]; then
-    vhost="VirtualDocumentRoot $htdocs/domains/%1/"
-    maxr="MaxRequestsPerChild 1"
-else
-    vhost="#VirtualDocumentRoot $htdocs/domains/%1/"
-    maxr="#MaxRequestsPerChild 1"
-fi
+vhost=$5
 
 mkdir -p $root
 mkdir -p $root/logs
@@ -123,19 +117,34 @@ Options FollowSymLinks
 Allow from all
 </Location>
 
-# Setup HTTP virtual host
+# Setup HTTP virtual hosts
 Listen $port
-<VirtualHost _default_:$port>
+
+<VirtualHost *:$port>
 ServerName http://$host:$pport
 UseCanonicalName Off
-UseCanonicalPhysicalPort Off
+</VirtualHost>
+
+EOF
 
+# Generate mass dynamic virtual hosting configuration
+if [ "$vhost" = "vhost" ]; then
+
+cat >>$root/conf/httpd.conf <<EOF
 # Setup mass dynamic virtual hosting
-$vhost
+NameVirtualHost *:$port
+
+<VirtualHost *:$port>
+ServerName http://vhost.$host:$pport
+ServerAlias *.$host
+UseCanonicalName Off
+VirtualDocumentRoot $htdocs/domains/%1/
 </VirtualHost>
 
-# Isolate dynamic virtual hosts
-$maxr
+# Isolate virtual host based requests
+MaxRequestsPerChild 1
 
 EOF
 
+fi
+
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf
index 04ca61dba0..f6082dea14 100755
--- a/sca-cpp/trunk/modules/http/httpd-ssl-conf
+++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf
@@ -28,6 +28,7 @@ if [ "$sslpport" = "" ]; then
 fi
 htdocs=`readlink -f $4`
 httpd_prefix=`cat $here/httpd.prefix`
+vhost=$5
 
 # Extract organization name from our CA certificate
 org=`openssl x509 -noout -subject -nameopt multiline -in $root/conf/ca.crt | grep organizationName | awk -F "= " '{ print $2 }'`
@@ -51,19 +52,31 @@ SSLMutex "file:$root/logs/ssl_mutex"
 SSLRandomSeed startup builtin
 SSLRandomSeed connect builtin
 
-# HTTPS virtual host
+# Setup HTTPS virtual hosts
 Listen $sslport
-<VirtualHost _default_:$sslport>
+
+SSLCACertificateFile "$root/conf/ca.crt"
+SSLCertificateFile "$root/conf/server.crt"
+SSLCertificateKeyFile "$root/conf/server.key"
+
+<VirtualHost *:$sslport>
 ServerName https://$host:$sslpport
 UseCanonicalName Off
-UseCanonicalPhysicalPort Off
 
 # Enable SSL
+Include conf/ssl-vhost.conf
+</VirtualHost>
+
+# Route all wiring through HTTPS
+SCAWiringServerName https://$host:$sslpport
+
+EOF
+
+# Generate VirtualHost SSL configuration
+cat >$root/conf/ssl-vhost.conf <<EOF
+# Enable SSL
 SSLEngine on
 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-SSLCACertificateFile "$root/conf/ca.crt"
-SSLCertificateFile "$root/conf/server.crt"
-SSLCertificateKeyFile "$root/conf/server.key"
 BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
 
 # Logging
@@ -88,12 +101,35 @@ AuthType Basic
 AuthName "$host"
 AuthUserFile "$root/conf/httpd.passwd"
 Require valid-user
-</location>
+</Location>
+
+EOF
+
+# Generate mass dynamic virtual hosting configuration
+if [ "$vhost" = "vhost" ]; then
+
+cat >>$root/conf/httpd.conf <<EOF
+# Setup mass dynamic virtual hosting
+NameVirtualHost *:$sslport
+SSLStrictSNIVHostCheck Off
 
+<VirtualHost *:$sslport>
+ServerName https://vhost.$host:$sslpport
+ServerAlias *.$host
+UseCanonicalName Off
+VirtualDocumentRoot $htdocs/domains/%1/
+
+# Enable SSL
+SSLCACertificateFile "$root/conf/ca.crt"
+SSLCertificateFile "$root/conf/vhost.crt"
+SSLCertificateKeyFile "$root/conf/vhost.key"
+Include conf/ssl-vhost.conf
 </VirtualHost>
 
 EOF
 
+fi
+
 # Create test users for HTTP basic authentication
 $httpd_prefix/bin/htpasswd -bc $root/conf/httpd.passwd test test 2>/dev/null
 $httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
diff --git a/sca-cpp/trunk/modules/http/httpd.hpp b/sca-cpp/trunk/modules/http/httpd.hpp
index bd4f6e8ada..05403a5897 100644
--- a/sca-cpp/trunk/modules/http/httpd.hpp
+++ b/sca-cpp/trunk/modules/http/httpd.hpp
@@ -100,6 +100,35 @@ const string serverName(request_rec* r) {
 }
 
 /**
+ * Return the host name for a server.
+ */
+const string hostName(const server_rec* s) {
+    return s->server_hostname != NULL? s->server_hostname : "localhost";
+}
+
+/**
+ * Return the host name from an HTTP request.
+ */
+const string hostName(request_rec* r) {
+    const char* hn = ap_get_server_name(r);
+    return hn != NULL? hn : (r->server->server_hostname != NULL? r->server->server_hostname : "localhost");
+}
+
+/**
+ * Return the first subdomain name in a host name.
+ */
+const string subdomain(const string& host) {
+    return substr(host, 0, find(host, '.'));
+}
+
+/**
+ * Return true if a request is targeting a virtual host.
+ */
+const bool isVirtualHostRequest(const server_rec* s, request_rec* r) {
+    return serverName(r) != serverName(s);
+}
+
+/**
  * Return the content type of a request.
  */
 const char* optional(const char* s) {
diff --git a/sca-cpp/trunk/modules/http/httpd-ca-conf b/sca-cpp/trunk/modules/http/ssl-ca-conf
index c5a3f8e894..c5a3f8e894 100755
--- a/sca-cpp/trunk/modules/http/httpd-ca-conf
+++ b/sca-cpp/trunk/modules/http/ssl-ca-conf
diff --git a/sca-cpp/trunk/modules/http/httpd-cert-conf b/sca-cpp/trunk/modules/http/ssl-cert-conf
index b6dc8ebd6f..a7a1103d1a 100755
--- a/sca-cpp/trunk/modules/http/httpd-cert-conf
+++ b/sca-cpp/trunk/modules/http/ssl-cert-conf
@@ -21,16 +21,21 @@
 here=`readlink -f $0`; here=`dirname $here`
 root=`readlink -f $1`
 host=$2
+if [ "$3" != "" ]; then
+    certname=$3
+else
+    certname="server"
+fi
 
 # Don't regenerate the certificate if it already exists
-if [ -f $root/conf/server.crt ]; then
+if [ -f $root/conf/$certname.crt ]; then
     return 0
 fi
 
 # Generate openssl configuration
 mkdir -p $root/conf
 umask 0007
-cat >$root/conf/openssl-cert.conf <<EOF
+cat >$root/conf/openssl-cert-$certname.conf <<EOF
 [ req ]
 default_bits = 1024
 encrypt_key = no
@@ -48,11 +53,11 @@ emailAddress = root@$host
 EOF
 
 # Generate a certificate request
-openssl req -new -config $root/conf/openssl-cert.conf -out $root/conf/server-req.crt -keyout $root/conf/server.key
+openssl req -new -config $root/conf/openssl-cert-$certname.conf -out $root/conf/$certname-req.crt -keyout $root/conf/$certname.key
 
 # Generate a certificate, signed with our test certification authority certificate
-openssl ca -batch -config $root/conf/openssl-ca.conf -out $root/conf/server.crt -infiles $root/conf/server-req.crt
+openssl ca -batch -config $root/conf/openssl-ca.conf -out $root/conf/$certname.crt -infiles $root/conf/$certname-req.crt
 
 # Export it to PKCS12 format, that's the format Web browsers want to import
-openssl pkcs12 -export -passout pass: -out $root/conf/server.p12 -inkey $root/conf/server.key -in $root/conf/server.crt -certfile $root/conf/ca.crt
+openssl pkcs12 -export -passout pass: -out $root/conf/$certname.p12 -inkey $root/conf/$certname.key -in $root/conf/$certname.crt -certfile $root/conf/ca.crt