| #!/usr/bin/env python3 |
| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| |
| import optparse |
| import signal |
| import sys |
| import os |
| |
| from cproton import pn_sasl_config_path |
| from proton import Array, Data, symbol, UNDESCRIBED |
| from proton.handlers import MessagingHandler |
| from proton.reactor import Container |
| from proton import SSLDomain |
| |
| import system_test |
| |
| |
| class AuthService(MessagingHandler): |
| def __init__(self, address): |
| super(AuthService, self).__init__() |
| self.address = address |
| self.permissions = {} |
| self.allow('admin', '*', ['send', 'recv']) |
| self.allow('guest', 'foo', ['send', 'recv']) |
| self.listener = None |
| self.tmo = 0.1 # seconds |
| self.stop_req = False |
| self.acceptor = None |
| self.ssl_domain = SSLDomain(SSLDomain.MODE_SERVER) |
| self.ssl_domain.set_credentials(self.ssl_file('server-certificate.pem'), |
| self.ssl_file('server-private-key.pem'), |
| password="server-password") |
| self.ssl_domain.set_trusted_ca_db(self.ssl_file('ca-certificate.pem')) |
| |
| def ssl_file(self, name): |
| return os.path.join(system_test.DIR, 'ssl_certs', name) |
| |
| def allow(self, user, address, permissions): |
| if not self.permissions.get(user): |
| self.permissions[user] = {} |
| self.permissions[user][address] = Array(UNDESCRIBED, Data.STRING, *permissions) |
| |
| def on_start(self, event): |
| self.listener = event.container.listen(self.address, ssl_domain=self.ssl_domain) |
| event.container.schedule(self.tmo, self) |
| |
| def stop(self): |
| self.stop_req = True |
| |
| def on_connection_opening(self, event): |
| if self.permissions.get(event.transport.user): |
| event.connection.properties = { |
| symbol('authenticated-identity'): "%s" % event.transport.user, |
| symbol('address-authz'): self.permissions[event.transport.user] |
| } |
| else: |
| event.connection.properties = { |
| symbol('authenticated-identity'): "%s" % event.transport.user, |
| symbol('address-authz'): {} |
| } |
| |
| def on_timer_task(self, event): |
| if self.stop_req: |
| if self.listener: |
| self.listener.close() |
| else: |
| sys.exit(0) |
| else: |
| event.reactor.schedule(self.tmo, self) |
| |
| |
| parser = optparse.OptionParser(usage="usage: %prog [options]", |
| description="test authentication and authorization service") |
| parser.add_option("-a", "--address", default="localhost:55671", |
| help="address to listen on (default %default)") |
| parser.add_option("-c", "--config", help="sasl config path") |
| opts, args = parser.parse_args() |
| |
| print('starting') |
| if opts.config: |
| pn_sasl_config_path(None, opts.config) |
| print('set sasl config path to %s' % opts.config) |
| |
| handler = AuthService(opts.address) |
| |
| |
| def sigterm_handler(_signo, _stack_frame): |
| handler.stop() |
| |
| |
| signal.signal(signal.SIGTERM, sigterm_handler) |
| |
| Container(handler).run() |
