Context Navigation

Punc

Timestamp:

04/25/08 23:49:01 (7 months ago)

Author:

mizzy

Message:

SSLクライアント認証に対応した。これで同一のCAから発行された証明書を提示したリクエストのみ、puncdは処理をする。

Location:

lang/perl/Punc/trunk

Files:

r10103	r10463
16	16
17	17	for (@$res) {
18		if ( $method eq 'description' ) {
	18	if ( $method eq 'description' \|\| $method eq 'desc' ) {
19	19	print $_->{response}->{result};
20	20	}

r8509	r10463
7	7	use Punc::Client::Request;
8	8	use UNIVERSAL::require;
	9	use FindBin;
9	10
10	11	sub new {
11	12	my ( $class, $target ) = @_;
12	13
	14	### TODO: confdir のデフォルト値を変更
13	15	## TODO: $target から対象ホストをリストアップ
14	16
15		bless { hosts => [ $target ] }, $class;
	17	bless {
	18	hosts => [ $target ],
	19	confdir => "$FindBin::Bin/../etc",
	20	}, $class;
16	21	}
17	22
…	…
23	28
24	29	return Punc::Client::Request->new({
25		hosts => $self->{hosts},
26		module => $module,
	30	confdir => $self->{confdir},
	31	hosts => $self->{hosts},
	32	module => $module,
27	33	});
28	34	}

r10103	r10463
6	6	use JSON::RPC::Client;
7	7	use Punc::Client::Response;
	8	use File::Spec;
	9
8	10	our $AUTOLOAD;
9	11
10	12	sub new {
11	13	my ( $class, $args ) = @_;
	14
	15	$ENV{HTTPS_VERSION} = 3;
	16	$ENV{HTTPS_CERT_FILE} = File::Spec->catfile(
	17	$args->{confdir}, 'ssl', 'ca', 'ca.cert'
	18	);
	19	$ENV{HTTPS_KEY_FILE} = File::Spec->catfile(
	20	$args->{confdir}, 'ssl', 'ca', 'ca.key'
	21	);
	22
	23	$args->{client} = JSON::RPC::Client->new;
	24
12	25	bless $args, $class;
13	26	}
…	…
18	31	my $response = Punc::Client::Response->new;
19	32	for my $host ( @{ $self->{hosts} } ) {
20		my $client = new JSON::RPC::Client;
	33
21	34	my $url = "https://$host:7080/$self->{module}";
22	35	my $callobj = {
…	…
25	38	};
26	39
27		my $res = $~~client~~->call($url, $callobj);
	40	my $res = $self->{client}->call($url, $callobj);
28	41
29	42	if( $res ) {

r10154	r10463
21	21	sub run {
22	22	my $self = shift;
	23
	24	my $ssl_verify_mode = ref $self eq 'Punc::Master::Daemon' ? 0x00 : 0x07;
	25
23	26	my $d = HTTP::Daemon::SSL->new(
24		LocalPort => $self->{port},
25		ReuseAddr => 1,
26		SSL_key_file => $self->{ssl_key},
27		SSL_cert_file => $self->{ssl_cert},
28		SSL_ca_file => $self->{ca_cert} \|\| '',
	27	LocalPort => $self->{port},
	28	ReuseAddr => 1,
	29	SSL_key_file => $self->{ssl_key},
	30	SSL_cert_file => $self->{ssl_cert},
	31	SSL_ca_file => $self->{ca_cert} \|\| '',
	32	SSL_verify_mode => $ssl_verify_mode,
29	33	) \|\| die $!;
30	34

r10154	r10463
22	22	$self->{ssl_cert} = File::Spec->catfile($self->{certdir}, "${fqdn}.cert");
23	23	$self->{ca_cert} = File::Spec->catfile($self->{certdir}, 'ca.cert');
24
25	24	return $self;
26	25	}
…	…
97	96
98	97	my $res;
99		if ( $method eq 'description' ) {
	98	if ( $method eq 'description' \|\| $method eq 'desc' ) {
100	99	$res = $module->description;
101	100	}

r8565	r10463
5	5	use base qw( Punc::Slave::Module::Service );
6	6
	7	### TODO: もっと簡単に定義できないか考える
	8	### default_for { operatingsystem => [ qw/ redhat fedora centos / ] } とか
	9	### use Punc::Slave::Module::Service { operatingsystem => [ qw / fedora / ] } とか
7	10	sub default_for {
8	11	return { 'operatingsystem' => [ 'redhat', 'fedora', 'centos' ] }