SESPRINGPYTHONPY-155: Updated documentation to match the simplified API.

Dariusz Suchojad · Dariusz Suchojad · commit 04b3b0745989 · 2010-09-18T16:42:39.000+02:00
diff --git a/docs/sphinx/source/remoting.rst b/docs/sphinx/source/remoting.rst
@@ -34,9 +34,6 @@ Spring Python currently supports and requires the installation of at least one o
 * `Hessian <http://hessian.caucho.com/>`_ - support for Hessian has just started. So far, you can call
   Python-to-Java based on libraries released from Caucho.
 
-* :ref:`Secure XML-RPC <remoting-secure-xml-rpc>` needs the installation of
-  `PyOpenSSL <http://pypi.python.org/pypi/pyOpenSSL>`_
-
 Remoting with PYRO (Python Remote Objects)
 ------------------------------------------
 
@@ -478,9 +475,9 @@ implemented in other languages and technologies.
 To aid with better understanding of how the components work out of the box,
 you can download :ref:`sample keys and certificates <remoting-secure-xml-rpc-sample-keys-and-certificates>`
 prepared by the Spring Python team.
-Be sure **not** to ever use it for anything serious outside your testing environment,
-they are working and functional but because of private keys being available for
-download they should **only** be used for learning of how Spring Python's
+Be sure not to ever use the sample keys & certificates for anything serious outside your
+testing environment, they are working and functional but because of private keys being available for
+download they should only be used for learning of how Spring Python's
 secure XML-RPC works.
 
 Encrypted connection only
@@ -505,9 +502,9 @@ one of CAs the client is aware of::
   # -*- coding: utf-8 -*-
 
   # Spring Python
-  from springpython.remoting.xmlrpc import SSLXMLRPCServer
+  from springpython.remoting.xmlrpc import SSLServer
 
-  class MySSLServer(SSLXMLRPCServer):
+  class MySSLServer(SSLServer):
       def __init__(self, *args, **kwargs):
           super(MySSLServer, self).__init__(*args, **kwargs)
 
@@ -516,23 +513,26 @@ one of CAs the client is aware of::
 
   host = "localhost"
   port = 8000
-  key = "./server-key.pem"
-  cert = "./server-cert.pem"
+  keyfile = "./server-key.pem"
+  certfile = "./server-cert.pem"
 
-  server = MySSLServer(host, port, key, cert, verify_depth=2)
+  server = MySSLServer(host, port, keyfile, certfile)
   server.serve_forever()
 
 ::
 
   # -*- coding: utf-8 -*-
 
+  # stdlib
+  import ssl
+
   # Spring Python
-  from springpython.remoting.xmlrpc import SSLXMLRPCClient
+  from springpython.remoting.xmlrpc import SSLClient
 
   server_location = "https://localhost:8000/RPC2"
   ca_certs = "./ca-chain.pem"
 
-  client = SSLXMLRPCClient(server_location, ca_certs=ca_certs)
+  client = SSLClient(server_location, ca_certs)
 
   print client.pow(41, 3)
 
@@ -549,13 +549,13 @@ known to the client::
 
   # -*- coding: utf-8 -*-
 
-  # Spring Python
-  from springpython.remoting.xmlrpc import SSLXMLRPCServer
+  # stdlib
+  import ssl
 
-  # PyOpenSSL
-  from OpenSSL import SSL
+  # Spring Python
+  from springpython.remoting.xmlrpc import SSLServer
 
-  class MySSLServer(SSLXMLRPCServer):
+  class MySSLServer(SSLServer):
       def __init__(self, *args, **kwargs):
           super(MySSLServer, self).__init__(*args, **kwargs)
 
@@ -564,27 +564,26 @@ known to the client::
 
   host = "localhost"
   port = 8000
-  key = "./server-key.pem"
-  cert = "./server-cert.pem"
+  keyfile = "./server-key.pem"
+  certfile = "./server-cert.pem"
   ca_certs = "./ca-chain.pem"
 
-  server = MySSLServer(host, port, key, cert, ca_certs, verify_options=SSL.VERIFY_PEER|SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
-                        verify_depth=2)
+  server = MySSLServer(host, port, keyfile, certfile, ca_certs, cert_reqs=ssl.CERT_REQUIRED)
   server.serve_forever()
 
 ::
 
   # -*- coding: utf-8 -*-
 
   # Spring Python
-  from springpython.remoting.xmlrpc import SSLXMLRPCClient
+  from springpython.remoting.xmlrpc import SSLClient
 
   server_location = "https://localhost:8000/RPC2"
-  key = "./client-key.pem"
-  cert = "./client-cert.pem"
+  keyfile = "./client-key.pem"
+  certfile = "./client-cert.pem"
   ca_certs = "./ca-chain.pem"
 
-  client = SSLXMLRPCClient(server_location, key_file=key, cert_file=cert, ca_certs=ca_certs)
+  client = SSLClient(server_location, ca_certs, keyfile, certfile)
 
   print client.pow(41, 3)
 
@@ -596,22 +595,23 @@ Server requires the client to have a certificate and checks its fields
 
 Same as above (both sides need to have certificates signed off by trusted CAs)
 but this time the server inspects the client certificate’s fields and lets it
-in only they match the configuration it was fed with. In the example below
-*commonName* must be *Client*, *Organization* must be *The Sample Company* and the
-*State* must be *New York*. Server checks for both their existance and value and
-if there’s any mismatch the connection won’t be established in which case the
-error reason will be logged on the server side but no details of the error
+in only if they match the configuration it was fed with. In the example below
+*commonName* must be *My Client*, *organizationName* must be *My Company* and the
+*stateOrProvinceName* must be *My State*. Server checks for both their existance and value and
+if there’s any mismatch the connection will be dropped (client will receive a socket
+error) and the error reason will be logged on the server side but no details of the error
 will be leaked to the client::
 
   # -*- coding: utf-8 -*-
 
-  # Spring Python
-  from springpython.remoting.xmlrpc import SSLXMLRPCServer
+  # stdlib
+  import logging
+  import ssl
 
-  # PyOpenSSL
-  from OpenSSL import SSL
+  # Spring Python
+  from springpython.remoting.xmlrpc import SSLServer
 
-  class MySSLServer(SSLXMLRPCServer):
+  class MySSLServer(SSLServer):
       def __init__(self, *args, **kwargs):
           super(MySSLServer, self).__init__(*args, **kwargs)
 
@@ -620,32 +620,31 @@ will be leaked to the client::
 
   host = "localhost"
   port = 8000
-  key = "./server-key.pem"
-  cert = "./server-cert.pem"
-  ca = "./ca-chain.pem"
+  keyfile = "./server-key.pem"
+  certfile = "./server-cert.pem"
+  ca_certs = "./ca-chain.pem"
+  verify_fields = {"commonName": "My Client", "organizationName":"My Company",
+                   "stateOrProvinceName":"My State"}
 
-  verify_fields = {"CN": "Client", "O":"The Sample Company", "ST":"New York"}
+  logging.basicConfig(level=logging.ERROR)
 
-  server = MySSLServer(host, port, key, cert, ca, verify_options=SSL.VERIFY_PEER|SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
-                       verify_fields=verify_fields, verify_depth=2)
+  server = MySSLServer(host, port, keyfile, certfile, ca_certs, cert_reqs=ssl.CERT_REQUIRED,
+                       verify_fields=verify_fields)
   server.serve_forever()
 
 ::
 
   # -*- coding: utf-8 -*-
 
   # Spring Python
-  from springpython.remoting.xmlrpc import SSLXMLRPCClient
+  from springpython.remoting.xmlrpc import SSLClient
 
   server_location = "https://localhost:8000/RPC2"
-  key = "./client-key.pem"
-
-  # Make sure the commonName is set to what the server requires.
-  cert = "./client-cert.pem"
-
+  keyfile = "./client-key.pem"
+  certfile = "./client-cert.pem"
   ca_certs = "./ca-chain.pem"
 
-  client = SSLXMLRPCClient(server_location, key_file=key, cert_file=cert, ca_certs=ca_certs)
+  client = SSLClient(server_location, ca_certs, keyfile, certfile)
 
   print client.pow(41, 3)
 
diff --git a/src/springpython/remoting/xmlrpc.py b/src/springpython/remoting/xmlrpc.py
@@ -33,16 +33,16 @@ def setup(self):
         self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)
 
 class SSLServer(object, SimpleXMLRPCServer):
-    def __init__(self, host=None, port=None, ca_certs=None, keyfile=None, certfile=None,
-                 cert_reqs=ssl.CERT_OPTIONAL, ssl_version=ssl.PROTOCOL_TLSv1,
+    def __init__(self, host=None, port=None, keyfile=None, certfile=None,
+                 ca_certs=None, cert_reqs=ssl.CERT_NONE, ssl_version=ssl.PROTOCOL_TLSv1,
                  do_handshake_on_connect=True, suppress_ragged_eofs=True, ciphers=None, **kwargs):
 
         SimpleXMLRPCServer.__init__(self, (host, port), requestHandler=RequestHandler)
         self.logger = logging.getLogger(self.__class__.__name__)
 
-        self.ca_certs = ca_certs
         self.keyfile = keyfile
         self.certfile = certfile
+        self.ca_certs = ca_certs
         self.cert_reqs = cert_reqs
         self.ssl_version = ssl_version
         self.do_handshake_on_connect = do_handshake_on_connect
@@ -56,7 +56,7 @@ def __init__(self, host=None, port=None, ca_certs=None, keyfile=None, certfile=N
         self.register_functions()
 
     def get_request(self):
-        """ Overridden from Socket.TCPServer.get_request, wraps the socket in
+        """ Overridden from SocketServer.TCPServer.get_request, wraps the socket in
         an SSL context.
         """
         sock, from_addr = self.socket.accept()
@@ -76,7 +76,7 @@ def get_request(self):
         return sock, from_addr
 
     def verify_request(self, sock, from_addr):
-        """ Overridden from Socket.TCPServer.verify_request, adds validation of the
+        """ Overridden from SocketServer.TCPServer.verify_request, adds validation of the
         other side's certificate fields.
         """
         try:
@@ -136,8 +136,8 @@ def verify_peer(self, cert):
                 return False, reason
 
             if expected_value != cert_value:
-                reason = "Expected the subject field '%s' to have value '%s' instead of '%s'" % (
-                    verify_field, expected_value, subject)
+                reason = "Expected the subject field '%s' to have value '%s' instead of '%s', subject='%s'" % (
+                    verify_field, expected_value, cert_value, subject)
                 return False, reason
 
         return True, None
