def __init__(self, bind_host, bind_port, dispatcher,
tls_pem_file=None, tls_clientverify_file=None):
"""
Initializes a new CommissaireHttpServer instance.
:param bind_host: Host adapter to listen on.
:type bind_host: str
:param bind_port: Host port to listen on.
:type bind_port: int
:param dispatcher: Dispatcher instance (WSGI) to route and respond.
:type dispatcher: commissaire_http.dispatcher.Dispatcher
:param tls_pem_file: Full path to the PEM file for TLS.
:type tls_pem_file: str
:param tls_clientverify_file: Full path to CA to verify certs.
:type tls_clientverify_file: str
"""
self._bind_host = bind_host
self._bind_port = bind_port
self._tls_pem_file = tls_pem_file
self._tls_clientverify_file = tls_clientverify_file
self.dispatcher = dispatcher
self._httpd = make_server(
self._bind_host,
self._bind_port,
RoutesMiddleware(
self.dispatcher.dispatch,
self.dispatcher.router),
server_class=ThreadedWSGIServer,
handler_class=CommissaireRequestHandler)
# If we are given a PEM file then wrap the socket
if tls_pem_file:
import ssl
client_side_cert_kwargs = {}
if self._tls_clientverify_file:
client_side_cert_kwargs = {
'cert_reqs': ssl.CERT_REQUIRED,
'ca_certs': self._tls_clientverify_file,
}
self.logger.info(
'Requiring client side certificate CA validation.')
self._httpd.socket = ssl.wrap_socket(
self._httpd.socket,
certfile=self._tls_pem_file,
ssl_version=ssl.PROTOCOL_TLSv1_2,
server_side=True,
**client_side_cert_kwargs)
self.logger.info('Using TLS with %s', self._tls_pem_file)
self.logger.debug(
'Created httpd server: %s:%s', self._bind_host, self._bind_port)
评论列表
文章目录
