Navigation

← Previous Changeset
Next Changeset →

Changeset 451

Timestamp:

02/16/07 14:46:54 (2 years ago)

Author:

sacha

Message:

added first part of SSL support.
client and server side still hard coded parts.

Files:

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branches/branch-https-dev/src/hefeweizen_library_b2b_system.rb

r350	r451
82	82	end
83	83
	84	# passing all hard tasks to the business logic manager.
	85	# returns:
	86	# 1. boolean whether the command was processed
	87	# 2. the command to send to ania, if there is a command, otherwise nil
	88	def process_command transaction, command, command_hash
	89	return @business_logic_manager.process_command( transaction, command, command_hash )
	90	end
	91
84	92	# This method can be used to check if the B2B system is ready to be started.
85	93	def ready?
…	…
155	163	end
156	164
157		~~def reload_parameters~~
158		~~temp = @parameters~~
159		~~@parameters = Hash.new~~
160		~~result = load_parameters~~
161		~~if result.nil? then~~
162		~~@logger.warn "#{me}: Error loading configuration. Keeping old parameters."~~
163		~~@parameters = temp~~
164		~~return false~~
165		~~else~~
166		~~@logger.info "#{me}: Successfully reloaded parameters of B2B system #{@system_name}."~~
167		~~temp = nil~~
168		~~return true~~
169		~~end~~
170		~~end~~
171
172	165	def get_certificates_directory
173	166	@certs_dir
…	…
177	170	hash = Hash.new
178	171	path = "#{@certs_dir}/#{reference}"
179		~~return false, "Reference cannot be found in director '#{@certs_dir}'."~~ unless FileTest.exists? path
180		hash['certificate_file'] = ~~"#{path}/#{system_name}_cacert.pem"~~
181		hash['private_key_file'] = ~~"#{path}/#{system_name}_private_key.pem"~~
182		hash['password_file'] = ~~"#{path}/#{system_name}_private_key.password"~~
	172	(return false, "Reference cannot be found in director '#{@certs_dir}'.") unless FileTest.exists? path
	173	hash['certificate_file'] = Dir.glob("#{path}/#{system_name}*_cacert.pem").first
	174	hash['private_key_file'] = Dir.glob("#{path}/#{system_name}*_private_key.pem").first
	175	hash['password_file'] = Dir.glob("#{path}/#{system_name}*_private_key.password").first
183	176
184	177	hash.each_pair{ \| key, value \|
185		~~return false, "'#{key}' file does not exists in directory '#{@parth}'."~~ unless FileTest.exists? value
	178	(return false, "#{me}: File '#{key}' does not exists in directory '#{path}'.") unless FileTest.exists? value
186	179	}
187	180	return hash
…	…
210	203	end
211	204
	205	private
	206
212	207	# Constructor to create a new B2B system.
213	208	def initialize system_path, big_ania, config
…	…
226	221	@certs_dir = "#{@system_path}/certificates"
227	222
228		require @config['LIB_DIR'].strip + "/hefeweizen_library_cpa"
	223	require @config['LIB_DIR'].strip + "/hefeweizen_library_cpa_manager"
229	224	require @config['LIB_DIR'].strip + "/hefeweizen_library_business_logic"
230	225
…	…
410	405
411	406	# This method reads the B2B system exchange points
412		~~# TODO~~
413		~~# - implementation~~
414	407	def load_exchange_points
415	408	exchange_points_dir = "#{@system_path}/infrastructure/exchange-points"
	409	certs_dir = "#{@system_path}/certificates"
416	410	epoints = Array.new
417	411	if FileTest.exists?(exchange_points_dir) and FileTest.directory?(exchange_points_dir) \
…	…
429	423	conf_files.each{ \| configuration_file \|
430	424	begin
431		epoint = HefeWeizen::HefeWeizenLibrary::ExchangePoint.new(@system_name, configuration_file, @big_ania, @config)
	425	epoint = HefeWeizen::HefeWeizenLibrary::ExchangePoint.new(@system_name, configuration_file, certs_dir, @big_ania, @config)
432	426	epoints << epoint
433	427	rescue Exception => e
…	…
445	439	end
446	440
447		# passing all hard tasks to the business logic manager.
448		# returns:
449		# 1. boolean whether the command was processed
450		# 2. the command to send to ania, if there is a command, otherwise nil
451		def process_command transaction, command, command_hash
452		return @business_logic_manager.process_command( transaction, command, command_hash )
453		end
	441	def reload_parameters
	442	temp = @parameters
	443	@parameters = Hash.new
	444	result = load_parameters
	445	if result.nil? then
	446	@logger.warn "#{me}: Error loading configuration. Keeping old parameters."
	447	@parameters = temp
	448	return false
	449	else
	450	@logger.info "#{me}: Successfully reloaded parameters of B2B system #{@system_name}."
	451	temp = nil
	452	return true
	453	end
	454	end
	455
454	456
455	457	end

branches/branch-https-dev/src/hefeweizen_library_business_logic.rb

r449	r451
465	465	return nil
466	466	end
467
468	467	@logger.debug "#{me}: Successfully read the ebXML message info structure for ebXML message with id #{ebXML_message_id}."
469
	468
	469	# SSL CONFIGURATION
	470	if ebMS_info['info']['transport-protocol-security'] != 'not set' then
	471	@logger.debug "#{me}: Messaging is using a transport protocol scurity protocol '#{ebMS_info['info']['transport-protocol-security-protocol']}'."
	472
	473	# partner certificates
	474	ebMS_info['info']['transport-protocol-security-server-cert-file'] = ""
	475	ebMS_info['info']['transport-protocol-security-server-cas-directory'] = ""
	476
	477	# get one of my certificates
	478	cert_hash = @b2b_system.get_certficates_path_for_reference ebMS_info['info']['transport-protocol-security-client-cert-ref']
	479	if cert_hash == false then
	480	@logger.warn "#{me}: Unable to get client certificate."
	481	return nil
	482	else
	483	ebMS_info['info']['transport-protocol-security-client-cert-file'] = cert_hash['certificate_file']
	484	end
	485
	486	# store updated information
	487	self.store_ebMS_info ebMS_info
	488	end
	489
	490	# DIGITAL SIGNATURE:
470	491	# if ebMS_info['info']['doc-exchange-sender-non-repudiation'] == "CHANGE ME" then
471	492	if ebMS_info['info']['doc-exchange-sender-non-repudiation'] == "set" then
…	…
1391	1412
1392	1413	# Seems like a transport error
1393
1394	1414	message = @transaction.is_resend_transaction? ? "ebXML_message_failed_to_technically_resend" : "ebXML_message_failed_to_technically_send"
1395		if !@command_hash['transfer_info_path'].nil? then
	1415
	1416	if !@command_hash['transfer_info_path'].nil? and FileTest.exists? @command_hash['transfer_info_path'] then
1396	1417	@message_state_manager.send message, ebXML_message_id, File.read( @command_hash['transfer_info_path'] )
1397	1418	else
1398		@message_state_manager.send message,ebXML_message_id, "No transfer information available."
	1419	@message_state_manager.send message,ebXML_message_id, "No transfer information available about failure. This could indicate that the send command had a wrong syntax."
1399	1420	end
1400	1421

branches/branch-https-dev/src/hefeweizen_library_cpa.rb

r447	r451
37	37	module HefeWeizenLibrary
38	38
39		~~# This class manages all CPA's of a B2B system.~~
40
41		~~class CPAManager~~
42
43		~~def initialize party_name, party_ids, config, path_to_agreements~~
44		~~@party_name = party_name~~
45		~~@party_identities = party_ids~~
46		~~@config = config~~
47		~~@cpas_dir = path_to_agreements~~
48		~~@cpas = Hash.new~~
49		~~@logger = @config['LOGGER']~~
50
51		~~end~~
52
53		~~def me~~
54		~~"CPAManager (#{@party_name})"~~
55		~~end~~
56
57		~~# This method loads the CPA's for this B2B system~~
58		~~# and keeps them in memory.~~
59		~~# there is the cpas hash~~
60		~~# Text info:~~
61		~~# a) for each cpa there will be a new hash.~~
62		~~# b) the cpa is added to the cpa key.~~
63		~~# c) each service/action combination is prepared with a hash value and a info hash~~
64		~~# Code info:~~
65		~~# a) cpas[cpa_id] = Hash.new~~
66		~~# b) cpas[cpa_id][cpa] = cpa~~
67		~~# c) cpas[cpa_id]['outgoing'][service_action_hash] = service_action_info :Hash~~
68		~~# cpas[cpa_id]['outgoing'][service_action_hash]['from'] = from party name (not identitiy)~~
69		~~# cpas[cpa_id]['outgoing'][service_action_hash]['to'] = to party name (not identitiy)~~
70		~~# cpas[cpa_id]['outgoing'][service_action_hash]['service'] = service name~~
71		~~# cpas[cpa_id]['outgoing'][service_action_hash]['action'] = action name~~
72		~~# cpas[cpa_id]['outgoing'][service_action_hash] = service_action_info :Hash~~
73		~~# d) cpas[cpa_id]['outgoing'][service_action_hash]['info'] = info structure (includes Business Transactions, messaging Characteristics, Transport etc)~~
74		~~# info structure also includes the from and to~~
75		#
76		~~# \|~~
77		~~# --> the same for 'incoming'~~
78		~~def load_cpas~~
79		~~if FileTest.exists?(@cpas_dir) and FileTest.directory?(@cpas_dir) \~~
80		~~and FileTest.readable?(@cpas_dir) and FileTest.owned?(@cpas_dir) \~~
81		~~and FileTest.executable?(@cpas_dir) then~~
82		~~cpa_files = Dir.glob("#{@cpas_dir}/*.xml")~~
83		~~if cpa_files.nil? or cpa_files.empty? then~~
84		~~@logger.info "#{me}: There are no CPA's installed."~~
85		~~return @cpas~~
86		~~else~~
87		~~@logger.info "#{me}: There are #{cpa_files.size} @cpas installed. Loading each."~~
88		~~cpa_files.each{ \| cpa_filename \|~~
89		~~@logger.info "#{me}: Reading CPA #{cpa_filename}"~~
90		~~cpa = HefeWeizen::HefeWeizenLibrary::CPA.create(cpa_filename, @config)~~
91		~~if cpa.nil? then~~
92		~~@logger.error "#{me}: Error reading CPA (#{cpa_filename})"~~
93		~~return nil~~
94		~~else~~
95		~~if @cpas.has_key? cpa.id then~~
96		~~@logger.error "#{me}: There is already a CPA with id #{cpa.id} loaded."~~
97		~~@logger.error "#{me}: Second CPA with same ID has the filename #{cpa_filename}"~~
98		~~@logger.error "#{me}: Not continuing. Please fix this first."~~
99		~~return nil~~
100		~~else~~
101		~~@cpas[cpa.id] = Hash.new~~
102		~~@cpas[cpa.id]['cpa'] = cpa~~
103		~~begin~~
104		~~result = cpa.setup_all_ebMS_header_infos cpa.id, @party_name, @party_identities~~
105		~~@cpas[cpa.id].merge! result~~
106		~~rescue Exception => e~~
107		~~@logger.error "#{me}: Unable to prepare CPA information structures: #{e.to_s}, #{e.backtrace}"~~
108		~~@logger.error "#{me}: CPA with id #{cpa.id} is not installed into the system."~~
109		~~end~~
110		~~if result.nil? then~~
111		~~@logger.error "#{me}: Unable to successfully read ebXML CPA."~~
112		~~else~~
113		~~@logger.info "#{me}: Loaded CPA #{cpa_filename} with id: #{cpa.id}"~~
114		~~end~~
115		~~end~~
116		~~end~~
117		}
118		~~end~~
119		~~else~~
120		~~@logger.error "#{me}: Error accessing trading partner agreements directory (#{@cpas_dir}"~~
121		~~return nil~~
122		~~end~~
123		~~return @cpas~~
124		~~end~~
125
126		~~# This method determines if there is a CPA that matches the directive.~~
127		#
128		~~# TODO currently only outgoing. ? is this still true?~~
129		~~# TODO have a better validate! eg test non perMessage attributes are in the CPA and the directive sets such values.~~
130		~~def supports_directive? directive~~
131		~~return false if directive.nil?~~
132		~~@logger.debug "#{me}: looking for matching directive:"~~
133		~~@logger.debug "#{me}: directive hash value: #{directive.hash_value}"~~
134		~~error_message = ""~~
135
136		~~if (@cpas[directive.cpaId].nil? or @cpas[directive.cpaId]['outgoing'][directive.hash_value].nil?) then~~
137		~~error_message = "#{me}: CPA does not support directive."~~
138		~~@logger.warn error_message~~
139		~~return false~~
140		~~else~~
141		~~@logger.debug "#{me}: CPA does support this directive. Further checking PartyIds."~~
142		~~# Checking Party Identities.~~
143		~~from_ok = true~~
144		~~to_ok = true~~
145		~~if !directive.fromPartyId.nil? and !directive.fromPartyIdType.nil? then~~
146		~~if !@cpas[directive.cpaId]['outgoing'][directive.hash_value]['info']['this_party_ids'].include?( { :type => directive.fromPartyIdType, :id => directive.fromPartyId } ) then~~
147		error_message = "#{me}: CPA with id '#{directive.cpaId}' does not list a party id of '#{directive.fromPartyId}' of type '#{directive.fromPartyIdType}' for the party '#{@cpas[directive.cpaId]['this_party_name']}'."
148		~~@logger.warn error_message~~
149		~~from_ok = false~~
150		~~end~~
151		~~end~~
152		~~if !directive.toPartyId.nil? and !directive.toPartyIdType.nil? then~~
153		~~if !@cpas[directive.cpaId]['outgoing'][directive.hash_value]['info']['other_party_ids'].include?( { :type => directive.toPartyIdType, :id => directive.toPartyId } ) then~~
154		error_message = "#{me}: CPA with id '#{directive.cpaId}' does not list a party id of '#{directive.toPartyId}' of type '#{directive.toPartyIdType}' for the party '#{@cpas[directive.cpaId]['other_party_name']}'."
155		~~@logger.warn error_message~~
156		~~to_ok = false~~
157		~~end~~
158		~~end~~
159		~~if from_ok == true and to_ok == true then~~
160		~~@logger.debug "#{me}: PartyIds are OK."~~
161		~~return true~~
162		~~else~~
163		~~return false~~
164		~~end~~
165		~~end~~
166		~~return false~~
167		~~end~~
168
169		~~# This method returns the ebMS info for a given directive.~~
170		~~def get_ebMS_message_info directive~~
171		~~# if directive.class == HefeWeizenDirective then~~
172		~~return nil if (directive.nil? or @cpas[directive.cpaId].nil? or @cpas[directive.cpaId]['outgoing'][directive.hash_value].nil?)~~
173		~~return @cpas[directive.cpaId]['outgoing'][directive.hash_value] # ['info']~~
174		~~# else~~
175		~~# # directive must be a hash~~
176		~~# return nil if (directive.nil? or @cpas[directive[:cpaId]].nil? or @cpas[directive[:cpaId]]['outgoing'][directive[:hash_value]].nil?)~~
177		~~# return @cpas[directive[:cpaId]]['outgoing'][directive[:hash_value]] # ['info']~~
178		~~# return nil~~
179		~~# end~~
180		~~end~~
181
182		~~# This method returns the ebMS info for a given service and action.~~
183		~~# This method is useful for ebXML message signals that are responses to given ebXML messages.~~
184		~~def get_ebMS_message_info_extra cpa_id, service, action, direction~~
185		~~return nil if cpa_id.nil? or service.nil? or action.nil? or direction.nil?~~
186		~~return nil unless ['outgoing', 'incoming'].include? direction~~
187		~~return nil unless !@cpas[cpa_id].nil?~~
188		~~@cpas[cpa_id][direction].each_value{ \| hash \|~~
189		~~if hash['service'] == service and hash['action'] == action then~~
190		~~return hash~~
191		~~end~~
192		}
193		~~return nil~~
194		~~end~~
195
196		~~# This method tells where this party has a CPA with a given CPA id~~
197		~~def has_cpa? cpa_id, from~~
198		~~@cpas.has_key? cpa_id~~
199		~~end~~
200
201		~~# This method returns ths the CPA that matches the CPA id.~~
202		~~# If there is no CPA with this CPA then it returns nil.~~
203		~~def get_cpa cpa_id~~
204		~~if @cpas.has_key? cpa_id then~~
205		~~return @cpas[cpa_id]['cpa']~~
206		~~else~~
207		~~return nil~~
208		~~end~~
209		~~end~~
210
211		~~end~~
212
213	39	# The CPA class represents an ebXML Collaboration Protocol Agreement file
214	40	# This is an XML file.
…	…
218	44
219	45	def CPA.create cpa_path, config
220		# and FileTest.owned?(cpa_path)
	46	# and FileTest.owned?(cpa_path)
221	47	if FileTest.exists?(cpa_path) and FileTest.file?(cpa_path) \
222	48	and FileTest.readable?(cpa_path) then
…	…
688	514	info['transport-protocol-version'] = other_party_transport.transportReceiver.transportProtocol.xmlattr_version if other_party_transport.transportReceiver.transportProtocol.respond_to? "xmlattr_version"
689	515	info['transport-protocol-endpoint'] = other_party_transport.transportReceiver.endpoint.xmlattr_uri if other_party_transport.transportReceiver.endpoint.respond_to? "xmlattr_uri"
	516
	517	if other_party_transport.transportReceiver.respond_to? "transportServerSecurity" then
	518	tss = other_party_transport.transportReceiver.transportServerSecurity
	519	info['transport-protocol-security-protocol'] = (tss.respond_to? "transportSecurityProtocol") ? tss.transportSecurityProtocol.strip : "not set"
	520	info['transport-protocol-security-protocol-version'] = (tss.respond_to? "transportSecurityProtocol") ? tss.transportSecurityProtocol.xmlattr_version : "not set"
	521	info['transport-protocol-security-server-cert-ref'] = (tss.respond_to? "serverCertificateRef" and tss.serverCertificateRef.respond_to? "xmlattr_certId") ? tss.serverCertificateRef.xmlattr_certId : "not set"
	522	# I ASSUME THE CPA IS CORRECT!
	523	info['transport-protocol-security-client-cert-ref'] = this_party_transport.transportSender.transportClientSecurity.clientCertificateRef.xmlattr_certId
	524	# I ASSUME THE CPA IS CORRECT!
	525	info['transport-protocol-security-server-sec-details-ref'] = this_party_transport.transportSender.transportClientSecurity.serverSecurityDetailsRef.xmlattr_securityId
	526	else
	527	info['transport-protocol-security'] = 'not set'
	528	end
690	529	return info
691	530	end

branches/branch-https-dev/src/hefeweizen_library_exchange_point.rb

r341	r451
41	41	attr_reader :exchange_points_config
42	42
43		def initialize b2b_system_name, configuration_file, big_ania, config
	43	def initialize b2b_system_name, configuration_file, certs_dir, big_ania, config
44	44	@b2b_system_name = b2b_system_name
45	45	@big_ania = big_ania
46	46	@config = config
47	47	@logger = config['LOGGER']
	48	@certs_dir = certs_dir
48	49	require "#{@config['LIB_DIR']}/hefeweizen_library_utils"
49	50
…	…
56	57	conf.each_line { \| line \|
57	58	# sample syntax:
	59	# Protocol: http Host: localhost Port: 7777 Path: /coronation
	60	# Protocol: https Host: localhost Port: 7778 Path: /coronation Server-Cert: corontion_ssl_server_cert
58	61	# http localhost 7777 /coronation
59		if line =~ /^Protocol: (.) Host: (.) Port: (.) Path: (.)$/ then
60		@logger.debug "#{me}: Protocol #{$1}, running on #{$2} on port #{$3} and with path #{$4} to the ebXML Message Service Handler."
	62	if line =~ /^Protocol: (.) Host: (.) Port: (.) Path: (.) Server-Cert: (.*)$/ then
	63	@logger.debug "#{me}: Protocol '#{$1}', running on host '#{$2}' on port '#{$3}' and with path '#{$4}' and server cert reference '#{$5}' of the ebXML Message Service Handler."
	64	server_cert_dir = "#{@certs_dir}/#{$5.strip}"
	65	@exchange_points_config << { :protocol => $1, :host => $2, :port => $3.to_i, :path => $4, :server_cert_dir => server_cert_dir }
	66	elsif line =~ /^Protocol: (.) Host: (.) Port: (.) Path: (.)$/ then
	67	@logger.debug "#{me}: Protocol '#{$1}', running on host '#{$2}' on port '#{$3}' and with path '#{$4}' of the ebXML Message Service Handler."
61	68	@exchange_points_config << { :protocol => $1, :host => $2, :port => $3.to_i, :path => $4 }
62	69	elsif line =~ /^#.*$/ then
…	…
87	94	# create a long living tasker that monitors this directory.
88	95	#
89		if exchange_point_config[:protocol] == 'http' then
	96	if exchange_point_config[:protocol] == 'http' \|\| exchange_point_config[:protocol] == 'https' then
	97	server_cert_dir = ""
	98	if exchange_point_config[:protocol] == 'https' then
	99	server_cert_dir = " --server-cert-dir #{exchange_point_config[:server_cert_dir]}"
	100	end
	101
	102	tasker_argument = "--b2b-system-name #{@b2b_system_name} --pipe-to-ania #{@config['PIPE_TO_ANIA']} --port #{exchange_point_config[:port]} --path #{exchange_point_config[:path]} #{server_cert_dir} --config #{@config['CONFIG_DIR']}/hefeweizen.conf"
	103
90	104	command_hash = {
91	105	"from" => "hefeweizen_exchange_point",
…	…
93	107	"command" => "start_tasker",
94	108	"tasker" => "#{@config['BIN_DIR']}/hefeweizen_tasker_application_http_server.rb",
95		"tasker arguments" => "--b2b-system-name #{@b2b_system_name} --pipe-to-ania #{@config['PIPE_TO_ANIA']} --port #{exchange_point_config[:port]} --path #{exchange_point_config[:path]} --config #{@config['CONFIG_DIR']}/hefeweizen.conf",
	109	"tasker arguments" => tasker_argument,
96	110	"uuid" => HefeWeizen::HefeWeizenLibrary::HefeWeizenUUID.uuid
97	111	}

branches/branch-https-dev/src/taskers/hefeweizen_tasker_application_http_server.rb

r315	r451
34	34	require 'getoptlong'
35	35	require 'webrick'
	36	require 'webrick/https'
	37	require 'openssl'
36	38	require 'fileutils'
37	39	require 'logger'
…	…
106	108	file_full.close
107	109
	110	require 'pp'
	111	puts '-------------------------------'
	112	puts req.meta_vars
	113	puts '-------------------------------'
	114	puts req.meta_vars['SSL_CLIENT_CERT']
	115	puts '-------------------------------'
	116	puts req.client_cert
	117
108	118	# 2.
109	119	# create a named pipe so big ania (via ania) can tell us how to proceed.
…	…
256	266	[ '--port', '-p', GetoptLong::REQUIRED_ARGUMENT ],
257	267	[ '--path', '-x', GetoptLong::REQUIRED_ARGUMENT ],
	268	[ '--server-cert-dir', '-s', GetoptLong::OPTIONAL_ARGUMENT ],
258	269	[ '--config', '-c', GetoptLong::REQUIRED_ARGUMENT ]
259	270	)
…	…
264	275	@port = nil
265	276	@path = nil
266
	277	@server_cert_dir = nil
	278	@is_https = false
267	279	opts.each do \|opt, arg\|
268	280	case opt
…	…
277	289	when '--config'
278	290	@config_file = arg
	291	when '--server-cert-dir'
	292	@server_cert_dir = arg
	293	@is_https = true
279	294	end
280	295	end
…	…
308	323
309	324	require "#{@config['LIB_DIR']}/hefeweizen_library_utils"
310
311		end
312
	325
	326
	327	if @is_https then
	328	if !(FileTest.exists? @server_cert_dir and FileTest.directory? @server_cert_dir) then
	329	@logger.error "#{me}: Unable to locate server certificate directory '#{@server_cert_dir}'."
	330	# exit -1 ?
	331	else
	332	@private_key_file = Dir.glob("#{@server_cert_dir}/*private_key.pem").first
	333	@cert_file = Dir.glob("#{@server_cert_dir}/*_cacert.pem").first
	334	# @private_key_password_file = Dir.glob("#{@server_cert_dir}/*private_key.password").first
	335	if !(FileTest.exists? @cert_file and FileTest.readable? @cert_file) then
	336	@logger.error "#{me}: The HTTP servers SSL certificate does not exist or is not readable. Please fix."
	337	exit -1
	338	end
	339	if !(FileTest.exists? @private_key_file and FileTest.readable? @private_key_file) then
	340	@logger.error "#{me}: The HTTP Server's private key file does not exist or is not readable. Please fix."
	341	exit -1
	342	end
	343	end
	344
	345	end
	346
	347	end
	348
	349	def me
	350	"HefeWeizen HTTP(S) Server"
	351	end
	352
313	353	def run
314	354	return http_server_serve()
…	…
318	358
319	359	def http_server_serve
320		s = WEBrick::HTTPServer.new( {:Logger => @logger, :Port => @port} )
	360	if @is_https then
	361
	362	pkey = cert = cert_name = client_ca = nil
	363	begin
	364	pkey = OpenSSL::PKey::RSA.new(File.open(@private_key_file).read)
	365	cert = OpenSSL::X509::Certificate.new(File.open(@cert_file).read)
	366	client_ca = OpenSSL::X509::Certificate.new(File.open("/home/sacha/HefeWeizenHTTPS/test/test-systems/Coronation/certificates/coronation_ssl_client_cert/Coronation_ssl_client_cacert.pem").read)
	367	rescue
	368	@logger.error "#{me}: Unable to create HTTPs server."
	369	exit -1
	370	# $stderr.puts "Switching to use self-signed certificate"
	371	# cert_name = [ ["C","JP"], ["O","WEBrick.Org"], ["CN", "WWW"] ]
	372	end
	373
	374	=begin
	375	:SSLEnable => true,
	376	:SSLCertificate => nil,
	377	:SSLPrivateKey => nil,
	378	:SSLClientCA => nil,
	379	:SSLExtraChainCert => nil,
	380	:SSLCACertificateFile => nil,
	381	:SSLCACertificatePath => nil,
	382	:SSLCertificateStore => nil,
	383	:SSLVerifyClient => ::OpenSSL::SSL::VERIFY_NONE,
	384	:SSLVerifyDepth => nil,
	385	:SSLVerifyCallback => nil, # custom verification
	386	:SSLTimeout => nil,
	387	:SSLOptions => nil,
	388	:SSLStartImmediately => true,
	389	# Must specify if you use auto generated certificate.
	390	:SSLCertName => nil,
	391	:SSLCertComment => "Generated by Ruby/OpenSSL"
	392	=end
	393
	394
	395	s=WEBrick::HTTPServer.new({
	396	:Port => @port,
	397	:Logger => @logger,
	398	:SSLEnable => true,
	399	# :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
	400	# :SSLVerifyClient => OpenSSL::SSL::VERIFY_PEER,
	401	#OpenSSL::SSL::VERIFY_PEER \|
	402	:SSLVerifyClient => OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT,
	403	:SSLCACertificateFile => "/home/sacha/HefeWeizenHTTPS/test/test-systems/Coronation/certificates/coronation_ssl_client_cert/Coronation_ssl_client_cacert.pem",
	404	:SSLClientCA => client_ca,
	405	# :SSLClientCA => "/home/sacha/HefeWeizenHTTPS/test/test-systems/Coronation/certificates/coronation_ssl_client_cert/Coronation_ssl_client_cacert.pem",
	406	:SSLCertificate => cert,
	407	:SSLPrivateKey => pkey,
	408	# :SSLPrivateKeyPassPhrase => "passphrase",
	409	:SSLCertName => cert_name,
	410	:SSLCertComment => "HefeWeizen SSL notice"
	411	} )
	412	else
	413	# :SSLVerifyClient => OpenSSL::SSL::VERIFY_PEER \| ::OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
	414	# :SSLCACertificateFile => File.dirname(__FILE__) + "/xxx-my-ca.crt",
	415	# :SSLVerifyDepth => 2,
	416	s = WEBrick::HTTPServer.new( {:Logger => @logger, :Port => @port} )
	417	end
	418
321	419	s.mount @path, InitializedEBMSServlet, @b2b_system_name, @config, @pipe_to_ania
322	420	trap("INT"){ s.shutdown }
323	421	s.start
324	422	return 0
325
326	423	end
327	424

branches/branch-https-dev/src/taskers/hefeweizen_tasker_application_send_ebXML_message.rb

r323	r451
119	119	end
120	120
	121	def me
	122	"HefeWeizenHTTPClient"
	123	end
	124
121	125	def run
122	126
…	…
137	141	number_of_retries = @ebXML_message_parameters['info']['reliable-messaging-retries'] \|\| 5
138	142	seconds_to_wait_between_retries = @ebXML_message_parameters['info']['reliable-messaging-retry-interval'] \|\| 10
139
	143
	144	# HTTPS settings
	145	ssl_configurations = ""
	146	security_protocol = @ebXML_message_parameters['info']['transport-protocol-security-protocol']
	147	if !security_protocol.nil? and security_protocol.upcase == 'SSL' then
	148	# no certificate checkings for wget use argument --no-check-certificate
	149
	150	# SERVER CERT CA's
	151	# --ca-certificate = -> the server authentication certificate file path
	152	# --ca-directory = -> a directory path holding all trusted server cert CA's. The ca-certificate
	153	# file must be signed by one of these certificates
	154	# CLIENT CERTIFICATE
	155	# --certificate = -> the client certificate file path
	156
	157	# "/home/sacha/HefeWeizenHTTPS/test/test-systems/Gnaraloo/certificates/gnaraloo_ssl_server_cert/Gnaraloo_ssl_server_cacert.pem"
	158	# "/home/sacha/HefeWeizenHTTPS/test/test-systems/Coronation/certificates/coronation_ssl_client_cert/Coronation_ssl_client_cacert.pem"
	159
	160	ca_certificate = @ebXML_message_parameters['info']['transport-protocol-security-server-cert-file'] \|\| ""
	161	ca_directory = @ebXML_message_parameters['info']['transport-protocol-security-server-cas-directory'] \|\| ""
	162	client_certificate = @ebXML_message_parameters['info']['transport-protocol-security-client-cert-file'] \|\| ""
	163
	164	if ca_certificate.empty? or ca_directory.empty? or client_certificate.empty? then
	165	msg = "Required SSL configuration information is missing. Check the values of the ca_certificate: '#{ca_certificate}', " +
	166	"ca_directory = '#{ca_directory}', or client certificate: '#{client_certificate}'."
	167	# @logger.error "#{me}: #{msg}"
	168	# ssl_configurations = "--no-check-certificate"
	169	puts "Errro #{msg}"
	170	else
	171	ssl_configurations = "--ca-certificate=#{ca_certificate} --ca_directory=#{ca_directory} --certificate=#{client_certificate}"
	172	end
	173
	174	end
	175
140	176	# FIX ME FOR TESTING PURPOSE SEND IT TO A LOCAL WEBSERVER
141	177	# http_url = "localhost:5555/test"
142	178
143	179	# FIX ME FOR TESTING PURPOSE SEND IT TO A LOCAL WEBSERVER
144		# http_url = "192.168.1.49:8888/gnaraloo"
	180	# http_url = "192.168.1.49:8888/gnaraloo"
145	181
146	182	time = Time.now.to_f.to_s
…	…
175	211
176	212	# added ignore-length ... had problems with it when using webrick and setting code 204 to it.
177		command = "wget -S --ignore-length --user-agent=\"HefeWeizen\" --post-file=\"#{@ebXML_message_file_path}\" --header='#{extra_header}' --header='SOAPAction: \"ebXML\"' --output-document=\"#{response_file_path}\" --append-output=\"#{transfer_info_file_path}\" #{http_url} "
	213
	214	puts command = "wget -S #{ssl_configurations} --ignore-length --user-agent=\"HefeWeizen\" --post-file=\"#{@ebXML_message_file_path}\" --header='#{extra_header}' --header='SOAPAction: \"ebXML\"' --output-document=\"#{response_file_path}\" --append-output=\"#{transfer_info_file_path}\" #{http_url} "
	215
178	216	system(command)
179	217

branches/branch-https-dev/test/test-systems/Coronation/infrastructure/exchange-points/http_server.conf

r130	r451
8	8	# the server is listening is port 7777 and the path to the server is /coronation
9	9	Protocol: http Host: localhost Port: 7777 Path: /coronation
	10	Protocol: https Host: localhost Port: 7778 Path: /coronation Server-Cert: coronation_ssl_server_cert

branches/branch-https-dev/test/test-systems/Gnaraloo/infrastructure/exchange-points/http_server.conf

r130	r451
8	8	# the server is listening is port 7777 and the path to the server is /coronation
9	9	Protocol: http Host: localhost Port: 8888 Path: /gnaraloo
	10	Protocol: https Host: localhost Port: 8889 Path: /gnaraloo Server-Cert: gnaraloo_ssl_server_cert

Download in other formats: