17bc6d8d3SBrad Bishop#!/usr/bin/env python 27bc6d8d3SBrad Bishop 37bc6d8d3SBrad Bishop# Contributors Listed Below - COPYRIGHT 2016 47bc6d8d3SBrad Bishop# [+] International Business Machines Corp. 57bc6d8d3SBrad Bishop# 67bc6d8d3SBrad Bishop# 77bc6d8d3SBrad Bishop# Licensed under the Apache License, Version 2.0 (the "License"); 87bc6d8d3SBrad Bishop# you may not use this file except in compliance with the License. 97bc6d8d3SBrad Bishop# You may obtain a copy of the License at 107bc6d8d3SBrad Bishop# 117bc6d8d3SBrad Bishop# http://www.apache.org/licenses/LICENSE-2.0 127bc6d8d3SBrad Bishop# 137bc6d8d3SBrad Bishop# Unless required by applicable law or agreed to in writing, software 147bc6d8d3SBrad Bishop# distributed under the License is distributed on an "AS IS" BASIS, 157bc6d8d3SBrad Bishop# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 167bc6d8d3SBrad Bishop# implied. See the License for the specific language governing 177bc6d8d3SBrad Bishop# permissions and limitations under the License. 187bc6d8d3SBrad Bishop 197bc6d8d3SBrad Bishop 207bc6d8d3SBrad Bishopimport sys 217bc6d8d3SBrad Bishopimport os 227bc6d8d3SBrad Bishopimport gevent 237bc6d8d3SBrad Bishopfrom gevent.pywsgi import WSGIServer 240fe213fbSDeepak Kodihallihave_wsock = True 250fe213fbSDeepak Kodihallitry: 260fe213fbSDeepak Kodihalli from geventwebsocket.handler import WebSocketHandler 270fe213fbSDeepak Kodihalliexcept ImportError: 280fe213fbSDeepak Kodihalli have_wsock = False 297bc6d8d3SBrad Bishop 307bc6d8d3SBrad Bishopif __name__ == '__main__': 317bc6d8d3SBrad Bishop if len(sys.argv) < 2: 327bc6d8d3SBrad Bishop sys.stderr.write('WSGI application required!') 337bc6d8d3SBrad Bishop sys.exit(1) 347bc6d8d3SBrad Bishop 35*249d1327SCamVan Nguyen exec('from obmc.wsgi.apps.%s import App' % sys.argv[1]) 367bc6d8d3SBrad Bishop 377bc6d8d3SBrad Bishop default_cert = os.path.join( 387bc6d8d3SBrad Bishop sys.prefix, 'share', os.path.basename(__file__), 'cert.pem') 397bc6d8d3SBrad Bishop 400fe213fbSDeepak Kodihalli kw = {} 410fe213fbSDeepak Kodihalli if have_wsock: 420fe213fbSDeepak Kodihalli kw['have_wsock'] = True 430fe213fbSDeepak Kodihalli app = App(**kw) 447bc6d8d3SBrad Bishop 4591ff1104SRatan Gupta # ECDH - Allow Elliptic Curve Diffie Hellman 4691ff1104SRatan Gupta # kDH - Allow Key Exchange algorithm as Diffie Hellman 4791ff1104SRatan Gupta # kEDH - Allow Key Exchange algorithm as Ephemeral Diffie Hellman 4891ff1104SRatan Gupta # kRSA - Allow Key Exchange algorithm as RSA 4991ff1104SRatan Gupta # !SSLv3 - Disallows any ciphers specific to SSLv3 5091ff1104SRatan Gupta # !SSLv2 - Disallows any ciphers specific to SSLv2 protocol 5191ff1104SRatan Gupta # !aNULL - Disallows anonymous authentication or no authentication 5291ff1104SRatan Gupta # !eNULL - Disallows connection with NULL encryption 5391ff1104SRatan Gupta # !LOW - Disallows any low strength ciphers 5491ff1104SRatan Gupta # !MEDIUM- Disallows medium strength ciphers 5591ff1104SRatan Gupta 5691ff1104SRatan Gupta ssl_ciphers = ( 5791ff1104SRatan Gupta 'ECDH:kDH:kEDH:kRSA:!SSLv3:!SSLv2:!aNULL:!eNULL:!LOW:!MEDIUM:@STRENGTH' 5891ff1104SRatan Gupta ) 5991ff1104SRatan Gupta 607bc6d8d3SBrad Bishop if os.environ.get('LISTEN_PID', None) == str(os.getpid()): 617bc6d8d3SBrad Bishop FIRST_SYSTEMD_SOCKET_FD = 3 627bc6d8d3SBrad Bishop bind = gevent.socket.fromfd(FIRST_SYSTEMD_SOCKET_FD, 637bc6d8d3SBrad Bishop gevent.socket.AF_INET, 647bc6d8d3SBrad Bishop gevent.socket.SOCK_STREAM) 657bc6d8d3SBrad Bishop else: 667bc6d8d3SBrad Bishop bind = ('', 443) 677bc6d8d3SBrad Bishop 680fe213fbSDeepak Kodihalli kw = {} 690fe213fbSDeepak Kodihalli if have_wsock: 700fe213fbSDeepak Kodihalli kw['handler_class'] = WebSocketHandler 717bc6d8d3SBrad Bishop server = WSGIServer( 725ce760dcSRatan Gupta bind, app, keyfile=default_cert, certfile=default_cert, 735ce760dcSRatan Gupta ciphers=ssl_ciphers, **kw) 747bc6d8d3SBrad Bishop server.serve_forever() 75