xref: /openbmc/phosphor-rest-server/servers/gevent/phosphor-gevent (revision 91ff11046014765563f4b22fc9eaaf1bebc56497) 
1#!/usr/bin/env python
2
3# Contributors Listed Below - COPYRIGHT 2016
4# [+] International Business Machines Corp.
5#
6#
7# Licensed under the Apache License, Version 2.0 (the "License");
8# you may not use this file except in compliance with the License.
9# You may obtain a copy of the License at
10#
11#     http://www.apache.org/licenses/LICENSE-2.0
12#
13# Unless required by applicable law or agreed to in writing, software
14# distributed under the License is distributed on an "AS IS" BASIS,
15# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
16# implied. See the License for the specific language governing
17# permissions and limitations under the License.
18
19
20import sys
21import os
22import gevent
23from gevent.pywsgi import WSGIServer
24have_wsock = True
25try:
26    from geventwebsocket.handler import WebSocketHandler
27except ImportError:
28    have_wsock = False
29
30if __name__ == '__main__':
31    if len(sys.argv) < 2:
32        sys.stderr.write('WSGI application required!')
33        sys.exit(1)
34
35    exec 'from obmc.wsgi.apps.%s import App' % sys.argv[1]
36
37    default_cert = os.path.join(
38        sys.prefix, 'share', os.path.basename(__file__), 'cert.pem')
39
40    kw = {}
41    if have_wsock:
42        kw['have_wsock'] = True
43    app = App(**kw)
44
45    # ECDH - Allow Elliptic Curve Diffie Hellman
46    # kDH - Allow Key Exchange algorithm as Diffie Hellman
47    # kEDH - Allow Key Exchange algorithm as Ephemeral Diffie Hellman
48    # kRSA - Allow Key Exchange algorithm as RSA
49    # !SSLv3 - Disallows any ciphers specific to SSLv3
50    # !SSLv2 - Disallows any ciphers specific to SSLv2 protocol
51    # !aNULL - Disallows anonymous authentication or no authentication
52    # !eNULL - Disallows connection with NULL encryption
53    # !LOW -   Disallows any low strength ciphers
54    # !MEDIUM- Disallows medium strength ciphers
55
56    ssl_ciphers = (
57    'ECDH:kDH:kEDH:kRSA:!SSLv3:!SSLv2:!aNULL:!eNULL:!LOW:!MEDIUM:@STRENGTH'
58    )
59
60    app = App()
61
62    if os.environ.get('LISTEN_PID', None) == str(os.getpid()):
63        FIRST_SYSTEMD_SOCKET_FD = 3
64        bind = gevent.socket.fromfd(FIRST_SYSTEMD_SOCKET_FD,
65                                    gevent.socket.AF_INET,
66                                    gevent.socket.SOCK_STREAM)
67    else:
68        bind = ('', 443)
69
70    kw = {}
71    if have_wsock:
72        kw['handler_class'] = WebSocketHandler
73    server = WSGIServer(
74        bind, app, keyfile=default_cert, certfile=default_cert, ciphers=ssl_ciphers)
75    server.serve_forever()
76