#!/usr/bin/env python

"""
Hosted GUI client startup script, for workshops, etc.

As of when this is run, we assume that the tarball (contents TBD and
perhaps changing from one workshop to another) have been unpacked,
that we are on some Unix-like machine, and that we are executing in
a Python interpreter.  We have to check anything else we care about.

In what we hope is the most common case, this script should be run
with no options.

$Id$

Copyright (C) 2010  Internet Systems Consortium ("ISC")

Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
"""

# Check Python version before doing anything else

import sys

python_version = sys.version_info[:2]

have_ssl_module = python_version >= (2, 6)

if python_version == (2, 5):
  print """
        WARNING WARNING WARNING

        You are running Python version 2.5, which does not include
        real SSL support.  This means that sessions created by this
        script will be vulnerable to monkey-in-the-middle attacks.

        Python 2.6 does not have this problem.
        """
  while True:
    answer = raw_input("Are you SURE you want to proceed? (yes/NO) ").strip().lower()
    if answer in ("", "n", "no"):
      sys.exit("You have chosen wisely")
    elif answer in ("y", "yes"):
      print "You have been warned"
      break
    else:
      print 'Please answer "yes" or "no"'

elif have_ssl_module:
  try:
    import ssl
  except ImportError:
    sys.exit("You're running Python 2.6+, but I can't find the ssl module, so you have no SSL support at all, argh!")

else:
  sys.exit("Sorry, this script requires Python 2.6+, I seem to be running in %s" % sys.version)

# Ok, it's safe to import the other stuff we need now

import os, subprocess, webbrowser, urllib2, getpass, re, errno, time, email.utils, httplib, socket, getopt, urllib, cookielib
import tempfile
from xml.etree.ElementTree import fromstring as ElementFromString

def save(filename, data):
  """
  Save data to a file.
  """

  tempname = "%s.%d.tmp" % (filename, os.getpid())
  f = open(tempname, "w")
  f.write(data)
  f.close()
  os.rename(tempname, filename)

def save_error(err):
  """
  Save the data from the file-like object "f" into a temporary file
  and open a web browser to view the result.
  """

  with tempfile.NamedTemporaryFile(prefix = "rpkidemo-error", suffix = ".html", delete = False) as tmpf:
    tmpf.write(err.read())

    # Save filename for use outside the with statement.  This ensures
    # the file is properly flushed prior to invoking the web browser.
    fname = tmpf.name

  sys.stderr.write("errors saved in %s\n" % fname)
  webbrowser.open("file://" + fname)

class CSV_File(object):
  """
  A CSV file that's being maintained by the GUI but being monitored,
  downloaded, and used here.
  """

  def __init__(self, filename, url):
    self.filename = filename
    self.url = url
    try:
      self.timestamp = os.stat(filename).st_mtime
    except:
      self.store(0, "")

  def last_modified(self):
    """
    Return CSV file timestamp formatted for use with HTTP.
    """
    return email.utils.formatdate(self.timestamp, False, True)

  def store(self, timestamp, data):
    """
    Save CSV file, and record new timestamp.
    """
    save(self.filename, data)
    self.timestamp = timestamp
    os.utime(self.filename, (time.time(), timestamp))


class AbstractHTTPSConnection(httplib.HTTPSConnection):
  """
  Customization of httplib.HTTPSConnection to enable certificate
  validation.

  This is an abstract class; subclass must set trust_anchor to the
  filename of a anchor file in the format that the ssl module
  expects.
  """

  trust_anchor = None

  def connect(self):
    assert self.trust_anchor is not None
    sock = socket.create_connection((self.host, self.port), self.timeout)
    if getattr(self, "_tunnel_host", None):
      self.sock = sock
      self._tunnel()
    self.sock = ssl.wrap_socket(sock,
                                keyfile = self.key_file,
                                certfile = self.cert_file,
                                cert_reqs = ssl.CERT_REQUIRED,
                                ssl_version = ssl.PROTOCOL_TLSv1,
                                ca_certs = self.trust_anchor)


class main(object):
  """
  Main program.
  """

  # Environmental parameters

  top = os.path.realpath(os.path.join((sys.path[0] or "."), ".."))
  cwd = os.getcwd()

  # Parameters that we might want to get from a config file.
  # Just wire them all in for the moment.

  base_url = "https://demo.rpki.net/"
  myrpki_url = base_url + "rpki/"
  auth_url = myrpki_url + "demo/login"
  example_myrpki_cfg = "%s/rpkid/examples/rpki.conf" % top
  working_dir = "%s/rpkidemo-data" % cwd
  myrpki_py = "%s/rpkid/myrpki.py" % top
  user_agent = "RPKIDemo"
  delay = 15
  trust_anchor = "%s/scripts/rpkidemo.pem" % top

  openssl = None

  def setup_openssl(self):
    """
    Find a usable version of OpenSSL, or build one if we must.
    """

    def scrape(*args):
      return subprocess.Popen(args, stdout = subprocess.PIPE, stderr = subprocess.STDOUT).communicate()[0]

    def usable_openssl(f):
      return f is not None and os.path.exists(f) and "-ss_cert" in scrape(f, "ca", "-?") and "Usage cms" in scrape(f, "cms", "-?")

    for d in os.environ["PATH"].split(":"):
      f = os.path.join(d, "openssl")
      if usable_openssl(f):
        self.openssl = f
        break

    if self.openssl is None:
      print "Couldn't find usable openssl on path, attempting to build one"
      subprocess.check_call((".<style>pre { line-height: 125%; }
td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
.highlight .hll { background-color: #ffffcc }
.highlight .c { color: #888888 } /* Comment */
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
.highlight .k { color: #008800; font-weight: bold } /* Keyword */
.highlight .ch { color: #888888 } /* Comment.Hashbang */
.highlight .cm { color: #888888 } /* Comment.Multiline */
.highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */
.highlight .cpf { color: #888888 } /* Comment.PreprocFile */
.highlight .c1 { color: #888888 } /* Comment.Single */
.highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */
.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */
.highlight .gr { color: #aa0000 } /* Generic.Error */
.highlight .gh { color: #333333 } /* Generic.Heading */
.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
.highlight .go { color: #888888 } /* Generic.Output */
.highlight .gp { color: #555555 } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #666666 } /* Generic.Subheading */
.highlight .gt { color: #aa0000 } /* Generic.Traceback */
.highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */
.highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */
.highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */
.highlight .kp { color: #008800 } /* Keyword.Pseudo */
.highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */
.highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */
.highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */
.highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */
.highlight .na { color: #336699 } /* Name.Attribute */
.highlight .nb { color: #003388 } /* Name.Builtin */
.highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */
.highlight .no { color: #003366; font-weight: bold } /* Name.Constant */
.highlight .nd { color: #555555 } /* Name.Decorator */
.highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */
.highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */
.highlight .nl { color: #336699; font-style: italic } /* Name.Label */
.highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */
.highlight .py { color: #336699; font-weight: bold } /* Name.Property */
.highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */
.highlight .nv { color: #336699 } /* Name.Variable */
.highlight .ow { color: #008800 } /* Operator.Word */
.highlight .w { color: #bbbbbb } /* Text.Whitespace */
.highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */
.highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */
.highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */
.highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */
.highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */
.highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */
.highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */
.highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */
.highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */
.highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */
.highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */
.highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */
.highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */
.highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */
.highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */
.highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */
.highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */
.highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */
.highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */
.highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */
.highlight .vc { color: #336699 } /* Name.Variable.Class */
.highlight .vg { color: #dd7700 } /* Name.Variable.Global */
.highlight .vi { color: #3333bb } /* Name.Variable.Instance */
.highlight .vm { color: #336699 } /* Name.Variable.Magic */
.highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */</style><div class="highlight"><pre><span></span><span class="c1"># $Id$</span>

<span class="sd">&quot;&quot;&quot;HTTPS utilities, both client and server.</span>

<span class="sd">At the moment this only knows how to use the PEM certs in my</span>
<span class="sd">subversion repository; generalizing it would not be hard, but the more</span>
<span class="sd">general version should use SQL anyway.</span>
<span class="sd">&quot;&quot;&quot;</span>

<span class="kn">import</span> <span class="nn">httplib</span><span class="o">,</span> <span class="nn">BaseHTTPServer</span><span class="o">,</span> <span class="nn">tlslite.api</span><span class="o">,</span> <span class="nn">glob</span><span class="o">,</span> <span class="nn">rpki.x509</span><span class="o">,</span> <span class="nn">traceback</span><span class="o">,</span> <span class="nn">rpki.exceptions</span>

<span class="n">rpki_content_type</span> <span class="o">=</span> <span class="s2">&quot;application/x-rpki&quot;</span>

<span class="k">def</span> <span class="nf">client</span><span class="p">(</span><span class="n">msg</span><span class="p">,</span> <span class="n">privateKey</span><span class="p">,</span> <span class="n">certChain</span><span class="p">,</span> <span class="n">x509TrustList</span><span class="p">,</span> <span class="n">host</span><span class="o">=</span><span class="s2">&quot;localhost&quot;</span><span class="p">,</span> <span class="n">port</span><span class="o">=</span><span class="mi">4433</span><span class="p">,</span> <span class="n">url</span><span class="o">=</span><span class="s2">&quot;/&quot;</span><span class="p">):</span>
<span class="w">  </span><span class="sd">&quot;&quot;&quot;Open client HTTPS connection, send a message, wait for response.</span>

<span class="sd">  This function wraps most of what one needs to do to send a message</span>
<span class="sd">  over HTTPS and get a response.  The certificate checking isn&#39;t quite</span>
<span class="sd">  up to snuff; it&#39;s better than with the other packages I&#39;ve found,</span>
<span class="sd">  but doesn&#39;t appear to handle subjectAltName extensions (sigh).</span>
<span class="sd">  &quot;&quot;&quot;</span>
  
  <span class="n">httpc</span> <span class="o">=</span> <span class="n">tlslite</span><span class="o">.</span><span class="n">api</span><span class="o">.</span><span class="n">HTTPTLSConnection</span><span class="p">(</span><span class="n">host</span><span class="o">=</span><span class="n">host</span><span class="p">,</span>
                                        <span class="n">port</span><span class="o">=</span><span class="n">port</span><span class="p">,</span>
                                        <span class="n">privateKey</span><span class="o">=</span><span class="n">privateKey</span><span class="o">.</span><span class="n">get_tlslite</span><span class="p">(),</span>
                                        <span class="n">certChain</span><span class="o">=</span><span class="n">certChain</span><span class="o">.</span><span class="n">tlslite_certChain</span><span class="p">(),</span>
                                        <span class="n">x509TrustList</span><span class="o">=</span><span class="n">x509TrustList</span><span class="o">.</span><span class="n">tlslite_trustList</span><span class="p">())</span>
  <span class="n">httpc</span><span class="o">.</span><span class="n">connect</span><span class="p">()</span>
  <span class="n">httpc</span><span class="o">.</span><span class="n">request</span><span class="p">(</span><span class="s2">&quot;POST&quot;</span><span class="p">,</span> <span class="n">url</span><span class="p">,</span> <span class="n">msg</span><span class="p">,</span> <span class="p">{</span><span class="s2">&quot;Content-Type&quot;</span> <span class="p">:</span> <span class="n">rpki_content_type</span><span class="p">})</span>
  <span class="n">response</span> <span class="o">=</span> <span class="n">httpc</span><span class="o">.</span><span class="n">getresponse</span><span class="p">()</span>
  <span class="k">if</span> <span class="n">response</span><span class="o">.</span><span class="n">status</span> <span class="o">==</span> <span class="n">httplib</span><span class="o">.</span><span class="n">OK</span><span class="p">:</span>
    <span class="k">return</span> <span class="n">response</span><span class="o">.</span><span class="n">read</span><span class="p">()</span>
  <span class="k">else</span><span class="p">:</span>
    <span class="n">r</span> <span class="o">=</span> <span class="n">response</span><span class="o">.</span><span class="n">read</span><span class="p">()</span>
    <span class="k">raise</span> <span class="n">rpki</span><span class="o">.</span><span class="n">exceptions</span><span class="o">.</span><span class="n">HTTPRequestFailed</span><span class="p">,</span> <span class="s2">&quot;HTTP request failed with status </span><span class="si">%s</span><span class="s2">, response </span><span class="si">%s</span><span class="s2">&quot;</span> <span class="o">%</span> <span class="p">(</span><span class="n">response</span><span class="o">.</span><span class="n">status</span><span class="p">,</span> <span class="n">r</span><span class="p">)</span>

<span class="k">class</span> <span class="nc">requestHandler</span><span class="p">(</span><span class="n">BaseHTTPServer</span><span class="o">.</span><span class="n">BaseHTTPRequestHandler</span><span class="p">):</span>
<span class="w">  </span><span class="sd">&quot;&quot;&quot;Derived type to supply POST handler.&quot;&quot;&quot;</span>

  <span class="n">rpki_handlers</span> <span class="o">=</span> <span class="kc">None</span>                  <span class="c1"># Subclass must bind</span>

  <span class="k">def</span> <span class="nf">rpki_find_handler</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
    <span class="k">for</span> <span class="n">s</span><span class="p">,</span><span class="n">h</span> <span class="ow">in</span> <span class="bp">self</span><span class="o">.</span><span class="n">rpki_handlers</span><span class="p">:</span>
      <span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="n">s</span><span class="p">):</span>
        <span class="k">return</span> <span class="n">h</span>
    <span class="k">return</span> <span class="kc">None</span>

  <span class="k">def</span> <span class="nf">do_POST</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
<span class="w">    </span><span class="sd">&quot;&quot;&quot;POST handler.&quot;&quot;&quot;</span>
    <span class="k">try</span><span class="p">:</span>
      <span class="n">handler</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">rpki_find_handler</span><span class="p">()</span>
      <span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">headers</span><span class="p">[</span><span class="s2">&quot;Content-Type&quot;</span><span class="p">]</span> <span class="o">!=</span> <span class="n">rpki_content_type</span><span class="p">:</span>
        <span class="n">rcode</span><span class="p">,</span> <span class="n">rtext</span> <span class="o">=</span> <span class="mi">415</span><span class="p">,</span> <span class="s2">&quot;Received Content-Type </span><span class="si">%s</span><span class="s2">, expected </span><span class="si">%s</span><span class="s2">&quot;</span> <span class="o">%</span> <span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">headers</span><span class="p">[</span><span class="s2">&quot;Content-Type&quot;</span><span class="p">],</span> <span class="n">rpki_content_type</span><span class="p">)</span>
      <span class="k">elif</span> <span class="n">handler</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
        <span class="n">rcode</span><span class="p">,</span> <span class="n">rtext</span> <span class="o">=</span> <span class="mi">404</span><span class="p">,</span> <span class="s2">&quot;No handler found for URL &quot;</span> <span class="o">+</span> <span class="bp">self</span><span class="o">.</span><span class="n">path</span>
      <span class="k">else</span><span class="p">:</span>
        <span class="n">rcode</span><span class="p">,</span> <span class="n">rtext</span> <span class="o">=</span> <span class="n">handler</span><span class="p">(</span><span class="n">query</span><span class="o">=</span><span class="bp">self</span><span class="o">.</span><span class="n">rfile</span><span class="o">.</span><span class="n">read</span><span class="p">(</span><span class="nb">int</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">headers</span><span class="p">[</span><span class="s2">&quot;Content-Length&quot;</span><span class="p">])),</span> <span class="n">path</span><span class="o">=</span><span class="bp">self</span><span class="o">.</span><span class="n">path</span><span class="p">)</span>
    <span class="k">except</span> <span class="ne">Exception</span><span class="p">,</span> <span class="n">edata</span><span class="p">:</span>
      <span class="n">traceback</span><span class="o">.</span><span class="n">print_exc</span><span class="p">()</span>
      <span class="n">rcode</span><span class="p">,</span> <span class="n">rtext</span> <span class="o">=</span> <span class="mi">500</span><span class="p">,</span> <span class="s2">&quot;Unhandled exception </span><span class="si">%s</span><span class="s2">&quot;</span> <span class="o">%</span> <span class="n">edata</span>
    <span class="bp">self</span><span class="o">.</span><span class="n">send_response</span><span class="p">(</span><span class="n">rcode</span><span class="p">)</span>
    <span class="bp">self</span><span class="o">.</span><span class="n">send_header</span><span class="p">(</span><span class="s2">&quot;Content-Type&quot;</span><span class="p">,</span> <span class="n">rpki_content_type</span><span class="p">)</span>
    <span class="bp">self</span><span class="o">.</span><span class="n">end_headers</span><span class="p">()</span>
    <span class="bp">self</span><span class="o">.</span><span class="n">wfile</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="n">rtext</span><span class="p">)</span>

<span class="k">class</span> <span class="nc">httpServer</span><span class="p">(</span><span class="n">tlslite</span><span class="o">.</span><span class="n">api</span><span class="o">.</span><span class="n">TLSSocketServerMixIn</span><span class="p">,</span> <span class="n">BaseHTTPServer</span><span class="o">.</span><span class="n">HTTPServer</span><span class="p">):</span>
<span class="w">  </span><span class="sd">&quot;&quot;&quot;Derived type to handle TLS aspects of HTTPS.&quot;&quot;&quot;</span>

  <span class="n">rpki_certChain</span> <span class="o">=</span> <span class="kc">None</span>
  <span class="n">rpki_privateKey</span> <span class="o">=</span> <span class="kc">None</span>
  <span class="n">rpki_sessionCache</span> <span class="o">=</span> <span class="kc">None</span>
  
  <span class="k">def</span> <span class="nf">handshake</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">tlsConnection</span><span class="p">):</span>
<span class="w">    </span><span class="sd">&quot;&quot;&quot;TLS handshake handler.&quot;&quot;&quot;</span>
    <span class="k">assert</span> <span class="bp">self</span><span class="o">.</span><span class="n">rpki_certChain</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span>
    <span class="k">assert</span> <span class="bp">self</span><span class="o">.</span><span class="n">rpki_privateKey</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span>
    <span class="k">assert</span> <span class="bp">self</span><span class="o">.</span><span class="n">rpki_sessionCache</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span>
    <span class="k">try</span><span class="p">:</span>
      <span class="n">tlsConnection</span><span class="o">.</span><span class="n">handshakeServer</span><span class="p">(</span><span class="n">certChain</span><span class="o">=</span><span class="bp">self</span><span class="o">.</span><span class="n">rpki_certChain</span><span class="p">,</span>
                                    <span class="n">privateKey</span><span class="o">=</span><span class="bp">self</span><span class="o">.</span><span class="n">rpki_privateKey</span><span class="p">,</span>
                                    <span class="n">sessionCache</span><span class="o">=</span><span class="bp">self</span><span class="o">.</span><span class="n">rpki_sessionCache</span><span class="p">)</span>
      <span class="n">tlsConnection</span><span class="o">.</span><span class="n">ignoreAbruptClose</span> <span class="o">=</span> <span class="kc">True</span>
      <span class="k">return</span> <span class="kc">True</span>
    <span class="k">except</span> <span class="n">tlslite</span><span class="o">.</span><span class="n">api</span><span class="o">.</span><span class="n">TLSError</span><span class="p">,</span> <span class="n">error</span><span class="p">:</span>
      <span class="nb">print</span> <span class="s2">&quot;TLS handshake failure:&quot;</span><span class="p">,</span> <span class="nb">str</span><span class="p">(</span><span class="n">error</span><span class="p">)</span>
      <span class="k">return</span> <span class="kc">False</span>

<span class="k">def</span> <span class="nf">server</span><span class="p">(</span><span class="n">handlers</span><span class="p">,</span> <span class="n">privateKey</span><span class="p">,</span> <span class="n">certChain</span><span class="p">,</span> <span class="n">port</span><span class="o">=</span><span class="mi">4433</span><span class="p">,</span> <span class="n">host</span><span class="o">=</span><span class="s2">&quot;&quot;</span><span class="p">):</span>
<span class="w">  </span><span class="sd">&quot;&quot;&quot;Run an HTTPS server and wait (forever) for connections.&quot;&quot;&quot;</span>

  <span class="k">if</span> <span class="ow">not</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">handlers</span><span class="p">,</span> <span class="p">(</span><span class="nb">tuple</span><span class="p">,</span> <span class="nb">list</span><span class="p">)):</span>
    <span class="n">handlers</span> <span class="o">=</span> <span class="p">((</span><span class="s2">&quot;/&quot;</span><span class="p">,</span> <span class="n">handlers</span><span class="p">),)</span>

  <span class="k">class</span> <span class="nc">boundRequestHandler</span><span class="p">(</span><span class="n">requestHandler</span><span class="p">):</span>
    <span class="n">rpki_handlers</span> <span class="o">=</span> <span class="n">handlers</span>

  <span class="n">httpd</span> <span class="o">=</span> <span class="n">httpServer</span><span class="p">((</span><span class="n">host</span><span class="p">,</span> <span class="n">port</span><span class="p">),</span> <span class="n">boundRequestHandler</span><span class="p">)</span>

  <span class="n">httpd</span><span class="o">.</span><span class="n">rpki_privateKey</span> <span class="o">=</span> <span class="n">privateKey</span><span class="o">.</span><span class="n">get_tlslite</span><span class="p">()</span>
  <span class="n">httpd</span><span class="o">.</span><span class="n">rpki_certChain</span> <span class="o">=</span> <span class="n">certChain</span><span class="o">.</span><span class="n">tlslite_certChain</span><span class="p">()</span>
  <span class="n">httpd</span><span class="o">.</span><span class="n">rpki_sessionCache</span> <span class="o">=</span> <span class="n">tlslite</span><span class="o">.</span><span class="n">api</span><span class="o">.</span><span class="n">SessionCache</span><span class="p">()</span>

  <span class="n">httpd</span><span class="o">.</span><span class="n">serve_forever</span><span class="p">()</span>
</pre></div>
</code></pre></td></tr></table>
</div> <!-- class=content -->
<div class='footer'>generated by <a href='https://git.zx2c4.com/cgit/about/'>cgit v1.2.3</a> (<a href='https://git-scm.com/'>git 2.25.1</a>) at 2025-05-16 04:25:51 +0000</div>
</div> <!-- id=cgit -->
</body>
</html>