From 9bd269c26a02d94f16d7c39f3cb0a4cd46bb40b1 Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Sun, 20 Jan 2013 22:37:43 +1300
Subject: Add support for client certificates

- pathod request logs now include a clientcert member with details on the
client cert, or None if there wasn't one.
- pathoc has a -C option to specify a client certificate
---
 libpathod/pathoc.py          |  5 +++--
 libpathod/pathod.py          | 12 ++++++++++++
 libpathod/templates/log.html | 10 +++++++---
 3 files changed, 22 insertions(+), 5 deletions(-)

(limited to 'libpathod')

diff --git a/libpathod/pathoc.py b/libpathod/pathoc.py
index a2d89aaf..ae9edaf0 100644
--- a/libpathod/pathoc.py
+++ b/libpathod/pathoc.py
@@ -7,13 +7,14 @@ class PathocError(Exception): pass
 
 
 class Pathoc(tcp.TCPClient):
-    def __init__(self, host, port, ssl=None, sni=None):
+    def __init__(self, host, port, ssl=None, sni=None, clientcert=None):
         tcp.TCPClient.__init__(self, host, port)
         self.settings = dict(
             staticdir = os.getcwd(),
             unconstrained_file_access = True,
         )
         self.ssl, self.sni = ssl, sni
+        self.clientcert = clientcert
 
     def http_connect(self, connect_to, wfile, rfile):
         wfile.write(
@@ -34,7 +35,7 @@ class Pathoc(tcp.TCPClient):
             self.http_connect(connect_to, self.wfile, self.rfile)
         if self.ssl:
             try:
-                self.convert_to_ssl(sni=self.sni)
+                self.convert_to_ssl(sni=self.sni, clientcert=self.clientcert)
             except tcp.NetLibError, v:
                 raise PathocError(str(v))
 
diff --git a/libpathod/pathod.py b/libpathod/pathod.py
index ce64acf9..ac56619b 100644
--- a/libpathod/pathod.py
+++ b/libpathod/pathod.py
@@ -96,6 +96,17 @@ class PathodHandler(tcp.BaseHandler):
             self.info(s)
             return False, dict(type = "error", msg = s)
 
+        clientcert = None
+        if self.clientcert:
+            clientcert = dict(
+                cn = self.clientcert.cn,
+                subject = self.clientcert.subject,
+                serial = self.clientcert.serial,
+                notbefore = self.clientcert.notbefore.isoformat(),
+                notafter = self.clientcert.notafter.isoformat(),
+                keyinfo = self.clientcert.keyinfo,
+            )
+
         request_log = dict(
             path = path,
             method = method,
@@ -103,6 +114,7 @@ class PathodHandler(tcp.BaseHandler):
             httpversion = httpversion,
             sni = self.sni,
             remote_address = self.client_address,
+            clientcert = clientcert
         )
 
         try:
diff --git a/libpathod/templates/log.html b/libpathod/templates/log.html
index 22747e0e..19468d66 100644
--- a/libpathod/templates/log.html
+++ b/libpathod/templates/log.html
@@ -17,9 +17,13 @@
         <tbody>
             {% for i in log %}
                 <tr>
-                    <td>{{ i["id"] }}</td>
-                    <td>{{ i["request"]["method"] }}</td>
-                    <td><a href="/log/{{ i["id"] }}">{{ i["request"]["path"] }}</a></td>
+                    {% if i["type"] == 'error' %}
+                        <td colspan="3">ERROR: {{ i["msg"] }}</td>
+                    {% else %}
+                        <td>{{ i["id"] }}</td>
+                        <td>{{ i["request"]["method"] }}</td>
+                        <td><a href="/log/{{ i["id"] }}">{{ i["request"]["path"] }}</a></td>
+                    {% endif %}
                 </tr>
             {% endfor %}
         </tbody>
-- 
cgit v1.2.3