1 / 17

mod_epp Bringing EPP to Apache 2.0

mod_epp Bringing EPP to Apache 2.0. Otmar Lendl lendl@nic.at. Extensible Provisioning Protocol. XML – based Defined as exchange of XML objects Schema definition available Simple mapping on TCP SSL/TLS recommended Client toolkits are available. Implementing an EPP server.

elmo-conrad
Download Presentation

mod_epp Bringing EPP to Apache 2.0

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. mod_epp Bringing EPP to Apache 2.0 Otmar Lendl lendl@nic.at

  2. Extensible Provisioning Protocol • XML – based • Defined as exchange of XML objects • Schema definition available • Simple mapping on TCP • SSL/TLS recommended • Client toolkits are available

  3. Implementing an EPP server • Obvious solutions: • Easy: use Xerces library • Easy: use openssl Obvious challenges: • XML schema verification • Security Layer Tempting: Use Open Source Toolbox + roll your own

  4. Challenges (2) Not so obvious issues: • Build system • Portability • Configuration infrastructure • Logging subsystem • Interface between EPP frontend and backend logic • Performance? (Multithreading / Pre-forking?)

  5. Apache 2.0 design • Hooks at every stage of connection and request handling. • Configurable input and output filters. • HTTP handling is just a module which can be (and has been) replaced. • Modules can be loaded and configured at runtime by a single configuration file. Let´s use Apache 2.0 as foundation!

  6. Benefits • Solves most of the challenges (software infrastructure, SSL, XML [except schema support]) • Handling Apache requests is a well-known problem (cf. CGI, PHP, mod_perl, server-side Java)

  7. Architecture Overview

  8. Implementation • 1500 lines of C code • No patches to Apache code • Loaded at runtime • Configurable via httpd.conf • Does not interfere with HTTP operation

  9. Script interface • Incoming XML objects are passed to the request handler as HTML form input. • EPP authentication is mapped to HTTP authentication: All Apache Authentication mechanisms are available. • Session state (login/logout) is done in mod_epp. • Output from scripts is framed by mod_epp according to the EPP/TCP standard.

  10. Script example #!/usr/bin/perl use CGI qw/:standard/; $q = new CGI; print "Content-Type: text/xml\r\n\r\n"; my $cltrid = $q->param("clTRID"); my $eppxml = $q->param("frame"); print "<!-– received: $eppxml --> ...

  11. Basic Configuration LoadModule epp_module \ modules/mod_epp.so Listen 3121 <VirtualHost *:3121> EPPEngine On </VirtualHost>

  12. Configuration (cont.) EPPCommandRoot /epp/command EPPSessionRoot /epp/session EPPErrorRoot /epp/error EPPVersion 7 # version 6 and 7 of <login> are # supported This will map e.g. an EPP <transfer> command to the local URI /epp/command/transfer.

  13. Authentication EPPAuthURI /epp/auth/login <Location /epp/auth> AuthType Basic AuthName "EPP" AuthUserFile .../htpasswd require valid-user </Location>

  14. SSL Support Listen 3121 <VirtualHost *:3121> EPPEngine On SSLEngine On SSLCiphersuite ... SSLCertificateFile ... ... </VirtualHost>

  15. CGI Configuration The actual EPP logic can be in local CGI scripts ... EPPCommandRoot /epp/c ScriptAlias /epp/c/ .../scripts/epp-c/

  16. Reverse Proxy Configuration ... or implemented somewhere else, EPPCommandRoot /proxy/command ProxyPass /proxy/ http://somewhere/epp/ while EPP errors are handled locally: EPPErrorRoot /cgi-bin/epp-errors

  17. Try it! • Source code is available at http://sourceforge.net/projects/aepps/ • mod_epp is distributed under the Apache licence. • We rate the current version as early beta software. • Comments (and patches!) are welcome!

More Related