PowerPointPrsentation

1
mod_epp Bringing EPP to Apache 2.0
Otmar Lendl lendl_at_nic.at
2
Extensible Provisioning Protocol

• XML based
• Defined as exchange of XML objects
• Schema definition available
• Simple mapping on TCP
• SSL/TLS recommended
• Client toolkits are available

3
Implementing an EPP server

• Obvious challenges
• XML schema verification
• Security Layer

• Obvious solutions
• Easy use Xerces library
• Easy use openssl

Tempting Use Open Source Toolbox roll your own
4
Challenges (2)

• Not so obvious issues
• Build system
• Portability
• Configuration infrastructure
• Logging subsystem
• Interface between EPP frontend and backend logic
• Performance? (Multithreading / Pre-forking?)

5
Apache 2.0 design

• Hooks at every stage of connection and request
  handling.
• Configurable input and output filters.
• HTTP handling is just a module which can be (and
  has been) replaced.
• Modules can be loaded and configured at runtime
  by a single configuration file.

Lets use Apache 2.0 as foundation!
6
Benefits

• Solves most of the challenges (software
  infrastructure, SSL, XML except schema support)
• Handling Apache requests is a well-known problem
  (cf. CGI, PHP, mod_perl, server-side Java)

7
Architecture Overview
8
Implementation

• 1500 lines of C code
• No patches to Apache code
• Loaded at runtime
• Configurable via httpd.conf
• Does not interfere with HTTP operation

9
Script interface

• Incoming XML objects are passed to the request
  handler as HTML form input.
• EPP authentication is mapped to HTTP
  authentication All Apache Authentication
  mechanisms are available.
• Session state (login/logout) is done in mod_epp.
  
• Output from scripts is framed by mod_epp
  according to the EPP/TCP standard.

10
Script example

• !/usr/bin/perl
• use CGI qw/standard/
• q new CGI
• print "Content-Type text/xml\r\n\r\n"
• my cltrid q-gtparam("clTRID")
• my eppxml q-gtparam("frame")
• print "lt!- received eppxml --gt
• ...

11
Basic Configuration

• LoadModule epp_module \
• modules/mod_epp.so
• Listen 3121
• ltVirtualHost 3121gt
• EPPEngine On
• lt/VirtualHostgt

12
Configuration (cont.)

• EPPCommandRoot /epp/command
• EPPSessionRoot /epp/session
• EPPErrorRoot /epp/error
• EPPVersion 7
• version 6 and 7 of ltlogingt are
• supported
• This will map e.g. an EPP lttransfergt command to
  the local URI /epp/command/transfer.

13
Authentication

• EPPAuthURI /epp/auth/login
• ltLocation /epp/authgt
• AuthType Basic
• AuthName "EPP"
• AuthUserFile .../htpasswd
• require valid-user
• lt/Locationgt

14
SSL Support

• Listen 3121
• ltVirtualHost 3121gt
• EPPEngine On
• SSLEngine On
• SSLCiphersuite ...
• SSLCertificateFile ...
• ...
• lt/VirtualHostgt

15
CGI Configuration

• The actual EPP logic can be in local CGI scripts
  ...
• EPPCommandRoot /epp/c
• ScriptAlias /epp/c/ .../scripts/epp-c/

16
Reverse Proxy Configuration

• ... or implemented somewhere else,
• EPPCommandRoot /proxy/command
• ProxyPass /proxy/ http//somewhere/epp/
• while EPP errors are handled locally
• EPPErrorRoot /cgi-bin/epp-errors

17
Try it!

• Source code is available at
• http//sourceforge.net/projects/aepps/
• mod_epp is distributed under the Apache licence.
• We rate the current version as early beta
  software.
• Comments (and patches!) are welcome!