6. Python code summary

When configured according to this tutorial, the policy.py file of Application-level Gateway should look something like this:

Configuring HTTPS proxying:

class HttpsProxy(HttpProxy):
    def config(self):
        HttpProxy.config(self)
        self.ssl.client_keypair_files=\
             ("/etc/key.d/Certificate_for_SSL_proxying/cert.pem",\
             "/etc/key.d/Certificate_for_SSL_proxying/key.pem")
        self.ssl.client_verify_type=SSL_VERIFY_NONE
        self.ssl.client_connection_security = SSL_FORCE_SSL
        self.ssl.server_connection_security = SSL_FORCE_SSL
        self.ssl.server_cagroup_directories= \
             ("/etc/ca.d/groups/MS_Trusted_CA/certs/",\
              "/etc/ca.d/groups/MS_Trusted_CA/crls/")
        self.ssl.server_disable_proto_sslv2=TRUE

Nontransparent version:

class HttpSNonTransparent(HttpProxyNonTransparent):
    def config(self):
        HttpProxyNonTransparent.config(self)
        self.connect_proxy= HttpsProxy
        self.request["GET"]=HTTP_REQ_ACCEPT
        self.request["POST"]=HTTP_REQ_ACCEPT
        self.request["HEAD"]=HTTP_REQ_ACCEPT
        self.request["CONNECT"]=HTTP_REQ_ACCEPT

One-sided HTTPS and Microsoft Outlook Web Access:

class OnesidedHttpsProxy(HttpsProxy):
    def config(self):
        HttpsProxy.config(self)
        self.ssl.server_connection_security=SSL_NONE
        self.ssl.server_keypair_files = \
            ("/etc/key.d/Sample Certificate/cert.pem",\
             "/etc/key.d/Sample Certificate/key.pem")
        self.stack_proxy=(Z_STACK_PROXY, OWAHttpProxy)

class OWAHttpProxy(HttpProxy):
    def config(self):
        HttpProxy.config(self)
        self.request_header["Front-End-Https"]=(HTTP_HDR_INSERT, "on")

HTTP Proxy using stream editor

class HttpSedProxy(OnesidedHttpsProxy):
    def config(self):
        OnesidedHttpsProxy.config(self)
        self.response_stack["*"]=(HTTP_STK_DATA, (Z_STACK_PROGRAM, "sed -e 's|http://|https://|g'"))

Transferring certificate information in an HTTP header

class HttpsCertProxy(OnesidedHttpsProxy):
    def config(self):
        OnesidedHttpsProxy.config(self)
        self.request_header["X-User-Certificate"]=(HTTP_HDR_INSERT, self.tls.client_peer_certificate.subject)

Name-based virtual hosting and sidestacking:

class HttpProxyTargetByHostHeader(HttpProxy):
    def config(self):
        HttpProxy.config(self)
        self.request_header["Host"]=(HTTP_HDR_POLICY, self.TargetByHostHeader)
        self.ssl.client_connection_security=SSL_FORCE_SSL
        self.ssl.server_connection_security=SSL_NONE
        self.ssl.server_keypair_files = \
            ("/etc/key.d/Sample Certificate/cert.pem",\
             "/etc/key.d/Sample Certificate/key.pem")
    def TargetByHostHeader(self, name, value):
        if (value == "example.com"):
          self.session.setServer(SockAddrInet("192.168.0.1", 80))
          return HTTP_HDR_ACCEPT
        elif (value == "example2.com"):
          self.session.setServer(SockAddrInet("192.168.0.2", 80))
          return HTTP_HDR_ACCEPT
        return HTTP_HDR_ABORT