From b60bca77fe0e9f2dec99d65adc2b5d34e5946b42 Mon Sep 17 00:00:00 2001
From: root <root@pc283.spb.calculate.ru>
Date: Tue, 30 May 2023 12:06:39 +0300
Subject: [PATCH] =?UTF-8?q?TG-290=20=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=BB?=
 =?UTF-8?q?=D0=B5=D0=BD=20"--cert-passwd"=20=D1=84=D0=BB=D0=B0=D0=B3=20?=
 =?UTF-8?q?=D0=B4=D0=BB=D1=8F=20=D0=B2=D0=B2=D0=BE=D0=B4=D0=B0=20=D0=BF?=
 =?UTF-8?q?=D0=B0=D1=80=D0=BE=D0=BB=D1=8F=20rsa?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 pym/console/application/cl_client.py    | 23 ++++++++++++++++++-----
 pym/console/application/client_class.py |  7 ++++---
 pym/console/application/methods_func.py |  3 +++
 3 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/pym/console/application/cl_client.py b/pym/console/application/cl_client.py
index c3863e3..fbf7167 100644
--- a/pym/console/application/cl_client.py
+++ b/pym/console/application/cl_client.py
@@ -128,12 +128,25 @@ def connect_with_cert(cert, path_to_cert, url, args, wait_thread, clVarsCore,
         return None, 1, crypto_Error, False, None
     client = None
 
-    bio = M2Crypto.BIO.openfile(CERT_KEY)
-    rsa = M2Crypto.m2.rsa_read_key(bio._ptr(), lambda *unused: "")
+    rsa_password = args.cert_passwd or ""
+    with open(CERT_KEY) as inf:
+        if 'ENCRYPTED' in inf.readline():
+            if not args.cert_passwd:
+                Connect_Error = 1
+                return None, 1, crypto_Error, False, _("RSA key contain ENCRYPTED. Use '--cert-passwd' to provide password")
+    try:
+        bio = M2Crypto.BIO.openfile(CERT_KEY)
+        rsa = M2Crypto.m2.rsa_read_key(bio._ptr(), lambda *unused: bytes(rsa_password, 'utf-8'))
+    except SystemError as e:
+        Connect_Error = 1
+        return None, 1, crypto_Error, False, _("Failed to read rsa key")
     store_passwd = None
     if not rsa:
-        port = args.port or clVarsCore.Get('core.cl_core_port')
-        store_passwd = get_password_from_daemon(args.host, port, wait_thread)
+        try:
+            port = args.port or clVarsCore.Get('core.cl_core_port')
+            store_passwd = get_password_from_daemon(args.host, port, wait_thread)
+        except TypeError:
+            return None, 1, crypto_Error, False, _("Failed to get password from daemon or provided password is incorrect")
     key_passwd = store_passwd
     er = None
     try:
@@ -141,7 +154,7 @@ def connect_with_cert(cert, path_to_cert, url, args, wait_thread, clVarsCore,
         client = Client_suds(
             url, transport=HTTPSClientCertTransport(
                 CERT_KEY, CERT_FILE, path_to_cert, password=key_passwd,
-                ca_certs=ca_certs, wait_thread=wait_thread))
+                ca_certs=ca_certs, wait_thread=wait_thread, rsa_password=bytes(rsa_password, 'utf-8')))
         if not wait_thread.is_alive():
             wait_thread = StoppableThread()
             flag_thread_start = True
diff --git a/pym/console/application/client_class.py b/pym/console/application/client_class.py
index fced254..91447fd 100644
--- a/pym/console/application/client_class.py
+++ b/pym/console/application/client_class.py
@@ -557,11 +557,12 @@ class HTTPSClientCertTransport(HttpTransport):
                  client_keyfile=None, client_certfile=None,
                  client_keyobj=None, client_certobj=None,
                  cookie_callback=None, user_agent_string=None,
-                 wait_thread=None, **kwargs):
+                 wait_thread=None, rsa_password=None, **kwargs):
         Transport.__init__(self)
         self.key = key
         self.cert = cert
         self.cert_path = path_to_cert
+        self.rsa_password = rsa_password or b""
         if key:
             with open(cert) as cert_file:
                 client_certobj = OpenSSL.crypto.load_certificate \
@@ -574,12 +575,12 @@ class HTTPSClientCertTransport(HttpTransport):
                 else:
                     import M2Crypto
                     bio = M2Crypto.BIO.openfile(key)
-                    rsa = M2Crypto.m2.rsa_read_key(bio._ptr(),lambda *unused: b"")
+                    rsa = M2Crypto.m2.rsa_read_key(bio._ptr(),lambda *unused: self.rsa_password)
                     if not rsa:
                         raise OpenSSL.crypto.Error
                     with open(key) as key_file:
                         client_keyobj = OpenSSL.crypto.load_privatekey(OpenSSL.SSL.FILETYPE_PEM, 
-                            key_file.read())
+                            key_file.read(), passphrase=self.rsa_password or None)
 
         Unskin(self.options).update(kwargs)
         self.cookiejar = CookieJar(DefaultCookiePolicy())
diff --git a/pym/console/application/methods_func.py b/pym/console/application/methods_func.py
index b4b3d69..6c3122a 100644
--- a/pym/console/application/methods_func.py
+++ b/pym/console/application/methods_func.py
@@ -94,6 +94,9 @@ def parse():
         '--stdin-passwords', action='store_true', default=False,
         dest='stdin_passwd',
         help=_("use passwords from standard input for users accounts"))
+    parser.add_argument(
+        '--cert-passwd', default=None, dest='cert_passwd',
+        help=_("password for rsa key"), metavar='PASSWORD')
     return parser