TG-290

Добавлен "--cert-passwd" флаг для ввода пароля rsa

pym/console/application/cl_client.py

@@ -128,12 +128,25 @@ def connect_with_cert(cert, path_to_cert, url, args, wait_thread, clVarsCore,
         return None, 1, crypto_Error, False, None
     client = None
 
-    bio = M2Crypto.BIO.openfile(CERT_KEY)
+    rsa_password = args.cert_passwd or ""
-    rsa = M2Crypto.m2.rsa_read_key(bio._ptr(), lambda *unused: "")
+    with open(CERT_KEY) as inf:
+        if 'ENCRYPTED' in inf.readline():
+            if not args.cert_passwd:
+                Connect_Error = 1
+                return None, 1, crypto_Error, False, _("RSA key contain ENCRYPTED. Use '--cert-passwd' to provide password")
+    try:
+        bio = M2Crypto.BIO.openfile(CERT_KEY)
+        rsa = M2Crypto.m2.rsa_read_key(bio._ptr(), lambda *unused: bytes(rsa_password, 'utf-8'))
+    except SystemError as e:
+        Connect_Error = 1
+        return None, 1, crypto_Error, False, _("Failed to read rsa key")
     store_passwd = None
     if not rsa:
-        port = args.port or clVarsCore.Get('core.cl_core_port')
+        try:
-        store_passwd = get_password_from_daemon(args.host, port, wait_thread)
+            port = args.port or clVarsCore.Get('core.cl_core_port')
+            store_passwd = get_password_from_daemon(args.host, port, wait_thread)
+        except TypeError:
+            return None, 1, crypto_Error, False, _("Failed to get password from daemon or provided password is incorrect")
     key_passwd = store_passwd
     er = None
     try:
@@ -141,7 +154,7 @@ def connect_with_cert(cert, path_to_cert, url, args, wait_thread, clVarsCore,
         client = Client_suds(
             url, transport=HTTPSClientCertTransport(
                 CERT_KEY, CERT_FILE, path_to_cert, password=key_passwd,
-                ca_certs=ca_certs, wait_thread=wait_thread))
+                ca_certs=ca_certs, wait_thread=wait_thread, rsa_password=bytes(rsa_password, 'utf-8')))
         if not wait_thread.is_alive():
             wait_thread = StoppableThread()
             flag_thread_start = True

pym/console/application/client_class.py

@@ -557,11 +557,12 @@ class HTTPSClientCertTransport(HttpTransport):
                  client_keyfile=None, client_certfile=None,
                  client_keyobj=None, client_certobj=None,
                  cookie_callback=None, user_agent_string=None,
-                 wait_thread=None, **kwargs):
+                 wait_thread=None, rsa_password=None, **kwargs):
         Transport.__init__(self)
         self.key = key
         self.cert = cert
         self.cert_path = path_to_cert
+        self.rsa_password = rsa_password or b""
         if key:
             with open(cert) as cert_file:
                 client_certobj = OpenSSL.crypto.load_certificate \
@@ -574,12 +575,12 @@ class HTTPSClientCertTransport(HttpTransport):
                 else:
                     import M2Crypto
                     bio = M2Crypto.BIO.openfile(key)
-                    rsa = M2Crypto.m2.rsa_read_key(bio._ptr(),lambda *unused: b"")
+                    rsa = M2Crypto.m2.rsa_read_key(bio._ptr(),lambda *unused: self.rsa_password)
                     if not rsa:
                         raise OpenSSL.crypto.Error
                     with open(key) as key_file:
                         client_keyobj = OpenSSL.crypto.load_privatekey(OpenSSL.SSL.FILETYPE_PEM, 
-                            key_file.read())
+                            key_file.read(), passphrase=self.rsa_password or None)
 
         Unskin(self.options).update(kwargs)
         self.cookiejar = CookieJar(DefaultCookiePolicy())

pym/console/application/methods_func.py

@@ -94,6 +94,9 @@ def parse():
         '--stdin-passwords', action='store_true', default=False,
         dest='stdin_passwd',
         help=_("use passwords from standard input for users accounts"))
+    parser.add_argument(
+        '--cert-passwd', default=None, dest='cert_passwd',
+        help=_("password for rsa key"), metavar='PASSWORD')
     return parser