calculate
/
calculate-utils-3-console
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Refactoring

Browse Source
master-3.5
Хирецкий Михаил 8 years ago
parent 3c99855268
commit c193eee22b
12 changed files with 677 additions and 560 deletions
Show Stats Download Patch File Download Diff File

266
pym/console/application/cert_func.py
Unescape View File

@ -1,4 +1,4 @@
#-*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
#
@ -14,13 +14,18 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import os, pwd
import sys, subprocess
import socket, time
import os
import pwd
import sys
import subprocess
import socket
import time
import urllib2
from calculate.console.application.function import _print
from function import get_ip_mac_type
from calculate.console.application.sid_func import get_sid
import OpenSSL, hashlib
import OpenSSL
import hashlib
from client_class import HTTPSClientCertTransport
from cert_verify import VerifyError
from calculate.core.datavars import DataVarsCore
@ -28,42 +33,47 @@ from calculate.core.server.methods_func import get_password
from calculate.lib.cl_lang import setLocalTranslate
from calculate.lib.utils.common import getpass
from calculate.lib.utils.files import listDirectory
setLocalTranslate('cl_console3',sys.modules[__name__])
_ = lambda x: x
setLocalTranslate('cl_console3', sys.modules[__name__])
VERSION = 0.11
def client_post_cert (client, clVars, show_info = False):
def client_post_cert(client, clVars, show_info=False):
""" send a certificate server for check """
sid = get_sid(client.SID_FILE)
lang = os.environ['LANG'][:2]
_result_post_cert, _result_sid = client.service.init_session(sid, lang)
result_post_cert = _result_post_cert[1].integer
result_sid = _result_sid[1].integer
if os.environ.get("DEBUG"):
print _("The client uses certificate %s (server ID %s)") %(client.CERT_FILE, result_post_cert[0])
print _("The client uses certificate %s (server ID %s)") % (
client.CERT_FILE, result_post_cert[0])
if result_post_cert[0] == -4:
print _("Certificate not found on the server")
print _("the client uses certificate %s") %client.CERT_FILE
print _('You can generate a new certificate using options --gen-cert-by and '\
print _("the client uses certificate %s") % client.CERT_FILE
print _('You can generate a new certificate '
'using options --gen-cert-by and '
'--get-cert-from')
raise Exception(3)
# client_sid(sid, client, cert_id = results[0][0], clVars = clVars)
# client_sid(sid, client, cert_id = results[0][0], clVars = clVars)
if result_post_cert[0] == -3:
print _("Certificate not sent!")
elif result_post_cert[0] == -2:
print _("Using the upstream certificate")
else:
if show_info:
print _(" Your certifitate ID = %d") %(result_post_cert[0])
print _(" Your certifitate ID = %d") % (result_post_cert[0])
try:
if result_post_cert[1] == -2:
print _("The certificate has expired")
elif result_post_cert[1] > 0:
if show_info:
print _("The certificate expires after %d days") \
%(result_post_cert[1])
% (result_post_cert[1])
except:
pass
@ -75,27 +85,30 @@ def client_post_cert (client, clVars, show_info = False):
if show_info:
if result_sid[1] == 1:
print _(" New Session")
else: print _(" Old Session")
print _(" Your session ID = %s") %sid
#Creation of secret key of the client
def new_key_req(key, cert_path, server_host_name, private_key_passwd = None, \
auto = False):
from create_cert import generateRSAKey, makePKey, makeRequest,\
passphrase_callback
else:
print _(" Old Session")
print _(" Your session ID = %s") % sid
# Creation of secret key of the client
def new_key_req(key, cert_path, server_host_name, private_key_passwd=None,
auto=False):
from create_cert import generateRSAKey, makePKey, makeRequest, \
passphrase_callback
rsa = generateRSAKey()
rsa.save_key(key+'_pub', cipher=None, callback = lambda *unused: None)
rsa.save_key(key + '_pub', cipher=None, callback=lambda *unused: None)
pkey = makePKey(rsa)
if not passphrase_callback(private_key_passwd):
pkey.save_key(key, cipher = None, callback = lambda *unused: None)
pkey.save_key(key, cipher=None, callback=lambda *unused: None)
else:
pkey.save_key(key, callback= lambda *unused: str(private_key_passwd))
pkey.save_key(key, callback=lambda *unused: str(private_key_passwd))
req = makeRequest(rsa, pkey, server_host_name, auto)
crtreq = req.as_pem()
req_file = cert_path + '/%s.csr' %server_host_name
req_file = cert_path + '/%s.csr' % server_host_name
crtfile = open(req_file, 'w')
crtfile.write(crtreq)
crtfile.close()
@ -104,13 +117,14 @@ def new_key_req(key, cert_path, server_host_name, private_key_passwd = None, \
try:
pwdObj = pwd.getpwnam(user_name)
except KeyError, e:
_print (e)
_print(e)
return None
os.chown(key, pwdObj.pw_uid, pwdObj.pw_gid)
os.chmod(key, 0600)
return req_file
def delete_old_cert(client):
try:
os.unlink(client.CERT_FILE)
@ -118,15 +132,16 @@ def delete_old_cert(client):
os.unlink(client.PKEY_FILE)
os.unlink(client.PubKEY_FILE)
except OSError, e:
_print (e.message)
_print(e.message)
def client_post_request (cert_path, args):
def client_post_request(cert_path, args):
if os.path.exists(cert_path + 'req_id'):
print \
_("You already sent a certificate signature request.")
_print (_("Request ID = %s") %open(cert_path + 'req_id', 'r').read())
ans = raw_input (_("Send a new request? y/[n]: "))
if not ans.lower() in ['y','yes']:
_print(_("Request ID = %s") % open(cert_path + 'req_id', 'r').read())
ans = raw_input(_("Send a new request? y/[n]: "))
if not ans.lower() in ['y', 'yes']:
return 0
clVars = DataVarsCore()
clVars.importCore()
@ -134,49 +149,51 @@ def client_post_request (cert_path, args):
port = args.port or clVars.Get('core.cl_core_port')
url = "https://%s:%s/?wsdl" %(args.by_host, port)
print '%s\n'% url, _("connecting...")
url = "https://%s:%s/?wsdl" % (args.by_host, port)
print '%s\n' % url, _("connecting...")
from client_class import Client_suds
try:
client = Client_suds(url, transport = HTTPSClientCertTransport \
(None, None, cert_path))
client = Client_suds(url, transport=HTTPSClientCertTransport \
(None, None, cert_path))
except (KeyboardInterrupt, urllib2.URLError), e:
print '\n'+_("Closing. Connection error.")
_print (_("Error: %s") %e)
print '\n' + _("Closing. Connection error.")
_print(_("Error: %s") % e)
return 0
client.wsdl.services[0].setlocation(url)
server_host_name = client.service.get_server_host_name()
key = os.path.join(cert_path, server_host_name + '.key')
csr_file = os.path.join(cert_path, server_host_name +'.csr')
csr_file = os.path.join(cert_path, server_host_name + '.csr')
if os.path.exists(key) and os.path.exists(csr_file):
print _("the private key and request now exist")
ask = raw_input(_("Create a new private key and request? y/[n]: "))
if ask.lower() in ['y','yes']:
if ask.lower() in ['y', 'yes']:
passwd = get_password()
new_key_req(key, cert_path, server_host_name,
private_key_passwd = passwd)
new_key_req(key, cert_path, server_host_name,
private_key_passwd=passwd)
else:
passwd = get_password()
new_key_req(key, cert_path, server_host_name,
private_key_passwd = passwd)
private_key_passwd=passwd)
ip, mac, client_type = get_ip_mac_type()
data = open(csr_file).read()
res = client.service.post_client_request(request = data, ip = ip,\
mac = mac, client_type = client_type)
res = client.service.post_client_request(request=data, ip=ip,
mac=mac, client_type=client_type)
if int(res) < 0:
print _("The server has not signed the certificate!")
return 1
fc = open(os.path.join(cert_path, 'req_id'), 'w')
fc.write(res)
fc.close()
_print (_("Your request ID = %s") %res + '.\n',
_("To submit the certificate request on the server use command") + \
'\n'+'cl-core --sign-client ID_CLIENT_REQUEST')
_print(_("Your request ID = %s") % res + '.\n',
_("To submit the certificate request on the server use command") + \
'\n' + 'cl-core --sign-client ID_CLIENT_REQUEST')
return 0
def client_get_cert(cert_path, args):
clVars = DataVarsCore()
clVars.importCore()
@ -184,35 +201,38 @@ def client_get_cert(cert_path, args):
if not os.path.exists(os.path.join(cert_path, 'req_id')):
print _("Request not sent or file %s deleted") \
%(os.path.join(cert_path, 'req_id'))
% (os.path.join(cert_path, 'req_id'))
return 1
fc = open(os.path.join(cert_path, 'req_id'), 'r')
req_id = fc.read()
fc.close()
port = args.port or clVars.Get('core.cl_core_port')
url = "https://%s:%s/?wsdl" %(args.from_host, port)
print '%s\n' %url, _("connecting...")
url = "https://%s:%s/?wsdl" % (args.from_host, port)
print '%s\n' % url, _("connecting...")
from client_class import Client_suds
try:
client = Client_suds(url, \
transport = HTTPSClientCertTransport(None, None, cert_path))
client = Client_suds(url,
transport=HTTPSClientCertTransport(None, None,
cert_path))
except KeyboardInterrupt:
print _("Closing. Connection error.")
return 1
client.wsdl.services[0].setlocation(url)
server_host_name = client.service.get_server_host_name()
if not os.path.exists(os.path.join(cert_path, server_host_name + '.csr')):
print _("Request %s not found on the client's side") \
%(os.path.join(cert_path, server_host_name + '.csr'))
% (os.path.join(cert_path, server_host_name + '.csr'))
return 1
request = open(os.path.join(cert_path, server_host_name + '.csr')).read()
md5 = hashlib.md5()
md5.update(request)
md5sum = md5.hexdigest()
result = client.service.get_client_cert(req_id, md5sum)
cert = result[0][0]
try:
@ -224,9 +244,9 @@ def client_get_cert(cert_path, args):
return 1
elif cert == '2':
print _("Signature request not examined yet.")
print _("Your request ID = %s") %req_id + '.\n',\
_("To submit the certificate request on the server use command") + \
'\n'+'cl-core --sign-client ID_CLIENT_REQUEST'
print _("Your request ID = %s") % req_id + '.\n', \
_("To submit the certificate request on the server use command") + \
'\n' + 'cl-core --sign-client ID_CLIENT_REQUEST'
return 1
elif cert == '3':
print _("Request or signature not matching earlier data.")
@ -241,13 +261,13 @@ def client_get_cert(cert_path, args):
try:
os.unlink(cert_path + 'req_id')
except OSError, e:
_print (e.message)
print _('Certificate saved. Your certificate ID: %s') %req_id
_print(e.message)
print _('Certificate saved. Your certificate ID: %s') % req_id
user_name = pwd.getpwuid(os.getuid()).pw_name
try:
pwdObj = pwd.getpwnam(user_name)
except KeyError, e:
_print (e)
_print(e)
return None
os.chown(cert_file, pwdObj.pw_uid, pwdObj.pw_gid)
os.chmod(cert_file, 0600)
@ -261,7 +281,7 @@ def client_get_cert(cert_path, args):
cl_client_cert_dir = clVars.Get('core.cl_client_cert_dir')
homePath = clVars.Get('ur_home_path')
cl_client_cert_dir = cl_client_cert_dir.replace("~",homePath)
cl_client_cert_dir = cl_client_cert_dir.replace("~", homePath)
root_cert_md5 = os.path.join(cl_client_cert_dir, "ca/cert_list")
md5 = hashlib.md5()
@ -271,7 +291,7 @@ def client_get_cert(cert_path, args):
print "md5sum = ", md5sum
if not os.path.exists(root_cert_md5):
fc = open(root_cert_md5,"w")
fc = open(root_cert_md5, "w")
fc.close()
filename = None
@ -280,32 +300,31 @@ def client_get_cert(cert_path, args):
# for each line
for line in t.splitlines():
# Split string into a words list
words = line.split(' ',1)
words = line.split(' ', 1)
if words[0] == md5sum:
filename = words[1]
if not filename:
certobj = OpenSSL.crypto.load_certificate \
(OpenSSL.SSL.FILETYPE_PEM, ca_root)
(OpenSSL.SSL.FILETYPE_PEM, ca_root)
Issuer = certobj.get_issuer().get_components()
for item in Issuer:
if item[0] == 'CN':
filename = item[1]
fc = open(root_cert_md5,"a")
fc.write('%s %s\n' %(md5sum, filename))
fc = open(root_cert_md5, "a")
fc.write('%s %s\n' % (md5sum, filename))
fc.close()
if not filename:
print _('Field "CN" not found in the certificate!')
return 1
fd = open(os.path.join(cl_client_cert_dir, 'ca', filename), 'w')
fd.write(ca_root)
fd.close()
user_root_cert = clVars.Get('core.cl_user_root_cert')
user_root_cert = user_root_cert.replace("~",homePath)
user_root_cert = user_root_cert.replace("~", homePath)
fa = open(user_root_cert, 'a')
fa.write(ca_root)
fa.close()
@ -314,94 +333,103 @@ def client_get_cert(cert_path, args):
else:
print _("The file containing the CA certificate now exists")
return 0
def client_post_auth(client):
""" authorization client or post request """
sid = get_sid(client.SID_FILE)
client.sid = int(sid)
try:
if os.path.exists(client.CERT_FILE):
pass#client_post_cert(client)
pass # client_post_cert(client)
else:
#client_post_request(client)
print _("You do not have a certificate. Use option --gen-cert-by HOST to generate a new request or --get-cert-from HOST to get a new certificate from the server.")
# client_post_request(client)
print _(
"You do not have a certificate. Use option --gen-cert-by HOST to generate a new request or --get-cert-from HOST to get a new certificate from the server.")
raise Exception(1)
# print client.service.versions(sid, VERSION)
# print client.service.versions(sid, VERSION)
except VerifyError, e:
print e.value
raise Exception(1)
########## Get password
def getRunProc():
"""List run program"""
def getCmd(procNum):
cmdLineFile = '/proc/%s/cmdline'%procNum
cmdLineFile = '/proc/%s/cmdline' % procNum
try:
if os.path.exists(cmdLineFile):
return [open(cmdLineFile,'r').read().strip(), procNum]
return [open(cmdLineFile, 'r').read().strip(), procNum]
except:
pass
return ["", procNum]
if not os.access('/proc',os.R_OK):
if not os.access('/proc', os.R_OK):
return []
return map(getCmd,
filter(lambda x:x.isdigit(),
listDirectory('/proc')))
filter(lambda x: x.isdigit(),
listDirectory('/proc')))
def owner(pid):
UID = 1
for ln in open('/proc/%s/status' %pid):
for ln in open('/proc/%s/status' % pid):
if ln.startswith('Uid:'):
uid = int(ln.split()[UID])
return pwd.getpwuid(uid).pw_name
def create_socket(file_path, username):
host = '' # ip
host = '' # ip
port = 5501 # порт
find_proc = False
# if not file_path:
# home_path = pwd.getpwuid(os.getuid()).pw_dir
# file_path = os.path.join(home_path, '.calculate', 'passwd_daemon')
# if not username:
# username = pwd.getpwuid(os.getuid()).pw_name
for run_commands in filter(lambda x:'cl-consoled' in \
x[0],getRunProc()):
# if not file_path:
# home_path = pwd.getpwuid(os.getuid()).pw_dir
# file_path = os.path.join(home_path, '.calculate', 'passwd_daemon')
# if not username:
# username = pwd.getpwuid(os.getuid()).pw_name
for run_commands in filter(lambda x: 'cl-consoled' in \
x[0], getRunProc()):
if 'python' in run_commands[0]:
if username == owner(run_commands[1]):
#print 'YES'
# print 'YES'
find_proc = True
if not find_proc:
try:
os.unlink(file_path)
except OSError, e:
_print (e.message)
_print(e.message)
cmd = ['cl-consoled']
#print cmd
subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE,
stdout = subprocess.PIPE, stderr=subprocess.PIPE)
# print cmd
subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE,
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
while True:
try:
s.bind((host,port)) # ассоциировать адрес с сокетом
s.bind((host, port)) # ассоциировать адрес с сокетом
break
except socket.error:
port += 1
return s
def set_password(s, req, size):
password = getpass.getpass(_('Password: '))
msg = '%s,%s' %(req,password)
msg = '%s,%s' % (req, password)
s.send(msg)
resp = s.recv(size)
if resp.startswith('Error'):
_print (resp)
_print(resp)
return password
def clear_password(server_host, server_port):
size = 1024 # размер данных
username = pwd.getpwuid(os.getuid()).pw_name
@ -417,18 +445,19 @@ def clear_password(server_host, server_port):
while connect_error < 10:
if os.path.isfile(file_path):
serv_port, hash_val = open(file_path, 'r').read().split()
break
s.connect(('localhost', int(serv_port)))
req = 'delete,%s,%s,%s,%s' % (server_host, str(server_port),
username, hash_val)
s.send(req)
s.recv(size)
return
else:
connect_error += 1
time.sleep(0.3)
s.connect(('localhost', int(serv_port)))
break
except socket.error:
time.sleep(0.3)
req = 'delete,%s,%s,%s,%s' %(server_host, str(server_port), username,
hash_val)
s.send(req)
resp = s.recv(size)
def socket_connect(s, file_path):
connect_error = 0
@ -437,15 +466,15 @@ def socket_connect(s, file_path):
while connect_error < 10:
if os.path.isfile(file_path):
serv_port, hash_val = open(file_path, 'r').read().split()
break
s.connect(('localhost', int(serv_port)))
return s, hash_val
else:
connect_error += 1
time.sleep(0.3)
s.connect(('localhost', int(serv_port)))
break
except socket.error:
time.sleep(0.3)
return s, hash_val
def get_password_from_daemon(server_host, server_port, wait_thread):
size = 1024 # размер данных
@ -458,7 +487,8 @@ def get_password_from_daemon(server_host, server_port, wait_thread):
s = create_socket(file_path, username)
s, hash_val = socket_connect(s, file_path)
req = '%s,%s,%s,%s' %(server_host,str(server_port),username,hash_val)
req = '%s,%s,%s,%s' % (
server_host, str(server_port), username, hash_val)
s.send(req)
resp = s.recv(size)
if resp.startswith('Error'):

179
pym/console/application/cert_verify.py
Unescape View File

@ -1,4 +1,4 @@
#-*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
#
@ -14,35 +14,41 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import os, re, glob, sys
import os
import re
import sys
import OpenSSL
from calculate.console.application.function import _print
from calculate.core.datavars import DataVarsCore
from calculate.lib.cl_lang import setLocalTranslate
setLocalTranslate('cl_console3',sys.modules[__name__])
_ = lambda x: x
setLocalTranslate('cl_console3', sys.modules[__name__])
class VerifyError(Exception):
def __init__(self, value):
self.value = value
def __str__(self):
return repr(self.value)
# check recall of server certificate
def verify(server_cert, crl_path, flag):
certobj = OpenSSL.crypto.load_certificate \
(OpenSSL.SSL.FILETYPE_PEM, server_cert)
certobj = OpenSSL.crypto.load_certificate(
OpenSSL.SSL.FILETYPE_PEM, server_cert)
serverSerial = certobj.get_serial_number()
Issuer = certobj.get_issuer().get_components()
CN, L = None, None
for i in Issuer:
if i[0] == 'CN':
CN = i[1]
CN = i[1]
elif i[0] == 'L':
L = i[1]
L = i[1]
if CN and len(CN) > 2:
crl_file = crl_path + CN
elif L:
@ -55,31 +61,30 @@ def verify(server_cert, crl_path, flag):
crl_file = crl_path + host
else:
if not flag:
print _( "fields CN and L in the CA certificate are incorrect!")
print _("fields CN and L in the CA certificate are incorrect!")
return 0
if not os.path.exists(crl_file):
if not flag:
pass
# print _("This certificate can not be verified in the CRL.")
# print _("This certificate can not be verified in the CRL.")
return 0
with open(crl_file, 'r') as _crl_file:
crl = "".join(_crl_file.readlines())
if crl == '':
return 0
crl_object = OpenSSL.crypto.load_crl(OpenSSL.crypto.FILETYPE_PEM, crl)
revoked_objects = crl_object.get_revoked()
for rvk in revoked_objects:
if serverSerial == int(rvk.get_serial(), 16):
print _("This certificate has been revoked!")
print _("Serial")+ _(': %s\n') %rvk.get_serial() + _("Revoke date") + \
_(': %s') %rvk.get_rev_date()
print _("Serial") + _(': %s\n') % rvk.get_serial() + _(
"Revoke date") + _(': %s') % rvk.get_rev_date()
raise VerifyError('CRL Exception')
return 0
@ -95,100 +100,105 @@ def get_CRL(path_to_cert):
try:
os.makedirs(path_to_cert)
except OSError:
print _("Failed to create directory %s") %path_to_cert
print _("Failed to create directory %s") % path_to_cert
raise Exception(1)
try:
os.makedirs(os.path.join(path_to_cert, 'ca'))
except OSError:
print _("Failed to create directory %s") \
%(os.path.join(path_to_cert, 'ca'))
print _("Failed to create directory %s") % (
os.path.join(path_to_cert, 'ca'))
raise Exception(1)
os.makedirs(CRL_path)
clVars = DataVarsCore()
clVars.importCore()
clVars.flIniFile()
# user and system ca and root certificates
user_root_cert = clVars.Get('core.cl_user_root_cert')
homePath = clVars.Get('ur_home_path')
user_root_cert = user_root_cert.replace("~",homePath)
user_root_cert = user_root_cert.replace("~", homePath)
glob_root_cert = clVars.Get('core.cl_glob_root_cert')
if os.path.exists(user_root_cert):
user_ca_certs = open(user_root_cert, 'r').read()
else: user_ca_certs = ''
else:
user_ca_certs = ''
if os.path.exists(glob_root_cert):
glob_ca_certs = open(glob_root_cert, 'r').read()
else: glob_ca_certs = ''
else:
glob_ca_certs = ''
# get certificates list fron text
p = re.compile('[-]+[\w ]+[-]+\n+[\w\n\+\\=/]+[-]+[\w ]+[-]+\n?')
user_ca_certs_list = p.findall(user_ca_certs)
glob_ca_certs_list = p.findall(glob_ca_certs)
# association in one list
all_ca_certs_list = user_ca_certs_list + glob_ca_certs_list
for ca in all_ca_certs_list:
certobj = OpenSSL.crypto.load_certificate \
(OpenSSL.SSL.FILETYPE_PEM, ca)
certobj = OpenSSL.crypto.load_certificate(OpenSSL.SSL.FILETYPE_PEM, ca)
# get url from certificates
url = None
CN = None
Subject = certobj.get_subject().get_components()
last_subj = ""
for subj in Subject:
if subj[0] == 'L':
url = "https://" + subj[1] +"/?wsdl"
url = "https://" + subj[1] + "/?wsdl"
if subj[0] == 'CN':
CN = subj[1]
last_subj = subj
if url:
new_crl = None
from client_class import Client_suds
from client_class import HTTPSClientCertTransport
# connect to ca server (url get from certificates)
client = None
try:
client = Client_suds(url,\
transport = HTTPSClientCertTransport(None, None, \
client = Client_suds(
url, transport=HTTPSClientCertTransport(None, None,
path_to_cert))
client.set_parameters (path_to_cert, None, None)
client.set_parameters(path_to_cert, None, None)
new_crl = client.service.get_crl()
except VerifyError, e:
_print (e.value)
#rm_ca_from_trusted(ca)
_print(e.value)
# rm_ca_from_trusted(ca)
raise Exception(1)
except:
pass
client.wsdl.services[0].setlocation(url)
if 'new_crl' in locals():
if new_crl:
if CN and len(CN) > 2:
CRL_file = CRL_path + CN
else:
host = subj[1].split(':')[0]
CRL_file = CRL_path + host
if new_crl == ' ':
open(CRL_file, 'w')
#if os.path.exists(CRL_file):
#os.unlink(CRL_file)
if new_crl:
if CN and len(CN) > 2:
CRL_file = CRL_path + CN
else:
host = last_subj[1].split(':')[0]
CRL_file = CRL_path + host
if new_crl == ' ':
open(CRL_file, 'w')
# if os.path.exists(CRL_file):
# os.unlink(CRL_file)
continue
if os.path.exists(CRL_file):
if open(CRL_file, 'r').read() == new_crl:
continue
if os.path.exists(CRL_file):
if open(CRL_file, 'r').read() == new_crl:
continue
fd = open(CRL_file, 'w')
fd.write(new_crl)
fd.close()
print _("CRL added")
find_ca_in_crl (CRL_path, all_ca_certs_list)
def find_ca_in_crl (CRL_path, all_ca_certs_list):
CRL_name_list = glob.glob(CRL_path + '*')
fd = open(CRL_file, 'w')
fd.write(new_crl)
fd.close()
print _("CRL added")
find_ca_in_crl(CRL_path, all_ca_certs_list)
def find_ca_in_crl(CRL_path, all_ca_certs_list):
for ca in all_ca_certs_list:
certobj = OpenSSL.crypto.load_certificate \
(OpenSSL.SSL.FILETYPE_PEM, ca)
certobj = OpenSSL.crypto.load_certificate(
OpenSSL.SSL.FILETYPE_PEM, ca)
Issuer = certobj.get_issuer().get_components()
CN = ""
for item in Issuer:
if item[0] == 'CN':
CN = item[1]
@ -196,13 +206,13 @@ def find_ca_in_crl (CRL_path, all_ca_certs_list):
CRL = CRL_path + CN
if not os.path.exists(CRL):
continue
with open(CRL, 'r') as _crl_file:
crl = "".join(_crl_file.readlines())
try:
crl_object = OpenSSL.crypto.load_crl \
(OpenSSL.crypto.FILETYPE_PEM, crl)
crl_object = OpenSSL.crypto.load_crl(
OpenSSL.crypto.FILETYPE_PEM, crl)
except:
continue
revoked_objects = crl_object.get_revoked()
@ -211,30 +221,33 @@ def find_ca_in_crl (CRL_path, all_ca_certs_list):
if serverSerial == int(rvk.get_serial(), 16):
rm_ca_from_trusted(ca)
def rm_ca_from_trusted(ca_cert):
clVars = DataVarsCore()
clVars.importCore()
clVars.flIniFile()
user_ca_dir = clVars.Get('core.cl_client_cert_dir')
homePath = clVars.Get('ur_home_path')
user_ca_dir = user_ca_dir.replace("~",homePath)
user_ca_dir = user_ca_dir.replace("~", homePath)
user_ca_dir = os.path.join(user_ca_dir, 'ca')
user_ca_list = os.path.join(user_ca_dir, 'cert_list')
user_ca_db = clVars.Get('core.cl_user_root_cert')
homePath = clVars.Get('ur_home_path')
user_ca_db = user_ca_db.replace("~",homePath)
user_ca_db = user_ca_db.replace("~", homePath)
system_ca_dir = clVars.Get('core.cl_core_cert_path')
system_ca_list = os.path.join(system_ca_dir, 'cert_list')
system_ca_db = clVars.Get('core.cl_glob_root_cert')
import hashlib
md5 = hashlib.md5()
md5.update(ca_cert)
md5sum = md5.hexdigest()
# search ca certificate in user ca list
newfile = ''
with open(user_ca_list) as fd:
t = fd.read()
# See each line
@ -248,52 +261,52 @@ def rm_ca_from_trusted(ca_cert):
try:
os.unlink(filename)
except OSError, e:
_print (e.message)
_print(e.message)
else:
newfile += (line + '\n')
else:
newfile += (line + '\n')
fd.close()
fn = open(user_ca_list, 'w')
fn.write(newfile)
fn.close()
p = re.compile('[-]+[\w ]+[-]+\n+[\w\n\+\\=/]+[-]+[\w ]+[-]+\n?')
# open, write and split user ca certificates
user_ca_certs = open(user_ca_db, 'r').read()
user_ca_certs_list = p.findall(user_ca_certs)
if ca_cert in user_ca_certs_list:
new_user_ca_certs = []
for cert in user_ca_certs_list:
if ca_cert != cert:
new_user_ca_certs.append(cert)
else:
print _("CA certificate deleted from the list of user " \
print _("CA certificate deleted from the list of user "
"trusted certificates")
fd = open(user_ca_db, 'w')
for cert in new_user_ca_certs:
fd.write(cert)
fd.close()
if not os.path.exists(system_ca_db):
open(system_ca_db, 'w')
system_ca_certs = open(system_ca_db, 'r').read()
system_ca_certs_list = p.findall(system_ca_certs)
if ca_cert in system_ca_certs_list:
new_system_ca_certs = []
for cert in system_ca_certs_list:
if ca_cert != cert:
new_system_ca_certs.append(cert)
else:
print _("CA certificate deleted from the list of system " \
print _("CA certificate deleted from the list of system "
"trusted certificates")
fd = open(system_ca_db, 'w')
for cert in new_system_ca_certs:
fd.write(cert)

239
pym/console/application/cl_client.py
Unescape View File

@ -1,4 +1,4 @@
#-*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
#
@ -20,12 +20,16 @@ from sudsds.transport import TransportError
from client_class import Client_suds
import traceback as tb
import time, logging
import os, sys
import threading, urllib2
import time
import logging
import os
import sys
import threading
import urllib2
from pid_information import client_list_methods
from cert_func import client_post_auth, client_post_request, client_get_cert,\
client_post_cert, get_password_from_daemon, clear_password
from cert_func import (client_post_auth, client_post_request, client_get_cert,
client_post_cert, get_password_from_daemon,
clear_password)
from sid_func import session_clean, client_session_info, client_session_list
from cert_verify import get_CRL, VerifyError
@ -33,11 +37,13 @@ import M2Crypto, OpenSSL
from calculate.core.datavars import DataVarsCore
from client_class import HTTPSClientCertTransport
from methods_func import call_method, get_method_argparser, parse, get_view
from function import MessageReceiver, MessageDispatcher, clear, _print, \
get_view_params
from function import (MessageReceiver, MessageDispatcher, clear, _print,
get_view_params)
from calculate.lib.utils.files import makeDirectory, readLinesFile
from calculate.lib.cl_lang import setLocalTranslate
setLocalTranslate('cl_console3',sys.modules[__name__])
_ = lambda x: x
setLocalTranslate('cl_console3', sys.modules[__name__])
def get_message_receiver(client):
@ -48,6 +54,7 @@ def get_entire_message_receiver(client, pid):
return MessageReceiver.from_entire(client, pid,
MessageDispatcher(Methods()), Display())
def client_signal(client):
Vars = DataVarsCore()
Vars.importCore()
@ -57,7 +64,7 @@ def client_signal(client):
except:
client_active = 15
while True:
if os.path.exists(client.SID_FILE) :
if os.path.exists(client.SID_FILE):
fi = open(client.SID_FILE, 'r')
temp = fi.read()
fi.close()
@ -71,6 +78,7 @@ def client_signal(client):
raise Exception(1)
time.sleep(float(client_active))
class StoppableThread(threading.Thread):
def __init__(self):
super(StoppableThread, self).__init__()
@ -79,8 +87,7 @@ class StoppableThread(threading.Thread):
self._paused = threading.Event()
def run(self):
l = ['|','/','-','\\','|','/','-','\\']
i = 0
l = ['|', '/', '-', '\\', '|', '/', '-', '\\']
while True:
for i in l:
sys.stdout.write("\r\r" + i)
@ -92,7 +99,6 @@ class StoppableThread(threading.Thread):
sys.stdout.write("\b")
sys.stdout.flush()
return 0
def pause(self):
self._pause.set()
@ -113,6 +119,7 @@ class StoppableThread(threading.Thread):
def paused(self):
return self._pause.isSet()
def connect_with_cert(cert, path_to_cert, url, args, wait_thread, clVarsCore,
crypto_Error, Connect_Error):
flag_thread_start = False
@ -121,50 +128,53 @@ def connect_with_cert(cert, path_to_cert, url, args, wait_thread, clVarsCore,
CERT_KEY = os.path.join(path_to_cert, cert_name + '.key')
if not os.path.isfile(CERT_FILE) or not os.path.isfile(CERT_KEY):
Connect_Error = 1
return (None, 1, crypto_Error, False, None)
return None, 1, crypto_Error, False, None
client = None
bio = M2Crypto.BIO.openfile(CERT_KEY)
rsa = M2Crypto.m2.rsa_read_key(bio._ptr(),lambda *unused: None)
rsa = M2Crypto.m2.rsa_read_key(bio._ptr(), lambda *unused: None)
store_passwd = None
if not rsa:
port = args.port or clVarsCore.Get('core.cl_core_port')
store_passwd = get_password_from_daemon(args.host, args.port,
wait_thread)
if 'store_passwd' in locals():
key_passwd = store_passwd
else:
key_passwd = None
store_passwd = get_password_from_daemon(args.host, port, wait_thread)
key_passwd = store_passwd
er = None
try:
ca_certs = os.path.join(path_to_cert, 'ca/ca_root.crt')
client = Client_suds(url, transport=HTTPSClientCertTransport \
(CERT_KEY, CERT_FILE, path_to_cert, password=key_passwd,
ca_certs = ca_certs, wait_thread = wait_thread))
client = Client_suds(
url, transport=HTTPSClientCertTransport(
CERT_KEY, CERT_FILE, path_to_cert, password=key_passwd,
ca_certs=ca_certs, wait_thread=wait_thread))
if not wait_thread.isAlive():
wait_thread = StoppableThread()
flag_thread_start = True
wait_thread.start()
client.wsdl.services[0].setlocation(url)
client.set_parameters (path_to_cert, CERT_FILE, CERT_KEY)
client.set_parameters(path_to_cert, CERT_FILE, CERT_KEY)
wait_thread.stop()
client_post_cert(client, clVarsCore)
Connect_Error = 0
except VerifyError, e:
Connect_Error = 1
er = e
except OpenSSL.crypto.Error, e:
Connect_Error = 1
crypto_Error = 1
er = e
except urllib2.URLError, e:
Connect_Error = 1
except Exception, e:
er = e
except Exception as e:
er = e
if e.message == 3:
wait_thread.stop()
sys.exit(1)
Connect_Error = 1
if flag_thread_start:
wait_thread.stop()
return (client, Connect_Error, crypto_Error,
True if 'store_passwd' in locals() else False,
e if 'e' in locals() else None)
return (client, Connect_Error, crypto_Error,
True if store_passwd is not None else False, er)
def get_server_hostname(host, path_to_cert):
compliance_file = os.path.join(path_to_cert, 'compliance_server_names')
@ -172,11 +182,12 @@ def get_server_hostname(host, path_to_cert):
fd = open(compliance_file, 'w')
fd.close()
for line in readLinesFile(compliance_file):
adress, server_hostname = line.split(' ',1)
adress, server_hostname = line.split(' ', 1)
if adress == host:
return server_hostname
return None
def add_server_hostname(host, path_to_cert, server_hostname):
try:
compliance_file = os.path.join(path_to_cert, 'compliance_server_names')
@ -186,14 +197,14 @@ def add_server_hostname(host, path_to_cert, server_hostname):
temp_file = ''
find_flag = False
for line in readLinesFile(compliance_file):
adress, temp_server_hostname = line.split(' ',1)
adress, temp_server_hostname = line.split(' ', 1)
if adress == host:
temp_file += "%s %s\n" %(adress, server_hostname)
temp_file += "%s %s\n" % (adress, server_hostname)
find_flag = True
else:
temp_file += line+'\n'
temp_file += line + '\n'
if not find_flag:
temp_file += "%s %s\n" %(host, server_hostname)
temp_file += "%s %s\n" % (host, server_hostname)
fd = open(compliance_file, 'w')
fd.write(temp_file)
fd.close()
@ -202,23 +213,10 @@ def add_server_hostname(host, path_to_cert, server_hostname):
print e
return False
def https_server(client, args, unknown_args, url, clVarsCore, wait_thread):
client_post_auth(client)
# sym_link = os.path.basename(sys.argv[0])
# if sym_link != 'cl-console':
# wait_thread.stop()
# results = client.service.get_methods(client.sid, 'console')
# find_flag = False
# if hasattr (results, 'stringArray'):
# for _array in results.stringArray:
# if _array.string[0] == sym_link:
# args.method = _array.string[1]
# find_flag = True
# break
# if not find_flag:
# _print (_('Method not found for %s') %sym_link)
if args.stop_consoled:
wait_thread.stop()
os.system('cl-consoled --stop')
@ -242,9 +240,11 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread):
wait_thread.stop()
if args.dump:
from pid_information import client_pid_info
client_pid_info(client)
else:
from pid_information import client_list_pid
client_list_pid(client)
return 0
@ -267,6 +267,7 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread):
if args.pid_kill:
wait_thread.stop()
from pid_information import client_pid_kill
return client_pid_kill(client, args.pid_kill)
retCode = 0
@ -289,7 +290,8 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread):
_unknown_args = method_parser.fixBoolVariables(unknown_args)
_args, _unknown_args = method_parser.parse_known_args(_unknown_args)
_args, _unknown_args = method_parser.parse_known_args(
_unknown_args)
if dispatch_usenew == _args.no_questions:
method_parser.print_help()
@ -308,16 +310,16 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread):
client.no_progress = args.no_progress
try:
mr.analysis(method_result)
#analysis(client, client.sid, method_result)
# analysis(client, client.sid, method_result)
except urllib2.URLError, e:
_print (e)
_print(e)
except KeyboardInterrupt:
try:
print
mess = method_result[0][0]
pid = int(mess.message)
result = client.service.pid_kill(pid, client.sid)
if result in [0,2]:
if result in [0, 2]:
print _('Process terminated')
elif result == -1:
print _("Certificate not found on the server")
@ -334,14 +336,15 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread):
pid = int(mess.message)
except:
return 1
retCode = \
1 if int(client.service.pid_info(client.sid,pid)[0][1]) else 0
retCode = 1 if int(
client.service.pid_info(client.sid, pid)[0][1]) else 0
if not args.keep_result:
client.service.clear_pid_cache(client.sid, pid)
client.service.clear_method_cache(client.sid, args.method)
wait_thread.stop()
return retCode
def main(wait_thread):
parser = parse()
args, unknown_args = parser.parse_known_args()
@ -361,6 +364,7 @@ def main(wait_thread):
cl_wsdl = ob.Get('cl_wsdl_available')
# создать симлинки на команды
from calculate.core.server.func import initialization
initialization(cl_wsdl)
ob.close()
if sym_link in loaded_methods.LoadedMethods.conMethods.keys():
@ -398,7 +402,7 @@ def main(wait_thread):
path_to_cert = args.path_to_cert
if not path_to_cert:
path_to_cert = clVarsCore.Get('core.cl_client_cert_dir')
path_to_cert = path_to_cert.replace("~",homePath)
path_to_cert = path_to_cert.replace("~", homePath)
for dirs in ['', 'ca', 'trusted']:
dir_path = os.path.join(path_to_cert, dirs)
@ -407,12 +411,12 @@ def main(wait_thread):
wait_thread.stop()
sys.stdout.write('\r')
sys.stdout.flush()
print _("Failed to create directory %s") %dir_path
print _("Failed to create directory %s") % dir_path
return 1
if args.update_crl:
wait_thread.stop()
getCRL = threading.Thread(target=get_CRL, args = (path_to_cert, ))
getCRL = threading.Thread(target=get_CRL, args=(path_to_cert,))
getCRL.start()
getCRL.join()
print 'CRL updated'
@ -420,24 +424,26 @@ def main(wait_thread):
if args.by_host:
wait_thread.stop()
client_post_request (path_to_cert, args)
client_post_request(path_to_cert, args)
return 0
if args.from_host:
wait_thread.stop()
client_get_cert (path_to_cert, args)
client_get_cert(path_to_cert, args)
return 0
url = "https://%s:%s/?wsdl" %(host, port)
url = "https://%s:%s/?wsdl" % (host, port)
clear()
serv_hostname = get_server_hostname(host, path_to_cert)
get_name_flag = False
client = None
if serv_hostname:
Connect_Error = 1
crypto_Error = 0
client, Connect_Error, crypto_Error, passwd_flag, e = \
connect_with_cert (serv_hostname, path_to_cert, url, args,
wait_thread, clVarsCore, crypto_Error, Connect_Error)
connect_with_cert(serv_hostname, path_to_cert, url, args,
wait_thread, clVarsCore, crypto_Error,
Connect_Error)
if not wait_thread.isAlive():
wait_thread = StoppableThread()
wait_thread.start()
@ -457,62 +463,64 @@ def main(wait_thread):
get_name_flag = False
if get_name_flag:
try:
client.port = port
return_val = 1
if client:
try:
return_val = https_server(client, args, unknown_args, url, \
clVarsCore, wait_thread)
except urllib2.URLError, e:
print _('Error: '), e
client.port = port
return_val = 1
try:
return_val = https_server(client, args, unknown_args, url,
clVarsCore, wait_thread)
except urllib2.URLError, e:
print _('Error: '), e
except KeyboardInterrupt:
wait_thread.stop()
red = '\n' + '\033[31m * \033[0m'
print red + _("Manually interrupted")
except Exception, e:
wait_thread.stop()
if type(e.message) != int:
if e.message:
print e.message
elif e.args:
print e
return 1
wait_thread.stop()
return return_val
except WebFault, f:
print _("Exception: %s") % f
_print(f.fault)
except TransportError, te:
print _("Exception: %s") % te
except KeyboardInterrupt:
wait_thread.stop()
red = '\n'+'\033[31m * \033[0m'
red = '\n' + '\033[31m * \033[0m'
print red + _("Manually interrupted")
except Exception, e:
wait_thread.stop()
if type(e.message) != int:
if e.message:
print e.message
elif e.args:
print e
# tb.print_exc()
return 1
wait_thread.stop()
return return_val
except WebFault, f:
print _("Exception: %s") %f
_print (f.fault)
except TransportError, te:
print _("Exception: %s") %te
except KeyboardInterrupt:
wait_thread.stop()
red = '\n'+'\033[31m * \033[0m'
print red + _("Manually interrupted")
except Exception, e:
print _("Exception: %s") %e
tb.print_exc()
print _("Exception: %s") % e
tb.print_exc()
wait_thread.stop()
server_host_name = ""
try:
client = Client_suds(url, \
transport = HTTPSClientCertTransport(None,None, path_to_cert))
client = Client_suds(
url, transport=HTTPSClientCertTransport(None, None, path_to_cert))
client.wsdl.services[0].setlocation(url)
server_host_name = client.service.get_server_host_name()
if not add_server_hostname(host, path_to_cert, server_host_name):
print 'compliance_file write error!'
del (client)
del client
except urllib2.URLError, e:
wait_thread.stop()
print '\b' + _('Failed to connect')+':', e
print '\b' + _('Failed to connect') + ':', e
return 1
except KeyboardInterrupt:
wait_thread.stop()
red = '\n'+'\033[31m * \033[0m'
red = '\n' + '\033[31m * \033[0m'
print red + _("Manually interrupted")
try:
import glob
all_cert_list = glob.glob(os.path.join(path_to_cert, '*.crt'))
fit_cert_list = []
for client_cert_path in all_cert_list:
@ -520,16 +528,18 @@ def main(wait_thread):
client_cert_name = client_cert.replace('.crt', '')
if server_host_name.endswith(client_cert_name):
fit_cert_list.append(client_cert_name)
fit_cert_list.sort(key = len)
fit_cert_list.sort(key=len)
Connect_Error = 1
crypto_Error = 0
e = None
passwd_flag = False
for i in range (0, len(fit_cert_list)):
for i in range(0, len(fit_cert_list)):
cert_name = fit_cert_list.pop()
client, Connect_Error, crypto_Error, passwd_flag, e = \
connect_with_cert (cert_name, path_to_cert, url, args,
wait_thread, clVarsCore, crypto_Error, Connect_Error)
connect_with_cert(cert_name, path_to_cert, url, args,
wait_thread, clVarsCore, crypto_Error,
Connect_Error)
if not wait_thread.isAlive():
wait_thread = StoppableThread()
wait_thread.start()
@ -537,7 +547,7 @@ def main(wait_thread):
if Connect_Error == 0:
break
#If the certificate file misses
# If the certificate file misses
if Connect_Error:
if crypto_Error and passwd_flag:
wait_thread.stop()
@ -555,21 +565,22 @@ def main(wait_thread):
CERT_FILE = None
CERT_KEY = None
client = Client_suds(url, transport = HTTPSClientCertTransport \
(CERT_KEY, CERT_FILE, path_to_cert))
client = Client_suds(
url, transport=HTTPSClientCertTransport(CERT_KEY, CERT_FILE,
path_to_cert))
client.wsdl.services[0].setlocation(url)
client.set_parameters (path_to_cert, CERT_FILE, CERT_KEY)
client.set_parameters(path_to_cert, CERT_FILE, CERT_KEY)
client.port = port
return_val = 1
try:
return_val = https_server(client, args, unknown_args, url, \
return_val = https_server(client, args, unknown_args, url,
clVarsCore, wait_thread)
except urllib2.URLError, e:
print _('Error: '), e
except KeyboardInterrupt:
wait_thread.stop()
red = '\n'+'\033[31m * \033[0m'
red = '\n' + '\033[31m * \033[0m'
print red + _("Manually interrupted")
except Exception, e:
wait_thread.stop()
@ -578,21 +589,21 @@ def main(wait_thread):
print e.message
elif e.args:
print e
# tb.print_exc()
# tb.print_exc()
return 1
wait_thread.stop()
return return_val
#----------------------------------------------------
# ----------------------------------------------------
except WebFault, f:
print _("Exception: %s") %f
_print (f.fault)
print _("Exception: %s") % f
_print(f.fault)
except TransportError, te:
print _("Exception: %s") %te
print _("Exception: %s") % te
except KeyboardInterrupt:
wait_thread.stop()
red = '\n'+'\033[31m * \033[0m'
red = '\n' + '\033[31m * \033[0m'
print red + _("Manually interrupted")
except Exception, e:
print _("Exception: %s") %e
print _("Exception: %s") % e
tb.print_exc()
wait_thread.stop()

229
pym/console/application/client_class.py
Unescape View File

@ -1,4 +1,4 @@
#-*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
#
@ -15,41 +15,51 @@
# limitations under the License.
import urllib2 as u2
if hasattr(u2,"ssl"):
if hasattr(u2, "ssl"):
u2.ssl._create_default_https_context = u2.ssl._create_unverified_context
import os, sys
import socket, ssl
import OpenSSL, hashlib, M2Crypto
import os
import sys
import socket
import ssl
import OpenSSL
import hashlib
import M2Crypto
from calculate.core.datavars import DataVarsCore
from calculate.lib.datavars import DataVars
from sudsds.client import Client
from cert_verify import verify, get_CRL
from sudsds.transport.http import HttpTransport, SUDSHTTPRedirectHandler, \
CheckingHTTPSConnection, CheckingHTTPSHandler, \
PYOPENSSL_AVAILABLE, PyOpenSSLSocket
from sudsds.transport.http import (HttpTransport, SUDSHTTPRedirectHandler,
CheckingHTTPSConnection,
CheckingHTTPSHandler,
PYOPENSSL_AVAILABLE, PyOpenSSLSocket)
from sudsds.transport import Transport
from sudsds.properties import Unskin
from cookielib import CookieJar, DefaultCookiePolicy
from logging import getLogger
from calculate.console.datavars import DataVarsConsole
from calculate.lib.cl_lang import setLocalTranslate
setLocalTranslate('cl_console3',sys.modules[__name__])
_ = lambda x: x
setLocalTranslate('cl_console3', sys.modules[__name__])
log = getLogger(__name__)
flag = 0
class Client_suds(Client):
def set_parameters (self, path_to_cert, CERT_FILE, PKEY_FILE):
def set_parameters(self, path_to_cert, CERT_FILE, PKEY_FILE):
self.path_to_cert = path_to_cert
if not CERT_FILE:
CERT_FILE = ''
self.CERT_FILE = CERT_FILE
self.REQ_FILE = path_to_cert + 'client.csr'
self.REQ_FILE = path_to_cert + 'client.csr'
self.PKEY_FILE = PKEY_FILE
self.SID_FILE = path_to_cert + 'sid.int'
self.CRL_PATH = path_to_cert + 'ca/crl/'
if not os.path.exists(self.CRL_PATH):
os.makedirs(self.CRL_PATH)
class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
"""based on httplib.HTTPSConnection code - extended to support
server certificate verification and client certificate authorization"""
@ -63,14 +73,14 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
"""
CheckingHTTPSConnection.__init__(self, host, ca_certs, cert_verifier,
keyobj, certobj, **kw)
# self.ClientObj = ClientObj
# self.ClientObj = ClientObj
self.cert_path = cert_path
self.ca_certs = ca_certs
self.CRL_PATH = os.path.join(cert_path, 'ca/crl/')
self.wait_thread = wait_thread
# get filename store cert server
def cert_list (self, host, ca_certs, server_cert):
def cert_list(self, host, ca_certs, server_cert):
if host == '127.0.0.1':
host = 'localhost'
if not os.path.exists(self.trusted_path):
@ -79,7 +89,7 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
except OSError:
pass
if not os.path.exists(ca_certs):
fc = open(ca_certs,"w")
fc = open(ca_certs, "w")
fc.close()
filename = None
try:
@ -107,13 +117,13 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
except:
print _("Failed to open the file"), self.trusted_path, filename
return None
def add_all_ca_cert(self, list_ca_certs):
# so root cert be first, ca after
clVarsCore = DataVarsCore()
clVarsCore.importCore()
clVarsCore.flIniFile()
list_ca_certs.reverse()
system_ca_db = clVarsCore.Get('core.cl_glob_root_cert')
@ -121,11 +131,11 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
clVars.flIniFile()
homePath = clVars.Get('ur_home_path')
cl_client_cert_dir = clVarsCore.Get('core.cl_client_cert_dir')
cl_client_cert_dir = cl_client_cert_dir.replace("~",homePath)
cl_client_cert_dir = cl_client_cert_dir.replace("~", homePath)
root_cert_md5 = os.path.join(cl_client_cert_dir, "ca/cert_list")
user_root_cert = clVarsCore.Get('core.cl_user_root_cert')
user_root_cert = user_root_cert.replace("~",homePath)
user_root_cert = user_root_cert.replace("~", homePath)
for cert in list_ca_certs:
if os.path.exists(system_ca_db):
@ -141,40 +151,41 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
md5sum = md5.hexdigest()
print "\n================================================="
print "md5sum = ", md5sum
if not os.path.exists(root_cert_md5):
fc = open(root_cert_md5,"w")
fc = open(root_cert_md5, "w")
fc.close()
filename = None
with open(root_cert_md5) as fd:
t = fd.read()
# for each line
for line in t.splitlines():
# Split string into a words list
words = line.split(' ',1)
words = line.split(' ', 1)
if words[0] == md5sum:
filename = words[1]
if not filename:
certobj = OpenSSL.crypto.load_certificate \
(OpenSSL.SSL.FILETYPE_PEM, cert)
certobj = OpenSSL.crypto.load_certificate(
OpenSSL.SSL.FILETYPE_PEM, cert)
Issuer = certobj.get_issuer().get_components()
for item in Issuer:
if item[0] == 'CN':
filename = item[1]
fc = open(root_cert_md5,"a")
fc.write('%s %s\n' %(md5sum, filename))
fc = open(root_cert_md5, "a")
fc.write('%s %s\n' % (md5sum, filename))
fc.close()
if not filename:
print _('Field "CN" not found in the certificate!')
return 1
fd = open(os.path.join(cl_client_cert_dir,'ca/',filename),'w')
fd = open(os.path.join(cl_client_cert_dir, 'ca/', filename),
'w')
fd.write(cert)
fd.close()
fa = open(user_root_cert, 'a')
fa.write(cert)
fa.close()
@ -185,9 +196,9 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
get_CRL(cl_client_cert_dir)
def add_ca_cert(self, cert, list_ca_certs):
url = 'https://%s:%s/?wsdl' %(self.host, self.port)
client = Client_suds(url, transport = HTTPSClientCertTransport \
(None, None, self.cert_path))
url = 'https://%s:%s/?wsdl' % (self.host, self.port)
client = Client_suds(
url, transport=HTTPSClientCertTransport(None, None, self.cert_path))
client.wsdl.services[0].setlocation(url)
cert = client.service.get_ca()
if cert == '1':
@ -197,10 +208,10 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
if cert == '2':
print _("CA certificate not found on the server")
raise Exception(1)
try:
certobj = OpenSSL.crypto.load_certificate \
(OpenSSL.SSL.FILETYPE_PEM, cert)
certobj = OpenSSL.crypto.load_certificate(
OpenSSL.SSL.FILETYPE_PEM, cert)
except:
print _("Error. Certificate not added to trusted")
raise Exception(1)
@ -209,13 +220,13 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
Issuer = certobj.get_issuer().get_components()
print '\n', _("Issuer")
for i in Issuer:
print "%s : %s" %(i[0], i[1])
print "%s : %s" % (i[0], i[1])
Subject = certobj.get_subject().get_components()
print '\n', _("Subject")
for subj in Subject:
print "%s : %s" %(subj[0], subj[1])
ans = raw_input (_("Add the CA certificate to trusted? y/[n]:"))
if ans.lower() in ['y','yes']:
print "%s : %s" % (subj[0], subj[1])
ans = raw_input(_("Add the CA certificate to trusted? y/[n]:"))
if ans.lower() in ['y', 'yes']:
list_ca_certs.append(cert)
self.add_all_ca_cert(list_ca_certs)
else:
@ -225,35 +236,36 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
def add_server_cert(self, cert):
self.wait_thread.stop()
print _("Untrusted server certificate!")
certobj = OpenSSL.crypto.load_certificate \
(OpenSSL.SSL.FILETYPE_PEM, cert)
certobj = OpenSSL.crypto.load_certificate(
OpenSSL.SSL.FILETYPE_PEM, cert)
print '\n' + _("Fingerprint = %s") % certobj.digest('SHA1')
print _("Serial Number = "), certobj.get_serial_number()
Issuer = certobj.get_issuer().get_components()
print '\n' + _("Issuer")
for i in Issuer:
print "%s : %s" %(i[0], i[1])
print "%s : %s" % (i[0], i[1])
Subject = certobj.get_subject().get_components()
print '\n' + _("Subject")
for item in Subject:
print "%s : %s" %(item[0], item[1])
print "%s : %s" % (item[0], item[1])
print '\n' + _('Add this server certificate to trusted (s) or')
print _('Try to add the CA and root certificates to trusted (c) or')
choice = raw_input (_("Quit (q)? s/c/[q]: "))
choice = raw_input(_("Quit (q)? s/c/[q]: "))
if choice.lower() in ['s', 'c']:
#self.sock = ssl.wrap_socket(sock)
# self.sock = ssl.wrap_socket(sock)
ca_certs = os.path.join(self.trusted_path, "cert.list")
if not os.path.exists(ca_certs):
fc = open(ca_certs,"w")
fc = open(ca_certs, "w")
fc.close()
if self.host == '127.0.0.1':
host = 'localhost'
else: host = self.host
else:
host = self.host
filename = host
fc = open(self.trusted_path + filename,"w")
fc = open(self.trusted_path + filename, "w")
fc.write(cert)
fc.close()
with open(ca_certs) as fd:
@ -267,7 +279,7 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
if words[0] == host:
return 0
# Open file with compliance server certificates and server hostname
fcl = open(ca_certs,"a")
fcl = open(ca_certs, "a")
fcl.write(host + ' ' + filename + '\n')
fcl.close()
if choice.lower() != 'c':
@ -278,26 +290,26 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
clVars.flIniFile()
cl_client_cert_dir = clVars.Get('core.cl_client_cert_dir')
homePath = clVars.Get('ur_home_path')
cl_client_cert_dir = cl_client_cert_dir.replace("~",homePath)
cl_client_cert_dir = cl_client_cert_dir.replace("~", homePath)
root_cert_dir = os.path.join(cl_client_cert_dir, "ca")
if not os.path.exists(root_cert_dir):
try:
os.makedirs(root_cert_dir)
except OSError:
print _("Failed to create directory %s") %root_cert_dir
print _("Failed to create directory %s") % root_cert_dir
raise Exception(1)
print '\n' + _("Add the CA and root certificates")
self.list_ca_certs = []
self.add_ca_cert(cert, self.list_ca_certs)
return 3
elif not choice.lower() in ['c','s']:
elif not choice.lower() in ['c', 's']:
return 4
def connect_trusted_root(self, sock, root_cert, crl_certs):
self.ca_path = self.cert_path + "ca/"
server_cert = ssl.get_server_certificate(addr = (self.host, self.port))
server_cert = ssl.get_server_certificate(addr=(self.host, self.port))
global flag
if self.cert_file:
@ -308,6 +320,7 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
raise Exception(1)
else:
import time
time.sleep(0.1)
try:
@ -333,7 +346,7 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
def connect_trusted_server(self, sock, crl_certs):
self.trusted_path = self.cert_path + "trusted/"
ca_cert_list = self.trusted_path + "cert.list"
server_cert = ssl.get_server_certificate(addr = (self.host, self.port))
server_cert = ssl.get_server_certificate(addr=(self.host, self.port))
global flag
if self.cert_file:
f = verify(server_cert, crl_certs, flag)
@ -341,10 +354,10 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
flag = 1
elif f == 1:
raise Exception(1)
#if not hasattr(HTTPSClientCertTransport, 'filename') or \
#HTTPSClientCertTransport.filename == None:
HTTPSClientCertTransport.filename = self.cert_list \
(self.host, ca_cert_list, server_cert)
# if not hasattr(HTTPSClientCertTransport, 'filename') or \
# HTTPSClientCertTransport.filename == None:
HTTPSClientCertTransport.filename = self.cert_list(
self.host, ca_cert_list, server_cert)
if HTTPSClientCertTransport.filename:
try:
if self.FORCE_SSL_VERSION:
@ -365,7 +378,6 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
return 0
except Exception:
# print (e)
HTTPSClientCertTransport.filename = None
return 1
else:
@ -382,47 +394,51 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
self.Vars.flIniFile()
user_root_cert = self.Vars.Get('core.cl_user_root_cert')
homePath = self.Vars.Get('ur_home_path')
user_root_cert = user_root_cert.replace("~",homePath)
user_root_cert = user_root_cert.replace("~", homePath)
result_user_root = 1
while True:
if os.path.exists(user_root_cert):
result_user_root = self.connect_trusted_root(sock, \
user_root_cert, self.CRL_PATH)
result_user_root = self.connect_trusted_root(sock,
user_root_cert,
self.CRL_PATH)
if result_user_root == 1:
glob_root_cert = self.Vars.Get('core.cl_glob_root_cert')
result_root_con = 1
if os.path.exists(glob_root_cert):
sock = socket.create_connection((self.host, self.port),
self.timeout, self.source_address)
self.timeout,
self.source_address)
if self._tunnel_host:
self.sock = sock
self._tunnel()
result_root_con = self.connect_trusted_root(sock, \
glob_root_cert, self.CRL_PATH)
result_root_con = self.connect_trusted_root(sock,
glob_root_cert,
self.CRL_PATH)
if result_root_con == 1:
sock = socket.create_connection((self.host, self.port),
self.timeout, self.source_address)
self.timeout,
self.source_address)
if self._tunnel_host:
self.sock = sock
self._tunnel()
result_server_con = self.connect_trusted_server \
(sock, self.CRL_PATH)
if result_server_con in [1,2]:
raise Exception (1)
result_server_con = self.connect_trusted_server(
sock, self.CRL_PATH)
if result_server_con in [1, 2]:
raise Exception(1)
elif result_server_con == 3:
continue
elif result_server_con == 4:
print _('This server is not trusted')
self.wait_thread.stop()
sys.exit(1)
# raise Exception (_('This server is not trusted'))
elif result_root_con == 2:
raise Exception (1)
raise Exception(1)
elif result_user_root == 2:
raise Exception (1)
raise Exception(1)
break
class CheckingClientHTTPSHandler(CheckingHTTPSHandler):
def __init__(self, cert_path, ca_certs=None, cert_verifier=None,
client_certfile=None, client_keyfile=None,
@ -431,9 +447,9 @@ class CheckingClientHTTPSHandler(CheckingHTTPSHandler):
"""cert_verifier is a function returning either True or False
based on whether the certificate was found to be OK"""
CheckingHTTPSHandler.__init__(self, ca_certs, cert_verifier,
client_keyfile, client_certfile,
client_keyobj, client_certobj)
# self.ClientObj = ClientObj
client_keyfile, client_certfile,
client_keyobj, client_certobj)
# self.ClientObj = ClientObj
self.cert_path = cert_path
self.wait_thread = wait_thread
@ -448,58 +464,63 @@ class CheckingClientHTTPSHandler(CheckingHTTPSHandler):
new_kw.update(kw)
return CheckingClientHTTPSConnection(self.cert_path,
*args, **new_kw)
return self.do_open(open, req)
https_request = u2.AbstractHTTPHandler.do_request_
class HTTPSClientCertTransport(HttpTransport):
def __init__(self, key, cert, path_to_cert, password = None,
def __init__(self, key, cert, path_to_cert, password=None,
ca_certs=None, cert_verifier=None,
client_keyfile=None, client_certfile=None,
client_keyobj=None, client_certobj=None,
cookie_callback=None, user_agent_string=None,
wait_thread=None, **kwargs):
Transport.__init__(self)
# self.ClientObj = parent
# self.ClientObj = parent
self.key = key
self.cert = cert
self.cert_path = path_to_cert
if key:
client_certobj = OpenSSL.crypto.load_certificate \
(OpenSSL.SSL.FILETYPE_PEM, file(cert).read())
client_certobj = OpenSSL.crypto.load_certificate(
OpenSSL.SSL.FILETYPE_PEM, file(cert).read())
if password:
client_keyobj = OpenSSL.crypto.load_privatekey \
(OpenSSL.SSL.FILETYPE_PEM, file(key).read(),
str(password))
client_keyobj = OpenSSL.crypto.load_privatekey(
OpenSSL.SSL.FILETYPE_PEM, file(key).read(), str(password))
else:
bio = M2Crypto.BIO.openfile(key)
rsa = M2Crypto.m2.rsa_read_key(bio._ptr(),lambda *unused:None)
rsa = M2Crypto.m2.rsa_read_key(bio._ptr(), lambda *unused: None)
if not rsa:
raise OpenSSL.crypto.Error
client_keyobj = OpenSSL.crypto.load_privatekey \
(OpenSSL.SSL.FILETYPE_PEM, file(key).read())
client_keyobj = OpenSSL.crypto.load_privatekey(
OpenSSL.SSL.FILETYPE_PEM, file(key).read())
Unskin(self.options).update(kwargs)
self.cookiejar = CookieJar(DefaultCookiePolicy())
self.cookie_callback = cookie_callback
self.user_agent_string = user_agent_string
log.debug("Proxy: %s", self.options.proxy)
from dslib.network import ProxyManager
proxy_handler = ProxyManager.HTTPS_PROXY.create_proxy_handler()
proxy_auth_handler = \
ProxyManager.HTTPS_PROXY.create_proxy_auth_handler()
if ca_certs or (client_keyfile and client_certfile) \
or (client_keyobj and client_certobj):
https_handler = CheckingClientHTTPSHandler(cert_path=path_to_cert,
ca_certs=ca_certs, cert_verifier=cert_verifier,
client_keyfile=client_keyfile, client_certfile = \
client_certfile, client_keyobj=client_keyobj,
client_certobj=client_certobj,
wait_thread=wait_thread)
ProxyManager.HTTPS_PROXY.create_proxy_auth_handler()
if (ca_certs or (client_keyfile and client_certfile)
or (client_keyobj and client_certobj)):
https_handler = CheckingClientHTTPSHandler(
cert_path=path_to_cert,
ca_certs=ca_certs,
cert_verifier=cert_verifier,
client_keyfile=client_keyfile,
client_certfile=client_certfile,
client_keyobj=client_keyobj,
client_certobj=client_certobj,
wait_thread=wait_thread)
else:
https_handler = u2.HTTPSHandler()
self.urlopener = u2.build_opener(SUDSHTTPRedirectHandler(),
u2.HTTPCookieProcessor(self.cookiejar),
https_handler)
u2.HTTPCookieProcessor(self.cookiejar),
https_handler)
if proxy_handler:
self.urlopener.add_handler(proxy_handler)
if proxy_auth_handler:

60
pym/console/application/create_cert.py
Unescape View File

@ -1,4 +1,4 @@
#-*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
#
@ -19,22 +19,28 @@ import socket
from M2Crypto import RSA, X509, EVP, m2
from calculate.lib.datavars import DataVars
from calculate.lib.cl_lang import setLocalTranslate
setLocalTranslate('cl_console3',sys.modules[__name__])
_ = lambda x: x
setLocalTranslate('cl_console3', sys.modules[__name__])
def passphrase_callback(v):
if type(v) == int or not v:
return None
return str(v)
def generateRSAKey():
return RSA.gen_key(2048, m2.RSA_F4)
def makePKey(key):
pkey = EVP.PKey()
pkey.assign_rsa(key)
return pkey
def makeRequest(pubkey, pkey, serv_host, auto = False):
def makeRequest(pubkey, pkey, serv_host, auto=False):
""" create query to the signing on server """
req = X509.Request()
# Seems to default to 0, but we can now set it as well, so just API test
@ -44,11 +50,11 @@ def makeRequest(pubkey, pkey, serv_host, auto = False):
if auto:
c = 'n'
else:
c = raw_input (_("Enter the certificate data manually? y/[n]: "))
c = raw_input(_("Enter the certificate data manually? y/[n]: "))
# Get HostName
host_name = socket.getfqdn()
list_host_name = host_name.split('.')
result_host_name = list_host_name[0]+"@"+serv_host
result_host_name = list_host_name[0] + "@" + serv_host
# Get username
clVars = DataVars()
clVars.flIniFile()
@ -56,36 +62,36 @@ def makeRequest(pubkey, pkey, serv_host, auto = False):
# Get language
lang = clVars.Get('os_locale_locale')[:2]
if c.lower() in ['y', 'yes']:
#if serv_host in host_name:
#host_name = host_name.replace('.'+serv_host, '')
#list_host_name = host_name.split('.')
#result_host_name = \
#list_host_name[len(list_host_name)-1]+"@"+serv_host
#else:
#host_name = socket.getfqdn()
name.CN = raw_input (_('Host Name [%s]: ') %result_host_name)
# if serv_host in host_name:
# host_name = host_name.replace('.'+serv_host, '')
# list_host_name = host_name.split('.')
# result_host_name = \
# list_host_name[len(list_host_name)-1]+"@"+serv_host
# else:
# host_name = socket.getfqdn()
name.CN = raw_input(_('Host Name [%s]: ') % result_host_name)
if name.CN in ['', None]:
name.CN = result_host_name
name.OU = raw_input (_('User Name [%s]: ') %username)
name.OU = raw_input(_('User Name [%s]: ') % username)
if name.OU in ['', None]:
name.OU = username
name.O = raw_input (_('Organization Name: '))
name.L = raw_input (_('Network address (hostname or IP) [%s]: ')\
%host_name)
name.ST = raw_input (_('City: '))
name.C = raw_input (_('Country (2 characters): [%s]') %lang)
name.O = raw_input(_('Organization Name: '))
name.L = raw_input(_('Network address (hostname or IP) [%s]: ')
% host_name)
name.ST = raw_input(_('City: '))
name.C = raw_input(_('Country (2 characters): [%s]') % lang)
if not name.C:
name.C = lang
name.C = lang
else:
name.CN = result_host_name # Имя сертификата (Common Name);
name.OU = username # Название отдела (Organization Unit);
name.O = 'My Company'# Название организации (Organization Name);
name.L = host_name # Название города (Locality Name);
name.ST = 'My State'# Название региона (State Name);
name.C = lang # Двухсимвольный код страны (Country);
name.CN = result_host_name # Имя сертификата (Common Name);
name.OU = username # Название отдела (Organization Unit);
name.O = 'My Company' # Название организации (Organization Name);
name.L = host_name # Название города (Locality Name);
name.ST = 'My State' # Название региона (State Name);
name.C = lang # Двухсимвольный код страны (Country);
req.set_subject_name(name)
ext1 = X509.new_extension('Comment', 'Auto Generated')
extstack = X509.X509_Extension_Stack()
extstack.push(ext1)

57
pym/console/application/function.py
Unescape View File

@ -1,4 +1,4 @@
#-*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
#
@ -30,28 +30,32 @@ from sudsds import MethodNotFound
from calculate.console.application.sid_func import get_sid
_ = lambda x: x
setLocalTranslate('cl_console3', sys.modules[__name__])
def _print(*args):
print " ".join(map(lambda x: unicode(x).encode('utf-8'), args))
# get list of certificate and session id
def clear ():
def clear():
""" delete caching suds file """
try:
import glob
for filename in glob.glob("/tmp/suds/suds-*"):
#print "delete", filename
# print "delete", filename
try:
os.unlink (filename)
os.unlink(filename)
except OSError as e:
_print(e.message)
except:
except Exception:
print _("Failed to clear the cache! ")
return 1
def get_ip_global():
import urllib2
@ -62,22 +66,16 @@ def get_ip_global():
f.close()
return outerIP
def get_ip_mac_type(client_type = None):
results = []
#try:
results.append ( getIpLocal() )
#except:
#results.append ('no_ip')
#try:
results.append ( getHwAddr())
#except:
#results.append ('no_mac')
def get_ip_mac_type(client_type=None):
results = [getIpLocal(), getHwAddr()]
if client_type:
results.append (client_type)
results.append(client_type)
else:
results.append ('console')
results.append('console')
return results
def print_brief(view, brief_label):
for Group in view.groups.GroupField:
if Group.name:
@ -86,7 +84,7 @@ def print_brief(view, brief_label):
print_brief_group(Group.fields.Field, Group.name)
def _return_revoked_serials(self, crlfile):
def _return_revoked_serials(crlfile):
try:
serials = []
crltext = open(crlfile, 'r').read()
@ -99,7 +97,8 @@ def _return_revoked_serials(self, crlfile):
call = '/usr/bin/openssl crl -text -noout -in %s' % crlfile
call = shlex.split(call)
serials = []
(res,err)=subprocess.Popen(call, stdout=subprocess.PIPE).communicate()
(res, err) = subprocess.Popen(call,
stdout=subprocess.PIPE).communicate()
for line in res.split('\n'):
if line.find('Serial Number:') == -1:
continue
@ -109,18 +108,20 @@ def _return_revoked_serials(self, crlfile):
serials.append(serial)
return serials
def _create_obj(client, method):
try:
view_params = create_obj(client, method)
except MethodNotFound:
if method.endswith('_view'):
method = method[:-5]
_print (_('Method not found: ') + method)
_print(_('Method not found: ') + method)
raise Exception(1)
return view_params
def get_view_params(client, method, step = None, expert = None, brief = None,
onlyhelp = False, dispatch_usenew = False):
def get_view_params(client, method, step=None, expert=None, brief=None,
onlyhelp=False, dispatch_usenew=False):
view_params = _create_obj(client, method)
view_params.step = step
view_params.expert = expert
@ -135,7 +136,8 @@ class MessageReceiver(object):
Объект организует цикл получения сообщений от WsdlServer и передает их на
обработку MessageDispatcher
"""
class States:
class States(object):
Messages = 0
Progress = 1
Finish = 2
@ -159,7 +161,7 @@ class MessageReceiver(object):
sid = get_sid(client.SID_FILE)
list_pid = client.service.list_pid(sid=sid)
if hasattr(list_pid, 'integer'):
if not pid in list_pid.integer:
if pid not in list_pid.integer:
display.print_error(
_("The process does not exist or does not belong to "
"your session"))
@ -185,6 +187,7 @@ class MessageReceiver(object):
self.get_messages()
except Exception as e:
import traceback
traceback.print_exc()
elif message.type == 'error':
self.display.print_error(message.message)
@ -208,7 +211,7 @@ class MessageReceiver(object):
if self.state == self.States.Messages:
current_frame = self.get_client_frame()
while current_frame in [None, [], ""]:
time.sleep(float(self.client.frame_period)/10)
time.sleep(float(self.client.frame_period) / 10)
current_frame = self.get_client_frame()
for item in current_frame[0]:
self.message_dispatcher.dispatch_message(item)
@ -244,6 +247,7 @@ class MessageDispatcher(object):
В дальнейшем взаимодействует с parent через методы get_progress, get_table,
send_message, поле State
"""
def __init__(self, methods=None):
"""
@param methods: Common
@ -333,4 +337,3 @@ class MessageDispatcher(object):
def ask_password(self, message):
answer = self.methods.askPassword(message.message, message.id == 2)
self.parent.send_message(answer)

67
pym/console/application/methods_func.py
Unescape View File

@ -1,4 +1,4 @@
#-*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
#
@ -14,24 +14,26 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import argparse, sys
import argparse
import sys
from calculate.core.server.api_types import ViewInfoAdapter
from calculate.core.server.local_call import Methods, has_force_arg
from function import _create_obj, get_view_params, print_brief, _print
from calculate.lib.cl_lang import setLocalTranslate
_ = lambda x: x
setLocalTranslate('cl_console3', sys.modules[__name__])
import urllib2
from calculate.core.server.methods_func import get_method_argparser, \
collect_object, RawAndDefaultsHelpFormatter, \
check_result_msg, get_param_pwd, display_error
collect_object, RawAndDefaultsHelpFormatter, \
check_result_msg, get_param_pwd, display_error
def parse():
parser = argparse.ArgumentParser(add_help=False,
formatter_class=RawAndDefaultsHelpFormatter)
# parser = argparse.ArgumentParser(add_help=False)
parser = argparse.ArgumentParser(
add_help=False, formatter_class=RawAndDefaultsHelpFormatter)
# parser = argparse.ArgumentParser(add_help=False)
parser.add_argument(
'-h', '--help', action='store_true', default=False,
dest='help', help=_("show this help message and exit"))
@ -44,33 +46,32 @@ def parse():
'--port', type=int, dest='port',
help=_('port number'))
parser.add_argument(
'--host', type=str, default = 'localhost', dest='host',
'--host', type=str, default='localhost', dest='host',
help=_('destination host'))
parser.add_argument(
'--gen-cert-by', type=str, dest='by_host', metavar = 'HOST',
help = \
_('send a certificate signature request to the server'))
'--gen-cert-by', type=str, dest='by_host', metavar='HOST',
help=_('send a certificate signature request to the server'))
parser.add_argument(
'--get-cert-from', type=str, dest='from_host', metavar = 'HOST',
'--get-cert-from', type=str, dest='from_host', metavar='HOST',
help=_('get the signed certificate from the server'))
parser.add_argument(
'--cert-path', type=str, dest='path_to_cert', metavar = 'PATH',
'--cert-path', type=str, dest='path_to_cert', metavar='PATH',
help=_('path to the cert and key files'))
parser.add_argument(
'--list-pid', action='store_true', default=False,
dest='list_pid', help=_("view the list of running processes"))
parser.add_argument(
'--dump', action='store_true', default=False, dest = 'dump',
'--dump', action='store_true', default=False, dest='dump',
help=_('dump (to be used with option --list-pid)'))
parser.add_argument(
'--pid-result', type=int, metavar = 'PID',
'--pid-result', type=int, metavar='PID',
dest='pid_res', help=_("view the result of the process"))
parser.add_argument(
'--keep-result', action='store_true', default=False,
dest='keep_result', help=_("keep the cache of the "
"process results"))
parser.add_argument(
'--pid-kill', type=int, metavar = 'PID',
'--pid-kill', type=int, metavar='PID',
dest='pid_kill', help=_("kill the selected process"))
parser.add_argument(
'--session-clean', action='store_true', default=False,
@ -79,7 +80,7 @@ def parse():
'--session-info', action='store_true', default=False,
dest='session_info', help=_("view the session information"))
parser.add_argument(
'--session-num-info', type=int, metavar = 'SID',
'--session-num-info', type=int, metavar='SID',
dest='session_num_info',
help=_("view information about session = SID"))
parser.add_argument(
@ -94,21 +95,23 @@ def parse():
dest='stop_consoled', help=_("stop cl-consoled"))
parser.add_argument(
'--no-progress', action='store_true', default=False,
dest = 'no_progress', help=_('do not display the progress bar'))
dest='no_progress', help=_('do not display the progress bar'))
parser.add_argument(
'--stdin-passwords', action='store_true', default=False,
dest = 'stdin_passwd',
dest='stdin_passwd',
help=_("use passwords from standard input for users accounts"))
return parser
def get_view(client, method, sid, view_params):
try:
view = client.service[0][method + '_view'](client.sid, view_params)
except urllib2.URLError, e:
_print (_('Failed to connect')+':', e)
_print(_('Failed to connect') + ':', e)
raise Exception(1)
return view
def call_method(client, args, unknown_args, wait_thread):
method = args.method
stdin_passwd = args.stdin_passwd
@ -157,25 +160,27 @@ def call_method(client, args, unknown_args, wait_thread):
wait_thread.stop()
sys.stdout.write('\r')
sys.stdout.flush()
_print (_('Unknown parameter'), i)
_print(_('Unknown parameter'), i)
raise Exception(1)
if view.groups is not None:
param_object, steps = collect_object(client, param_object, view, args,
wait_thread,stdin_passwd=stdin_passwd)
if steps.label and hasattr (param_object, 'CheckOnly'):
wait_thread,
stdin_passwd=stdin_passwd)
if steps.label and hasattr(param_object, 'CheckOnly'):
param_object['CheckOnly'] = True
check_res = {}
while True:
method_result = client.service[0][method](client.sid,param_object)
method_result = client.service[0][method](client.sid,
param_object)
if not method_result:
print _('Method not available')
return None
if method_result.ReturnedMessage[0].type and \
method_result.ReturnedMessage[0].type != "pid":
if (method_result.ReturnedMessage[0].type and
method_result.ReturnedMessage[0].type != "pid"):
wait_thread.stop()
check_res = check_result_msg(method_result, view,
check_res,args)
check_res, args)
if not check_res:
return None
else:
@ -184,8 +189,8 @@ def call_method(client, args, unknown_args, wait_thread):
else:
break
view_params = get_view_params(client, method + '_view', step = None, \
expert = True, brief = True)
view_params = get_view_params(client, method + '_view', step=None,
expert=True, brief=True)
view = get_view(client, method, client.sid, view_params)
wait_thread.stop()
sys.stdout.write('\r')
@ -207,8 +212,8 @@ def call_method(client, args, unknown_args, wait_thread):
if not method_result:
print _('Method not available')
return None
if method_result.ReturnedMessage[0].type and \
method_result.ReturnedMessage[0].type != "pid":
if (method_result.ReturnedMessage[0].type and
method_result.ReturnedMessage[0].type != "pid"):
view = ViewInfoAdapter(view)
for error in method_result.ReturnedMessage:
display_error(error, args, view.groups)

52
pym/console/application/pid_information.py
Unescape View File

@ -1,4 +1,4 @@
#-*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
#
@ -13,13 +13,17 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from calculate.console.application.function import _print
from calculate.console.application.sid_func import get_sid
import sys
_ = lambda x: x
from calculate.lib.cl_lang import setLocalTranslate
setLocalTranslate('cl_console3',sys.modules[__name__])
setLocalTranslate('cl_console3', sys.modules[__name__])
client_types = "console"
#client_types = "gui"
def pid_inf(client, sid, pids):
""" get and show information about process """
@ -32,9 +36,9 @@ def pid_inf(client, sid, pids):
print _("Permission denied")
return 1
_print ('\n', _(u"Process name: %s") %s[0][4])
print _(u"Process ID: %s") %s[0][0]
_print (_(u"%s: process started") %s[0][2])
_print('\n', _(u"Process name: %s") % s[0][4])
print _(u"Process ID: %s") % s[0][0]
_print(_(u"%s: process started") % s[0][2])
if s[0][1] == '1':
print _(u"Process active")
elif s[0][1] == '0':
@ -43,6 +47,7 @@ def pid_inf(client, sid, pids):
print _(u"Process killed")
return 0
def client_list_pid(client):
""" get all process id for this session """
sid = get_sid(client.SID_FILE)
@ -50,54 +55,58 @@ def client_list_pid(client):
red = '\033[31m * \033[0m'
green = '\033[32m * \033[0m'
try:
list_pid = client.service.list_pid(sid = sid)
list_pid = client.service.list_pid(sid=sid)
if list_pid[0][0] == 0:
print red + _("PIDs not found for this session!")
return 0
else:
for i in list_pid[0]:
print green + "pid - %d" %i
except:
print green + "pid - %d" % i
except Exception:
print red + _("Error fetching the PID list from the server")
return 1
return len(list_pid[0])
def gen_pid_ls(client):
""" generation list with pid for this session """
sid = get_sid(client.SID_FILE)
pid_ls = []
try:
list_pid = client.service.list_pid(sid = sid)
list_pid = client.service.list_pid(sid=sid)
if list_pid[0][0] == 0:
print _("PIDs not found for this session!")
return 0
else:
for i in list_pid[0]:
pid_ls.append(i)
except:
except Exception:
print _("Error fetching the PID list from the server")
return 0
return pid_ls
def client_pid_info(client):
""" get information about selected process (or about all) """
# try:
# try:
sid = get_sid(client.SID_FILE)
pid_ls = gen_pid_ls(client)
if pid_ls:
pid_inf(client, sid, pid_ls)
# except:
# except:
# print _("Error get data")
# return 1
# return 0
def client_list_methods(client):
""" get & show all available methods for this certificate """
DAT = 0 # Access to data soap structure
RES = 0 # Access to result
COM = 0 # Getting command line
METH = 1 # Getting method line
TR_METH = 3 # Translate method name
DAT = 0 # Access to data soap structure
RES = 0 # Access to result
COM = 0 # Getting command line
METH = 1 # Getting method line
TR_METH = 3 # Translate method name
results = client.service.get_methods(client.sid, client_types)
if not results:
print _('No methods available')
@ -111,15 +120,16 @@ def client_list_methods(client):
print _("Available methods:")
group_dict = {}
for group in results.stringArray:
if len (group.string) == 4:
if len(group.string) == 4:
group_dict[group.string[METH]] = group.string[TR_METH]
if len (group.string) == 3:
group_dict[group.string[METH]] = group.string[TR_METH-1]
if len(group.string) == 3:
group_dict[group.string[METH]] = group.string[TR_METH - 1]
sort_keys = group_dict.keys()
sort_keys.sort()
for key in sort_keys:
print " %s - %s" % (key, group_dict[key])
def client_pid_kill(client, pid):
sid = get_sid(client.SID_FILE)

60
pym/console/application/sid_func.py
Unescape View File

@ -16,8 +16,12 @@
import os
import sys
_ = lambda x: x
from calculate.lib.cl_lang import setLocalTranslate
setLocalTranslate('cl_console3',sys.modules[__name__])
setLocalTranslate('cl_console3', sys.modules[__name__])
def client_del_sid(client):
""" delete this session """
@ -32,7 +36,7 @@ def client_del_sid(client):
print _("Failed to obtain certificate data!")
return -2
if s[0][0] == "Permission denied":
_print (_("%s: permission denied") % s[1][1])
print _("%s: permission denied") % s[1][1]
return -3
if s[0][0] == '0':
@ -40,11 +44,12 @@ def client_del_sid(client):
fi.write('0')
fi.close()
print _("SID deleted!")
except:
except Exception:
print _("SID deletion error on the server")
return 1
return 0
def sid_inf(client, sid):
red = '\033[31m * \033[0m'
green = '\033[32m * \033[0m'
@ -61,39 +66,41 @@ def sid_inf(client, sid):
return -3
print _('Session information: ')
print green + _(u"Session number: %s") %sid
print green + _(u"Certificate number: %s") %s[0][0]
_print (green + _(u"Certificate issued on %s") %s[0][1])
print green + "ip - %s" %s[0][2]
print green + "MAC - %s\n" %s[0][3]
print green + _(u"Session number: %s") % sid
print green + _(u"Certificate number: %s") % s[0][0]
print green + _(u"Certificate issued on %s") % s[0][1]
print green + "ip - %s" % s[0][2]
print green + "MAC - %s\n" % s[0][3]
return 0
def client_session_info(client, sid = None):
def client_session_info(client, sid=None):
""" select session for get information """
try:
select_sid = sid if sid else client.sid
sid_inf(client, select_sid)
except Exception, e:
if type (e.message) == tuple and len(e.message) == 2 \
and e.message[1] == 'Forbidden':
if type(e.message) == tuple and len(e.message) == 2 \
and e.message[1] == 'Forbidden':
print _("Access forbidden!")
else:
print e
return 1
def client_session_list(client):
red = '\033[31m * \033[0m'
green = '\033[32m * \033[0m'
try:
res = client.service.get_sessions(client.sid)
except Exception, e:
if type (e.message) == tuple and len(e.message) == 2 \
and e.message[1] == 'Forbidden':
if type(e.message) == tuple and len(e.message) == 2 \
and e.message[1] == 'Forbidden':
print _("Access forbidden!")
else:
print e
return 1
if hasattr (res, 'string'):
if hasattr(res, 'string'):
if res.string:
print _('Active sessions on the server: ')
for session_id in res.string:
@ -102,29 +109,30 @@ def client_session_list(client):
return 0
print red + _('No active sessions on the server')
def session_clean(client):
try:
res = client.service.clear_session_cache(client.sid)
except Exception, e:
if type (e.message) == tuple and len(e.message) == 2 \
and e.message[1] == 'Forbidden':
if res:
print _('Error clearing the session cache')
else:
print _('Session cache cleared')
except Exception as e:
if type(e.message) == tuple and len(e.message) == 2 \
and e.message[1] == 'Forbidden':
print _("Access forbidden!")
else:
print e
if res:
print _('Error clearing the session cache')
else:
print _('Session cache cleared')
def get_sid (SID_FILE):
if not os.path.exists(SID_FILE):
fi = open(SID_FILE, 'w')
def get_sid(sid_file):
if not os.path.exists(sid_file):
fi = open(sid_file, 'w')
fi.write('0')
fi.close()
sid = 0
else:
fi = open(SID_FILE, 'r')
fi = open(sid_file, 'r')
sid = fi.read()
fi.close()
return sid
return sid

11
pym/console/console_main.py
Unescape View File

@ -1,5 +1,5 @@
#!/usr/bin/env python2
#-*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
#
@ -19,19 +19,22 @@ def console_main():
import sys
from calculate.console.application.cl_client import main, StoppableThread
from calculate.console.application.function import _print
reload(sys)
sys.setdefaultencoding("utf-8")
import __builtin__
from calculate.lib.cl_lang import setLocalTranslate
setLocalTranslate('calculate_console',sys.modules[__name__])
_ = lambda x: x
setLocalTranslate('calculate_console', sys.modules[__name__])
__builtin__.__dict__['_print'] = _print
wait_thread = StoppableThread()
try:
wait_thread = StoppableThread()
sys.exit(main(wait_thread))
except KeyboardInterrupt:
wait_thread.stop()
red = '\033[31m * \033[0m'
print '\n'+red+_('Interrupted by the user')
print '\n' + red + _('Interrupted by the user')
sys.exit(1)

7
pym/console/datavars.py
Unescape View File

@ -1,4 +1,4 @@
#-*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
#
@ -19,11 +19,14 @@ __app__ = "Calculate Console"
from calculate.lib.datavars import DataVars
class DataVarsConsole(DataVars):
"""Variable class for installation"""
def importConsole(self, **args):
'''Заполнить конфигурацию переменных, для десктопа'''
"""
Заполнить конфигурацию переменных, для десктопа
"""
self.importVariables()
self.importVariables('calculate.core.variables')
self.importVariables('calculate.console.variables')

10
pym/console/variables/console.py
Unescape View File

@ -1,4 +1,4 @@
#-*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
#
@ -18,7 +18,8 @@ import sys
from os import path
from calculate.lib.cl_lang import setLocalTranslate
setLocalTranslate('cl_console3',sys.modules[__name__])
setLocalTranslate('cl_console3', sys.modules[__name__])
class VariableClGuiData(Variable):
@ -27,12 +28,15 @@ class VariableClGuiData(Variable):
"""
value = '/var/calculate/server'
class VariableClGuiDatabase(Variable):
"""
Variable store name files containing clients certificates
"""
def get(self):
return path.join(self.Get('cl_gui_data'),"client_certs/Database")
return path.join(self.Get('cl_gui_data'), "client_certs/Database")
class VariableClGuiImagePath(Variable):
"""

Write Preview
Loading…
Cancel
Save