def __init__(self, certs_dir, server_common_name, client_common_name, expiration_days=1):
        self.logger = logging.getLogger('NuclideCertificatesGenerator')

        self._expiration_days = expiration_days
        self._server_common_name = server_common_name
        self._env = os.environ.copy()
        # Set Subject Alternative Name.
        if is_ip_address(server_common_name):
            self._env[OPENSSL_SAN] = 'IP:%s' % server_common_name
        else:
            # Usually, we don't have to make the common name a SAN,
            # but our openssl.cnf requires a value via $OPENSSL_SAN.
            self._env[OPENSSL_SAN] = 'DNS.1:%s' % server_common_name
        self._client_common_name = client_common_name
        self.ca_key = tempfile.mktemp(dir=certs_dir, suffix='.ca.key', prefix='nuclide.')
        # Get rid of '.ca.key'.
        common_path = os.path.splitext(os.path.splitext(self.ca_key)[0])[0]
        # Generate other file names.
        self.ca_cert = common_path + '.ca.crt'
        self.server_key = common_path + '.server.key'
        # .csr file is intermediate.
        self._server_csr = common_path + '.server.csr'
        self.server_cert = common_path + '.server.crt'
        self.client_key = common_path + '.client.key'
        self._client_csr = common_path + '.client.csr'
        self.client_cert = common_path + '.client.crt'
        self.generate()
Beispiel #2
0
    def __init__(self, certs_dir, server_common_name, client_common_name, expiration_days=1):
        self.logger = logging.getLogger('NuclideCertificatesGenerator')

        self._expiration_days = expiration_days
        self._server_common_name = server_common_name
        self._env = os.environ.copy()
        if sys.platform == 'darwin':
            # High Sierra comes with LibreSSL by default.
            # /usr/local/opt/openssl/bin sometimes has OpenSSL instead.
            self._env['PATH'] = os.pathsep.join([
                '/usr/local/opt/openssl/bin',
                self._env.get('PATH', ''),
            ])
        # Set Subject Alternative Name.
        if is_ip_address(server_common_name):
            self._env[OPENSSL_SAN] = 'IP:%s' % server_common_name
        else:
            # Usually, we don't have to make the common name a SAN,
            # but our openssl.cnf requires a value via $OPENSSL_SAN.
            self._env[OPENSSL_SAN] = 'DNS.1:%s' % server_common_name
        self._client_common_name = client_common_name
        self.ca_key = tempfile.mktemp(dir=certs_dir, suffix='.ca.key', prefix='nuclide.')
        # Get rid of '.ca.key'.
        common_path = os.path.splitext(os.path.splitext(self.ca_key)[0])[0]
        # Generate other file names.
        self.ca_cert = common_path + '.ca.crt'
        self.server_key = common_path + '.server.key'
        # .csr file is intermediate.
        self._server_csr = common_path + '.server.csr'
        self.server_cert = common_path + '.server.crt'
        self.client_key = common_path + '.client.key'
        self._client_csr = common_path + '.client.csr'
        self.client_cert = common_path + '.client.crt'
        self.generate()
Beispiel #3
0
 def __init__(self,
              certs_dir,
              server_common_name,
              client_common_name,
              expiration_days=1):
     self._expiration_days = expiration_days
     self._server_common_name = server_common_name
     self._env = os.environ.copy()
     # Set Subject Alternative Name.
     if is_ip_address(server_common_name):
         self._env[OPENSSL_SAN] = 'IP:%s' % server_common_name
     else:
         # Usually, we don't have to make the common name a SAN,
         # but our openssl.cnf requires a value via $OPENSSL_SAN.
         self._env[OPENSSL_SAN] = 'DNS.1:%s' % server_common_name
     self._client_common_name = client_common_name
     self.ca_key = tempfile.mktemp(dir=certs_dir,
                                   suffix='.ca.key',
                                   prefix='nuclide.')
     # Get rid of '.ca.key'.
     common_path = os.path.splitext(os.path.splitext(self.ca_key)[0])[0]
     # Generate other file names.
     self.ca_cert = common_path + '.ca.crt'
     self.server_key = common_path + '.server.key'
     # .csr file is intermediate.
     self._server_csr = common_path + '.server.csr'
     self.server_cert = common_path + '.server.crt'
     self.client_key = common_path + '.client.key'
     self._client_csr = common_path + '.client.csr'
     self.client_cert = common_path + '.client.crt'
     self.generate()
Beispiel #4
0
    def execute(self, now=None):
        # We use the call time to determine query parameters and for the
        # remote storage location.
        now = now or utcnow()
        now = now.replace(tzinfo=utc)
        self.last_poll = self.last_poll or now
        ts = now.replace(minute=(now.minute // 10) * 10,
                         second=0,
                         microsecond=0)

        # Check the saved configuration. If it's not complete, try to retrieve
        # configuration from the server.
        if not self._validate_configuration():
            self._get_remote_configuration()
            if not self._validate_configuration():
                logging.error('Invalid configuration, could not start')
                return

        self.rewrite_urls = is_ip_address(self.server_name)

        # Activate the pxGrid session
        if not self._activate():
            logging.warning('Activate request failed')
            return

        # Get the session service information
        peer_node_name, base_url = self._lookup_service()
        secret = self._get_secret(peer_node_name)

        # Do the query (starting one tick after the last poll) and save the
        # most recent timestamp for next time.
        start_dt = self.last_poll + TICK_DELTA
        sessions = self._query_sessions(base_url, start_dt, secret)
        if not sessions:
            logging.info('No sessions since %s', self.last_poll)
            return

        # Normalize the data and send it out
        normalized_sessions = list(self._normalize_sessions(sessions))
        if not normalized_sessions:
            logging.info('No normalized sessions since %s', self.last_poll)
            return

        with NamedTemporaryFile() as f:
            with GzipFile(fileobj=f) as gz_f:
                writer = DictWriter(gz_f, fieldnames=OUTPUT_FIELDNAMES)
                writer.writeheader()
                writer.writerows(normalized_sessions)
            f.flush()

            remote_path = self.api.send_file(
                SEND_FILE_TYPE,
                f.name,
                ts,
                suffix='{:04}'.format(now.minute * 60 + now.second))
            if remote_path is not None:
                data = {
                    'timestamp': now.isoformat(),
                    'data_type': SENSORDATA_TYPE,
                    'data_path': remote_path,
                }
                self.api.send_signal(data_type='sensordata', data=data)

        # Save the last poll time
        self.last_poll = max(dt_parse(s['timestamp']) for s in sessions)