def get_certs(self):
certlist = CertList()
certificatedata = CertificateData()
headers = None if self.cert_etag is None else {
IF_NONE_MATCH_HEADER: self.cert_etag
}
data, etag = self._get_data(self.cert_uri, headers=headers)
if self.cert_etag is None or self.cert_etag != etag:
self.cert_etag = etag
set_properties("certlist", certlist, data)
cert_list = get_properties(certlist)
headers = {"x-ms-vmagent-public-x509-cert": self._get_trans_cert()}
for cert_i in cert_list["certificates"]:
certificate_data_uri = cert_i['certificateDataUri']
data, etag = self._get_data(certificate_data_uri,
headers=headers)
set_properties("certificatedata", certificatedata, data)
json_certificate_data = get_properties(certificatedata)
self.certs = Certificates(self, json_certificate_data)
if self.certs is None:
return None
return self.certs
def test_set_properties(self):
obj = SampleDataContract()
data = {
'foo' : 1,
'baz': 'a'
}
set_properties('sample', obj, data)
self.assertFalse(hasattr(obj, 'baz'))
def get_ext_handlers(self, last_etag=None):
self.update_goal_state()
headers = {"x-ms-vmagent-public-x509-cert": self._get_trans_cert()}
ext_list = ExtHandlerList()
data, etag = self._get_data(self.ext_uri, headers=headers)
if last_etag is None or last_etag != etag:
set_properties("extensionHandlers", ext_list.extHandlers, data)
return ext_list, etag
def _setup_image_origin_assert(publisher, offer, sku, version):
s = '''{{
"publisher": "{0}",
"offer": "{1}",
"sku": "{2}",
"version": "{3}"
}}'''.format(publisher, offer, sku, version)
data = json.loads(s, encoding='utf-8')
compute_info = imds.ComputeInfo()
set_properties("compute", compute_info, data)
return compute_info.image_origin
def test_deserialize_ComputeInfo(self): # pylint: disable=invalid-name
# pylint: disable=invalid-name
s = '''{
"location": "westcentralus",
"name": "unit_test",
"offer": "UnitOffer",
"osType": "Linux",
"placementGroupId": "",
"platformFaultDomain": "0",
"platformUpdateDomain": "0",
"publisher": "UnitPublisher",
"resourceGroupName": "UnitResourceGroupName",
"sku": "UnitSku",
"subscriptionId": "e4402c6c-2804-4a0a-9dee-d61918fc4d28",
"tags": "Key1:Value1;Key2:Value2",
"vmId": "f62f23fb-69e2-4df0-a20b-cb5c201a3e7a",
"version": "UnitVersion",
"vmSize": "Standard_D1_v2",
"vmScaleSetName": "MyScaleSet",
"zone": "In"
}'''
# pylint: enable=invalid-name
data = json.loads(s, encoding='utf-8')
compute_info = imds.ComputeInfo()
set_properties("compute", compute_info, data)
self.assertEqual('westcentralus', compute_info.location)
self.assertEqual('unit_test', compute_info.name)
self.assertEqual('UnitOffer', compute_info.offer)
self.assertEqual('Linux', compute_info.osType)
self.assertEqual('', compute_info.placementGroupId)
self.assertEqual('0', compute_info.platformFaultDomain)
self.assertEqual('0', compute_info.platformUpdateDomain)
self.assertEqual('UnitPublisher', compute_info.publisher)
self.assertEqual('UnitResourceGroupName',
compute_info.resourceGroupName)
self.assertEqual('UnitSku', compute_info.sku)
self.assertEqual('e4402c6c-2804-4a0a-9dee-d61918fc4d28',
compute_info.subscriptionId)
self.assertEqual('Key1:Value1;Key2:Value2', compute_info.tags)
self.assertEqual('f62f23fb-69e2-4df0-a20b-cb5c201a3e7a',
compute_info.vmId)
self.assertEqual('UnitVersion', compute_info.version)
self.assertEqual('Standard_D1_v2', compute_info.vmSize)
self.assertEqual('MyScaleSet', compute_info.vmScaleSetName)
self.assertEqual('In', compute_info.zone)
self.assertEqual('UnitPublisher:UnitOffer:UnitSku:UnitVersion',
compute_info.image_info)
def get_compute(self):
"""
Fetch compute information.
:return: instance of a ComputeInfo
:rtype: ComputeInfo
"""
# ensure we get a 200
result = self.get_metadata('instance/compute', is_health=False)
if not result.success:
raise HttpError(result.response)
data = json.loads(ustr(result.response, encoding="utf-8"))
compute_info = ComputeInfo()
set_properties('compute', compute_info, data)
return compute_info
def get_ext_handler_pkgs(self, ext_handler):
logger.verbose("Get extension handler packages")
pkg_list = ExtHandlerPackageList()
manifest = None
for version_uri in ext_handler.versionUris:
try:
manifest, etag = self._get_data(version_uri.uri)
logger.verbose("Successfully downloaded manifest")
break
except ProtocolError as e:
logger.warn("Failed to fetch manifest: {0}", e)
if manifest is None:
raise ValueError("Extension manifest is empty")
set_properties("extensionPackages", pkg_list, manifest)
return pkg_list
def get_vmagent_pkgs(self, vmagent_manifest):
data = None
etag = None
for manifest_uri in vmagent_manifest.versionsManifestUris:
try:
data, etag = self._get_data(manifest_uri.uri)
break
except ProtocolError as e:
logger.verbose(
"Error retrieving agent package from {0}: {1}".format(
manifest_uri, e))
if data is None:
raise ProtocolError(
"Failed retrieving agent package from all URIs")
vmagent_pkgs = ExtHandlerPackageList()
set_properties("vmAgentVersions", vmagent_pkgs, data)
return vmagent_pkgs
def test_report_event(self, mock_post):
events = TelemetryEventList()
data = self.load_json("events/1478123456789000.tld")
event = TelemetryEvent()
set_properties("event", event, data)
events.events.append(event)
data = self.load_json("events/1478123456789001.tld")
event = TelemetryEvent()
set_properties("event", event, data)
events.events.append(event)
data = self.load_json("events/1479766858966718.tld")
event = TelemetryEvent()
set_properties("event", event, data)
events.events.append(event)
protocol = MetadataProtocol()
protocol.report_event(events)
events_uri = BASE_URI.format(
METADATA_ENDPOINT,
"status/telemetry",
APIVERSION)
self.assertEqual(mock_post.call_count, 1)
self.assertEqual(mock_post.call_args[0][0], events_uri)
self.assertEqual(mock_post.call_args[0][1], get_properties(events))
def __init__(self, xml_text):
self.cert_list = CertList()
# Save the certificates
local_file = os.path.join(conf.get_lib_dir(), CERTS_FILE_NAME)
fileutil.write_file(local_file, xml_text)
# Separate the certificates into individual files.
xml_doc = parse_doc(xml_text)
data = findtext(xml_doc, "Data")
if data is None:
return
# if the certificates format is not Pkcs7BlobWithPfxContents do not parse it
certificateFormat = findtext(xml_doc, "Format")
if certificateFormat and certificateFormat != "Pkcs7BlobWithPfxContents":
logger.warn("The Format is not Pkcs7BlobWithPfxContents. Format is " + certificateFormat)
return
cryptutil = CryptUtil(conf.get_openssl_cmd())
p7m_file = os.path.join(conf.get_lib_dir(), P7M_FILE_NAME)
p7m = ("MIME-Version:1.0\n" # pylint: disable=W1308
"Content-Disposition: attachment; filename=\"{0}\"\n"
"Content-Type: application/x-pkcs7-mime; name=\"{1}\"\n"
"Content-Transfer-Encoding: base64\n"
"\n"
"{2}").format(p7m_file, p7m_file, data)
fileutil.write_file(p7m_file, p7m)
trans_prv_file = os.path.join(conf.get_lib_dir(), TRANSPORT_PRV_FILE_NAME)
trans_cert_file = os.path.join(conf.get_lib_dir(), TRANSPORT_CERT_FILE_NAME)
pem_file = os.path.join(conf.get_lib_dir(), PEM_FILE_NAME)
# decrypt certificates
cryptutil.decrypt_p7m(p7m_file, trans_prv_file, trans_cert_file, pem_file)
# The parsing process use public key to match prv and crt.
buf = []
begin_crt = False # pylint: disable=W0612
begin_prv = False # pylint: disable=W0612
prvs = {}
thumbprints = {}
index = 0
v1_cert_list = []
with open(pem_file) as pem:
for line in pem.readlines():
buf.append(line)
if re.match(r'[-]+BEGIN.*KEY[-]+', line):
begin_prv = True
elif re.match(r'[-]+BEGIN.*CERTIFICATE[-]+', line):
begin_crt = True
elif re.match(r'[-]+END.*KEY[-]+', line):
tmp_file = Certificates._write_to_tmp_file(index, 'prv', buf)
pub = cryptutil.get_pubkey_from_prv(tmp_file)
prvs[pub] = tmp_file
buf = []
index += 1
begin_prv = False
elif re.match(r'[-]+END.*CERTIFICATE[-]+', line):
tmp_file = Certificates._write_to_tmp_file(index, 'crt', buf)
pub = cryptutil.get_pubkey_from_crt(tmp_file)
thumbprint = cryptutil.get_thumbprint_from_crt(tmp_file)
thumbprints[pub] = thumbprint
# Rename crt with thumbprint as the file name
crt = "{0}.crt".format(thumbprint)
v1_cert_list.append({
"name": None,
"thumbprint": thumbprint
})
os.rename(tmp_file, os.path.join(conf.get_lib_dir(), crt))
buf = []
index += 1
begin_crt = False
# Rename prv key with thumbprint as the file name
for pubkey in prvs:
thumbprint = thumbprints[pubkey]
if thumbprint:
tmp_file = prvs[pubkey]
prv = "{0}.prv".format(thumbprint)
os.rename(tmp_file, os.path.join(conf.get_lib_dir(), prv))
logger.info("Found private key matching thumbprint {0}".format(thumbprint))
else:
# Since private key has *no* matching certificate,
# it will not be named correctly
logger.warn("Found NO matching cert/thumbprint for private key!")
# Log if any certificates were found without matching private keys
# This can happen (rarely), and is useful to know for debugging
for pubkey in thumbprints:
if not pubkey in prvs:
msg = "Certificate with thumbprint {0} has no matching private key."
logger.info(msg.format(thumbprints[pubkey]))
for v1_cert in v1_cert_list:
cert = Cert()
set_properties("certs", cert, v1_cert)
self.cert_list.certificates.append(cert)
def parse_json_event(data_str):
data = json.loads(data_str)
event = TelemetryEvent()
set_properties("TelemetryEvent", event, data)
return event
def parse(self, json_text):
"""
Parse multiple certificates into seperate files.
"""
data = json_text["certificateData"]
if data is None:
logger.verbose("No data in json_text received!")
return
cryptutil = CryptUtil(conf.get_openssl_cmd())
p7b_file = os.path.join(conf.get_lib_dir(), P7B_FILE_NAME)
# Wrapping the certificate lines.
# decode and save the result into p7b_file
fileutil.write_file(p7b_file, base64.b64decode(data), asbin=True)
ssl_cmd = "openssl pkcs7 -text -in {0} -inform der | grep -v '^-----' "
ret, data = shellutil.run_get_output(ssl_cmd.format(p7b_file))
p7m_file = os.path.join(conf.get_lib_dir(), P7M_FILE_NAME)
p7m = ("MIME-Version:1.0\n"
"Content-Disposition: attachment; filename=\"{0}\"\n"
"Content-Type: application/x-pkcs7-mime; name=\"{1}\"\n"
"Content-Transfer-Encoding: base64\n"
"\n"
"{2}").format(p7m_file, p7m_file, data)
self.save_cache(p7m_file, p7m)
trans_prv_file = os.path.join(conf.get_lib_dir(),
TRANSPORT_PRV_FILE_NAME)
trans_cert_file = os.path.join(conf.get_lib_dir(),
TRANSPORT_CERT_FILE_NAME)
pem_file = os.path.join(conf.get_lib_dir(), PEM_FILE_NAME)
# decrypt certificates
cryptutil.decrypt_p7m(p7m_file, trans_prv_file, trans_cert_file,
pem_file)
# The parsing process use public key to match prv and crt.
buf = []
begin_crt = False
begin_prv = False
prvs = {}
thumbprints = {}
index = 0
v1_cert_list = []
with open(pem_file) as pem:
for line in pem.readlines():
buf.append(line)
if re.match(r'[-]+BEGIN.*KEY[-]+', line):
begin_prv = True
elif re.match(r'[-]+BEGIN.*CERTIFICATE[-]+', line):
begin_crt = True
elif re.match(r'[-]+END.*KEY[-]+', line):
tmp_file = self.write_to_tmp_file(index, 'prv', buf)
pub = cryptutil.get_pubkey_from_prv(tmp_file)
prvs[pub] = tmp_file
buf = []
index += 1
begin_prv = False
elif re.match(r'[-]+END.*CERTIFICATE[-]+', line):
tmp_file = self.write_to_tmp_file(index, 'crt', buf)
pub = cryptutil.get_pubkey_from_crt(tmp_file)
thumbprint = cryptutil.get_thumbprint_from_crt(tmp_file)
thumbprints[pub] = thumbprint
# Rename crt with thumbprint as the file name
crt = "{0}.crt".format(thumbprint)
v1_cert_list.append({
"name": None,
"thumbprint": thumbprint
})
os.rename(tmp_file, os.path.join(conf.get_lib_dir(), crt))
buf = []
index += 1
begin_crt = False
# Rename prv key with thumbprint as the file name
for pubkey in prvs:
thumbprint = thumbprints[pubkey]
if thumbprint:
tmp_file = prvs[pubkey]
prv = "{0}.prv".format(thumbprint)
os.rename(tmp_file, os.path.join(conf.get_lib_dir(), prv))
for v1_cert in v1_cert_list:
cert = Cert()
set_properties("certs", cert, v1_cert)
self.cert_list.certificates.append(cert)
def get_vminfo(self):
vminfo = VMInfo()
data, etag = self._get_data(self.identity_uri)
set_properties("vminfo", vminfo, data)
return vminfo
