def __init__(self, cty_direct_call, device_index, finished_callback,
console_object):
self.cty_direct_call = cty_direct_call
self.device_index = device_index
self.console_object = console_object
super(
RemoteBackupScript, self
).__init__(node_list=[
script_node(
'continue',
'Are you sure you want to back up the keys on device:%i to a remote device? (y/n) '
% device_index,
ValueType.YesNo,
callback=self.continuePromptCallback),
script_node(
'continue',
'Have you connected a CrypTech device to the host computer? (y/n) ',
ValueType.YesNo,
callback=self.continueAttachedCrypTech),
script_node(
'cryptech_pin',
"Please enter the 'user' pin for the CrypTech device. > ",
ValueType.AnyString,
callback=self.pinEntered),
script_node(
'continue',
'Has the master key been generated on the CrypTech device? (y/n) ',
ValueType.YesNo,
callback=self.continueCrypTechMasterKey)
],
finished_callback=finished_callback)
def addIPAddressCallback(self, response):
if (response == '0.0.0.0'):
if (len(self.ipaddr_list) == 0):
self.cty_direct_call(
'Unable to set IP address list. Must include at least one IP address.'
)
return None
self.cty_direct_call('Adding the following IP address')
for ip in self.ipaddr_list:
self.cty_direct_call(ip)
self.node_list.append(
script_node('correct',
'Are these settings correct? (y/n) ',
ValueType.YesNo,
callback=self.acceptSettingsCallback))
else:
self.ipaddr_list.append(response)
self.node_list.append(
script_node(
'ipaddr',
'Please enter one IP address at a time. Enter 0 when done. > ',
ValueType.IP4Address,
callback=self.addIPAddressCallback))
return self
def __init__(self, settings, cty_direct_call, hsm_setting,
generate_firewall_rules):
super(firewall_iprange_script, self).__init__(
settings,
cty_direct_call,
hsm_setting,
generate_firewall_rules,
node_list=[
script_node(
'continue',
"Would you like to set '%s' to an IP range? (y/n) " %
hsm_setting.value,
ValueType.YesNo,
callback=self.continuePromptCallback),
script_node(
'startip',
'Please enter the start of the address range. (ex. 192.1.1.1) ',
ValueType.IP4Address),
script_node(
'endip',
'Please enter the end of the address range. (ex. 192.1.1.255) ',
ValueType.IP4Address,
callback=self.showEnteredSettings),
script_node('correct',
'Are these settings correct? (y/n) ',
ValueType.YesNo,
callback=self.setIPSettingsCallback)
])
def __init__(self, settings, cty_direct_call, safe_shutdown):
self.settings = settings
self.cty_direct_call = cty_direct_call
self.safe_shutdown = safe_shutdown
super(DHCPScriptModule, self).__init__(node_list=[
script_node('continue',
'Would you like to set the HSM to use DHCP? (y/n) ',
ValueType.YesNo,
callback=self.continuePromptCallback),
script_node(
'restart',
'The HSM will need to restart. Would you like to restart now? (y/n) ',
ValueType.YesNo,
callback=self.restartPromptCallback)
])
def __init__(self, console_object):
self.console_object = console_object
first_time_msg = (
"\r\nDIAMOND-HSM by Diamond Key Security, NFP\r\n"
"\r\nThe HSM is preparing to run for the first time and"
"\r\nis now setting up it's authorization security protocal."
"\r\nAs a part of this process, the 'so' (Security Officer)"
"\r\nand 'wheel' (HSM maintainer) passwords must be set."
"\r\nAfter these passwords have been set, either can be"
"\r\nused to log into the HSM after a reset, but both will"
"\r\nbe needed to perfom certain task on the HSM such as"
"\r\nresponding to a tamper event. Once the passwords have"
"\r\nbeen set, only that user will be able to change it."
"\r\n\r\nWould you like to continue setup now? (y/n) ")
node_list = []
node_list.append(
script_node('continue',
first_time_msg,
ValueType.YesNo,
callback=self.continuePromptCallback))
super(HSMAuthSetupScriptModule, self).__init__(node_list=node_list)
def addCheckSettings(self):
if ('masterkey_value' in self.results):
if (self.results['masterkey_value'] == ''):
masterkey_option = 'Master key will be randomly generated on the backup device.'
else:
masterkey_option = self.results['masterkey_value']
else:
self.results['masterkey_value'] = None
masterkey_option = 'The master key was already set on the device.'
self.results['device_index'] = self.device_index
self.node_list.insert(
self.current,
script_node(
'continue',
'Would you like to back up to a CrypTech device using the following options?:\r\n'
' Backup CrypTech device master key: %s\r\n'
' Source internal device index : %i\r\n'
'Continue with these settings? (y/n) ' %
(masterkey_option, self.results['device_index']),
ValueType.YesNo,
callback=self.checkSettingsCallback))
return self
def continuePromptCallback(self, response):
if (response == True):
default_wheel_pin = "YouReallyNeedToChangeThisPINRightNowWeAreNotKidding"
success = self.log_into_devices("wheel", default_wheel_pin)
if (success is False):
self.password_index = len(self.node_list)
self.console_object.cty_direct_call(
"Unable to log into to the CrypTech device using the\r\n"
"default 'wheel' password.\r\n")
self.console_object.set_hide_input(True)
self.node_list.append(
script_node('password',
"Enter the 'wheel' password: "******"The HSM will shutdown in 5 seconds....")
time.sleep(5)
self.console_object.safe_shutdown.shutdown()
def __init__(self, cty_direct_call, device_index, finished_callback, console_object):
self.cty_direct_call = cty_direct_call
self.device_index = device_index
self.console_object = console_object
super(SyncImportSetup, self).__init__(node_list = [
script_node('continue',
'\r\nAre you sure you want to generate a KEKEK\r\n'
'for device:%i for an import operation? (y/n) '%device_index,
ValueType.YesNo, callback=self.continuePromptCallback),
script_node('setup_json_path',
'Please enter the file name with path on the\r\n'
'host computer to save the setup json. > ',
ValueType.AnyString, callback=self.setupjson_entered)
],
finished_callback=finished_callback,
auto_finished_callback=False)
def addSetMasterKeyScript(self):
self.node_list.insert(self.current, script_node('masterkey_value',
('Please enter the master key. This cannot be left blank.\r\n'
' -------- -------- -------- -------- -------- -------- -------- --------\r\n'
'> '),
ValueType.AnyString, callback=self.setMasterKeyCallback))
return self
def __init__(self, settings, cty_direct_call, safe_shutdown):
self.settings = settings
self.cty_direct_call = cty_direct_call
self.safe_shutdown = safe_shutdown
super(StaticIPScriptModule, self).__init__(node_list=[
script_node(
'continue',
'Would you like to set a manual static IP address? (y/n) ',
ValueType.YesNo,
callback=self.continuePromptCallback),
script_node('ipaddr',
'Please enter the IP address. (ex. 192.1.1.10) ',
ValueType.IP4Address),
script_node('netmask',
'Please enter the net mask. (ex. 255.255.255.0) ',
ValueType.IP4Address),
script_node(
'broadcast',
'Please enter the broadcast address. (ex. 192.1.1.255) ',
ValueType.IP4Address),
script_node('gateway',
'Please enter the gateway. (ex. 192.1.1.1) ',
ValueType.IP4Address,
callback=self.showEnteredSettings),
script_node('correct',
'Are these settings correct? (y/n) ',
ValueType.YesNo,
callback=self.setIPSettingsCallback),
script_node(
'restart',
'The HSM will need to restart. Would you like to restart now? (y/n) ',
ValueType.YesNo,
callback=self.restartPromptCallback)
])
def __init__(self, cty_direct_call, safe_shutdown):
self.cty_direct_call = cty_direct_call
self.safe_shutdown = safe_shutdown
super(UpdateRestartScriptModule, self).__init__([
script_node(
'restart',
'The HSM will need to restart. Would you like to restart now? (y/n) ',
ValueType.YesNo,
callback=self.continuePromptCallback)
])
def __init__(self, cty_direct_call, device_index, finished_callback,
console_object):
self.cty_direct_call = cty_direct_call
self.device_index = device_index
self.console_object = console_object
super(SyncImport, self).__init__(node_list=[
script_node('continue', (
'\r\nAre you sure you want to import CrypTech Json data\r\n'
'from a remote device to this HSM\'s internal device #%i? (y/n) '
% device_index),
ValueType.YesNo,
callback=self.continuePromptCallback),
script_node('export_json_path', (
'Please enter the file name with path on the host computer\r\n'
'of the export json from the external device. > '),
ValueType.AnyString,
callback=self.exportjson_entered)
],
finished_callback=finished_callback,
auto_finished_callback=False)
def addSetMasterKeyScript(self):
self.node_list.insert(
self.current,
script_node('masterkey_value', (
'Please enter the master key or leave it blank to set it to a random value\r\n'
' -------- -------- -------- -------- -------- -------- -------- --------\r\n'
'> '),
ValueType.AnyString,
callback=self.setMasterKeyCallback))
return self
def setupjson_entered(self, response):
self.results['device_index'] = self.device_index
self.node_list.insert(self.current, script_node('continue',
'Would you like to generate a KEKEK using the following settings?:\r\n'
' Output setup.json path ------------: %s\r\n'
' Destination internal device index -: %i\r\n'
'Continue with these settings? (y/n) '%(self.results['setup_json_path'],
self.results['device_index']),
ValueType.YesNo, callback=self.checkSettingsCallback))
return self
def __init__(self, cty_direct_call, device_index, finished_callback, console_object):
self.cty_direct_call = cty_direct_call
self.device_index = device_index
self.console_object = console_object
super(SyncExport, self).__init__(node_list = [
script_node('continue',
'\r\nAre you sure you to use a KEKEK from an external\r\n'
'device to securely export keys from this device:%i? (y/n) '%device_index,
ValueType.YesNo, callback=self.continuePromptCallback),
script_node('setup_json_path',
'Please enter the file name with path on the\r\n'
'host computer of the setup.json file from\r\n'
'the destination HSM. > ',
ValueType.AnyString, callback=None),
script_node('export_json_path',
'Please enter the file name with path on the\r\n'
'host computer to save the export json\r\n'
'with the export data from this device. > ',
ValueType.AnyString, callback=self.exportjson_entered)
],
finished_callback=finished_callback,
auto_finished_callback=False)
def __init__(self, settings, cty_direct_call, hsm_setting,
generate_firewall_rules):
self.ipaddr_list = []
super(firewall_iplist_script, self).__init__(
settings,
cty_direct_call,
hsm_setting,
generate_firewall_rules,
node_list=[
script_node(
'continue',
"Would you like to set '%s' to an IP address list? (y/n) "
% hsm_setting.value,
ValueType.YesNo,
callback=self.continuePromptCallback),
script_node(
'ipaddr',
'Please enter one IP address at a time. Enter 0 when done. > ',
ValueType.IP4Address,
callback=self.addIPAddressCallback)
])
def setMasterKeyPromptCallback(self, response):
"""Process user response about whether they want to set the master key"""
if (response == True):
self.node_list.insert(
self.current,
script_node('masterkey_value', (
'Please enter the master key or leave it blank to set it to a random value\r\n'
' -------- -------- -------- -------- -------- -------- -------- --------\r\n'
'> '),
ValueType.AnyString,
callback=self.setMasterKeyCallback))
return self
else:
return None
def __init__(self, settings, cty_direct_call, hsm_setting,
generate_firewall_rules):
super(firewall_block_script, self).__init__(
settings,
cty_direct_call,
hsm_setting,
generate_firewall_rules,
node_list=[
script_node('continue',
"Would you like to set '%s' to block all? (y/n) " %
hsm_setting.value,
ValueType.YesNo,
callback=self.continuePromptCallback)
])
def __init__(self, cty_direct_call, set_hide_input, cty_connection, user, must_set = False, finished_callback = None):
self.cty_direct_call = cty_direct_call
self.set_hide_input = set_hide_input
self.cty_connection = cty_connection
self.user = user
node_list = []
if (not must_set):
node_list.append(script_node('continue',
"Would you like to set the '%s' PIN? (y/n) "%DKS_HALUser.to_name(user),
ValueType.YesNo, callback=self.continuePromptCallback))
else:
self.set_hide_input(True)
node_list.append(script_node('password',
"Enter the new '%s' PIN: "%DKS_HALUser.to_name(user),
ValueType.AnyString, callback=None))
node_list.append(script_node('confirm_password',
"Confirm the new '%s' PIN: "%DKS_HALUser.to_name(user),
ValueType.AnyString, callback=self.confirmPassword))
super(PasswordScriptModule, self).__init__(node_list = node_list, finished_callback = finished_callback)
def __init__(self, settings, cty_direct_call, hsm_setting,
update_firewall_from_settings):
self.settings = settings
self.cty_direct_call = cty_direct_call
self.hsm_setting = hsm_setting
self.update_firewall_from_settings = update_firewall_from_settings
cur_setting_value = self.settings.get_setting(hsm_setting)
if ((cur_setting_value is None) or (cur_setting_value is True)):
current_setting = 'accepting all connections'
elif isinstance(cur_setting_value, tuple):
current_setting = 'accepting connections from ip range, %s to %s' % (
cur_setting_value[0], cur_setting_value[1])
elif isinstance(cur_setting_value, list):
current_setting = 'accepting connections from the ip address list'
elif (cur_setting_value is False):
current_setting = 'blocking all connections'
super(FirewallChangeSettingScript, self).__init__(node_list=[
script_node(
'continue',
"%s is currently set to :'%s.'\r\nWould you like to change this? (y/n) "
% (hsm_setting.value, current_setting),
ValueType.YesNo,
callback=self.continuePromptCallback),
script_node('changeTo', (
"What would you like to change this to?\r\n"
" A - (A)ccept all\r\n"
" R - IP address (R)ange\r\n"
" L - IP address (L)ist\r\n"
" B - (B)lock all connections\r\n\r\n"
"'A', 'R', 'L', or 'B' > "),
ValueType.AnyString,
callback=self.changeToPromptCallback)
])
def __init__(self,
cty_conn,
cty_direct_call,
settings,
message=None,
finished_callback=None):
self.cty_conn = cty_conn
self.cty_direct_call = cty_direct_call
self.settings = settings
if (message is None):
message = '\r\nAre you sure you want to set the master key? (y/n) '
super(MasterKeySetScriptModule,
self).__init__([
script_node('setmasterkey',
message,
ValueType.YesNo,
callback=self.setMasterKeyPromptCallback)
],
finished_callback=finished_callback)
def __init__(self, console_object, username, pin):
self.console_object = console_object
self.settings = self.console_object.settings
self.username = username
self.pin = pin
first_time_msg = (
"\r\nAfter system resets and updates, the HSM must"
"\r\nperform diagnostic procedures on the internal"
"\r\nCrypTech devices. During this procedure, the"
"\r\nHSM must not lose power."
"\r\n\r\nWould you like to continue setup now? (y/n) ")
node_list = []
node_list.append(
script_node('continue',
first_time_msg,
ValueType.YesNo,
callback=self.continuePromptCallback))
super(HSMHardwareSetupScriptModule, self).__init__(node_list=node_list)
def __init__(self, cty_conn, cty_direct_call, tamper_configs,
finished_callback):
self.cty_conn = cty_conn
self.cty_direct_call = cty_direct_call
self.tamper_configs = tamper_configs
setting_string = "\r\nAfter HSM reset, the tamper settings on the device need to be reset.\r\nThese are the previous settings:"
for name, setting in tamper_configs.settings.iteritems():
setting_string = "%s\r\n %s : " % (setting_string,
name.ljust(12))
for param in setting[1]:
setting_string = "%s %s" % (setting_string, str(param))
setting_string = "%s\r\nWould you like to use the previous settings now? (y/n) " % setting_string
super(TamperSettingsScriptModule,
self).__init__([
script_node('usePreviousSettings',
str(setting_string),
ValueType.YesNo,
callback=self.setUsePreviousSettings)
],
finished_callback=finished_callback)
