def _parse_settings(self, parser): if not parser.has_section('server'): raise exceptions.ConfigurationError( "The server configuration file does not have a 'server' " "section.") settings = [x[0] for x in parser.items('server')] for s in settings: if s not in self._expected_settings + self._optional_settings: raise exceptions.ConfigurationError( "Setting '{0}' is not a supported setting. Please " "remove it from the configuration file.".format(s)) for setting in self._expected_settings: if setting not in settings: raise exceptions.ConfigurationError( "Setting '{0}' is missing from the configuration " "file.".format(setting)) if parser.has_option('server', 'hostname'): self._set_hostname(parser.get('server', 'hostname')) if parser.has_option('server', 'port'): self._set_port(parser.getint('server', 'port')) if parser.has_option('server', 'certificate_path'): self._set_certificate_path(parser.get('server', 'certificate_path')) if parser.has_option('server', 'key_path'): self._set_key_path(parser.get('server', 'key_path')) if parser.has_option('server', 'ca_path'): self._set_ca_path(parser.get('server', 'ca_path')) if parser.has_option('server', 'auth_suite'): self._set_auth_suite(parser.get('server', 'auth_suite')) if parser.has_option('server', 'policy_path'): self._set_policy_path(parser.get('server', 'policy_path'))
def _set_logging_level(self, value): if value is None: self.settings['logging_level'] = logging.INFO return logging_levels = { "DEBUG": logging.DEBUG, "INFO": logging.INFO, "WARNING": logging.WARNING, "ERROR": logging.ERROR, "CRITICAL": logging.CRITICAL } if value in logging_levels.values(): self.settings['logging_level'] = value elif isinstance(value, six.string_types): level = logging_levels.get(value.upper()) if level: self.settings['logging_level'] = level else: raise exceptions.ConfigurationError( "The logging level must be a string representing a valid " "logging level." ) else: raise exceptions.ConfigurationError( "The logging level must be a string representing a valid " "logging level." )
def _set_port(self, value): if isinstance(value, six.integer_types): if 0 < value < 65535: self.settings['port'] = value else: raise exceptions.ConfigurationError( "The port value must be an integer in the range 0 - 65535." ) else: raise exceptions.ConfigurationError( "The port value must be an integer in the range 0 - 65535.")
def _set_key_path(self, value): if value is None: self.settings['key_path'] = None elif isinstance(value, six.string_types): if os.path.exists(value): self.settings['key_path'] = value else: raise exceptions.ConfigurationError( "The key path value, if specified, must be a valid string " "path to a certificate key file.") else: raise exceptions.ConfigurationError( "The key path value, if specified, must be a valid string " "path to a certificate key file.")
def _set_ca_path(self, value): if value is None: self.settings['ca_path'] = None elif isinstance(value, six.string_types): if os.path.exists(value): self.settings['ca_path'] = value else: raise exceptions.ConfigurationError( "The certificate authority (CA) path value, if " "specified, must be a valid string path to a CA " "certificate file.") else: raise exceptions.ConfigurationError( "The certificate authority (CA) path value, if specified, " "must be a valid string path to a CA certificate file.")
def _set_certificate_path(self, value): print(value) if value is None: self.settings['certificate_path'] = None elif isinstance(value, six.string_types): if os.path.exists(value): self.settings['certificate_path'] = value else: raise exceptions.ConfigurationError( "The certificate path value, if specified, must be a " "valid string path to a certificate file.") else: raise exceptions.ConfigurationError( "The certificate path value, if specified, must be a valid " "string path to a certificate file.")
def load_settings(self, path): """ Load configuration settings from the file pointed to by path. This will overwrite all current setting values. Args: path (string): The path to the configuration file containing the settings to load. Required. Raises: ConfigurationError: Raised if the path does not point to an existing file or if a setting value is invalid. """ if not os.path.exists(path): raise exceptions.ConfigurationError( "The server configuration file ('{0}') could not be " "located.".format(path) ) self._logger.info( "Loading server configuration settings from: {0}".format(path) ) parser = configparser.SafeConfigParser() parser.read(path) self._parse_settings(parser)
def _set_hostname(self, value): if isinstance(value, six.string_types): self.settings['hostname'] = value else: raise exceptions.ConfigurationError( "The hostname value must be a string." )
def set_setting(self, setting, value): """ Set a specific setting value. This will overwrite the current setting value for the specified setting. Args: setting (string): The name of the setting to set (e.g., 'certificate_path', 'hostname'). Required. value (misc): The value of the setting to set. Type varies based on setting. Required. Raises: ConfigurationError: Raised if the setting is not supported or if the setting value is invalid. """ if setting not in self._expected_settings + self._optional_settings: raise exceptions.ConfigurationError( "Setting '{0}' is not supported.".format(setting)) if setting == 'hostname': self._set_hostname(value) elif setting == 'port': self._set_port(value) elif setting == 'certificate_path': self._set_certificate_path(value) elif setting == 'key_path': self._set_key_path(value) elif setting == 'ca_path': self._set_ca_path(value) elif setting == 'auth_suite': self._set_auth_suite(value) else: self._set_policy_path(value)
def authenticate(self, connection_certificate=None, connection_info=None, request_credentials=None): """ Query the configured SLUGS service with the provided credentials. Args: connection_certificate (cryptography.x509.Certificate): An X.509 certificate object obtained from the connection being authenticated. Required for SLUGS authentication. connection_info (tuple): A tuple of information pertaining to the connection being authenticated, including the source IP address and a timestamp (e.g., ('127.0.0.1', 1519759267.467451)). Optional, defaults to None. Ignored for SLUGS authentication. request_credentials (list): A list of KMIP Credential structures containing credential information to use for authentication. Optional, defaults to None. Ignored for SLUGS authentication. """ if (self.users_url is None) or (self.groups_url is None): raise exceptions.ConfigurationError( "The SLUGS URL must be specified." ) user_id = utils.get_client_identity_from_certificate( connection_certificate ) try: response = requests.get(self.users_url.format(user_id)) except Exception: raise exceptions.ConfigurationError( "A connection could not be established using the SLUGS URL." ) if response.status_code == 404: raise exceptions.PermissionDenied( "Unrecognized user ID: {}".format(user_id) ) response = requests.get(self.groups_url.format(user_id)) if response.status_code == 404: raise exceptions.PermissionDenied( "Group information could not be retrieved for user ID: " "{}".format(user_id) ) return user_id, response.json().get('groups')
def _set_auth_suite(self, value): auth_suites = ['Basic', 'TLS1.2'] if value not in auth_suites: raise exceptions.ConfigurationError( "The authentication suite must be one of the " "following: Basic, TLS1.2") else: self.settings['auth_suite'] = value
def _set_policy_path(self, value): if not value: self.settings['policy_path'] = None elif isinstance(value, six.string_types): self.settings['policy_path'] = value else: raise exceptions.ConfigurationError( "The policy path, if specified, must be a valid string path " "to a filesystem directory.")
def _set_tls_cipher_suites(self, value): if not value: self.settings['tls_cipher_suites'] = [] return if isinstance(value, six.string_types): value = value.split() if isinstance(value, list): for entry in value: if not isinstance(entry, six.string_types): raise exceptions.ConfigurationError( "The TLS cipher suites must be a set of strings " "representing cipher suite names.") self.settings['tls_cipher_suites'] = list(set(value)) else: raise exceptions.ConfigurationError( "The TLS cipher suites must be a set of strings representing " "cipher suite names.")
def _set_enable_tls_client_auth(self, value): if value is None: self.settings['enable_tls_client_auth'] = True elif isinstance(value, bool): self.settings['enable_tls_client_auth'] = value else: raise exceptions.ConfigurationError( "The flag enabling the TLS certificate client auth flag check " "must be a boolean.")
def _set_database_path(self, value): if not value: self.settings['database_path'] = None elif isinstance(value, six.string_types): self.settings['database_path'] = value else: raise exceptions.ConfigurationError( "The database path, if specified, must be a valid path to a " "SQLite database file." )