def download_syndicate_public_key( config ):
assert 'syndicate_host' in config
assert 'no_tls' in config
port = config.get("syndicate_port", None)
if port is None:
port = conf.default_syndicate_port( config['syndicate_host'], config['no_tls'] )
url = conf.make_ms_url( config['syndicate_host'], port, config['no_tls'], urlpath="PUBKEY" )
pubkey_req = requests.get( url )
if pubkey_req.status_code != 200:
raise Exception("Failed to get public key from %s, HTTP status %s" % (url, pubkey_req.status) )
assert hasattr(pubkey_req, "content"), "Invalid response; no content given!"
pubkey_pem = str(pubkey_req.content)
pubkey_pem = pubkey_pem.strip()
# validate
try:
pubkey = CryptoKey.importKey( pubkey_pem )
except Exception, e:
log.error("Invalid key")
raise e
def download_syndicate_public_key(config):
assert 'syndicate_host' in config
assert 'no_tls' in config
port = config.get("syndicate_port", None)
if port is None:
port = conf.default_syndicate_port(config['syndicate_host'],
config['no_tls'])
url = conf.make_ms_url(config['syndicate_host'],
port,
config['no_tls'],
urlpath="PUBKEY")
pubkey_req = requests.get(url)
if pubkey_req.status_code != 200:
raise Exception("Failed to get public key from %s, HTTP status %s" %
(url, pubkey_req.status))
assert hasattr(pubkey_req,
"content"), "Invalid response; no content given!"
pubkey_pem = str(pubkey_req.content)
pubkey_pem = pubkey_pem.strip()
# validate
try:
pubkey = CryptoKey.importKey(pubkey_pem)
except Exception, e:
log.error("Invalid key")
raise e
def do_setup(config, all_params):
print "Setting up syntool..."
# if the config file already exists, then bail
if os.path.exists(conf.CONFIG_FILENAME):
raise Exception("Syntool is already set up (in %s)" % conf.CONFIG_DIR)
# check args...
for required_key in ['syndicate_host', 'syndicate_port', 'user_id']:
if config.get(required_key, None) is None:
print >> sys.stderr, "Missing argument: %s" % required_key
sys.exit(1)
key_dirs = {}
write_config = {}
for key_type, key_dirname in conf.KEY_DIR_NAMES.items():
key_dirs[key_type] = key_dirname + "/"
# generate URL if not given already
if not config.has_key('url'):
config['url'] = conf.make_ms_url(config['syndicate_host'],
config['syndicate_port'],
config['no_tls'])
write_config.update(key_dirs)
for attr in ['user_id', 'url']:
write_config[attr] = config[attr]
config_str = conf.make_config_str(write_config)
log.debug("Obtaining Syndicate public key...")
syndicate_public_key = download_syndicate_public_key(config)
if syndicate_public_key is None:
raise Exception("Failed to obtain Syndicate public key")
if not config['trust_public_key']:
do_trust = ask_trust_public_key(config, syndicate_public_key)
if not do_trust:
log.error("Refusing to trust key.")
sys.exit(0)
# store this for activation
try:
config['syndicate_public_key'] = CryptoKey.importKey(
syndicate_public_key)
except Exception, e:
# shouldn't fail--download_syndicate_public_key validates
log.error("Invalid public key")
log.exception(e)
sys.exit(1)
def do_setup( config, all_params ):
print "Setting up syntool..."
# if the config file already exists, then bail
if os.path.exists( conf.CONFIG_FILENAME ):
raise Exception("Syntool is already set up (in %s)" % conf.CONFIG_DIR)
# check args...
for required_key in ['syndicate_host', 'syndicate_port', 'user_id']:
if config.get(required_key, None) is None:
print >> sys.stderr, "Missing argument: %s" % required_key
sys.exit(1)
key_dirs = {}
write_config = {}
for key_type, key_dirname in conf.KEY_DIR_NAMES.items():
key_dirs[key_type] = key_dirname + "/"
# generate URL if not given already
if not config.has_key('url'):
config['url'] = conf.make_ms_url( config['syndicate_host'], config['syndicate_port'], config['no_tls'] )
write_config.update( key_dirs )
for attr in ['user_id', 'url']:
write_config[attr] = config[attr]
config_str = conf.make_config_str( write_config )
log.debug("Obtaining Syndicate public key...")
syndicate_public_key = download_syndicate_public_key( config )
if syndicate_public_key is None:
raise Exception("Failed to obtain Syndicate public key")
if not config['trust_public_key']:
do_trust = ask_trust_public_key( config, syndicate_public_key )
if not do_trust:
log.error("Refusing to trust key.")
sys.exit(0)
# store this for activation
try:
config['syndicate_public_key'] = CryptoKey.importKey( syndicate_public_key )
except Exception, e:
# shouldn't fail--download_syndicate_public_key validates
log.error("Invalid public key")
log.exception(e)
sys.exit(1)
def make_rpc_client( config, username=None, password=None, user_private_key=None, syndicate_public_key=None, no_verify_result=False ):
ms_url = conf.make_ms_url( config['syndicate_host'], config['syndicate_port'], config['no_tls'] )
if not ms_url.lower().startswith("https://"):
log.warning("MS URL %s is NOT secure!" % ms_url )
signer = None
verifier = None
if user_private_key is not None:
log.info("Using public-key authentication")
signer = lambda method_name, data: api_call_signer( user_private_key, method_name, data )
# use public-key authentication
ms_url += "/pubkey"
if syndicate_public_key is not None and not no_verify_result:
verifier = lambda method_name, args, kw, data, syndicate_data, rpc_result: api_call_verifier( config, syndicate_public_key, method_name, data, syndicate_data, rpc_result )
json_client = jsonrpc.Client( ms_url, msconfig.JSON_MS_API_VERSION, signer=signer, verifier=verifier, username=username, password=password )
return json_client
def make_rpc_client(config,
username=None,
password=None,
user_private_key=None,
syndicate_public_key=None,
no_verify_result=False):
ms_url = conf.make_ms_url(config['syndicate_host'],
config['syndicate_port'], config['no_tls'])
if not ms_url.lower().startswith("https://"):
log.warning("MS URL %s is NOT secure!" % ms_url)
signer = None
verifier = None
if user_private_key is not None:
log.info("Using public-key authentication")
signer = lambda method_name, data: api_call_signer(
user_private_key, method_name, data)
# use public-key authentication
ms_url += "/pubkey"
if syndicate_public_key is not None and not no_verify_result:
verifier = lambda method_name, args, kw, data, syndicate_data, rpc_result: api_call_verifier(
config, syndicate_public_key, method_name, data, syndicate_data,
rpc_result)
json_client = jsonrpc.Client(ms_url,
msconfig.JSON_MS_API_VERSION,
signer=signer,
verifier=verifier,
username=username,
password=password)
return json_client
