def __init__(self, certs_dir, server_common_name, client_common_name, expiration_days=1):
self.logger = logging.getLogger('NuclideCertificatesGenerator')
self._expiration_days = expiration_days
self._server_common_name = server_common_name
self._env = os.environ.copy()
# Set Subject Alternative Name.
if is_ip_address(server_common_name):
self._env[OPENSSL_SAN] = 'IP:%s' % server_common_name
else:
# Usually, we don't have to make the common name a SAN,
# but our openssl.cnf requires a value via $OPENSSL_SAN.
self._env[OPENSSL_SAN] = 'DNS.1:%s' % server_common_name
self._client_common_name = client_common_name
self.ca_key = tempfile.mktemp(dir=certs_dir, suffix='.ca.key', prefix='nuclide.')
# Get rid of '.ca.key'.
common_path = os.path.splitext(os.path.splitext(self.ca_key)[0])[0]
# Generate other file names.
self.ca_cert = common_path + '.ca.crt'
self.server_key = common_path + '.server.key'
# .csr file is intermediate.
self._server_csr = common_path + '.server.csr'
self.server_cert = common_path + '.server.crt'
self.client_key = common_path + '.client.key'
self._client_csr = common_path + '.client.csr'
self.client_cert = common_path + '.client.crt'
self.generate()
def __init__(self, certs_dir, server_common_name, client_common_name, expiration_days=1):
self.logger = logging.getLogger('NuclideCertificatesGenerator')
self._expiration_days = expiration_days
self._server_common_name = server_common_name
self._env = os.environ.copy()
if sys.platform == 'darwin':
# High Sierra comes with LibreSSL by default.
# /usr/local/opt/openssl/bin sometimes has OpenSSL instead.
self._env['PATH'] = os.pathsep.join([
'/usr/local/opt/openssl/bin',
self._env.get('PATH', ''),
])
# Set Subject Alternative Name.
if is_ip_address(server_common_name):
self._env[OPENSSL_SAN] = 'IP:%s' % server_common_name
else:
# Usually, we don't have to make the common name a SAN,
# but our openssl.cnf requires a value via $OPENSSL_SAN.
self._env[OPENSSL_SAN] = 'DNS.1:%s' % server_common_name
self._client_common_name = client_common_name
self.ca_key = tempfile.mktemp(dir=certs_dir, suffix='.ca.key', prefix='nuclide.')
# Get rid of '.ca.key'.
common_path = os.path.splitext(os.path.splitext(self.ca_key)[0])[0]
# Generate other file names.
self.ca_cert = common_path + '.ca.crt'
self.server_key = common_path + '.server.key'
# .csr file is intermediate.
self._server_csr = common_path + '.server.csr'
self.server_cert = common_path + '.server.crt'
self.client_key = common_path + '.client.key'
self._client_csr = common_path + '.client.csr'
self.client_cert = common_path + '.client.crt'
self.generate()
def __init__(self,
certs_dir,
server_common_name,
client_common_name,
expiration_days=1):
self._expiration_days = expiration_days
self._server_common_name = server_common_name
self._env = os.environ.copy()
# Set Subject Alternative Name.
if is_ip_address(server_common_name):
self._env[OPENSSL_SAN] = 'IP:%s' % server_common_name
else:
# Usually, we don't have to make the common name a SAN,
# but our openssl.cnf requires a value via $OPENSSL_SAN.
self._env[OPENSSL_SAN] = 'DNS.1:%s' % server_common_name
self._client_common_name = client_common_name
self.ca_key = tempfile.mktemp(dir=certs_dir,
suffix='.ca.key',
prefix='nuclide.')
# Get rid of '.ca.key'.
common_path = os.path.splitext(os.path.splitext(self.ca_key)[0])[0]
# Generate other file names.
self.ca_cert = common_path + '.ca.crt'
self.server_key = common_path + '.server.key'
# .csr file is intermediate.
self._server_csr = common_path + '.server.csr'
self.server_cert = common_path + '.server.crt'
self.client_key = common_path + '.client.key'
self._client_csr = common_path + '.client.csr'
self.client_cert = common_path + '.client.crt'
self.generate()
def execute(self, now=None):
# We use the call time to determine query parameters and for the
# remote storage location.
now = now or utcnow()
now = now.replace(tzinfo=utc)
self.last_poll = self.last_poll or now
ts = now.replace(minute=(now.minute // 10) * 10,
second=0,
microsecond=0)
# Check the saved configuration. If it's not complete, try to retrieve
# configuration from the server.
if not self._validate_configuration():
self._get_remote_configuration()
if not self._validate_configuration():
logging.error('Invalid configuration, could not start')
return
self.rewrite_urls = is_ip_address(self.server_name)
# Activate the pxGrid session
if not self._activate():
logging.warning('Activate request failed')
return
# Get the session service information
peer_node_name, base_url = self._lookup_service()
secret = self._get_secret(peer_node_name)
# Do the query (starting one tick after the last poll) and save the
# most recent timestamp for next time.
start_dt = self.last_poll + TICK_DELTA
sessions = self._query_sessions(base_url, start_dt, secret)
if not sessions:
logging.info('No sessions since %s', self.last_poll)
return
# Normalize the data and send it out
normalized_sessions = list(self._normalize_sessions(sessions))
if not normalized_sessions:
logging.info('No normalized sessions since %s', self.last_poll)
return
with NamedTemporaryFile() as f:
with GzipFile(fileobj=f) as gz_f:
writer = DictWriter(gz_f, fieldnames=OUTPUT_FIELDNAMES)
writer.writeheader()
writer.writerows(normalized_sessions)
f.flush()
remote_path = self.api.send_file(
SEND_FILE_TYPE,
f.name,
ts,
suffix='{:04}'.format(now.minute * 60 + now.second))
if remote_path is not None:
data = {
'timestamp': now.isoformat(),
'data_type': SENSORDATA_TYPE,
'data_path': remote_path,
}
self.api.send_signal(data_type='sensordata', data=data)
# Save the last poll time
self.last_poll = max(dt_parse(s['timestamp']) for s in sessions)