def display_ImageListInstance(self,imagelist):
smimeProcessor = smimeX509validation(self.x509anchor)
try:
smimeProcessor.Process(str(imagelist.data))
except smimeX509ValidationError,E:
self.log.error("Failed to validate text for '%s' produced error '%s'" % (imagelist,E))
return False
def display_ImageListInstance(self,imagelist):
smimeProcessor = smimeX509validation(self.x509anchor)
try:
smimeProcessor.Process(str(imagelist.data))
except smimeX509ValidationError,E:
self.log.error("Failed to validate text for '%s' produced error '%s'" % (imagelist,E))
return False
def checkmessage(self):
# hello
#print str(self.MatchMetadata)
now = datetime.datetime.utcnow()
smimeProcessor = smimeX509validation.smimeX509validation(self.anchor)
try:
smimeProcessor.Process(str(self.data))
except smimeX509validation.truststore.TrustStoreError, E:
self.log.error(E)
# Error code - failed to validate image list.
self.errorNo = 11
return
def checkmessage(self):
# hello
#print str(self.MatchMetadata)
now = datetime.datetime.utcnow()
smimeProcessor = smimeX509validation.smimeX509validation(self.anchor)
try:
smimeProcessor.Process(str(self.data))
except smimeX509validation.truststore.TrustStoreError,E:
self.log.error(E)
# Error code - failed to validate image list.
self.errorNo = 11
return
def subscribe_file(self, Session, inmetadata):
metadata_retriver = {}
metadata = {}
autoEndorse = False
if 'autoEndorse' in inmetadata:
if inmetadata["autoEndorse"] == True:
autoEndorse = inmetadata["autoEndorse"]
if 'filename' in inmetadata:
metadata["uri"] = inmetadata["filename"]
if 'trustAnchor' in inmetadata:
metadata["trustAnchor"] = inmetadata["trustAnchor"]
else:
metadata[u'il.transfer.protocol:trustAnchor'] = self.anchor
if 'userName' in inmetadata:
metadata["userName"] = inmetadata["userName"]
metadata[u'il.transfer.protocol:userName'] = inmetadata["userName"]
elif 'username' in inmetadata:
metadata["userName"] = inmetadata["username"]
metadata[u'il.transfer.protocol:userName'] = inmetadata["username"]
if 'password' in inmetadata:
metadata["password"] = inmetadata["password"]
metadata[u'il.transfer.protocol:password'] = inmetadata["password"]
#print inmetadata.keys()
if 'protocol' in inmetadata:
metadata["protocol"] = inmetadata["protocol"]
metadata[u'il.transfer.protocol'] = inmetadata["protocol"]
resultDict = self._retiver_uri(inmetadata)
rc = resultDict['code']
if rc != 0:
if 'error' in resultDict:
self.log.error("%s, while retrieving %s" %
(['error'], metadata["uri"]))
self.log.debug(resultDict)
else:
self.log.error("Download of uri '%s' failed." %
(metadata["uri"]))
if rc > 255:
return rc
else:
return 10
smimeProcessor = smimeX509validation.smimeX509validation(
metadata["trustAnchor"])
try:
smimeProcessor.Process(resultDict['responce'])
except smimeX509validation.truststore.TrustStoreError, E:
self.log.error("Validate text '%s' produced error '%s'" %
(metadata["uri"], E))
self.log.debug("Downloaded=%s" % (resultDict['responce']))
return False
def display_ImageListInstance(self,imagelist):
if imagelist.data == None:
self.log.warning("No imagelist found.")
return True
if self.x509anchor == None:
self.log.warning("No trust anchor found so can not decode.")
self.fpOutput.write (str(imagelist.data))
return True
smimeProcessor = smimeX509validation(self.x509anchor)
try:
smimeProcessor.Process(str(imagelist.data))
except smimeX509ValidationError,E:
self.log.error("Failed to validate text for '%s' produced error '%s'" % (imagelist,E))
return False
def subscribe_file(self,Session,inmetadata):
metadata_retriver = {}
metadata = {}
autoEndorse = False
if 'autoEndorse' in inmetadata:
if inmetadata["autoEndorse"] == True:
autoEndorse = inmetadata["autoEndorse"]
if 'filename' in inmetadata:
metadata["uri"] = inmetadata["filename"]
if 'trustAnchor' in inmetadata:
metadata["trustAnchor"] = inmetadata["trustAnchor"]
else:
metadata[u'il.transfer.protocol:trustAnchor'] = self.anchor
if 'userName' in inmetadata:
metadata["userName"] = inmetadata["userName"]
metadata[u'il.transfer.protocol:userName'] = inmetadata["userName"]
elif 'username' in inmetadata:
metadata["userName"] = inmetadata["username"]
metadata[u'il.transfer.protocol:userName'] = inmetadata["username"]
if 'password' in inmetadata:
metadata["password"] = inmetadata["password"]
metadata[u'il.transfer.protocol:password'] = inmetadata["password"]
#print inmetadata.keys()
if 'protocol' in inmetadata:
metadata["protocol"] = inmetadata["protocol"]
metadata[u'il.transfer.protocol'] = inmetadata["protocol"]
resultDict = self._retiver_uri(inmetadata)
rc = resultDict['code']
if rc != 0:
if 'error' in resultDict:
self.log.error("%s, while retrieving %s" % (['error'],metadata["uri"]))
self.log.debug(resultDict)
else:
self.log.error("Download of uri '%s' failed." % (metadata["uri"]))
if rc > 255:
return rc
else:
return 10
smimeProcessor = smimeX509validation.smimeX509validation(metadata["trustAnchor"])
try:
smimeProcessor.Process(resultDict['responce'])
except smimeX509validation.truststore.TrustStoreError,E:
self.log.error("Validate text '%s' produced error '%s'" % (metadata["uri"],E))
self.log.debug("Downloaded=%s" % (resultDict['responce']))
return False
def download_imagelist(self, imagelistUUID, flags):
Session = self.SessionFactory()
query_imagelist_uri = Session.query(model.ImagelistMetadata).\
filter(model.Imagelist.identifier == imagelistUUID).\
filter(model.Imagelist.id == model.ImagelistMetadata.fkImageList).\
filter(model.ImagelistMetadata.key == 'hv:uri')
if query_imagelist_uri.count() == 0:
self.log.warning('image list uri not found')
return True
uri = None
for item in query_imagelist_uri:
uri = item.value
if uri is None:
self.log.error('image list uri not found')
return True
content = downloader.downloader(uri)
if content is None:
self.log.error("Content is None.")
sys.exit(22)
anchor = smimeX509validation.LoadDirChainOfTrust("/etc/grid-security/certificates/")
smimeProcessor = smimeX509validation.smimeX509validation(anchor)
try:
dwonloader_responce = content["responce"]
except KeyError:
self.log.error("Retrive uri failed:'%s'" % (uri))
return False
try:
smimeProcessor.Process(dwonloader_responce)
except smimeX509validation.truststore.TrustStoreError as exp:
self.log.error("Validate text '%s' produced error '%s'" % (uri, exp))
self.log.debug("Downloaded=%s" % (content['responce']))
return False
except smimeX509validation.smimeX509ValidationError as exp:
self.log.error("Validate text '%s' produced error '%s'" % (uri, exp))
self.log.debug("Downloaded=%s" % (uri))
return False
if not smimeProcessor.verified:
self.log.error("Failed to verify text '%s'" % (content))
return False
try:
candidate = json.loads(smimeProcessor.InputDaraStringIO.getvalue())
except ValueError:
self.log.error("Failed to parse JSON.")
sys.exit(20)
if candidate is None:
self.log.error("No JSON content.")
sys.exit(21)
self.importer(candidate)
def main():
p = optparse.OptionParser()
p.add_option('-m', '--message', action ='append',
help='adds a message to be tested.')
p.add_option('-c', '--certs-dir', action ='store',
help='Path of certificates dir',
default='/etc/grid-security/certificates/')
options, arguments = p.parse_args()
if not os.path.isdir(options.certs_dir):
print ("Warning not a directory:%s" % (options.certs_dir))
sys.exit(1)
anchor = LoadDirChainOfTrust(options.certs_dir)
if options.message == None:
sys.exit(1)
else:
for item in options.message:
#print anchor.validate_file(item)
smimeProcessor = smimeX509validation(anchor)
smimeProcessor.ProcessFile(item)
print smimeProcessor.InputCertMetaDataList
print smimeProcessor.verified
print smimeProcessor.InputDaraStringIO.getvalue()
def checkmessage(self):
# hello
#print str(self.MatchMetadata)
now = datetime.datetime.utcnow()
smimeProcessor = smimeX509validation.smimeX509validation(self.anchor)
try:
smimeProcessor.Process(str(self.data))
except smimeX509validation.truststore.TrustStoreError as expt:
self.log.error(expt)
# Error code - failed to validate image list.
self.errorNo = 11
return
except smimeX509validation.smimeX509ValidationError as expt:
self.log.error(expt)
# Error code - failed to validate image list.
self.errorNo = 11
return
if not smimeProcessor.verified:
self.log.error("Failed to validate text")
self.errorNo = 11
return
data = smimeProcessor.InputDaraStringIO.getvalue()
self.subject = smimeProcessor.InputCertMetaDataList[0]['subject']
self.issuer = smimeProcessor.InputCertMetaDataList[0]['issuer']
jsonData = json.loads(data)
if jsonData == None:
self.log.error("Downlaoded data from was not valid JSON.")
self.errorNo = 37
return
vmilist = VMimageListDecoder(jsonData)
if vmilist == None:
self.log.error("Downlaoded metadata from was not valid image list Object.")
self.errorNo = 38
return
self.vmilist = vmilist
if vmilist.endorser.metadata[u'hv:dn'] != self.subject:
self.log.error("Endorser DN does not match signature for '%s'" (self.MatchMetadata[u'dc:identifier']))
self.log.info("Expected DN '%s'" % (vmilist.endorser.metadata[u'hv:dn']))
self.log.info("Downloaded DN '%s'" % (self.subject))
# Error code - metadata and certificate dont match.
self.errorNo = 12
return
if vmilist.endorser.metadata[u'hv:ca'] != self.issuer:
self.log.error("list hv:ca does not match signature for '%s'" % (self.MatchMetadata[u'dc:identifier']))
self.log.info("Expected CA '%s'" % (vmilist.endorser.metadata[u'hv:ca']))
self.log.info("Downloaded CA '%s'" % (self.issuer))
# Error code - metadata and certificate dont match.
self.errorNo = 12
return
if vmilist.metadata[u'hv:uri'] != self.MatchMetadata[u'hv:uri']:
self.log.warning("list hv:uri does not match subscription uri for '%s'" % (self.MatchMetadata[u'dc:identifier']))
self.log.info("Expected URI '%s'" % (self.MatchMetadata[u'hv:uri']))
self.log.info("Downloaded URI '%s'" % (vmilist.metadata[u'hv:uri']))
# # Error code - metadata and certificate dont match.
# self.errorNo = 12
# return
if vmilist.metadata[u'dc:identifier'] != self.MatchMetadata[u'dc:identifier']:
self.log.info("Expected identifier '%s'" % (self.MatchMetadata[u'dc:identifier']))
self.log.info("Downloaded identifier '%s'" % (vmilist.metadata[u'dc:identifier']))
# Error code - imagelist dc:identifier invalid.
self.errorNo = 31
return
now = datetime.datetime.utcnow()
if now < vmilist.metadata[u'dc:date:created']:
self.log.error("Image list '%s' has an invalid creation date as in the future." % (self.MatchMetadata[u'dc:identifier']))
self.errorNo = 33
return
if now > vmilist.metadata[u'dc:date:expires']:
self.log.warning("Downloaded image list '%s' has expired." % (self.MatchMetadata[u'dc:identifier']))
self.errorNo = 34
return
self.vmilist = vmilist
self.errorNo = 0
self.Json = jsonData
return
def subscribe_file(self,Session,inmetadata):
metadata_retriver = {}
metadata = {}
autoEndorse = False
if 'autoEndorse' in inmetadata:
if inmetadata["autoEndorse"] == True:
autoEndorse = inmetadata["autoEndorse"]
if 'filename' in inmetadata:
metadata["uri"] = inmetadata["filename"]
if 'trustAnchor' in inmetadata:
metadata["trustAnchor"] = inmetadata["trustAnchor"]
else:
metadata[u'il.transfer.protocol:trustAnchor'] = self.anchor
if 'userName' in inmetadata:
metadata["userName"] = inmetadata["userName"]
metadata[u'il.transfer.protocol:userName'] = inmetadata["userName"]
elif 'username' in inmetadata:
metadata["userName"] = inmetadata["username"]
metadata[u'il.transfer.protocol:userName'] = inmetadata["username"]
if 'password' in inmetadata:
metadata["password"] = inmetadata["password"]
metadata[u'il.transfer.protocol:password'] = inmetadata["password"]
#print inmetadata.keys()
if 'protocol' in inmetadata:
metadata["protocol"] = inmetadata["protocol"]
metadata[u'il.transfer.protocol'] = inmetadata["protocol"]
resultDict = self._retiver_uri(inmetadata)
rc = resultDict['code']
if rc != 0:
if 'error' in resultDict:
self.log.error("%s, while retrieving %s" % (['error'],metadata["uri"]))
self.log.debug(resultDict)
else:
self.log.error("Download of uri '%s' failed." % (metadata["uri"]))
if rc > 255:
return rc
else:
return 10
smimeProcessor = smimeX509validation.smimeX509validation(metadata["trustAnchor"])
try:
smimeProcessor.Process(resultDict['responce'])
except smimeX509validation.truststore.TrustStoreError as expt:
self.log.error("Validate text '%s' produced error '%s'" % (metadata["uri"], expt))
self.log.debug("Downloaded=%s" % (resultDict['responce']))
return False
except smimeX509validation.smimeX509ValidationError as expt:
self.log.error("Validate text '%s' produced error '%s'" % (metadata["uri"], expt))
self.log.debug("Downloaded=%s" % (resultDict['responce']))
return False
if not smimeProcessor.verified:
self.log.error("Failed to verify text '%s'" % (resultDict['uri']))
return False
jsontext = json.loads(smimeProcessor.InputDaraStringIO.getvalue())
if jsontext == None:
self.log.error("Message down loaded from '%s' was not valid JSON." % (resultDict['uri']))
self.log.debug("Downloaded=" % (jsontext))
return False
vmilist = VMimageListDecoder(jsontext)
if vmilist == None:
self.log.error("Failed to decode the json as an image list Object for '%s'." % (resultDict['uri']))
return False
if 'userName' in inmetadata:
metadata["userName"] = inmetadata["userName"]
metadata[u'il.transfer.protocol:userName'] = inmetadata["userName"]
if 'password' in inmetadata:
metadata["password"] = inmetadata["password"]
metadata[u'il.transfer.protocol:password'] = inmetadata["password"]
metadata.update(vmilist.metadata)
metadata.update(vmilist.endorser.metadata)
if u'dc:identifier' not in metadata.keys():
self.log.error('list dc:identifier does not found')
return False
if metadata[u'hv:dn'] != smimeProcessor.InputCertMetaDataList[0]['subject']:
self.log.error('Endorser DN does not match signature')
return False
if metadata[u'hv:ca'] != smimeProcessor.InputCertMetaDataList[0]['issuer']:
self.log.error('list hv:ca does not match signature')
return False
#if uriNormaliseAnonymous(metadata[u'hv:uri']) != uriNormaliseAnonymous(resultDict["uri"]):
# self.log.warning('list hv:uri does not match subscription uri')
# self.log.info('hv:uri=%s' % (metadata[u'hv:uri']))
# self.log.info('subscription uri=%s' % (resultDict['uri']))
db = db_actions(Session)
endorser_list = db.endorser_get(metadata)
if endorser_list.count() == 0:
if not autoEndorse:
self.log.error("Endorser '%s':'%s' was not found in database." % (metadata[u'hv:dn'],metadata[u'hv:ca']))
self.log.info("Use '--auto-endorse' to add endorser '%s':'%s' to subscription database." % (metadata[u'hv:dn'],metadata[u'hv:ca']))
return False
else:
# We can create an endorser.
newmetadata = dict(metadata)
newmetadata[u'dc:identifier'] = text_type(uuid.uuid4())
endorser_list = db.endorser_create(newmetadata)
self.log.warning("Endorser '%s':'%s' added to database." % (metadata[u'hv:dn'],metadata[u'hv:ca']))
if endorser_list.count() == 0:
self.log.error('Failed to create an authorised endorser in Database.')
return False
subscription_query = db.subscription_create(metadata,True)
if subscription_query.count() != 1:
self.log.error('Creation of Subscription reference failed.')
return False
subscription = subscription_query.one()
subscriptionKey = int(subscription.id)
failedToCreateImages = []
for imageReferance in vmilist.images:
# Now we create image definitions
metadata = {}
metadata.update(imageReferance.metadata)
metadata['cache'] = 0
ImageDefinition_query = db.ImageDefinition_create(subscriptionKey,metadata)
if ImageDefinition_query.count() != 1:
self.log.error('Creation of ImageDefinition referance failed.')
failedToCreateImages.append(imageReferance)
continue
if len(failedToCreateImages) > 0:
return False
return True