コード例 #1
0
ファイル: check_config.py プロジェクト: ibeex/zato
    def _on_server(self, args):
        
        repo_dir = join(self.config_dir, 'repo')
        server_conf = ConfigObj(join(repo_dir, 'server.conf'))

        cm = CryptoManager(priv_key_location=abspath(join(repo_dir, server_conf['crypto']['priv_key_location'])))
        cm.load_keys()
        
        engine_params = dict(server_conf['odb'].items())
        engine_params['extra'] = {}
        engine_params['pool_size'] = 1
        
        query = ping_queries[engine_params['engine']]
        
        session = create_pool(cm, engine_params)
        session.execute(query)
        session.close()
        
        if self.show_output:
            self.logger.info('SQL ODB connection OK')
        
        kvdb_config = Bunch(dict(server_conf['kvdb'].items()))
        kvdb = KVDB(None, kvdb_config, cm.decrypt)
        kvdb.init()
        
        kvdb.conn.info()
        kvdb.close()
        
        if self.show_output:
            self.logger.info('Redis connection OK')
コード例 #2
0
def set_initial_opaque_attrs(username, initial, opaque_attrs):

    # By default, opaque attributes are not set for user
    if opaque_attrs:
        opaque_attrs = loads(opaque_attrs)

        for attr in profile_attrs_opaque:
            initial[attr] = opaque_attrs.get(attr) or ''

    # Generate or use the existing TOTP key
    totp_key = initial.get('totp_key')
    if not totp_key:
        totp_key = pyotp.random_base32()
        initial['totp_key_label'] = 'Zato web-admin'
    else:
        cm = CryptoManager(secret_key=zato_settings.zato_secret_key)

        # TOTP key is always decrypted so we need to decrypt it here
        totp_key = cm.decrypt(totp_key)

        # .. same goes for its label
        initial['totp_key_label'] = cm.decrypt(initial['totp_key_label'])

    # Build the actual TOTP object for later use
    totp = pyotp.totp.TOTP(totp_key)

    # Update template data with TOTP information
    initial['totp_key'] = totp.secret
    initial['totp_key_provision_uri'] = totp.provisioning_uri(
        username, issuer_name=initial['totp_key_label'])
コード例 #3
0
ファイル: check_config.py プロジェクト: Adniel/zato
    def _on_server(self, args):
        
        repo_dir = join(self.config_dir, 'repo')
        server_conf = ConfigObj(join(repo_dir, 'server.conf'))

        cm = CryptoManager(priv_key_location=abspath(join(repo_dir, server_conf['crypto']['priv_key_location'])))
        cm.load_keys()
        
        engine_params = dict(server_conf['odb'].items())
        engine_params['extra'] = {}
        engine_params['pool_size'] = 1
        
        query = ping_queries[engine_params['engine']]
        
        session = create_pool(cm, engine_params)
        session.execute(query)
        session.close()
        
        if self.show_output:
            self.logger.info('SQL ODB connection OK')
        
        kvdb_config = Bunch(dict(server_conf['kvdb'].items()))
        kvdb = KVDB(None, kvdb_config, cm.decrypt)
        kvdb.init()
        
        kvdb.conn.info()
        kvdb.close()
        
        if self.show_output:
            self.logger.info('Redis connection OK')
コード例 #4
0
ファイル: test_crypto.py プロジェクト: Adniel/zato
 def test_enrypt(self):
     """ Encrypt a message using the public key.
     """
     _plain_text = uuid4().hex
     
     with NamedTemporaryFile(prefix='zato-test-') as tf_priv:
         with NamedTemporaryFile(prefix='zato-test-') as tf_pub:
             
             tf_priv.write(priv_key)
             tf_priv.flush()
             
             tf_pub.write(pub_key)
             tf_pub.flush()
             
             cm_priv = CryptoManager()
             cm_priv.priv_key_location = tf_priv.name
             cm_priv.load_keys()
             
             cm_pub = CryptoManager()
             cm_pub.pub_key_location = tf_pub.name
             cm_pub.load_keys()
             
             encrypted = cm_pub.encrypt(_plain_text)
             decrypted = cm_priv.decrypt(encrypted)
             
             eq_(_plain_text, decrypted)
コード例 #5
0
ファイル: service.py プロジェクト: barowski/zato
    def execute(self, args):

        repo_dir = os.path.join(os.path.abspath(os.path.join(self.original_dir, args.path)), 'config', 'repo')
        config = get_config(repo_dir, 'server.conf')
        priv_key_location = os.path.abspath(os.path.join(repo_dir, config.crypto.priv_key_location))
        
        cm = CryptoManager(priv_key_location=priv_key_location)
        cm.load_keys()
        
        engine_args = Bunch()
        engine_args.odb_type = config.odb.engine
        engine_args.odb_user = config.odb.username
        engine_args.odb_password = cm.decrypt(config.odb.password)
        engine_args.odb_host = config.odb.host
        engine_args.odb_db_name = config.odb.db_name
        
        engine = self._get_engine(engine_args)
        session = self._get_session(engine)
        
        auth = None
        headers = {}
        
        with closing(session) as session:
            cluster = session.query(Server).\
                filter(Server.token == config.main.token).\
                one().cluster
            
            channel = session.query(HTTPSOAP).\
                filter(HTTPSOAP.cluster_id == cluster.id).\
                filter(HTTPSOAP.url_path == args.url_path).\
                one()
            
            if channel.security_id:
                security = session.query(HTTPBasicAuth).\
                    filter(HTTPBasicAuth.id == channel.security_id).\
                    first()
                
                if security:
                    auth = (security.username, security.password)
                    
        if args.headers:
            for pair in args.headers.strip().split(';'):
                k, v = pair.strip().split('=', 1)
                headers[k] = v
                    
        client = AnyServiceInvoker('http://{}'.format(config.main.gunicorn_bind), args.url_path, auth,
            max_response_repr=int(args.max_response_repr), max_cid_repr=int(args.max_cid_repr))
        
        func = client.invoke_async if args.async else client.invoke
        response = func(args.name, args.payload, headers, args.channel, args.data_format, args.transport)
        
        if response.ok:
            self.logger.info(response.data or '(None)')
        else:
            self.logger.error(response.details)
            
        if args.verbose:
            self.logger.debug('inner.text:[{}]'.format(response.inner.text))
            self.logger.debug('response:[{}]'.format(response))
コード例 #6
0
ファイル: util.py プロジェクト: lanwan/zato
def get_crypto_manager_from_server_config(config, repo_dir):

    priv_key_location = os.path.abspath(os.path.join(repo_dir, config.crypto.priv_key_location))

    cm = CryptoManager(priv_key_location=priv_key_location)
    cm.load_keys()

    return cm
コード例 #7
0
ファイル: util.py プロジェクト: bharathi26/zato
def get_crypto_manager_from_server_config(config, repo_dir):

    priv_key_location = os.path.abspath(os.path.join(repo_dir, config.crypto.priv_key_location))

    cm = CryptoManager(priv_key_location=priv_key_location)
    cm.load_keys()

    return cm
コード例 #8
0
ファイル: test_crypto.py プロジェクト: Adniel/zato
 def xtest_decrypt_priv_key_in_string(self):
     """ Decrypt a message using a private key from string.
     """
     cm = CryptoManager()
     cm.priv_key = priv_key
     cm.load_keys()
     
     eq_(plain_text, cm.decrypt(secret))
コード例 #9
0
ファイル: test_crypto.py プロジェクト: systamonster/zato
    def xtest_reset(self):
        """ Resets all keys to None.
        """
        cm = CryptoManager()
        cm.reset()

        eq_(cm.priv_key_location, None)
        eq_(cm.pub_key_location, None)
        eq_(cm.priv_key, None)
        eq_(cm.pub_key, None)
コード例 #10
0
ファイル: test_crypto.py プロジェクト: Adniel/zato
 def xtest_reset(self):
     """ Resets all keys to None.
     """
     cm = CryptoManager()
     cm.reset()
     
     eq_(cm.priv_key_location, None)
     eq_(cm.pub_key_location, None)
     eq_(cm.priv_key, None)
     eq_(cm.pub_key, None)
コード例 #11
0
ファイル: crypto.py プロジェクト: whaker/zato
    def _update_crypto(
            self, args, copy_crypto_func, update_secrets=False, load_secrets_func=None,
            store_secrets_func=None, conf_file_name=None, priv_key_name=None, pub_key_name=None, secret_names=[]):

        repo_dir = os.path.join(os.path.abspath(os.path.join(self.original_dir, args.path)), 'config', 'repo')
        secrets = {}

        if update_secrets:
            priv_key_location = os.path.abspath(os.path.join(repo_dir, priv_key_name))
            pub_key_location = os.path.abspath(os.path.join(repo_dir, pub_key_name))
            conf_location = os.path.join(repo_dir, conf_file_name)

            cm = CryptoManager(priv_key_location=priv_key_location)
            cm.load_keys()

            secrets, conf = load_secrets_func(secrets, secret_names, cm, conf_location, conf_file_name)

        copy_crypto_func(repo_dir, args)

        if update_secrets:
            cm.reset()
            cm.pub_key_location = pub_key_location
            cm.load_keys()

            store_secrets_func(secrets, secret_names, cm, conf_location, conf)
コード例 #12
0
ファイル: check_config.py プロジェクト: assad2012/zato
    def _on_server(self, args):

        repo_dir = join(self.config_dir, 'repo')
        server_conf = ConfigObj(join(repo_dir, 'server.conf'))

        cm = CryptoManager(priv_key_location=abspath(join(repo_dir, server_conf['crypto']['priv_key_location'])))
        cm.load_keys()

        self.on_server_check_sql_odb(cm, server_conf, repo_dir)
        self.on_server_check_kvdb(cm, server_conf)
        self.on_server_check_stale_unix_socket()
コード例 #13
0
ファイル: util.py プロジェクト: m0rcq/zato
def decrypt(data, priv_key, b64=True):
    """ Decrypts data using the given private key.
    data - data to be encrypted
    priv_key - private key to use (as a PEM string)
    b64 - should the data be BASE64-decoded before being decrypted, defaults to True
    """

    cm = CryptoManager(priv_key=priv_key)
    cm.load_keys()

    return cm.decrypt(data, b64)
コード例 #14
0
ファイル: util.py プロジェクト: grenzi/ctakes_exploration
def decrypt(data, priv_key, b64=True):
    """ Decrypts data using the given private key.
    data - data to be encrypted
    priv_key - private key to use (as a PEM string)
    b64 - should the data be BASE64-decoded before being decrypted, defaults to True
    """

    cm = CryptoManager(priv_key=priv_key)
    cm.load_keys()

    return cm.decrypt(data, b64)
コード例 #15
0
ファイル: util.py プロジェクト: grenzi/ctakes_exploration
def encrypt(data, priv_key, b64=True):
    """ Encrypt data using a public key derived from the private key.
    data - data to be encrypted
    priv_key - private key to use (as a PEM string)
    b64 - should the encrypted data be BASE64-encoded before being returned, defaults to True
    """

    cm = CryptoManager(priv_key=priv_key)
    cm.load_keys()

    return cm.encrypt(data, b64)
コード例 #16
0
ファイル: util.py プロジェクト: m0rcq/zato
def encrypt(data, priv_key, b64=True):
    """ Encrypt data using a public key derived from the private key.
    data - data to be encrypted
    priv_key - private key to use (as a PEM string)
    b64 - should the encrypted data be BASE64-encoded before being returned, defaults to True
    """

    cm = CryptoManager(priv_key=priv_key)
    cm.load_keys()

    return cm.encrypt(data, b64)
コード例 #17
0
ファイル: test_crypto.py プロジェクト: Adniel/zato
 def xtest_decrypt_priv_key_in_file(self):
     """ Decrypt a message using a private key from file.
     """
     with NamedTemporaryFile(prefix='zato-test-') as tf:
         tf.write(priv_key)
         tf.flush()
         
         cm = CryptoManager()
         cm.priv_key_location = tf.name
         cm.load_keys()
         
         eq_(plain_text, cm.decrypt(secret))
コード例 #18
0
    def get_crypto_manager_conf(self, conf_file=None, priv_key_location=None, repo_dir=None):
        repo_dir = repo_dir or join(self.config_dir, 'repo')
        conf = None

        if not priv_key_location:
            conf = ConfigObj(join(repo_dir, conf_file))
            priv_key_location = priv_key_location or abspath(join(repo_dir, conf['crypto']['priv_key_location']))

        cm = CryptoManager(priv_key_location=priv_key_location)
        cm.load_keys()

        return cm, conf
コード例 #19
0
ファイル: util.py プロジェクト: barowski/zato
def encrypt(data, pub_key, padding=RSA.pkcs1_padding, b64=True):
    """ Encrypt data using the given public key.
    data - data to be encrypted
    pub_key - public key to use (as a PEM string)
    padding - padding to use, defaults to PKCS#1
    b64 - should the encrypted data be BASE64-encoded before being returned, defaults to True
    """
    logger.debug('Using pub_key:[{}]'.format(pub_key))
    
    cm = CryptoManager(pub_key=pub_key)
    cm.load_keys()
    
    return cm.encrypt(data, padding, b64)
コード例 #20
0
ファイル: util.py プロジェクト: saulm/zato
def decrypt(data, priv_key, padding=RSA.pkcs1_padding, b64=True):
    """ Decrypts data using the given private key.
    data - data to be encrypted
    priv_key - private key to use (as a PEM string)
    padding - padding to use, defaults to PKCS#1
    b64 - should the data be BASE64-decoded before being decrypted, defaults to True
    """
    logger.debug('Using priv_key:[{}]'.format(priv_key))

    cm = CryptoManager(priv_key=priv_key)
    cm.load_keys()

    return cm.decrypt(data, padding, b64)
コード例 #21
0
ファイル: util.py プロジェクト: barowski/zato
def decrypt(data, priv_key, padding=RSA.pkcs1_padding, b64=True):
    """ Decrypts data using the given private key.
    data - data to be encrypted
    priv_key - private key to use (as a PEM string)
    padding - padding to use, defaults to PKCS#1
    b64 - should the data be BASE64-decoded before being decrypted, defaults to True
    """
    logger.debug('Using priv_key:[{}]'.format(priv_key))
    
    cm = CryptoManager(priv_key=priv_key)
    cm.load_keys()
    
    return cm.decrypt(data, padding, b64)
コード例 #22
0
ファイル: util.py プロジェクト: saulm/zato
def encrypt(data, pub_key, padding=RSA.pkcs1_padding, b64=True):
    """ Encrypt data using the given public key.
    data - data to be encrypted
    pub_key - public key to use (as a PEM string)
    padding - padding to use, defaults to PKCS#1
    b64 - should the encrypted data be BASE64-encoded before being returned, defaults to True
    """
    logger.debug('Using pub_key:[{}]'.format(pub_key))

    cm = CryptoManager(pub_key=pub_key)
    cm.load_keys()

    return cm.encrypt(data, padding, b64)
コード例 #23
0
ファイル: crypto.py プロジェクト: Aayush-Kasurde/zato
 def _update_crypto(
         self, args, copy_crypto_func, update_secrets=False, load_secrets_func=None,
         store_secrets_func=None, conf_file_name=None, priv_key_name=None, pub_key_name=None, secret_names=[]):
     
     repo_dir = os.path.join(os.path.abspath(os.path.join(self.original_dir, args.path)), 'config', 'repo')
     secrets = {}
     
     if update_secrets:
         priv_key_location = os.path.abspath(os.path.join(repo_dir, priv_key_name))
         pub_key_location = os.path.abspath(os.path.join(repo_dir, pub_key_name))
         conf_location = os.path.join(repo_dir, conf_file_name)
         
         cm = CryptoManager(priv_key_location=priv_key_location)
         cm.load_keys()
         
         secrets, conf = load_secrets_func(secrets, secret_names, cm, conf_location, conf_file_name)
         
     copy_crypto_func(repo_dir, args)
     
     if update_secrets:
         cm.reset()
         cm.pub_key_location = pub_key_location
         cm.load_keys()
         
         store_secrets_func(secrets, secret_names, cm, conf_location, conf)
コード例 #24
0
ファイル: check_config.py プロジェクト: alex-hutton/zato
    def _on_server(self, args):

        repo_dir = join(self.config_dir, 'repo')
        server_conf = ConfigObj(join(repo_dir, 'server.conf'))

        cm = CryptoManager(priv_key_location=abspath(join(repo_dir, server_conf['crypto']['priv_key_location'])))
        cm.load_keys()

        self.on_server_check_sql_odb(cm, server_conf, repo_dir)
        self.on_server_check_kvdb(cm, server_conf)

        # enmasse actually needs a sockets because it means a server is running
        # so we can't quit if one is available.
        if getattr(args, 'check_stale_server_sockets', True):
            self.on_server_check_stale_unix_socket()
コード例 #25
0
ファイル: sso.py プロジェクト: dangnammta/zato
    def _get_sso_config(self, args, repo_location, secrets_conf):
        # type: (Namespace, unicode, Bunch) -> UserAPI
        sso_conf = get_config(repo_location,
                              'sso.conf',
                              needs_user_config=False)
        normalize_password_reject_list(sso_conf)

        crypto_manager = CryptoManager.from_secret_key(
            secrets_conf.secret_keys.key1)
        crypto_manager.add_hash_scheme('sso.super-user',
                                       sso_conf.hash_secret.rounds,
                                       sso_conf.hash_secret.salt_size)

        server_conf = get_config(repo_location,
                                 'server.conf',
                                 needs_user_config=False,
                                 crypto_manager=crypto_manager,
                                 secrets_conf=secrets_conf)

        def _get_session():
            return self.get_odb_session_from_server_config(server_conf, None)

        def _hash_secret(_secret):
            return crypto_manager.hash_secret(_secret, 'sso.super-user')

        return UserAPI(None, sso_conf, _get_session, crypto_manager.encrypt,
                       crypto_manager.decrypt, _hash_secret, None, new_user_id)
コード例 #26
0
    def get_crypto_manager_conf(self,
                                conf_file=None,
                                priv_key_location=None,
                                repo_dir=None):
        repo_dir = repo_dir or join(self.config_dir, 'repo')
        conf = None

        if not priv_key_location:
            conf = ConfigObj(join(repo_dir, conf_file))
            priv_key_location = priv_key_location or abspath(
                join(repo_dir, conf['crypto']['priv_key_location']))

        cm = CryptoManager(priv_key_location=priv_key_location)
        cm.load_keys()

        return cm, conf
コード例 #27
0
ファイル: sso.py プロジェクト: dangnammta/zato
    def _on_sso_command(self, args, user, user_api):
        # type: (Namespace, SSOUser, UserAPI)

        if user_api.get_user_by_username('', args.username):
            self.logger.warn('User already exists `%s`', args.username)
            return self.SYS_ERROR.USER_EXISTS

        try:
            user_api.validate_password(args.password)
        except ValidationError as e:
            self.logger.warn('Password validation error, reason code:`%s`',
                             ', '.join(e.sub_status))
            return self.SYS_ERROR.VALIDATION_ERROR

        data = Bunch()
        data.username = args.username
        data.email = args.email or b''
        data.display_name = args.display_name or b''
        data.first_name = args.first_name or b''
        data.middle_name = args.middle_name or b''
        data.last_name = args.last_name or b''
        data.password = args.password
        data.sign_up_confirm_token = 'cli.{}'.format(
            CryptoManager.generate_secret())
        data.is_rate_limit_active = False
        data.rate_limit_def = None
        data.rate_limit_type = None
        data.rate_limit_check_parent_def = False

        func = getattr(user_api, self.create_func)
        func(_cid, data, require_super_user=False, auto_approve=True)

        self.logger.info('Created %s `%s`', self.user_type, data.username)
コード例 #28
0
 def _on_sso_command(self, args, user, user_api):
     new_password = CryptoManager.generate_password()
     user_api.set_password('cli', user.user_id, new_password,
                           args.must_change, args.expiry, _current_app,
                           _current_host)
     self.logger.info('Password for user `%s` reset to `%s`', args.username,
                      new_password)
コード例 #29
0
    def _on_server(self, args):

        repo_dir = join(self.config_dir, 'repo')
        server_conf = ConfigObj(join(repo_dir, 'server.conf'))

        cm = CryptoManager(priv_key_location=abspath(
            join(repo_dir, server_conf['crypto']['priv_key_location'])))
        cm.load_keys()

        self.on_server_check_sql_odb(cm, server_conf, repo_dir)
        self.on_server_check_kvdb(cm, server_conf)

        # enmasse actually needs a sockets because it means a server is running
        # so we can't quit if one is available.
        if getattr(args, 'check_stale_server_sockets', True):
            self.on_server_check_stale_unix_socket()
コード例 #30
0
    def _on_web_admin(self, args):
        """Load ODB using component config and update security definition."""
        config_file = join(self.config_dir, 'repo', 'web-admin.conf')

        with open(config_file) as fp:
            c = bunchify(load(fp))

        private_key = join(self.config_dir, 'repo', 'web-admin-priv-key.pem')
        cm = CryptoManager(priv_key_location=private_key)
        cm.load_keys()
        db_password = cm.decrypt(c.DATABASE_PASSWORD)

        engine_url = "%s://%s:%s@%s:%s/%s" % (
            c.db_type,
            c.DATABASE_USER,
            db_password,
            c.DATABASE_HOST,
            c.DATABASE_PORT,
            c.DATABASE_NAME)

        engine = sqlalchemy.create_engine(engine_url)
        session = self._get_session(engine)

        if engine.dialect.has_table(engine.connect(), 'sec_basic_auth'):
            try:
                secdef = session.query(HTTPBasicAuth).filter(
                    HTTPBasicAuth.name == args.secdef).one()
            except sqlalchemy.orm.exc.NoResultFound:
                self.logger.error(
                    "Security definition '%s' not found.", args.secdef)
                return 1

            self.logger.info("Security definition: %s" % secdef.name)
            self.logger.info("Username: %s" % secdef.username)
            self.logger.info("Old password: %s" % secdef.password)
            self.logger.info("Setting new password.")
            secdef.password = args.password
            session.commit()
            self.logger.info('OK')
        else:
            msg = "Zato ODB does not seem to have been set up yet."
            self.logger.error(msg)
            return self.SYS_ERROR.NO_ODB_FOUND
コード例 #31
0
ファイル: util.py プロジェクト: dangnammta/zato
def set_user_profile_totp_key(user_profile,
                              zato_secret_key,
                              totp_key,
                              totp_key_label=None,
                              opaque_attrs=None):

    if not opaque_attrs:
        opaque_attrs = user_profile.opaque1
        opaque_attrs = loads(opaque_attrs) if opaque_attrs else {}

    cm = CryptoManager(secret_key=zato_secret_key)

    # TOTP key is always encrypted
    totp_key = cm.encrypt(totp_key.encode('utf8'))
    opaque_attrs['totp_key'] = totp_key

    # .. and so is its label
    if totp_key_label:
        totp_key_label = cm.encrypt(totp_key_label.encode('utf8'))
        opaque_attrs['totp_key_label'] = totp_key_label

    return opaque_attrs
コード例 #32
0
    def _on_web_admin(self, args):
        """Load ODB using component config and update security definition."""
        config_file = join(self.config_dir, 'repo', 'web-admin.conf')

        with open(config_file) as fp:
            c = bunchify(load(fp))

        private_key = join(self.config_dir, 'repo', 'web-admin-priv-key.pem')
        cm = CryptoManager(priv_key_location=private_key)
        cm.load_keys()
        db_password = cm.decrypt(c.DATABASE_PASSWORD)

        engine_url = "%s://%s:%s@%s:%s/%s" % (c.db_type, c.DATABASE_USER,
                                              db_password, c.DATABASE_HOST,
                                              c.DATABASE_PORT, c.DATABASE_NAME)

        engine = sqlalchemy.create_engine(engine_url)
        session = self._get_session(engine)

        if engine.dialect.has_table(engine.connect(), 'sec_basic_auth'):
            try:
                secdef = session.query(HTTPBasicAuth).filter(
                    HTTPBasicAuth.name == args.secdef).one()
            except sqlalchemy.orm.exc.NoResultFound:
                self.logger.error("Security definition '%s' not found.",
                                  args.secdef)
                return 1

            self.logger.info("Security definition: %s" % secdef.name)
            self.logger.info("Username: %s" % secdef.username)
            self.logger.info("Old password: %s" % secdef.password)
            self.logger.info("Setting new password.")
            secdef.password = args.password
            session.commit()
            self.logger.info('OK')
        else:
            msg = "Zato ODB does not seem to have been set up yet."
            self.logger.error(msg)
            return self.SYS_ERROR.NO_ODB_FOUND
コード例 #33
0
ファイル: test_crypto.py プロジェクト: systamonster/zato
    def xtest_decrypt_priv_key_in_string(self):
        """ Decrypt a message using a private key from string.
        """
        cm = CryptoManager()
        cm.priv_key = priv_key
        cm.load_keys()

        eq_(plain_text, cm.decrypt(secret))
コード例 #34
0
ファイル: crypto.py プロジェクト: whaker/zato
    def execute(self, args):
        goal = round(float(args.goal), 2)

        if args.json or args.rounds_only:
            header_func, progress_func, footer_func = None, None, None
        else:
            header_func, progress_func, footer_func = self.header_func, self.progress_func, self.footer_func

        info = CryptoManager.get_hash_rounds(goal, header_func, progress_func, footer_func)

        if args.json:
            self.logger.info(anyjson.dumps(info))
        elif args.rounds_only:
            self.logger.info(info['rounds'])
コード例 #35
0
    def _login_super_user(self):
        response = self.post(
            '/zato/sso/user/login', {
                'username':
                Config.super_user_name,
                'password':
                Config.super_user_password,
                'totp_code':
                CryptoManager.get_current_totp_code(
                    Config.super_user_totp_key),
            })
        self.ctx.super_user_ust = response.ust

        response = self.get('/zato/sso/user', {
            'ust': self.ctx.super_user_ust,
        })
        self.ctx.super_user_id = response.user_id
コード例 #36
0
ファイル: test_crypto.py プロジェクト: systamonster/zato
    def xtest_decrypt_priv_key_in_file(self):
        """ Decrypt a message using a private key from file.
        """
        with NamedTemporaryFile(prefix='zato-test-') as tf:
            tf.write(priv_key)
            tf.flush()

            cm = CryptoManager()
            cm.priv_key_location = tf.name
            cm.load_keys()

            eq_(plain_text, cm.decrypt(secret))
コード例 #37
0
ファイル: server.py プロジェクト: xulong2005/zato
    def __init__(self, config, repo_location):
        self.odb = config.odb
        self.config = config
        self.repo_location = repo_location
        self.sql_pool_store = PoolStore()

        # Set up the crypto manager that will be used by both ODB and, possibly, KVDB
        self.config.crypto_manager = get_crypto_manager(
            self.repo_location,
            None,
            config.main,
            crypto_manager=CryptoManager())

        # ODB connection
        self.odb = ODBManager()

        if self.config.main.odb.engine != 'sqlite':
            self.config.main.odb.password = self.config.crypto_manager.decrypt(
                config.main.odb.password)
            self.config.main.odb.host = config.main.odb.host
            self.config.main.odb.pool_size = config.main.odb.pool_size
            self.config.main.odb.username = config.main.odb.username

        self.sql_pool_store[ZATO_ODB_POOL_NAME] = self.config.main.odb

        main = self.config.main

        if main.crypto.use_tls:
            priv_key, cert = main.crypto.priv_key_location, main.crypto.cert_location
        else:
            priv_key, cert = None, None

        # API server
        self.api_server = WSGIServer((main.bind.host, int(main.bind.port)),
                                     self,
                                     keyfile=priv_key,
                                     certfile=cert)

        self.odb.pool = self.sql_pool_store[ZATO_ODB_POOL_NAME].pool
        self.odb.init_session(ZATO_ODB_POOL_NAME, self.config.main.odb,
                              self.odb.pool, False)
        self.config.odb = self.odb

        # Scheduler
        self.scheduler = Scheduler(self.config)
コード例 #38
0
def get_totp_info_from_args(args, default_key_label=TOTP.default_label):
    """ Returns a key and its label extracted from command line arguments
    or auto-generates a new pair if they are missing in args.
    """
    # type: (Namespace, unicode) -> (unicode, unicode)

    # If there was a key given on input, we need to validate it,
    # this report an erorr if the key cannot be used.
    if args.key:
        totp = pyotp.TOTP(args.key)
        totp.now()

        # If we are here, it means that the key was valid
        key = args.key
    else:
        key = CryptoManager.generate_totp_key()

    return key, args.key_label if args.key_label else default_key_label
コード例 #39
0
ファイル: test_login_totp.py プロジェクト: dangnammta/zato
    def test_user_login_totp_valid(self):

        self.patch(
            '/zato/sso/user', {
                'ust': self.ctx.super_user_ust,
                'is_totp_enabled': True,
                'totp_key': self.ctx.config.super_user_totp_key,
            })

        response = self.post(
            '/zato/sso/user/login', {
                'username':
                self.ctx.config.super_user_name,
                'password':
                self.ctx.config.super_user_password,
                'totp_code':
                CryptoManager.get_current_totp_code(
                    self.ctx.config.super_user_totp_key),
            })

        self.assertIsNotNone(response.ust)
コード例 #40
0
ファイル: crypto.py プロジェクト: whaker/zato
 def execute(self, args):
     self.logger.info(CryptoManager.generate_key())
コード例 #41
0
ファイル: crypto.py プロジェクト: junneyang/zato
    def execute(self, args):
        cm = CryptoManager(priv_key_location=os.path.abspath(args.path))
        cm.load_keys()

        self.logger.info('Secret is [{}]'.format(cm.decrypt(args.secret)))
コード例 #42
0
ファイル: crypto.py プロジェクト: junneyang/zato
    def execute(self, args):
        cm = CryptoManager(pub_key_location=os.path.abspath(args.path))
        cm.load_keys()

        self.logger.info('Encrypted value is [{}]'.format(
            cm.encrypt(args.secret)))
コード例 #43
0
    def execute(self, args):
        """ Quickly creates Zato components
        1) CA and crypto material
        2) ODB
        3) ODB initial data
        4) servers
        5) load-balancer
        6) Web admin
        7) Scheduler
        8) Scripts
        """

        if args.odb_type == 'sqlite':
            args.sqlite_path = os.path.abspath(
                os.path.join(args.path, 'zato.db'))
        '''
        cluster_id_args = Bunch()
        cluster_id_args.odb_db_name = args.odb_db_name
        cluster_id_args.odb_host = args.odb_host
        cluster_id_args.odb_password = args.odb_password
        cluster_id_args.odb_port = args.odb_port
        cluster_id_args.odb_type = args.odb_type
        cluster_id_args.odb_user = args.odb_user
        cluster_id_args.postgresql_schema = args.postgresql_schema
        cluster_id_args.sqlite_path = args.sqlite_path
        '''

        next_step = count(1)
        next_port = count(http_plain_server_port)
        cluster_name = getattr(args, 'cluster_name',
                               None) or 'quickstart-{}'.format(
                                   random.getrandbits(20)).zfill(7)
        servers = int(getattr(args, 'servers', 0) or DEFAULT_NO_SERVERS)

        server_names = OrderedDict()
        for idx in range(1, servers + 1):
            server_names['{}'.format(idx)] = 'server{}'.format(idx)

        total_steps = 7 + servers
        admin_invoke_password = uuid4().hex
        broker_host = 'localhost'
        broker_port = 6379
        lb_host = 'localhost'
        lb_port = 11223
        lb_agent_port = 20151

        args_path = os.path.abspath(args.path)

        # This could've been set to True by user in the command-line so we'd want
        # to unset it so that individual commands quickstart invokes don't attempt
        # to store their own configs.
        args.store_config = False

        # ################################################################################################################################

        #
        # 1) CA
        #
        ca_path = os.path.join(args_path, 'ca')
        os.mkdir(ca_path)

        ca_args = self._bunch_from_args(args, cluster_name)
        ca_args.path = ca_path

        ca_create_ca.Create(ca_args).execute(ca_args, False)
        ca_create_lb_agent.Create(ca_args).execute(ca_args, False)
        ca_create_web_admin.Create(ca_args).execute(ca_args, False)
        ca_create_scheduler.Create(ca_args).execute(ca_args, False)

        server_crypto_loc = {}

        for name in server_names:
            ca_args_server = deepcopy(ca_args)
            ca_args_server.server_name = server_names[name]
            ca_create_server.Create(ca_args_server).execute(
                ca_args_server, False)
            server_crypto_loc[name] = CryptoMaterialLocation(
                ca_path, '{}-{}'.format(cluster_name, server_names[name]))

        lb_agent_crypto_loc = CryptoMaterialLocation(ca_path, 'lb-agent')
        web_admin_crypto_loc = CryptoMaterialLocation(ca_path, 'web-admin')
        scheduler_crypto_loc = CryptoMaterialLocation(ca_path, 'scheduler1')

        self.logger.info('[{}/{}] Certificate authority created'.format(
            next_step.next(), total_steps))

        # ################################################################################################################################

        #
        # 2) ODB
        #
        if create_odb.Create(args).execute(args,
                                           False) == self.SYS_ERROR.ODB_EXISTS:
            self.logger.info('[{}/{}] ODB schema already exists'.format(
                next_step.next(), total_steps))
        else:
            self.logger.info('[{}/{}] ODB schema created'.format(
                next_step.next(), total_steps))

# ################################################################################################################################

#
# 3) ODB initial data
#
        create_cluster_args = self._bunch_from_args(args, cluster_name)
        create_cluster_args.broker_host = broker_host
        create_cluster_args.broker_port = broker_port
        create_cluster_args.lb_host = lb_host
        create_cluster_args.lb_port = lb_port
        create_cluster_args.lb_agent_port = lb_agent_port
        create_cluster_args.admin_invoke_password = admin_invoke_password
        create_cluster.Create(create_cluster_args).execute(
            create_cluster_args, False)

        self.logger.info('[{}/{}] ODB initial data created'.format(
            next_step.next(), total_steps))

        # ################################################################################################################################

        #
        # 4) servers
        #

        # Must be shared by all servers
        jwt_secret = Fernet.generate_key()
        secret_key = Fernet.generate_key()

        for idx, name in enumerate(server_names):
            server_path = os.path.join(args_path, server_names[name])
            os.mkdir(server_path)

            create_server_args = self._bunch_from_args(args, cluster_name)
            create_server_args.server_name = server_names[name]
            create_server_args.path = server_path
            create_server_args.cert_path = server_crypto_loc[name].cert_path
            create_server_args.pub_key_path = server_crypto_loc[name].pub_path
            create_server_args.priv_key_path = server_crypto_loc[
                name].priv_path
            create_server_args.ca_certs_path = server_crypto_loc[
                name].ca_certs_path
            create_server_args.jwt_secret = jwt_secret
            create_server_args.secret_key = secret_key

            server_id = create_server.Create(create_server_args).execute(
                create_server_args, next_port.next(), False, True)

            # We make the first server a delivery server for sample pub/sub topics.
            if idx == 0:
                self._set_pubsub_server(args, server_id, cluster_name,
                                        '/zato/demo/sample')

            self.logger.info('[{}/{}] server{} created'.format(
                next_step.next(), total_steps, name))

# ################################################################################################################################

#
# 5) load-balancer
#
        lb_path = os.path.join(args_path, 'load-balancer')
        os.mkdir(lb_path)

        create_lb_args = self._bunch_from_args(args, cluster_name)
        create_lb_args.path = lb_path
        create_lb_args.cert_path = lb_agent_crypto_loc.cert_path
        create_lb_args.pub_key_path = lb_agent_crypto_loc.pub_path
        create_lb_args.priv_key_path = lb_agent_crypto_loc.priv_path
        create_lb_args.ca_certs_path = lb_agent_crypto_loc.ca_certs_path

        # Need to substract 1 because we've already called .next() twice
        # when creating servers above.
        servers_port = next_port.next() - 1

        create_lb.Create(create_lb_args).execute(create_lb_args, True,
                                                 servers_port, False)
        self.logger.info('[{}/{}] Load-balancer created'.format(
            next_step.next(), total_steps))

        # ################################################################################################################################

        #
        # 6) Web admin
        #
        web_admin_path = os.path.join(args_path, 'web-admin')
        os.mkdir(web_admin_path)

        create_web_admin_args = self._bunch_from_args(args, cluster_name)
        create_web_admin_args.path = web_admin_path
        create_web_admin_args.cert_path = web_admin_crypto_loc.cert_path
        create_web_admin_args.pub_key_path = web_admin_crypto_loc.pub_path
        create_web_admin_args.priv_key_path = web_admin_crypto_loc.priv_path
        create_web_admin_args.ca_certs_path = web_admin_crypto_loc.ca_certs_path
        create_web_admin_args.admin_invoke_password = admin_invoke_password

        web_admin_password = CryptoManager.generate_password()
        admin_created = create_web_admin.Create(create_web_admin_args).execute(
            create_web_admin_args, False, web_admin_password, True)

        # Need to reset the logger here because executing the create_web_admin command
        # loads the web admin's logger which doesn't like that of ours.
        self.reset_logger(args, True)
        self.logger.info('[{}/{}] Web admin created'.format(
            next_step.next(), total_steps))

        # ################################################################################################################################

        #
        # 7) Scheduler
        #
        scheduler_path = os.path.join(args_path, 'scheduler')
        os.mkdir(scheduler_path)

        session = get_session(get_engine(args))

        with closing(session):
            cluster_id = session.query(Cluster.id).\
                filter(Cluster.name==cluster_name).\
                one()[0]

        create_scheduler_args = self._bunch_from_args(args, cluster_name)
        create_scheduler_args.path = scheduler_path
        create_scheduler_args.cert_path = scheduler_crypto_loc.cert_path
        create_scheduler_args.pub_key_path = scheduler_crypto_loc.pub_path
        create_scheduler_args.priv_key_path = scheduler_crypto_loc.priv_path
        create_scheduler_args.ca_certs_path = scheduler_crypto_loc.ca_certs_path
        create_scheduler_args.cluster_id = cluster_id

        create_scheduler.Create(create_scheduler_args).execute(
            create_scheduler_args, False, True)
        self.logger.info('[{}/{}] Scheduler created'.format(
            next_step.next(), total_steps))

        # ################################################################################################################################

        #
        # 8) Scripts
        #
        zato_bin = 'zato'
        zato_qs_start_path = os.path.join(args_path, 'zato-qs-start.sh')
        zato_qs_stop_path = os.path.join(args_path, 'zato-qs-stop.sh')
        zato_qs_restart_path = os.path.join(args_path, 'zato-qs-restart.sh')

        sanity_checks = []
        start_servers = []
        stop_servers = []

        for name in server_names:
            sanity_checks.append(
                sanity_checks_template.format(server_name=server_names[name]))
            start_servers.append(
                start_servers_template.format(server_name=server_names[name],
                                              step_number=int(name) + 3))
            stop_servers.append(
                stop_servers_template.format(server_name=server_names[name],
                                             step_number=int(name) + 1))

        sanity_checks = '\n'.join(sanity_checks)
        start_servers = '\n'.join(start_servers)
        stop_servers = '\n'.join(stop_servers)
        start_steps = 5 + servers
        stop_steps = 3 + servers

        zato_qs_start_head = zato_qs_start_head_template.format(
            zato_bin=zato_bin,
            script_dir=script_dir,
            cluster_name=cluster_name,
            start_steps=start_steps)
        zato_qs_start_body = zato_qs_start_body_template.format(
            sanity_checks=sanity_checks, start_servers=start_servers)
        zato_qs_start = zato_qs_start_head + zato_qs_start_body + zato_qs_start_tail

        zato_qs_stop = zato_qs_stop_template.format(zato_bin=zato_bin,
                                                    script_dir=script_dir,
                                                    cluster_name=cluster_name,
                                                    stop_steps=stop_steps,
                                                    stop_servers=stop_servers)

        open(zato_qs_start_path, 'w').write(zato_qs_start)
        open(zato_qs_stop_path, 'w').write(zato_qs_stop)
        open(zato_qs_restart_path, 'w').write(
            zato_qs_restart.format(script_dir=script_dir,
                                   cluster_name=cluster_name))

        file_mod = stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR | stat.S_IRGRP

        os.chmod(zato_qs_start_path, file_mod)
        os.chmod(zato_qs_stop_path, file_mod)
        os.chmod(zato_qs_restart_path, file_mod)

        self.logger.info('[{}/{}] Management scripts created'.format(
            next_step.next(), total_steps))
        self.logger.info('Quickstart cluster {} created'.format(cluster_name))

        if admin_created:
            self.logger.info('Web admin user:[admin], password:[{}]'.format(
                web_admin_password))
        else:
            self.logger.info('User [admin] already exists in the ODB')

        start_command = os.path.join(args_path, 'zato-qs-start.sh')
        self.logger.info('Start the cluster by issuing the {} command'.format(
            start_command))
        self.logger.info(
            'Visit https://zato.io/support for more information and support options'
        )
コード例 #44
0
ファイル: test_crypto.py プロジェクト: systamonster/zato
    def test_enrypt(self):
        """ Encrypt a message using the public key.
        """
        _plain_text = uuid4().hex

        with NamedTemporaryFile(prefix='zato-test-') as tf_priv:
            with NamedTemporaryFile(prefix='zato-test-') as tf_pub:

                tf_priv.write(priv_key)
                tf_priv.flush()

                tf_pub.write(pub_key)
                tf_pub.flush()

                cm_priv = CryptoManager()
                cm_priv.priv_key_location = tf_priv.name
                cm_priv.load_keys()

                cm_pub = CryptoManager()
                cm_pub.pub_key_location = tf_pub.name
                cm_pub.load_keys()

                encrypted = cm_pub.encrypt(_plain_text)
                decrypted = cm_priv.decrypt(encrypted)

                eq_(_plain_text, decrypted)
コード例 #45
0
ファイル: service.py プロジェクト: saulm/zato
    def execute(self, args):

        repo_dir = os.path.join(
            os.path.abspath(os.path.join(self.original_dir, args.path)),
            'config', 'repo')
        config = get_config(repo_dir, 'server.conf')
        priv_key_location = os.path.abspath(
            os.path.join(repo_dir, config.crypto.priv_key_location))

        cm = CryptoManager(priv_key_location=priv_key_location)
        cm.load_keys()

        engine_args = Bunch()
        engine_args.odb_type = config.odb.engine
        engine_args.odb_user = config.odb.username
        engine_args.odb_password = cm.decrypt(config.odb.password)
        engine_args.odb_host = config.odb.host
        engine_args.odb_db_name = config.odb.db_name

        engine = self._get_engine(engine_args)
        session = self._get_session(engine)

        auth = None
        headers = {}

        with closing(session) as session:
            cluster = session.query(Server).\
                filter(Server.token == config.main.token).\
                one().cluster

            channel = session.query(HTTPSOAP).\
                filter(HTTPSOAP.cluster_id == cluster.id).\
                filter(HTTPSOAP.url_path == args.url_path).\
                one()

            if channel.security_id:
                security = session.query(HTTPBasicAuth).\
                    filter(HTTPBasicAuth.id == channel.security_id).\
                    first()

                if security:
                    auth = (security.username, security.password)

        if args.headers:
            for pair in args.headers.strip().split(';'):
                k, v = pair.strip().split('=', 1)
                headers[k] = v

        client = AnyServiceInvoker(
            'http://{}'.format(config.main.gunicorn_bind),
            args.url_path,
            auth,
            max_response_repr=int(args.max_response_repr),
            max_cid_repr=int(args.max_cid_repr))

        func = client.invoke_async if args. async else client.invoke
        response = func(args.name, args.payload, headers, args.channel,
                        args.data_format, args.transport)

        if response.ok:
            self.logger.info(response.data or '(None)')
        else:
            self.logger.error(response.details)

        if args.verbose:
            self.logger.debug('inner.text:[{}]'.format(response.inner.text))
            self.logger.debug('response:[{}]'.format(response))
コード例 #46
0
 def crypto_manager(self):
     return CryptoManager()
コード例 #47
0
ファイル: crypto.py プロジェクト: barowski/zato
 def execute(self, args):
     cm = CryptoManager(pub_key_location=os.path.abspath(args.path))
     cm.load_keys()
     
     self.logger.info('Encrypted value is [{}]'.format(cm.encrypt(args.secret)))
コード例 #48
0
ファイル: crypto.py プロジェクト: barowski/zato
 def execute(self, args):
     cm = CryptoManager(priv_key_location=os.path.abspath(args.path))
     cm.load_keys()
     
     self.logger.info('Secret is [{}]'.format(cm.decrypt(args.secret)))