def GetDirList(self): return \ [E.joinpaths([self.config.var('GOOGLEDATA'), 'gws/clients', self.name]), E.joinpaths([self.config.var('GOOGLEDATA'), 'gws/p4clientinfo', self.name]), E.joinpaths([self.config.var('CONFIGDIR'), 'frontends', self.name])]
def __init__(self, cfg, box_key_dir, license_key_dir): self.cfg = cfg self.inInitialization = true self.killingIsRunning = false self.counter_lock = threading.Lock() self.counter_file = cfg.getGlobalParam('ENT_LICENSE_COUNTER_FILE') self.counter_back_file = cfg.getGlobalParam('ENT_LICENSE_COUNTER_FILE_BACKUP') self.parser = ent_license.LicenseParser() data_dir = cfg.getGlobalParam('DATADIR') working_dir = E.mktemp(data_dir, "license_manager") E.system('rm -rf %s/@*.0license_manager; mkdir -p %s' % ( data_dir, working_dir)) box_pub_keyring = E.joinpaths([box_key_dir, "ent_box_key.pub"]) box_pri_keyring = E.joinpaths([box_key_dir, "ent_box_key.pri"]) license_pub_keyring = E.joinpaths([license_key_dir, "google_license_key.pub"]) self.decryptor = ent_license.LicenseDecryptor(working_dir, box_pub_keyring, box_pri_keyring, license_pub_keyring)
def encryptLicense(self, license, passphrase = None): tempdir = E.mktemp(self.working_dir, 'encrypt') # if no passphrase supplied, use the one given in the constructor if passphrase == None: passphrase = self.passphrase # make sure the license is valid (note that this is a fresh license) if license.isInvalid(fresh_license = 1): logging.error("license is not valid") return None if not self.checkFiles(): logging.error("encryptor keys don't exist or aren't valid") return None # get the header header = self.extractHeader(license) # NOTE: this ent_license.config is important; the old license code expects # to find this filename. do not change it license_fn = E.joinpaths([tempdir, "ent_license.config"]) tgz_fn = E.joinpaths([tempdir, "license.tgz"]) encrypted_fn = E.joinpaths([tempdir, "license.encrypted"]) encrypted_w_header_fn = E.joinpaths([tempdir, "license.header"]) signed_fn = E.joinpaths([tempdir, "license.signed"]) try: # make the temp directory os.system("rm -rf %s" % commands.mkarg(tempdir)) os.makedirs(tempdir) # write the raw license body to a file license_body = {} license_body.update(license.license) # overwrite the version number with the current version (just in case) license_body['ENT_LICENSE_VERSION'] = CURRENT_LICENSE_VERSION try: body_str = string.join(map(lambda (k,v): '%s = %s' % (k,repr(v)), license_body.items()), '\n') open(license_fn, 'w').write(str(body_str)) except IOError: logging.error("writing plain license failed") return None # tar the license body tar_cmd = "tar zvcf %s -C %s %s" % ( commands.mkarg(tgz_fn), commands.mkarg(os.path.dirname(license_fn)), commands.mkarg(os.path.basename(license_fn))) if os.system(tar_cmd) != 0: logging.error("tarring license failed") return None # encrypt it encrypt_cmd = "gpg --no-options --no-default-keyring --no-secmem-warning --no-tty --yes --default-recipient-self --keyring %s --secret-keyring %s -o %s -se %s" % ( commands.mkarg(self.box_public_keyring), commands.mkarg(self.box_private_keyring), commands.mkarg(encrypted_fn), commands.mkarg(tgz_fn)) if os.system(encrypt_cmd) != 0: logging.error("encrypting license failed") return None # write out the header (plus \n\n) to encrypted_w_header_fn try: header_str = string.join(map(lambda (k,v): '%s = %s' % (k,repr(v)), header.items()), '\n') header_str = header_str + '\n\n' # end of header open(encrypted_w_header_fn, 'w').write(header_str) except IOError: logging.error("writing license header failed") return None # append the encrypted tarred license to encrypted_w_header_fn cat_cmd = "cat %s >> %s" % ( commands.mkarg(encrypted_fn), commands.mkarg(encrypted_w_header_fn)) if os.system(cat_cmd) != 0: logging.error("reading encrypted license failed") return None # sign encrypted_w_header_fn sign_cmd = "gpg --no-options --no-default-keyring --no-tty --no-secmem-warning --keyring %s --secret-keyring %s --passphrase-fd 0 --yes -o %s -s %s" % ( commands.mkarg(self.license_public_keyring), commands.mkarg(self.license_private_keyring), commands.mkarg(signed_fn), commands.mkarg(encrypted_w_header_fn)) try: # use popen so that we can write the passphrase to stdin sign_fd = os.popen(sign_cmd, 'w') if passphrase != None: sign_fd.write(passphrase) status = sign_fd.close() except IOError: status = -1 if status != None: logging.error("signing license signature failed") return None # read the signed body try: signed_body = open(signed_fn, 'r').read() except IOError: logging.error("reading signed license failed") return None finally: # make sure to clean up all the temp files os.system("rm -rf %s" % commands.mkarg(tempdir)) return signed_body
def decryptLicense(self, encrypted_license): tempdir = E.mktemp(self.working_dir, 'decrypt') signed_fn = E.joinpaths([tempdir, "license.signed"]) verified_fn = E.joinpaths([tempdir, "license.verified"]) encrypted_fn = E.joinpaths([tempdir, "license.encrypted"]) tgz_fn = E.joinpaths([tempdir, "license.tgz"]) license_fn = E.joinpaths([tempdir, "ent_license.config"]) if not self.checkFiles(): logging.error("decryptor keys don't exist or aren't valid") return None, None, DECRYPT_SYSTEM_ERROR try: # make the temp directory os.system("rm -rf %s" % commands.mkarg(tempdir)) os.makedirs(tempdir) # output to a file try: open(signed_fn, 'w').write(encrypted_license) except IOError: logging.error("writing encrypted license failed") return None, None, DECRYPT_SYSTEM_ERROR # verify signature verify_cmd = ("gpg --no-options --no-default-keyring --no-tty" " --no-verbose --yes --keyring %s -o %s --decrypt %s") % ( commands.mkarg(self.license_public_keyring), commands.mkarg(verified_fn), commands.mkarg(signed_fn)) # When gpg is given a file with no signature it returns successfully; # so we must check gpg's output fi, foe = os.popen4(verify_cmd) fi.close() gpg_result = foe.read() foe.close() if gpg_result.find("Good signature") == -1: logging.error("verifying license signature failed") return None, None, DECRYPT_GPG_VERIFY_FAILED # remove header verified_body = open(verified_fn, 'r').read() sep_poi = string.find(verified_body, "\n\n") if sep_poi < 0: logging.error("license doesn't have valid header") return None, None, DECRYPT_BAD_HEADER # NOTE: At this point, we've read the header, which is a subset of the # actual license (which we can't see yet, because it's encrypted). If # we fail past this point, we return the header in place of the license # because it will look like an invalid license, and allow us to report # some basic information about the license. # header_body = verified_body[0:sep_poi] # write out the encrypted body try: open(encrypted_fn, 'w').write(verified_body[sep_poi+2:]) except IOError: logging.error("writing encrypted license failed") return None, header_body, DECRYPT_SYSTEM_ERROR # decrypt it decrypt_cmd = "gpg --no-options --no-default-keyring --no-tty --yes --keyring %s --secret-keyring %s -o %s --decrypt %s" % ( commands.mkarg(self.box_public_keyring), commands.mkarg(self.box_private_keyring), commands.mkarg(tgz_fn), commands.mkarg(encrypted_fn)) if os.system(decrypt_cmd) != 0: logging.error("decrypting license failed") return None, header_body, DECRYPT_GPG_DECRYPT_FAILED # untar it (we only ask for the file we want) untar_cmd = "tar xvzf %s -C %s ent_license.config" % ( commands.mkarg(tgz_fn), tempdir) if os.system(untar_cmd) != 0: logging.error("untarring license failed") return None, header_body, DECRYPT_TAR_FAILED # read in the decrypted license try: license_body = open(license_fn, 'r').read() except IOError: logging.error("reading decrypted license failed") return None, header_body, DECRYPT_SYSTEM_ERROR finally: # make sure to clean up all the temp files os.system("rm -rf %s" % commands.mkarg(tempdir)) return license_body, header_body, DECRYPT_OK
def encryptLicense(self, license, passphrase=None): tempdir = E.mktemp(self.working_dir, 'encrypt') # if no passphrase supplied, use the one given in the constructor if passphrase == None: passphrase = self.passphrase # make sure the license is valid (note that this is a fresh license) if license.isInvalid(fresh_license=1): logging.error("license is not valid") return None if not self.checkFiles(): logging.error("encryptor keys don't exist or aren't valid") return None # get the header header = self.extractHeader(license) # NOTE: this ent_license.config is important; the old license code expects # to find this filename. do not change it license_fn = E.joinpaths([tempdir, "ent_license.config"]) tgz_fn = E.joinpaths([tempdir, "license.tgz"]) encrypted_fn = E.joinpaths([tempdir, "license.encrypted"]) encrypted_w_header_fn = E.joinpaths([tempdir, "license.header"]) signed_fn = E.joinpaths([tempdir, "license.signed"]) try: # make the temp directory os.system("rm -rf %s" % commands.mkarg(tempdir)) os.makedirs(tempdir) # write the raw license body to a file license_body = {} license_body.update(license.license) # overwrite the version number with the current version (just in case) license_body['ENT_LICENSE_VERSION'] = CURRENT_LICENSE_VERSION try: body_str = string.join( map(lambda (k, v): '%s = %s' % (k, repr(v)), license_body.items()), '\n') open(license_fn, 'w').write(str(body_str)) except IOError: logging.error("writing plain license failed") return None # tar the license body tar_cmd = "tar zvcf %s -C %s %s" % ( commands.mkarg(tgz_fn), commands.mkarg(os.path.dirname(license_fn)), commands.mkarg(os.path.basename(license_fn))) if os.system(tar_cmd) != 0: logging.error("tarring license failed") return None # encrypt it encrypt_cmd = "gpg --no-options --no-default-keyring --no-secmem-warning --no-tty --yes --default-recipient-self --keyring %s --secret-keyring %s -o %s -se %s" % ( commands.mkarg(self.box_public_keyring), commands.mkarg(self.box_private_keyring), commands.mkarg(encrypted_fn), commands.mkarg(tgz_fn)) if os.system(encrypt_cmd) != 0: logging.error("encrypting license failed") return None # write out the header (plus \n\n) to encrypted_w_header_fn try: header_str = string.join( map(lambda (k, v): '%s = %s' % (k, repr(v)), header.items()), '\n') header_str = header_str + '\n\n' # end of header open(encrypted_w_header_fn, 'w').write(header_str) except IOError: logging.error("writing license header failed") return None # append the encrypted tarred license to encrypted_w_header_fn cat_cmd = "cat %s >> %s" % (commands.mkarg(encrypted_fn), commands.mkarg(encrypted_w_header_fn)) if os.system(cat_cmd) != 0: logging.error("reading encrypted license failed") return None # sign encrypted_w_header_fn sign_cmd = "gpg --no-options --no-default-keyring --no-tty --no-secmem-warning --keyring %s --secret-keyring %s --passphrase-fd 0 --yes -o %s -s %s" % ( commands.mkarg(self.license_public_keyring), commands.mkarg( self.license_private_keyring), commands.mkarg(signed_fn), commands.mkarg(encrypted_w_header_fn)) try: # use popen so that we can write the passphrase to stdin sign_fd = os.popen(sign_cmd, 'w') if passphrase != None: sign_fd.write(passphrase) status = sign_fd.close() except IOError: status = -1 if status != None: logging.error("signing license signature failed") return None # read the signed body try: signed_body = open(signed_fn, 'r').read() except IOError: logging.error("reading signed license failed") return None finally: # make sure to clean up all the temp files os.system("rm -rf %s" % commands.mkarg(tempdir)) return signed_body
def decryptLicense(self, encrypted_license): tempdir = E.mktemp(self.working_dir, 'decrypt') signed_fn = E.joinpaths([tempdir, "license.signed"]) verified_fn = E.joinpaths([tempdir, "license.verified"]) encrypted_fn = E.joinpaths([tempdir, "license.encrypted"]) tgz_fn = E.joinpaths([tempdir, "license.tgz"]) license_fn = E.joinpaths([tempdir, "ent_license.config"]) if not self.checkFiles(): logging.error("decryptor keys don't exist or aren't valid") return None, None, DECRYPT_SYSTEM_ERROR try: # make the temp directory os.system("rm -rf %s" % commands.mkarg(tempdir)) os.makedirs(tempdir) # output to a file try: open(signed_fn, 'w').write(encrypted_license) except IOError: logging.error("writing encrypted license failed") return None, None, DECRYPT_SYSTEM_ERROR # verify signature verify_cmd = ("gpg --no-options --no-default-keyring --no-tty" " --no-verbose --yes --keyring %s -o %s --decrypt %s" ) % (commands.mkarg(self.license_public_keyring), commands.mkarg(verified_fn), commands.mkarg(signed_fn)) # When gpg is given a file with no signature it returns successfully; # so we must check gpg's output fi, foe = os.popen4(verify_cmd) fi.close() gpg_result = foe.read() foe.close() if gpg_result.find("Good signature") == -1: logging.error("verifying license signature failed") return None, None, DECRYPT_GPG_VERIFY_FAILED # remove header verified_body = open(verified_fn, 'r').read() sep_poi = string.find(verified_body, "\n\n") if sep_poi < 0: logging.error("license doesn't have valid header") return None, None, DECRYPT_BAD_HEADER # NOTE: At this point, we've read the header, which is a subset of the # actual license (which we can't see yet, because it's encrypted). If # we fail past this point, we return the header in place of the license # because it will look like an invalid license, and allow us to report # some basic information about the license. # header_body = verified_body[0:sep_poi] # write out the encrypted body try: open(encrypted_fn, 'w').write(verified_body[sep_poi + 2:]) except IOError: logging.error("writing encrypted license failed") return None, header_body, DECRYPT_SYSTEM_ERROR # decrypt it decrypt_cmd = "gpg --no-options --no-default-keyring --no-tty --yes --keyring %s --secret-keyring %s -o %s --decrypt %s" % ( commands.mkarg(self.box_public_keyring), commands.mkarg(self.box_private_keyring), commands.mkarg(tgz_fn), commands.mkarg(encrypted_fn)) if os.system(decrypt_cmd) != 0: logging.error("decrypting license failed") return None, header_body, DECRYPT_GPG_DECRYPT_FAILED # untar it (we only ask for the file we want) untar_cmd = "tar xvzf %s -C %s ent_license.config" % ( commands.mkarg(tgz_fn), tempdir) if os.system(untar_cmd) != 0: logging.error("untarring license failed") return None, header_body, DECRYPT_TAR_FAILED # read in the decrypted license try: license_body = open(license_fn, 'r').read() except IOError: logging.error("reading decrypted license failed") return None, header_body, DECRYPT_SYSTEM_ERROR finally: # make sure to clean up all the temp files os.system("rm -rf %s" % commands.mkarg(tempdir)) return license_body, header_body, DECRYPT_OK
def GetDirList(self): return [ E.joinpaths( [self.config.var('CONFIGDIR'), 'queryexpansion', self.name]) ]
def GetDirList(self): return \ [E.joinpaths([self.config.var('CONFIGDIR'), 'collections', self.name])]
def GetDirList(self): return [E.joinpaths([self.config.var('CONFIGDIR'), 'queryexpansion', self.name])]