예제 #1
0
 def display_ImageListInstance(self,imagelist):
     smimeProcessor =  smimeX509validation(self.x509anchor)
     try:
         smimeProcessor.Process(str(imagelist.data))
     except smimeX509ValidationError,E:
         self.log.error("Failed to validate text for '%s' produced error '%s'" % (imagelist,E))
         return False
예제 #2
0
 def display_ImageListInstance(self,imagelist):
     smimeProcessor =  smimeX509validation(self.x509anchor)
     try:
         smimeProcessor.Process(str(imagelist.data))
     except smimeX509ValidationError,E:
         self.log.error("Failed to validate text for '%s' produced error '%s'" % (imagelist,E))
         return False
예제 #3
0
 def checkmessage(self):
     # hello
     #print str(self.MatchMetadata)
     now = datetime.datetime.utcnow()
     smimeProcessor = smimeX509validation.smimeX509validation(self.anchor)
     try:
         smimeProcessor.Process(str(self.data))
     except smimeX509validation.truststore.TrustStoreError, E:
         self.log.error(E)
         # Error code - failed to validate image list.
         self.errorNo = 11
         return
예제 #4
0
 def checkmessage(self):
     # hello
     #print str(self.MatchMetadata)
     now = datetime.datetime.utcnow()
     smimeProcessor =  smimeX509validation.smimeX509validation(self.anchor)
     try:
         smimeProcessor.Process(str(self.data))
     except smimeX509validation.truststore.TrustStoreError,E:
         self.log.error(E)
         # Error code - failed to validate image list.
         self.errorNo =  11
         return
예제 #5
0
    def subscribe_file(self, Session, inmetadata):
        metadata_retriver = {}
        metadata = {}
        autoEndorse = False
        if 'autoEndorse' in inmetadata:
            if inmetadata["autoEndorse"] == True:
                autoEndorse = inmetadata["autoEndorse"]
        if 'filename' in inmetadata:
            metadata["uri"] = inmetadata["filename"]
        if 'trustAnchor' in inmetadata:
            metadata["trustAnchor"] = inmetadata["trustAnchor"]
        else:
            metadata[u'il.transfer.protocol:trustAnchor'] = self.anchor

        if 'userName' in inmetadata:
            metadata["userName"] = inmetadata["userName"]
            metadata[u'il.transfer.protocol:userName'] = inmetadata["userName"]
        elif 'username' in inmetadata:
            metadata["userName"] = inmetadata["username"]
            metadata[u'il.transfer.protocol:userName'] = inmetadata["username"]
        if 'password' in inmetadata:
            metadata["password"] = inmetadata["password"]
            metadata[u'il.transfer.protocol:password'] = inmetadata["password"]
        #print inmetadata.keys()
        if 'protocol' in inmetadata:
            metadata["protocol"] = inmetadata["protocol"]
            metadata[u'il.transfer.protocol'] = inmetadata["protocol"]

        resultDict = self._retiver_uri(inmetadata)
        rc = resultDict['code']
        if rc != 0:
            if 'error' in resultDict:
                self.log.error("%s, while retrieving %s" %
                               (['error'], metadata["uri"]))
                self.log.debug(resultDict)
            else:
                self.log.error("Download of uri '%s' failed." %
                               (metadata["uri"]))
            if rc > 255:
                return rc
            else:
                return 10

        smimeProcessor = smimeX509validation.smimeX509validation(
            metadata["trustAnchor"])
        try:
            smimeProcessor.Process(resultDict['responce'])
        except smimeX509validation.truststore.TrustStoreError, E:
            self.log.error("Validate text '%s' produced error '%s'" %
                           (metadata["uri"], E))
            self.log.debug("Downloaded=%s" % (resultDict['responce']))
            return False
예제 #6
0
 def display_ImageListInstance(self,imagelist):
     if imagelist.data == None:
         self.log.warning("No imagelist found.")
         return True
     if self.x509anchor == None:
         self.log.warning("No trust anchor found so can not decode.")
         self.fpOutput.write (str(imagelist.data))
         return True
     smimeProcessor =  smimeX509validation(self.x509anchor)
     try:
         smimeProcessor.Process(str(imagelist.data))
     except smimeX509ValidationError,E:
         self.log.error("Failed to validate text for '%s' produced error '%s'" % (imagelist,E))
         return False
예제 #7
0
 def subscribe_file(self,Session,inmetadata):
     metadata_retriver = {}
     metadata = {}
     autoEndorse = False
     if 'autoEndorse' in inmetadata:
         if inmetadata["autoEndorse"] == True:
             autoEndorse = inmetadata["autoEndorse"]
     if 'filename' in inmetadata:
         metadata["uri"] = inmetadata["filename"]
     if 'trustAnchor' in inmetadata:
         metadata["trustAnchor"] = inmetadata["trustAnchor"]
     else:
         metadata[u'il.transfer.protocol:trustAnchor'] = self.anchor
     
     if 'userName' in inmetadata:
         metadata["userName"] = inmetadata["userName"]
         metadata[u'il.transfer.protocol:userName'] = inmetadata["userName"]
     elif 'username' in inmetadata:
         metadata["userName"] = inmetadata["username"]
         metadata[u'il.transfer.protocol:userName'] = inmetadata["username"]
     if 'password' in inmetadata:
         metadata["password"] = inmetadata["password"]
         metadata[u'il.transfer.protocol:password'] = inmetadata["password"]
     #print inmetadata.keys()
     if 'protocol' in inmetadata:
         metadata["protocol"] = inmetadata["protocol"]
         metadata[u'il.transfer.protocol'] = inmetadata["protocol"]
     
     
     resultDict = self._retiver_uri(inmetadata)
     rc = resultDict['code']
     if rc != 0:
         if 'error' in resultDict:
             self.log.error("%s, while retrieving %s" % (['error'],metadata["uri"]))
             self.log.debug(resultDict)
         else:
             self.log.error("Download of uri '%s' failed." % (metadata["uri"]))
         if rc > 255:
             return rc
         else:
             return 10
     
     smimeProcessor = smimeX509validation.smimeX509validation(metadata["trustAnchor"])
     try:
         smimeProcessor.Process(resultDict['responce'])
     except smimeX509validation.truststore.TrustStoreError,E:
         self.log.error("Validate text '%s' produced error '%s'" % (metadata["uri"],E))
         self.log.debug("Downloaded=%s" % (resultDict['responce']))
         return False
예제 #8
0
    def download_imagelist(self, imagelistUUID, flags):
        Session = self.SessionFactory()
        query_imagelist_uri = Session.query(model.ImagelistMetadata).\
                filter(model.Imagelist.identifier == imagelistUUID).\
                filter(model.Imagelist.id == model.ImagelistMetadata.fkImageList).\
                filter(model.ImagelistMetadata.key == 'hv:uri')

        if query_imagelist_uri.count() == 0:
            self.log.warning('image list uri not found')
            return True
        uri = None
        for item in query_imagelist_uri:
            uri = item.value
        if uri is None:
            self.log.error('image list uri not found')
            return True
        content = downloader.downloader(uri)
        if content is None:
            self.log.error("Content is None.")
            sys.exit(22)
        anchor = smimeX509validation.LoadDirChainOfTrust("/etc/grid-security/certificates/")
        smimeProcessor = smimeX509validation.smimeX509validation(anchor)
        try:
            dwonloader_responce = content["responce"]
        except KeyError:
            self.log.error("Retrive uri failed:'%s'" % (uri))
            return False
        try:
            smimeProcessor.Process(dwonloader_responce)
        except smimeX509validation.truststore.TrustStoreError as exp:
            self.log.error("Validate text '%s' produced error '%s'" % (uri, exp))
            self.log.debug("Downloaded=%s" % (content['responce']))
            return False
        except smimeX509validation.smimeX509ValidationError as exp:
            self.log.error("Validate text '%s' produced error '%s'" % (uri, exp))
            self.log.debug("Downloaded=%s" % (uri))
            return False
        if not smimeProcessor.verified:
            self.log.error("Failed to  verify text '%s'" % (content))
            return False
        try:
            candidate = json.loads(smimeProcessor.InputDaraStringIO.getvalue())
        except ValueError:
            self.log.error("Failed to parse JSON.")
            sys.exit(20)
        if candidate is None:
            self.log.error("No JSON content.")
            sys.exit(21)
        self.importer(candidate)
def main():
    p = optparse.OptionParser()
    p.add_option('-m', '--message', action ='append',
        help='adds a message to be tested.')
    p.add_option('-c', '--certs-dir', action ='store',
        help='Path of certificates dir',
        default='/etc/grid-security/certificates/')
    options, arguments = p.parse_args()
    if not os.path.isdir(options.certs_dir):
        print ("Warning not a directory:%s" % (options.certs_dir))
        sys.exit(1)
    anchor =  LoadDirChainOfTrust(options.certs_dir)
    if options.message == None:
        sys.exit(1)
    else:
        for item in options.message:
            
            #print anchor.validate_file(item)
            smimeProcessor = smimeX509validation(anchor)
            smimeProcessor.ProcessFile(item)
            print smimeProcessor.InputCertMetaDataList
            print smimeProcessor.verified
            print smimeProcessor.InputDaraStringIO.getvalue()
예제 #10
0
    def checkmessage(self):
        # hello
        #print str(self.MatchMetadata)
        now = datetime.datetime.utcnow()
        smimeProcessor =  smimeX509validation.smimeX509validation(self.anchor)
        try:
            smimeProcessor.Process(str(self.data))
        except smimeX509validation.truststore.TrustStoreError as expt:
            self.log.error(expt)
            # Error code - failed to validate image list.
            self.errorNo =  11
            return
        except smimeX509validation.smimeX509ValidationError as expt:
            self.log.error(expt)
            # Error code - failed to validate image list.
            self.errorNo =  11
            return
        if not smimeProcessor.verified:
            self.log.error("Failed to validate text")
            self.errorNo =  11
            return
        data = smimeProcessor.InputDaraStringIO.getvalue()
        self.subject = smimeProcessor.InputCertMetaDataList[0]['subject']
        self.issuer = smimeProcessor.InputCertMetaDataList[0]['issuer']
        jsonData = json.loads(data)
        if jsonData == None:
            self.log.error("Downlaoded data from was not valid JSON.")
            self.errorNo =  37
            return
        vmilist = VMimageListDecoder(jsonData)
        if vmilist == None:
            self.log.error("Downlaoded metadata from was not valid image list Object.")
            self.errorNo =  38
            return
        self.vmilist = vmilist
        if vmilist.endorser.metadata[u'hv:dn'] != self.subject:
            self.log.error("Endorser DN does not match signature for '%s'" (self.MatchMetadata[u'dc:identifier']))
            self.log.info("Expected DN '%s'" % (vmilist.endorser.metadata[u'hv:dn']))
            self.log.info("Downloaded DN '%s'" % (self.subject))
            # Error code - metadata and certificate dont match.
            self.errorNo =  12
            return
        if vmilist.endorser.metadata[u'hv:ca'] != self.issuer:
            self.log.error("list hv:ca does not match signature for '%s'" % (self.MatchMetadata[u'dc:identifier']))
            self.log.info("Expected CA '%s'" % (vmilist.endorser.metadata[u'hv:ca']))
            self.log.info("Downloaded CA '%s'" % (self.issuer))
            # Error code - metadata and certificate dont match.
            self.errorNo =  12
            return

        if vmilist.metadata[u'hv:uri'] != self.MatchMetadata[u'hv:uri']:
            self.log.warning("list hv:uri does not match subscription uri for '%s'" % (self.MatchMetadata[u'dc:identifier']))
            self.log.info("Expected URI '%s'" % (self.MatchMetadata[u'hv:uri']))
            self.log.info("Downloaded URI '%s'" % (vmilist.metadata[u'hv:uri']))
        #    # Error code - metadata and certificate dont match.
        #    self.errorNo =  12
        #    return

        if vmilist.metadata[u'dc:identifier'] != self.MatchMetadata[u'dc:identifier']:
            self.log.info("Expected identifier '%s'" % (self.MatchMetadata[u'dc:identifier']))
            self.log.info("Downloaded identifier '%s'" % (vmilist.metadata[u'dc:identifier']))
            # Error code - imagelist dc:identifier invalid.
            self.errorNo =  31
            return
        now = datetime.datetime.utcnow()
        if now < vmilist.metadata[u'dc:date:created']:
            self.log.error("Image list '%s' has an invalid creation date as in the future." % (self.MatchMetadata[u'dc:identifier']))
            self.errorNo =  33
            return
        if now > vmilist.metadata[u'dc:date:expires']:
            self.log.warning("Downloaded image list '%s' has expired." % (self.MatchMetadata[u'dc:identifier']))
            self.errorNo =  34
            return
        self.vmilist = vmilist
        self.errorNo = 0
        self.Json = jsonData
        return
예제 #11
0
    def subscribe_file(self,Session,inmetadata):
        metadata_retriver = {}
        metadata = {}
        autoEndorse = False
        if 'autoEndorse' in inmetadata:
            if inmetadata["autoEndorse"] == True:
                autoEndorse = inmetadata["autoEndorse"]
        if 'filename' in inmetadata:
            metadata["uri"] = inmetadata["filename"]
        if 'trustAnchor' in inmetadata:
            metadata["trustAnchor"] = inmetadata["trustAnchor"]
        else:
            metadata[u'il.transfer.protocol:trustAnchor'] = self.anchor

        if 'userName' in inmetadata:
            metadata["userName"] = inmetadata["userName"]
            metadata[u'il.transfer.protocol:userName'] = inmetadata["userName"]
        elif 'username' in inmetadata:
            metadata["userName"] = inmetadata["username"]
            metadata[u'il.transfer.protocol:userName'] = inmetadata["username"]
        if 'password' in inmetadata:
            metadata["password"] = inmetadata["password"]
            metadata[u'il.transfer.protocol:password'] = inmetadata["password"]
        #print inmetadata.keys()
        if 'protocol' in inmetadata:
            metadata["protocol"] = inmetadata["protocol"]
            metadata[u'il.transfer.protocol'] = inmetadata["protocol"]


        resultDict = self._retiver_uri(inmetadata)
        rc = resultDict['code']
        if rc != 0:
            if 'error' in resultDict:
                self.log.error("%s, while retrieving %s" % (['error'],metadata["uri"]))
                self.log.debug(resultDict)
            else:
                self.log.error("Download of uri '%s' failed." % (metadata["uri"]))
            if rc > 255:
                return rc
            else:
                return 10

        smimeProcessor = smimeX509validation.smimeX509validation(metadata["trustAnchor"])
        try:
            smimeProcessor.Process(resultDict['responce'])
        except smimeX509validation.truststore.TrustStoreError as expt:
            self.log.error("Validate text '%s' produced error '%s'" % (metadata["uri"], expt))
            self.log.debug("Downloaded=%s" % (resultDict['responce']))
            return False
        except smimeX509validation.smimeX509ValidationError as expt:
            self.log.error("Validate text '%s' produced error '%s'" % (metadata["uri"], expt))
            self.log.debug("Downloaded=%s" % (resultDict['responce']))
            return False
        if not smimeProcessor.verified:
            self.log.error("Failed to  verify text '%s'" % (resultDict['uri']))
            return False
        jsontext = json.loads(smimeProcessor.InputDaraStringIO.getvalue())
        if jsontext == None:
            self.log.error("Message down loaded from '%s' was not valid JSON." % (resultDict['uri']))
            self.log.debug("Downloaded=" % (jsontext))
            return False
        vmilist = VMimageListDecoder(jsontext)
        if vmilist == None:
            self.log.error("Failed to decode the json as an image list Object for '%s'." % (resultDict['uri']))
            return False
        if 'userName' in inmetadata:
            metadata["userName"] = inmetadata["userName"]
            metadata[u'il.transfer.protocol:userName'] = inmetadata["userName"]
        if 'password' in inmetadata:
            metadata["password"] = inmetadata["password"]
            metadata[u'il.transfer.protocol:password'] = inmetadata["password"]
        metadata.update(vmilist.metadata)
        metadata.update(vmilist.endorser.metadata)
        if u'dc:identifier' not in metadata.keys():
            self.log.error('list dc:identifier does not found')
            return False
        if metadata[u'hv:dn'] != smimeProcessor.InputCertMetaDataList[0]['subject']:
            self.log.error('Endorser DN does not match signature')
            return False
        if metadata[u'hv:ca'] != smimeProcessor.InputCertMetaDataList[0]['issuer']:
            self.log.error('list hv:ca does not match signature')
            return False
        #if uriNormaliseAnonymous(metadata[u'hv:uri']) !=  uriNormaliseAnonymous(resultDict["uri"]):
        #    self.log.warning('list hv:uri does not match subscription uri')
        #    self.log.info('hv:uri=%s' % (metadata[u'hv:uri']))
        #    self.log.info('subscription uri=%s' % (resultDict['uri']))
        db = db_actions(Session)
        endorser_list = db.endorser_get(metadata)
        if endorser_list.count() == 0:
            if not autoEndorse:
                self.log.error("Endorser '%s':'%s' was not found in database." % (metadata[u'hv:dn'],metadata[u'hv:ca']))
                self.log.info("Use '--auto-endorse' to add endorser '%s':'%s' to subscription database." % (metadata[u'hv:dn'],metadata[u'hv:ca']))
                return False
            else:
                # We can create an endorser.
                newmetadata = dict(metadata)
                newmetadata[u'dc:identifier'] = text_type(uuid.uuid4())
                endorser_list = db.endorser_create(newmetadata)
                self.log.warning("Endorser '%s':'%s' added to database." % (metadata[u'hv:dn'],metadata[u'hv:ca']))

                if endorser_list.count() == 0:
                    self.log.error('Failed to create an authorised endorser in Database.')
                    return False
        subscription_query = db.subscription_create(metadata,True)
        if subscription_query.count() != 1:
            self.log.error('Creation of Subscription reference failed.')
            return False
        subscription = subscription_query.one()
        subscriptionKey = int(subscription.id)
        failedToCreateImages = []
        for imageReferance in vmilist.images:
            # Now we create image definitions
            metadata = {}
            metadata.update(imageReferance.metadata)
            metadata['cache'] = 0
            ImageDefinition_query = db.ImageDefinition_create(subscriptionKey,metadata)
            if ImageDefinition_query.count() != 1:
                self.log.error('Creation of ImageDefinition referance failed.')
                failedToCreateImages.append(imageReferance)
                continue
        if len(failedToCreateImages) > 0:
            return False
        return True