def GetDirList(self):
return \
[E.joinpaths([self.config.var('GOOGLEDATA'),
'gws/clients', self.name]),
E.joinpaths([self.config.var('GOOGLEDATA'),
'gws/p4clientinfo', self.name]),
E.joinpaths([self.config.var('CONFIGDIR'),
'frontends', self.name])]
def GetDirList(self):
return \
[E.joinpaths([self.config.var('GOOGLEDATA'),
'gws/clients', self.name]),
E.joinpaths([self.config.var('GOOGLEDATA'),
'gws/p4clientinfo', self.name]),
E.joinpaths([self.config.var('CONFIGDIR'),
'frontends', self.name])]
def __init__(self, cfg, box_key_dir, license_key_dir):
self.cfg = cfg
self.inInitialization = true
self.killingIsRunning = false
self.counter_lock = threading.Lock()
self.counter_file = cfg.getGlobalParam('ENT_LICENSE_COUNTER_FILE')
self.counter_back_file = cfg.getGlobalParam('ENT_LICENSE_COUNTER_FILE_BACKUP')
self.parser = ent_license.LicenseParser()
data_dir = cfg.getGlobalParam('DATADIR')
working_dir = E.mktemp(data_dir, "license_manager")
E.system('rm -rf %s/@*.0license_manager; mkdir -p %s' % (
data_dir, working_dir))
box_pub_keyring = E.joinpaths([box_key_dir, "ent_box_key.pub"])
box_pri_keyring = E.joinpaths([box_key_dir, "ent_box_key.pri"])
license_pub_keyring = E.joinpaths([license_key_dir,
"google_license_key.pub"])
self.decryptor = ent_license.LicenseDecryptor(working_dir,
box_pub_keyring,
box_pri_keyring,
license_pub_keyring)
def encryptLicense(self, license, passphrase = None):
tempdir = E.mktemp(self.working_dir, 'encrypt')
# if no passphrase supplied, use the one given in the constructor
if passphrase == None:
passphrase = self.passphrase
# make sure the license is valid (note that this is a fresh license)
if license.isInvalid(fresh_license = 1):
logging.error("license is not valid")
return None
if not self.checkFiles():
logging.error("encryptor keys don't exist or aren't valid")
return None
# get the header
header = self.extractHeader(license)
# NOTE: this ent_license.config is important; the old license code expects
# to find this filename. do not change it
license_fn = E.joinpaths([tempdir, "ent_license.config"])
tgz_fn = E.joinpaths([tempdir, "license.tgz"])
encrypted_fn = E.joinpaths([tempdir, "license.encrypted"])
encrypted_w_header_fn = E.joinpaths([tempdir, "license.header"])
signed_fn = E.joinpaths([tempdir, "license.signed"])
try:
# make the temp directory
os.system("rm -rf %s" % commands.mkarg(tempdir))
os.makedirs(tempdir)
# write the raw license body to a file
license_body = {}
license_body.update(license.license)
# overwrite the version number with the current version (just in case)
license_body['ENT_LICENSE_VERSION'] = CURRENT_LICENSE_VERSION
try:
body_str = string.join(map(lambda (k,v): '%s = %s' % (k,repr(v)),
license_body.items()),
'\n')
open(license_fn, 'w').write(str(body_str))
except IOError:
logging.error("writing plain license failed")
return None
# tar the license body
tar_cmd = "tar zvcf %s -C %s %s" % (
commands.mkarg(tgz_fn),
commands.mkarg(os.path.dirname(license_fn)),
commands.mkarg(os.path.basename(license_fn)))
if os.system(tar_cmd) != 0:
logging.error("tarring license failed")
return None
# encrypt it
encrypt_cmd = "gpg --no-options --no-default-keyring --no-secmem-warning --no-tty --yes --default-recipient-self --keyring %s --secret-keyring %s -o %s -se %s" % (
commands.mkarg(self.box_public_keyring),
commands.mkarg(self.box_private_keyring),
commands.mkarg(encrypted_fn),
commands.mkarg(tgz_fn))
if os.system(encrypt_cmd) != 0:
logging.error("encrypting license failed")
return None
# write out the header (plus \n\n) to encrypted_w_header_fn
try:
header_str = string.join(map(lambda (k,v): '%s = %s' % (k,repr(v)),
header.items()),
'\n')
header_str = header_str + '\n\n' # end of header
open(encrypted_w_header_fn, 'w').write(header_str)
except IOError:
logging.error("writing license header failed")
return None
# append the encrypted tarred license to encrypted_w_header_fn
cat_cmd = "cat %s >> %s" % (
commands.mkarg(encrypted_fn),
commands.mkarg(encrypted_w_header_fn))
if os.system(cat_cmd) != 0:
logging.error("reading encrypted license failed")
return None
# sign encrypted_w_header_fn
sign_cmd = "gpg --no-options --no-default-keyring --no-tty --no-secmem-warning --keyring %s --secret-keyring %s --passphrase-fd 0 --yes -o %s -s %s" % (
commands.mkarg(self.license_public_keyring),
commands.mkarg(self.license_private_keyring),
commands.mkarg(signed_fn),
commands.mkarg(encrypted_w_header_fn))
try:
# use popen so that we can write the passphrase to stdin
sign_fd = os.popen(sign_cmd, 'w')
if passphrase != None:
sign_fd.write(passphrase)
status = sign_fd.close()
except IOError:
status = -1
if status != None:
logging.error("signing license signature failed")
return None
# read the signed body
try:
signed_body = open(signed_fn, 'r').read()
except IOError:
logging.error("reading signed license failed")
return None
finally:
# make sure to clean up all the temp files
os.system("rm -rf %s" % commands.mkarg(tempdir))
return signed_body
def decryptLicense(self, encrypted_license):
tempdir = E.mktemp(self.working_dir, 'decrypt')
signed_fn = E.joinpaths([tempdir, "license.signed"])
verified_fn = E.joinpaths([tempdir, "license.verified"])
encrypted_fn = E.joinpaths([tempdir, "license.encrypted"])
tgz_fn = E.joinpaths([tempdir, "license.tgz"])
license_fn = E.joinpaths([tempdir, "ent_license.config"])
if not self.checkFiles():
logging.error("decryptor keys don't exist or aren't valid")
return None, None, DECRYPT_SYSTEM_ERROR
try:
# make the temp directory
os.system("rm -rf %s" % commands.mkarg(tempdir))
os.makedirs(tempdir)
# output to a file
try:
open(signed_fn, 'w').write(encrypted_license)
except IOError:
logging.error("writing encrypted license failed")
return None, None, DECRYPT_SYSTEM_ERROR
# verify signature
verify_cmd = ("gpg --no-options --no-default-keyring --no-tty"
" --no-verbose --yes --keyring %s -o %s --decrypt %s") % (
commands.mkarg(self.license_public_keyring),
commands.mkarg(verified_fn),
commands.mkarg(signed_fn))
# When gpg is given a file with no signature it returns successfully;
# so we must check gpg's output
fi, foe = os.popen4(verify_cmd)
fi.close()
gpg_result = foe.read()
foe.close()
if gpg_result.find("Good signature") == -1:
logging.error("verifying license signature failed")
return None, None, DECRYPT_GPG_VERIFY_FAILED
# remove header
verified_body = open(verified_fn, 'r').read()
sep_poi = string.find(verified_body, "\n\n")
if sep_poi < 0:
logging.error("license doesn't have valid header")
return None, None, DECRYPT_BAD_HEADER
# NOTE: At this point, we've read the header, which is a subset of the
# actual license (which we can't see yet, because it's encrypted). If
# we fail past this point, we return the header in place of the license
# because it will look like an invalid license, and allow us to report
# some basic information about the license.
#
header_body = verified_body[0:sep_poi]
# write out the encrypted body
try:
open(encrypted_fn, 'w').write(verified_body[sep_poi+2:])
except IOError:
logging.error("writing encrypted license failed")
return None, header_body, DECRYPT_SYSTEM_ERROR
# decrypt it
decrypt_cmd = "gpg --no-options --no-default-keyring --no-tty --yes --keyring %s --secret-keyring %s -o %s --decrypt %s" % (
commands.mkarg(self.box_public_keyring),
commands.mkarg(self.box_private_keyring),
commands.mkarg(tgz_fn),
commands.mkarg(encrypted_fn))
if os.system(decrypt_cmd) != 0:
logging.error("decrypting license failed")
return None, header_body, DECRYPT_GPG_DECRYPT_FAILED
# untar it (we only ask for the file we want)
untar_cmd = "tar xvzf %s -C %s ent_license.config" % (
commands.mkarg(tgz_fn), tempdir)
if os.system(untar_cmd) != 0:
logging.error("untarring license failed")
return None, header_body, DECRYPT_TAR_FAILED
# read in the decrypted license
try:
license_body = open(license_fn, 'r').read()
except IOError:
logging.error("reading decrypted license failed")
return None, header_body, DECRYPT_SYSTEM_ERROR
finally:
# make sure to clean up all the temp files
os.system("rm -rf %s" % commands.mkarg(tempdir))
return license_body, header_body, DECRYPT_OK
def encryptLicense(self, license, passphrase=None):
tempdir = E.mktemp(self.working_dir, 'encrypt')
# if no passphrase supplied, use the one given in the constructor
if passphrase == None:
passphrase = self.passphrase
# make sure the license is valid (note that this is a fresh license)
if license.isInvalid(fresh_license=1):
logging.error("license is not valid")
return None
if not self.checkFiles():
logging.error("encryptor keys don't exist or aren't valid")
return None
# get the header
header = self.extractHeader(license)
# NOTE: this ent_license.config is important; the old license code expects
# to find this filename. do not change it
license_fn = E.joinpaths([tempdir, "ent_license.config"])
tgz_fn = E.joinpaths([tempdir, "license.tgz"])
encrypted_fn = E.joinpaths([tempdir, "license.encrypted"])
encrypted_w_header_fn = E.joinpaths([tempdir, "license.header"])
signed_fn = E.joinpaths([tempdir, "license.signed"])
try:
# make the temp directory
os.system("rm -rf %s" % commands.mkarg(tempdir))
os.makedirs(tempdir)
# write the raw license body to a file
license_body = {}
license_body.update(license.license)
# overwrite the version number with the current version (just in case)
license_body['ENT_LICENSE_VERSION'] = CURRENT_LICENSE_VERSION
try:
body_str = string.join(
map(lambda (k, v): '%s = %s' % (k, repr(v)),
license_body.items()), '\n')
open(license_fn, 'w').write(str(body_str))
except IOError:
logging.error("writing plain license failed")
return None
# tar the license body
tar_cmd = "tar zvcf %s -C %s %s" % (
commands.mkarg(tgz_fn),
commands.mkarg(os.path.dirname(license_fn)),
commands.mkarg(os.path.basename(license_fn)))
if os.system(tar_cmd) != 0:
logging.error("tarring license failed")
return None
# encrypt it
encrypt_cmd = "gpg --no-options --no-default-keyring --no-secmem-warning --no-tty --yes --default-recipient-self --keyring %s --secret-keyring %s -o %s -se %s" % (
commands.mkarg(self.box_public_keyring),
commands.mkarg(self.box_private_keyring),
commands.mkarg(encrypted_fn), commands.mkarg(tgz_fn))
if os.system(encrypt_cmd) != 0:
logging.error("encrypting license failed")
return None
# write out the header (plus \n\n) to encrypted_w_header_fn
try:
header_str = string.join(
map(lambda (k, v): '%s = %s' % (k, repr(v)),
header.items()), '\n')
header_str = header_str + '\n\n' # end of header
open(encrypted_w_header_fn, 'w').write(header_str)
except IOError:
logging.error("writing license header failed")
return None
# append the encrypted tarred license to encrypted_w_header_fn
cat_cmd = "cat %s >> %s" % (commands.mkarg(encrypted_fn),
commands.mkarg(encrypted_w_header_fn))
if os.system(cat_cmd) != 0:
logging.error("reading encrypted license failed")
return None
# sign encrypted_w_header_fn
sign_cmd = "gpg --no-options --no-default-keyring --no-tty --no-secmem-warning --keyring %s --secret-keyring %s --passphrase-fd 0 --yes -o %s -s %s" % (
commands.mkarg(self.license_public_keyring),
commands.mkarg(
self.license_private_keyring), commands.mkarg(signed_fn),
commands.mkarg(encrypted_w_header_fn))
try:
# use popen so that we can write the passphrase to stdin
sign_fd = os.popen(sign_cmd, 'w')
if passphrase != None:
sign_fd.write(passphrase)
status = sign_fd.close()
except IOError:
status = -1
if status != None:
logging.error("signing license signature failed")
return None
# read the signed body
try:
signed_body = open(signed_fn, 'r').read()
except IOError:
logging.error("reading signed license failed")
return None
finally:
# make sure to clean up all the temp files
os.system("rm -rf %s" % commands.mkarg(tempdir))
return signed_body
def decryptLicense(self, encrypted_license):
tempdir = E.mktemp(self.working_dir, 'decrypt')
signed_fn = E.joinpaths([tempdir, "license.signed"])
verified_fn = E.joinpaths([tempdir, "license.verified"])
encrypted_fn = E.joinpaths([tempdir, "license.encrypted"])
tgz_fn = E.joinpaths([tempdir, "license.tgz"])
license_fn = E.joinpaths([tempdir, "ent_license.config"])
if not self.checkFiles():
logging.error("decryptor keys don't exist or aren't valid")
return None, None, DECRYPT_SYSTEM_ERROR
try:
# make the temp directory
os.system("rm -rf %s" % commands.mkarg(tempdir))
os.makedirs(tempdir)
# output to a file
try:
open(signed_fn, 'w').write(encrypted_license)
except IOError:
logging.error("writing encrypted license failed")
return None, None, DECRYPT_SYSTEM_ERROR
# verify signature
verify_cmd = ("gpg --no-options --no-default-keyring --no-tty"
" --no-verbose --yes --keyring %s -o %s --decrypt %s"
) % (commands.mkarg(self.license_public_keyring),
commands.mkarg(verified_fn),
commands.mkarg(signed_fn))
# When gpg is given a file with no signature it returns successfully;
# so we must check gpg's output
fi, foe = os.popen4(verify_cmd)
fi.close()
gpg_result = foe.read()
foe.close()
if gpg_result.find("Good signature") == -1:
logging.error("verifying license signature failed")
return None, None, DECRYPT_GPG_VERIFY_FAILED
# remove header
verified_body = open(verified_fn, 'r').read()
sep_poi = string.find(verified_body, "\n\n")
if sep_poi < 0:
logging.error("license doesn't have valid header")
return None, None, DECRYPT_BAD_HEADER
# NOTE: At this point, we've read the header, which is a subset of the
# actual license (which we can't see yet, because it's encrypted). If
# we fail past this point, we return the header in place of the license
# because it will look like an invalid license, and allow us to report
# some basic information about the license.
#
header_body = verified_body[0:sep_poi]
# write out the encrypted body
try:
open(encrypted_fn, 'w').write(verified_body[sep_poi + 2:])
except IOError:
logging.error("writing encrypted license failed")
return None, header_body, DECRYPT_SYSTEM_ERROR
# decrypt it
decrypt_cmd = "gpg --no-options --no-default-keyring --no-tty --yes --keyring %s --secret-keyring %s -o %s --decrypt %s" % (
commands.mkarg(self.box_public_keyring),
commands.mkarg(self.box_private_keyring),
commands.mkarg(tgz_fn), commands.mkarg(encrypted_fn))
if os.system(decrypt_cmd) != 0:
logging.error("decrypting license failed")
return None, header_body, DECRYPT_GPG_DECRYPT_FAILED
# untar it (we only ask for the file we want)
untar_cmd = "tar xvzf %s -C %s ent_license.config" % (
commands.mkarg(tgz_fn), tempdir)
if os.system(untar_cmd) != 0:
logging.error("untarring license failed")
return None, header_body, DECRYPT_TAR_FAILED
# read in the decrypted license
try:
license_body = open(license_fn, 'r').read()
except IOError:
logging.error("reading decrypted license failed")
return None, header_body, DECRYPT_SYSTEM_ERROR
finally:
# make sure to clean up all the temp files
os.system("rm -rf %s" % commands.mkarg(tempdir))
return license_body, header_body, DECRYPT_OK
def GetDirList(self):
return [
E.joinpaths(
[self.config.var('CONFIGDIR'), 'queryexpansion', self.name])
]
def GetDirList(self):
return \
[E.joinpaths([self.config.var('CONFIGDIR'), 'collections', self.name])]
def GetDirList(self):
return [E.joinpaths([self.config.var('CONFIGDIR'),
'queryexpansion', self.name])]
def GetDirList(self):
return \
[E.joinpaths([self.config.var('CONFIGDIR'), 'collections', self.name])]
