def __init__(self, url, username, password, debug=False):
"""
Initialize the API connection, log in, and store authentication cookie
"""
self.url = url
# Use the HTTPCookieProcessor as urllib2 does not save cookies by default
self.urlOpener = urllib2.build_opener(urllib2.HTTPCookieProcessor())
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
ssl._https_verify_certificates(enable=False)
ctx2 = ssl._create_unverified_context()
self.urlOpener.add_handler(urllib2.HTTPSHandler(context=ctx))
if debug:
self.urlOpener.add_handler(urllib2.HTTPSHandler(debuglevel=1))
self.reqCount = 1
# Contruct POST params and submit login.
loginParams = urllib.urlencode(
dict(__ac_name=username,
__ac_password=password,
submitted='true',
came_from=url + '/zport/dmd'))
self.urlOpener.open(url + '/zport/acl_users/cookieAuthHelper/login',
loginParams)
def connect_intercept(self):
hostname = ProxyRewrite.get_hostname(self.headers, self.path)
certkey = None
with self.lock:
if ProxyRewrite.use_rewrite_pubkey:
certpath, keysize = ProxyRewrite.rewrite_cert_pubkey(self.certdir, self.certKey, self.issuerCert, self.issuerKey, hostname, 443)
certkey = ("ssl/keys/cert%s.key" % keysize)
else:
certpath = ProxyRewrite.generate_cert(self.certdir, self.certKey, self.issuerCert, self.issuerKey, hostname, 443)
certkey = self.certkey
self.wfile.write("%s %d %s\r\n" % (self.protocol_version, 200, 'Connection Established'))
self.end_headers()
try:
ssl._https_verify_certificates(enable=False)
self.connection = ssl.wrap_socket(self.connection, keyfile=certkey, certfile=certpath, ssl_version=ssl.PROTOCOL_TLSv1_2, server_side=True, do_handshake_on_connect=False, suppress_ragged_eofs=True)
except ssl.SSLError as e:
print("SSLError occurred on %s: %r" % (self.path,e))
try:
ssl._https_verify_certificates(enable=False)
self.connection = ssl.wrap_socket(self.connection, keyfile=certkey, certfile=certpath, ssl_version=ssl.PROTOCOL_TLSv1_2, server_side=True, do_handshake_on_connect=True, suppress_ragged_eofs=True)
except ssl.SSLError as e:
print("SSLError occurred on %s: %r" % (self.path,e))
self.finish()
self.rfile = self.connection.makefile("rb", self.rbufsize)
self.wfile = self.connection.makefile("wb", self.wbufsize)
conntype = self.headers.get('Connection', '')
if self.protocol_version == "HTTP/1.1" and conntype.lower() != 'close':
self.close_connection = 0
else:
self.close_connection = 1
def get_large_file(url, fname, length=64 * 1024, retries=5, overwrite=False):
print("Downloading %s -> %s" % (url, fname))
ssl._https_verify_certificates(True)
for tnum in range(retries):
try:
print("- Try %d: " % (tnum + 1), end='')
req = urlopen(url)
size = long(req.headers.get('content-length', -1))
if not overwrite and os.path.exists(fname) and os.stat(
fname).st_size == size:
print("Skipping becuase existing with size {} B".format(size))
return
with open(fname, 'wb') as fp:
while 1:
chunk = req.read(length)
if not chunk:
break
fp.write(chunk)
print('.', end='')
sys.stdout.flush()
print(' DONE!')
return
except IOError as ierr:
print("WARNING: failed download of %s cause %s" % (fname, ierr))
time.sleep(tnum + 1)
if tnum > 1:
print("WARNING: Disabling SSL certificates verification")
ssl._https_verify_certificates(False)
raise RuntimeError("Failed download of %s after %d tries" %
(fname, retries))
def __init__(self, autoCommit=True):
if hasattr(ssl, '_https_verify_certificates'):
ssl._https_verify_certificates(False)
self.server = xmlrpc.ServerProxy(_settings.url())
self.autoCommit = autoCommit
self.txn_id = None
def download( fname, path, config ):
import wget
import ssl
url= config.get( "General", "url" )+"/"+fname
print "Downloading", url, "into", path
ssl._https_verify_certificates( 0 )
wget.download( url, path )
print
return
def download( fname, config ):
import wget
import ssl
url= config.get( "General", "url" )+"/"+fname
print "Downloading", url
ssl._https_verify_certificates( 0 )
wget.download( url, fname )
print
return
def setUp(self):
super(TestSubprocessRun, self).setUp()
with open('hello.txt', 'w') as f:
f.write('Hello, world!\n')
https_sock, _ = reserve_port_for_ip('127.0.0.1', 9443)
self.https_socks = [https_sock]
ssl._https_verify_certificates(enable=False)
yield test_tls.commit_valid_config()
def handle(self):
dst_ip, dst_port = ProxyRewrite.get_socket_info(self.request)
#if ProxyRewrite.is_courier_push_ip(dst_ip) and dst_port == 443:
# print("APN connection %s:%s" % (dst_ip, dst_port))
# apnproxy = ProxyAPNHandler(dst_ip, dst_port)
# apnproxy.main_loop()
# return
# use transparent mode
if ProxyRewrite.transparent == True and dst_port != 80:
certkey = None
with self.lock:
if ProxyRewrite.use_rewrite_pubkey:
certpath, keysize = ProxyRewrite.rewrite_cert_pubkey(self.certdir, self.certKey, self.issuerCert, self.issuerKey, dst_ip, dst_port)
certkey = ("ssl/keys/cert%s.key" % keysize)
else:
certpath = ProxyRewrite.generate_cert(self.certdir, self.certKey, self.issuerCert, self.issuerKey, dst_ip, dst_port)
certkey = self.certkey
try:
self.connection = ssl.wrap_socket(self.connection, keyfile=certkey, certfile=certpath, ssl_version=ssl.PROTOCOL_TLSv1_2, server_side=True, do_handshake_on_connect=True, suppress_ragged_eofs=True)
except ssl.SSLError as e:
try:
ssl._https_verify_certificates(enable=False)
self.connection = ssl.wrap_socket(self.connection, keyfile=certkey, certfile=certpath, ssl_version=ssl.PROTOCOL_TLSv1_2, server_side=True, do_handshake_on_connect=False, suppress_ragged_eofs=True)
except ssl.SSLError as e:
print("SSLError occurred on %s: %r" % (dst_ip,e))
self.finish()
elif ProxyRewrite.server_address != dst_ip and (dst_port == 443 or dst_port == 993):
print("Handling %s:%s" % (dst_ip, dst_port))
certkey = None
with self.lock:
if ProxyRewrite.use_rewrite_pubkey:
certpath, keysize = ProxyRewrite.rewrite_cert_pubkey(self.certdir, self.certKey, self.issuerCert, self.issuerKey, dst_ip, dst_port)
certkey = ("ssl/keys/cert%s.key" % keysize)
else:
certpath = ProxyRewrite.generate_cert(self.certdir, self.certKey, self.issuerCert, self.issuerKey, dst_ip, dst_port)
certkey = self.certkey
try:
self.connection = ssl.wrap_socket(self.connection, keyfile=certkey, certfile=certpath, ssl_version=ssl.PROTOCOL_TLSv1_2, server_side=True, do_handshake_on_connect=True, suppress_ragged_eofs=True)
except ssl.SSLError as e:
try:
ssl._https_verify_certificates(enable=False)
self.connection = ssl.wrap_socket(self.connection, keyfile=certkey, certfile=certpath, ssl_version=ssl.PROTOCOL_TLSv1_2, server_side=True, do_handshake_on_connect=False, suppress_ragged_eofs=True)
except ssl.SSLError as e:
print("SSLError occurred on %s: %r" % (dst_ip,e))
self.finish()
self.rfile = self.connection.makefile("rb", self.rbufsize)
self.wfile = self.connection.makefile("wb", self.wbufsize)
# """Handle multiple requests if necessary."""
self.close_connection = 1
self.handle_one_request()
while not self.close_connection:
self.handle_one_request()
def httpRequest(url,
payload,
access_token_authorization_bearer=None,
method='POST',
context=ssl._https_verify_certificates(),
headers={'Content-Type': 'application/x-www-form-urlencoded'}):
if access_token_authorization_bearer:
headers[
'Authorization'] = 'Bearer ' + access_token_authorization_bearer
url_parsed = urlparse(url)
conn = httplib.HTTPSConnection(url_parsed.hostname, context=context)
try:
if headers['Content-Type'] == 'application/json':
conn.request(method=method,
url=url_parsed.path,
body=json.dumps(payload),
headers=headers)
else:
conn.request(method=method,
url=url_parsed.path,
body=urllib.urlencode(payload),
headers=headers)
except:
conn.request(method=method,
url=url_parsed.path,
body=payload,
headers=headers)
return conn.getresponse()
def run_http_server(HandlerClass=ProxyRequestHandler, ServerClass=ThreadingHTTPServer, protocol="HTTP/1.1"):
try:
ssl._https_verify_certificates(enable=False)
HandlerClass.protocol_version = protocol
httpd = ServerClass(ProxyRewrite.server_address, HandlerClass)
httpd.allow_reuse_address = True
httpd.request_queue_size = 256
#ProxyRewrite.logger = open("rewrite_%s_%s.log" % (device1, device2), "w")
sa = httpd.socket.getsockname()
print "Serving HTTP Proxy on", sa[0], "port", sa[1], "..."
httpd.serve_forever()
except KeyboardInterrupt:
print '^C received, shutting down proxy'
httpd.socket.close()
def __init__(self, configHolder):
"""Constructor.
All connectors need to call this constructor from their own constructor.
Moreover all connectors need to define their capabilities with the method _set_capabilities().
"""
self.verboseLevel = 0
configHolder.assign(self)
self.configHolder = configHolder
self.run_category = getattr(configHolder, KEY_RUN_CATEGORY, None)
self.max_iaas_workers = None
self.sshPrivKeyFile = '%s/.ssh/id_rsa' % os.path.expanduser("~")
self.sshPubKeyFile = self.sshPrivKeyFile + '.pub'
self.__listener = SimplePrintListener(verbose=(self.verboseLevel > 1))
self.__vms = {}
self.__cloud = os.environ.get(util.ENV_CONNECTOR_INSTANCE)
self.__init_threading_related()
self.tempPrivateKeyFileName = ''
self.tempPublicKey = ''
self.__capabilities = []
self.__already_published = defaultdict(set)
# Ensure that httplib use the "old" default for certificates validation
# since libcloud doesn't work with the new default.
try:
ssl._https_verify_certificates(False)
except:
pass
self._user_info = None
self.cimi_deployment_prototype = False
def __init__(self, configHolder):
"""Constructor.
All connectors need to call this constructor from their own constructor.
Moreover all connectors need to define their capabilities with the method _set_capabilities().
"""
self.verboseLevel = 0
configHolder.assign(self)
self.configHolder = configHolder
self.run_category = getattr(configHolder, KEY_RUN_CATEGORY, None)
self.max_iaas_workers = None
self.sshPrivKeyFile = '%s/.ssh/id_rsa' % os.path.expanduser("~")
self.sshPubKeyFile = self.sshPrivKeyFile + '.pub'
self.__listener = SimplePrintListener(verbose=(self.verboseLevel > 1))
self.__vms = {}
self.__cloud = os.environ.get(util.ENV_CONNECTOR_INSTANCE)
self.__init_threading_related()
self.tempPrivateKeyFileName = ''
self.tempPublicKey = ''
self.__capabilities = []
self.__already_published = defaultdict(set)
# Ensure that httplib use the "old" default for certificates validation
# since libcloud doesn't work with the new default.
try:
ssl._https_verify_certificates(False)
except:
pass
self._user_info = None
self.cimi_deployment_prototype = False
AWS_ACCESS_KEY, AWS_SECRET_KEY = get_s3_keys(config['uid'])
HOST = config['host']
PORT = config['port']
SSL = config['ssl']
URANDOM_BLOCK_SIZE = config['block']
TOTAL_BYTES = config['bytes']
BUCKET_NAME = config['bucket']
NAGIOS_HOST = config['nagios_host']
## Connect to the gateway
# try:
ssl._https_verify_certificates(False)
connection = boto.connect_s3(
aws_access_key_id=AWS_ACCESS_KEY,
aws_secret_access_key=AWS_SECRET_KEY,
host=HOST,
port=PORT,
is_secure=SSL,
calling_format=boto.s3.connection.OrdinaryCallingFormat())
# except:
# report(NAG_CRITICAL,"ERROR: Couldn't connect to gateway {h}:{p}".format(h=HOST, p=PORT))
# raise
try:
bucket = connection.get_bucket(BUCKET_NAME)
except:
report(NAG_CRITICAL,
print 'Content-type: text/plain'
print 'Status: 200 OK'
print ''
#print 'Got it'
#print args
if os.environ['REQUEST_METHOD'] != 'POST':
exit()
body = sys.stdin.read()
if body != '':
with open('/tmp/body.json', 'w') as f:
f.write(body)
ssl._https_verify_certificates(enable=False)
def fetch_new_access_token(creds):
url = "https://api.fitbit.com/oauth2/token"
headers = {"Authorization": "Basic " + creds['basic_auth']}
print 'Requesting: ' + url
req = urllib2.Request(url,
headers=headers,
data=urllib.urlencode({
'grant_type':
'refresh_token',
'refresh_token':
creds['refresh_token']
}))
response = urllib2.urlopen(req)
#!/usr/bin/python
import urllib2
from datetime import datetime
from dateutil import tz
import os
import ssl
lines = urllib2.urlopen(
"https://developer.yahoo.com/util/timeservice/V1/getTime.html",
context=ssl._https_verify_certificates(False)).readlines()
dateline = lines[-1]
#print dateline
#parse the date from the response:
from_zone = dateline.split()[6]
year = dateline.split()[7]
month = dateline.split()[3]
day = dateline.split()[4]
time = dateline.split()[5]
hours = time.split(':')[0]
mins = time.split(':')[1]
secs = time.split(':')[2]
#print "%s %s %s - %s:%s:%s" % (day,month,year,hours,mins,secs)
# pass the tzinfo option:
# https://docs.python.org/3/library/datetime.html
# https://docs.python.org/3/library/datetime.html#datetime.tzinfo
date = datetime.strptime(
year + " " + month + " " + day + " " + hours + ":" + mins + ":" + secs,
def on_accept(self):
clientsock, clientaddr = self.server.accept()
dst_ip, dst_port = ProxyRewrite.get_socket_info(clientsock)
certkey = None
self.forward = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if ProxyRewrite.apnproxyssl:
print("SSL Enabled for APN")
with self.lock:
if ProxyRewrite.use_rewrite_pubkey:
certpath, keysize = ProxyRewrite.rewrite_cert_pubkey(
self.certdir, self.certKey, self.issuerCert,
self.issuerKey, dst_ip, dst_port)
certkey = ("ssl/keys/cert%s.key" % keysize)
else:
certpath = ProxyRewrite.generate_cert(
self.certdir, self.certKey, self.issuerCert,
self.issuerKey, dst_ip, dst_port)
certkey = self.certkey
ssl._https_verify_certificates(enable=False)
clientsock = ssl.wrap_socket(clientsock,
keyfile=certkey,
certfile=certpath,
server_side=True,
do_handshake_on_connect=True)
filename = ProxyRewrite.log_filename("apn_client.pem")
if os.path.isfile(filename):
st_cert = open(filename, 'rt').read()
cert = crypto.load_certificate(crypto.FILETYPE_PEM, st_cert)
print(cert.get_subject())
#self.forward = ssl.wrap_socket(self.forward, ca_certs="server_certs/courier.push.apple.com.crt", cert_reqs=ssl.CERT_REQUIRED)
#ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
#ssl_context.load_cert_chain(certfile=certpath, keyfile=certkey)
#ssl_context.set_alpn_protocols(["apns-security-v2"])
#self.forward = ssl_context.wrap_socket(self.forward)
try:
self.forward.connect((dst_ip, dst_port))
except Exception as e:
print("Exception: %r", e)
print e
self.forward = None
if self.forward:
print clientaddr, "has connected"
#ssl._https_verify_certificates(enable=False)
#self.forward = ssl.wrap_socket(self.forward, do_handshake_on_connect=False)
#self.forward = ssl.wrap_socket(self.forward, ca_certs=certpath, do_handshake_on_connect=False)
#clientsock.do_handshake()
#self.forward.do_handshake()
# now do a wrap_socket on the forwarding port
self.input_list.append(clientsock)
self.input_list.append(self.forward)
self.channel[clientsock] = self.forward
self.channel[self.forward] = clientsock
else:
print "Can't establish connection with remote server.",
print "Closing connection with client side", clientaddr
clientsock.close()
data[entry['bucket']] = {'status': 'online', 'status_message': 'Report for space on RAL OS', 'list_of_paths': [PATHS], 'total_space': QUOTA, 'used_space': USAGE, 'num_files': FILES, 'time_stamp': time()}
# Write the output to a .json file
tmpFile = '/tmp/space-usage.json'
with open(tmpFile, 'w') as outfile:
json.dump(data, outfile)
# Run the Radosgw-admin command to retrieve the quota S3 credentials to upload json file to bucket.
cmd = ['radosgw-admin', 'user', 'info', '--uid', USER]
p = subprocess.Popen(cmd, stdout=subprocess.PIPE)
ui = p.communicate()[0]
uid = json.loads(ui)
S3_ACCESS_KEY = uid['keys'][0]['access_key']
S3_SECRET_KEY = uid['keys'][0]['secret_key']
ssl._https_verify_certificates(False)
conn = boto.connect_s3(
aws_access_key_id = S3_ACCESS_KEY,
aws_secret_access_key = S3_SECRET_KEY,
host = HOST,
port = PORT,
is_secure=SSL,
calling_format = boto.s3.connection.OrdinaryCallingFormat(),
)
b = conn.get_bucket(JSONDST)
k = Key(b)
k.key = 'space-usage.json'
k.set_contents_from_filename(tmpFile)
