def run(self): try: ssl = SSLDomain(SSLDomain.MODE_CLIENT) ssl.set_credentials(str(self.options.accountPublicKey), str(self.options.accountPrivateKey), str("")) ssl.set_trusted_ca_db(str(self.options.brokerPublicKey)) ssl.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME, trusted_CAs=str( self.options.brokerPublicKey)) connection = BlockingConnection(self.address, ssl_domain=ssl, heartbeat=60000) receiver = connection.create_receiver(self.broadcast_address, credit=self.capacity) while True: received_message = None try: received_message = receiver.receive( timeout=self.options.timeout) except Timeout, e: print("-I- No message received for ", self.options.timeout, " seconds") break self.message_counter += 1 print("-I- Received broadcast message: " + received_message.body) receiver.accept() print("-I- " + str(self.message_counter) + " messages received") connection.close()
def __init__(self, router_host, router_port, cert_dir): self.router_host = router_host self.router_port = router_port self.cert_dir = cert_dir ssl_domain = None allowed_mechs = [] sasl_enabled = False if self.cert_dir != None: ssl_domain = SSLDomain(SSLDomain.MODE_CLIENT) ssl_domain.set_trusted_ca_db( str(os.path.join(self.cert_dir, 'ca.crt'))) ssl_domain.set_credentials( str(os.path.join(self.cert_dir, "tls.crt")), str(os.path.join(self.cert_dir, "tls.key")), None) ssl_domain.set_peer_authentication(SSLDomain.VERIFY_PEER) allowed_mechs = str("EXTERNAL") sasl_enabled = True self.client = SyncRequestResponse( BlockingConnection("amqps://" + self.router_host + ":" + str(self.router_port), 30, None, ssl_domain, allowed_mechs=allowed_mechs, sasl_enabled=sasl_enabled), "$management")
def run(self): try: ssl = SSLDomain(SSLDomain.MODE_CLIENT) ssl.set_credentials(str(self.options.accountPublicKey), str(self.options.accountPrivateKey), str("")) ssl.set_trusted_ca_db(str(self.options.brokerPublicKey)) ssl.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME, trusted_CAs=str(self.options.brokerPublicKey)) connection = BlockingConnection(self.address, ssl_domain=ssl, heartbeat=60000) receiver = connection.create_receiver(self.broadcast_address, credit=self.capacity) while True: received_message = None try: received_message = receiver.receive(timeout=self.options.timeout) except Timeout, e: print("-I- No message received for ", self.options.timeout, " seconds") break self.message_counter += 1 print("-I- Received broadcast message: " + received_message.body) receiver.accept() print("-I- " + str(self.message_counter) + " messages received") connection.close()
def opts_ssl_domain(opts, mode=SSLDomain.MODE_CLIENT): """Return proton.SSLDomain from command line options or None if no SSL options specified. @param opts: Parsed optoins including connection_options() """ certificate, key, trustfile, password, password_file, ssl_disable_peer_name_verify = opts.ssl_certificate,\ opts.ssl_key,\ opts.ssl_trustfile,\ opts.ssl_password,\ opts.ssl_password_file, \ opts.ssl_disable_peer_name_verify if not (certificate or trustfile): return None if password_file: password = get_password(password_file) domain = SSLDomain(mode) if trustfile: domain.set_trusted_ca_db(str(trustfile)) if ssl_disable_peer_name_verify: domain.set_peer_authentication(SSLDomain.VERIFY_PEER, str(trustfile)) else: domain.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME, str(trustfile)) if certificate: domain.set_credentials(str(certificate), str(key), str(password)) return domain
def opts_ssl_domain(opts, mode=SSLDomain.MODE_CLIENT): """Return proton.SSLDomain from command line options or None if no SSL options specified. @param opts: Parsed optoins including connection_options() """ certificate, key, trustfile, password, password_file, ssl_disable_peer_name_verify = opts.ssl_certificate,\ opts.ssl_key,\ opts.ssl_trustfile,\ opts.ssl_password,\ opts.ssl_password_file, \ opts.ssl_disable_peer_name_verify if not (certificate or trustfile): return None if password_file: password = get_password(password_file) domain = SSLDomain(mode) if trustfile: domain.set_trusted_ca_db(str(trustfile)) if ssl_disable_peer_name_verify: domain.set_peer_authentication(SSLDomain.VERIFY_PEER, str(trustfile)) else: domain.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME, str(trustfile)) if certificate: domain.set_credentials(str(certificate), str(key), str(password)) return domain
def on_start(self, event): self.container = event.container ssl = SSLDomain(SSLDomain.MODE_CLIENT) ssl.set_credentials(str(self.options.accountPublicKey), str(self.options.accountPrivateKey), str("")) ssl.set_trusted_ca_db(str(self.options.brokerPublicKey)) ssl.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME, trusted_CAs=str(self.options.brokerPublicKey)) conn = event.container.connect(self.address, ssl_domain=ssl, heartbeat=60000, allowed_mechs=str("EXTERNAL")) event.container.create_receiver(conn, self.broadcast_address)
def opts_ssl_domain(opts, mode=SSLDomain.MODE_CLIENT): """Return proton.SSLDomain from command line options or None if no SSL options specified. @param opts: Parsed optoins including connection_options() """ certificate, key, trustfile, password = opts.ssl_certificate, opts.ssl_key, opts.ssl_trustfile, opts.ssl_password if not (certificate or trustfile): return None domain = SSLDomain(mode) if trustfile: domain.set_trusted_ca_db(trustfile) domain.set_peer_authentication(SSLDomain.VERIFY_PEER, trustfile) if certificate: domain.set_credentials(certificate, key, password) return domain
def opts_ssl_domain(opts, mode=SSLDomain.MODE_CLIENT): """Return proton.SSLDomain from command line options or None if no SSL options specified. @param opts: Parsed optoins including connection_options() """ certificate, key, trustfile, password = opts.ssl_certificate, opts.ssl_key, opts.ssl_trustfile, opts.ssl_password if not (certificate or trustfile): return None domain = SSLDomain(mode) if trustfile: domain.set_trusted_ca_db(trustfile) domain.set_peer_authentication(SSLDomain.VERIFY_PEER, trustfile) if certificate: domain.set_credentials(certificate, key, password) return domain
def on_start(self, event): self.container = event.container ssl = SSLDomain(SSLDomain.MODE_CLIENT) ssl.set_credentials(str(self.options.accountPublicKey), str(self.options.accountPrivateKey), str("")) ssl.set_trusted_ca_db(str(self.options.brokerPublicKey)) ssl.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME, trusted_CAs=str( self.options.brokerPublicKey)) conn = event.container.connect(self.address, ssl_domain=ssl, heartbeat=60000, allowed_mechs=str("EXTERNAL")) event.container.create_receiver(conn, self.broadcast_address)
def on_start(self, event): self.log.debug('Container starting') event.container.connected = False if self.conf.has_option('broker', 'cert') and self.conf.has_option('broker', 'cacert'): ssl = SSLDomain(SSLDomain.MODE_CLIENT) cert = self.conf.get('broker', 'cert') ssl.set_credentials(cert, cert, None) ssl.set_trusted_ca_db(self.conf.get('broker', 'cacert')) ssl.set_peer_authentication(SSLDomain.VERIFY_PEER) else: ssl = None self.log.debug('connecting to %s', self.url) event.container.connect(url=self.url, reconnect=False, ssl_domain=ssl) connect_timeout = self.conf.getint('broker', 'connect_timeout') self.connect_task = event.container.schedule(connect_timeout, self) send_timeout = self.conf.getint('broker', 'send_timeout') self.timeout_task = event.container.schedule(send_timeout, self)
def on_start(self, event): log.debug('Container starting') event.container.connected = False event.container.error_msgs = [] if 'cert' in self.conf and 'key' in self.conf and 'cacert' in self.conf: ssl = SSLDomain(SSLDomain.MODE_CLIENT) ssl.set_credentials(self.conf['cert'], self.conf['key'], None) ssl.set_trusted_ca_db(self.conf['cacert']) ssl.set_peer_authentication(SSLDomain.VERIFY_PEER) else: ssl = None log.debug('connecting to %s', self.url) event.container.connect(url=self.url, reconnect=False, ssl_domain=ssl) connect_timeout = self.conf['connect_timeout'] self.connect_task = event.container.schedule(connect_timeout, self) send_timeout = self.conf['send_timeout'] self.timeout_task = event.container.schedule(send_timeout, self)
def on_start(self, event): self.log.debug('Container starting') event.container.connected = False if self.conf.has_option('broker', 'cert') and self.conf.has_option('broker', 'cacert'): ssl = SSLDomain(SSLDomain.MODE_CLIENT) cert = self.conf.get('broker', 'cert') ssl.set_credentials(cert, cert, None) ssl.set_trusted_ca_db(self.conf.get('broker', 'cacert')) ssl.set_peer_authentication(SSLDomain.VERIFY_PEER) else: ssl = None self.log.debug('connecting to %s', self.url) event.container.connect(url=self.url, reconnect=False, ssl_domain=ssl) connect_timeout = self.conf.getint('broker', 'connect_timeout') self.connect_task = event.container.schedule(connect_timeout, self) send_timeout = self.conf.getint('broker', 'send_timeout') self.timeout_task = event.container.schedule(send_timeout, self)
def create_ssl_domain(self, ssl_options_dict, mode=SSLDomain.MODE_CLIENT): """Return proton.SSLDomain from command line options or None if no SSL options specified. @param opts: Parsed optoins including connection_options() """ certificate, key, trustfile, password = ssl_options_dict.get('ssl-certificate'), \ ssl_options_dict.get('ssl-key'), \ ssl_options_dict.get('ssl-trustfile'), \ ssl_options_dict.get('ssl-password') if not (certificate or trustfile): return None domain = SSLDomain(mode) if trustfile: domain.set_trusted_ca_db(str(trustfile)) domain.set_peer_authentication(SSLDomain.VERIFY_PEER, str(trustfile)) if certificate: domain.set_credentials(str(certificate), str(key), str(password)) return domain
def create_ssl_domain(self, ssl_options_dict, mode=SSLDomain.MODE_CLIENT): """Return proton.SSLDomain from command line options or None if no SSL options specified. @param opts: Parsed optoins including connection_options() """ certificate, key, trustfile, password = ssl_options_dict.get('ssl-certificate'), \ ssl_options_dict.get('ssl-key'), \ ssl_options_dict.get('ssl-trustfile'), \ ssl_options_dict.get('ssl-password') if not (certificate or trustfile): return None domain = SSLDomain(mode) if trustfile: domain.set_trusted_ca_db(str(trustfile)) domain.set_peer_authentication(SSLDomain.VERIFY_PEER, str(trustfile)) if certificate: domain.set_credentials(str(certificate), str(key), str(password)) return domain
class AMQConsumer(object): def __init__(self, urls, certificate=None, private_key=None, trusted_certificates=None): self.urls = urls self.ssl_domain = SSLDomain(SSLDomain.MODE_CLIENT) self.ssl_domain.set_credentials(certificate, private_key, None) self.ssl_domain.set_trusted_ca_db(trusted_certificates) self.ssl_domain.set_peer_authentication(SSLDomain.VERIFY_PEER) def consume(self, address, callback, data=None, selector=None, auto_accept=True, subscription_name=None): """Start to consume messages :param str address: refer to ``ReceiverHandler.__init__``. :param callable callback: refer to ``ReceiverHandler.__init__``. :param data: refer to ``ReceiverHandler.__init__``. :param str selector: refer to ``ReceiverHandler.__init__``. :param bool auto_accept: whether to accept message automatically. Defaults to ``True``, that is to use default behaivor of ``proton.MessagingHandler``. Otherwise, received message will be accepted according to return value from ``callback``. For detailed information, refer to ``ReceiverHandler.on_message``. :param str subscription_name: name to use to identify the durable subscription. It will also be used as the client ID. If it is None, the subscription will be non-durable, and the client ID will be random. :return: the return value of ``callback`` once a message is handled. Or, the value returned when the last time ``callback`` is called. """ handler = ReceiverHandler(self.urls, address, callback, data=data, selector=selector, ssl_domain=self.ssl_domain, auto_accept=auto_accept, subscription_name=subscription_name) Container(handler).run() return handler.result
def run(self): try: ssl = SSLDomain(SSLDomain.MODE_CLIENT) ssl.set_credentials(str(self.options.accountPublicKey), str(self.options.accountPrivateKey), str("")) ssl.set_trusted_ca_db(str(self.options.brokerPublicKey)) ssl.set_peer_authentication(SSLDomain.VERIFY_PEER_NAME, trusted_CAs=str(self.options.brokerPublicKey)) connection = BlockingConnection(self.address, ssl_domain=ssl, heartbeat=60000) receiver = connection.create_receiver(self.response_address) sender = connection.create_sender(self.request_address) message = Message(body="<FIXML>...</FIXML>", reply_to=self.reply_adress) print("-I- Sending request message: " + message.body) sender.send(message); try: received_message = receiver.receive(timeout=self.options.timeout) print("-I- Received response message: " + received_message.body) self.message_counter += 1 receiver.accept() except Timeout, e: print("-I- No message received for ", self.options.timeout, " seconds") connection.close()
def ssl_domain(connector): """ Get the ssl domain using the broker settings. :param connector: A broker. :type connector: Connector :return: The populated domain. :rtype: SSLDomain :raise: SSLException :raise: ValueError """ domain = None if connector.use_ssl(): connector.ssl.validate() domain = SSLDomain(SSLDomain.MODE_CLIENT) domain.set_trusted_ca_db(connector.ssl.ca_certificate) domain.set_credentials( connector.ssl.client_certificate, connector.ssl.client_key or connector.ssl.client_certificate, None) if connector.ssl.host_validation: mode = SSLDomain.VERIFY_PEER_NAME else: mode = SSLDomain.VERIFY_PEER domain.set_peer_authentication(mode) return domain
def ssl_domain(connector): """ Get the ssl domain using the broker settings. :param connector: A broker. :type connector: Connector :return: The populated domain. :rtype: SSLDomain :raise: SSLException :raise: ValueError """ domain = None if connector.use_ssl(): connector.ssl.validate() domain = SSLDomain(SSLDomain.MODE_CLIENT) domain.set_trusted_ca_db(connector.ssl.ca_certificate) domain.set_credentials( connector.ssl.client_certificate, connector.ssl.client_key or connector.ssl.client_certificate, None) if connector.ssl.host_validation: mode = SSLDomain.VERIFY_PEER_NAME else: mode = SSLDomain.VERIFY_PEER domain.set_peer_authentication(mode) return domain
class RouterCollector(object): def __init__(self, router_host, router_port, cert_dir): self.router_host = router_host self.router_port = router_port self.cert_dir = cert_dir self.ssl_domain = None self.allowed_mechs = [] self.sasl_enabled = False if self.cert_dir != None: self.ssl_domain = SSLDomain(SSLDomain.MODE_CLIENT) self.ssl_domain.set_trusted_ca_db( str(os.path.join(self.cert_dir, 'ca.crt'))) self.ssl_domain.set_credentials( str(os.path.join(self.cert_dir, "tls.crt")), str(os.path.join(self.cert_dir, "tls.key")), None) self.ssl_domain.set_peer_authentication(SSLDomain.VERIFY_PEER) self.allowed_mechs = str("EXTERNAL") self.sasl_enabled = True def create_collector_map(self): metrics = [ MetricCollector('connectionCount', 'Number of connections to router', ['container']), MetricCollector('connectionCount', 'Total number of connections to router', ['routerId'], id="totalConnectionCount"), MetricCollector('linkCount', 'Number of links to router', ['address']), MetricCollector('linkCount', 'Number of consumers to router', ['address'], id="consumerCount", filter={"linkDir": "out"}), MetricCollector('linkCount', 'Number of producers to router', ['address'], id="producerCount", filter={"linkDir": "in"}), MetricCollector('linkCount', 'Total number of links to router', ['routerId'], id="totalLinkCount"), MetricCollector('addrCount', 'Number of addresses defined in router', ['routerId']), MetricCollector('autoLinkCount', 'Number of auto links defined in router', ['routerId']), MetricCollector('linkRouteCount', 'Number of link routers defined in router', ['routerId']), MetricCollector('unsettledCount', 'Number of unsettled messages', ['address']), MetricCollector('deliveryCount', 'Number of delivered messages', ['address'], "COUNTER"), MetricCollector('releasedCount', 'Number of released messages', ['address'], "COUNTER"), MetricCollector('rejectedCount', 'Number of rejected messages', ['address'], "COUNTER"), MetricCollector('acceptedCount', 'Number of accepted messages', ['address'], "COUNTER"), MetricCollector('undeliveredCount', 'Number of undelivered messages', ['address']), MetricCollector('capacity', 'Capacity of link', ['address']) ] m = {} for metric in metrics: m[metric.id] = metric return m def create_entity_map(self, collector_map): return { self.get_router: [ collector_map['totalConnectionCount'], collector_map['totalLinkCount'], collector_map['addrCount'], collector_map['autoLinkCount'], collector_map['linkRouteCount'] ], self.get_connections: [collector_map['connectionCount']], self.get_links: [ collector_map['linkCount'], collector_map['unsettledCount'], collector_map['deliveryCount'], collector_map['releasedCount'], collector_map['rejectedCount'], collector_map['acceptedCount'], collector_map['undeliveredCount'], collector_map['capacity'], collector_map['consumerCount'], collector_map['producerCount'] ] } def get_router(self, client): return self.collect_metric('org.apache.qpid.dispatch.router', client) def get_links(self, client): links = self.collect_metric('org.apache.qpid.dispatch.router.link', client) if links == None: return links connections = self.get_connections(client) if connections == None: return connections links.add_field_from("address", "owningAddr", clean_address) links.add_field("linkCount", 1) links.add_field_from( "container", "connectionId", lambda connection_id: get_container_from_connections( connection_id, connections)) return links def get_connections(self, client): response = self.collect_metric('org.apache.qpid.dispatch.connection', client) if response == None: return response response.add_field("connectionCount", 1) return response def collect(self): collector_map = self.create_collector_map() fetcher_map = self.create_entity_map(collector_map) connection = None print("Collecting metrics") try: connection = BlockingConnection("amqps://" + self.router_host + ":" + str(self.router_port), 30, None, self.ssl_domain, allowed_mechs=self.allowed_mechs, sasl_enabled=self.sasl_enabled, container_id="router-metrics") client = SyncRequestResponse(connection, "$management") for fetcher in fetcher_map: response = fetcher(client) if response != None: for collector in fetcher_map[fetcher]: for entity in response.get_results(): if response.contains(entity, collector.filter): labels = [] for l in collector.labels: label_idx = response.get_index(l) if label_idx != None and entity[ label_idx] != None: labels.append(entity[label_idx]) else: labels.append("") value = entity[response.get_index( collector.name)] collector.add(labels, int(value)) finally: if connection != None: connection.close() for collector in collector_map.itervalues(): yield collector.metric() def collect_metric(self, entityType, client): result = None try: properties = {} properties["entityType"] = entityType properties["operation"] = "QUERY" properties["name"] = "self" message = Message(body=None, properties=properties) response = client.call(message) if response != None: result = RouterResponse(response) except NameError as e: print("Error querying router for metrics: %s" % e) return result
parser.add_option("-a", "--address", default="amqps://127.0.0.1:5672", help="address to which messages are sent (default %default)") parser.add_option("-m", "--messages", type="int", default=100, help="number of messages to send (default %default)") parser.add_option("-t", "--ssl-trustfile", default="/home/gmurthy/opensource/dispatch/tests/config-2/ca-certificate.pem", help="The trust file") parser.add_option("-c", "--ssl-certificate", default="/home/gmurthy/opensource/dispatch/tests/config-2/client-certificate.pem", help="The cert file") parser.add_option("-k", "--ssl-key", default="/home/gmurthy/opensource/dispatch/tests/config-2/client-private-key.pem", help="The trust key") parser.add_option("-p", "--ssl-password", default="client-password", help="The trust file") opts, args = parser.parse_args() try: ssl_domain = SSLDomain(SSLDomain.MODE_CLIENT) ssl_domain.set_trusted_ca_db(str(opts.ssl_trustfile)) ssl_domain.set_peer_authentication(SSLDomain.VERIFY_PEER, str(opts.ssl_trustfile)) # for client authentication and private key password protected #ssl_domain.set_credentials(str(opts.ssl_certificate), str(opts.ssl_key), str(opts.ssl_password)) # for client authentication and private key NOT password protected #ssl_domain.set_credentials(str(opts.ssl_certificate), str(opts.ssl_key), None) Container(Send(opts.address, opts.messages, ssl_domain=ssl_domain)).run() except KeyboardInterrupt: pass