def standalone(): if len(sys.argv) != 2: print USAGE return csv_filename = sys.argv[1] csv_filename_prefix = string.replace(csv_filename, ".csv", "") output_filename = "%s_prepared.csv" % (csv_filename_prefix) print "Preparing %s for bulk provisioning..." % (csv_filename) try: with open(csv_filename, 'rb') as csv_file, \ open(output_filename, 'w') as output_file: reader = csv.reader(csv_file) for row in reader: if len(row) >= 4: [public_id, private_id, realm, password] = row[0:4] # Hash and then encrypt the password. hash = utils.md5("%s:%s:%s" % (private_id, realm, password)) encrypted_hash = utils.encrypt_password( hash, settings.PASSWORD_ENCRYPTION_KEY) output_file.write("%s,%s,%s,%s,%s\n" % (public_id, private_id, encrypted_hash, SIMSERVS, INITIAL_FILTER_CRITERIA)) else: print 'Error: row "%s" contains <4 entries - ignoring' print "Bulk provisioning input created" print "- BulkProvision %s homer" % (output_filename) print "- BulkProvision %s homestead" % (output_filename) except IOError as e: print "Failed to read/write to %s:" % (e.filename, ) traceback.print_exc()
def standalone(): if len(sys.argv) != 2: print USAGE return csv_filename = sys.argv[1] csv_filename_prefix = string.replace(csv_filename, ".csv", "") output_filename = "%s_prepared.csv" % (csv_filename_prefix) print "Preparing %s for bulk provisioning..." % (csv_filename) try: with open(csv_filename, 'rb') as csv_file, \ open(output_filename, 'w') as output_file: reader = csv.reader(csv_file) for row in reader: if len(row) >= 4: [public_id, private_id, realm, password] = row[0:4] # Hash and then encrypt the password. hash = utils.md5("%s:%s:%s" % (private_id, realm, password)) encrypted_hash = utils.encrypt_password(hash, settings.PASSWORD_ENCRYPTION_KEY) output_file.write("%s,%s,%s,%s,%s\n" % (public_id, private_id, encrypted_hash, SIMSERVS, INITIAL_FILTER_CRITERIA)) else: print 'Error: row "%s" contains <4 entries - ignoring' print "Bulk provisioning input created" print "- BulkProvision %s homer" % (output_filename) print "- BulkProvision %s homestead" % (output_filename) except IOError as e: print "Failed to read/write to %s:" % (e.filename,) traceback.print_exc();
def test_encrypt_password(self): a = encrypt_password(u"foo", "bar") b = encrypt_password(u"foo", "bar") self.assertTrue(b[0] == a[0] == 'b') self.assertNotEqual(a, b) self.assertNotEqual(a, "foo") ad = decrypt_password(unicode(a), "bar") bd = decrypt_password(b, "bar") self.assertEquals(ad, u"foo") self.assertEquals(bd, u"foo") try: bdw = decrypt_password(b, "bar2") except: # May fail to decode the unicode. pass else: self.assertNotEqual(bdw, "foo")
def put(self, private_id): response = {} pw_hash = self.request_data.get("digest", None) encrypted_hash = utils.encrypt_password(pw_hash, settings.PASSWORD_ENCRYPTION_KEY) yield self.cass.insert(column_family=self.table, key=private_id, column=self.column, value=encrypted_hash) self.finish(response)
class AssociatedCredentialsHandler(AssociatedURIsHandler): """ Handler for getting Credentials, & confirming associated public ID. """ @defer.inlineCallbacks def get(self, private_id, public_id): try: exists = False db_data = yield self.ha_get_slice(key=private_id, column_family=config.PUBLIC_IDS_TABLE, start=public_id, finish=public_id) for column in db_data: if column.column.name == public_id: exists = True if not exists: raise NotFoundException() encrypted_hash = yield self.ha_get(column_family=self.table, key=private_id, column=self.column) digest = utils.decrypt_password(encrypted_hash.column.value, settings.PASSWORD_ENCRYPTION_KEY) except NotFoundException, e: if not settings.HSS_ENABLED: raise HTTPError(httplib.NOT_FOUND) # Either the digest or the association doesn't exist in the DB, attempt an # import from the HSS try: digest = yield self.application.hss_gateway.get_digest(private_id, public_id) public_ids = yield self.application.hss_gateway.get_public_ids(private_id, public_id) except HSSNotFound, e: raise HTTPError(httplib.NOT_FOUND) # Have result from HSS, store in Cassandra encrypted_hash = utils.encrypt_password(digest, settings.PASSWORD_ENCRYPTION_KEY) _log.info("Got digest from HSS") yield self.cass.insert(column_family=self.table, key=private_id, column=self.column, value=encrypted_hash) _log.info("Got associated public identities from HSS: %s" % public_ids) for p in public_ids: yield self.insert_in_both_tables(private_id, p)
def standalone(): if len(sys.argv) != 2: print USAGE return csv_filename = sys.argv[1] csv_filename_prefix = string.replace(csv_filename, ".csv", "") homestead_filename = "%s.create_homestead.sh" % (csv_filename_prefix, ) homestead_casscli_filename = "%s.create_homestead.casscli" % ( csv_filename_prefix, ) xdm_filename = "%s.create_xdm.sh" % (csv_filename_prefix, ) xdm_cqlsh_filename = "%s.create_xdm.cqlsh" % (csv_filename_prefix, ) print "Generating bulk provisioning scripts for users in %s..." % ( csv_filename, ) try: with open(csv_filename, 'rb') as csv_file, \ open(homestead_filename, 'w') as homestead_file, \ open(homestead_casscli_filename, 'w') as homestead_casscli_file, \ open(xdm_filename, 'w') as xdm_file, \ open(xdm_cqlsh_filename, 'w') as xdm_cqlsh_file: # Write Homestead/CQL header homestead_file.write("#!/bin/bash\n") homestead_file.write( "# Homestead bulk provisioning script for users in %s\n" % (csv_filename, )) homestead_file.write( "# Run this script on any node in your Homestead deployment to create the users\n" ) homestead_file.write( "# The %s file must also be present on this system\n" % (homestead_casscli_filename, )) homestead_file.write( "# You must also run %s on any node in your Homer deployment\n" % (xdm_filename, )) homestead_file.write("\n") homestead_file.write( "[ -f %s ] || echo \"The %s file must be present on this system.\"\n" % (homestead_casscli_filename, homestead_casscli_filename)) homestead_file.write("cassandra-cli -B -f %s\n" % (homestead_casscli_filename, )) homestead_casscli_file.write("USE homestead;\n") # Write Homer/CQL header xdm_file.write("#!/bin/bash\n") xdm_file.write( "# Homer bulk provisioning script for users in %s\n" % (csv_filename, )) xdm_file.write( "# Run this script on any node in your Homer deployment to create the users\n" ) xdm_file.write( "# The %s file must also be present on this system\n" % (xdm_cqlsh_filename, )) xdm_file.write( "# You must also run %s on any node in your Homestead deployment\n" % (homestead_filename, )) xdm_file.write("\n") xdm_file.write( "[ -f %s ] || echo \"The %s file must be present on this system.\"\n" % (xdm_cqlsh_filename, xdm_cqlsh_filename)) xdm_file.write("cqlsh -3 -f %s\n" % (xdm_cqlsh_filename, )) xdm_cqlsh_file.write("USE homer;\n") reader = csv.reader(csv_file) for row in reader: if len(row) >= 4: [public_id, private_id, realm, password] = row[0:4] # Hash and then encrypt the password. hash = utils.md5("%s:%s:%s" % (private_id, realm, password)) encrypted_hash = utils.encrypt_password( hash, settings.PASSWORD_ENCRYPTION_KEY) # Add the user to the SIP digest, associated IDs and filter criteria tables on Homestead. homestead_casscli_file.write( "SET sip_digests['%s']['private_id'] = '%s';\n" % (private_id, private_id)) homestead_casscli_file.write( "SET sip_digests['%s']['digest'] = '%s';\n" % (private_id, encrypted_hash)) homestead_casscli_file.write( "SET public_ids['%s']['%s'] = '%s';\n" % (private_id, public_id, public_id)) homestead_casscli_file.write( "SET private_ids['%s']['%s'] = '%s';\n" % (public_id, private_id, private_id)) homestead_casscli_file.write( "SET filter_criteria['%s']['public_id'] = '%s';\n" % (public_id, public_id)) homestead_casscli_file.write( "SET filter_criteria['%s']['value'] = '%s';\n" % (public_id, INITIAL_FILTER_CRITERIA)) # Add the simservs document for the user to the documents table on Homer xdm_cqlsh_file.write( "INSERT INTO simservs (user, value) VALUES ('%s', '%s');\n" % (public_id, SIMSERVS)) else: print 'Error: row "%s" contains <4 entries - ignoring' print "Generated bulk provisioning scripts written to" print "- %-46s - run this script on Homestead" % (homestead_filename, ) print "- %-46s - copy this file onto Homestead" % ( homestead_casscli_filename, ) print "- %-46s - run this script on Homer" % (xdm_filename, ) print "- %-46s - copy this file onto Homer" % (xdm_cqlsh_filename, ) except IOError as e: print "Failed to read/write to %s:" % (e.filename, ) traceback.print_exc()
def standalone(): if len(sys.argv) != 2: print USAGE return csv_filename = sys.argv[1] csv_filename_prefix = string.replace(csv_filename, ".csv", "") homestead_filename = "%s.create_homestead.sh" % (csv_filename_prefix,) homestead_cqlsh_filename = "%s.create_homestead.cqlsh" % (csv_filename_prefix,) xdm_filename = "%s.create_xdm.sh" % (csv_filename_prefix,) xdm_cqlsh_filename = "%s.create_xdm.cqlsh" % (csv_filename_prefix,) print "Generating bulk provisioning scripts for users in %s..." % (csv_filename,) try: with open(csv_filename, 'rb') as csv_file, \ open(homestead_filename, 'w') as homestead_file, \ open(homestead_cqlsh_filename, 'w') as homestead_cqlsh_file, \ open(xdm_filename, 'w') as xdm_file, \ open(xdm_cqlsh_filename, 'w') as xdm_cqlsh_file: # Write Homestead/CQL header homestead_file.write("#!/bin/bash\n") homestead_file.write("# Homestead bulk provisioning script for users in %s\n" % (csv_filename,)) homestead_file.write("# Run this script on any node in your Homestead deployment to create the users\n") homestead_file.write("# The %s file must also be present on this system\n" % (homestead_cqlsh_filename,)) homestead_file.write("# You must also run %s on any node in your Homer deployment\n" % (xdm_filename,)) homestead_file.write("\n") homestead_file.write("[ -f %s ] || echo \"The %s file must be present on this system.\"\n" % (homestead_cqlsh_filename, homestead_cqlsh_filename)) homestead_file.write("cqlsh -3 -f %s\n" % (homestead_cqlsh_filename,)) homestead_cqlsh_file.write("USE homestead;\n"); # Write Homer/CQL header xdm_file.write("#!/bin/bash\n") xdm_file.write("# Homer bulk provisioning script for users in %s\n" % (csv_filename,)) xdm_file.write("# Run this script on any node in your Homer deployment to create the users\n") xdm_file.write("# The %s file must also be present on this system\n" % (xdm_cqlsh_filename,)) xdm_file.write("# You must also run %s on any node in your Homestead deployment\n" % (homestead_filename,)) xdm_file.write("\n") xdm_file.write("[ -f %s ] || echo \"The %s file must be present on this system.\"\n" % (xdm_cqlsh_filename, xdm_cqlsh_filename)) xdm_file.write("cqlsh -3 -f %s\n" % (xdm_cqlsh_filename,)) xdm_cqlsh_file.write("USE homer;\n") reader = csv.reader(csv_file) for row in reader: if len(row) >= 4: [public_id, private_id, realm, password] = row[0:4] # Hash and then encrypt the password. hash = utils.md5("%s:%s:%s" % (private_id, realm, password)) encrypted_hash = utils.encrypt_password(hash, settings.PASSWORD_ENCRYPTION_KEY) # Add the user to the SIP digests and filter criteria tables on Homestead. homestead_cqlsh_file.write("INSERT INTO sip_digests (private_id, digest) VALUES ('%s', '%s');\n" % (private_id, encrypted_hash)) homestead_cqlsh_file.write("INSERT INTO filter_criteria (public_id, value) VALUES ('%s', '%s');\n" % (public_id, INITIAL_FILTER_CRITERIA)) # Add the simservs document for the user to the documents table on Homer xdm_cqlsh_file.write("INSERT INTO simservs (user, value) VALUES ('%s', '%s');\n" % (public_id, SIMSERVS)) else: print 'Error: row "%s" contains <4 entries - ignoring' print "Generated bulk provisioning scripts written to" print "- %-46s - run this script on Homestead" % (homestead_filename,) print "- %-46s - copy this file onto Homestead" % (homestead_cqlsh_filename,) print "- %-46s - run this script on Homer" % (xdm_filename,) print "- %-46s - copy this file onto Homer" % (xdm_cqlsh_filename,) except IOError as e: print "Failed to read/write to %s:" % (e.filename,) traceback.print_exc();