Commit 37ccded4 authored by David Johnson's avatar David Johnson

Replace m2crypto in protogeni tests with ssl and cryptography modules.

parent feb1205b
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
def Usage(): def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...] [authority]" print "usage: " + sys.argv[ 0 ] + " [option...] [authority]"
......
...@@ -37,7 +37,6 @@ import os ...@@ -37,7 +37,6 @@ import os
import time import time
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1 ACCEPTSLICENAME=1
......
...@@ -33,7 +33,6 @@ import getopt ...@@ -33,7 +33,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
def Usage(): def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...] [authority]" print "usage: " + sys.argv[ 0 ] + " [option...] [authority]"
......
...@@ -34,7 +34,6 @@ import os ...@@ -34,7 +34,6 @@ import os
import time import time
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1 ACCEPTSLICENAME=1
......
...@@ -37,7 +37,6 @@ import os ...@@ -37,7 +37,6 @@ import os
import time import time
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1 ACCEPTSLICENAME=1
dokeys = 1 dokeys = 1
......
...@@ -38,7 +38,6 @@ import tempfile ...@@ -38,7 +38,6 @@ import tempfile
import uuid import uuid
import xml.dom.minidom import xml.dom.minidom
import xmlrpclib import xmlrpclib
from M2Crypto import X509
XMLSEC1 = "xmlsec1" XMLSEC1 = "xmlsec1"
......
...@@ -33,7 +33,6 @@ import getopt ...@@ -33,7 +33,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
def Usage(): def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...] [authority]" print "usage: " + sys.argv[ 0 ] + " [option...] [authority]"
......
...@@ -37,7 +37,6 @@ import time ...@@ -37,7 +37,6 @@ import time
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1 ACCEPTSLICENAME=1
OtherUser = None OtherUser = None
......
...@@ -37,7 +37,6 @@ import time ...@@ -37,7 +37,6 @@ import time
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1 ACCEPTSLICENAME=1
......
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
DEFAULTAUTHENTICATE=0 DEFAULTAUTHENTICATE=0
......
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
DEFAULTAUTHENTICATE=0 DEFAULTAUTHENTICATE=0
......
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
DEFAULTAUTHENTICATE=0 DEFAULTAUTHENTICATE=0
......
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
DEFAULTAUTHENTICATE=0 DEFAULTAUTHENTICATE=0
......
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
DEFAULTAUTHENTICATE=0 DEFAULTAUTHENTICATE=0
......
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
DEFAULTAUTHENTICATE=0 DEFAULTAUTHENTICATE=0
......
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
execfile( "test-common.py" ) execfile( "test-common.py" )
......
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
execfile( "test-common.py" ) execfile( "test-common.py" )
......
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1 ACCEPTSLICENAME=1
......
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
execfile( "test-common.py" ) execfile( "test-common.py" )
......
...@@ -37,7 +37,6 @@ import os ...@@ -37,7 +37,6 @@ import os
import time import time
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1 ACCEPTSLICENAME=1
......
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
def Usage(): def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...] [authority]" print "usage: " + sys.argv[ 0 ] + " [option...] [authority]"
......
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
execfile( "test-common.py" ) execfile( "test-common.py" )
......
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
execfile( "test-common.py" ) execfile( "test-common.py" )
......
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
import zlib import zlib
execfile( "test-common.py" ) execfile( "test-common.py" )
......
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
execfile( "test-common.py" ) execfile( "test-common.py" )
......
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
execfile( "test-common.py" ) execfile( "test-common.py" )
......
...@@ -33,7 +33,6 @@ import getopt ...@@ -33,7 +33,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
def Usage(): def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...] [authority]" print "usage: " + sys.argv[ 0 ] + " [option...] [authority]"
......
...@@ -33,7 +33,6 @@ import getopt ...@@ -33,7 +33,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
def Usage(): def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...] <public|private|identifying> <user_urn [...]>" print "usage: " + sys.argv[ 0 ] + " [option...] <public|private|identifying> <user_urn [...]>"
......
...@@ -33,7 +33,6 @@ import getopt ...@@ -33,7 +33,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
def Usage(): def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...] <public|private|identifying> <user_urn [...]>" print "usage: " + sys.argv[ 0 ] + " [option...] <public|private|identifying> <user_urn [...]>"
......
...@@ -37,7 +37,6 @@ import os ...@@ -37,7 +37,6 @@ import os
import re import re
import xmlrpclib import xmlrpclib
import zlib import zlib
from M2Crypto import X509
def Usage(): def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...] <advertisement> <request>" print "usage: " + sys.argv[ 0 ] + " [option...] <advertisement> <request>"
......
...@@ -37,7 +37,6 @@ import time ...@@ -37,7 +37,6 @@ import time
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1 ACCEPTSLICENAME=1
OtherUser = None OtherUser = None
......
...@@ -42,7 +42,6 @@ import os ...@@ -42,7 +42,6 @@ import os
import time import time
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1 ACCEPTSLICENAME=1
......
...@@ -41,7 +41,6 @@ import os ...@@ -41,7 +41,6 @@ import os
import time import time
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1 ACCEPTSLICENAME=1
......
...@@ -36,7 +36,6 @@ import getopt ...@@ -36,7 +36,6 @@ import getopt
import os import os
import re import re
import xmlrpclib import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1 ACCEPTSLICENAME=1
......
...@@ -35,7 +35,6 @@ import socket ...@@ -35,7 +35,6 @@ import socket
import sys import sys
import xml.dom.minidom import xml.dom.minidom
import xmlrpclib import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1 ACCEPTSLICENAME=1
......
...@@ -41,7 +41,6 @@ from xml.sax.handler import ContentHandler ...@@ -41,7 +41,6 @@ from xml.sax.handler import ContentHandler
import xml.sax import xml.sax
import xml.dom.minidom import xml.dom.minidom
import string import string
from M2Crypto import X509
ACCEPTSLICENAME=1 ACCEPTSLICENAME=1
......
...@@ -30,9 +30,14 @@ ...@@ -30,9 +30,14 @@
from urlparse import urlsplit, urlunsplit from urlparse import urlsplit, urlunsplit
from urllib import splitport from urllib import splitport
import xmlrpclib import xmlrpclib
import M2Crypto
import time import time
import httplib import httplib
import traceback
import ssl
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.x509.oid import NameOID
from cryptography.x509.oid import ExtensionOID
# Debugging output. # Debugging output.
debug = 0 debug = 0
...@@ -65,6 +70,9 @@ if "DEFAULTAUTHENTICATE" not in globals(): ...@@ -65,6 +70,9 @@ if "DEFAULTAUTHENTICATE" not in globals():
authenticate=DEFAULTAUTHENTICATE authenticate=DEFAULTAUTHENTICATE
verify = False
cacertificate = None
if "Usage" not in dir(): if "Usage" not in dir():
def Usage(): def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...]" print "usage: " + sys.argv[ 0 ] + " [option...]"
...@@ -97,7 +105,9 @@ def BaseOptions(): ...@@ -97,7 +105,9 @@ def BaseOptions():
-s file, --slicecredentials=file read slice credentials from file -s file, --slicecredentials=file read slice credentials from file
[default: query from SA] [default: query from SA]
-S file, --speaksfor=file read speaksfor credential from file -S file, --speaksfor=file read speaksfor credential from file
-U, --unauthenticated do not authenticate client""" -U, --unauthenticated do not authenticate client
--verify enable server verification
--cacertificate=file read CA certificate from file"""
pass pass
try: try:
...@@ -108,7 +118,7 @@ try: ...@@ -108,7 +118,7 @@ try:
"slicename=", "passphrase=", "slicename=", "passphrase=",
"read-commands=", "slicecredentials=", "read-commands=", "slicecredentials=",
"speaksfor=", "unauthenticated", "speaksfor=", "unauthenticated",
"delete" ] ) "delete", "verify", "cacertificate=" ] )
except getopt.GetoptError, err: except getopt.GetoptError, err:
print >> sys.stderr, str( err ) print >> sys.stderr, str( err )
...@@ -164,10 +174,29 @@ for opt, arg in opts: ...@@ -164,10 +174,29 @@ for opt, arg in opts:
authenticate=0 authenticate=0
elif opt in ( "--delete" ): elif opt in ( "--delete" ):
DELETE = 1 DELETE = 1
elif opt in ( "--verify" ):
verify = True
elif opt in ("--cacertificate"):
cacertificate = arg
# try to load a cert even if we're not planning to authenticate, since we # try to load a cert even if we're not planning to authenticate, since we
# can use it to construct default authority locations # can use it to construct default authority locations
cert = M2Crypto.X509.load_cert( CERTIFICATE ) certdata = None
try:
fd = open(CERTIFICATE)
certdata = fd.read()
fd.close()
except IOError, e:
print 'Error reading certificate file %s: %s' % (CERTIFICATE,e.strerror)
try:
cert = x509.load_pem_x509_certificate(certdata,default_backend())
except Exception, e:
print 'Error loading certificate: %s' % (str(e))
if verify and cacertificate is not None:
if not os.access(cacertificate, os.R_OK):
print "CA Certificate cannot be accessed: " + cacertificate
sys.exit(-1);
# XMLRPC server: use www.emulab.net for the clearinghouse. # XMLRPC server: use www.emulab.net for the clearinghouse.
XMLRPC_SERVER = { "ch" : "www.emulab.net", "sr" : "www.emulab.net" } XMLRPC_SERVER = { "ch" : "www.emulab.net", "sr" : "www.emulab.net" }
...@@ -175,27 +204,33 @@ SERVER_PATH = { "ch" : ":12369/protogeni/xmlrpc/", ...@@ -175,27 +204,33 @@ SERVER_PATH = { "ch" : ":12369/protogeni/xmlrpc/",
"sr" : ":12370/protogeni/pubxmlrpc/" } "sr" : ":12370/protogeni/pubxmlrpc/" }
try: try:
extension = cert.get_ext("authorityInfoAccess") descriptors = cert.extensions.get_extension_for_oid(
val = extension.get_value() ExtensionOID.AUTHORITY_INFORMATION_ACCESS).value
if val.find('URI:') > 0: url = None
url = val[val.find('URI:')+4:] for d in descriptors:
url = url.rstrip() if d.access_method.dotted_string == '2.25.305821105408246119474742976030998643995':
# strip trailing sa url = d.access_location.value
if url.endswith('/sa') > 0: break
url = url[:-2] if url:
pass url = url.rstrip()
scheme, netloc, path, query, fragment = urlsplit(url) # strip trailing sa
if url.endswith('/sa') > 0:
url = url[:-2]
scheme, netloc, path, query, fragment = urlsplit(url)
host,port = splitport(netloc) host,port = splitport(netloc)
XMLRPC_SERVER["default"] = host XMLRPC_SERVER["default"] = host
if port: if port:
path = ":" + port + path path = ":" + port + path
pass
SERVER_PATH["default"] = path SERVER_PATH["default"] = path
except LookupError, err: except Exception, err:
if debug:
print "Warning: error getting authInfoAccess extension value:"
traceback.print_exc()
pass pass
if "default" not in XMLRPC_SERVER: if "default" not in XMLRPC_SERVER:
XMLRPC_SERVER["default"] = cert.get_issuer().CN XMLRPC_SERVER["default"] = cert.issuer.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
SERVER_PATH ["default"] = ":443/protogeni/xmlrpc/" SERVER_PATH ["default"] = ":443/protogeni/xmlrpc/"
pass pass
...@@ -213,34 +248,26 @@ else: ...@@ -213,34 +248,26 @@ else:
DOMAIN = HOSTNAME[HOSTNAME.find('.')+1:] DOMAIN = HOSTNAME[HOSTNAME.find('.')+1:]
SLICEURN = "urn:publicid:IDN+" + DOMAIN + "+slice+" + SLICENAME SLICEURN = "urn:publicid:IDN+" + DOMAIN + "+slice+" + SLICENAME
# If the passphrase file exists, read it:
passphrase = None
if os.path.exists(PASSPHRASEFILE):
try:
passphrase = open(PASSPHRASEFILE).readline()
passphrase = passphrase.strip()
if passphrase == '':
print 'Passphrase file empty; you may be prompted'
passphrase = None
except IOError, e:
print 'Error reading passphrase file %s: %s' % (
PASSPHRASEFILE,e.strerror)
else:
if debug:
print 'Passphrase file %s does not exist' % (PASSPHRASEFILE)
def Fatal(message): def Fatal(message):
print >> sys.stderr, message print >> sys.stderr, message
sys.exit(1) sys.exit(1)
def PassPhraseCB(v, prompt1='Enter passphrase:', prompt2='Verify passphrase:'):
"""Acquire the encrypted certificate passphrase by reading a file
or prompting the user.