Commit 37ccded4 authored by David Johnson's avatar David Johnson

Replace m2crypto in protogeni tests with ssl and cryptography modules.

parent feb1205b
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...] [authority]"
......
......@@ -37,7 +37,6 @@ import os
import time
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -33,7 +33,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...] [authority]"
......
......@@ -34,7 +34,6 @@ import os
import time
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -37,7 +37,6 @@ import os
import time
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
dokeys = 1
......
......@@ -38,7 +38,6 @@ import tempfile
import uuid
import xml.dom.minidom
import xmlrpclib
from M2Crypto import X509
XMLSEC1 = "xmlsec1"
......
......@@ -33,7 +33,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...] [authority]"
......
......@@ -37,7 +37,6 @@ import time
import os
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
OtherUser = None
......
......@@ -37,7 +37,6 @@ import time
import os
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
DEFAULTAUTHENTICATE=0
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
DEFAULTAUTHENTICATE=0
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
DEFAULTAUTHENTICATE=0
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
DEFAULTAUTHENTICATE=0
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
DEFAULTAUTHENTICATE=0
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
DEFAULTAUTHENTICATE=0
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
execfile( "test-common.py" )
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
execfile( "test-common.py" )
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
execfile( "test-common.py" )
......
......@@ -37,7 +37,6 @@ import os
import time
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...] [authority]"
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
execfile( "test-common.py" )
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
execfile( "test-common.py" )
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
import zlib
execfile( "test-common.py" )
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
execfile( "test-common.py" )
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
execfile( "test-common.py" )
......
......@@ -33,7 +33,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...] [authority]"
......
......@@ -33,7 +33,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...] <public|private|identifying> <user_urn [...]>"
......
......@@ -33,7 +33,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...] <public|private|identifying> <user_urn [...]>"
......
......@@ -37,7 +37,6 @@ import os
import re
import xmlrpclib
import zlib
from M2Crypto import X509
def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...] <advertisement> <request>"
......
......@@ -37,7 +37,6 @@ import time
import os
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
OtherUser = None
......
......@@ -42,7 +42,6 @@ import os
import time
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -41,7 +41,6 @@ import os
import time
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -35,7 +35,6 @@ import socket
import sys
import xml.dom.minidom
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -41,7 +41,6 @@ from xml.sax.handler import ContentHandler
import xml.sax
import xml.dom.minidom
import string
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -30,9 +30,14 @@
from urlparse import urlsplit, urlunsplit
from urllib import splitport
import xmlrpclib
import M2Crypto
import time
import httplib
import traceback
import ssl
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.x509.oid import NameOID
from cryptography.x509.oid import ExtensionOID
# Debugging output.
debug = 0
......@@ -65,6 +70,9 @@ if "DEFAULTAUTHENTICATE" not in globals():
authenticate=DEFAULTAUTHENTICATE
verify = False
cacertificate = None
if "Usage" not in dir():
def Usage():
print "usage: " + sys.argv[ 0 ] + " [option...]"
......@@ -97,7 +105,9 @@ def BaseOptions():
-s file, --slicecredentials=file read slice credentials from file
[default: query from SA]
-S file, --speaksfor=file read speaksfor credential from file
-U, --unauthenticated do not authenticate client"""
-U, --unauthenticated do not authenticate client
--verify enable server verification
--cacertificate=file read CA certificate from file"""
pass
try:
......@@ -108,7 +118,7 @@ try:
"slicename=", "passphrase=",
"read-commands=", "slicecredentials=",
"speaksfor=", "unauthenticated",
"delete" ] )
"delete", "verify", "cacertificate=" ] )
except getopt.GetoptError, err:
print >> sys.stderr, str( err )
......@@ -164,10 +174,29 @@ for opt, arg in opts:
authenticate=0
elif opt in ( "--delete" ):
DELETE = 1
elif opt in ( "--verify" ):
verify = True
elif opt in ("--cacertificate"):
cacertificate = arg
# try to load a cert even if we're not planning to authenticate, since we
# can use it to construct default authority locations
cert = M2Crypto.X509.load_cert( CERTIFICATE )
certdata = None
try:
fd = open(CERTIFICATE)
certdata = fd.read()
fd.close()
except IOError, e:
print 'Error reading certificate file %s: %s' % (CERTIFICATE,e.strerror)
try:
cert = x509.load_pem_x509_certificate(certdata,default_backend())
except Exception, e:
print 'Error loading certificate: %s' % (str(e))
if verify and cacertificate is not None:
if not os.access(cacertificate, os.R_OK):
print "CA Certificate cannot be accessed: " + cacertificate
sys.exit(-1);
# XMLRPC server: use www.emulab.net for the clearinghouse.
XMLRPC_SERVER = { "ch" : "www.emulab.net", "sr" : "www.emulab.net" }
......@@ -175,27 +204,33 @@ SERVER_PATH = { "ch" : ":12369/protogeni/xmlrpc/",
"sr" : ":12370/protogeni/pubxmlrpc/" }
try:
extension = cert.get_ext("authorityInfoAccess")
val = extension.get_value()
if val.find('URI:') > 0:
url = val[val.find('URI:')+4:]
url = url.rstrip()
# strip trailing sa
if url.endswith('/sa') > 0:
url = url[:-2]
pass
scheme, netloc, path, query, fragment = urlsplit(url)
descriptors = cert.extensions.get_extension_for_oid(
ExtensionOID.AUTHORITY_INFORMATION_ACCESS).value
url = None
for d in descriptors:
if d.access_method.dotted_string == '2.25.305821105408246119474742976030998643995':
url = d.access_location.value
break
if url:
url = url.rstrip()
# strip trailing sa
if url.endswith('/sa') > 0:
url = url[:-2]
scheme, netloc, path, query, fragment = urlsplit(url)
host,port = splitport(netloc)
XMLRPC_SERVER["default"] = host
XMLRPC_SERVER["default"] = host
if port:
path = ":" + port + path
pass
path = ":" + port + path
SERVER_PATH["default"] = path
except LookupError, err:
except Exception, err:
if debug:
print "Warning: error getting authInfoAccess extension value:"
traceback.print_exc()
pass
if "default" not in XMLRPC_SERVER:
XMLRPC_SERVER["default"] = cert.get_issuer().CN
XMLRPC_SERVER["default"] = cert.issuer.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
SERVER_PATH ["default"] = ":443/protogeni/xmlrpc/"
pass
......@@ -213,34 +248,26 @@ else:
DOMAIN = HOSTNAME[HOSTNAME.find('.')+1:]
SLICEURN = "urn:publicid:IDN+" + DOMAIN + "+slice+" + SLICENAME
# If the passphrase file exists, read it:
passphrase = None
if os.path.exists(PASSPHRASEFILE):
try:
passphrase = open(PASSPHRASEFILE).readline()
passphrase = passphrase.strip()
if passphrase == '':
print 'Passphrase file empty; you may be prompted'
passphrase = None
except IOError, e:
print 'Error reading passphrase file %s: %s' % (
PASSPHRASEFILE,e.strerror)
else:
if debug:
print 'Passphrase file %s does not exist' % (PASSPHRASEFILE)
def Fatal(message):
print >> sys.stderr, message
sys.exit(1)
def PassPhraseCB(v, prompt1='Enter passphrase:', prompt2='Verify passphrase:'):
"""Acquire the encrypted certificate passphrase by reading a file
or prompting the user.
This is an M2Crypto callback. If the passphrase file exists and is
readable, use it. If the passphrase file does not exist or is not
readable, delegate to the standard M2Crypto passphrase
callback. Return the passphrase.
"""
if os.path.exists(PASSPHRASEFILE):
try:
passphrase = open(PASSPHRASEFILE).readline()
passphrase = passphrase.strip()
return passphrase
except IOError, e:
print 'Error reading passphrase file %s: %s' % (PASSPHRASEFILE,
e.strerror)
else:
if debug:
print 'passphrase file %s does not exist' % (PASSPHRASEFILE)
# Prompt user if PASSPHRASEFILE does not exist or could not be read.
from M2Crypto.util import passphrase_callback
return passphrase_callback(v, prompt1, prompt2)
def geni_am_response_handler(method, method_args):
"""Handles the GENI AM responses, which are different from the
ProtoGENI responses. ProtoGENI always returns a dict with three
......@@ -303,20 +330,25 @@ def do_method(module, method, params, URI=None, quiet=False, version=None,
print str( url ) + " " + method
if url.scheme == "https":
if authenticate and not os.path.exists(CERTIFICATE):
if authenticate and not cert:
if not quiet:
print >> sys.stderr, "error: missing emulab certificate: " + CERTIFICATE
return (-1, None)
port = url.port if url.port else 443
ctx = M2Crypto.SSL.Context("sslv23")
ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
if authenticate:
ctx.load_cert_chain(CERTIFICATE, CERTIFICATE, PassPhraseCB)
ctx.set_verify(M2Crypto.SSL.verify_none, 16)
ctx.set_allow_unknown_ca(0)
server = M2Crypto.httpslib.HTTPSConnection( url.hostname, port, ssl_context = ctx )
ctx.load_cert_chain(CERTIFICATE,password=passphrase)
if not verify:
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
else:
if cacertificate:
ctx.load_verify_locations(cafile=cacertificate)
ctx.verify_mode = ssl.CERT_REQUIRED
server = httplib.HTTPSConnection( url.hostname, port, context = ctx )
elif url.scheme == "http":
port = url.port if url.port else 80
server = httplib.HTTPConnection( url.hostname, port )
......@@ -358,9 +390,9 @@ def do_method(module, method, params, URI=None, quiet=False, version=None,
continue;
if not quiet: print >> sys.stderr, e.faultString
return (-1, None)
except M2Crypto.SSL.Checker.WrongHost, e:
except ssl.CertificateError, e:
if not quiet:
print >> sys.stderr, "Warning: certificate host name mismatch."
print >> sys.stderr, "Warning: possible certificate host name mismatch."
print >> sys.stderr, "Please consult:"
print >> sys.stderr, " http://www.protogeni.net/trac/protogeni/wiki/HostNameMismatch"
print >> sys.stderr, "for recommended solutions."
......
......@@ -41,7 +41,6 @@ from xml.sax.handler import ContentHandler
import xml.sax
import xml.dom.minidom
import string
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -41,7 +41,6 @@ from xml.sax.handler import ContentHandler
import xml.sax
import xml.dom.minidom
import string
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -37,7 +37,6 @@ import os
import time
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -37,7 +37,6 @@ import os
import time
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
execfile( "test-common.py" )
......
......@@ -37,7 +37,6 @@ import os
import time
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -37,7 +37,6 @@ import os
import time
import re
import xmlrpclib
from M2Crypto import X509
execfile( "test-common.py" )
......
......@@ -37,7 +37,6 @@ import os
import time
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -40,7 +40,6 @@ import urllib
from xml.sax.handler import ContentHandler
import xml.sax
import string
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -37,7 +37,6 @@ import os
import time
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -36,7 +36,6 @@ import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -37,7 +37,6 @@ import os
import time
import re
import xmlrpclib
from M2Crypto import X509
ACCEPTSLICENAME=1
......
......@@ -40,7 +40,6 @@ import urllib
from xml.sax.handler import ContentHandler
import xml.sax
import string
from M2Crypto import X509
ACCEPTSLICENAME=1
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment