Mercurial > repos > cathywise > truststore_import
changeset 4:32d9b3343955
Toooool upload.
| author | Catherine Wise <catherine.wise@csiro.au> |
|---|---|
| date | Thu, 12 Dec 2013 13:07:45 +1100 |
| parents | 6de426d89bb9 |
| children | 159d2159e745 |
| files | PythonTrustStore-0.2.0.tar.gz PythonTrustStore-0.2.0/MANIFEST.in PythonTrustStore-0.2.0/PKG-INFO PythonTrustStore-0.2.0/PythonTrustStore.egg-info/PKG-INFO PythonTrustStore-0.2.0/PythonTrustStore.egg-info/SOURCES.txt PythonTrustStore-0.2.0/PythonTrustStore.egg-info/dependency_links.txt PythonTrustStore-0.2.0/PythonTrustStore.egg-info/requires.txt PythonTrustStore-0.2.0/PythonTrustStore.egg-info/top_level.txt PythonTrustStore-0.2.0/README.txt PythonTrustStore-0.2.0/bin/truststore-cli.py PythonTrustStore-0.2.0/py_ts/TrustStoreClient.py PythonTrustStore-0.2.0/py_ts/__init__.py PythonTrustStore-0.2.0/py_ts/certs.conf PythonTrustStore-0.2.0/py_ts/parts.py PythonTrustStore-0.2.0/py_ts/testKMS.py PythonTrustStore-0.2.0/py_ts/ts_utils.py PythonTrustStore-0.2.0/setup.cfg PythonTrustStore-0.2.0/setup.py PythonTrustStore-0.2.0/test-extrasmall.txt TrustStoreGalaxyImport.py TrustStoreGalaxyImport.xml requirements.txt |
| diffstat | 21 files changed, 178 insertions(+), 2328 deletions(-) [+] |
line wrap: on
line diff
--- a/PythonTrustStore-0.2.0/MANIFEST.in Wed Dec 11 21:05:53 2013 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,3 +0,0 @@ -include *.txt -recursive-include docs *.txt -recursive-include py_ts *.conf \ No newline at end of file
--- a/PythonTrustStore-0.2.0/PKG-INFO Wed Dec 11 21:05:53 2013 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,19 +0,0 @@ -Metadata-Version: 1.0 -Name: PythonTrustStore -Version: 0.2.0 -Summary: TrustStore Python library and command line client. -Home-page: http://truststore.csiro.au -Author: Catherine Wise -Author-email: catherine.wise@csiro.au -License: LICENSE.txt -Description: # PY-TS: Python TrustStore Library - - *WARNING* - - This library requires on a *recent* version of OpenSSL to be installed, at least version 1.0. Many systems come with OpenSSL: but it is often an old version. - - If you are installing this package on a Mac, the default OpenSSL is almost certainly too old. Please install and updated version using [homebrew](http://mxcl.github.io/homebrew/), we will find it if you have. - - If you are installing this package on Ubuntu, you will need Ubuntu 11.10 (Oneiric) or later. Maverick (10.10), despite being the LTS release, does not have a recent enough version of OpenSSL (it has 0.9.8k). - -Platform: UNKNOWN
--- a/PythonTrustStore-0.2.0/PythonTrustStore.egg-info/PKG-INFO Wed Dec 11 21:05:53 2013 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,19 +0,0 @@ -Metadata-Version: 1.0 -Name: PythonTrustStore -Version: 0.2.0 -Summary: TrustStore Python library and command line client. -Home-page: http://truststore.csiro.au -Author: Catherine Wise -Author-email: catherine.wise@csiro.au -License: LICENSE.txt -Description: # PY-TS: Python TrustStore Library - - *WARNING* - - This library requires on a *recent* version of OpenSSL to be installed, at least version 1.0. Many systems come with OpenSSL: but it is often an old version. - - If you are installing this package on a Mac, the default OpenSSL is almost certainly too old. Please install and updated version using [homebrew](http://mxcl.github.io/homebrew/), we will find it if you have. - - If you are installing this package on Ubuntu, you will need Ubuntu 11.10 (Oneiric) or later. Maverick (10.10), despite being the LTS release, does not have a recent enough version of OpenSSL (it has 0.9.8k). - -Platform: UNKNOWN
--- a/PythonTrustStore-0.2.0/PythonTrustStore.egg-info/SOURCES.txt Wed Dec 11 21:05:53 2013 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,16 +0,0 @@ -MANIFEST.in -README.txt -setup.py -test-extrasmall.txt -PythonTrustStore.egg-info/PKG-INFO -PythonTrustStore.egg-info/SOURCES.txt -PythonTrustStore.egg-info/dependency_links.txt -PythonTrustStore.egg-info/requires.txt -PythonTrustStore.egg-info/top_level.txt -bin/truststore-cli.py -py_ts/TrustStoreClient.py -py_ts/__init__.py -py_ts/certs.conf -py_ts/parts.py -py_ts/testKMS.py -py_ts/ts_utils.py \ No newline at end of file
--- a/PythonTrustStore-0.2.0/PythonTrustStore.egg-info/dependency_links.txt Wed Dec 11 21:05:53 2013 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -
--- a/PythonTrustStore-0.2.0/PythonTrustStore.egg-info/requires.txt Wed Dec 11 21:05:53 2013 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,6 +0,0 @@ -requests <= 0.14.2 -requests_oauth2 -xmltodict -boto >= 2.5.0 -simplejson -passlib \ No newline at end of file
--- a/PythonTrustStore-0.2.0/PythonTrustStore.egg-info/top_level.txt Wed Dec 11 21:05:53 2013 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -py_ts
--- a/PythonTrustStore-0.2.0/README.txt Wed Dec 11 21:05:53 2013 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,9 +0,0 @@ -# PY-TS: Python TrustStore Library - -*WARNING* - -This library requires on a *recent* version of OpenSSL to be installed, at least version 1.0. Many systems come with OpenSSL: but it is often an old version. - -If you are installing this package on a Mac, the default OpenSSL is almost certainly too old. Please install and updated version using [homebrew](http://mxcl.github.io/homebrew/), we will find it if you have. - -If you are installing this package on Ubuntu, you will need Ubuntu 11.10 (Oneiric) or later. Maverick (10.10), despite being the LTS release, does not have a recent enough version of OpenSSL (it has 0.9.8k).
--- a/PythonTrustStore-0.2.0/bin/truststore-cli.py Wed Dec 11 21:05:53 2013 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,218 +0,0 @@ -#!/usr/bin/python - -from py_ts import TrustStoreClient, ts_utils, parts -import argparse -import datetime -import os.path -import json -import sys - -def printNice(elem, depth): - try: - print '\t'*depth + elem.name + " (" + str(len(elem.fragments)) + " parts)" - except AttributeError: - print '\t'*depth + elem.name - for child in elem.children: - printNice(child, depth+1) - -if __name__ == '__main__': - epilog = """If your private key has been exported from TrustStore and ends in .p12 (and is therefore encrypted with a password), you'll need to convert it to pem (unecrypted) using openssl. The command is: - - openssl pkcs12 -in truststoreKey.p12 -out truststoreKey.pem -nodes -nocerts - """ - - parser = argparse.ArgumentParser(description="TrustStore Command Line Client (pyts)", epilog=epilog) - kmsCRUD = parser.add_subparsers(dest="mode") - - testParser = kmsCRUD.add_parser("test", help="put TrustStore through it's paces") - testParser.add_argument("provider", help="json file describing cloud service(s), including credentials") - - listParser = kmsCRUD.add_parser("list", help="list accessible stores for user") - listParser = kmsCRUD.add_parser("pkey", help="get private key for user") - changePassParser = kmsCRUD.add_parser("newpass", help="change your password") - changePassParser.add_argument("newpassword", help="new password") - changeKeyParser = kmsCRUD.add_parser("newkey", help="change your key") - newParser = kmsCRUD.add_parser("new", help="create a new store with supplied name") - newParser.add_argument("name", help="store name") - newParser.add_argument("provider", help="json file describing cloud service(s), including credentials") - - delParser = kmsCRUD.add_parser("remove", help="delete store with supplied name") - delParser.add_argument("name", help="store name") - - storeParser = kmsCRUD.add_parser("store", help="store name to access") - storeParser.add_argument("name", help="store name") - storeCRUD = storeParser.add_mutually_exclusive_group() - - storeCRUD.add_argument("-ls", "--listfiles", action="store_true", help="list files") - storeCRUD.add_argument("-g", "--download", help="download file ") - storeCRUD.add_argument("-a", "--upload", help="upload this file") - storeCRUD.add_argument("-d", "--delete", help="delete this file") - parser.add_argument("-f", "--path", help="store path ie /foo/bar") - parser.add_argument("-b", "--threads", help="threads to use when downloading/uploading (ADVANCED USERS ONLY PLEASE)") - - parser.add_argument("-p", "--password", help="TrustStore kms password") - parser.add_argument("-u", "--user", help="TrustStore kms username") - parser.add_argument("--key", help="User's private key, pem format.") - - parser.add_argument("-k", "--kms", help="kms url") - parser.add_argument("-i", "--ims", help="ims url") - parser.add_argument("-y", "--clientKey", help="kms oAuth client key") - parser.add_argument("-s", "--clientSecret", help="kms oAuth client secret") - parser.add_argument("-c", "--code", help="kms authentication code") - parser.add_argument("-t", "--token", help="kms access token") - parser.add_argument("-e", "--headless", help="Set this if you're running on a machine with no web browser, and want to use token authentication (not password).", action="store_true") - - args = parser.parse_args() - - config = None - token = None - headless = args.headless - if args.ims and args.kms and args.clientKey and args.clientSecret: - config = TrustStoreClient.Config(args.ims, args.kms, args.clientKey, args.clientSecret) - elif args.ims or args.kms or args.clientKey or args.clientSecret: - print "WARNING: All of --kms, --ims, --clientKey and --clientSecret must be set, if any. Values supplied have been ignored." - - if (not args.password and args.user) or (args.password and not args.user): - print "WARNING: Both username and password must be supplied for command-line authentication. Values supplied have been ignored." - - ts = TrustStoreClient.TrustStoreClient(headless, config, args.token) - - print "Authenticating..." - authURL = ts.authenticate(args.user, args.password) - if headless: - print "Please visit the url below to authorize this client. Then come back and past in the code given." - print authURL - code = raw_input('Code:') - ts.twoStageAuth(code) - - print "Your token: " - print ts.kmsClient.params['access_token'] - - providers = None - if hasattr(args, 'provider'): - with open(args.provider) as f: - providers = json.load(f) - for provider in providers: - ts.addProvider(provider) - - if args.mode == "test": - args.name = "test-cli" - args.delete = False - args.upload = "test-large.wav" - args.download = "test-large.wav" - args.path = "/tests/" - args.listfiles = True - - if args.mode == "pkey" or not args.key: - print "Fetching your private key..." - keyFile = "truststore.pem" - keyFile = ts.getPrivateKey("truststore.pem") - ts.keyFile = keyFile - if not keyFile: - print "No key file could be found! Check for errors above." - sys.exit(1) - else: - ts.keyFile = args.key - - if args.mode == "newpass": - if args.password: - print "Changing password..." - ts.changePassword(args.newpassword) - else: - print "You can't change your password without supplying your old password. Sorry." - - if args.mode == "newkey": - ts.setNewKey("truststore.pem") - - if args.mode == "remove" or args.mode == "test": - print "Deleting all stores with name " + args.name + " ..." - storeList = ts.listStores() - for store in storeList: - if store.friendly_name == args.name: - print "deleting..." - ts.deleteStore(store) - - if args.mode == "list" or args.mode == "test": - print "Listing all stores..." - listing = ts.listStores() - for store in listing: - print store - - if args.mode == "new" or args.mode == "test": - print "Creating new store with name " + args.name + " ..." - newStore = ts.createStore(name=args.name) - - if args.mode == "store" or args.mode == "test": - listing = ts.listStores() - store = ts.getStore(args.name) - if store: - root = ts.listDirectory(store) - if args.delete: - path = None - delete = args.delete - if args.path: - path = ts_utils.ts_utils.dirAtPath(root, args.path) - else: - path = ts_utils.ts_utils.dirAtPath(root, args.delete) - if path: - args.delete = None - if not path: - path = root - ts.delFile(store, delete, path, root) - if args.upload: - if os.path.isdir(os.path.abspath(args.upload)): - for rootDir, dirs, files in os.walk(os.path.abspath(args.upload), topdown=False): - for name in files: - root = ts.listDirectory(store) - print "Uploading file..." - uploadMe = parts.File(extras=None) - uploadMe.local_path = os.path.abspath(os.path.join(rootDir, name)) - uploadMe.name = os.path.basename(os.path.normpath(os.path.join(rootDir, name))) - if root: - path = root - # uploadPath = os.path.relpath(rootDir) - # if len(os.path.abspath(rootDir)) < len(uploadPath): - _, uploadPath = os.path.split(rootDir) - print "uploading to... " + uploadPath - path = ts_utils.ts_utils.dirAtPath(root, uploadPath, True) - ts.addFile(store, uploadMe, path, root) - else: - print "There was a problem accessing the store." - else: - print "Uploading file..." - uploadMe = parts.File(extras=None) - uploadMe.local_path = os.path.abspath(args.upload) - uploadMe.name = os.path.basename(os.path.normpath(args.upload)) - if root: - path = root - if args.path: - path = ts_utils.ts_utils.dirAtPath(root, args.path, True) - ts.addFile(store, uploadMe, path, root) - else: - print "There was a problem accessing the store." - if args.download: - path = root - if args.path: - path = ts_utils.ts_utils.dirAtPath(root, args.path) - downloadMe = ts_utils.ts_utils.recurseToChildNamed(path, args.download) - if downloadMe: - print "Downloading file..." - threads = 10 - if args.threads: - threads = args.threads - download = ts.getFile(store, downloadMe, threads) - if download: - print "File downloaded as: " + str(download) - else: - print "File not found." - if args.listfiles: - print "Listing files..." - try: - for child in root.children: - printNice(child, 0) - except AttributeError as e: - print e - print root - else: - print "A store with the name '" + args.name + "' could not be found." - print datetime.datetime.now()
--- a/PythonTrustStore-0.2.0/py_ts/TrustStoreClient.py Wed Dec 11 21:05:53 2013 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1601 +0,0 @@ -import requests -from requests_oauth2 import OAuth2 -import simplejson as json -import simplejson.scanner -from urllib import quote -from urlparse import parse_qs, urljoin -from functools import wraps -from tempfile import NamedTemporaryFile -# from subprocess import call, check_output, Popen -import subprocess -import os -from urlparse import urlparse -from datetime import datetime -import xmltodict -import uuid -import webbrowser -import base64 -import binascii -import hashlib -import textwrap -import re -import boto.exception -import boto.s3.connection as botoConn -from boto.s3.key import Key as botoKey -from distutils.version import LooseVersion -from parts import * -# import threading -from multiprocessing.pool import ThreadPool -# import Queue -from passlib.hash import pbkdf2_sha256 -from passlib.utils import ab64_decode -from itertools import izip_longest -import sys - -# import cProfile #, pstats - - -DASHES = "-----" -BEGIN = "BEGIN" -END = "END" -PUBLIC = "PUBLIC" -PRIVATE = "PRIVATE" -KEY = "KEY" -CERTIFICATE = "CERTIFICATE" - -class TrustStoreClient(object): - """A client for connecting to a TrustStore service, and probably a storage provider. Currently supports S3 and S3-like storage providers (such as Nectar) which are supported by the Python boto library. Requires a version of OpenSSL greater than 1.0, i.e. Mac will have to install using homebrew. - - """ - brewOpenSSL = '/usr/local/Cellar/openssl/' - jsonHeaders = {'Content-type': 'application/json', 'Accept': 'application/json'} - storesPrefix = "/store" - storesList = "/all" - filesPrefix = "/file" - keysPrefix = "/keys" - publicKeysPrefix = "/public_key" - privateKeysPrefix = "/private_key" - usernamesPrefix = "/username" - saltPrefix = "/loginsalt" - passwordResetPrefix = "/credentials" - - providers = [] - - pieceSize = 209715 - - openSSL = "openssl" - - kmsUrl = u'http://localhost:8080/TSSKeyManagementService-Collaboration' - imsUrl = u'http://localhost:8080/TSSIntegrityManagementService/services/IMS' - client_key = u'my-trusted-client-with-secret' - client_secret = u'somesecret' - headless = False - redirect_uri = "oob" - keyFile = None - auth = None - kmsClient = None - username = None - - def requiresAuth(func): - """Wraps a function which requires the client be already sucesfully authenticated with the Key Management Service.""" - @wraps(func) - def withAuth(self, *args, **kwargs): - if self.kmsClient: - return func(self, *args, **kwargs) - else: - raise TrustStoreClientAuthenticationException("Not authenticated!") - return withAuth - - def __init__(self, headless, config=None, accessToken=None): - """Set up the client, checking OpenSSL - - :param headless: Are we running somewhere where opening a browser window would be a bad idea? If we're on a server, this should always be True - :type headless: boolean - :param config: Optional collection of configuration variables, must have values kmsUrl, imsUrl, client_key and client_secret. - :param accessToken: If being re-run, an accessToken can be supplied and autentication skipped. Note that if you're doing this you're expected to have set the username and password properties manually. In which case you may as well just authenticate. - - """ - if os.path.exists(self.brewOpenSSL): - versions = os.listdir(self.brewOpenSSL) - versions.sort(key=LooseVersion) - self.openSSL = self.brewOpenSSL + versions[-1] + "/bin/openssl" - - sslVersion = subprocess.check_output([self.openSSL, 'version']) - m = re.search('([0-9]+.[0-9]+.[0-9]+[a-z]*)', sslVersion) - if LooseVersion(m.group(0)) < LooseVersion("1.0.0"): - raise OpenSSLVersionException(m.group(0)) - elif not headless: - print "Working with " + sslVersion - - if config: - self.kmsUrl = config.kmsUrl - self.imsUrl = config.imsUrl - self.client_key = config.client_key - self.client_secret = config.client_secret - self.headless = headless - self.auth = OAuth2(self.client_key, self.client_secret, self.kmsUrl, self.redirect_uri) - if accessToken: - self.kmsClient = requests.session(params={'access_token': accessToken}) - self.username = self._getUsername() - - def authenticate(self, username=None, password=None): - """Talk to KMS and get the required tokens etc. If the username and password are not supplied OAuth-2 token authentication is attempted. In headless mode thiis will cause a url to be returned where the user will have to login and authorize this application. Will throw exceptions if credentials are rejected or KMS cannot be reached. - - :param username: The username already registered with KMS. - :type username: string/unicode - :param password: The user's KMS password. - :type password: string/unicode - :rtype: None or string (authorisation url) - - """ - - if not self.kmsClient: - response = None - if not username or not password: - authorization_url = self.auth.authorize_url(scope='read trust write', response_type='code') - if authorization_url: - if self.headless: - return authorization_url - else: - webbrowser.open(authorization_url) - code = raw_input('Code:') - response = self.auth.get_token(code, grant_type='authorization_code') - else: - self.username = username - self.password = password - ans = requests.get("%s%s/%s" %(self.kmsUrl, self.saltPrefix, username)) - salt = base64.b64decode(ans.text) - # Passlib uses a *custom* base64 encoding because it is arse, so fix to normal. - sendPassword = base64.b64encode(ab64_decode(pbkdf2_sha256.encrypt(username + password, rounds=1000, salt=salt).split("$")[-1])) - login_form = {'username': username, - 'password': sendPassword, - 'client_id': self.client_key, - 'client_secret': self.client_secret, - 'grant_type': 'password'} - response = requests.post("%s%s" % (self.auth.site, quote(self.auth.token_url)), data=login_form, allow_redirects=True) - - if isinstance(response.content, basestring): - try: - response = json.loads(response.content) - except ValueError: - response = parse_qs(response.content) - else: - response = response.content - - if response: - try: - self.kmsClient = requests.session(params={'access_token': response['access_token']}) - if not self.username: - self.username = self._getUsername() - except KeyError: - raise TrustStoreClientAuthenticationException("Credentials not accepted. Response: " + str(response)) - else: - raise TrustStoreClientAuthenticationException("Communication error with TrustStore server. Is it running?") - - def twoStageAuth(self, code): - """If using oAuth2, this method will need to be called after :func:`authenticate` - - :param code: The oAuth2 token. - """ - - response = self.auth.get_token(code) - self.kmsClient = requests.session(params={'access_token': response['access_token']}) - self.username = self._getUsername() - - def clearAuth(self): - """Clear any authentication (username/password) but preserve other configuration (server locations etc)""" - self.auth = None - self.kmsClient = None - self.username = None - - def addProvider(self, prov): - """Tell the client about a new provider to use (in addition) - - :param prov: The new provider - :type prov: `Provider` - - """ - self.providers.append(prov) - - @requiresAuth - def listStores(self): - """List all the stores this user has access to - - :rtype: list of Store objects - - """ - stores = [] - r = self.kmsClient.get(self.kmsUrl + self.storesPrefix) # + self.storesList) - if 'error' not in r.json: - for store in r.json: - stores.append(Store(store)) - return stores - else: - print r.text - print r.json - - @requiresAuth - def getPrivateKey(self, filename): - """Fetch the user's private key from KMS.""" - getr = self.kmsClient.get(self.kmsUrl + self.privateKeysPrefix + "/" + self.username) - if getr.json and 'error' not in getr.json: - key = UserPrivateKey(getr.json) - if key.certificate: - with open(filename, 'w+') as f: - f.write(key.certificate) - self.keyFile = filename - else: - self.setNewKey(filename) - return filename - else: - print "Couldn't find private key?" - print getr.text - - @requiresAuth - def setNewKey(self, filename): - """Generate a new private key, either because the user doesn't have one yet, or they've requested a new one.""" - print "No private key found!" - self._generateKeypair(filename) - keydata = None - if filename: - with open(filename, 'r') as f: - keydata = f.read() - key = UserPrivateKey(None, self.username, keydata) - postr = self.kmsClient.post(self.kmsUrl + self.privateKeysPrefix, data=json.dumps(key.dict()), headers=self.jsonHeaders) - if postr.status_code != requests.codes.ok: - print "Server refused to save new private key." - return - return filename - - @requiresAuth - def getStore(self, name): - """Get the first store (that the user has access to) matching the specified name.""" - for store in self.listStores(): - if store.friendly_name == name: - return store - - @requiresAuth - def createStore(self, store=None, name=None): - """Create a new store. - - :param store: Pre-prepared store to save to KMS. - :type store: Store - :param name: If no pre-prepared store, create new store with this name. If not supplied, store name will be "default". - :type name: string/unicode - :rtype: Store - - """ - if not store: - if not name: - name = "default" - store = Store(owner=self._getUsername(), friendly_name=name) - store.administrators.append(self._getUsername()) - - storejson = json.dumps(store.dict()) - # print storejson - postr = self.kmsClient.post(self.kmsUrl + self.storesPrefix, data=storejson, headers=self.jsonHeaders) - if postr.status_code != requests.codes.ok: - print "Server refused request to save store description." - print postr.status_code - print postr.text - return - - store = Store(postr.json) - storeFile = StoreProperties() - username = str(uuid.uuid4()) - password = binascii.b2a_hex(os.urandom(20)) - storeFile.ims_url = self.imsUrl - storeFile.kms_url = self.kmsUrl - storeFile.ims_user = {"ident": username, "secret": password} - - storeFile.providers = self.providers - self._createNewBucket(storeFile) - self._createAndStoreEmptyDirectory(store, storeFile) - - privateKeyFile = self._generatePKCS1Keypair() - if privateKeyFile: - publicKeyFile = self.__publicKeyFromPrivate(privateKeyFile) - storeFile.private_key_bytes = self.__readPrivateKeyFromFile(privateKeyFile) - storeFile.public_key_bytes = self.__readPublicKeyFromFile(publicKeyFile) - # print storeFile.private_key_bytes - # print storeFile.public_key_bytes - imsPublicKey = self._imsRegister(username, password, self.__readPublicKeyFromFile(publicKeyFile)) - storeFile.ims_public_key_bytes = imsPublicKey - # print imsPublicKey - _json = postr.json - if self._putStoreFile(store, storeFile): - putr = self.kmsClient.put(self.kmsUrl + self.storesPrefix, data=json.dumps(store.dict()), headers=self.jsonHeaders) - if putr.status_code != requests.codes.ok: - print "Sever refused request to save store file." - print putr.status_code - print putr.text - else: - _json = putr.json - self.__remove(publicKeyFile) - self.__remove(privateKeyFile) - return Store(_json) - - @requiresAuth - def updateStore(self, store): - """Update a store (where root file or permissions have changed, pressumably).""" - putr = self.kmsClient.put(self.kmsUrl + self.storesPrefix, data=json.dumps(store.dict()), headers=self.jsonHeaders) - if putr.status_code != requests.codes.ok: - print putr.status_code - print putr.text - else: - # update access - storeFile = self._getStoreFile(store) - self._putStoreFile(store, storeFile) - return Store(putr.json) - - @requiresAuth - def deleteStore(self, store): - """Delete a store (with the same id as this store, anyway). This is not recoverable!!""" - url = self.kmsUrl + self.storesPrefix + "/" + str(store.id) - delr = self.kmsClient.delete(url) - if delr.status_code != requests.codes.ok: - print delr.status_code - print url - print delr.text - - @requiresAuth - def changePassword(self, newPassword): - """Change the user's password to a new one. This requires the old password be known!""" - newKeyFile = self._changeKeyPassword(self.password, newPassword) - key = None - with open(newKeyFile, 'rb') as f: - key = f.read() - ans = requests.get("%s%s/%s" %(self.kmsUrl, self.saltPrefix, self.username)) - salt = base64.b64decode(ans.text) - sendNewPassword = base64.b64encode(ab64_decode(pbkdf2_sha256.encrypt(self.username + newPassword, rounds=1000, salt=salt).split("$")[-1])) - sendOldPassword = base64.b64encode(ab64_decode(pbkdf2_sha256.encrypt(self.username + self.password, rounds=1000, salt=salt).split("$")[-1])) - reset = {"password":sendNewPassword, "oldPassword":sendOldPassword, "key":{"username":self.username, "key": key}} - postr = self.kmsClient.post(self.kmsUrl + self.passwordResetPrefix, data=json.dumps(reset), headers=self.jsonHeaders) - if postr.status_code != requests.codes.ok: - print postr.status_code - print postr.text - - @requiresAuth - def listDirectory(self, store): - """List all the files in the given store. - - :rtype: Directory - - """ - directory = None - makeDirectory = False - storeFile = self._getStoreFile(store) - if storeFile and storeFile.bucket: - provider = self._getCloudService(storeFile) - tmpRoot = self._getPartFromCloud(store.index_codename, provider, storeFile.bucket) - if tmpRoot: - key = self._getKeyForFragment(store.index_codename, store.id) - if key: - tmpRoot = self._decryptPart(tmpRoot, key, store.iv) - if tmpRoot: - jsonText = "" - with open(tmpRoot) as f: - jsonText = f.read() - directory = Directory(jsonText=jsonText) - self.__remove(tmpRoot) - else: - makeDirectory = True - else: - makeDirectory = True - self.__remove(tmpRoot) - else: - makeDirectory = True - elif storeFile and len(storeFile.providers) > 0: - self._createNewBucket(storeFile) - makeDirectory = True - else: - print "has no bucket" - print storeFile - - if makeDirectory: - print "creating empty directory" - directory = self._createAndStoreEmptyDirectory(store, storeFile) - self.updateStore(store) - return directory - - @requiresAuth - def updateDirectory(self, directory, store): - # Check for conflicts!! - newName = unicode(uuid.uuid4()) - storeFile = self._getStoreFile(store) - provider = self._getCloudService(storeFile) - tmpText = json.dumps(directory.dict()) - tmpRoot = self.__temporaryFileWithBytes(tmpText) - key = self._generateKey() - store.iv = self._generateIV() - tmpRoot = self._encryptPart(tmpRoot, key, store.iv) - self._putPartInCloud(newName, provider, storeFile.bucket, tmpRoot) - self._setKeyForFragment(newName, key, store.id) - store.index_codename = newName - self.updateStore(store) - self.__remove(tmpRoot) - pass - - @requiresAuth - def getFile(self, store, files, threads=10): - storeFile = self._getStoreFile(store) - provider = self._getCloudService(storeFile) - if files: - keySets = self._getKeysForFragments(files.fragments, store.id) - if keySets: - clearFile = self.__temporaryFile() - with open(clearFile, 'r+b') as f: - junk = b'\x00' * (files.remote_size) - f.write(junk) - # with open(clearFile, 'wb') as f: - promises = []; - pool = ThreadPool(processes=threads) - for fragmentName in keySets: - fragment = None - for frag in files.fragments: - if frag.name == fragmentName: - fragment = frag - - promise = pool.apply_async(self._doFragmentDownload, [clearFile, fragmentName, provider, storeFile, keySets, fragment]) - promises.append(promise) - for order, promise in enumerate(promises): - self.__graphPrinter(order, len(promises)) - success = promise.get() - self.__graphPrinter(order + 1, len(promises)) - - if not success: - print "Error on part!" - break - files.local_path = clearFile - sys.stdout.write("\n") - sys.stdout.flush() - return clearFile - - def __graphPrinter(self, done, total): - completed = int(((done) * 100.0) / total) - sys.stdout.write(" |" + "=" * completed + "-" * (100 - completed) + "| \r") - sys.stdout.flush() - - @requiresAuth - def getBytes(self, start, end, store, files): - storeFile = self._getStoreFile(store) - provider = self._getCloudService(storeFile) - fragments = files.fragments - allData = None - sizeSoFar = 0 - for fragment, idx in enumerate(fragments): - if sizeSoFar + fragment.length >= start and sizeSoFar <= end: - # Get this fragment - key = self._getKeyForFragment(fragment, store.id) - isOkay = False - attempts = 0 - while not isOkay and attempts < 10: - tmpPart = self._getPartFromCloud(fragment.name, provider, storeFile.bucket) - if tmpPart: - isOkay = self._getVerifyPart(tmpPart, fragment.name, storeFile) - attempts += 1 - else: - break - if isOkay: - tmpPart2 = self._decryptPart(tmpPart, key, fragment.iv) - self.__remove(tmpPart) - if tmpPart2: - with open(tmpPart2, 'rb') as t: - if sizeSoFar <= start: - t.seek(start - sizeSoFar) - thisMuch = fragment.length - if sizeSoFar + fragment.length < end: - thisMuch = (sizeSoFar + fragment.length) - end - allData += t.read(thisMuch) - self.__remove(tmpPart2) - else: - print "File corrupt." - break - - sizeSoFar += fragment.length - return allData - - @requiresAuth - def updateFile(self, store, file_, path, directory): - """ - Update a file on TrustStore. - - :type store: Store - :param store: a store to upload the file to - - :type file_: File - :param file_: the File object to upload. Must have local_path - - :type path: Directory - :param path: the child folder to upload the File to. May be same as directory - - :type directory: Directory - :param directory: root folder - """ - # pr = cProfile.Profile() - # pr.enable() - print file_.name - if file_.remote_size <= 0: - file_.remote_size = os.path.getsize(file_.local_path) - if store and file_ and path and directory: - storeFile = self._getStoreFile(store) - if storeFile: - provider = self._getCloudService(storeFile) - fileSize = os.path.getsize(file_.local_path) - readFragments = 0 - displacement = 0 - optimalSize = self.__optimalPieceSize(fileSize) - promises = []; - pool = ThreadPool(processes=10) - if len(file_.fragments) > 0: - self._deleteKeysForFragments(file_.fragments, store.id) - count404 = 0 - for fragment in file_.fragments: - if self._deletePartFromCloud(fragment.name, provider, storeFile.bucket) == "404": - count404 += 1 - sys.stdout.write(" Trying to delete old file. Parts not found in cloud: " + str(count404) + " of " + str(len(file_.fragments)) + "\r") - sys.stdout.flush() - file_.fragments = [] - while fileSize > readFragments * optimalSize: - sys.stdout.write(" " + str(readFragments) + " optimal: " + str(optimalSize) + " file size: " + str(fileSize) + "\r") - sys.stdout.flush() - promise = pool.apply_async(self._doFragmentUpload, [file_.local_path, optimalSize, readFragments, displacement, storeFile, store.id, provider]) - readFragments += 1 - # ) # - displacement += optimalSize - promises.append(promise) - for order, promise in enumerate(promises): - self.__graphPrinter(order, len(promises)) - part = promise.get() - if part: - file_.fragments.append(part) - else: - print "Part broken?" - break - self.__graphPrinter(order + 1, len(promises)) - isUpdate = False - for child in path.children: - if file_.name == child.name: - # Assume update. - child = file_ - isUpdate = True - if not isUpdate: - path.children.append(file_) - # print directory - self.updateDirectory(directory, store) - sys.stdout.write("\n") - sys.stdout.flush() - else: - print "Hey, you can't upload that! : " + file_.local_path - # pr.disable() - # pr.print_stats(1) - - @requiresAuth - def delFile(self, store, fileName, path, directory): - if store and fileName and path and directory: - for child in path.children: - print child.name - path.children[:] = [child for child in path.children if self._deleteChildren(fileName, child, store)] - self.updateDirectory(directory, store) - elif store and path and directory: - for child in path.children: - print child.name - self._deleteChildren(None, child, store) - path.children = [] - self.updateDirectory(direcroty, store) - else: - print "Not enough information to delete!" - - @requiresAuth - def addFile(self, store, file_, path, directory): - if store and file_ and path and directory and os.path.exists(file_.local_path): - self.updateFile(store, file_, path, directory) - else: - print "Hey, you can't upload that! " + file_.local_path - - ## Past here should no user go. - - def _createAndStoreEmptyDirectory(self, store, storeFile): - directory = Directory() - newName = unicode(uuid.uuid4()) - store.iv = self._generateIV() - provider = self._getCloudService(storeFile) - tmpText = json.dumps(directory.dict()) - tmpRoot = self.__temporaryFileWithString(tmpText) - key = self._generateKey() - tmpRoot = self._encryptPart(tmpRoot, key, store.iv) - self._putPartInCloud(newName, provider, storeFile.bucket, tmpRoot) - self._setKeyForFragment(newName, key, store.id) - store.index_codename = newName - self.__remove(tmpRoot) - return directory - - def _createNewBucket(self, storeFile): - storeFile.bucket = "truststore-" + str(uuid.uuid4()) - provider = self._getCloudService(storeFile) - provider.create_bucket(storeFile.bucket) - - - def _deleteChildren(self, fileName, child, store): - if fileName == child.name or fileName == None: - storeFile = self._getStoreFile(store) - if storeFile: - try: - self._deleteKeysForFragments(child.fragments, store.id) - provider = self._getCloudService(storeFile) - count404 = 0 - for fragment in child.fragments: - if self._deletePartFromCloud(fragment.name, provider, storeFile.bucket) == "404": - count404 += 1 - sys.stdout.write(" Trying to delete old file. Parts not found in cloud: " + str(count404) + " of " + str(len(child.fragments)) + "\r") - sys.stdout.flush() - child.fragments = [] - print "\n" - print "Deleted file " + fileName - except AttributeError: - for subs in child.children: - print subs.name - self._deleteChildren(None, subs, store) - return False - else: - return True - - def _doFragmentDownload(self, filename, fragmentName, provider, storeFile, keySets, fragment): - isOkay = False - tries = 0 - sucess = False - tmpPart = None - while not isOkay and tries < 10: - tmpPart = self._getPartFromCloud(fragmentName, provider, storeFile.bucket) - if tmpPart: - isOkay = self._getVerifyPart(tmpPart, fragmentName, storeFile) - tries += 1 - else: - break - if isOkay: - tmpPart2 = self._decryptPart(tmpPart, keySets[fragmentName], fragment.iv) - if tmpPart2: - with open(tmpPart2, 'rb') as t: - currentSize = os.path.getsize(filename) - data = t.read() - if currentSize <= fragment.offset: - with open(filename, 'a+b') as f: - if currentSize < fragment.offset: - sys.stdout.write(" !! :(") - junk = b'\x00' * (fragment.offset - currentSize) - f.write(junk) - f.write(data) - sys.stdout.write(" Piece " + str(fragment.order) + " \t\t\r") - sys.stdout.flush() - sucess = True - else: - with open(filename, 'r+b') as f: - f.seek(fragment.offset, 0) - sys.stdout.write(" Piece " + str(fragment.order) + " \t\t\r") # + ": " + str(f.tell()) + ": " + str(len(data)) + "\r") - sys.stdout.flush() - f.write(data) - sucess = True - self.__remove(tmpPart2) - else: - print "Part broken!!" - self.__remove(tmpPart) - return sucess - - def _doFragmentUpload(self, localPath, optimalSize, readFragments, displacement, storeFile, storeId, provider): - fragment = Fragment() - with open(localPath, 'rb') as f: - fragment.length = optimalSize - fragment.order = readFragments - fragment.providers = storeFile.providers - fragment.offset = displacement - f.seek(displacement) - data = f.read(fragment.length) - # sys.stdout.write(" " + str(fragment.order) + " displacement: " + str(displacement) + " length: " + str(fragment.length) - # + "\r") - # sys.stdout.flush() - if len(data) < fragment.length: - fragment.length = len(data) - # sys.stdout.write(" " + str(fragment.order) + " true length: " + str(len(data)) + " \r") - sys.stdout.flush() - - tmpDataFile = self.__temporaryFileWithBytes(data) - key = self._generateKey() - fragment.name = unicode(uuid.uuid4()) - fragment.iv = self._generateIV() - encryptedPart = self._encryptPart(tmpDataFile, key, fragment.iv) - self._putPartInCloud(fragment.name, provider, storeFile.bucket, encryptedPart) - self._setKeyForFragment(fragment.name, key, storeId) - self._storeVerifyPart(encryptedPart, fragment.name, storeFile) - # sys.stdout.write(" Finished fragment " + unicode(readFragments) + " \r") - sys.stdout.flush() - self.__remove(tmpDataFile) - self.__remove(encryptedPart) - return fragment - - def _getStoreFile(self, store): - getr = self.kmsClient.get(self.kmsUrl + self.filesPrefix + "/" + unicode(store.id)) # + "/" + unicode(store.filename)) - message = getr.content - if message: - clear = self._decryptStoreFileUsingPrivateKeyfile(message, self.keyFile) - if clear: - # print clear - try: - storefile = json.loads(clear) - storeProps = StoreProperties(eDict=storefile) - # print json.dumps(storeProps.dict()) - return storeProps - except simplejson.scanner.JSONDecodeError: - print "This profile is probably XML." - else: - print "Failed to decrypt profile, download status code: " + str(getr.status_code) - - def _putStoreFile(self, store, storeFile): - success = False - userList = [] - userList += store.readers - userList += store.writers - userList += store.administrators - userList.append(store.owner) - userList = list(set(userList)) - storeDict = storeFile.dict() - messageFile = self._encryptStoreFileForUsers(json.dumps(storeDict), userList) - # print json.dumps(storeDict) - if messageFile: - with open(messageFile, 'rb') as f: - message = {'filename': ("file", f)} # this filename "file" is never read but it needs to be there to be valid so it's just whatever. - url = self.kmsUrl + self.filesPrefix + "/" + unicode(store.id) - postr = self.kmsClient.post(url, files=message) - # print postr.request.headers - # print postr.request.data - self.__remove(messageFile) - if postr.status_code == requests.codes.ok: - success = True - else: - print postr.status_code - print postr.text - print "Failed to put Store File" - print url - print store.id - return success - - def _getCloudService(self, storeFile): - for provider in storeFile.providers: - api = provider['api'] - if api == "nectar" or api == "s3": - calling = botoConn.SubdomainCallingFormat() - if api == "nectar": - calling = botoConn.OrdinaryCallingFormat() - user = provider['userCredentials'] - endpoint = provider['endpoint'] - connection = botoConn.S3Connection( - aws_access_key_id=user['ident'], - aws_secret_access_key=user['secret'], - port=urlparse(endpoint).port, - host=urlparse(endpoint).hostname, - is_secure=True, - validate_certs=False, - calling_format=calling - ) - return connection - - def _changeKeyPassword(self, old, new): - newKey = self.keyFile + ".new" - openssl = [self.openSSL, 'rsa', '-aes128', '-in', self.keyFile, '-out', newKey, '-passin', 'pass:' + old, '-passout', 'pass:' + new] - okay = subprocess.call(openssl) - if (okay == 0): - self.keyFile = newKey - return newKey - else: - return False - - def _getPublicCertFor(self, username): - getr = self.kmsClient.get(self.kmsUrl + self.publicKeysPrefix + "/" + username) - return UserPublicCertificate(getr.json) - - def _setPublicCert(self, username): - publicCertFile = self.__makeRSACertificateFromPrivate(self.keyFile) - if publicCertFile: - certificate = self.__readCertificateFromFile(publicCertFile) - cert = UserPublicCertificate(None, username, certificate) - headers = {'Content-type': 'application/json', 'Accept': 'application/json'} - self.kmsClient.post(self.kmsUrl + self.publicKeysPrefix, data=json.dumps(cert.dict()), headers=headers) - self.__remove(publicCertFile) - - def _checkPublicCert(self, cert): - print "Checking your certificate..." - certFile = self.__writeCertificateToFile(cert.certificate) - openssl = [self.openSSL, 'x509', '-in', certFile, '-modulus', '-noout'] - # certModulus = subprocess.check_output(openssl) - p = subprocess.Popen(openssl, stdout=subprocess.PIPE) - certModulus = p.communicate()[0] - openssl = [self.openSSL, 'rsa', '-in', self.keyFile, '-modulus', '-noout'] - if self.password: - openssl.append("-passin") - openssl.append("pass:" + self.password) - - keyModulus = subprocess.check_output(openssl) - - if (certModulus == keyModulus): - self.__remove(certFile) - return True - else: - print certFile - print certModulus - print keyModulus - return False - - - def _getKeyForFragment(self, fragmentName, storeID): - getr = self.kmsClient.get(self.kmsUrl + self.keysPrefix + "/" + unicode(storeID), params={'codenames': fragmentName}) - if getr.status_code != requests.codes.ok or not getr.json: - print getr.status_code - print "Failed to get key for fragment" - if not getr.json: - print "No key for that fragment known." - return - return base64.b64decode(getr.json[0]['key']) - - def _getKeysForFragments(self, fragments, storeID): - codenames = [fragment.name for fragment in fragments] - args = [iter(codenames)] * 20 - batches = izip_longest(fillvalue=None, *args) - sets = {} - for batch in batches: - getr = self.kmsClient.get(self.kmsUrl + self.keysPrefix + "/" + unicode(storeID), params={'codenames': batch}) - if getr.json: - sets.update(dict([(key['codename'], base64.b64decode(key['key'])) for key in getr.json])) - elif getr.status_code != requests.codes.ok: - print "Failed to get keys for " + str(len(batch)) + " fragments." - print getr - print getr.text - return sets - - def _setKeysForFragments(self, storeID, keySets): - data = json.dumps([{'codename': fragmentName, 'key': base64.b64encode(keySets[fragmentName]), 'expiryDate': None} for fragmentName in keySets]) - headers = {'Content-type': 'application/json', 'Accept': 'application/json'} - postr = self.kmsClient.post(self.kmsUrl + self.keysPrefix + "/" + unicode(storeID), data=data, headers=headers) - if postr.status_code != requests.codes.ok: - print postr.status_code - print "Failed to set keys for fragments" - - def _deleteKeysForFragments(self, fragments, storeID): - codenames = [fragment.name for fragment in fragments] - url = self.kmsUrl + self.keysPrefix + "/" + unicode(storeID) - args = [iter(codenames)] * 20 - batches = izip_longest(fillvalue=None, *args) - for batch in batches: - try: - delr = self.kmsClient.delete(url, params={'codenames': batch}) - if delr.status_code != requests.codes.ok: - print delr.status_code - print delr.text - print delr.content - print "Failed to delete keys." - except requets.exceptions.ConnectionError as e: - print (e) - print url - print batch - - - def _setKeyForFragment(self, fragmentName, key, storeID): - data = json.dumps([{'codename': fragmentName, 'key': base64.b64encode(key), 'expiryDate': None}]) - headers = {'Content-type': 'application/json', 'Accept': 'application/json'} - postr = self.kmsClient.post(self.kmsUrl + self.keysPrefix + "/" + unicode(storeID), data=data, headers=headers) - if postr.status_code != requests.codes.ok: - print postr.status_code - print postr.text - print "Failed to set key for fragment" - - def _decryptStoreFileUsingPrivateKeyfile(self, message, keyFile): - - publicCertificate = self._getPublicCertFor(self.username).certificate - - clearMessage = "" - messageFileName = self.__temporaryFileWithBytes(message) - decryptedFileName = self.__temporaryFile() - certFileName = self.__writeCertificateToFile(publicCertificate) - - openssl = [self.openSSL, 'cms', '-decrypt', - '-in', messageFileName, - '-out', decryptedFileName, - '-recip', certFileName, - '-inkey', keyFile, - '-inform', 'DER'] - - if self.password: - openssl.append("-passin") - openssl.append("pass:" + self.password) - - # decrypt - # openssl smime -decrypt -in encrypted -out decrypted -recip public_cert -inkey private_key - try: - okay = subprocess.call(openssl) - - if (okay == 0): - with open(decryptedFileName) as decryptFile: - clearMessage = decryptFile.read() - else: - print okay - print "Failed to decrypt store file " - # + messageFileName - except TypeError: - print "Failed to call OpenSSL properly:" - print openssl - - # print certFileName - self.__remove(certFileName) - # print messageFileName - self.__remove(messageFileName) - self.__remove(decryptedFileName) - - return clearMessage - - def _encryptStoreFileForUsers(self, plain, userlist): - certificateList = [self._getPublicCertFor(username).certificate for username in userlist] - certificateFileList = [self.__writeCertificateToFile(cert) for cert in certificateList] - decryptedFileName = self.__temporaryFileWithString(plain) - encryptFileName = self.__temporaryFile() - - argList = [self.openSSL, 'cms', '-encrypt', '-aes128', - '-in', decryptedFileName, - '-out', encryptFileName, - '-outform', 'DER'] - argList += certificateFileList - # print argList - okay = subprocess.call(argList) - - self.__remove(decryptedFileName) - for cert in certificateFileList: - self.__remove(cert) - - if okay != 0: - print okay - print "Failed to encrypt store file" - print argList - return False - else: - for cert in certificateFileList: - self.__remove(cert) - return encryptFileName - - def _getPartFromCloud(self, codename, provider, bucketName): - attempts = 0 - while attempts < 20: - try: - bucket = provider.get_bucket(bucketName) - k = botoKey(bucket) - k.key = codename - tmpPart = self.__temporaryFile() - k.get_contents_to_filename(tmpPart) - return tmpPart - except (boto.exception.S3ResponseError, boto.exception.BotoServerError) as e: - if e.status == 403 or e.status == "403": - sys.stdout.write(" Error talking to " + str(provider) + ", attempt: " + str(attempts + 1) + " (403) \r") - else: - sys.stdout.write(" Error talking to " + str(provider) + ", attempt: " + str(attempts + 1) + ": " + str(e) + " \r") - sys.stdout.flush() - attempts += 1 - - def _putPartInCloud(self, codename, provider, bucketName, part): - attempts = 0 - while attempts < 20: - try: - bucket = provider.get_bucket(bucketName) - k = botoKey(bucket) - k.key = codename - k.set_contents_from_filename(part) - return - except boto.exception.S3ResponseError: - sys.stdout.write(" Encountered a storing error talking to " + str(provider) + ", attempt: " + str(attempts + 1) + "\r") - sys.stdout.flush() - attempts += 1 - - def _deletePartFromCloud(self, codename, provider, bucketName): - attempts = 0 - while attempts < 10: - try: - bucket = provider.get_bucket(bucketName) - k = botoKey(bucket) - k.key = codename - bucket.delete_key(k) - return - except boto.exception.S3ResponseError as e: - if "404" not in str(e): - sys.stdout.write(" Encountered a delete error talking to " + str(provider) + ", attempt: " + str(attempts + 1) + "\r") - sys.stdout.flush() - attempts += 1 - else: - return "404" - - def _decryptPart(self, part, key, iv): - decryptedPart = self.__temporaryFile() - mode = '-aes-128-cbc' - if not iv: - mode = '-aes-128-ecb' - iv = b'\x00' - argList = [self.openSSL, 'enc', mode, '-d', '-in', part, '-out', decryptedPart, '-K', binascii.b2a_hex(key), '-iv', binascii.b2a_hex(iv)] - okay = subprocess.call(argList) - # print argList - - if okay != 0: - print okay - print "Failed to decrypt part" - print argList - self.__remove(decryptedPart) - return - return decryptedPart - - def _encryptPart(self, part, key, iv): - encryptedPart = self.__temporaryFile() - mode = '-aes-128-cbc' - if not iv: - mode = '-aes-128-ecb' - iv = b'\x00' - argList = [self.openSSL, 'enc', mode, '-in', part, '-out', encryptedPart, '-K', binascii.b2a_hex(key), '-iv', binascii.b2a_hex(iv)] - okay = subprocess.call(argList) - # print argList - - if okay != 0: - print okay - print "Failed to encrypt part" - print argList - return encryptedPart - - def _imsRegister(self, username, password, publicKey): - url = urljoin(self.imsUrl, "rest/user/" + username) - headers = {'passwd': password} - # postr = requests.post(url, headers=headers, data=base64.b64encode(publicKey)) - - postr = requests.post(url, headers=headers, data={'passwd': password, 'publicKey': base64.b64encode(publicKey)}) - if postr.text and postr.status_code == 200: - text = self.__cleanString(postr.text) - try: - # print "IMS Public Key" - # print text - return base64.b64decode(text) - except (UnicodeError, TypeError): - print "Error getting IMS Public certificate." - return postr.content - else: - print unicode(postr.status_code) + " received while trying to register with IMS." - print postr.text - - def _getVerifyPart(self, part, partName, storeFile): - isOkay = False - url = urljoin(storeFile.ims_url, "rest/hash/" + storeFile.ims_user['ident']) - headers = {'passwd': storeFile.ims_user['secret']} - params = {"codename": partName} - getr = requests.get(url, headers=headers, params=params) - if getr.text and getr.json: - # try: - # resp = xmltodict.parse(getr.text) - resp = getr.json - # if "html" not in resp and "hashInfo" in resp: - if "doubleSignature" in resp: - # resp = resp["hashInfo"] - keyFile = self.__writePublicKeyToFile(storeFile.public_key_bytes) - - signature = base64.b64decode(resp["doubleSignature"]) - sigFile = self.__temporaryFileWithBytes(signature) - meta = resp["signableMetaInfo"] - plainfile = self.__temporaryFileWithString(meta) - - argList = [self.openSSL, 'dgst', '-sha1', '-verify', keyFile, '-signature', sigFile, plainfile] - okay = subprocess.check_output(argList) - verified = (okay and okay == "Verified OK\n") - - self.__remove(sigFile) - self.__remove(keyFile) - self.__remove(plainfile) - if not verified: - print "Unable to verify part." - return isOkay - - sums, imsSum = "", "" - with open(part, 'rb') as f: - sums = hashlib.md5(f.read()).hexdigest() - imsSum = meta[:meta.find("$")] - if sums == imsSum: - isOkay = True - else: - print imsSum - print sums - else: - print resp - # except Exception as e: - # print url - # print getr.text - # print e - return isOkay - - def _storeVerifyPart(self, part, partName, storeFile): - isOkay = False - headers = {'passwd': storeFile.ims_user['secret']} - sums = "" - with open(part, 'rb') as f: - sums = hashlib.md5(f.read()).hexdigest() - - imsKeyfile = self.__writePublicKeyToFile(storeFile.ims_public_key_bytes) - - signable = sums + "$" + partName + "$" + datetime.utcnow().isoformat() - - signableFile = self.__temporaryFileWithString(signable) - - signable64 = base64.b64encode(signable) - url = urljoin(storeFile.ims_url, "rest/sign/" + signable64) - getr = requests.get(url, headers=headers) - if getr.text: # and "string" in getr.text: - resp = getr.text # xmltodict.parse(getr.text) - resp = resp.replace("\\r\\n", "\n") - signature = base64.b64decode(resp) #["string"]) - # print resp - # print len(signature) - # print len(storeFile.ims_public_key_bytes) - - imsSignatureFile = self.__temporaryFileWithBytes(signature) - - argList = [self.openSSL, 'dgst', '-sha1', '-verify', imsKeyfile, '-signature', imsSignatureFile, signableFile] - okay = subprocess.check_output(argList) - verified = (okay == "Verified OK\n") - self.__remove(imsSignatureFile) - if not verified: - print "Unable to make digest." - print argList - else: - nonce = os.urandom(4) - nonceFile = self.__temporaryFileWithBytes(nonce) - encryptedNonceFile = self.__temporaryFile() - argList = [self.openSSL, 'rsautl', '-encrypt', '-pubin', '-inkey', imsKeyfile, '-in', nonceFile, '-out', encryptedNonceFile] - okay = subprocess.call(argList) - if okay != 0: - print "Unable to encrypt test." - print argList - else: - encryptedNonce = "" - with open(encryptedNonceFile, 'rb') as f: - encryptedNonce = f.read() - - signatureFile = self.__temporaryFile() - privKeyFile = self.__writePrivateKeyToFile(storeFile.private_key_bytes) - argList = [self.openSSL, 'dgst', '-sha1', '-sign', privKeyFile, '-out', signatureFile, signableFile] - okay = subprocess.call(argList) - if okay == 0: - - signature = "" - with open(signatureFile, 'rb') as f: - signature = f.read() - - url = urljoin(storeFile.ims_url, "rest/check/" + storeFile.ims_user['ident']) - params = { - "nonce": base64.b64encode(encryptedNonce), - "doubleSig": base64.b64encode(signature), - "xml": signable - } - getr = requests.get(url, headers=headers, params=params) - # print url - # print headers - # print params - if getr.text: # and "string" in getr.text and xmltodict.parse(getr.text)["string"]: - resp = self.__cleanString(getr.text) - resp = base64.b64decode(resp) #xmltodict.parse(getr.text)["string"]) - - imsEncryptedNonceFile = self.__temporaryFileWithBytes(resp) - - imsNonceFile = self.__temporaryFile() - argList = [self.openSSL, 'rsautl', '-decrypt', '-inkey', privKeyFile, '-out', imsNonceFile, '-in', imsEncryptedNonceFile] - okay = subprocess.call(argList) - if okay != 0: - return isOkay - - imsNonce = "" - with open(imsNonceFile, 'r') as f: - imsNonce = f.read() - - if imsNonce != nonce: - return isOkay - - url = urljoin(storeFile.ims_url, "rest/storehash/" + storeFile.ims_user['ident']) - payload = {"xml": signable, "doublesign": base64.b64encode(signature), "codename": partName} - postr = requests.post(url, headers=headers, params=params, data=payload) - if postr.text and "OK" in postr.text: # and "string" in postr.text - isOkay = True - else: - print postr.text - - self.__remove(imsEncryptedNonceFile) - self.__remove(imsNonceFile) - else: - print getr.text - else: - print "Unable to sign digest." - self.__remove(signatureFile) - self.__remove(privKeyFile) - self.__remove(nonceFile) - self.__remove(encryptedNonceFile) - self.__remove(imsSignatureFile) - else: - print getr.text - self.__remove(imsKeyfile) - self.__remove(signableFile) - return isOkay - - def __temporaryFile(self): - fileName = "" - with NamedTemporaryFile(delete=False) as aFile: - fileName = aFile.name - return fileName - - def __temporaryFileWithString(self, string): - fileName = self.__temporaryFile() - with open(fileName, 'w') as f: - if string: - f.write(string) - return fileName - - def __temporaryFileWithBytes(self, bytes): - fileName = self.__temporaryFile() - with open(fileName, 'wb') as f: - if bytes: - f.write(bytes) - return fileName - - def __writeCertificateToFile(self, cert): - certFile = self.__temporaryFile() - header = DASHES + BEGIN + " " + CERTIFICATE + DASHES - footer = DASHES + END + " " + CERTIFICATE + DASHES - with open(certFile, 'w') as f: - if not cert.startswith(header): - f.write(header + "\n") - formatted = "\n".join([line for line in cert.splitlines() if line]) - f.write(formatted) - if not cert.endswith(footer): - f.write("\n" + footer) - return certFile - - def __readCertificateFromFile(self, file_): - cert = None - with open(file_, 'r') as f: - first = f.readline() - if first == DASHES + BEGIN + " " + CERTIFICATE + DASHES + "\n": - cert = f.readlines() - cert = [line for line in cert if line] - cert = cert[:-1] - cert = "\n".join(cert) - else: - cert = first + f.read() - return cert - - def __writePublicKeyToFile(self, key): - return self.__writeKeyToFile(key, PUBLIC) - - def __readPublicKeyFromFile(self, keyFile): - return self.__readKeyFromFile(keyFile, PUBLIC) - - def __readPrivateKeyFromFile(self, keyFile): - return self.__readKeyFromFile(keyFile, PRIVATE) - - def __writePrivateKeyToFile(self, key): - return self.__writeKeyToFile(key, PRIVATE) - - def __writeKeyToFile(self, key, keyname): - keyFile = self.__temporaryFile() - if not self.__probablyBase64(key): - key = base64.b64encode(key) - publicKey = textwrap.fill(key, 63) - # print "KEY" - # print publicKey - with open(keyFile, 'w') as f: - f.write(DASHES + BEGIN + " " + keyname + " " + KEY + DASHES + "\n") - f.write(publicKey) - f.write("\n" + DASHES + END + " " + keyname + " " + KEY + DASHES) - return keyFile - - def __readKeyFromFile(self, keyFile, keyname): - key = None - with open(keyFile) as f: - key = f.read() - if key.startswith(DASHES + BEGIN + " " + keyname + " " + KEY + DASHES + "\n"): - key = "".join(key.splitlines()[1:-1]) - if "\\r\\n" in key: - key = key.replace("\\r\\n", "") - if self.__probablyBase64(key): - key = base64.b64decode(key) - return key - - def _getUsername(self): - getr = self.kmsClient.get(self.kmsUrl + self.usernamesPrefix) - username = None - if getr.json: - try: - username = getr.json[0] - except KeyError: - print getr.json - if username: - myCert = self._getPublicCertFor(username) - if not myCert.certificate: - self._setPublicCert(username) - elif not self._checkPublicCert(myCert): - print "Woah, your certificate isn't valid!" - if self.headless: - sys.exit(1) - else: - reset = raw_input("A new certificate can be created, but all other users will need to re-add you to any shared stores, and you will lose access to any stores you own. Do you want to make a new certificate? (Y for yes, all other input means no): ") - if reset == 'Y' or reset == 'y' or reset == 'yes' or reset == "YES": - self._setPublicCert(username) - else: sys.exit(0) - - return username - - def _generateKey(self): - """128-bit Pseudo-Random Key""" - return os.urandom(16) - - def _generateIV(self): - """128-bit IV""" - return os.urandom(16) - - def _generateKeypair(self, filename=None, encrypt=True): - if not filename: - filename = self.__temporaryFile() - unencrypted = self.__temporaryFile() - if self.password or not encrypt: - # argList = [self.openSSL, 'genrsa', '-aes128', '-out', filename, '-passout', 'pass:' + self.password, '4096'] - argList = [self.openSSL, 'genrsa', '-out', unencrypted, '4096'] - try: - okay = subprocess.call(argList) - if okay != 0: - self.__remove(unencrypted) - unencrypted = False - filename = False - elif encrypt: - argList = [self.openSSL, 'pkcs8', '-topk8', '-v2', 'aes128', '-in', unencrypted, '-out', filename, '-passout', 'pass:' + self.password] - try: - okay = subprocess.call(argList) - if okay != 0: - filename = False - except TypeError: - filename = False - else: - self.__remove(filename) - filename = unencrypted - except TypeError: - self.__remove(filename) - filename = False - else: - self.__remove(filename) - filename = False - if encrypt: - self.__remove(unencrypted) - return filename - - def _generatePKCS1Keypair(self): - filename = self.__temporaryFile() - certFile = self.__temporaryFile() - confFile = os.path.join(os.path.realpath(os.path.dirname(__file__)), 'certs.conf') - days = 365*20 - argList = [self.openSSL, 'req', '-x509', '-out', certFile, '-newkey', 'rsa:4096', '-keyout', filename, '-days', unicode(days), '-nodes', '-config', confFile] - try: - okay = subprocess.call(argList) - if okay != 0: - self.__remove(filename) - filename = False - except TypeError: - self.__remove(filename) - filename = False - self.__remove(certFile) - return filename - - def __makeRSACertificateFromPrivate(self, privateKeyFile): - certificateFile = self.__temporaryFile() - confFile = os.path.join(os.path.realpath(os.path.dirname(__file__)), 'certs.conf') - days = 365*20 - argList = [self.openSSL, 'req', '-new', '-x509', '-key', privateKeyFile, '-out', certificateFile, '-days', unicode(days), '-nodes', '-config', confFile] - if self.password: - argList.append("-passin") - argList.append("pass:" + self.password) - try: - okay = subprocess.call(argList) - if okay != 0: - self.__remove(certificateFile) - return False - return certificateFile - except TypeError: - print "Error making certficate." - print argList - self.__remove(certificateFile) - - def __publicKeyFromPrivate(self, privateKeyFile): - publicKeyFile = self.__temporaryFile() - argList = [self.openSSL, 'rsa', '-pubout', '-outform', 'DER', '-in', privateKeyFile, '-out', publicKeyFile] - if self.password: - argList.append("-passin") - argList.append("pass:" + self.password) - okay = subprocess.call(argList) - if okay == 0: - return publicKeyFile - self.__remove(publicKeyFile) - return False - - def __probablyBase64(self, s): - return (len(''.join(s.split())) % 4 == 0) and re.match('^[A-Za-z0-9+/]+[=]{0,2}$', s) - - def __cleanString(self, s): - openTag = "<string>" - closeTag = "</string>" - - if s.startswith(openTag): - return s[len(openTag):-len(closeTag)] - s = s.replace("\\r\\n", "\n") - return s - - def __optimalPieceSize(self, totalSize): - Dpieces = totalSize / 100 - if Dpieces < self.pieceSize: - return self.pieceSize - return Dpieces - - def __remove(self, path): - try: - os.remove(path) - except OSError: - pass - -class Store(object): - id = None - index_codename = None - friendly_name = None - owner = None - iv = None - # readers = [] - # writers = [] - # administrators = [] - - def __init__(self, props=None, index_codename="", friendly_name="", filename="", owner="", readers=None, writers=None, administrators=None, iv=None): - self.readers = [] - self.writers = [] - self.administrators = [] - if props: - self.id = props['id'] - self.index_codename = props['indexCodename'] - self.friendly_name = props['friendly_name'] - self.owner = props['owner'] - self.readers = props['readers'] - self.writers = props['writers'] - self.administrators = props['administrators'] - if props['iv']: - self.iv = base64.b64decode(props['iv']) - else: - self.index_codename = index_codename - self.friendly_name = friendly_name - # self.filename = filename - self.owner = owner - if readers: - self.readers = readers - if writers: - self.writers = writers - if administrators: - self.administrators = administrators - self.iv = iv - - def __str__(self): - message = u'\n' + unicode(self.friendly_name) - message += u'\n\tOwner: ' + unicode(self.owner) - message += u'\n\tReaders: ' + unicode(self.readers) - message += u'\n\tWriters: ' + unicode(self.writers) - message += u'\n\tAdmins: ' + unicode(self.administrators) - return message - - def __repr__(self): - return str(self) - - def dict(self): - this = { - "id": self.id, - "indexCodename": self.index_codename, - "friendly_name": self.friendly_name, - # "fileName": self.filename, - "owner": self.owner, - "readers": self.readers, - "writers": self.writers, - "administrators": self.administrators - } - if self.iv: - this["iv"] = base64.b64encode(self.iv) - return this - - -class StoreProperties(object): - sas_url = "" - providers = [] - kms_url = "" - kms_user = None - ims_url = "" - ims_user = None - bucket = None - public_key_bytes = None - private_key_bytes = None - ims_public_key_bytes = None - - def __init__(self, eDict=None): - self.providers = [] - if eDict: - self.kms_url = eDict['kmsServiceUrl'] - self.private_key_bytes = base64.b64decode(eDict['privateKeyBytes']) - self.sas_url = eDict['sasServiceUrl'] - self.ims_user = eDict['imsUser'] - self.providers = eDict['storageProviders'] - self.public_key_bytes = base64.b64decode(eDict['publicKeyBytes']) - self.ims_url = eDict['imsServiceUrl'] - self.kms_user = eDict['kmsUser'] - self.bucket = eDict['workspace'] - self.ims_public_key_bytes = base64.b64decode(eDict['imsPublicKeyBytes']) - - def dict(self): - return {'kmsServiceUrl': self.kms_url, - 'privateKeyBytes': binascii.b2a_base64(self.private_key_bytes), - 'sasServiceUrl': self.sas_url, - 'imsUser': self.ims_user, - 'storageProviders': self.providers, - 'publicKeyBytes': binascii.b2a_base64(self.public_key_bytes), - 'imsServiceUrl': self.ims_url, - 'kmsUser': self.kms_user, - 'workspace': self.bucket, - 'imsPublicKeyBytes': binascii.b2a_base64(self.ims_public_key_bytes)} - - def __repr__(self): - return json.dumps(self.dict(), sort_keys=True, indent=4) - - -class UserPublicCertificate(object): - username = None - certificate = None - - def __init__(self, props=None, username="", certificate=None): - if props: - self.username = props['username'] - self.certificate = props['key'] - else: - self.username = username - self.certificate = certificate - - def dict(self): - return { - 'username': self.username, - 'key': self.certificate - } - - def __repr__(self): - return json.dumps(self.dict(), sort_keys=True, indent=4) - -class UserPrivateKey(UserPublicCertificate): - pass - - -class Config(object): - def __init__(self, ims, kms, key, secret): - self.kmsUrl = kms - self.imsUrl = ims - self.client_key = key - self.client_secret = secret - - -class TrustStoreClientAuthenticationException(Exception): - def __init__(self, message, isConfigured=False): - self.message = message - self.isConfigured = isConfigured - - def __str__(self): - msg = repr(self.message) + " note: " - if self.isConfigured: - msg += " login attempt was made." - else: - msg += " not currently authenticated" - return msg - - -class OpenSSLVersionException(Exception): - def __init__(self, version): - self.version = version - - def __str__(self): - return "The version of openssl (" + self.version + ") is too old!"
--- a/PythonTrustStore-0.2.0/py_ts/certs.conf Wed Dec 11 21:05:53 2013 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ -prompt = no -distinguished_name = req_distinguished_name - -[ req_distinguished_name ] -C = AU -ST = None -L = None -O = TrustStore -OU = None -CN = TrustStore - -emailAddress = nobody@nowhere.com \ No newline at end of file
--- a/PythonTrustStore-0.2.0/py_ts/parts.py Wed Dec 11 21:05:53 2013 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,121 +0,0 @@ -import pprint -import json -import base64 -import traceback - - -class Elem(object): - expires = -1 - name = "Elem" - remote_size = -1 - remote_last_modified = -1 - - def __init__(self, eDict=None): - if eDict: - self.expires = eDict['expiryDateTime'] - self.name = eDict['name'] - self.remote_size = eDict['remoteSize'] - if 'remoteLastmodified' in eDict: - self.remote_last_modified = eDict['remoteLastmodified'] - # if self.remote_last_modified >= 0: - # self.remote_last_modified = datetime.utcfromtimestamp(self.remote_last_modified / 1000) # JAVA RAGE - - def dict(self): - return {'expiryDateTime': self.expires, - 'name': self.name, - 'remoteSize': self.remote_size} - - def __repr__(self): - # return json.dumps(self.dict(), sort_keys=True, indent=4) - return "Elem: " + pprint.pformat(self.dict()) - - -class Directory(Elem): - name = "Virtual Directory" - children = [] - - def __init__(self, eDict=None, jsonText=None): - self.children = [] - if jsonText: - eDict = json.loads(jsonText) - if eDict: - Elem.__init__(self, eDict=eDict) - - for child in eDict['children']: - if child['isDir']: - self.children.append(Directory(child)) - else: - self.children.append(File(child)) - - def dict(self): - me = Elem.dict(self) - me['isDir'] = True - me['children'] = [kid.dict() for kid in self.children] - return me - - def __repr__(self): - this = self.dict() - return "Directory: " + pprint.pformat(this) - # return json.dumps(this, sort_keys=True, indent=4) - - -class File(Elem): - name = "file" - remote_size = 0 - local_path = "" - fragments = [] - - def __init__(self, extras=None): - self.fragments = [] - if extras: - Elem.__init__(self, eDict=extras) - - for fragment in extras['fragments']: - self.fragments.append(Fragment(fragment)) - - def dict(self): - me = Elem.dict(self) - me['isDir'] = False - me['fragments'] = [fragment.dict() for fragment in self.fragments] - return me - - def __repr__(self): - # return json.dumps(self.dict(), sort_keys=True, indent=4) - return "File: " + pprint.pformat(self.dict()) - - -class Fragment(object): - name = "" - order = 0 - providers = [] - # Newer root files have these - length = None - iv = None - offset = None - - def __init__(self, eDict=None): - if eDict: - self.name = eDict['codename'] - self.order = eDict['orderNo'] - self.providers = eDict['sasProviders'] - if "length" in eDict: - self.length = eDict["length"] - if "iv" in eDict: - self.iv = base64.b64decode(eDict["iv"]) - if "offset" in eDict: - self.offset = eDict["offset"] - else: - self.providers = [] - - def dict(self): - form = {'codename': self.name, 'orderNo': self.order, 'sasProviders': self.providers} - if self.length: - form["length"] = self.length - if self.iv: - form["iv"] = base64.b64encode(self.iv) - if self.offset != None: - form["offset"] = self.offset - return form - - def __repr__(self): - return json.dumps(self.dict())
--- a/PythonTrustStore-0.2.0/py_ts/testKMS.py Wed Dec 11 21:05:53 2013 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,131 +0,0 @@ -from py_ts import TrustStoreClient, ts_utils, parts -import argparse -import json -import sys -import psycopg2 -import unittest - -username = "foo4@test.com" -password = "password" -provider_file = "nectar.json" - -class TestTruststoreAPI(unittest.TestCase): - - def setUp(self): - self.ts = TrustStoreClient.TrustStoreClient(True, None, None) - self.ts.authenticate(username=username, password=password) - - providers = None - with open(provider_file) as f: - providers = json.load(f) - for provider in providers: - self.ts.addProvider(provider) - - keyFile = "truststore.pem" - keyFile = self.ts.getPrivateKey("truststore.pem") - self.ts.keyFile = keyFile - if not keyFile: - print "No key file could be found! Check for errors above." - sys.exit(1) - - db = psycopg2.connect("dbname=kmscolab user=kmscolab password=kms1243") - self.cur = db.cursor() - - - def test_empty_store(self): - """Testing an empty Store.""" - blankStore = TrustStoreClient.Store() - blankStoreReturned = self.ts.createStore(store=blankStore) - self.assertIsNone(blankStoreReturned) - - def test_no_owner_no_admin(self): - """Testing a store with no admin or owner.""" - partialStore = TrustStoreClient.Store(friendly_name="test_no_owner_no_admin") - partialStoreReturned = self.ts.createStore(store=partialStore) - self.assertIsNone(partialStoreReturned) - - def test_no_admin(self): - """Testing a store with no admin.""" - partialStore2 = TrustStoreClient.Store(owner=username, friendly_name="test_no_admin") - partialStore2Returned = self.ts.createStore(store=partialStore2) - self.assertIsNone(partialStore2Returned) - - def test_no_owner(self): - """Testing a store with no owner.""" - partialStore3 = TrustStoreClient.Store(friendly_name="test_no_owner") - partialStore3.administrators.append(username) - partialStore3Returned = self.ts.createStore(store=partialStore3) - self.assertIsNone(partialStore3Returned) - - def test_id_insert(self): - """Testing a store where we try and sneak in an ID""" - idStore = TrustStoreClient.Store(owner=username, friendly_name="test_id_insert") - idStore.administrators.append(username) - idStore.id = 10 - idStoreReturned = self.ts.createStore(store=idStore) - self.assertIsNotNone(idStoreReturned) - self.assertNotEqual(idStore.id, idStoreReturned.id) - - print "Tests in database." - self.cur.execute("select friendly_name from stores where friendly_name ilike 'test\\_%';") - self.assertEqual(len(self.cur.fetchall()), 1) - - self.ts.deleteStore(idStoreReturned) - - print "Tests in database (after deleting id test)." - self.cur.execute("select friendly_name from stores where friendly_name ilike 'test\\_%';") - self.assertEqual(len(self.cur.fetchall()), 0) - - def test_bad_user(self): - """Test making a store where a user isn't valid.""" - self.cur.execute("select count(*) from acl_entry;") - aclCount = self.cur.fetchall() - badUserStore = TrustStoreClient.Store(owner=username, friendly_name="test_bad_user") - badUserStore.administrators.append(username) - badUserStore.readers.append("someone_not_real@gmail.com") - badUserStoreReturned = self.ts.createStore(store=badUserStore) - self.assertIsNone(badUserStoreReturned) - self.cur.execute("select friendly_name from stores where friendly_name ilike 'test\\_%';") - testStores = self.cur.fetchall() - self.assertEqual(len(testStores), 0) - self.cur.execute("select count(*) from acl_entry;") - self.assertEqual(self.cur.fetchall(), aclCount) - - def test_rights_savekey(self): - """Test if we can set a key we (probably) don't own.""" - self.ts._setKeyForFragment("test-key", self.ts._generateKey(), 1) - self.cur.execute("select codename, key, id from colabkeys where id = 1;") - self.assertEqual(len(self.cur.fetchall()), 0) - - def test_nostore_savekey(self): - """Test if we can set a key for a deleted store.""" - self.ts._setKeyForFragment("test-key-nostore", self.ts._generateKey(), 10) - self.cur.execute("select codename, key, id from colabkeys where id = %s;", [10]) - self.assertEqual(len(self.cur.fetchall()), 0) - - def test_rights_getkey(self): - """Test if we can get a key we don't own.""" - key = self.ts._getKeyForFragment("d32fe69b-60c4-49c7-a160-44a5edaaf855", 49) - self.assertIsNone(key) - - def test_good_savekey(self): - """Test if we can save & delete a key.""" - storeid = self.ts.listStores()[0].id - frag = parts.Fragment() - frag.name = "test-key" - print "savekey" - self.ts._setKeyForFragment(frag.name, self.ts._generateKey(), storeid) - self.ts._deleteKeysForFragments([frag], storeid) - print "deleted key" - - -if __name__ == '__main__': - # parser = argparse.ArgumentParser(description="TrustStore Command Line Client (pyts)") - # parser.add_argument("user", help="TrustStore kms username") - # parser.add_argument("password", help="TrustStore kms password") - # parser.add_argument("provider", help="json file describing cloud service(s), including credentials") - # args = parser.parse_args() - # username = args.user - # password = args.password - # provider = args.provider - unittest.main()
--- a/PythonTrustStore-0.2.0/py_ts/ts_utils.py Wed Dec 11 21:05:53 2013 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,41 +0,0 @@ -from parts import * - - -class ts_utils(object): - @staticmethod - def recurseToChildNamed(thisDir, name): - if thisDir and thisDir.children and len(thisDir.children) > 0: - for child in thisDir.children: - if child.name == name: - return child - else: - try: - if child.children and len(child.children) > 0: - found = ts_utils.recurseToChildNamed(child, name) - if found: - return found - else: - pass - except AttributeError: - pass - else: - return None - - @staticmethod - def dirAtPath(root, path, createIfMissing=False): - location = root - for part in path.split('/'): - if part: - found = ts_utils.recurseToChildNamed(location, part) - if found: - location = found - elif createIfMissing: - found = Directory() - found.name = part - children = location.children - if len(children) > 0: - children.append(found) - else: - location.children = [found] - location = found - return location
--- a/PythonTrustStore-0.2.0/setup.cfg Wed Dec 11 21:05:53 2013 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,5 +0,0 @@ -[egg_info] -tag_build = -tag_date = 0 -tag_svn_revision = 0 -
--- a/PythonTrustStore-0.2.0/setup.py Wed Dec 11 21:05:53 2013 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,26 +0,0 @@ -# import os -from setuptools import setup, find_packages - -install_requires = [ - "requests <= 0.14.2", - "requests_oauth2", - "xmltodict", - "boto >= 2.5.0", - "simplejson", - "passlib" -] - -setup( - name='PythonTrustStore', - version='0.2.0', - author='Catherine Wise', - author_email='catherine.wise@csiro.au', - packages=find_packages(), - scripts=['bin/truststore-cli.py'], - url='http://truststore.csiro.au', - license='LICENSE.txt', - description='TrustStore Python library and command line client.', - package_data={'': ["certs.conf"]}, - long_description=open('README.txt').read(), - install_requires=install_requires -)
--- a/PythonTrustStore-0.2.0/test-extrasmall.txt Wed Dec 11 21:05:53 2013 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,99 +0,0 @@ -Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla condimentum nulla sed nunc ultrices varius. Ut tempus semper risus, vitae vestibulum metus placerat in. In hac habitasse platea dictumst. Integer at enim vitae augue auctor adipiscing non a nulla. Aenean ac lectus justo. Phasellus ut rutrum erat. Donec nec nisi sit amet urna aliquet porta. Sed auctor pretium vehicula. In a massa sagittis, sodales turpis vitae, dignissim elit. Proin eu ante id neque congue ultrices in sit amet eros. Aliquam vitae vehicula urna. Duis tincidunt, felis nec consequat pulvinar, metus justo facilisis purus, id sagittis metus erat quis diam. - -Proin lacus mauris, faucibus sit amet dolor non, faucibus lobortis mi. Donec urna lectus, gravida in est vel, luctus tempor erat. Nulla ut augue sed tellus facilisis lobortis. Nam dapibus pellentesque velit, ac aliquet libero malesuada nec. Mauris pharetra, quam vitae iaculis elementum, lacus nulla laoreet urna, a varius lorem mauris in nulla. Ut id consectetur tellus. Maecenas accumsan leo in purus posuere, quis elementum dui posuere. Nulla sed velit adipiscing nisl accumsan tempor vel sed ipsum. Praesent porta dolor ac orci consequat fringilla. Ut aliquam a justo ac aliquet. Sed pellentesque eu massa a congue. Sed rutrum, felis nec fringilla adipiscing, leo mauris facilisis ante, nec feugiat nunc urna a turpis. Donec vitae pulvinar odio, vel euismod orci. Fusce vel mattis elit. Sed non mollis sem, sit amet dictum sapien. Cras at imperdiet orci. - -Morbi auctor id diam pulvinar eleifend. Nullam pretium est massa, eu lacinia mauris pretium vel. Vivamus ornare odio quis dui dictum blandit. Nam sed velit nec nisi consequat placerat. Quisque odio ante, posuere sit amet facilisis ut, semper non massa. Nullam pharetra bibendum urna, sit amet semper leo. Sed id lorem feugiat, iaculis est at, malesuada erat. Pellentesque et ultricies libero. Mauris ac purus nisl. Vivamus sed egestas urna. Integer eu laoreet orci. Phasellus feugiat est eu euismod feugiat. Ut gravida nibh feugiat porta ornare. Phasellus elementum lectus sed dapibus feugiat. Phasellus blandit posuere nunc, at semper augue pulvinar sed. - -Etiam elementum sed justo at dapibus. Vivamus id faucibus lectus. Praesent consectetur porta est at cursus. Maecenas dapibus elit nec luctus varius. Etiam viverra felis ut dui ultricies, ac laoreet massa cursus. Nam quis justo egestas, dictum diam in, fermentum mauris. Sed adipiscing hendrerit justo at accumsan. Morbi id semper neque, id pulvinar diam. Donec arcu augue, tincidunt ac nisi quis, tristique auctor enim. Donec facilisis sit amet eros nec blandit. Proin dui arcu, porttitor at arcu in, sagittis dignissim libero. Ut egestas velit id eros faucibus interdum. Suspendisse rutrum eleifend tortor eu congue. - -Pellentesque fermentum diam ut hendrerit feugiat. Mauris justo massa, pretium quis mollis quis, varius vitae enim. Fusce et orci ac dolor sodales aliquam. Aliquam cursus sollicitudin congue. Donec ultrices odio ante. Maecenas mattis feugiat augue molestie malesuada. Etiam fringilla congue nisl. Mauris tincidunt lorem at magna aliquam, sit amet vehicula ante vulputate. - -Praesent accumsan mattis lorem eu ultrices. Maecenas eget leo semper, volutpat lectus ut, ullamcorper mauris. Quisque sagittis arcu in pharetra elementum. Donec pellentesque facilisis lorem, eu feugiat velit volutpat vel. Quisque in vehicula turpis, ac vestibulum eros. Vestibulum semper porttitor nulla eu volutpat. Vivamus vitae molestie justo, sed tristique arcu. - -Sed mattis eget felis sed aliquam. Sed congue leo at nunc mattis, et vestibulum libero pretium. Suspendisse nulla purus, posuere nec sem in, pulvinar elementum nunc. Nunc vel est sit amet purus volutpat vehicula vitae id risus. Vivamus sed semper est. Fusce dui ligula, vulputate eu sem vel, tempor malesuada eros. Donec auctor velit vitae ipsum vulputate, at porttitor dolor faucibus. Vivamus lobortis rhoncus felis, eu molestie quam sagittis a. Maecenas viverra, quam nec pharetra aliquet, augue nisi egestas justo, at volutpat augue enim eget justo. Morbi ac blandit eros, eu malesuada ante. Morbi cursus vestibulum lobortis. Pellentesque facilisis neque quis enim volutpat, non vehicula nisi laoreet. In venenatis egestas ante, ut auctor dui. Proin ac lacus egestas, tempus velit sit amet, iaculis tortor. Curabitur nibh lorem, viverra id nisi eget, auctor aliquam nisl. - -Donec ut leo mollis, congue nunc ac, fermentum massa. Phasellus tincidunt vitae quam in gravida. Integer cursus erat quis nisl placerat porttitor. Fusce vulputate consectetur tristique. Donec sit amet quam ut leo imperdiet tempus. Morbi egestas quam risus, tristique pulvinar nisl interdum quis. Interdum et malesuada fames ac ante ipsum primis in faucibus. Maecenas vestibulum auctor ligula, tempus pellentesque diam laoreet ut. Suspendisse pharetra odio non arcu porta, sed accumsan risus viverra. Fusce commodo nunc in posuere mattis. Donec elementum dui lectus, nec lacinia nulla semper eu. Nullam imperdiet porta vestibulum. Etiam varius nisi nec scelerisque scelerisque. Fusce nulla turpis, consequat vel malesuada facilisis, mattis sit amet nibh. Proin viverra ligula eget semper vulputate. - -Fusce bibendum nisl non nibh consequat vehicula. Praesent tempus elit vel justo ullamcorper, ac consectetur enim pellentesque. In vel mauris pulvinar, aliquam nisl eget, hendrerit sapien. Phasellus tincidunt eleifend ipsum eu volutpat. Donec libero massa, hendrerit nec fermentum in, egestas sed metus. Donec mollis elementum risus vitae ultrices. Nam quis bibendum magna. Praesent id eros ut lorem placerat blandit. Curabitur vitae suscipit odio. Suspendisse potenti. Sed quis lorem laoreet, condimentum lacus a, tincidunt dolor. Aenean id mauris mauris. Quisque condimentum, enim in sagittis ultrices, arcu urna auctor quam, eu fermentum nibh nisl non urna. - -Cras ornare congue leo, quis hendrerit nisi ultricies et. Nulla auctor lectus sem, nec accumsan orci feugiat et. Phasellus ac nisl eu nulla tristique fermentum. Suspendisse vel blandit ante, id volutpat massa. Curabitur id neque accumsan, aliquet mauris ac, placerat lectus. Duis vitae purus leo. Vestibulum vestibulum at dui aliquet aliquam. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Maecenas vitae tellus cursus, accumsan odio vel, rutrum urna. Aliquam erat volutpat. Mauris pellentesque adipiscing mi ac vehicula. Aliquam non ornare quam. Sed ut turpis molestie, lacinia lorem vitae, varius felis. Sed euismod venenatis justo non euismod. - -Mauris egestas metus sit amet odio sagittis adipiscing. Etiam sem felis, interdum eu aliquet id, pharetra vel nisi. Donec ut mattis lorem. Sed quis bibendum tellus, eget iaculis augue. Donec tincidunt rhoncus nulla, a rhoncus sem accumsan vitae. Nulla tortor nulla, luctus vitae magna et, suscipit mollis tortor. Maecenas ac leo ornare, auctor nulla ac, porta massa. Integer velit enim, aliquet pretium molestie ac, mattis in sem. Nam nec dignissim velit. Vestibulum ut bibendum augue, eget molestie lorem. - -Suspendisse velit lectus, accumsan ut suscipit nec, luctus vel purus. Maecenas a sodales neque. Quisque posuere, massa eget facilisis fringilla, enim leo eleifend nulla, in egestas ligula enim et est. Suspendisse ut ultricies quam. Cras aliquam nisi at hendrerit molestie. Pellentesque tempus tortor purus, vel gravida sapien vulputate in. In vel justo sed turpis luctus pellentesque. Curabitur nec turpis sit amet odio dictum luctus. Aenean ut magna diam. Sed nec accumsan velit, id sagittis tellus. Sed ullamcorper augue nulla, nec iaculis sem blandit non. Phasellus interdum semper dui, vel rhoncus purus aliquet eget. Suspendisse dapibus turpis vel ligula pulvinar sagittis. Sed interdum neque facilisis sapien fermentum dictum. Aliquam in neque nibh. - -Vestibulum ultrices dictum aliquet. Fusce sem leo, rutrum sed quam quis, varius pretium purus. Quisque bibendum lacus sit amet enim volutpat, ac facilisis neque venenatis. Nam pharetra dapibus orci, vitae sollicitudin odio iaculis et. Duis rutrum commodo lacus ac imperdiet. Nam tempus risus ut mattis interdum. Maecenas fermentum arcu non tellus accumsan pulvinar. Maecenas ultricies vel elit sed congue. - -Etiam in felis scelerisque, gravida lorem sed, imperdiet est. Aliquam pulvinar ante ac auctor porta. Duis a sem ut ipsum porta congue. Nunc egestas orci eu diam aliquet, sed commodo neque lacinia. Integer sem nisi, accumsan eu cursus eget, tincidunt eget odio. Fusce scelerisque interdum eleifend. Nulla aliquam quis massa at faucibus. Phasellus lacus est, feugiat vitae enim ac, venenatis cursus lorem. Pellentesque volutpat ut leo vitae pretium. In sed libero urna. Aenean ac aliquam nulla. - -Etiam in ante sem. Donec vitae diam leo. Donec eleifend rhoncus ligula id suscipit. Cras mollis non massa eu facilisis. Aliquam condimentum semper aliquet. Sed ac dolor non sem ultricies commodo sed eu felis. Integer eu massa porttitor, tristique lorem nec, vehicula justo. Donec tempor, turpis rhoncus pharetra laoreet, turpis sem accumsan justo, a ullamcorper elit justo a nisi. Integer iaculis enim at velit tempus, in porta nunc egestas. Vivamus pellentesque turpis non magna bibendum vehicula. Nam posuere tortor ut massa porttitor, eget luctus est suscipit. Cras mollis odio sem, at tempor nulla egestas id. Nam porttitor suscipit sem, id posuere massa luctus eu. Nullam dignissim metus in elit fermentum, accumsan pretium elit auctor. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Mauris eget mauris non diam gravida rhoncus. - -Mauris quis lacus sit amet diam blandit posuere a vitae velit. Sed sed viverra enim. Nullam vitae massa magna. Cras imperdiet leo sed purus congue ultricies. Suspendisse ultricies ligula quis nibh sodales lobortis. Fusce eget turpis id ante convallis convallis vehicula ac risus. Nunc bibendum adipiscing ipsum, non aliquet sem dapibus nec. Fusce id gravida ligula, eget rutrum ligula. Proin pretium, nunc eu ultrices ultrices, ligula nulla tristique tortor, sit amet mollis sem sem sit amet est. Vivamus nec erat faucibus, cursus quam eget, aliquet augue. Donec tellus urna, mattis eu felis vel, blandit consequat felis. Mauris eleifend diam odio, eu tempus metus tempus sed. Aliquam quis est ultricies, elementum orci ullamcorper, feugiat libero. - -Nam et dui sodales, blandit nibh in, ultricies sem. Donec sed magna lacus. Aenean convallis massa orci, at sagittis dolor euismod ac. Nam euismod mauris felis, in malesuada leo elementum non. Pellentesque vulputate elit at viverra ornare. Nam adipiscing eros a sodales consequat. Proin tincidunt sapien eros, ut hendrerit sem malesuada ac. - -Praesent vitae justo id nisi malesuada tincidunt eu vel sapien. Nunc hendrerit pulvinar est, quis egestas nisi tempus a. Suspendisse turpis tellus, aliquam quis augue non, consectetur mollis lacus. Nam vitae lectus at justo adipiscing tristique. Aenean a posuere neque. Vivamus tincidunt scelerisque urna et tempus. Morbi aliquet sem vitae ante sagittis, at posuere magna ornare. Vivamus consectetur nunc ut mauris egestas elementum. Proin sagittis laoreet hendrerit. Pellentesque ac venenatis risus. Pellentesque luctus tempor tellus, sit amet fermentum est volutpat nec. - -Pellentesque non nisi blandit, ornare purus vitae, fringilla eros. Morbi ac magna mattis, auctor nisi et, dictum orci. Nunc vulputate sagittis est nec lobortis. Sed auctor enim ipsum, vitae vehicula ante imperdiet vel. Duis placerat cursus quam, non iaculis tellus rutrum in. Nulla varius semper eleifend. Vestibulum ut magna at erat sodales blandit. Integer nec fringilla orci, vitae pellentesque metus. Pellentesque fringilla neque vel magna dignissim interdum. Etiam id blandit lacus, in suscipit velit. Nam pretium eu nibh eget sollicitudin. - -Sed sem eros, porta sed rutrum at, venenatis vel nibh. Cras eget sagittis arcu. Duis vel vehicula mauris, non venenatis lectus. Nullam ut lectus felis. Suspendisse potenti. Vestibulum suscipit pretium elit, at imperdiet est consequat scelerisque. Curabitur ac nulla nisl. Proin neque ligula, dictum in dignissim quis, sagittis nec nulla. Nullam quis dui sed tellus eleifend eleifend ac vel odio. Duis sollicitudin tellus sed justo tincidunt, eget aliquet tortor vehicula. Vestibulum leo arcu, euismod vitae justo eget, mattis tempor lectus. Nulla orci diam, tristique vitae ipsum et, laoreet imperdiet odio. Fusce sit amet mollis ipsum, in scelerisque enim. - -Etiam malesuada lacus in magna ullamcorper lobortis. Mauris sit amet tellus odio. Morbi in pretium sem. Praesent eleifend mi nec tortor placerat, sit amet tristique leo consectetur. Ut elit massa, cursus non dui in, feugiat luctus risus. Quisque semper nunc vitae nunc vulputate congue. Vivamus in odio ut ipsum interdum sollicitudin fermentum et tellus. - -Sed sit amet aliquet leo. Nulla vulputate diam ac neque porttitor, nec lobortis mauris vulputate. Duis quis semper lorem, in scelerisque metus. Etiam odio massa, pulvinar a sodales sed, scelerisque in magna. Pellentesque id volutpat ligula, eleifend ultrices dolor. Vestibulum ut quam id nunc pretium tincidunt. Integer sit amet commodo lectus. Aenean convallis molestie est ut dignissim. Integer non molestie sem. Donec nec vulputate justo. Integer eros metus, lacinia eget fringilla placerat, lobortis gravida tortor. - -Morbi scelerisque malesuada augue eu dapibus. Suspendisse eu eros lobortis urna pulvinar placerat. Nullam nec neque sagittis, dapibus libero nec, luctus dolor. Pellentesque eu massa nec libero dapibus mattis a nec libero. Aliquam a massa porta, dapibus neque eu, ultricies ante. Etiam nec iaculis lacus. Proin tristique dui tristique ipsum adipiscing, vitae malesuada elit laoreet. Fusce vitae erat libero. Etiam iaculis nisl risus, egestas dignissim lorem fermentum sit amet. Duis ut porta felis, eget tempus enim. Vivamus malesuada arcu adipiscing nibh laoreet semper. - -Proin nec felis tellus. Nam porta tristique adipiscing. Donec urna eros, varius et ultricies ac, semper ac purus. Maecenas est dolor, laoreet vitae pellentesque id, egestas non augue. Donec adipiscing neque a accumsan sollicitudin. Phasellus iaculis mattis lacinia. Nam pharetra nec ipsum pharetra imperdiet. In interdum enim facilisis, fringilla risus sit amet, ultricies enim. Morbi gravida felis nisi. Donec in orci ut erat semper faucibus. Vivamus nec nibh non erat dignissim tincidunt ut vitae lorem. - -Vivamus tincidunt bibendum nunc at dapibus. Suspendisse pretium eget neque non cursus. Duis a tristique lorem. Sed feugiat justo quis magna gravida elementum. Nunc ac euismod magna. Suspendisse non mattis justo, nec pharetra sem. Phasellus aliquam aliquet volutpat. Vestibulum tincidunt rhoncus cursus. Praesent vel laoreet eros. Phasellus et bibendum erat. Morbi pharetra libero dui, quis ultricies nibh tincidunt eu. Nullam sollicitudin convallis ante, in porta lectus. Pellentesque placerat condimentum blandit. - -Etiam facilisis euismod velit, ac blandit quam laoreet sit amet. Donec molestie lorem vel molestie porttitor. Aenean nec ultrices enim, eu laoreet dolor. Aliquam nec fringilla ante, ac feugiat justo. Cras nulla odio, gravida vel bibendum et, egestas sit amet purus. Nunc felis tortor, laoreet at elit nec, tincidunt iaculis leo. Cras eu sollicitudin lectus, sed aliquam odio. Aenean mattis ultrices blandit. Nam tincidunt dapibus aliquet. Ut eu consequat mauris. Maecenas luctus urna molestie, ultricies ante vitae, interdum neque. Vestibulum ut tristique dui. Quisque sed facilisis elit. Mauris quis est eu erat facilisis vestibulum a vitae purus. Aliquam nec scelerisque diam. - -Mauris vel varius diam. Cras molestie egestas vulputate. Fusce feugiat tortor eu nulla accumsan, ac sagittis leo interdum. Sed interdum at nisl nec congue. In hac habitasse platea dictumst. Proin pellentesque magna nec cursus placerat. Vestibulum augue nibh, consequat vitae adipiscing eu, consequat in sapien. Nullam blandit lorem non metus pharetra egestas. Sed non pretium erat. Donec imperdiet egestas arcu, ut malesuada felis pharetra quis. Donec ut odio id leo porttitor vestibulum quis nec arcu. - -Vestibulum iaculis neque sed tellus faucibus pellentesque. Etiam feugiat dictum augue pulvinar pretium. Curabitur imperdiet justo ut tortor feugiat, at convallis lacus molestie. Nam tristique nunc vel varius facilisis. Aenean eros enim, ornare nec mauris sit amet, condimentum imperdiet tortor. Curabitur at nisi lectus. Vivamus et neque aliquet, porttitor magna at, convallis nisi. Suspendisse at velit ac nisl placerat auctor. Morbi suscipit semper felis, nec volutpat mauris tincidunt eu. Etiam non enim porta, sodales libero et, semper erat. Maecenas sit amet purus eget tortor feugiat fringilla. Quisque interdum, est quis eleifend ornare, massa diam malesuada sapien, et euismod purus massa ut ligula. - -Nunc in fringilla quam. Ut euismod, nisi id convallis faucibus, libero neque vulputate sem, pulvinar interdum dolor augue molestie dolor. Vestibulum condimentum neque in enim eleifend, at dictum nunc hendrerit. Sed blandit fermentum dui. Integer dapibus eros sit amet risus commodo, vel lobortis purus ullamcorper. Nunc eleifend sollicitudin leo at accumsan. Ut sed accumsan felis, a mollis eros. Curabitur volutpat vulputate massa, ut porta lacus vehicula eget. In vitae eros quis tellus feugiat tristique eu placerat ante. Mauris facilisis dignissim nisl a rhoncus. - -Vivamus convallis et tellus vitae pretium. Cras ac nunc mollis, porttitor lectus vel, consectetur nunc. Pellentesque rutrum mollis eros, eget interdum mauris vehicula at. Suspendisse sit amet magna vitae diam tristique mattis. Phasellus sed eros ac justo fermentum malesuada. Morbi et nulla dolor. Vivamus volutpat massa quis est tincidunt, sed rutrum purus congue. - -Integer laoreet enim sit amet tincidunt volutpat. In convallis iaculis mi, quis convallis sem dictum sit amet. Maecenas nulla odio, consequat vitae vehicula et, placerat ut orci. Aliquam a nisl non urna fringilla luctus sit amet vel magna. Sed laoreet lacinia luctus. Praesent molestie fringilla ligula sit amet euismod. In porttitor purus et faucibus sodales. Integer non neque laoreet felis rutrum auctor. Duis vulputate hendrerit lectus, ut suscipit velit tristique consequat. Suspendisse potenti. - -Suspendisse tristique lorem pellentesque est adipiscing, sit amet congue velit condimentum. Nulla imperdiet pellentesque nunc facilisis lobortis. Nulla facilisi. In adipiscing nisl eu sem rutrum vulputate. Interdum et malesuada fames ac ante ipsum primis in faucibus. Aenean aliquet sit amet quam euismod iaculis. Mauris egestas lorem enim, eleifend faucibus lacus posuere ac. Suspendisse id nulla sit amet eros volutpat dictum. Donec purus nunc, fermentum in scelerisque nec, ultricies tempus mauris. Ut euismod lacus eget erat porta, id scelerisque nunc condimentum. Morbi id iaculis nisl. - -Nunc sollicitudin molestie felis id convallis. Morbi semper purus venenatis elit eleifend blandit. Suspendisse nulla odio, pharetra vulputate faucibus nec, rhoncus ut purus. In id viverra enim. Curabitur ornare quis orci ac pretium. Curabitur vel eros tellus. Nulla eget imperdiet tortor, et hendrerit nibh. Sed a luctus risus. Vivamus felis tellus, tincidunt a posuere vitae, ornare non orci. Ut faucibus consectetur elit, vitae faucibus erat imperdiet at. Maecenas commodo arcu sit amet odio imperdiet, id bibendum nisi vestibulum. - -Pellentesque interdum odio ut dui tincidunt, interdum rutrum quam accumsan. Fusce aliquam nunc id malesuada feugiat. Sed consectetur erat diam, eget porttitor risus aliquet vitae. Cras scelerisque tellus a magna pretium, at accumsan magna convallis. Nullam eu feugiat turpis. Cras a nunc eros. Vivamus fermentum quam mauris, sed bibendum leo aliquet tincidunt. Vivamus tempor semper lectus, eu vehicula mi porttitor rhoncus. Pellentesque fermentum enim et imperdiet blandit. Curabitur iaculis id risus a scelerisque. Integer nec convallis odio. Sed in venenatis lorem, a accumsan dolor. - -Vestibulum et tristique mi. Pellentesque pellentesque erat vel diam vehicula ullamcorper. Morbi sed eleifend eros. Curabitur cursus id nibh quis bibendum. Quisque eu mi et orci tristique blandit. Suspendisse ut rhoncus urna. Praesent ut luctus risus. Integer commodo dictum augue ultricies gravida. Suspendisse tempus sem ut velit porta, in porta magna egestas. - -Nulla pulvinar diam vitae sapien sodales, at molestie lectus condimentum. Aliquam fringilla diam ac odio scelerisque ultrices. Praesent vel consectetur leo. In orci enim, tristique eget sagittis et, scelerisque porttitor mauris. Donec adipiscing eu dui dictum cursus. Suspendisse eu purus a eros varius ornare vitae a arcu. Maecenas fermentum imperdiet ante, quis placerat nisl iaculis vitae. Sed volutpat vitae neque nec iaculis. Vestibulum sollicitudin tellus eu nulla dapibus suscipit. Pellentesque quis quam auctor, pharetra nisi sed, auctor orci. Duis luctus nunc sed ligula vulputate rutrum. Duis sed nulla tempor, tristique nulla sed, ullamcorper tortor. - -Nunc sodales metus et tortor dictum ullamcorper. Curabitur congue pretium justo at varius. Sed sed imperdiet lacus, at varius felis. Vestibulum sed enim massa. Phasellus ultricies quam eget arcu egestas, vel consectetur magna hendrerit. Aliquam sit amet felis rutrum, fermentum tortor id, pretium urna. Nunc quis orci dolor. Pellentesque condimentum accumsan justo, eget lobortis sapien facilisis sit amet. Quisque nunc lectus, dapibus vel lorem vel, congue ultrices magna. Ut at lorem mauris. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. - -Etiam vitae metus ut leo varius iaculis sit amet a odio. Vivamus eu arcu vestibulum, feugiat mauris sed, faucibus tortor. Donec consectetur tincidunt nisi vel viverra. Nulla sodales pellentesque nisl quis molestie. Suspendisse et arcu tortor. Phasellus vehicula ac elit vel tempus. Quisque pellentesque laoreet mauris eu dapibus. Maecenas vel sapien non lacus bibendum pretium. Duis dignissim tellus neque, at ullamcorper magna elementum ac. Ut a iaculis nisi. In fermentum congue semper. Maecenas nec quam pellentesque risus commodo laoreet ac ac lacus. Sed aliquet at ipsum ac porta. Morbi ornare augue in sapien ultricies, eu tempor sapien faucibus. - -Mauris blandit neque sapien, sit amet porta ipsum interdum vitae. Integer auctor et nibh in aliquam. Aenean nisl diam, gravida quis eleifend in, ornare sed metus. Maecenas placerat orci sit amet dapibus rutrum. Morbi ultrices in nulla non placerat. Aliquam ultrices cursus feugiat. Nullam laoreet arcu et nulla fermentum, vel cursus lectus imperdiet. Nulla eleifend tortor in tortor sollicitudin, sed aliquet augue imperdiet. Vestibulum libero erat, fringilla non suscipit eu, vulputate quis dolor. In ornare lobortis lectus, sagittis fringilla erat pharetra vitae. Donec gravida tortor nulla, a accumsan purus sollicitudin at. Proin sed orci sit amet lectus adipiscing aliquam a eu dui. Sed consequat felis sed nunc viverra scelerisque. Nulla auctor enim non est dapibus aliquam. - -Vestibulum pretium eleifend tellus. Vestibulum lobortis, arcu et rhoncus lobortis, est velit varius eros, vitae elementum tellus nulla vitae elit. Fusce non mollis nisi. Etiam magna ipsum, ullamcorper eu nibh a, tempus ornare augue. Aenean posuere pellentesque gravida. Curabitur adipiscing viverra elit, eu fringilla velit mollis non. Aliquam erat volutpat. Vestibulum vitae dolor id quam elementum euismod vel sed lacus. - -Morbi ultricies velit elit, id ultricies velit vehicula non. In dictum cursus tincidunt. Phasellus et massa viverra, porttitor neque a, consectetur eros. Donec venenatis lacinia tortor, non volutpat odio eleifend sit amet. Nulla facilisi. Donec ultrices eu quam eget gravida. Vivamus eleifend turpis eu eros feugiat, a placerat arcu viverra. Etiam tincidunt risus lectus, in luctus mi congue ut. Mauris vel consectetur augue. Integer non eros gravida, eleifend erat in, placerat justo. In vel quam quis lorem vestibulum pulvinar vitae eget tellus. Pellentesque non est purus. Mauris consectetur ornare felis nec dignissim. Integer molestie vestibulum bibendum. - -Nam molestie sollicitudin sagittis. Duis cursus magna eu urna viverra, ut congue velit aliquet. Curabitur porttitor purus ac nunc aliquet, quis dignissim justo venenatis. Sed ante libero, dictum et lacinia eget, lobortis a elit. Suspendisse potenti. Vestibulum ac lectus quam. Vestibulum rutrum tincidunt ornare. Curabitur elit dolor, malesuada sed lacus sed, sollicitudin laoreet eros. - -Nulla posuere, lacus quis vulputate aliquam, ipsum lectus commodo mauris, vel vehicula odio lorem ut nunc. Pellentesque molestie, lectus non rutrum ultricies, leo tortor molestie mi, ac pulvinar metus felis rhoncus arcu. Aliquam imperdiet velit nulla, at ullamcorper orci lobortis sed. Phasellus rhoncus orci at risus mattis adipiscing. Maecenas vel quam posuere, congue orci vel, tristique eros. Suspendisse potenti. Aenean pellentesque posuere facilisis. Morbi condimentum velit in posuere gravida. Curabitur consequat quis urna gravida tristique. Sed pulvinar, dui blandit volutpat porta, diam ante lacinia velit, vitae tristique ligula nunc a lorem. - -Quisque hendrerit rutrum tristique. Aliquam scelerisque aliquet tellus, ac consequat neque sollicitudin id. Etiam eget lorem nec erat pharetra imperdiet. Proin ultricies, erat at sagittis semper, tellus enim ullamcorper lacus, at luctus enim turpis nec tortor. Pellentesque leo dui, hendrerit vel ligula eu, malesuada egestas libero. Sed ornare erat nec velit scelerisque, et malesuada lectus facilisis. Aliquam erat volutpat. - -Praesent tincidunt tristique mi nec varius. Praesent diam eros, ornare sit amet nibh non, dictum varius elit. Maecenas est nulla, sodales varius tristique ac, tempus ac ipsum. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. In congue nibh sed urna fermentum porttitor. Sed ultrices imperdiet metus aliquam porta. Nulla at lorem sit amet nisi euismod placerat vitae et sem. Aenean a eros pellentesque lectus porta placerat. Fusce tincidunt lectus sit amet eros tempor, et iaculis massa aliquet. Pellentesque aliquet ante et dolor iaculis cursus. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Aliquam a placerat nunc. Morbi tristique nunc mollis aliquet ultricies. - -Sed pellentesque dui vel sapien condimentum luctus. Nulla in lobortis nunc. Nullam ut massa eget metus ornare luctus vitae eget leo. Etiam non elit est. Praesent magna lectus, gravida eu quam interdum, venenatis tristique purus. Vestibulum eget risus odio. Nunc adipiscing risus id magna tempus pretium. Praesent suscipit, quam et porta convallis, mauris dui viverra ligula, sit amet elementum enim mi id metus. Maecenas semper nisi ut gravida rhoncus. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Nunc fermentum pharetra metus tempor lacinia. In at nisi in nibh aliquet auctor. Vestibulum faucibus felis eu tellus convallis pretium. Nam pellentesque ipsum sed malesuada fermentum. - -Sed faucibus pharetra quam vitae pulvinar. Duis aliquet pretium condimentum. Aenean ac pharetra dolor. Duis accumsan porta dignissim. Etiam rhoncus convallis sem, vitae pellentesque libero malesuada ut. Duis fringilla luctus elit. Vestibulum volutpat tristique enim, non hendrerit erat sodales ac. Duis mollis egestas adipiscing. Proin interdum eu nisi quis volutpat. Sed pretium dapibus feugiat. Pellentesque sed vulputate justo. Phasellus nunc lacus, semper eu nisl eget, sagittis consequat est. Suspendisse convallis elit eget odio tristique placerat. Suspendisse potenti. Vivamus in nisl sed libero iaculis vestibulum. Nullam cursus tortor enim. - -Suspendisse sit amet dui eget odio varius sollicitudin. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Vivamus dignissim lacinia dictum. Mauris scelerisque metus ut molestie bibendum. Ut sagittis mi dapibus, pretium eros ut, iaculis nunc. Vestibulum porttitor cursus purus ac varius. Pellentesque molestie porttitor mollis. Maecenas varius, erat sed aliquam vestibulum, risus nulla tristique erat, et tempor sapien enim sit amet dui. Sed sagittis lectus ut enim molestie rhoncus eget a lectus. Curabitur ut justo tellus. Ut elit elit, vestibulum a facilisis at, ornare at nibh. Sed hendrerit tortor in metus mattis, et vestibulum lacus facilisis. Praesent mauris diam, accumsan interdum mauris ac, tempus semper odio. Nunc quis sem ipsum. Nam lectus leo, interdum ac lorem vitae, ornare adipiscing sapien. Sed ut gravida dolor. - -Nullam eget eros vel orci tincidunt sagittis a vel risus. Suspendisse potenti. Cras ullamcorper consequat libero, ac pellentesque elit pulvinar nec. Ut lacinia nulla eu elementum venenatis. Nulla libero mauris, pharetra sit amet commodo id, rhoncus dictum turpis. Ut euismod dolor orci, eu malesuada nisi placerat interdum. Aenean nec laoreet turpis. Suspendisse venenatis nulla quis porta venenatis. Proin euismod nibh eu elit tincidunt, nec commodo risus dictum. Curabitur ullamcorper diam quis erat elementum faucibus. Suspendisse at tortor magna. Fusce adipiscing viverra risus nec condimentum. Lorem ipsum dolor sit amet, consectetur adipiscing elit. In non ante placerat, condimentum tellus vel, porttitor quam. - -Sed rhoncus dictum tortor, sed sagittis turpis vulputate eu. Vivamus lacinia eget ipsum ut imperdiet. Vestibulum condimentum faucibus urna. Aliquam sit amet nulla sit amet dui egestas malesuada. Integer et felis orci. Cras ac augue suscipit, posuere arcu a, fringilla enim. Pellentesque mattis eget metus eget semper. In at augue elit. Sed ut ullamcorper nulla. Ut cursus hendrerit mi sed gravida. Phasellus semper nulla ut nibh posuere ullamcorper. Pellentesque in mi scelerisque nisl tempor blandit. Pellentesque faucibus urna id libero rhoncus eleifend. \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/TrustStoreGalaxyImport.py Thu Dec 12 13:07:45 2013 +1100 @@ -0,0 +1,49 @@ +import sys +import shutil +from py_ts import TrustStoreClient, ts_utils + +if __name__ == '__main__': + + kms_url = sys.argv[1] + ims_url = sys.argv[2] + username = sys.argv[3] + password = sys.argv[4] + client_key = sys.argv[5] + client_secret = sys.argv[6] + storename = sys.argv[7] + path = sys.argv[8] + filename = sys.argv[9] + outputFile = sys.argv[10] + + config = TrustStoreClient.Config(ims_url, kms_url, client_key, client_secret) + ts = TrustStoreClient.TrustStoreClient(headless=True, config=config) + try: + ts.authenticate(username, password) + except TrustStoreClient.TrustStoreClientAuthenticationException as e: + print e + sys.exit(5) + ts.getPrivateKey('privkey.pem') + listing = ts.listStores() + found = False + for store in listing: + if store.friendly_name == storename: + found = True + root = ts.listDirectory(store) + location = None + if path != "/": + location = ts_utils.ts_utils.dirAtPath(root, path) + if not location: + print "Path not found" + sys.exit(3) + else: + location = root + downloadMe = ts_utils.ts_utils.recurseToChildNamed(location, filename) + if downloadMe: + download = ts.getFile(store, downloadMe) + shutil.copy(download, outputFile) + else: + print "File not found" + sys.exit(4) + if not found: + print "Store not found" + sys.exit(2)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/TrustStoreGalaxyImport.xml Thu Dec 12 13:07:45 2013 +1100 @@ -0,0 +1,123 @@ +<tool id="ts_import_1" name="Import Data from TrustStore" vertion="0.1"> <!-- tool_type="data_source"> --> + <description> secure cloud storage.</description> + <stdio> + <exit_code range="2" err_level="fatal" description="Could not find store with supplied name." /> + <exit_code range="3" err_level="fatal" description="Could not find supplied path in store." /> + <exit_code range="4" err_level="fatal" description="Could not find supplied filename in store at path." /> + <exit_code range="5" err_level="fatal" description="Bad credentials supplied. See stdout for more information." /> + </stdio> + <command interpreter="python">TrustStoreGalaxyImport.py https://tstest-kms.it.csiro.au/kmscolab_3_0 https://tstest-ims.it.csiro.au/ims_3_0/services/IMS $username $password desktop cpU92F1PT7VOCANjSknuCDp4DrubmujoBaF6b0miz8OpKNokEbGMHCaSFK5/lISbBmaaGVCgeADI2A39F3Hkeg== $storename $path $filename $output</command> + <inputs> + <param name="file_type" type="select" label="File Format" help="Which format is the data you're downloading?"> + <option value="ab1"/> + <option value="axt"/> + <option value="bam"/> + <option value="bed"/> + <option value="coverage" /> + <option value="customtrack" /> + <option value="csfasta" /> + <option value="fasta" /> + <option value="eland" /> + <option value="fastq" /> + <option value="fasqsanger" /> + <option value="gtf" /> + <option value="gff" /> + <option value="gff3" /> + <option value="genetrack" /> + <option value="interval" /> + <option value="laj" /> + <option value="lav" /> + <option value="maf" /> + <option value="pileup" /> + <option value="qualsolid" /> + <option value="qualsolexa" /> + <option value="sam"/> + <option value="scf"/> + <option value="sff"/> + <option value="tabular" /> + <option value="taxonomy" /> + <option value="txt"/> + <option value="wig"/> + <option value="xml"/> + </param> + <!-- <param name="kms_url" type="text" label="kms url" help="the remote url for your key management service" value="http://localhost:8080/TSSKeyManagementService-Collaboration" size="200" /> + <param name="ims_url" type="text" label="ims url" help="the remote url for your integrity management service" value="http://localhost:8080/TSSIntegrityManagementService/services/IMS" size="200" /> --> + <param name="username" type="text" label="username" help="kms username" value="user" size="20" > + <sanitizer> + <valid initial="string.printable"> + <remove value="'"/> + </valid> + <mapping initial="none"> + <add source="'" target="__sq__"/> + </mapping> + </sanitizer> + </param> + <param name="password" type="text" label="password" help="kms password" value="password" size="1"> + <sanitizer> + <valid initial="string.printable"> + <remove value="'"/> + </valid> + <mapping initial="none"> + <add source="'" target="__sq__"/> + </mapping> + </sanitizer> + </param> + <!-- <param name="client_key" type="text" label="client key" help="kms client name" value="my-trusted-client-with-secret" size="20" /> --> + <!-- <param name="client_secret" type="text" label="client secret" help="kms client secret" value="somesecret" size="20" /> --> + <param name="storename" type="text" label="Store Name" help="e.g.: My Galaxy Store" value="galaxy" size="20" /> + <param name="path" type="text" label="Path in store" help="e.g.: /rawdata/feb2014/, leave as / for top level files" value="/" size="20" /> + <param name="filename" type="text" label="File name" help="e.g.: export1.bam" value="1.png" size="20" /> + </inputs> + <outputs> + <data name="output" format="ab1"> + <change_format> + <when input="file_type" value="ab1" format="ab1" /> + <when input="file_type" value="axt" format="axt" /> + <when input="file_type" value="bam" format="bam" /> + <when input="file_type" value="bed" format="bed" /> + <when input="file_type" value="coverage" format="coverage" /> + <when input="file_type" value="customtrack" format="customtrack" /> + <when input="file_type" value="csfasta" format="csfasta" /> + <when input="file_type" value="fasta" format="fasta" /> + <when input="file_type" value="eland" format="eland" /> + <when input="file_type" value="fastq" format="fastq" /> + <when input="file_type" value="fasqsanger" format="fastqsanger" /> + <when input="file_type" value="gtf" format="gtf" /> + <when input="file_type" value="gff" format="gff" /> + <when input="file_type" value="gff3" format="gff3" /> + <when input="file_type" value="genetrack" format="genetrack" /> + <when input="file_type" value="interval" format="interval" /> + <when input="file_type" value="laj" format="laj" /> + <when input="file_type" value="lav" format="lav" /> + <when input="file_type" value="maf" format="maf" /> + <when input="file_type" value="pileup" format="pileup" /> + <when input="file_type" value="qualsolid" format="qualsolid" /> + <when input="file_type" value="qualsolexa" format="qualsolexa" /> + <when input="file_type" value="sam" format="sam" /> + <when input="file_type" value="scf" format="scf" /> + <when input="file_type" value="sff" format="sff" /> + <when input="file_type" value="tabular" format="tabular" /> + <when input="file_type" value="taxonomy" format="taxonomy" /> + <when input="file_type" value="txt" format="txt" /> + <when input="file_type" value="wig" format="wig" /> + <when input="file_type" value="xml" format="xml" /> + </change_format> + </data> + </outputs> + + <tests> + <test> + </test> + </tests> + + <requirements> + <requirement type="python-module">py_ts</requirement> + <requirement type="binary" version="1.0.0">openssl</requirement> + </requirements> + + <help> +This tool lets users import data they have uploaded to the TrustStore system. + +Upload files to TrustStore using the desktop client. + </help> +</tool> \ No newline at end of file