2
2
"""Register with a facilitator through Google App Engine."""
3
3
4
4
import argparse
5
+ import flashproxy
5
6
import httplib
6
- import os
7
7
import socket
8
- import subprocess
9
8
import sys
10
9
import urlparse
11
10
import urllib2
12
11
13
12
from flashproxy .keys import PIN_GOOGLE_CA_CERT , PIN_GOOGLE_PUBKEY_SHA1 , check_certificate_pin , ensure_M2Crypto , temp_cert
14
- from flashproxy .util import parse_addr_spec , format_addr
13
+ from flashproxy .reg import build_reg_b64enc
14
+ from flashproxy .util import parse_addr_spec , safe_str , safe_format_addr
15
15
16
16
try :
17
17
from M2Crypto import SSL
18
18
except ImportError :
19
19
# Defer the error reporting so that --help works even without M2Crypto.
20
20
pass
21
21
22
- DEFAULT_REMOTE = ("" , 9000 )
23
- DEFAULT_TRANSPORT = "websocket"
24
-
25
22
# The domain to which requests appear to go.
26
23
FRONT_DOMAIN = "www.google.com"
27
24
# The value of the Host header within requests.
28
25
TARGET_DOMAIN = "fp-reg-a.appspot.com"
29
26
30
- FLASHPROXY_REG_URL = "flashproxy-reg-url"
31
-
32
- class options (object ):
33
- address_family = socket .AF_UNSPEC
34
- use_certificate_pin = True
35
- facilitator_pubkey_filename = None
36
- transport = DEFAULT_TRANSPORT
37
- safe_logging = True
38
-
39
- def safe_str (s ):
40
- """Return "[scrubbed]" if options.safe_logging is true, and s otherwise."""
41
- if options .safe_logging :
42
- return "[scrubbed]"
43
- else :
44
- return s
45
-
46
- def safe_format_addr (addr ):
47
- return safe_str (format_addr (addr ))
48
-
49
- def generate_url (addr ):
50
- if getattr (sys , "frozen" , False ):
51
- script_dir = os .path .dirname (sys .executable )
52
- else :
53
- script_dir = sys .path [0 ]
54
- if not script_dir :
55
- # Maybe the script was read from stdin; in any case don't guess at the directory.
56
- raise ValueError ("Can't find executable directory for registration helpers" )
57
- command = [os .path .join (script_dir , FLASHPROXY_REG_URL )]
58
- command += ["-f" , urlparse .urlunparse (("https" , FRONT_DOMAIN , "/" , "" , "" , "" ))]
59
- if options .transport is not None :
60
- command += ["--transport" , options .transport ]
61
- if options .facilitator_pubkey_filename is not None :
62
- command += ["--facilitator-pubkey" , options .facilitator_pubkey_filename ]
63
- command .append (format_addr (addr ))
64
- p = subprocess .Popen (command , stdout = subprocess .PIPE )
65
- stdout , stderr = p .communicate ()
66
- if p .returncode != 0 :
67
- raise ValueError ("%s exited with status %d" % (FLASHPROXY_REG_URL , p .returncode ))
68
- return stdout .strip ()
69
-
70
27
# Like socket.create_connection in that it tries resolving different address
71
28
# families, but doesn't connect the socket.
72
29
def create_socket (address , timeout = None ):
@@ -105,8 +62,7 @@ class PinHTTPSConnection(httplib.HTTPSConnection):
105
62
self .sock = SSL .Connection (ctx , sock )
106
63
self .sock .connect ((self .host , self .port ))
107
64
108
- if options .use_certificate_pin :
109
- check_certificate_pin (self .sock , PIN_GOOGLE_PUBKEY_SHA1 )
65
+ check_certificate_pin (self .sock , PIN_GOOGLE_PUBKEY_SHA1 )
110
66
111
67
class PinHTTPSHandler (urllib2 .HTTPSHandler ):
112
68
def https_open (self , req ):
@@ -130,40 +86,12 @@ parser = argparse.ArgumentParser(
130
86
description = "Register with a facilitator through a Google App Engine app. "
131
87
"If only the external port is given, the remote server guesses our "
132
88
"external address." )
133
- # common opts
134
- parser .add_argument ("-4" , help = "name lookups use only IPv4." ,
135
- action = "store_const" , const = socket .AF_INET , dest = "address_family" )
136
- parser .add_argument ("-6" , help = "name lookups use only IPv6." ,
137
- action = "store_const" , const = socket .AF_INET6 , dest = "address_family" )
138
- parser .add_argument ("--unsafe-logging" , help = "don't scrub IP addresses and "
139
- "other sensitive information from logs." , action = "store_true" )
140
- parser .add_argument ("--disable-pin" , help = "disable all certificate pinning "
141
- "checks" , action = "store_true" ,)
142
- parser .add_argument ("--facilitator-pubkey" , help = "encrypt registrations to "
143
- "the given PEM-formatted public key file (default built-in)." ,
144
- metavar = 'FILENAME' )
145
- parser .add_argument ("--transport" ,
146
- help = "register using the given transport, default %(default)s." ,
147
- default = DEFAULT_TRANSPORT )
148
- # common args
149
- parser .add_argument ("remote_addr" ,
150
- help = "remote to register, default %s - the external IP address is guessed."
151
- % format_addr (DEFAULT_REMOTE ),
152
- metavar = "REMOTE:PORT" , default = "" , nargs = "?" ,
153
- type = lambda x : parse_addr_spec (x , * DEFAULT_REMOTE ))
154
-
155
- ns = parser .parse_args (sys .argv [1 :])
156
- options .address_family = ns .address_family or socket .AF_UNSPEC
157
- if options .address_family != socket .AF_UNSPEC :
158
- getaddrinfo = socket .getaddrinfo
159
- def getaddrinfo_replacement (host , port , family , * args , ** kwargs ):
160
- return getaddrinfo (host , port , options .address_family , * args , ** kwargs )
161
- socket .getaddrinfo = getaddrinfo_replacement
162
- options .safe_logging = not ns .unsafe_logging
163
- options .use_certificate_pin = not ns .disable_pin
164
- options .facilitator_pubkey_filename = ns .facilitator_pubkey
165
- options .transport = ns .transport
166
- remote_addr = ns .remote_addr
89
+ flashproxy .util .add_module_opts (parser )
90
+ flashproxy .keys .add_module_opts (parser )
91
+ flashproxy .reg .add_registration_args (parser )
92
+
93
+ options = parser .parse_args (sys .argv [1 :])
94
+ remote_addr = options .remote_addr
167
95
168
96
ensure_M2Crypto ()
169
97
@@ -186,9 +114,10 @@ if not remote_addr[0]:
186
114
sys .exit (1 )
187
115
188
116
try :
189
- url = generate_url (remote_addr )
117
+ reg = build_reg_b64enc (remote_addr , options .transport , urlsafe = True )
118
+ url = urlparse .urljoin (urlparse .urlunparse (("https" , FRONT_DOMAIN , "/" , "" , "" , "" )), "reg/" + reg )
190
119
except Exception , e :
191
- print >> sys .stderr , "Error running %s : %s" % ( FLASHPROXY_REG_URL , str (e ) )
120
+ print >> sys .stderr , "Error generating URL : %s" % str (e )
192
121
sys .exit (1 )
193
122
194
123
try :
0 commit comments