Skip to content

Commit badb39f

Browse files
committed
move common functionality and command-line options into flashproxy-common
- move keys.DEFAULT_FACILITATOR_PUBKEY_PEM into new reg module to be with other default-facilitator data
1 parent e6b07f1 commit badb39f

File tree

8 files changed

+177
-338
lines changed

8 files changed

+177
-338
lines changed

flashproxy-client

Lines changed: 6 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ import BaseHTTPServer
88
import array
99
import base64
1010
import cStringIO
11+
import flashproxy
1112
import os
1213
import os.path
1314
import select
@@ -19,7 +20,8 @@ import threading
1920
import time
2021
import traceback
2122

22-
from flashproxy.util import parse_addr_spec, addr_family, format_addr
23+
from flashproxy.util import parse_addr_spec, addr_family, format_addr, safe_str, safe_format_addr
24+
from flashproxy.reg import DEFAULT_TRANSPORT
2325

2426
from hashlib import sha1
2527

@@ -35,7 +37,6 @@ DEFAULT_LOCAL_PORT_EXTERNAL = 9001
3537
DEFAULT_REMOTE_PORT = 9000
3638
DEFAULT_REGISTER_METHODS = ["appspot", "email", "http"]
3739
DEFAULT_PORT_FORWARDING_HELPER = "tor-fw-helper"
38-
DEFAULT_TRANSPORT = "websocket"
3940

4041
# We will re-register if we have fewer than this many waiting proxies. The
4142
# facilitator may choose to ignore our requests.
@@ -71,22 +72,12 @@ class options(object):
7172
facilitator_url = None
7273
facilitator_pubkey_filename = None
7374

74-
def safe_str(s):
75-
"""Return "[scrubbed]" if options.safe_logging is true, and s otherwise."""
76-
if options.safe_logging:
77-
return "[scrubbed]"
78-
else:
79-
return s
80-
8175
log_lock = threading.Lock()
8276
def log(msg):
8377
with log_lock:
8478
print >> options.log_file, (u"%s %s" % (time.strftime(LOG_DATE_FORMAT), msg)).encode("UTF-8")
8579
options.log_file.flush()
8680

87-
def safe_format_addr(addr):
88-
return safe_str(format_addr(addr))
89-
9081
def format_sockaddr(sockaddr):
9182
host, port = socket.getnameinfo(sockaddr, socket.NI_NUMERICHOST | socket.NI_NUMERICSERV)
9283
port = int(port)
@@ -1036,19 +1027,8 @@ The -4, -6, --unsafe-logging, --transport and --facilitator-pubkey options are
10361027
propagated to the child registration helpers. For backwards compatilibility,
10371028
the --facilitator option is also propagated to the http registration helper.
10381029
If you need to pass more options, use TODO #9976.""")
1039-
# common opts
1040-
parser.add_argument("-4", help="name lookups use only IPv4.",
1041-
action="store_const", const=socket.AF_INET, dest="address_family")
1042-
parser.add_argument("-6", help="name lookups use only IPv6.",
1043-
action="store_const", const=socket.AF_INET6, dest="address_family")
1044-
parser.add_argument("--unsafe-logging", help="don't scrub IP addresses and "
1045-
"other sensitive information from logs.", action="store_true")
1046-
parser.add_argument("--facilitator-pubkey", help="encrypt registrations to "
1047-
"the given PEM-formatted public key file (default built-in).",
1048-
metavar='FILENAME')
1049-
parser.add_argument("--transport",
1050-
help="register using the given transport, default %(default)s.",
1051-
default=DEFAULT_TRANSPORT)
1030+
flashproxy.util.add_module_opts(parser)
1031+
flashproxy.reg.add_module_opts(parser)
10521032
parser.add_argument("-f", "--facilitator", metavar="URL",
10531033
help="register with the facilitator at this URL, default %(default)s. "
10541034
"This is passed to the http registration ONLY.")
@@ -1090,12 +1070,7 @@ If you need to pass more options, use TODO #9976.""")
10901070

10911071
ns = parser.parse_args(sys.argv[1:])
10921072
# set registration options
1093-
options.address_family = ns.address_family or socket.AF_UNSPEC
1094-
if options.address_family != socket.AF_UNSPEC:
1095-
getaddrinfo = socket.getaddrinfo
1096-
def getaddrinfo_replacement(host, port, family, *args, **kwargs):
1097-
return getaddrinfo(host, port, options.address_family, *args, **kwargs)
1098-
socket.getaddrinfo = getaddrinfo_replacement
1073+
options.address_family = ns.address_family
10991074
options.transport = ns.transport
11001075
options.safe_logging = not ns.unsafe_logging
11011076
options.facilitator_url = ns.facilitator

flashproxy-reg-appspot

Lines changed: 13 additions & 84 deletions
Original file line numberDiff line numberDiff line change
@@ -2,71 +2,28 @@
22
"""Register with a facilitator through Google App Engine."""
33

44
import argparse
5+
import flashproxy
56
import httplib
6-
import os
77
import socket
8-
import subprocess
98
import sys
109
import urlparse
1110
import urllib2
1211

1312
from flashproxy.keys import PIN_GOOGLE_CA_CERT, PIN_GOOGLE_PUBKEY_SHA1, check_certificate_pin, ensure_M2Crypto, temp_cert
14-
from flashproxy.util import parse_addr_spec, format_addr
13+
from flashproxy.reg import build_reg_b64enc
14+
from flashproxy.util import parse_addr_spec, safe_str, safe_format_addr
1515

1616
try:
1717
from M2Crypto import SSL
1818
except ImportError:
1919
# Defer the error reporting so that --help works even without M2Crypto.
2020
pass
2121

22-
DEFAULT_REMOTE = ("", 9000)
23-
DEFAULT_TRANSPORT = "websocket"
24-
2522
# The domain to which requests appear to go.
2623
FRONT_DOMAIN = "www.google.com"
2724
# The value of the Host header within requests.
2825
TARGET_DOMAIN = "fp-reg-a.appspot.com"
2926

30-
FLASHPROXY_REG_URL = "flashproxy-reg-url"
31-
32-
class options(object):
33-
address_family = socket.AF_UNSPEC
34-
use_certificate_pin = True
35-
facilitator_pubkey_filename = None
36-
transport = DEFAULT_TRANSPORT
37-
safe_logging = True
38-
39-
def safe_str(s):
40-
"""Return "[scrubbed]" if options.safe_logging is true, and s otherwise."""
41-
if options.safe_logging:
42-
return "[scrubbed]"
43-
else:
44-
return s
45-
46-
def safe_format_addr(addr):
47-
return safe_str(format_addr(addr))
48-
49-
def generate_url(addr):
50-
if getattr(sys, "frozen", False):
51-
script_dir = os.path.dirname(sys.executable)
52-
else:
53-
script_dir = sys.path[0]
54-
if not script_dir:
55-
# Maybe the script was read from stdin; in any case don't guess at the directory.
56-
raise ValueError("Can't find executable directory for registration helpers")
57-
command = [os.path.join(script_dir, FLASHPROXY_REG_URL)]
58-
command += ["-f", urlparse.urlunparse(("https", FRONT_DOMAIN, "/", "", "", ""))]
59-
if options.transport is not None:
60-
command += ["--transport", options.transport]
61-
if options.facilitator_pubkey_filename is not None:
62-
command += ["--facilitator-pubkey", options.facilitator_pubkey_filename]
63-
command.append(format_addr(addr))
64-
p = subprocess.Popen(command, stdout=subprocess.PIPE)
65-
stdout, stderr = p.communicate()
66-
if p.returncode != 0:
67-
raise ValueError("%s exited with status %d" % (FLASHPROXY_REG_URL, p.returncode))
68-
return stdout.strip()
69-
7027
# Like socket.create_connection in that it tries resolving different address
7128
# families, but doesn't connect the socket.
7229
def create_socket(address, timeout = None):
@@ -105,8 +62,7 @@ class PinHTTPSConnection(httplib.HTTPSConnection):
10562
self.sock = SSL.Connection(ctx, sock)
10663
self.sock.connect((self.host, self.port))
10764

108-
if options.use_certificate_pin:
109-
check_certificate_pin(self.sock, PIN_GOOGLE_PUBKEY_SHA1)
65+
check_certificate_pin(self.sock, PIN_GOOGLE_PUBKEY_SHA1)
11066

11167
class PinHTTPSHandler(urllib2.HTTPSHandler):
11268
def https_open(self, req):
@@ -130,40 +86,12 @@ parser = argparse.ArgumentParser(
13086
description="Register with a facilitator through a Google App Engine app. "
13187
"If only the external port is given, the remote server guesses our "
13288
"external address.")
133-
# common opts
134-
parser.add_argument("-4", help="name lookups use only IPv4.",
135-
action="store_const", const=socket.AF_INET, dest="address_family")
136-
parser.add_argument("-6", help="name lookups use only IPv6.",
137-
action="store_const", const=socket.AF_INET6, dest="address_family")
138-
parser.add_argument("--unsafe-logging", help="don't scrub IP addresses and "
139-
"other sensitive information from logs.", action="store_true")
140-
parser.add_argument("--disable-pin", help="disable all certificate pinning "
141-
"checks", action="store_true",)
142-
parser.add_argument("--facilitator-pubkey", help="encrypt registrations to "
143-
"the given PEM-formatted public key file (default built-in).",
144-
metavar='FILENAME')
145-
parser.add_argument("--transport",
146-
help="register using the given transport, default %(default)s.",
147-
default=DEFAULT_TRANSPORT)
148-
# common args
149-
parser.add_argument("remote_addr",
150-
help="remote to register, default %s - the external IP address is guessed."
151-
% format_addr(DEFAULT_REMOTE),
152-
metavar="REMOTE:PORT", default="", nargs="?",
153-
type=lambda x: parse_addr_spec(x, *DEFAULT_REMOTE))
154-
155-
ns = parser.parse_args(sys.argv[1:])
156-
options.address_family = ns.address_family or socket.AF_UNSPEC
157-
if options.address_family != socket.AF_UNSPEC:
158-
getaddrinfo = socket.getaddrinfo
159-
def getaddrinfo_replacement(host, port, family, *args, **kwargs):
160-
return getaddrinfo(host, port, options.address_family, *args, **kwargs)
161-
socket.getaddrinfo = getaddrinfo_replacement
162-
options.safe_logging = not ns.unsafe_logging
163-
options.use_certificate_pin = not ns.disable_pin
164-
options.facilitator_pubkey_filename = ns.facilitator_pubkey
165-
options.transport = ns.transport
166-
remote_addr = ns.remote_addr
89+
flashproxy.util.add_module_opts(parser)
90+
flashproxy.keys.add_module_opts(parser)
91+
flashproxy.reg.add_registration_args(parser)
92+
93+
options = parser.parse_args(sys.argv[1:])
94+
remote_addr = options.remote_addr
16795

16896
ensure_M2Crypto()
16997

@@ -186,9 +114,10 @@ if not remote_addr[0]:
186114
sys.exit(1)
187115

188116
try:
189-
url = generate_url(remote_addr)
117+
reg = build_reg_b64enc(remote_addr, options.transport, urlsafe=True)
118+
url = urlparse.urljoin(urlparse.urlunparse(("https", FRONT_DOMAIN, "/", "", "", "")), "reg/" + reg)
190119
except Exception, e:
191-
print >> sys.stderr, "Error running %s: %s" % (FLASHPROXY_REG_URL, str(e))
120+
print >> sys.stderr, "Error generating URL: %s" % str(e)
192121
sys.exit(1)
193122

194123
try:

0 commit comments

Comments
 (0)