This repository has been archived by the owner on Jun 11, 2019. It is now read-only.
/
signing.py
121 lines (101 loc) · 4.12 KB
/
signing.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
from urllib import urlencode
from OpenSSL.SSL import Context, TLSv1_METHOD, VERIFY_PEER,\
VERIFY_FAIL_IF_NO_PEER_CERT, OP_NO_SSLv2
from OpenSSL.crypto import load_certificate, FILETYPE_PEM
from twisted.python.urlpath import URLPath
from twisted.internet.ssl import ContextFactory
from twisted.web.client import getPage
from twisted.python.failure import Failure
from twisted.internet import reactor
from buildbot.steps.transfer import StringDownload
class HTTPSVerifyingContextFactory(ContextFactory):
isClient = True
def __init__(self, hostname, certfile):
self.hostname = hostname
data = open(certfile).read()
self.cert = load_certificate(FILETYPE_PEM, data)
def getContext(self):
ctx = Context(TLSv1_METHOD)
store = ctx.get_cert_store()
store.add_cert(self.cert)
ctx.set_verify(VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT,
self.verifyHostname)
ctx.set_options(OP_NO_SSLv2)
return ctx
def verifyHostname(self, connection, x509, errno, depth, preverifyOK):
if preverifyOK:
if self.hostname == x509.get_subject().commonName:
return False
return preverifyOK
class SigningServerAuthenication(StringDownload):
current_attempt = 0
stdio_log = None
uri = None
username = None
password = None
d = None
interrupted = False
def __init__(self, servers, server_cert, duration=2*3600, attempts=5,
sleeptime=60, **kwargs):
kwargs['s'] = ''
StringDownload.__init__(self, **kwargs)
self.addFactoryArguments(servers=servers, server_cert=server_cert,
duration=duration)
self.servers = list(servers)
self.server_cert = server_cert
self.duration = duration
self.attempts = attempts
self.sleeptime = sleeptime
def generateHeaders(self, method, credentials):
headers = {}
if method == 'POST':
headers['Content-Type'] = 'application/x-www-form-urlencoded'
base64string = '%s:%s' % (credentials[0], credentials[1])
base64string = base64string.encode("base64").strip()
headers['Authorization'] = 'Basic %s' % base64string
return headers
def start(self):
if self.interrupted:
self.failed(Failure(Exception('Interrupted')))
return
self.current_attempt += 1
if self.current_attempt > self.attempts:
if len(self.servers) < 1:
self.failed(Failure(Exception(
'No more signing servers to try.')))
else:
self.current_attempt = 1
if self.current_attempt == 1:
uri, self.username, self.password = self.servers.pop()
self.uri = 'https://%s/token' % uri
slaveName = self.getSlaveName()
slaveIP = self.buildslave.slave.broker.transport.getPeer().host
if not self.stdio_log:
self.stdio_log = self.addLog('output')
self.stdio_log.addHeader("Slave: %s\n" % slaveName)
self.stdio_log.addHeader("IP: %s\n" % slaveIP)
self.stdio_log.addHeader("Duration: %s\n" % self.duration)
self.stdio_log.addStdout("URI: %s\n" % self.uri)
method = 'POST'
postdata = {
'slave_ip': slaveIP,
'duration': self.duration,
}
headers = self.generateHeaders(
method=method,
credentials=(self.username, self.password))
contextFactory = HTTPSVerifyingContextFactory(
URLPath(self.uri).netloc, self.server_cert)
d = getPage(self.uri, method=method, headers=headers,
postdata=urlencode(postdata), contextFactory=contextFactory)
d.addCallbacks(
self.downloadSignature,
lambda e: reactor.callLater(self.sleeptime, self.start)
)
def downloadSignature(self, res):
self.s = res
StringDownload.start(self)
def interrupt(self, reason='Interrupted'):
if not self.interrupted:
self.interrupted = True
StringDownload.interrupt(self, 'Interrupted')