runtime/Stunnel.py
author Edouard Tisserant <edouard@beremiz.fr>
Tue, 23 Jul 2024 17:05:59 +0200
changeset 3999 1479acf750e2
parent 3884 34da877021d5
permissions -rw-r--r--
MQTT: WIP fix modified status not being set when adding and modifying topics or attributes.

Fix loading of CSV that was not applying model types, and that not checking conformance either.
3750
f62625418bff automated conversion using 2to3-3.9 tool
GP Orcullo <kinsamanka@gmail.com>
parents: 2542
diff changeset
     1
f62625418bff automated conversion using 2to3-3.9 tool
GP Orcullo <kinsamanka@gmail.com>
parents: 2542
diff changeset
     2
2321
0a3103cd825d Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff changeset
     3
import os
3848
91da73c3df61 Addapt to Py3.11.5 in Stunnel.py
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 3750
diff changeset
     4
from binascii import b2a_base64
2339
48b4eba13064 IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented.
Edouard Tisserant
parents: 2328
diff changeset
     5
try:
48b4eba13064 IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented.
Edouard Tisserant
parents: 2328
diff changeset
     6
    from runtime.spawn_subprocess import call
48b4eba13064 IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented.
Edouard Tisserant
parents: 2328
diff changeset
     7
except ImportError:
48b4eba13064 IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented.
Edouard Tisserant
parents: 2328
diff changeset
     8
    from subprocess import call
2321
0a3103cd825d Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff changeset
     9
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    10
restart_stunnel_cmdline = ["/etc/init.d/S50stunnel", "restart"]
2321
0a3103cd825d Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff changeset
    11
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    12
_PSKpath = None
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    13
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    14
2542
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    15
def restartStunnel():
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    16
    """
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    17
    Restart stunnel service using SysV init stript
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    18
    to apply new generated credentials
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    19
    """
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    20
    try:
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    21
        call(restart_stunnel_cmdline)
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    22
    except OSError:
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    23
        print(_("Couldn't restart stunnel service"))
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    24
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    25
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    26
def PSKgen(ID, PSKpath):
2323
33a0dbabccd3 Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents: 2321
diff changeset
    27
3848
91da73c3df61 Addapt to Py3.11.5 in Stunnel.py
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 3750
diff changeset
    28
    # secret string length is 256
91da73c3df61 Addapt to Py3.11.5 in Stunnel.py
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 3750
diff changeset
    29
    # b2a_base64 output len is 4/3 input len
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    30
    secret = os.urandom(192)  # int(256/1.3333)
3848
91da73c3df61 Addapt to Py3.11.5 in Stunnel.py
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 3750
diff changeset
    31
    secretstring = b2a_base64(secret)
2323
33a0dbabccd3 Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents: 2321
diff changeset
    32
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    33
    PSKstring = ID+":"+secretstring
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    34
    with open(PSKpath, 'w') as f:
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    35
        f.write(PSKstring)
2542
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    36
    restartStunnel()
2321
0a3103cd825d Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff changeset
    37
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    38
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    39
def ensurePSK(ID, PSKpath):
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    40
    global _PSKpath
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    41
    _PSKpath = PSKpath
2321
0a3103cd825d Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff changeset
    42
    # check if already there
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    43
    if not os.path.exists(PSKpath):
2321
0a3103cd825d Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff changeset
    44
        # create if needed
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    45
        PSKgen(ID, PSKpath)
2321
0a3103cd825d Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff changeset
    46
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    47
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    48
def getPSKID(errorlog):
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    49
    if _PSKpath is not None:
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    50
        if not os.path.exists(_PSKpath):
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    51
            errorlog(
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    52
                'Error: Pre-Shared-Key Secret in %s is missing!\n' % _PSKpath)
3884
34da877021d5 Replace PYRO with ERPC. Work In Progress.
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 3848
diff changeset
    53
            return ("","")
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    54
        ID, _sep, PSK = open(_PSKpath).read().partition(':')
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    55
        PSK = PSK.rstrip('\n\r')
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    56
        return (ID, PSK)
3884
34da877021d5 Replace PYRO with ERPC. Work In Progress.
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 3848
diff changeset
    57
    return ("","")