runtime/Stunnel.py
author Edouard Tisserant <edouard@beremiz.fr>
Mon, 30 Sep 2024 16:21:11 +0200
changeset 4023 b344393859df
parent 3884 34da877021d5
permissions -rw-r--r--
MQTT: Add status global variable MQTT_STATUS_n, one per MQTT client
3750
f62625418bff automated conversion using 2to3-3.9 tool
GP Orcullo <kinsamanka@gmail.com>
parents: 2542
diff changeset
     1
f62625418bff automated conversion using 2to3-3.9 tool
GP Orcullo <kinsamanka@gmail.com>
parents: 2542
diff changeset
     2
2321
0a3103cd825d Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff changeset
     3
import os
3848
91da73c3df61 Addapt to Py3.11.5 in Stunnel.py
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 3750
diff changeset
     4
from binascii import b2a_base64
2339
48b4eba13064 IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented.
Edouard Tisserant
parents: 2328
diff changeset
     5
try:
48b4eba13064 IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented.
Edouard Tisserant
parents: 2328
diff changeset
     6
    from runtime.spawn_subprocess import call
48b4eba13064 IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented.
Edouard Tisserant
parents: 2328
diff changeset
     7
except ImportError:
48b4eba13064 IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented.
Edouard Tisserant
parents: 2328
diff changeset
     8
    from subprocess import call
2321
0a3103cd825d Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff changeset
     9
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    10
restart_stunnel_cmdline = ["/etc/init.d/S50stunnel", "restart"]
2321
0a3103cd825d Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff changeset
    11
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    12
_PSKpath = None
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    13
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    14
2542
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    15
def restartStunnel():
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    16
    """
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    17
    Restart stunnel service using SysV init stript
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    18
    to apply new generated credentials
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    19
    """
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    20
    try:
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    21
        call(restart_stunnel_cmdline)
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    22
    except OSError:
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    23
        print(_("Couldn't restart stunnel service"))
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    24
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    25
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    26
def PSKgen(ID, PSKpath):
2323
33a0dbabccd3 Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents: 2321
diff changeset
    27
3848
91da73c3df61 Addapt to Py3.11.5 in Stunnel.py
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 3750
diff changeset
    28
    # secret string length is 256
91da73c3df61 Addapt to Py3.11.5 in Stunnel.py
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 3750
diff changeset
    29
    # b2a_base64 output len is 4/3 input len
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    30
    secret = os.urandom(192)  # int(256/1.3333)
3848
91da73c3df61 Addapt to Py3.11.5 in Stunnel.py
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 3750
diff changeset
    31
    secretstring = b2a_base64(secret)
2323
33a0dbabccd3 Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents: 2321
diff changeset
    32
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    33
    PSKstring = ID+":"+secretstring
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    34
    with open(PSKpath, 'w') as f:
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    35
        f.write(PSKstring)
2542
a3ec35ee94e7 Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    36
    restartStunnel()
2321
0a3103cd825d Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff changeset
    37
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    38
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    39
def ensurePSK(ID, PSKpath):
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    40
    global _PSKpath
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    41
    _PSKpath = PSKpath
2321
0a3103cd825d Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff changeset
    42
    # check if already there
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    43
    if not os.path.exists(PSKpath):
2321
0a3103cd825d Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff changeset
    44
        # create if needed
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    45
        PSKgen(ID, PSKpath)
2321
0a3103cd825d Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff changeset
    46
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    47
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    48
def getPSKID(errorlog):
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    49
    if _PSKpath is not None:
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    50
        if not os.path.exists(_PSKpath):
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    51
            errorlog(
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    52
                'Error: Pre-Shared-Key Secret in %s is missing!\n' % _PSKpath)
3884
34da877021d5 Replace PYRO with ERPC. Work In Progress.
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 3848
diff changeset
    53
            return ("","")
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    54
        ID, _sep, PSK = open(_PSKpath).read().partition(':')
2324
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents: 2323
diff changeset
    55
        PSK = PSK.rstrip('\n\r')
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2339
diff changeset
    56
        return (ID, PSK)
3884
34da877021d5 Replace PYRO with ERPC. Work In Progress.
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 3848
diff changeset
    57
    return ("","")