connectors/PYRO/PSK_Adapter.py
author Edouard Tisserant <edouard.tisserant@gmail.com>
Wed, 04 Oct 2023 16:24:00 +0200
branchpython3
changeset 3854 d29d67e86532
parent 3750 f62625418bff
permissions -rw-r--r--
Merge
#!/usr/bin/env python
# -*- coding: utf-8 -*-

# This file is part of Beremiz, a Integrated Development Environment for
# programming IEC 61131-3 automates supporting plcopen standard and CanFestival.
#
# Copyright (C) 2019: Edouard TISSERANT
#
# See COPYING file for copyrights details.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.


"""
The TLS-PSK adapter that handles SSL connections instead of regular sockets,
but using Pre Shared Keys instead of Certificates
"""




import socket
import re
import ssl
import Pyro
from Pyro.core import PyroURI
from Pyro.protocol import _connect_socket, TCPConnection, PYROAdapter
from Pyro.errors import ConnectionDeniedError, ProtocolError
from Pyro.util import Log

try:
    import sslpsk
except ImportError as e:
    print(str(e))
    sslpsk = None


class PYROPSKAdapter(PYROAdapter):
    """
    This is essentialy the same as in Pyro/protocol.py
    only raw_sock wrapping into sock through sslpsk.wrap_socket was added
    Pyro unfortunately doesn't allow cleaner customization
    """

    def bindToURI(self, URI):
        with self.lock:   # only 1 thread at a time can bind the URI
            try:
                self.URI = URI

                # This are the statements that differ from Pyro/protocol.py
                raw_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                _connect_socket(raw_sock, URI.address, URI.port, self.timeout)
                sock = sslpsk.wrap_socket(
                    raw_sock, psk=Pyro.config.PYROPSK, server_side=False,
                    ciphers="PSK-AES256-CBC-SHA",  # available in openssl 1.0.2
                    ssl_version=ssl.PROTOCOL_TLSv1)
                # all the rest is the same as in Pyro/protocol.py

                conn = TCPConnection(sock, sock.getpeername())
                # receive the authentication challenge string, and use that to build the actual identification string.
                try:
                    authChallenge = self.recvAuthChallenge(conn)
                except ProtocolError as x:
                    # check if we were denied
                    if hasattr(x, "partialMsg") and x.partialMsg[:len(self.denyMSG)] == self.denyMSG:
                        raise ConnectionDeniedError(Pyro.constants.deniedReasons[int(x.partialMsg[-1])])
                    else:
                        raise
                # reply with our ident token, generated from the ident passphrase and the challenge
                msg = self._sendConnect(sock, self.newConnValidator.createAuthToken(self.ident, authChallenge, conn.addr, self.URI, None))
                if msg == self.acceptMSG:
                    self.conn = conn
                    self.conn.connected = 1
                    Log.msg('PYROAdapter', 'connected to', str(URI))
                    if URI.protocol == 'PYROLOCPSK':
                        self.resolvePYROLOC_URI("PYROPSK")  # updates self.URI
                elif msg[:len(self.denyMSG)] == self.denyMSG:
                    try:
                        raise ConnectionDeniedError(Pyro.constants.deniedReasons[int(msg[-1])])
                    except (KeyError, ValueError):
                        raise ConnectionDeniedError('invalid response')
            except socket.error:
                Log.msg('PYROAdapter', 'connection failed to URI', str(URI))
                raise ProtocolError('connection failed')


_getProtocolAdapter = Pyro.protocol.getProtocolAdapter


def getProtocolAdapter(protocol):
    if protocol in ('PYROPSK', 'PYROLOCPSK'):
        return PYROPSKAdapter()
    return _getProtocolAdapter(protocol)


_processStringURI = Pyro.core.processStringURI


def processStringURI(URI):
    x = re.match(r'(?P<protocol>PYROLOCPSK)://(?P<hostname>[^\s:]+):?(?P<port>\d+)?/(?P<name>\S*)', URI)
    if x:
        protocol = x.group('protocol')
        hostname = x.group('hostname')
        port = x.group('port')
        if port:
            port = int(port)
        else:
            port = 0
        name = x.group('name')
        return PyroURI(hostname, name, port, protocol)
    return _processStringURI(URI)


def setupPSKAdapter():
    """
    Add PyroAdapter to the list of available in
    Pyro adapters and handle new supported protocols

    This function should be called after
    reimport of Pyro module to enable PYROS:// again.
    """
    if sslpsk is not None:
        Pyro.protocol.getProtocolAdapter = getProtocolAdapter
        Pyro.core.processStringURI = processStringURI
    else:
        raise Exception("sslpsk python module unavailable")