From b8d3aab7a59231cdd256482daa14ab8378daf8b5 Mon Sep 17 00:00:00 2001 From: Faidon Liambotis Date: Sun, 12 Aug 2012 07:49:18 +0300 Subject: [PATCH] Move protocol and client into Python modules Shuffle files around in an initial attempt of creating trustify, trustify.protocol and trustify.client Python modules. The reference implemntation of the server remains where it was for now. --- .gitignore | 2 +- client-webserver/README | 10 ------- client-webserver/hashcash.py | 1 - client.py | 6 +++++ server-ca/Makefile | 4 --- server-ca/chocolate.py | 4 +-- trustify/__init__.py | 0 .../client}/.gitignore | 0 .../client}/CONFIG.py | 0 trustify/client/__init__.py | 0 .../client}/choc_cert_extensions.cnf | 0 .../client}/client.py | 27 +++++++------------ .../client}/configurator.py | 3 +-- .../client}/options-ssl.conf | 0 .../client}/sni_challenge.py | 15 +++-------- trustify/protocol/Makefile | 7 +++++ trustify/protocol/__init__.py | 0 .../protocol/chocolate.proto | 0 {server-ca => trustify/protocol}/hashcash.py | 0 19 files changed, 30 insertions(+), 49 deletions(-) delete mode 100644 client-webserver/README delete mode 120000 client-webserver/hashcash.py create mode 100644 client.py create mode 100644 trustify/__init__.py rename {client-webserver => trustify/client}/.gitignore (100%) rename {client-webserver => trustify/client}/CONFIG.py (100%) create mode 100644 trustify/client/__init__.py rename {client-webserver => trustify/client}/choc_cert_extensions.cnf (100%) rename {client-webserver => trustify/client}/client.py (94%) rename {client-webserver => trustify/client}/configurator.py (99%) rename {client-webserver => trustify/client}/options-ssl.conf (100%) rename {client-webserver => trustify/client}/sni_challenge.py (94%) create mode 100644 trustify/protocol/Makefile create mode 100644 trustify/protocol/__init__.py rename server-ca/chocolate_protocol.proto => trustify/protocol/chocolate.proto (100%) rename {server-ca => trustify/protocol}/hashcash.py (100%) diff --git a/.gitignore b/.gitignore index 724bff929..e998b5d04 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ *.pyc -chocolate_protocol_pb2.py +trustify/protocol/chocolate_pb2.py m3 diff --git a/client-webserver/README b/client-webserver/README deleted file mode 100644 index 1d2051d52..000000000 --- a/client-webserver/README +++ /dev/null @@ -1,10 +0,0 @@ -In this directory are tools that will run on webservers for sysadmins to -automatically obtain their certs - - -Set CHOCOLATESERVER environment variable for client.py, or pass the server -name as a command line argument! - -client.py - experimental tool for making requests and parsing replies -configurator.py - edits Apache config files using Augeas -sni_challenge.py - sets up the Apache server for the DV SNI cert challenge \ No newline at end of file diff --git a/client-webserver/hashcash.py b/client-webserver/hashcash.py deleted file mode 120000 index 3335450d4..000000000 --- a/client-webserver/hashcash.py +++ /dev/null @@ -1 +0,0 @@ -../server-ca/hashcash.py \ No newline at end of file diff --git a/client.py b/client.py new file mode 100644 index 000000000..25e015025 --- /dev/null +++ b/client.py @@ -0,0 +1,6 @@ +#!/usr/bin/env python + +from trustify.client import client + +if __name__ == "__main__": + client.authenticate() diff --git a/server-ca/Makefile b/server-ca/Makefile index 2082e9556..df5b62f2a 100644 --- a/server-ca/Makefile +++ b/server-ca/Makefile @@ -4,9 +4,5 @@ # rsync -av --delete sni_challenge demoCA ${CHOCOLATESERVER}: # ssh ${CHOCOLATESERVER} make -C sni_challenge clean all -chocolate_protocol_pb2.py: chocolate_protocol.proto - protoc chocolate_protocol.proto --python_out=. - cp -p chocolate_protocol_pb2.py ../client-webserver/ - clean: rm -f *.pyc diff --git a/server-ca/chocolate.py b/server-ca/chocolate.py index 3e8e06f28..216980188 100755 --- a/server-ca/chocolate.py +++ b/server-ca/chocolate.py @@ -2,10 +2,10 @@ import web, redis, time, binascii, re, urllib2 import CSR -import hashcash +from trustify.protocol import hashcash from CSR import M2Crypto from Crypto import Random -from chocolate_protocol_pb2 import chocolatemessage +from trustify.protocol.chocolate_pb2 import chocolatemessage from google.protobuf.message import DecodeError from CONFIG import chocolate_server_name, min_keysize, difficulty, polldelay diff --git a/trustify/__init__.py b/trustify/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/client-webserver/.gitignore b/trustify/client/.gitignore similarity index 100% rename from client-webserver/.gitignore rename to trustify/client/.gitignore diff --git a/client-webserver/CONFIG.py b/trustify/client/CONFIG.py similarity index 100% rename from client-webserver/CONFIG.py rename to trustify/client/CONFIG.py diff --git a/trustify/client/__init__.py b/trustify/client/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/client-webserver/choc_cert_extensions.cnf b/trustify/client/choc_cert_extensions.cnf similarity index 100% rename from client-webserver/choc_cert_extensions.cnf rename to trustify/client/choc_cert_extensions.cnf diff --git a/client-webserver/client.py b/trustify/client/client.py similarity index 94% rename from client-webserver/client.py rename to trustify/client/client.py index 5c0f79cf0..9054b3d69 100755 --- a/client-webserver/client.py +++ b/trustify/client/client.py @@ -1,25 +1,19 @@ #!/usr/bin/env python -from chocolate_protocol_pb2 import chocolatemessage import M2Crypto # It is OK to use the upstream M2Crypto here instead of our modified # version. -import urllib2, os, grp, pwd, sys, time, random, sys, hashlib, subprocess +import urllib2 +import os, grp, pwd, sys, time, random, sys +import hashlib +import subprocess import getopt # TODO: support a mode where use of interactive prompting is forbidden -import sni_challenge -import configurator -#from trustify import sni_challenge -#from trustify import configurator - -# bits of hashcash to generate -from CONFIG import difficulty -#from trustify.CONFIG import difficulty - -#Trustify certificate and chain files -from CONFIG import cert_file, chain_file -#from trustify.CONFIG import cert_file, chain_file +from trustify.protocol.chocolate_pb2 import chocolatemessage +from trustify.client import sni_challenge +from trustify.client import configurator +from trustify.client.CONFIG import difficulty, cert_file, chain_file # it's weird to point to chocolate servers via raw IPv6 addresses, and such # addresses can be %SCARY in some contexts, so out of paranoia let's disable @@ -314,7 +308,4 @@ def authenticate(): print "Server reported failure." sys.exit(1) - # vim: set expandtab tabstop=4 shiftwidth=4 - -if __name__ == "__main__": - authenticate() +# vim: set expandtab tabstop=4 shiftwidth=4 diff --git a/client-webserver/configurator.py b/trustify/client/configurator.py similarity index 99% rename from client-webserver/configurator.py rename to trustify/client/configurator.py index e29e3305b..d77344890 100644 --- a/client-webserver/configurator.py +++ b/trustify/client/configurator.py @@ -5,8 +5,7 @@ import os import sys import socket -from CONFIG import SERVER_ROOT, CONFIG_DIR -#from trustify.CONFIG import SERVER_ROOT +from trustify.client.CONFIG import SERVER_ROOT class VH(object): def __init__(self, vh_path, vh_addrs): diff --git a/client-webserver/options-ssl.conf b/trustify/client/options-ssl.conf similarity index 100% rename from client-webserver/options-ssl.conf rename to trustify/client/options-ssl.conf diff --git a/client-webserver/sni_challenge.py b/trustify/client/sni_challenge.py similarity index 94% rename from client-webserver/sni_challenge.py rename to trustify/client/sni_challenge.py index 70b70dfe9..18da8b5cb 100644 --- a/client-webserver/sni_challenge.py +++ b/trustify/client/sni_challenge.py @@ -10,18 +10,11 @@ from os import remove, close, path import binascii import augeas -import configurator -#from trustify import configurator - -from CONFIG import CONFIG_DIR, WORK_DIR, SERVER_ROOT -from CONFIG import CHOC_CERT_CONF, OPTIONS_SSL_CONF, APACHE_CHALLENGE_CONF -from CONFIG import S_SIZE, NONCE_SIZE -#Once directory changes to trustify and becomes package -#from trustify.CONFIG import CONFIG_DIR, WORK_DIR, SERVER_ROOT -#from trustify.CONFIG import CHOC_CERT_CONF, OPTIONS_SSL_CONF -#from trustify.CONFIG import APACHE_CHALLENGE_CONF -#from trustify.CONFIG import S_SIZE, NONCE_SIZE +from trustify.client import configurator +from trustify.client.CONFIG import CONFIG_DIR, WORK_DIR, SERVER_ROOT +from trustify.client.CONFIG import CHOC_CERT_CONF, OPTIONS_SSL_CONF, APACHE_CHALLENGE_CONF +from trustify.client.CONFIG import S_SIZE, NONCE_SIZE def getChocCertFile(nonce): """ diff --git a/trustify/protocol/Makefile b/trustify/protocol/Makefile new file mode 100644 index 000000000..3eaaebd8e --- /dev/null +++ b/trustify/protocol/Makefile @@ -0,0 +1,7 @@ +proto = chocolate.proto + +$(proto:.proto=_pb2.py): $(proto) + protoc $^ --python_out=. + +clean: + rm -f *_pb2.py *_pb2.pyc diff --git a/trustify/protocol/__init__.py b/trustify/protocol/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/server-ca/chocolate_protocol.proto b/trustify/protocol/chocolate.proto similarity index 100% rename from server-ca/chocolate_protocol.proto rename to trustify/protocol/chocolate.proto diff --git a/server-ca/hashcash.py b/trustify/protocol/hashcash.py similarity index 100% rename from server-ca/hashcash.py rename to trustify/protocol/hashcash.py