atomicshop 3.3.8__py3-none-any.whl → 3.10.0__py3-none-any.whl

atomicshop/mitm/centered_settings.py

@@ -0,0 +1,133 @@
+import os
+import argparse
+import base64
+
+from ..print_api import print_api
+from .. import networks, ssh_remote, package_mains_processor
+from . import config_static, mitm_main
+
+
+def _make_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(
+        description="Apply centered network settings to the target hosts based on the configuration file and arguments."
+    )
+    parser.add_argument(
+        "-t", "--target-hosts-file",
+        type=str,
+        required=True,
+        help="Path to the text file that will include the list of hosts (name/ipv4)."
+    )
+
+    parser.add_argument(
+        "-dns", "--set-default-dns-gateway",
+        action="store_true",
+        help="Set the default gateway as this server LAN IPv4 on the target hosts."
+    )
+    parser.add_argument(
+        "-ca", "--install-ca-cert",
+        action="store_true",
+        help="Install the CA certificate on the target hosts."
+    )
+
+
+    return parser
+
+
+def centered_settings_main(config_file_path: str, script_version: str):
+    print(f"Centered Settings Application Script Version: {script_version}")
+    # Import the configuration file.
+    rc: int = config_static.load_config(config_file_path, print_kwargs=dict(stdout=False))
+    if rc != 0:
+        return rc
+
+    if config_static.MainConfig.is_localhost:
+        print_api("The server is set to localhost mode. No changes will be applied.", color="yellow")
+        return 0
+
+    interface_name: str = mitm_main._get_interface_name()
+    if interface_name is None:
+        return 1
+
+    # File path to the CA certificate file.
+    crt_file_path: str = config_static.MainConfig.ca_certificate_crt_filepath
+    with open(crt_file_path, 'r') as crt_file:
+        ca_certificate_string: str = crt_file.read()
+
+    # Get the main non-virtual IPv4 address.
+    main_ipv4_list: list[str] = networks.get_interface_ips_powershell(interface_name, "dynamic")
+
+    if not main_ipv4_list:
+        print_api(f"Could not determine the main IPv4 address for interface: {interface_name}", color="red")
+        return 1
+    else:
+        main_ipv4: str = main_ipv4_list[0]
+
+    parser = _make_parser()
+    args = parser.parse_args()
+
+    target_hosts_file_path: str = args.target_hosts_file
+    set_default_dns_gateway: bool = args.set_default_dns_gateway
+    install_ca_cert: bool = args.install_ca_cert
+
+    if not set_default_dns_gateway and not install_ca_cert:
+        print_api("No actions specified. Use -dns and/or -ca arguments to apply settings.", color="yellow")
+        return 0
+
+    if not os.path.exists(target_hosts_file_path):
+        print_api(f"Target host list file does not exist: {target_hosts_file_path}", color="red")
+        return 1
+
+    # Read the target hosts from the file.
+    with open(target_hosts_file_path, 'r') as f:
+        target_hosts: list[str] = [line.strip() for line in f if line.strip()]
+    if not target_hosts:
+        print_api(f"No target hosts found in the file: {target_hosts_file_path}", color="red")
+        return 1
+
+    if set_default_dns_gateway:
+        package_processor: package_mains_processor.PackageMainsProcessor = package_mains_processor.PackageMainsProcessor(
+            script_file_stem="set_default_dns_gateway")
+    elif install_ca_cert:
+        package_processor: package_mains_processor.PackageMainsProcessor = package_mains_processor.PackageMainsProcessor(
+            script_file_stem="install_ca_certificate")
+    else:
+        print_api("No valid action specified.", color="red")
+        return 1
+
+    script_string: str = package_processor.read_script_file_to_string()
+
+    for host in target_hosts:
+        ssh_client = ssh_remote.SSHRemote(
+            ip_address=host,
+            username=config_static.ProcessName.ssh_user,
+            password=config_static.ProcessName.ssh_pass
+        )
+        stderr = ssh_client.connect()
+        if stderr:
+            print_api(f"SSH connection to {host} failed:\n"
+                      f"{stderr}", color="red")
+            continue
+
+        if set_default_dns_gateway:
+            stdout, stderr = ssh_client.remote_execution_python(
+                script_string=script_string, script_arg_values=(main_ipv4,))
+
+            if stderr:
+                print_api(f"Failed to apply settings on {host}:\n{stderr}", color="red")
+            else:
+                print_api(f"Successfully applied settings on {host}:\n{stdout}", color="green")
+        elif install_ca_cert:
+            cert_b64 = base64.b64encode(ca_certificate_string.encode("utf-8")).decode("ascii")
+            stdout, stderr = ssh_client.remote_execution_python(
+                script_string=script_string, script_arg_values=(config_static.MainConfig.ca_certificate_name, cert_b64,))
+
+            if stderr:
+                print_api(f"Failed to install CA certificate on {host}:\n{stderr}", color="red")
+            else:
+                print_api(f"Successfully installed CA certificate on {host}:\n{stdout}", color="green")
+
+        # Closing SSH connection to the target host.
+        ssh_client.close()
+
+
+    return 0

atomicshop/mitm/config_static.py

@@ -5,41 +5,6 @@ from typing import Literal
 from . import import_config
 from .message import ClientMessage
 
-# CONFIG = None
-LIST_OF_BOOLEANS: list = [
-    ('dnstcp', 'offline'),
-    ('dns', 'enable'),
-    ('dns', 'resolve_by_engine'),
-    ('dns', 'resolve_regular_pass_thru'),
-    ('dns', 'resolve_all_domains_to_ipv4'),
-    ('dns', 'set_default_dns_gateway_to_localhost'),
-    ('dns', 'set_default_dns_gateway_to_default_interface_ipv4'),
-    ('tcp', 'enable'),
-    ('tcp', 'no_engines_usage_to_listen_addresses'),
-    ('logrec', 'enable_request_response_recordings_in_logs'),
-    ('certificates', 'install_ca_certificate_to_root_store'),
-    ('certificates', 'uninstall_unused_ca_certificates_with_mitm_ca_name'),
-    ('certificates', 'default_server_certificate_usage'),
-    ('certificates', 'sni_add_new_domains_to_default_server_certificate'),
-    ('certificates', 'custom_server_certificate_usage'),
-    ('certificates', 'sni_create_server_certificate_for_each_domain'),
-    ('certificates', 'sni_get_server_certificate_from_server_socket'),
-    ('skip_extensions', 'tls_web_client_authentication'),
-    ('skip_extensions', 'crl_distribution_points'),
-    ('skip_extensions', 'authority_information_access'),
-    ('process_name', 'get_process_name')
-]
-
-
-TOML_TO_STATIC_CATEGORIES: dict = {
-    'dnstcp': 'MainConfig',
-    'dns': 'DNSServer',
-    'tcp': 'TCPServer',
-    'logrec': 'LogRec',
-    'certificates': 'Certificates',
-    'skip_extensions': 'SkipExtensions',
-    'process_name': 'ProcessName'
-}
 
 # noinspection PyTypeChecker
 ENGINES_LIST: list = None           # list[initialize_engines.ModuleCategory]
@@ -47,6 +12,17 @@ REFERENCE_MODULE = None             # initialize_engines.ModuleCategory
 
 
 class MainConfig:
+    # '' (empty) - system's default internet interface.
+    # Any other network interface name available on the system.
+    is_offline: bool
+    network_interface: str
+    is_localhost: bool
+
+    set_default_dns_gateway: list[str]
+    set_default_dns_gateway_to_localhost: bool = False
+    set_default_dns_gateway_to_network_interface_ipv4: bool = False
+    default_localhost_dns_gateway_ipv4: str = '127.0.0.1'
+
     LOGGER_NAME: str = 'network'
 
     SCRIPT_DIRECTORY: str = None
@@ -66,7 +42,6 @@ class MainConfig:
     # Default server certificate file name and path.
     default_server_certificate_filename = f'{default_server_certificate_name}.pem'
     default_server_certificate_filepath: str = None
-    offline: bool = False
 
     @classmethod
     def update(cls):
@@ -80,9 +55,12 @@ class MainConfig:
 
 @dataclass
 class DNSServer:
-    enable: bool
+    is_enabled: bool
     offline_mode: bool
 
+    listening_ipv4: str
+    listening_port: int
+
     listening_address: str
     forwarding_dns_service_ipv4: str
     cache_timeout_minutes: int
@@ -92,10 +70,6 @@ class DNSServer:
     resolve_all_domains_to_ipv4_enable: bool
     target_ipv4: str
 
-    set_default_dns_gateway: str
-    set_default_dns_gateway_to_localhost: bool
-    set_default_dns_gateway_to_default_interface_ipv4: bool
-
     # Convertable variables.
     resolve_all_domains_to_ipv4: dict
 
@@ -103,9 +77,10 @@ class DNSServer:
     forwarding_dns_service_port: int = 53
 
 
+
 @dataclass
 class TCPServer:
-    enable: bool
+    is_enabled: bool
     no_engines_usage_to_listen_addresses_enable: bool
     no_engines_listening_address_list: list[str]
 
@@ -124,7 +99,6 @@ class LogRec:
 
 @dataclass
 class Certificates:
-    enable_sslkeylogfile_env_to_client_ssl_context: bool
     install_ca_certificate_to_root_store: bool
     uninstall_unused_ca_certificates_with_mitm_ca_name: bool
 
@@ -141,6 +115,10 @@ class Certificates:
     sni_server_certificate_from_server_socket_download_directory: str
 
     domains_all_times: list[str]
+    sslkeylog_file_path: str
+
+    sslkeylog_file_name: str = "sslkeylog.txt"
+    enable_sslkeylogfile_env_to_client_ssl_context: bool = True
 
 
 @dataclass
@@ -195,7 +173,7 @@ def get_listening_addresses(client_message: ClientMessage) -> dict | None:
 CONFIG_INI_TESTER_FILE_NAME: str = 'config_tester.ini'
 
 """
-config.ini:
+config.toml:
 target_domain_or_ip: the domain or ip that the requests will be sent to. Better use domains, for better testing
     simulation.
 target_port: the port that requests will be sent to.