opensipscli 0.3.1__py3-none-any.whl

opensipscli/modules/instance.py

@@ -0,0 +1,53 @@
+#!/usr/bin/env python
+##
+## This file is part of OpenSIPS CLI
+## (see https://github.com/OpenSIPS/opensips-cli).
+##
+## This program is free software: you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation, either version 3 of the License, or
+## (at your option) any later version.
+##
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+## GNU General Public License for more details.
+##
+## You should have received a copy of the GNU General Public License
+## along with this program. If not, see <http://www.gnu.org/licenses/>.
+##
+
+from opensipscli.config import cfg
+from opensipscli.logger import logger
+from opensipscli.module import Module
+
+class instance(Module):
+
+    def get_instances(self):
+        l = cfg.config.sections()
+        default_section = cfg.get_default_instance()
+        if default_section not in l:
+            l.insert(0, default_section)
+        return l
+
+    def do_show(self, params, modifiers):
+        print(cfg.current_instance)
+
+    def do_list(self, params, modifiers):
+        for i in self.get_instances():
+            print(i)
+
+    def complete_switch(self, text, line, *ignore):
+        if len(line.split(' ')) > 3:
+            return []
+        return [ a for a in self.get_instances() if a.startswith(text)]
+
+    def do_switch(self, params, modifiers):
+        if len(params) == 0:
+            return
+        new_instance = params[0]
+        if cfg.has_instance(new_instance):
+            cfg.set_instance(new_instance)
+        else:
+            logger.error("cannot switch to instance '{}': instance not found!".format(new_instance))
+            return -1

opensipscli/modules/mi.py

@@ -0,0 +1,200 @@
+#!/usr/bin/env python
+##
+## This file is part of OpenSIPS CLI
+## (see https://github.com/OpenSIPS/opensips-cli).
+##
+## This program is free software: you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation, either version 3 of the License, or
+## (at your option) any later version.
+##
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+## GNU General Public License for more details.
+##
+## You should have received a copy of the GNU General Public License
+## along with this program. If not, see <http://www.gnu.org/licenses/>.
+##
+
+import re
+import json
+import shlex
+from collections import OrderedDict
+from opensipscli.config import cfg
+from opensipscli.logger import logger
+from opensipscli.module import Module
+from opensipscli import comm
+
+try:
+    import yaml
+    yaml_available = True
+except ImportError:
+    yaml_available = False
+
+# temporary special handling for commands that require array params
+# format is: command: (idx, name)
+MI_ARRAY_PARAMS_COMMANDS = {
+    "fs_subscribe": (1, "events"),
+    "fs_unsubscribe": (1, "events"),
+    "b2b_trigger_scenario": (3, "scenario_params"),
+    "dlg_push_var": (2, "DID"),
+    "get_statistics": (0, "statistics"),
+    "list_statistics": (0, "statistics"),
+    "reset_statistics": (0, "statistics"),
+    "trace_start": (0, "filter"),
+    "raise_event": (1, "params"),
+    "dfks_set_feature": (4, "values"),
+    "cluster_broadcast_mi": (2, "cmd_params"),
+}
+
+
+MI_MODIFIERS = [ "-j" ]
+
+class mi(Module):
+
+    def print_pretty_print(self, result):
+        print(json.dumps(result, indent=4))
+
+    def print_dictionary(self, result):
+        print(str(result))
+
+    def print_lines(self, result, indent=0):
+        if type(result) in [OrderedDict, dict]:
+            for k, v in result.items():
+                if type(v) in [OrderedDict, list, dict]:
+                    print(" " * indent + k + ":")
+                    self.print_lines(v, indent + 4)
+                else:
+                    print(" " * indent + "{}: {}". format(k, v))
+        elif type(result) == list:
+            for v in result:
+                self.print_lines(v, indent)
+        else:
+            print(" " * indent + str(result))
+        pass
+
+    def print_yaml(self, result):
+        if not yaml_available:
+            logger.warning("yaml not available on your platform! "
+                "Please install `python-yaml` package or similar!")
+        else:
+            print(yaml.dump(result, default_flow_style=False).strip())
+
+    def get_params_set(self, cmds):
+        l = set()
+        for p in cmds:
+            m = re.match('([a-zA-Z\.\-_]+)=', p)
+            # if it's not a parameter name, skip
+            if m:
+                l.add(m.group(1))
+            else:
+                return None
+        return l
+
+    def get_params_names(self, line):
+        cmds = shlex.split(line)
+        # cmd[0] = module, cmd[1] = command
+        if len(cmds) < 2:
+            return None
+        return self.get_params_set(cmds[2:])
+
+    def parse_params(self, cmd, params, modifiers):
+
+        # first, we check to see if we have only named parameters
+        nparams = self.get_params_set(params)
+        if nparams is not None:
+            logger.debug("named parameters are used")
+            new_params = {}
+            for p in params:
+                s = p.split("=", 1)
+                value = "" if len(s) == 1 else s[1]
+                # check to see if we have to split them in array or not
+                if cmd in MI_ARRAY_PARAMS_COMMANDS and \
+                        "-j" not in modifiers and \
+                        MI_ARRAY_PARAMS_COMMANDS[cmd][1] == s[0]:
+                    value = shlex.split(value)
+                new_params[s[0]] = value
+        else:
+            # old style positional parameters
+            logger.debug("positional parameters are used")
+            # if the command is not in MI_ARRAY_PARAMS_COMMANDS, return the
+            # parameters as they are
+            logger.debug("0. {}".format(params))
+            if "-j" in modifiers:
+                json_params = []
+                for x in params:
+                    try:
+                        x = json.loads(x)
+                    except:
+                        pass
+                    json_params.append(x)
+                params = json_params
+
+            if not cmd in MI_ARRAY_PARAMS_COMMANDS or "-j" in modifiers:
+                return params
+            # build params based on their index
+            new_params = params[0:MI_ARRAY_PARAMS_COMMANDS[cmd][0]]
+            if params[MI_ARRAY_PARAMS_COMMANDS[cmd][0]:]:
+                new_params.append(params[MI_ARRAY_PARAMS_COMMANDS[cmd][0]:])
+        return new_params
+
+    def __invoke__(self, cmd, params=None, modifiers=None):
+        params = self.parse_params(cmd, params, modifiers)
+        # Mi Module works with JSON Communication
+        logger.debug("running command '{}' '{}'".format(cmd, params))
+        res = comm.execute(cmd, params)
+        if res is None:
+            return -1
+        output_type = cfg.get('output_type')
+        if output_type == "pretty-print":
+            self.print_pretty_print(res)
+        elif output_type == "dictionary":
+            self.print_dictionary(res)
+        elif output_type == "lines":
+            self.print_lines(res)
+        elif output_type == "yaml":
+            self.print_yaml(res)
+        elif output_type == "none":
+            pass # no one interested in the reply
+        else:
+            logger.error("unknown output_type='{}'! Dropping output!"
+                    .format(output_type))
+        return 0
+
+    def __complete__(self, command, text, line, begidx, endidx):
+        # TODO: shall we cache this?
+        params_arr = comm.execute('which', {'command': command})
+        if len(text) == 0:
+            # if last character is an equal, it's probably a value, or it will
+            if line[-1] == "=":
+                return ['']
+            params = self.get_params_names(line)
+            if params is None:
+                flat_list = list([item for sublist in params_arr for item in sublist])
+            else:
+                # check in the line to see the parameters we've used
+                flat_list = set()
+                for p in params_arr:
+                    sp = set(p)
+                    if params.issubset(sp):
+                        flat_list = flat_list.union(sp)
+                flat_list = flat_list - params
+        else:
+            flat_list = []
+            for l in params_arr:
+                p = [ x for x in l if x.startswith(text) ]
+                if len(p) != 0:
+                    flat_list += p
+        l = [ x + "=" for x in list(dict.fromkeys(flat_list)) ]
+        return l if len(l) > 0 else ['']
+
+    def __exclude__(self):
+        vld = comm.valid()
+        return (not vld[0], vld[1])
+
+    def __get_methods__(self):
+        return comm.execute('which')
+
+    def __get_modifiers__(self):
+        return MI_MODIFIERS

opensipscli/modules/tls.py

@@ -0,0 +1,354 @@
+#!/usr/bin/env python
+##
+## This file is part of OpenSIPS CLI
+## (see https://github.com/OpenSIPS/opensips-cli).
+##
+## This program is free software: you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation, either version 3 of the License, or
+## (at your option) any later version.
+##
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+## GNU General Public License for more details.
+##
+## You should have received a copy of the GNU General Public License
+## along with this program. If not, see <http://www.gnu.org/licenses/>.
+##
+
+from opensipscli.module import Module
+from opensipscli.logger import logger
+from socket import gethostname
+from pprint import pprint
+from time import gmtime, mktime
+from os.path import exists, join, dirname
+from os import makedirs
+from opensipscli.config import cfg, OpenSIPSCLIConfig
+from random import randrange
+
+openssl_version = None
+
+try:
+    from cryptography import x509
+    from cryptography.hazmat.backends import default_backend
+    from cryptography.hazmat.primitives import hashes, serialization
+    from cryptography.hazmat.primitives.asymmetric import rsa
+    from cryptography.x509.oid import NameOID
+    import datetime
+    openssl_version = 'cryptography'
+except ImportError:
+    logger.info("cryptography library not available!")
+    try:
+        from OpenSSL import crypto, SSL
+        openssl_version = 'openssl'
+    except (TypeError, ImportError):
+        logger.info("OpenSSL library not available!")
+
+class tlsCert:
+
+    def __init__(self, prefix, cfg=None):
+
+        if not cfg:
+            self.load(prefix)
+            return
+        self.CN = cfg.read_param("tls_"+prefix+"_common_name", "Website address (CN)", "opensips.org")
+        self.C = cfg.read_param("tls_"+prefix+"_country", "Country (C)", "RO")
+        self.ST = cfg.read_param("tls_"+prefix+"_state", "State (ST)", "Bucharest")
+        self.L = cfg.read_param("tls_"+prefix+"_locality", "Locality (L)", "Bucharest")
+        self.O = cfg.read_param("tls_"+prefix+"_organisation", "Organization (O)", "OpenSIPS")
+        self.OU = cfg.read_param("tls_"+prefix+"_organisational_unit", "Organisational Unit (OU)", "Project")
+        self.notafter = int(cfg.read_param("tls_"+prefix+"_notafter", "Certificate validity (seconds)", 315360000))
+        self.md = cfg.read_param("tls_"+prefix+"_md", "Digest Algorithm", "SHA256")
+
+class tlsKey:
+
+    def __init__(self, prefix, cfg=None):
+
+        if not cfg:
+            self.load(prefix)
+            return
+        self.key_size = int(cfg.read_param("tls_"+prefix+"_key_size", "RSA key size (bits)", 4096))
+
+
+class tlsOpenSSLCert(tlsCert):
+
+    def __init__(self, prefix, cfg=None):
+        super().__init__(prefix, cfg)
+        if not cfg:
+            return
+        cert = crypto.X509()
+        cert.set_version(2)
+        cert.get_subject().CN = self.CN
+        cert.get_subject().C = self.C
+        cert.get_subject().ST = self.ST
+        cert.get_subject().L = self.L
+        cert.get_subject().O = self.O
+        cert.get_subject().OU = self.OU
+        cert.set_serial_number(randrange(100000))
+        cert.gmtime_adj_notBefore(0)
+        cert.gmtime_adj_notAfter(self.notafter)
+
+        extensions = [
+            crypto.X509Extension(b'basicConstraints', False, b'CA:TRUE'),
+            crypto.X509Extension(b'extendedKeyUsage', False, b'clientAuth,serverAuth')
+        ]
+
+        cert.add_extensions(extensions)
+
+        self.cert = cert
+
+    def load(self, cacert):
+        self.cert = crypto.load_certificate(crypto.FILETYPE_PEM, open(cacert, 'rt').read())
+
+    def sign(self, key):
+        self.cert.set_pubkey(key)
+        self.cert.sign(key.key, self.md)
+
+    def set_issuer(self, issuer):
+        self.cert.set_issuer(issuer)
+
+    def get_subject(self):
+        return self.cert.get_subject()
+
+    def dump(self):
+        return crypto.dump_certificate(crypto.FILETYPE_PEM, self.cert).decode('utf-8')
+
+class tlsCryptographyCert(tlsCert):
+
+    def __init__(self, prefix, cfg=None):
+        super().__init__(prefix, cfg)
+        if not cfg:
+            return
+        builder = x509.CertificateBuilder()
+        builder = builder.subject_name(x509.Name([
+            x509.NameAttribute(NameOID.COMMON_NAME, self.CN),
+            x509.NameAttribute(NameOID.COUNTRY_NAME, self.C),
+            x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, self.ST),
+            x509.NameAttribute(NameOID.LOCALITY_NAME, self.L),
+            x509.NameAttribute(NameOID.ORGANIZATION_NAME, self.O),
+            x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, self.OU),
+        ]))
+        builder = builder.serial_number(x509.random_serial_number())
+        builder = builder.not_valid_before(datetime.datetime.today() -
+                                          datetime.timedelta(1))
+        builder = builder.not_valid_after(datetime.datetime.today() +
+                                          datetime.timedelta(0, self.notafter))
+        builder = builder.add_extension(
+                x509.BasicConstraints(ca=False, path_length=None),
+                critical=False
+        )
+        builder = builder.add_extension(
+                x509.ExtendedKeyUsage([
+                    x509.ExtendedKeyUsageOID.CLIENT_AUTH,
+                    x509.ExtendedKeyUsageOID.SERVER_AUTH]),
+                critical=False
+        )
+        self.builder = builder
+        self.cert = None
+
+    def load(self, cacert):
+        self.cert = x509.load_pem_x509_certificate(open(cacert, 'rb').read())
+
+    def sign(self, key):
+        self.builder = self.builder.public_key(key.key.public_key())
+        self.cert = self.builder.sign(private_key = key.key,
+                                      algorithm=getattr(hashes, self.md)(),
+                                      backend=default_backend())
+
+    def set_issuer(self, issuer):
+        self.builder = self.builder.issuer_name(issuer)
+
+    def get_subject(self):
+        if self.cert:
+            return self.cert.subject
+        return self.builder._subject_name
+
+    def dump(self):
+        return self.cert.public_bytes(encoding=serialization.Encoding.PEM).decode('utf-8')
+
+
+class tlsOpenSSLKey(tlsKey):
+
+    def __init__(self, prefix, cfg=None):
+        super().__init__(prefix, cfg)
+        if not cfg:
+            return
+        key = crypto.PKey()
+        key.generate_key(crypto.TYPE_RSA, self.key_size)
+        self.key = key
+
+    def dump(self):
+        return crypto.dump_privatekey(crypto.FILETYPE_PEM, self.key).decode('utf-8')
+
+    def load(self, key):
+        self.key = crypto.load_privatekey(crypto.FILETYPE_PEM, open(key, 'rt').read())
+
+class tlsCryptographyKey(tlsKey):
+
+    def __init__(self, prefix, cfg=None):
+        super().__init__(prefix, cfg)
+        if not cfg:
+            return
+        self.key = rsa.generate_private_key(
+                key_size=self.key_size,
+                public_exponent=65537,
+                backend=default_backend()
+        )
+
+    def dump(self):
+        return self.key.private_bytes(encoding=serialization.Encoding.PEM,
+                                      format=serialization.PrivateFormat.TraditionalOpenSSL,
+                                      encryption_algorithm=serialization.NoEncryption()
+                                      ).decode('utf-8')
+
+    def load(self, key):
+        self.key = serialization.load_pem_private_key(open(key, 'rb').read(),
+                                                      password=None)
+
+class tls(Module):
+    def do_rootCA(self, params, modifiers=None):
+        global cfg
+        logger.info("Preparing to generate CA cert + key...")
+
+        # TODO
+        # separate cli.cfg files for TLS are fully deprecated, this if block is
+        # only kept for backwards-compatibility.  Remove starting from v3.2! <3
+        if cfg.exists('tls_ca_config'):
+            tls_cfg = cfg.get('tls_ca_config')
+            cfg = OpenSIPSCLIConfig()
+            cfg.parse(tls_cfg)
+
+        ca_dir = cfg.read_param("tls_ca_dir", "Output directory", "/etc/opensips/tls/rootCA/")
+        cert_file = cfg.read_param("tls_ca_cert_file", "Output cert file", "cacert.pem")
+        key_file = cfg.read_param("tls_ca_key_file", "Output key file", "private/cakey.pem")
+        c_f = join(ca_dir, cert_file)
+        k_f = join(ca_dir, key_file)
+
+        if (exists(c_f) or exists(k_f)) and not cfg.read_param("tls_ca_overwrite",
+                "CA certificate or key already exists, overwrite?", "yes", True):
+            return
+
+        if openssl_version == 'openssl':
+            cert = tlsOpenSSLCert("ca", cfg)
+            key = tlsOpenSSLKey("ca", cfg)
+        else:
+            cert = tlsCryptographyCert("ca", cfg)
+            key = tlsCryptographyKey("ca", cfg)
+
+        cert.set_issuer(cert.get_subject())
+        cert.sign(key)
+
+        try:
+            if not exists(dirname(c_f)):
+                makedirs(dirname(c_f))
+            open(c_f, "wt").write(cert.dump())
+        except Exception as e:
+            logger.exception(e)
+            logger.error("Failed to write to %s", c_f)
+            return
+
+        try:
+            if not exists(dirname(k_f)):
+                makedirs(dirname(k_f))
+            open(k_f, "wt").write(key.dump())
+        except Exception as e:
+            logger.exception(e)
+            logger.error("Failed to write to %s", k_f)
+            return
+
+        logger.info("CA certificate created in " + c_f)
+        logger.info("CA private key created in " + k_f)
+
+    def do_userCERT(self, params, modifiers=None):
+        global cfg
+        logger.info("Preparing to generate user cert + key + CA list...")
+
+        # TODO
+        # separate cli.cfg files for TLS are fully deprecated, this if block is
+        # only kept for backwards-compatibility.  Remove starting from v3.2! <3
+        if cfg.exists('tls_user_config'):
+            tls_cfg = cfg.get('tls_user_config')
+            cfg = OpenSIPSCLIConfig()
+            cfg.parse(tls_cfg)
+
+        user_dir = cfg.read_param("tls_user_dir", "Output directory", "/etc/opensips/tls/user/")
+        cert_file = cfg.read_param("tls_user_cert_file", "Output cert file", "user-cert.pem")
+        key_file = cfg.read_param("tls_user_key_file", "Output key file", "user-privkey.pem")
+        calist_file = cfg.read_param("tls_user_calist_file", "Output CA list file", "user-calist.pem")
+
+        c_f = join(user_dir, cert_file)
+        k_f = join(user_dir, key_file)
+        ca_f = join(user_dir, calist_file)
+
+        if (exists(c_f) or exists(k_f) or exists(ca_f)) and not cfg.read_param("tls_user_overwrite",
+                "User certificate, key or CA list file already exists, overwrite?", "yes", True):
+            return
+
+        cacert = cfg.read_param("tls_user_cacert", "CA cert file", "/etc/opensips/tls/rootCA/cacert.pem")
+        cakey = cfg.read_param("tls_user_cakey", "CA key file", "/etc/opensips/tls/rootCA/private/cakey.pem")
+
+        try:
+            if openssl_version == 'openssl':
+                ca_cert = tlsOpenSSLCert(cacert)
+            else:
+                ca_cert = tlsCryptographyCert(cacert)
+        except Exception as e:
+            logger.exception(e)
+            logger.error("Failed to load %s", cacert)
+            return
+
+        try:
+            if openssl_version == 'openssl':
+                ca_key = tlsOpenSSLLey(cakey)
+            else:
+                ca_key = tlsCryptographyKey(cakey)
+        except Exception as e:
+            logger.exception(e)
+            logger.error("Failed to load %s", cakey)
+            return
+
+        # create a self-signed cert
+        if openssl_version == 'openssl':
+            cert = tlsOpenSSLCert("user", cfg)
+            key = tlsOpenSSLKey("user", cfg)
+        else:
+            cert = tlsCryptographyCert("user", cfg)
+            key = tlsCryptographyKey("user", cfg)
+
+        cert.set_issuer(ca_cert.get_subject())
+        cert.sign(ca_key)
+        try:
+            if not exists(dirname(c_f)):
+                makedirs(dirname(c_f))
+            open(c_f, "wt").write(cert.dump())
+        except Exception as e:
+            logger.exception(e)
+            logger.error("Failed to write to %s", c_f)
+            return
+
+        try:
+            if not exists(dirname(k_f)):
+                makedirs(dirname(k_f))
+            open(k_f, "wt").write(key.dump())
+        except Exception as e:
+            logger.exception(e)
+            logger.error("Failed to write to %s", k_f)
+            return
+
+        try:
+            if not exists(dirname(ca_f)):
+                makedirs(dirname(ca_f))
+            open(ca_f, "wt").write(ca_cert.dump())
+        except Exception as e:
+            logger.exception(e)
+            logger.error("Failed to write to %s", ca_f)
+            return
+
+        logger.info("user certificate created in " + c_f)
+        logger.info("user private key created in " + k_f)
+        logger.info("user CA list (chain of trust) created in " + ca_f)
+
+
+    def __exclude__(self):
+        return (not openssl_version, None)