HGKeeper

WAMP: enhance user feedback for IDE connection/certificate problems
py2compat
14 months ago, Edouard Tisserant

e33d5c790b3e

Parents 0e47ada93f81
Children 48cb67922dd2

WAMP: enhance user feedback for IDE connection/certificate problems

3 files changed, 19 insertions(+), 6 deletions(-)

+6 -1

CertManagement.py

+12 -4

connectors/WAMP/__init__.py

+1 -1

controls/OwnIdentityPanel.py

~~--- a/CertManagement.py Fri Mar 14 14:27:23 2025 +0100~~

+++ b/CertManagement.py Tue Mar 25 14:31:18 2025 +0100

@@ -10,9 +10,11 @@

import json

from zipfile import ZipFile

from cryptography import x509

+from twisted.internet.ssl import PrivateCertificate

from cryptography.x509.oid import ExtensionOID

from cryptography.hazmat.backends import default_backend

from cryptography.hazmat.primitives import hashes

+import OpenSSL

from util.paths import AppDataPath

@@ -176,7 +178,8 @@

try:

with open(file_path, "rb") as cert_file:

cert_data = cert_file.read()

~~- cert = x509.load_pem_x509_certificate(cert_data, default_backend())~~

+ client_cert = PrivateCertificate.loadPEM(cert_data)

+ cert = client_cert.original.to_cryptography()

# Support for legacy common name

common_names = cert.subject.get_attributes_for_oid(x509.NameOID.COMMON_NAME)

@@ -193,6 +196,8 @@

info += "Fingerprint: %s\n"%cert.fingerprint(hashes.SHA256()).hex()

info += "Creation date: %s\n"%cert.not_valid_before.isoformat()

info += "Expiration date: %s\n"%cert.not_valid_after.isoformat()

+ except OpenSSL.crypto.Error:

+ info += "Imported PEM is invalid, it must contain Certificate and Private Key.\n"

except Exception as e:

info += "Error while loading certificate: %s\n"%str(e)

return info

~~--- a/connectors/WAMP/__init__.py Fri Mar 14 14:27:23 2025 +0100~~

+++ b/connectors/WAMP/__init__.py Tue Mar 25 14:31:18 2025 +0100

@@ -71,7 +71,9 @@

elif auth in SSL_AUTHENTICATION_TYPES:

accepted_method = "tls"

else:

~~- raise Exception("Invalid authentication: "+auth)~~

+ log = self.config.extra["log"]

+ log.write_error("WAMP Invalid authentication: %s\n"%auth)

+ return

self.join(self.config.realm,

authmethods=[accepted_method],

@@ -93,13 +95,15 @@

signature = auth.compute_wcs(key, challenge.extra['challenge'])

return signature

else:

~~- raise Exception("Invalid authmethod {}".format(challenge.method))~~

+ log = self.config.extra["log"]

+ log.write_error("Invalid authmethod {}\n".format(challenge.method))

def onJoin(self, details):

global _WampSession, _WampConnectEvent

_WampSession = self

_WampConnectEvent.set()

~~- print('WAMP session joined for: ', self.config.extra["IDE_ID"])~~

+ log = self.config.extra["log"]

+ log.write('WAMP session joined for: %s\n'%self.config.extra["IDE_ID"])

def onLeave(self, details):

global _WampSession, _WampError, _WampConnectEvent

@@ -110,6 +114,9 @@

_WampError = "WAMP authentication failed. Check IDE identity in security manager."

else:

_WampError = "WAMP closed with error {}: {}".format(details.reason, details.message)

+ # this case can go silent if connection was already established, so log it additionally.

+ log = self.config.extra["log"]

+ log.write_error(_WampError+"\n")

_WampConnectEvent.set()

@@ -169,7 +176,8 @@

extraconf={

"IDE_ID": IDE_ID,

~~- "authentication": auth~~

+ "authentication": auth,

+ "log": confnodesroot.logger

}

if use_secret:

extraconf["secret"] = secret

~~--- a/controls/OwnIdentityPanel.py Fri Mar 14 14:27:23 2025 +0100~~

+++ b/controls/OwnIdentityPanel.py Tue Mar 25 14:31:18 2025 +0100

@@ -125,8 +125,8 @@

def OnImportClientCertButton(self, event):

dialog = wx.FileDialog(self, _("Choose a file"),

~~- wildcard=_("Certificate files (*.crt)|*.crt|All files|*.*"),~~

style=wx.FD_OPEN | wx.FD_FILE_MUST_EXIST)

+ wildcard=_("Certificate files (*.pem)|*.pem|All files|*.*"),

if dialog.ShowModal() == wx.ID_OK:

if self._confirm_overwrite_identity():

CertManagement.ImportClientCert(dialog.GetPath())

beremiz