#!/bin/env python

 # -*- coding: utf-8 -*-

 # ------------------------------------------------------------

 # opensecurity_client_restful_server

 # 

 # the OpenSecurity client RESTful server

 #

 # Autor: Oliver Maurhart, <oliver.maurhart@ait.ac.at>

 #

 # Copyright (C) 2013 AIT Austrian Institute of Technology

 # AIT Austrian Institute of Technology GmbH

 # Donau-City-Strasse 1 | 1220 Vienna | Austria

 # http://www.ait.ac.at

 #

 # This program is free software; you can redistribute it and/or

 # modify it under the terms of the GNU General Public License

 # as published by the Free Software Foundation version 2.

 # 

 # This program is distributed in the hope that it will be useful,

 # but WITHOUT ANY WARRANTY; without even the implied warranty of

 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 # GNU General Public License for more details.

 # 

 # You should have received a copy of the GNU General Public License

 # along with this program; if not, write to the Free Software

 # Foundation, Inc., 51 Franklin Street, Fifth Floor, 

 # Boston, MA  02110-1301, USA.

 # ------------------------------------------------------------

 # ------------------------------------------------------------

 # imports

 import getpass

 import json

 import os

 import os.path

 import platform

 import socket

 import subprocess

 import sys

 import urllib

 import urllib2

 import web

 import threading

 import time

 import string

 from opensecurity_util import logger, setupLogger, OpenSecurityException

 if sys.platform == 'win32' or sys.platform == 'cygwin':

     from cygwin import Cygwin

 # local

 import __init__ as opensecurity

 # ------------------------------------------------------------

 # const

 """All the URLs we know mapping to class handler"""

 opensecurity_urls = (

     '/credentials',             'os_credentials',

     '/keyfile',                 'os_keyfile',

     '/log',                     'os_log',

     '/notification',            'os_notification',

     '/password',                'os_password',

     '/netmount',                'os_netmount',

     '/netumount',               'os_netumount',

     '/',                        'os_root'

 )

 # ------------------------------------------------------------

 # vars

 """The REST server object"""

 server = None

 # ------------------------------------------------------------

 # code

 class os_credentials:

     """OpenSecurity '/credentials' handler.

     This is called on GET /credentials?text=TEXT.

     Ideally this should pop up a user dialog to insert his

     credentials based the given TEXT.

     """

     def GET(self):

         # pick the arguments

         args = web.input()

         # we _need_ a text

         if not "text" in args:

             raise web.badrequest('no text given')

         # remember remote ip

         remote_ip = web.ctx.environ['REMOTE_ADDR']

         # create the process which queries the user

         dlg_image = os.path.join(sys.path[0], 'opensecurity_dialog.pyw')

         process_command = [sys.executable, dlg_image, 'credentials', args.text]

         process = subprocess.Popen(process_command, shell = False, stdout = subprocess.PIPE)        

         # run process result handling in seprate thread (not to block main one)

         bouncer = ProcessResultBouncer(process, remote_ip, '/credentials')

         bouncer.start()

         return 'user queried for credentials'

 class os_keyfile:

     """OpenSecurity '/keyfile' handler.

     This is called on GET /keyfile?text=TEXT.

     Ideally this should pop up a user dialog to insert his

     password along with a keyfile.

     """

     def GET(self):

         # pick the arguments

         args = web.input()

         # we _need_ a text

         if not "text" in args:

             raise web.badrequest('no text given')

         # remember remote ip

         remote_ip = web.ctx.environ['REMOTE_ADDR']

         # create the process which queries the user

         dlg_image = os.path.join(sys.path[0], 'opensecurity_dialog.pyw')

         process_command = [sys.executable, dlg_image, 'keyfile', args.text]

         process = subprocess.Popen(process_command, shell = False, stdout = subprocess.PIPE)        

         # run process result handling in seprate thread (not to block main one)

         bouncer = ProcessResultBouncer(process, remote_ip, '/keyfile')

         bouncer.start()

         return 'user queried for password and keyfile'

 class os_log:

     """OpenSecurity '/log' handler.

     This is called on GET or POST on the log function /log

     """

     def GET(self):

         # pick the arguments

         self.POST()

     def POST(self):

         # pick the arguments

         args = web.input()

         args['user'] = getpass.getuser()

         args['system'] = platform.node() + " " + platform.system() + " " + platform.release()

         # bounce log data

         url_addr = 'http://GIMME-SERVER-TO-LOG-TO/log'

         # by provided a 'data' we turn this into a POST statement

         d = urllib.urlencode(args)

         req = urllib2.Request(url_addr, d)

         try:

             res = urllib2.urlopen(req)

         except:

             print('failed to contact: ' + url_addr)

             print('log data: ' + d)

             return "Failed"

         return "Ok"

 class os_notification:

     """OpenSecurity '/notification' handler.

     This is called on GET /notification?msgtype=TYPE&text=TEXT.

     This will pop up an OpenSecurity notifcation window

     """

     def GET(self):

         # pick the arguments

         args = web.input()

         # we _need_ a type

         if not "msgtype" in args:

             raise web.badrequest('no msgtype given')

         if not args.msgtype in ['information', 'warning', 'critical']:

             raise web.badrequest('Unknown value for msgtype')

         # we _need_ a text

         if not "text" in args:

             raise web.badrequest('no text given')

         # invoke the user dialog as a subprocess

         dlg_image = os.path.join(sys.path[0], 'opensecurity_dialog.py')

         process_command = [sys.executable, dlg_image, 'notification-' + args.msgtype, args.text]

         process = subprocess.Popen(process_command, shell = False, stdout = subprocess.PIPE)

         return "Ok"

 class os_password:

     """OpenSecurity '/password' handler.

     This is called on GET /password?text=TEXT.

     Ideally this should pop up a user dialog to insert his

     password based device name.

     """

     def GET(self):

         # pick the arguments

         args = web.input()

         # we _need_ a text

         if not "text" in args:

             raise web.badrequest('no text given')

         # remember remote ip

         remote_ip = web.ctx.environ['REMOTE_ADDR']

         # create the process which queries the user

         dlg_image = os.path.join(sys.path[0], 'opensecurity_dialog.pyw')

         process_command = [sys.executable, dlg_image, 'password', args.text]

         process = subprocess.Popen(process_command, shell = False, stdout = subprocess.PIPE)        

         # run process result handling in seprate thread (not to block main one)

         bouncer = ProcessResultBouncer(process, remote_ip, '/password')

         bouncer.start()

         return 'user queried for password'

 # handles netumount request                    

 class MountNetworkDriveHandler(threading.Thread): 

     drive = None

     resource = None

     def __init__(self, drv, net_path):

         threading.Thread.__init__(self)

         self.drive = drv

         self.networkPath = net_path

     def run(self):

         #Check for drive availability

         if os.path.exists(self.drive):

             logger.error("Drive letter is already in use: " + self.drive)

             return 1

         #Check for network resource availability

         retry = 5

         while not os.path.exists(self.networkPath):

             time.sleep(1)

             if retry == 0:

                 return 1

             logger.info("Path not accessible: " + self.networkPath + " retrying")

             retry-=1

         command = 'USE ' + self.drive + ' ' + self.networkPath + ' /PERSISTENT:NO'

         result = Cygwin.checkResult(Cygwin.execute('C:\\Windows\\system32\\NET', command))

         if string.find(result[1], 'successfully',) == -1:

             logger.error("Failed: NET " + command)

             return 1

         return 0

 class os_netmount:

     """OpenSecurity '/netmount' handler"""

     def GET(self):

         # pick the arguments

         args = web.input()

         # we _need_ a net_resource

         if not "net_resource" in args:

             raise web.badrequest('no net_resource given')

         # we _need_ a drive_letter

         if not "drive_letter" in args:

             raise web.badrequest('no drive_letter given')

         driveHandler = MountNetworkDriveHandler(args['drive_letter'], args['net_resource'])

         driveHandler.start()

         driveHandler.join(None)

         return 'Ok'

 # handles netumount request                    

 class UmountNetworkDriveHandler(threading.Thread): 

     drive = None

     running = True

     def __init__(self, drv):

         threading.Thread.__init__(self)

         self.drive = drv

     def run(self):

         while self.running:

             result = Cygwin.checkResult(Cygwin.execute('C:\\Windows\\system32\\net.exe', 'USE'))

             mappedDrives = list()

             for line in result[1].splitlines():

                 if 'USB' in line or 'Download' in line:

                     parts = line.split()

                     mappedDrives.append(parts[1])

             logger.info(mappedDrives)

             logger.info(self.drive)

             if self.drive not in mappedDrives:

                 self.running = False

             else:

                 command = 'USE ' + self.drive + ' /DELETE /YES' 

                 result = Cygwin.checkResult(Cygwin.execute('C:\\Windows\\system32\\net.exe', command)) 

                 if string.find(str(result[1]), 'successfully',) == -1:

                     logger.error(result[2])

                     continue

 class os_netumount:

     """OpenSecurity '/netumount' handler"""

     def GET(self):

         # pick the arguments

         args = web.input()

         # we _need_ a drive_letter

         if not "drive_letter" in args:

             raise web.badrequest('no drive_letter given')

         driveHandler = UmountNetworkDriveHandler(args['drive_letter'])

         driveHandler.start()

         driveHandler.join(None)

         return 'Ok'

 class os_root:

     """OpenSecurity '/' handler"""

     def GET(self):

         res = "OpenSecurity-Client RESTFul Server { \"version\": \"%s\" }" % opensecurity.__version__

         # add some sample links

         res = res + """

 USAGE EXAMPLES:

 Request a password: 

     (copy paste this into your browser's address field after the host:port)

     /password?text=Give+me+a+password+for+device+%22My+USB+Drive%22+(ID%3A+32090-AAA-X0)

     (eg.: http://127.0.0.1:8090/password?text=Give+me+a+password+for+device+%22My+USB+Drive%22+(ID%3A+32090-AAA-X0))

     NOTE: check yout taskbar, the dialog window may not pop up in front of your browser window.

 Request a combination of user and password:

     (copy paste this into your browser's address field after the host:port)

     /credentials?text=Tell+the+NSA+which+credentials+to+use+in+order+to+avoid+hacking+noise+on+wire.

     (eg.: http://127.0.0.1:8090/credentials?text=Tell+the+NSA+which+credentials+to+use+in+order+to+avoid+hacking+noise+on+wire.)

     NOTE: check yout taskbar, the dialog window may not pop up in front of your browser window.

 Request a combination of password and keyfile:

     (copy paste this into your browser's address field after the host:port)

     /keyfile?text=Your%20private%20RSA%20Keyfile%3A

     (eg.: http://127.0.0.1:8090//keyfile?text=Your%20private%20RSA%20Keyfile%3A)

     NOTE: check yout taskbar, the dialog window may not pop up in front of your browser window.

 Start a Browser:

     (copy paste this into your browser's address field after the host:port)

     /application?vm=Debian+7&app=Browser

     (e.g. http://127.0.0.1:8090/application?vm=Debian+7&app=Browser)

         """

         return res

 class ProcessResultBouncer(threading.Thread):

     """A class to post the result of a given process - assuming it to be in JSON - to a REST Api."""

     def __init__(self, process, remote_ip, resource): 

         """ctor"""

         threading.Thread.__init__(self)

         self._process = process

         self._remote_ip = remote_ip

         self._resource = resource

     def stop(self):

         """stop thread"""

         self.running = False

     def run(self):

         """run the thread"""

         # invoke the user dialog as a subprocess

         result = self._process.communicate()[0]

         if self._process.returncode != 0:

             print 'user request has been aborted.'

             return

         # all ok, tell send request back appropriate destination

         try:

             j = json.loads(result)

         except:

             print 'error in password parsing'

             return

         # TODO: it would be WAY easier and secure if we just 

         #       add the result json to a HTTP-POST here.

         url_addr = 'http://' + self._remote_ip + ':58080' + self._resource

         # by provided a 'data' we turn this into a POST statement

         req = urllib2.Request(url_addr, urllib.urlencode(j))

         try:

             res = urllib2.urlopen(req)

         except:

             print 'failed to contact: ' + url_addr

             return 

 class RESTServerThread(threading.Thread):

     """Thread for serving the REST API."""

     def __init__(self, port): 

         """ctor"""

         threading.Thread.__init__(self)

         self._port = port 

     def stop(self):

         """stop thread"""

         self.running = False

     def run(self):

         """run the thread"""

         _serve(self._port)

 def is_already_running(port = 8090):

     """check if this is started twice"""

     try:

         s = socket.create_connection(('127.0.0.1', port), 0.5)

     except:

         return False

     return True

 def _serve(port):

     """Start the REST server"""

     global server

     # trick the web.py server 

     sys.argv = [__file__, str(port)]

     server = web.application(opensecurity_urls, globals())

     server.run()

 def serve(port = 8090, background = False):

     """Start serving the REST Api

     port ... port number to listen on

     background ... cease into background (spawn thread) and return immediately"""

     # start threaded or direct version

     if background == True:

         t = RESTServerThread(port)

         t.start()

     else:

         _serve(port)

 def stop():

     """Stop serving the REST Api"""

     global server

     if server is None:

         return

     server.stop()

 # start

 if __name__ == "__main__":

     serve()