Skip to content
Snippets Groups Projects
Commit 1b665304 authored by Andreas Romeyke's avatar Andreas Romeyke
Browse files

- added minimal support to store data needed for authentication

parent 8562549d
No related branches found
No related tags found
No related merge requests found
...@@ -11,12 +11,14 @@ use feature qw(say); ...@@ -11,12 +11,14 @@ use feature qw(say);
use Regexp::Optimizer; use Regexp::Optimizer;
use IO::Zlib; use IO::Zlib;
use Text::CSV_PP; use Text::CSV_PP;
use SLUB::LZA::Rosetta::TA::Crypt;
# ABSTRACT: main module for ta-tool # ABSTRACT: main module for ta-tool
our %config; our %config;
our %cache; our %cache;
our $cache_path; our $cache_path;
our $SALT = pack("H16", "There is no security by obscurity!");
BEGIN{ BEGIN{
my $home = path($ENV{'HOME'}); my $home = path($ENV{'HOME'});
if ($home->is_dir() && !$home->is_rootdir) { if ($home->is_dir() && !$home->is_rootdir) {
...@@ -24,6 +26,10 @@ BEGIN{ ...@@ -24,6 +26,10 @@ BEGIN{
our $config_file = $config_path; our $config_file = $config_path;
if ($config_path->is_file) { if ($config_path->is_file) {
%config = YAML::LoadFile($config_path); %config = YAML::LoadFile($config_path);
if (defined $config{password}) {
warn "HINT: The password was stored in config file!";
$config{decrypted_password} = SLUB::LZA::Rosetta::TA::Crypt::decrypt($config{password});
}
} }
$cache_path = $home->child('.cache')->child('ta-tool.cache'); $cache_path = $home->child('.cache')->child('ta-tool.cache');
if ($cache_path->is_file and -s $cache_path < 8192*1024) { # if size > 8MB, write new at end, see END{}-block if ($cache_path->is_file and -s $cache_path < 8192*1024) { # if size > 8MB, write new at end, see END{}-block
......
...@@ -4,6 +4,10 @@ use warnings; ...@@ -4,6 +4,10 @@ use warnings;
use SLUB::LZA::Rosetta::TA -command; use SLUB::LZA::Rosetta::TA -command;
use YAML qw(DumpFile); use YAML qw(DumpFile);
use feature qw(say); use feature qw(say);
use IO::Prompt;
use Crypt::Mode::CBC;
use Path::Tiny;
sub abstract {"Initialize $0";} sub abstract {"Initialize $0";}
sub description {"Initialize $0, preparing config"} sub description {"Initialize $0, preparing config"}
...@@ -12,6 +16,7 @@ sub opt_spec { ...@@ -12,6 +16,7 @@ sub opt_spec {
["verbose|v" => "enable verbose output"], ["verbose|v" => "enable verbose output"],
["rosettahost|r=s" => "host adress where Rosetta runs", {required=>1}], ["rosettahost|r=s" => "host adress where Rosetta runs", {required=>1}],
["logdir|l=s" => "logdir where rosetta stores it server log files", {required=>1}], ["logdir|l=s" => "logdir where rosetta stores it server log files", {required=>1}],
["authentication|a" => "enable authentification (needed if Rosetta's general parameter 'sru_authentication=true'), password is stored salted only in config file!", {required=>0}]
); );
} }
sub validate_args { sub validate_args {
...@@ -25,11 +30,31 @@ sub execute { ...@@ -25,11 +30,31 @@ sub execute {
my %config; my %config;
$config{host} = $opt->{rosettahost}; $config{host} = $opt->{rosettahost};
$config{logdir} = $opt->{logdir}; $config{logdir} = $opt->{logdir};
if (defined $opt->{authentication}) {
warn "HINT: The password will stored in config file!";
my $user = prompt('User:' );
$config{user} = "$user";
my $institution = prompt('Institution:' );
$config{institution} = "$institution";
RETRY:
my $passwd1 = prompt ('Password:', -echo=>"*");
my $passwd2 = prompt ('Password, again:', -echo=>"*");
if ($passwd1 ne $passwd2) {
say "you typed different passwords, retry";
goto RETRY;
}
$config{password} = SLUB::LZA::Rosetta::TA::Crypt::encrypt("$passwd1");
}
if (defined $SLUB::LZA::Rosetta::TA::config_file) { if (defined $SLUB::LZA::Rosetta::TA::config_file) {
if (defined $opt->{verbose}) { if (defined $opt->{verbose}) {
say "store config in $SLUB::LZA::Rosetta::TA::config_file"; say "store config in $SLUB::LZA::Rosetta::TA::config_file";
} }
YAML::DumpFile($SLUB::LZA::Rosetta::TA::config_file, %config); my $file = path($SLUB::LZA::Rosetta::TA::config_file);
$file->touch();
$file->chmod("0600");
my $fh = path($SLUB::LZA::Rosetta::TA::config_file)->filehandle({exclusive => 0}, ">");
YAML::DumpFile($fh, %config);
$fh->close;
} }
} }
......
...@@ -43,6 +43,8 @@ sub opt_spec { ...@@ -43,6 +43,8 @@ sub opt_spec {
["level=s@" => "levels to search for. Levels could be: 'error', 'warn', 'info', 'debug'. You could use multiple levels by repeating"], ["level=s@" => "levels to search for. Levels could be: 'error', 'warn', 'info', 'debug'. You could use multiple levels by repeating"],
["match=s" => "perl regex to search for" => {default=>".*"}], ["match=s" => "perl regex to search for" => {default=>".*"}],
["trace=s" => "trace a sip/IE with given ID (SIP-ID or Deposit-ID or IE PID)"], ["trace=s" => "trace a sip/IE with given ID (SIP-ID or Deposit-ID or IE PID)"],
["user|u:s" => "user if authentication needed (optional, depends on settings in Rosetta's global parameter: sru_authentication=true)", {required=>0}],
["password|p:s" => "password if authentication needed (optional, depends on settings in Rosetta's global parameter: sru_authentication=true)", {required=>0}],
); );
} }
......
...@@ -79,7 +79,7 @@ sub execute { ...@@ -79,7 +79,7 @@ sub execute {
$startrecord = $opt->{startrecord}; $startrecord = $opt->{startrecord};
} }
my $query = SLUB::LZA::Rosetta::TA::common_sru::prepare_query($opt); my $query = SLUB::LZA::Rosetta::TA::common_sru::prepare_query($opt);
my $response = SLUB::LZA::Rosetta::TA::SRU::sru_search('ie', $query, $startrecord, $maxrecords, $opt->{verbose}); my $response = SLUB::LZA::Rosetta::TA::SRU::sru_search('ie', $query, $startrecord, $maxrecords, $opt->{verbose}, $opt->{user}, $opt->{password});
say $response; say $response;
} }
......
package SLUB::LZA::Rosetta::TA::Crypt;
use strict;
use warnings;
use Crypt::Mode::CBC;
our $salt = pack("H16", "There is no security by obscurity!");
sub encrypt {
my $what = shift;
my $iv = "74387112"; # length needs to be of 8
my $c = Crypt::Mode::CBC->new('Blowfish');
my $password = $c->encrypt($what, $salt, $iv);
my $password_hex = unpack("H*", $password);
return $password_hex;
}
sub decrypt {
my $password_hex = shift;
my $c = Crypt::Mode::CBC->new('Blowfish');
if (defined $password_hex) {
my $iv = "74387112"; # length needs to be of 8
my $password = pack("H*", $password_hex);
my $decrypted = $c->decrypt($password, $salt, $iv);
return $decrypted;
}
return;
}
1;
...@@ -2,6 +2,9 @@ package SLUB::LZA::Rosetta::TA::SRU; ...@@ -2,6 +2,9 @@ package SLUB::LZA::Rosetta::TA::SRU;
use strict; use strict;
use warnings; use warnings;
use feature qw(say); use feature qw(say);
use LWP::Authen::Basic;
use LWP::UserAgent;
use Carp;
sub url_encode_simple { sub url_encode_simple {
my $string = shift; my $string = shift;
...@@ -38,20 +41,35 @@ sub sru_search { ...@@ -38,20 +41,35 @@ sub sru_search {
$ua->agent("MyApp/0.1 "); $ua->agent("MyApp/0.1 ");
$ua->timeout(3600);#1h $ua->timeout(3600);#1h
$ua->default_headers->push_header('Accept-Encoding' => 'br, lzma, bzip2, gzip, compressed, deflate'); $ua->default_headers->push_header('Accept-Encoding' => 'br, lzma, bzip2, gzip, compressed, deflate');
$ua->ssl_opts( $ua->ssl_opts(
verify_hostname=>1, verify_hostname=>1,
# SSL_ca_path => '/etc/ssl/', # SSL_ca_path => '/etc/ssl/',
); );
if ($is_verbose) { if ($is_verbose) {
say "searchurl = $sru"; say "searchurl = $sru";
} }
foreach my $retry (1 .. 2) {
my $req = $ua->get($sru); my $req = $ua->get($sru);
if ($req->is_success) { if ($req->is_success) {
my $xres = $req->decoded_content; my $xres = $req->decoded_content;
return $xres; return $xres;
} else {
if ($retry == 1 and defined $SLUB::LZA::Rosetta::TA::config{"decrypted_password"} ) {
my $user = $SLUB::LZA::Rosetta::TA::config{"user"};
my $inst = $SLUB::LZA::Rosetta::TA::config{"institution"};
my $password = $SLUB::LZA::Rosetta::TA::config{"decrypted_password"};
my $preauth = "$user-institutionCode-$inst:$password";
my $auth = MIME::Base64::encode_base64($preauth , '');
$ua->default_headers->push_header('Authorization' => $auth);
warn "Retry using authentication";
} else { } else {
croak("Error was: " . $req->status_line()); croak("Error was: " . $req->status_line());
} }
} }
}
}
1; 1;
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment