1# -*- coding: utf-8 -*- 2# Copyright (c) 2023 Huawei Device Co., Ltd. 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14import os 15import sys 16 17sys.path.append(os.path.dirname(os.path.realpath(__file__)) + os.sep) 18from resolve_token_info import * 19from read_acl_whitelist import * 20 21log_tag = 'acl_check' 22 23 24def whitelist_check(whitelist, acls): 25 try: 26 set_log_content(LogLevel(2).name, log_tag + '->whitelist_check', 27 '-------------------------- Trustlist Verification begin --------------------------') 28 check_pass = True 29 for k, v in acls.items(): 30 if k in whitelist.keys(): 31 temp = whitelist[k] 32 for acl in v: 33 if acl not in temp: 34 check_pass = False 35 set_log_content(LogLevel(2).name, log_tag + '->whitelist_check', 36 'precessName = {} the acl = {} trustlist is not configured.'.format(k, acl)) 37 else: 38 check_pass = False 39 set_log_content(LogLevel(2).name, log_tag + '->whitelist_check', 'precessName = {} the acls = {} trustlist is not configured.'.format(k, v)) 40 if check_pass == False: 41 raise AclCheckException( 42 '-------------------------- Trustlist Verification failed --------------------------') 43 else: 44 set_log_content(LogLevel(2).name, log_tag + '->whitelist_check', 45 '-------------------------- Trustlist Verification successful --------------------------') 46 except Exception as e: 47 set_log_content(LogLevel(1).name, log_tag + '->whitelist_check', e.msg) 48 raise 49 50 51def main(sn): 52 set_log_content(LogLevel(2).name, log_tag, 53 '-------------------------- ACL check begin --------------------------') 54 try: 55 hdc_command(GENERATING_TOKEN_INFO_COMMAND.format(sn, TOKEN_INFO_URL.format(sn))) 56 hdc_command(DOWNLOAD_TOKEN_INFO_COMMAND.format(sn, TOKEN_INFO_URL.format(sn), DOWNLOAD_TOKEN_INFO_URL.format(sn))) 57 hdc_command(CLEAR_TOKEN_INFO_FILE.format(sn, TOKEN_INFO_URL.format(sn))) 58 file = read_txt(DOWNLOAD_TOKEN_INFO_URL.format(sn)) 59 # clear_token_info_txt(DOWNLOAD_TOKEN_INFO_URL.format(sn)) 60 acls_dict = check_and_get(file) 61 acl_whitelist = read_json(PATH + 'acl_whitelist.json') 62 whitelist = get_acl_dict(acl_whitelist) 63 whitelist_check(whitelist, acls_dict) 64 except Exception as e: 65 set_log_content(LogLevel(1).name, log_tag, e.msg) 66 set_log_content(LogLevel(1).name, log_tag, 67 '-------------------------- ACL check failed --------------------------') 68 finally: 69 set_log_content(LogLevel(2).name, log_tag, 70 '-------------------------- ACL check end --------------------------') 71 72 73if __name__ == '__main__': 74 sn = sys.argv[1] 75 main(sn) 76