1# -*- coding: utf-8 -*- 2# Copyright (c) 2023 Huawei Device Co., Ltd. 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14import os 15import sys 16 17sys.path.append(os.path.dirname(os.path.realpath(__file__)) + os.sep) 18from read_acl_whitelist import * 19from resolve_token_info import * 20from utils import * 21 22log_tag = 'acl_check' 23 24 25def whitelist_check(whitelist, acls): 26 try: 27 set_log_content(LogLevel(2).name, log_tag + '->whitelist_check', 28 '-------------------------- Trustlist Verification begin --------------------------') 29 check_pass = True 30 for k, v in acls.items(): 31 if k in whitelist.keys(): 32 temp = whitelist[k] 33 for acl in v: 34 if acl not in temp: 35 check_pass = False 36 set_log_content(LogLevel(2).name, log_tag + '->whitelist_check', 37 'precessName = {} the acl = {} trustlist is not configured.'.format(k, acl)) 38 else: 39 check_pass = False 40 set_log_content(LogLevel(2).name, log_tag + '->whitelist_check', 'precessName = {} the acls = {} trustlist is not configured.'.format(k, v)) 41 if check_pass == False: 42 raise AclCheckException( 43 '-------------------------- Trustlist Verification failed --------------------------') 44 else: 45 set_log_content(LogLevel(2).name, log_tag + '->whitelist_check', 46 '-------------------------- Trustlist Verification successful --------------------------') 47 except Exception as e: 48 set_log_content(LogLevel(1).name, log_tag + '->whitelist_check', e.args) 49 raise 50 51 52def acl_check_main(sn): 53 set_log_content(LogLevel(2).name, log_tag, 54 '-------------------------- ACL check begin --------------------------') 55 try: 56 hdc_command(GENERATING_TOKEN_INFO_COMMAND.format(sn, TOKEN_INFO_URL.format(sn))) 57 hdc_command(DOWNLOAD_TOKEN_INFO_COMMAND.format(sn, TOKEN_INFO_URL.format(sn), DOWNLOAD_TOKEN_INFO_URL.format(sn))) 58 hdc_command(CLEAR_TOKEN_INFO_FILE.format(sn, TOKEN_INFO_URL.format(sn))) 59 file = read_txt(DOWNLOAD_TOKEN_INFO_URL.format(sn)) 60 # clear_token_info_txt(DOWNLOAD_TOKEN_INFO_URL.format(sn)) 61 acls_dict = check_and_get(file) 62 acl_whitelist = read_json(PATH + 'acl_whitelist.json') 63 whitelist = get_acl_dict(acl_whitelist) 64 whitelist_check(whitelist, acls_dict) 65 except Exception as e: 66 set_log_content(LogLevel(1).name, log_tag, e.args) 67 set_log_content(LogLevel(1).name, log_tag, 68 '-------------------------- ACL check failed --------------------------') 69 finally: 70 set_log_content(LogLevel(2).name, log_tag, 71 '-------------------------- ACL check end --------------------------') 72 73 74if __name__ == '__main__': 75 sn = '' 76 acl_check_main(sn) 77