# -*- coding: utf-8 -*-
from setuphelpers import *
import time
from waptcrypto import SSLPrivateKey, SSLCertificate
import datetime
bin_name = "wapthttpserver.exe"
service_name = "WAPTHttpServer"
def install():
global service_name
if installed_softwares('WAPT Server_is1'):
error('Wapt server installed on this host. Aborting')
def make_wapthttpserver_config(local_repo):
#moving certificate if allready exists
nginx_ssl_dir = makepath(WAPT.wapt_base_dir, "waptservice", "nginx", "ssl")
wapthttpserver_ssl_dir = makepath(WAPT.wapt_base_dir, "wapthttpserver", "ssl")
mkdirs(wapthttpserver_ssl_dir)
#moving certificate if allready exists
if os.path.isfile(nginx_ssl_dir) and not os.path.isfile(makepath(wapthttpserver_ssl_dir, "key.pem")):
filecopyto(makepath(nginx_ssl_dir, "key.pem"), wapthttpserver_ssl_dir)
#moving certificate if allready exists
if os.path.isfile(nginx_ssl_dir) and not os.path.isfile(makepath(wapthttpserver_ssl_dir, "cert.pem")):
filecopyto(makepath(nginx_ssl_dir, "cert.pem"), wapthttpserver_ssl_dir)
key_fn = makepath(wapthttpserver_ssl_dir, "key.pem")
key = SSLPrivateKey(key_fn)
if not os.path.isfile(key_fn):
print("Create SSL RSA Key %s" % key_fn)
key.create()
key.save_as_pem()
cert_fn = makepath(wapthttpserver_ssl_dir, "cert.pem")
if os.path.isfile(cert_fn):
crt = SSLCertificate(cert_fn)
if crt.cn != get_fqdn():
os.rename(cert_fn, "%s-%s.old" % (cert_fn, "{:%Y%m%d-%Hh%Mm%Ss}".format(datetime.datetime.now())))
crt = key.build_sign_certificate(cn=get_fqdn(), dnsname=get_fqdn(), is_server_auth=True, is_client_auth=False, is_code_signing=False, is_ca=False, key_usages=['digital_signature'])
print("Create X509 cert %s" % cert_fn)
crt.save_as_pem(cert_fn)
else:
crt = key.build_sign_certificate(cn=get_fqdn(), dnsname=get_fqdn(), is_server_auth=True, is_client_auth=False, is_code_signing=False, is_ca=False, key_usages=['digital_signature'])
print("Create X509 cert %s" % cert_fn)
crt.save_as_pem(cert_fn)
#create config
waptconf_file = makepath(WAPT.wapt_base_dir, "wapt-get.ini")
if os.path.isfile(waptconf_file):
inifile_writestring(waptconf_file, 'wapthttpserver', 'root_dir', local_repo)
inifile_writestring(waptconf_file, 'wapthttpserver', 'http_port', '80')
inifile_writestring(waptconf_file, 'wapthttpserver', 'https_port', '443')
inifile_writestring(waptconf_file, 'wapthttpserver', 'cert_file', cert_fn)
inifile_writestring(waptconf_file, 'wapthttpserver', 'private_key_file', key_fn)
inifile_writestring(waptconf_file, 'wapthttpserver', 'enable_logging', '1')
oldnginxbin = os.path.join(WAPT.wapt_base_dir, "waptservice", "nginx",'nginx.exe')
if isfile(oldnginxbin):
killalltasks('nginx.exe')
remove_file(oldnginxbin)
oldnginxpath = os.path.join(WAPT.wapt_base_dir, "waptservice", "nginx")
if isdir(oldnginxpath):
remove_tree(oldnginxpath)
servicenginxfile = os.path.join(WAPT.wapt_base_dir, "waptservice", "services",'waptnginx.service')
if isfile(servicenginxfile):
remove_file(servicenginxfile)
print("Checking if ports 80 and 443 are available")
try:
sortie_cmd=run(cmd="wapt-get checkport 0.0.0.0:80", timeout=10, accept_returncodes=[1003])
except:
print("Port 80 is not available")
raise
try:
sortie_cmd=run(cmd="wapt-get checkport 0.0.0.0:443", timeout=10, accept_returncodes=[1003])
except:
print("Port 443 is not available")
raise
def install_wapthttpserver_service(local_repo):
print("Register wapthttpserver frontend")
# rights
for repo_path in ("wapt", "wapt-host", "waptwua"):
p = makepath(local_repo, repo_path)
mkdirs(p)
run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' % (p))
run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' % makepath(WAPT.wapt_base_dir, "log"))
run(r'"%s" /install' % makepath(WAPT.wapt_base_dir, bin_name))
make_wapthttpserver_config(local_repo)
print("installing %s" % control.asrequirement())
print("Install wapthttpserver to permit WAPTAgent to become a repository")
local_repo = inifile_readstring(WAPT.config_filename, "repo-sync", "local_repo_path") or makepath(WAPT.wapt_base_dir, "repository")
mkdirs(makepath(WAPT.wapt_base_dir, "wapthttpserver", "ssl"))
if service_installed(service_name):
if service_is_running(service_name):
service_stop(service_name)
service_delete(service_name)
print("Remove firewall rule")
run_notfatal(
'netsh advfirewall firewall delete rule name="%s" program="%s"'
% (service_name, makepath(WAPT.wapt_base_dir, bin_name))
)
print("Copy binary file for wapthttpserver")
if isfile(makepath(WAPT.wapt_base_dir, bin_name)):
remove_file(makepath(WAPT.wapt_base_dir, bin_name))
filecopyto(bin_name, makepath(WAPT.wapt_base_dir))
print("Install wapthttpserver")
install_wapthttpserver_service(local_repo)
service_start(service_name)
print("Add firewall rule for wapthttpserver")
run(
'netsh advfirewall firewall add rule name="%s" dir=in profile=private,domain,public protocol=tcp localport=80,443 action=allow program="%s" enable=yes'
% (service_name, makepath(WAPT.wapt_base_dir, bin_name))
)
def uninstall():
print("Remove wapthttpserver service")
if service_installed(service_name):
if service_is_running(service_name):
service_stop(service_name)
service_delete(service_name)
print("Remove firewall rule")
run(
'netsh advfirewall firewall delete rule name="%s" program="%s"'
% (service_name, makepath(WAPT.wapt_base_dir, bin_name))
)
print("Remove wapthttpserver files")
remove_tree(makepath(WAPT.wapt_base_dir, "wapthttpserver"))
remove_file(makepath(WAPT.wapt_base_dir, bin_name))